Exploit-DB
d46ab98863
DB: 2023-04-06
...
32 changes to exploits/shellcodes/ghdb
Answerdev 1.0.3 - Account Takeover
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow
ERPNext 12.29 - Cross-Site Scripting (XSS)
Liferay Portal 6.2.5 - Insecure Permissions
GNU screen v4.9.0 - Privilege Escalation
Apache Tomcat 10.1 - Denial Of Service
PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated)
BTCPay Server v1.7.4 - HTML Injection.
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
ImageMagick 7.1.0-49 - DoS
bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)
Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
ImageMagick 7.1.0-49 - Arbitrary File Read
itech TrainSmart r1044 - SQL injection
Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)
PhotoShow 3.0 - Remote Code Execution
projectSend r1605 - Remote Code Exectution RCE
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
zstore 6.6.0 - Cross-Site Scripting (XSS)
Binwalk v2.3.2 - Remote Command Execution (RCE)
XWorm Trojan 2.1 - Null Pointer Derefernce DoS
Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)
Linux/x86_64 - bash Shellcode with xor encoding
2023-04-06 00:16:31 +00:00
Offensive Security
ec8ac60c13
DB: 2022-11-22
...
93 changes to exploits/shellcodes/ghdb
2022-11-22 11:08:59 +00:00
Offensive Security
b6e780c138
DB: 2022-11-10
...
20 changes to exploits/shellcodes/ghdb
0 new exploits/shellcodes
Too many to list!
2022-11-10 23:30:40 +00:00
Offensive Security
d63de06c7a
DB: 2022-11-10
...
2776 changes to exploits/shellcodes/ghdb
2022-11-10 16:39:50 +00:00
Offensive Security
27af25c8c3
DB: 2021-11-02
...
19 changes to exploits/shellcodes
jQuery UI 1.12.1 - Denial of Service (DoS)
Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)
Microsoft Exchange 2019 - Server-Side Request Forgery
KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload
Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal
SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)
Web Based Quiz System 1.0 - 'MCQ options' Persistent Cross-Site Scripting
Online Ordering System 1.0 - Arbitrary File Upload
Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)
CouchCMS 2.2.1 - Persistent Cross-Site Scripting
Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC)
MagpieRSS 0.72 - 'url' Command Injection
CouchCMS 2.2.1 - Server-Side Request Forgery
GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting
Montiorr 1.7.6m - Persistent Cross-Site Scripting
2021-11-02 05:02:13 +00:00
Offensive Security
f33a724e0b
DB: 2021-10-29
...
58 changes to exploits/shellcodes
Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial of Service (PoC)
Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)
ProFTPD 1.3.7a - Remote Denial of Service
glFTPd 2.11a - Remote Denial of Service
Hasura GraphQL 1.3.3 - Denial of Service
Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
NBMonitor 1.6.8 - Denial of Service (PoC)
Nsauditor 3.2.3 - Denial of Service (PoC)
Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
Post-it 5.0.1 - Denial of Service (PoC)
Notex the best notes 6.4 - Denial of Service (PoC)
SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service (PoC)
Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial of Service (PoC)
GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service (PoC)
GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
GeoGebra CAS Calculator 6.0.631.0 - Denial of Service (PoC)
Backup Key Recovery 2.2.7 - Denial of Service (PoC)
memono Notepad Version 4.2 - Denial of Service (PoC)
Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path
Cyberfox Web Browser 52.9.1 - Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
vsftpd 3.0.3 - Remote Denial of Service
Dlink DSL2750U - 'Reboot' Command Injection
PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)
Netsia SEBA+ 0.16.1 - Add Root User (Metasploit)
Arteco Web Client DVR/NVR - 'SessionId' Brute Force
Resumes Management and Job Application Website 1.0 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
'customhs_js_content' - 'customhs_js_content' Cross-Site Request Forgery
Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting
rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)
Mini Mouse 9.3.0 - Local File inclusion
rconfig 3.9.6 - Arbitrary File Upload
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated)
OpenEMR 5.0.1.3 - Authentication Bypass
VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS)
Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting
Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection
Budget and Expense Tracker System 1.0 - Authenticated Bypass
Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)
WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
Blood Bank System 1.0 - Authentication Bypass
Lodging Reservation Management System 1.0 - Authentication Bypass
Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read
Linux/x64 - /sbin/halt -p Shellcode (51 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)
Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)
2021-10-29 05:02:12 +00:00
Offensive Security
a250e82458
DB: 2021-10-12
...
