bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2314 commits 1 branch 0 tags 272 MiB
Commit graph

122 commits

Author SHA1 Message Date
Offensive Security
3fa3a8be65 DB: 2021-01-26 
8 changes to exploits/shellcodes

MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
Library System 1.0 - 'category' SQL Injection
Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)

Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
 2021-01-26 05:01:58 +00:00
Offensive Security
206c9f4f7e DB: 2021-01-09 
9 changes to exploits/shellcodes

dnsrecon 0.10.0 - CSV Injection

PHP Handicapper - 'Process_signup.php' HTTP Response Splitting
PHP Handicapper (2005) - 'Process_signup.php' HTTP Response Splitting
Life Insurance Management System 1.0 - Multiple Stored XSS
Online Doctor Appointment System 1.0 - Multiple Stored XSS
Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)
Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)
 2021-01-09 05:01:55 +00:00
Offensive Security
42b9ff04f0 DB: 2020-12-11 
7 changes to exploits/shellcodes

PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path
Barcodes generator 1.0 - 'name' Stored Cross Site Scripting
OpenCart 3.0.3.6 - Cross Site Request Forgery
Openfire 4.6.0 - 'path' Stored XSS
Library Management System 2.0 - Auth Bypass SQL Injection
WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting
 2020-12-11 05:01:59 +00:00
Offensive Security
c5f0b6dbf5 DB: 2020-12-10 
9 changes to exploits/shellcodes

Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption
SmarterMail Build 6985 - Remote Code Execution
Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow (SEH)
Huawei HedEx Lite 200R006C00SPC005 - Path Traversal
VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation
VestaCP 0.9.8-26 - 'backup' Information Disclosure
Task Management System 1.0 - 'First Name and Last Name' Stored XSS
Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution
Task Management System 1.0 - 'id' SQL Injection
 2020-12-10 05:02:01 +00:00
Offensive Security
9dd5a95a94 DB: 2020-12-08 
18 changes to exploits/shellcodes

TapinRadio 2.13.7 - Denial of Service (PoC)
RarmaRadio 2.72.5 - Denial of Service (PoC)

Realtek Audio Service 1.0.0.55 - 'RtkAudioService64.exe' Unquoted Service Path

Realtek Andrea RT Filters 1.0.64.7 - 'AERTSr64.EXE' Unquoted Service Path
Rumble Mail Server 0.51.3135 - 'rumble_win32.exe' Unquoted Service Path
Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell)

Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow

Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution
Joomla! 1.5 < 3.4.6 - Object Injection 'x-forwarded-for' Header Remote Code Execution

Eaton Intelligent Power Manager 1.6 - Directory Traversal

PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting

Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities

Employee Record Management System 1.1 - Login Bypass SQL Injection

User Registration & Login and User Management System 2.1 - Cross Site Request Forgery
Cyber Cafe Management System  Project (CCMS) 1.0 - Persistent Cross-Site Scripting
Savsoft Quiz 5 - 'Skype ID' Stored XSS
vBulletin 5.6.3 - 'group' Cross Site Scripting
 2020-12-08 05:01:56 +00:00
Offensive Security
d560e654b7 DB: 2020-12-04 
9 changes to exploits/shellcodes

Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Online Matrimonial Project 1.0 - Authenticated Remote Code Execution
Coastercms 5.8.18 - Stored XSS
EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass
mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting
Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion
Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure
Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting
 2020-12-04 05:01:55 +00:00
Offensive Security
216721f32c DB: 2020-12-01 
4 changes to exploits/shellcodes

YATinyWinFTP - Denial of Service (PoC)
ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure
Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
Intelbras Router RF 301K 1.1.2 - Authentication Bypass
 2020-12-01 05:01:56 +00:00
Offensive Security
1306b3ff5f DB: 2020-11-27 
2 changes to exploits/shellcodes

Pure-FTPd 1.0.48 - Remote Denial of Service

Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution
 2020-11-27 05:01:55 +00:00
Offensive Security
e57ba82919 DB: 2020-11-19 
3 changes to exploits/shellcodes

ZeroLogon - Netlogon Elevation of Privilege
Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting (Authenticated)
BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery
 2020-11-19 05:02:00 +00:00
Offensive Security
66d1f19fa5 DB: 2020-11-18 
17 changes to exploits/shellcodes

Internet Explorer 11 - Use-After-Free
Microsoft Internet Explorer 11 - Use-After-Free