176 changes to exploits/shellcodes
Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC)
Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
jQuery UI 1.12.1 - Denial of Service (DoS)
AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)
ProFTPD 1.3.7a - Remote Denial of Service
glFTPd 2.11a - Remote Denial of Service
Hasura GraphQL 1.3.3 - Denial of Service
WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
Telegram Desktop 2.9.2 - Denial of Service (PoC)
SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service
Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC)
GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service (PoC)
GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
GeoGebra CAS Calculator 6.0.631.0 - Denial of Service (PoC)
Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free
MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)
Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC)
Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
vsftpd 3.0.3 - Remote Denial of Service
GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2)
PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting
Arteco Web Client DVR/NVR - 'SessionId' Brute Force
Resumes Management and Job Application Website 1.0 - Multiple Stored XSS
Library System 1.0 - Authentication Bypass Via SQL Injection
MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)
Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting
Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting
Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution
MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS
Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS
rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)
Mini Mouse 9.3.0 - Local File inclusion / Path Traversal
GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE
Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass
rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2)
GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit)
GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE
Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS)
Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution
Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated)
OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass
VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated)
Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution (XSS/RCE)
Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated)
Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS)
WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS)
KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass
Event Registration System with QR Code 1.0 - Authentication Bypass & RCE
CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)
Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR
GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE
Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated)
Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated)
Compro Technology IP Camera - 'killps.cgi' Denial-of-Service (DoS)
OpenSIS 8.0 'modname' - Directory/Path Traversal
Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS
Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)
Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation
PlaceOS 1.2109.1 - Open Redirection
Blood Bank System 1.0 - SQL Injection / Authentication Bypass
Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass
Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read
Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes)
Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta ) Via mshta + Execute + Stager Shellcode (143 bytes)
Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes)
Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)
Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes)
Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes)
Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)
Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes)
Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)
2021-10-12 05:02:16 +00:00
Offensive Security
b4c96a5864
DB: 2021-09-03
...
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00
Offensive Security
6cbe6ebbb6
DB: 2021-09-03
...
395 changes to exploits/shellcodes
EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC)
Electronics Workbench - '.ewb' Local Stack Overflow (PoC)
BulletProof FTP Client 2.63 - Local Heap Overflow (PoC)
Easy Web Password 1.2 - Local Heap Memory Consumption (PoC)
Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC)
eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC)
Zortam MP3 Media Studio 9.40 - Multiple Memory Corruption Vulnerabilities
ImTOO MPEG Encoder 3.1.53 - '.cue' / '.m3u' Local Buffer Overflow (PoC)
ZoIPer 2.22 - Call-Info Remote Denial of Service
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
PHP - MultiPart Form-Data Denial of Service (PoC)
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
PHP - MultiPart Form-Data Denial of Service (PoC)
Nuked KLan 1.7.7 & SP4 - Denial of Service
AIC Audio Player 1.4.1.587 - Local Crash (PoC)
Xerox 4595 - Denial of Service
WinMerge 2.12.4 - Project File Handling Stack Overflow
Acoustica Mixcraft 1.00 - Local Crash
SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC)
Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption
Spotify 0.8.2.610 - search func Memory Exhaustion
Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC)
WaveSurfer 1.8.8p4 - Memory Corruption (PoC)
DIMIN Viewer 5.4.0 - Crash (PoC)
FreeVimager 4.1.0 - Crash (PoC)
DIMIN Viewer 5.4.0 - Crash (PoC)
FreeVimager 4.1.0 - Crash (PoC)
CoolPlayer+ Portable 2.19.4 - Local Buffer Overflow
Light Audio Player 1.0.14 - Memory Corruption (PoC)
Image Transfer IOS - Remote Crash (PoC)
Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)
VUPlayer 2.49 - '.cue' Universal Buffer Overflow
Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation
IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite
Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflow (SEH)
Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflow
Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal
Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflow (SEH)
Alleycode HTML Editor 2.2.1 - Local Buffer Overflow
GPG2/Kleopatra 2.0.11 - Malformed Certificate
Free WMA MP3 Converter 1.1 - '.wav' Local Buffer Overflow
OtsTurntables Free 1.00.047 - '.olf' Universal Buffer Overflow
Watermark Master 2.2.23 - '.wstyle' Local Buffer Overflow (SEH)
Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (3)
QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2)
CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow
quickshare file share 1.2.1 - Directory Traversal (1)
SPlayer 3.7 (build 2055) - Remote Buffer Overflow
Acunetix 8 build 20120704 - Remote Stack Overflow
Omeka 2.2.1 - Remote Code Execution
D-Link DSL-2740R - Remote DNS Change
D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure
Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure
Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution
TorrentTrader 1.0 RC2 - SQL Injection
WEBInsta CMS 0.3.1 - 'templates_dir' Remote File Inclusion
MiniPort@l 0.1.5 Beta - 'skiny' Remote File Inclusion
PHP DocWriter 0.3 - 'script' Remote File Inclusion
phpBB Journals System Mod 1.0.2 RC2 - Remote File Inclusion
phpBB SpamBlocker Mod 1.0.2 - Remote File Inclusion
RSSonate - 'xml2rss.php' Remote File Inclusion
CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion
RSSonate - 'xml2rss.php' Remote File Inclusion
CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion
QnECMS 2.5.6 - 'adminfolderpath' Remote File Inclusion
BrewBlogger 1.3.1 - 'printLog.php' SQL Injection
e-Ark 1.0 - '/src/ark_inc.php' Remote File Inclusion
awrate.com Message Board 1.0 - 'search.php' Remote File Inclusion
Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion
Gizzar 03162002 - 'index.php' Remote File Inclusion
SH-News 0.93 - 'misc.php' Remote File Inclusion
JSBoard 2.0.10 - 'login.php?table' Local File Inclusion
XOOPS Module WF-Links 1.03 - 'cid' SQL Injection
Scorp Book 1.0 - 'smilies.php?config' Remote File Inclusion
WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion
mxBB Module FAQ & RULES 2.0.0 - Remote File Inclusion
EQdkp 1.3.2 - 'listmembers.php' SQL Injection
FlashBB 1.1.8 - 'sendmsg.php' Remote File Inclusion
SimpleBlog 3.0 - 'comments_get.asp?id' SQL Injection
Pakupaku CMS 0.4 - Arbitrary File Upload / Local File Inclusion
CCMS 3.1 Demo - SQL Injection
MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass
BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection
AuraCMS 1.62 - Multiple SQL Injections
sCssBoard (Multiple Versions) - 'pwnpack' Remote s
EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion
RevokeBB 1.0 RC11 - 'Search' SQL Injection
Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion
CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection
PHPortal 1.2 - Multiple Remote File Inclusions
Libera CMS 1.12 - 'cookie' SQL Injection
Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload
WCMS 1.0b - Arbitrary Add Admin
FOSS Gallery Admin 1.0 - Arbitrary File Upload
MemHT Portal 4.0.1 - SQL Injection / Code Execution
Mediatheka 4.2 - Blind SQL Injection
Pligg 9.9.5b - Arbitrary File Upload / SQL Injection
XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution
Joomla! Component Casino 0.3.1 - Multiple SQL Injections s
ZeusCart 2.3 - 'maincatid' SQL Injection
ASP Football Pool 2.3 - Remote Database Disclosure
LightNEasy sql/no-db 2.2.x - System Configuration Disclosure
Zen Cart 1.3.8 - Remote Code Execution
Joomla! Component com_pinboard - 'task' SQL Injection
Joomla! Component com_bookflip - 'book_id' SQL Injection
Messages Library 2.0 - Arbitrary Delete Message
Arab Portal 2.2 - Blind Cookie Authentication Bypass
Joomla! Plugin JD-WordPress 2.0 RC2 - Remote File Inclusion
REZERVI 3.0.2 - Remote Command Execution
Joomla! Component BF Quiz 1.0 - SQL Injection (2)
E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection
AJ Matrix DNA - SQL Injection
Joomla! Component JE Story Submit - Local File Inclusion
CF Image Hosting Script 1.3.82 - File Disclosure
hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting
CMSLogik 1.2.1 - Multiple Vulnerabilities
C.P.Sub 4.5 - Authentication Bypass
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload
Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection
WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload
PHPMailer < 5.2.20 - Remote Code Execution
phpIPAM 1.4 - SQL Injection
Joomla! 3.9.0 < 3.9.7 - CSV Injection
2021-09-03 14:58:20 +00:00
Offensive Security
36c084c351
DB: 2021-09-03
...
45419 changes to exploits/shellcodes
2 new exploits/shellcodes
Too many to list!
2021-09-03 13:39:06 +00:00
Offensive Security
4e7ab00187
DB: 2021-08-20
...
204 changes to exploits/shellcodes
Charity Management System CMS 1.0 - Multiple Vulnerabilities
2021-08-20 05:01:51 +00:00
Offensive Security
7fa85628bd
DB: 2021-04-22
...