LCD_Service 1.0.1.0 - 'LCD_Service' Unquote Service Path

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
Aerospike Database 5.1.0.3 - OS Command Execution
Apache Struts 2.5.20 - Double OGNL evaluation

Car Rental Management System 1.0 - 'id' SQL Injection (Authenticated)
Online Doctor Appointment Booking System PHP and Mysql 1.0 - 'q' SQL Injection
EgavilanMedia User Registration & Login System with Admin Panel Exploit - SQLi Auth Bypass
SugarCRM 6.5.18 - Persistent Cross-Site Scripting
WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting

Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting
 2020-11-18 05:01:57 +00:00
Offensive Security
3774170267 DB: 2020-11-11 
4 changes to exploits/shellcodes

Car Rental Management System 1.0 - SQL injection + Arbitrary File Upload
ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection
 2020-11-11 05:01:56 +00:00
Offensive Security
00b27610c8 DB: 2020-09-24 
2 changes to exploits/shellcodes

Online Food Ordering System 1.0 - Remote Code Execution
 2020-09-24 05:02:05 +00:00
Offensive Security
133dc9fc81 DB: 2020-09-18 
1 changes to exploits/shellcodes

Microsoft SQL Server Reporting Services 2016 - Remote Code Execution
 2020-09-18 05:02:05 +00:00
Offensive Security
720fabd066 DB: 2020-07-28 
114 changes to exploits/shellcodes

Notepad++ < 7.7 (x64)  - Denial of Service

winrar 5.80 64bit - Denial of Service
WinRAR 5.80 (x64) - Denial of Service

Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter 'target_offset' Out-of-Bounds Privilege Escalation

TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change

Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Windows 7 SP1 (x86) - GDI Palette Objects Local Privilege Escalation (MS17-017)

Microsoft Word 2007 (x86) - Information Disclosure

IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation

ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation

Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution
Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution

Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation

R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)

MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation
MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation

Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)

Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation

Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation

R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)

Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation

Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation

Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)

Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path

DEWESoft X3 SP1 (64-bit) - Remote Command Execution
DEWESoft X3 SP1 (x64) - Remote Command Execution

CompleteFTP Professional 12.1.3 - Remote Code Execution

TeamCity Agent XML-RPC 10.0 - Remote Code Execution

eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution

FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)

Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)

Linux/x86 - Kill All Processes Shellcode (14 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
 2020-07-28 05:01:59 +00:00
Offensive Security
1979df6cb3 DB: 2020-06-19 
51 changes to exploits/shellcodes

Tor Browser < 0.3.2.10 - Use After Free (PoC)
Notepad++ < 7.7 (x64)  - Denial of Service
SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
InputMapper 1.6.10 - Denial of Service

SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)

XnConvert 1.82 - Denial of Service (PoC)

SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC)

SpotDialup 1.6.7 - 'Key' Denial of Service (PoC)

Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)

FreeBSD 12.0 - 'fd' Local Privilege Escalation
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH)

DeviceViewer 3.12.0.1 - Arbitrary Password Change

Winrar 5.80 - XML External Entity Injection

Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution

Siemens TIA Portal - Remote Command Execution

Android 7 < 9 - Remote Code Execution
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)
CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit)

MyBB < 1.8.21 - Remote Code Execution

Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation

Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)

Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery

Publisure Hybrid - Multiple Vulnerabilities

NetGain EM Plus 10.1.68 - Remote Command Execution

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection

WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion

DotNetNuke 9.3.2 - Cross-Site Scripting

VehicleWorkshop 1.0 - 'bookingid' SQL Injection
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload

WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion

WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting

WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
Joomla! 3.9.0 < 3.9.7 - CSV Injection
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
Wing FTP Server - Authenticated CSRF (Delete Admin)

WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification

UADMIN Botnet 1.0 - 'link' SQL Injection

Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload

Wordpress Plugin PicUploader 1.0 - Remote File Upload

PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution

WordPress Plugin Helpful 2.4.11 - SQL Injection

Prestashop 1.7.6.4 - Cross-Site Request Forgery

WordPress Plugin Simple File List 5.4 - Remote Code Execution

Library CMS Powerful Book Management System 2.2.0 - Session Fixation

Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection

Beauty Parlour Management System 1.0 - Authentication Bypass

Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)

Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes)

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
 2020-06-19 05:02:01 +00:00
Offensive Security
34b629388a DB: 2020-06-03 
3 changes to exploits/shellcodes

Microsoft Windows - 'SMBGhost' Remote Code Execution
Clinic Management System 1.0 - Authentication Bypass
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)
 2020-06-03 05:01:54 +00:00
Offensive Security
4fbd3630c8 DB: 2020-05-26 
6 changes to exploits/shellcodes

GoldWave - Buffer Overflow (SEH Unicode)
Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)
Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)
Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)
Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting
Online Discussion Forum Site 1.0 - Remote Code Execution
 2020-05-26 05:01:56 +00:00
Offensive Security
ccea007282 DB: 2020-05-01 
81 changes to exploits/shellcodes

WordPress 2.9 - Denial of Service
WordPress Core 2.9 - Denial of Service

Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)

IBM AIX 4.3.1 - 'adb' Denial of Service

Jzip -  Buffer Overflow (PoC) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
WordPress 4.0 - Denial of Service
WordPress < 4.0.1 - Denial of Service
WordPress Core 4.0 - Denial of Service
WordPress Core < 4.0.1 - Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

PHPFreeChat 1.7 - Denial of Service

XenForo 2 - CSS Loader Denial of Service

MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)

Windows PowerShell - Unsanitized Filename Command Execution
Microsoft Windows PowerShell - Unsanitized Filename Command Execution

QEMU - Denial of Service

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

FTP Navigator 8.03 -  'Custom Command' Denial of Service (SEH)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

FTPGetter Professional 5.97.0.223 -  Denial of Service (PoC)
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)

Tautulli 2.1.9 - Denial of Service (Metasploit)

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Cisco IP Phone 11.7 - Denial of service (PoC)

PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions  Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass

IBM AIX 4.3.1 - 'adb' Denial of Service

Systrace 1.x (Linux Kernel  x64) - Aware Local Privilege Escalation
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation

Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation

Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Pronestor Health Monitoring < 8.1.11.0  - Privilege Escalation
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation

Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

Linux Kernel 4.8.0-34 < 4.8.0-45  (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation

Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows NTFS - Privileged File Access Enumeration
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
Microsoft Windows NTFS - Privileged File Access Enumeration
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

_GCafé 3.0  - 'gbClienService' Unquoted Service Path
_GCafé 3.0 - 'gbClienService' Unquoted Service Path

Wondershare Application Framework Service - _WsAppService_  Unquote Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)

Bash 5.0 Patch 11 -  SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit

Windows - Shell COM Server Registrar Local Privilege Escalation
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation

Windows Kernel  - Information Disclosure
Microsoft Windows Kernel - Information Disclosure
NVIDIA Update Service Daemon 1.0.21  - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service  1.0.64.7  - 'Andrea ST Filters Service ' Unquoted Service Path
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path

Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)

WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)

Windows PowerShell ISE - Remote Code Execution
Microsoft Windows PowerShell ISE - Remote Code Execution

QEMU - Denial of Service

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

WordPress 1.2 - HTTP Splitting
WordPress Core 1.2 - HTTP Splitting

WordPress 1.5.1.1 - SQL Injection
WordPress Core 1.5.1.1 - SQL Injection

WordPress 1.5.1.1 - 'add new admin' SQL Injection
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection

WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress 1.5.1.3 - Remote Code Execution
WordPress 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress Core 1.5.1.3 - Remote Code Execution
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)

WordPress 2.0.5 - Trackback UTF-7 SQL Injection
WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection

WordPress 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection

WordPress 2.1.2 - 'xmlrpc' SQL Injection
WordPress Core 2.1.2 - 'xmlrpc' SQL Injection

WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing

WordPress 2.2 - 'xmlrpc.php' SQL Injection
WordPress Core 2.2 - 'xmlrpc.php' SQL Injection

WordPress 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload

WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities

WordPress 2.3.1 - Charset SQL Injection
WordPress Core 2.3.1 - Charset SQL Injection

Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection
Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection

WordPress 2.6.1 - SQL Column Truncation
WordPress Core 2.6.1 - SQL Column Truncation

WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)

WordPress 2.8.1 - 'url' Cross-Site Scripting
WordPress Core 2.8.1 - 'url' Cross-Site Scripting

WordPress 2.8.3 - Remote Admin Reset Password
WordPress Core 2.8.3 - Remote Admin Reset Password
WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