19 changes to exploits/shellcodes
Hasura GraphQL 1.3.3 - Denial of Service
Tenda D151 & D301 - Configuration Download (Unauthenticated)
rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated)
rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)
Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
Fast PHP Chat 1.3 - 'my_item_search' SQL Injection
WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS)
BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass
RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS)
rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2)
OpenEMR 5.0.2.1 - Remote Code Execution
Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS)
Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS)
Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration
GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit)
Hasura GraphQL 1.3.3 - Local File Read
Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)
2021-04-22 05:01:54 +00:00
Offensive Security
53c15c17c6
DB: 2021-04-16
...
6 changes to exploits/shellcodes
glFTPd 2.11a - Remote Denial of Service
Horde Groupware Webmail 5.2.22 - Stored XSS
Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
2021-04-16 05:02:00 +00:00
Offensive Security
7390cdc1c3
DB: 2021-03-23
...
10 changes to exploits/shellcodes
ProFTPD 1.3.7a - Remote Denial of Service
SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path
Winpakpro 4.8 - 'GuardTourService' Unquoted Service Path
Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path
Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path
MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path
OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal
MyBB 1.8.25 - Chained Remote Command Execution
2021-03-23 05:01:58 +00:00
Offensive Security
28bd450c1a
DB: 2021-03-16
...
13 changes to exploits/shellcodes
Libpango 1.40.8 - Denial of Service (PoC)
QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path
Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path
eBeam education suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path
Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path
Zenario CMS 8.8.53370 - 'id' Blind SQL Injection
MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery
rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)
openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting
Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure
SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)
2021-03-16 05:02:01 +00:00
Offensive Security
82075ed5ca
DB: 2021-01-29
...
10 changes to exploits/shellcodes
jQuery UI 1.12.1 - Denial of Service (DoS)
Metasploit Framework 6.0.11 - msfvenom APK template command injection
fuelCMS 1.4.1 - Remote Code Execution
fuel CMS 1.4.1 - Remote Code Execution (1)
OpenEMR 5.0.1 - Remote Code Execution
OpenEMR 5.0.1 - Remote Code Execution (1)
EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)
OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
Fuel CMS 1.4.1 - Remote Code Execution (2)
Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution
2021-01-29 05:01:58 +00:00
Offensive Security
66f2f8c3b5
DB: 2021-01-12
...
9 changes to exploits/shellcodes
PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval
EyesOfNetwork 5.3 - RCE & PrivEsc
Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting
EyesOfNetwork 5.3 - LFI
Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting
WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS)
OpenCart 3.0.36 - ATO via Cross Site Request Forgery
Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
2021-01-12 05:01:58 +00:00
Offensive Security
1d95e0bd8b
DB: 2020-12-18
...
16 changes to exploits/shellcodes
Nxlog Community Edition 2.10.2150 - DoS (Poc)
Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated)
Linksys RE6500 1.0.11.001 - Unauthenticated RCE
Content Management System 1.0 - 'First Name' Stored XSS
Content Management System 1.0 - 'email' SQL Injection
Content Management System 1.0 - 'id' SQL Injection
Medical Center Portal Management System 1.0 - 'id' SQL Injection
Customer Support System 1.0 - _First Name_ & _Last Name_ Stored XSS
Customer Support System 1.0 - 'id' SQL Injection
Online Tours & Travels Management System 1.0 - _id_ SQL Injection
Interview Management System 1.0 - Stored XSS in Add New Question
Interview Management System 1.0 - 'id' SQL Injection
Employee Record System 1.0 - Multiple Stored XSS
PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)
Victor CMS 1.0 - Multiple SQL Injection (Authenticated)
2020-12-18 05:01:56 +00:00
Offensive Security
1306b3ff5f
DB: 2020-11-27
...
2 changes to exploits/shellcodes
Pure-FTPd 1.0.48 - Remote Denial of Service
Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution
2020-11-27 05:01:55 +00:00
Offensive Security
d7ce1d69e6
DB: 2020-05-28
...
7 changes to exploits/shellcodes
BIND - 'TSIG' Denial of Service
Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting
LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting
osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting
osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting
Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting
OXID eShop 6.3.4 - 'sorting' SQL Injection
2020-05-28 05:02:11 +00:00
Offensive Security
ccea007282
DB: 2020-05-01
...