WordPress 2.9 - Failure to Restrict URL Access
WordPress Core 2.9 - Failure to Restrict URL Access

Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion

Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection

Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting

Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion

WordPress 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection

WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)

WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)

WordPress 3.1.3 - SQL Injection
WordPress Core 3.1.3 - SQL Injection

WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities

WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting

WordPress 1.5 - 'post.php' Cross-Site Scripting
WordPress Core 1.5 - 'post.php' Cross-Site Scripting

WordPress 2.0 - Comment Post HTML Injection
WordPress Core 2.0 - Comment Post HTML Injection

WordPress 2.0.5 - 'functions.php' Remote File Inclusion
WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion

WordPress 1.x/2.0.x - 'template.php' HTML Injection
WordPress Core 1.x/2.0.x - 'template.php' HTML Injection

WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress 2.1.1 - 'post.php' Cross-Site Scripting
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting
WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress 2.1.1 - Arbitrary Command Execution
WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress Core 2.1.1 - Arbitrary Command Execution
WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution

WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting

WordPress 2.2 - 'Request_URI' Cross-Site Scripting
WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting

WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting

WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting

WordPress 2.3.1 - Unauthorized Post Access
WordPress Core 2.3.1 - Unauthorized Post Access

WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting

WordPress 2.3.3 - 'cat' Directory Traversal
WordPress Core 2.3.3 - 'cat' Directory Traversal

WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 4.2 - Persistent Cross-Site Scripting
WordPress Core 4.2 - Persistent Cross-Site Scripting

WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities

WordPress 3.4.2 - Cross-Site Request Forgery
WordPress Core 3.4.2 - Cross-Site Request Forgery

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery

WordPress 4.5.3 - Directory Traversal / Denial of Service
WordPress Core 4.5.3 - Directory Traversal / Denial of Service

PHPFreeChat 1.7 - Denial of Service
WordPress 4.7.0/4.7.1 - Content Injection (Python)
WordPress 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)

WordPress < 4.7.1 - Username Enumeration
WordPress Core < 4.7.1 - Username Enumeration

WordPress Multiple Plugins - Arbitrary File Upload
Multiple  WordPress Plugins - Arbitrary File Upload

Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download

Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal

Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection

Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
WordPress 4.6 - Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
WordPress Core 4.6 - Remote Code Execution
WordPress Core < 4.7.4 - Unauthorized Password Reset

XenForo 2 - CSS Loader Denial of Service

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion

Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)

Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)

MikroTik 6.41.4 - FTP daemon Denial of Service PoC

Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting

Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla! Component Ek Rishta 2.10 - SQL Injection

Raisecom  XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection

Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection

Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection

Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting

WordPress CherryFramework Themes 3.1.4 - Backup File Download
WordPress Theme CherryFramework 3.1.4 - Backup File Download

WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting

Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing

Jenkins 2.150.2 -  Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Simple Online Hotel Reservation System  - SQL Injection
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

phpBB 3.2.3  - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution

60CycleCMS  - 'news.php' SQL Injection
60CycleCMS - 'news.php' SQL Injection

Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC

WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting

Centreon 19.04  - Remote Code Execution
Centreon 19.04 - Remote Code Execution

WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery

Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection

WordPress 5.2.3 - Cross-Site Host Modification
WordPress Core 5.2.3 - Cross-Site Host Modification

Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution

WordPress Arforms 3.7.1 - Directory Traversal
WordPress Plugin Arforms 3.7.1 - Directory Traversal
WordPress Plugin  FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin  Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin  Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0  - Remote Code Execution
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution

Joomla 3.9.13 - 'Host' Header Injection
Joomla! 3.9.13 - 'Host' Header Injection

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

NopCommerce 4.2.0 -  Privilege Escalation
NopCommerce 4.2.0 - Privilege Escalation

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Online Book Store 1.0 -  'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal ( Metasploit )
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal (Metasploit)

Tautulli 2.1.9 - Denial of Service ( Metasploit )
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass

LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash  LMS 3.1.2 - Reflective Cross-Site Scripting

WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)

Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting

Cacti 1.2.8 - Authenticated  Remote Code Execution
Cacti 1.2.8 - Authenticated Remote Code Execution

Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)

Wordpress Plugin Search Meter 2.13.2 - CSV injection
WordPress Plugin Search Meter 2.13.2 - CSV injection

Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection

Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion

Oracle WebLogic Server 12.2.1.4.0  -  Remote Code Execution
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution

Cisco IP Phone 11.7 - Denial of service (PoC)

Linux/ARM -  Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)

Linux/x86 - Rabbit Encoder Shellcode  (200 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
 2020-05-01 05:02:03 +00:00
Offensive Security
0f5a9de36d DB: 2020-04-29 
8 changes to exploits/shellcodes

Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution
Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit)
NVIDIA Update Service Daemon 1.0.21  - 'nvUpdatusService' Unquoted Service Path

CloudMe 1.11.2 - Buffer Overflow (PoC)
School ERP Pro 1.0 - 'es_messagesid' SQL Injection
School ERP Pro 1.0 - Remote Code Execution
 2020-04-29 05:01:47 +00:00
Offensive Security
1c5c38825d DB: 2020-04-22 
10 changes to exploits/shellcodes

Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation

WordPress 2.0.2 - 'cache' Remote Shell Injection
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption
WordPress Core 2.0.2 - 'cache' Remote Shell Injection
CSZ CMS 1.2.7 - Persistent Cross-Site Scripting
PMB 5.6 - 'logid' SQL Injection
CSZ CMS 1.2.7 - 'title' HTML Injection
IQrouter 3.3.1 Firmware - Remote Code Execution
NSClient++ 0.5.2.35 - Authenticated Remote Code Execution
jizhi CMS 1.6.7 - Arbitrary File Download
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)

Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
 2020-04-22 05:01:47 +00:00
Offensive Security
c3e827f657 DB: 2020-04-17 
8 changes to exploits/shellcodes

VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)
TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)
Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
Apache Solr - Remote Code Execution via Velocity Template (Metasploit)
 2020-04-17 05:01:48 +00:00
Offensive Security
19615ff704 DB: 2020-04-01 
7 changes to exploits/shellcodes

FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)
Redis - Replication Code Execution (Metasploit)
IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)
DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit)
SharePoint Workflows - XOML Injection (Metasploit)
Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection
Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection
 2020-04-01 05:01:47 +00:00
Offensive Security
4df22c7404 DB: 2020-03-10 
13 changes to exploits/shellcodes

Microsoft Windows - 'WizardOpium' Local Privilege Escalation
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)
PHP-FPM - Underflow Remote Code Execution (Metasploit)
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)

ManageEngine ServiceDesk Plus 9.3 - User Enumeration
60CycleCMS  - 'news.php' SQL Injection

Sahi pro 8.x - Directory Traversal

Sentrifugo HRMS 3.2 - 'id' SQL Injection
 2020-03-10 05:01:44 +00:00
Offensive Security
7531fa6a21 DB: 2020-03-06 
3 changes to exploits/shellcodes

Exchange Control Panel - Viewstate Deserialization (Metasploit)
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
netkit-telnet-0.17 telnetd (Fedora 31) - 'BraveStarr' Remote Code Execution
 2020-03-06 05:01:47 +00:00
Offensive Security
afe5797b88 DB: 2020-03-03 
12 changes to exploits/shellcodes

Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
Wing FTP Server 6.2.3 - Privilege Escalation
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
Joplin Desktop 1.0.184 - Cross-Site Scripting
Netis WF2419 2.2.36123 - Remote Code Execution
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
Wing FTP Server 6.2.5 - Privilege Escalation
TP LINK TL-WR849N - Remote Code Execution
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
 2020-03-03 05:01:48 +00:00
Offensive Security
228a37da9c DB: 2020-02-18 
15 changes to exploits/shellcodes

HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path
TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path
Cuckoo Clock v5.0 - Buffer Overflow

Anviz CrossChex - Buffer Overflow (Metasploit)
SOPlanning 1.45 - 'by' SQL Injection
Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
Avaya Aura Communication Manager 5.2 - Remote Code Execution
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
SOPlanning 1.45 - 'users' SQL Injection
LabVantage 8.3 - Information Disclosure
 2020-02-18 05:01:54 +00:00
Offensive Security
ea7a01d8fb DB: 2020-02-12 
18 changes to exploits/shellcodes

Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)

Sudo 1.8.25p - Buffer Overflow
Torrent iPod Video Converter 1.51 - Stack Overflow
DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow
freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path
FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path
Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path
DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow
Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path
Disk Savvy Enterprise 12.3.18 - Unquoted Service Path
Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution
Microsoft SharePoint - Deserialization Remote Code Execution
CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
 2020-02-12 05:01:58 +00:00
Offensive Security
e3e102da5b DB: 2019-12-21 
4 changes to exploits/shellcodes

Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC)

FreeSWITCH 1.10.1 - Command Execution

phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting
 2019-12-21 05:01:57 +00:00
Offensive Security
30a6a01b6c DB: 2019-12-07 
3 changes to exploits/shellcodes

Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite

Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow

Verot 2.0.3 - Remote Code Execution
 2019-12-07 05:02:08 +00:00
Offensive Security
c8181201fd DB: 2019-11-13 
38 changes to exploits/shellcodes

Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path
Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path
Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path
RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path
Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH)
Wondershare Application Framework Service - _WsAppService_  Unquote Service Path
eMerge E3 Access Controller 4.6.07 - Remote Code Execution
eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)
CBAS-Web 19.0.0 - Information Disclosure
Prima FlexAir Access Control 2.3.38 - Remote Code Execution
Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting
Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting
Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting
eMerge E3 1.00-06 - Unauthenticated Directory Traversal
eMerge E3 1.00-06 - Privilege Escalation
eMerge E3 1.00-06 - Remote Code Execution
eMerge E3 1.00-06 - Cross-Site Request Forgery
Atlassian Confluence 6.15.1 - Directory Traversal
eMerge E3 1.00-06 - Arbitrary File Upload
eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting
eMerge50P 5000P 4.6.07 - Remote Code Execution
CBAS-Web 19.0.0 - Remote Code Execution
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
CBAS-Web 19.0.0 - Username Enumeration
CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection
Joomla 3.9.13 - 'Host' Header Injection
Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting
Prima Access Control 2.3.35 - Arbitrary File Upload
Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)
Optergy 2.3.0a - Remote Code Execution
FlexAir Access Control 2.4.9api3 - Remote Code Execution
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)
Optergy 2.3.0a - Username Disclosure
Optergy 2.3.0a - Remote Code Execution (Backdoor)
Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting
FlexAir Access Control 2.3.35 - Authentication Bypass
Bematech Printer MP-4200 - Denial of Service
 2019-11-13 05:01:43 +00:00
Offensive Security
7e9d444235 DB: 2019-11-12 
8 changes to exploits/shellcodes

iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)
_GCafé 3.0  - 'gbClienService' Unquoted Service Path
Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path
XML Notepad 2.8.0.4 - XML External Entity Injection
 2019-11-12 05:01:40 +00:00
Offensive Security
577557762c DB: 2019-11-05 
6 changes to exploits/shellcodes

Apple macOS 10.15.1 - Denial of Service (PoC)
Aida64 6.10.5200 - Buffer Overflow (SEH)
OpenVPN Connect 3.0.0.272 - 'agent_ovpnconnect' Unquoted Service Path
Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path
Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit)

Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow
 2019-11-05 05:01:42 +00:00
Offensive Security
595ac97a33 DB: 2019-10-30 
6 changes to exploits/shellcodes

Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path
Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow
Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass
rConfig 3.9.2 - Remote Code Execution
Wordpress 5.2.4 - Cross-Origin Resource Sharing
 2019-10-30 05:01:40 +00:00
Offensive Security
6d83c21135 DB: 2019-10-18 
8 changes to exploits/shellcodes

BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path
Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path
WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Serive Path

ThinVNC 1.0b1 - Authentication Bypass
Wordpress FooGallery 1.8.12 - Persistent Cross-Site Scripting
Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0  - Remote Code Execution
 2019-10-18 05:01:45 +00:00
Offensive Security
bfcf0daec9 DB: 2019-10-08 
8 changes to exploits/shellcodes

logrotten 3.15.1 - Privilege Escalation
ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP)
CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation

freeFTP 1.0.8 - Remote Buffer Overflow
Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Zabbix 4.2 - Authentication Bypass
Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload
 2019-10-08 05:01:48 +00:00
Offensive Security
d1bcd4121d DB: 2019-10-04 
5 changes to exploits/shellcodes

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)
mintinstall 7.9.9 - Code Execution
AnchorCMS < 0.12.3a - Information Disclosure
 2019-10-04 05:01:47 +00:00
Offensive Security
ee1067a45b DB: 2019-10-03 
3 changes to exploits/shellcodes

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)

Detrix EDMS 1.2.3.1505 - SQL Injection
 2019-10-03 05:01:46 +00:00
Offensive Security
4802945877 DB: 2019-09-28 
10 changes to exploits/shellcodes

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)

thesystem App 1.0 - Persistent Cross-Site Scripting
InoERP 0.7.2 - Persistent Cross-Site Scripting
thesystem App 1.0 - 'server_name' SQL Injection
thesystem App 1.0 - 'username' SQL Injection
V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download
V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery
V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation
WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting
 2019-09-28 05:01:47 +00:00
Offensive Security
d7ea903400 DB: 2019-09-25 
7 changes to exploits/shellcodes

DeviceViewer 3.12.0.1 - 'creating user' Denial of Service
Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds

Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow
File Sharing Wizard 1.5.0 - POST SEH Overflow
Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
 2019-09-25 05:04:03 +00:00
Offensive Security
d1ba848ff5 DB: 2019-08-06 
4 changes to exploits/shellcodes

macOS iMessage - Heap Overflow when Deserializing
Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)
ARMBot Botnet - Arbitrary Code Execution
 2019-08-06 05:02:23 +00:00
Offensive Security
40febc17ca DB: 2019-07-18 
5 changes to exploits/shellcodes

WinMPG iPod Convert 3.0 - 'Register' Denial of Service
Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME
Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting
 2019-07-18 05:02:15 +00:00
Offensive Security
70a1295bcf DB: 2019-07-06 
2 changes to exploits/shellcodes

Microsoft Exchange 2003 - base64-MIME Remote Code Execution

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion
WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)

Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
 2019-07-06 05:01:54 +00:00
Offensive Security
1a13989f12 DB: 2019-07-04 
5 changes to exploits/shellcodes

Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)

Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)

AZADMIN CMS 1.0 - SQL Injection
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection

Symantec DLP 15.5 MP1 - Cross-Site Scripting

Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-04 05:01:54 +00:00
Offensive Security
0e66e648a7 DB: 2019-06-22 
1 changes to exploits/shellcodes

EA Origin < 10.5.38 - Remote Code Execution
 2019-06-22 05:01:55 +00:00
Offensive Security
e76aee5eaf DB: 2019-06-06 
4 changes to exploits/shellcodes

Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
LibreNMS - addhost Command Injection (Metasploit)

Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
 2019-06-06 05:01:56 +00:00
Offensive Security
1a6935f64a DB: 2019-05-29 
3 changes to exploits/shellcodes

Microsoft Windows - 'Win32k' Local Privilege Escalation

EquityPandit 1.0 - Password Disclosure

Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass

Phraseanet < 4.0.7 - Cross-Site Scripting
 2019-05-29 05:01:59 +00:00
Offensive Security
76aff025ee DB: 2019-05-25 
9 changes to exploits/shellcodes

Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)
Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)
Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)
Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)

Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC
 2019-05-25 05:01:58 +00:00
Offensive Security
5a4d21a1cf DB: 2019-05-09 
9 changes to exploits/shellcodes

jetAudio 8.1.7.20702 Basic - 'Enter URL' Denial of Service (PoC)

MiniFtp - 'parseconf_load_setting' Buffer Overflow
Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)
Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)
PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)
Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)

NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass

Linux/x86 - execve /bin/sh Shellcode (20 bytes)
 2019-05-09 05:02:02 +00:00
Offensive Security
79a9df09f0 DB: 2019-05-07 
13 changes to exploits/shellcodes

iOS 12.1.3 - 'cfprefsd' Memory Corruption

Windows PowerShell ISE - Remote Code Execution
NSClient++ 0.5.2.35 - Privilege Escalation

Windows PowerShell ISE - Remote Code Execution
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
PHPads 2.0 - 'click.php3?bannerID' SQL Injection
microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)
Linux/x86 - shred file Shellcode (72 bytes)
 2019-05-07 05:01:58 +00:00
Offensive Security
f3c28b3d62 DB: 2019-05-01 
23 changes to exploits/shellcodes

SpotAuditor 3.6.7 - Denial of Service (PoC)
SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC)
SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)

DeviceViewer 3.12.0.1 - 'user' SEH Overflow
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow
Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit)
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)
Pimcore < 5.71 - Unserialize RCE (Metasploit)
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
HumHub 1.3.12 - Cross-Site Scripting
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
Domoticz 4.10577 - Unauthenticated Remote Command Execution
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
Hyvikk Fleet Manager - Shell Upload
Agent Tesla Botnet - Information Disclosure
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
 2019-05-01 05:02:01 +00:00