81 changes to exploits/shellcodes
WordPress 2.9 - Denial of Service
WordPress Core 2.9 - Denial of Service
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)
IBM AIX 4.3.1 - 'adb' Denial of Service
Jzip - Buffer Overflow (PoC) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
WordPress 4.0 - Denial of Service
WordPress < 4.0.1 - Denial of Service
WordPress Core 4.0 - Denial of Service
WordPress Core < 4.0.1 - Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)
Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
PHPFreeChat 1.7 - Denial of Service
XenForo 2 - CSS Loader Denial of Service
MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)
Wansview 1.0.2 - Denial of Service (PoC)
StyleWriter 4 1.0 - Denial of Service (PoC)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Snes9K 0.0.9z - Denial of Service (PoC)
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)
Windows PowerShell - Unsanitized Filename Command Execution
Microsoft Windows PowerShell - Unsanitized Filename Command Execution
QEMU - Denial of Service
Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Bematech Printer MP-4200 - Denial of Service
Cisco WLC 2504 8.9 - Denial of Service (PoC)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)
WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
Tautulli 2.1.9 - Denial of Service (Metasploit)
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
TP-Link Archer C50 3 - Denial of Service (PoC)
Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)
Cisco IP Phone 11.7 - Denial of service (PoC)
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass
IBM AIX 4.3.1 - 'adb' Denial of Service
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)
AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)
Wansview 1.0.2 - Denial of Service (PoC)
StyleWriter 4 1.0 - Denial of Service (PoC)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Snes9K 0.0.9z - Denial of Service (PoC)
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation
Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows NTFS - Privileged File Access Enumeration
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
Microsoft Windows NTFS - Privileged File Access Enumeration
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)
Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
_GCafé 3.0 - 'gbClienService' Unquoted Service Path
_GCafé 3.0 - 'gbClienService' Unquoted Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Windows - Shell COM Server Registrar Local Privilege Escalation
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation
Windows Kernel - Information Disclosure
Microsoft Windows Kernel - Information Disclosure
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path
Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service
Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting
WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
Windows PowerShell ISE - Remote Code Execution
Microsoft Windows PowerShell ISE - Remote Code Execution
QEMU - Denial of Service
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
WordPress 1.2 - HTTP Splitting
WordPress Core 1.2 - HTTP Splitting
WordPress 1.5.1.1 - SQL Injection
WordPress Core 1.5.1.1 - SQL Injection
WordPress 1.5.1.1 - 'add new admin' SQL Injection
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection
WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress 1.5.1.3 - Remote Code Execution
WordPress 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress Core 1.5.1.3 - Remote Code Execution
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress 2.0.5 - Trackback UTF-7 SQL Injection
WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection
WordPress 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress 2.1.2 - 'xmlrpc' SQL Injection
WordPress Core 2.1.2 - 'xmlrpc' SQL Injection
WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress 2.2 - 'xmlrpc.php' SQL Injection
WordPress Core 2.2 - 'xmlrpc.php' SQL Injection
WordPress 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress 2.3.1 - Charset SQL Injection
WordPress Core 2.3.1 - Charset SQL Injection
Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection
Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection
WordPress 2.6.1 - SQL Column Truncation
WordPress Core 2.6.1 - SQL Column Truncation
WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress 2.8.1 - 'url' Cross-Site Scripting
WordPress Core 2.8.1 - 'url' Cross-Site Scripting
WordPress 2.8.3 - Remote Admin Reset Password
WordPress Core 2.8.3 - Remote Admin Reset Password
WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress 2.9 - Failure to Restrict URL Access
WordPress Core 2.9 - Failure to Restrict URL Access
Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection
Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion
WordPress 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress 3.1.3 - SQL Injection
WordPress Core 3.1.3 - SQL Injection
WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities
WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting
WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress 1.5 - 'post.php' Cross-Site Scripting
WordPress Core 1.5 - 'post.php' Cross-Site Scripting
WordPress 2.0 - Comment Post HTML Injection
WordPress Core 2.0 - Comment Post HTML Injection
WordPress 2.0.5 - 'functions.php' Remote File Inclusion
WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion
WordPress 1.x/2.0.x - 'template.php' HTML Injection
WordPress Core 1.x/2.0.x - 'template.php' HTML Injection
WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress 2.1.1 - 'post.php' Cross-Site Scripting
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting
WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress 2.1.1 - Arbitrary Command Execution
WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress Core 2.1.1 - Arbitrary Command Execution
WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress 2.2 - 'Request_URI' Cross-Site Scripting
WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting
WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress 2.3.1 - Unauthorized Post Access
WordPress Core 2.3.1 - Unauthorized Post Access
WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress 2.3.3 - 'cat' Directory Traversal
WordPress Core 2.3.3 - 'cat' Directory Traversal
WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 4.2 - Persistent Cross-Site Scripting
WordPress Core 4.2 - Persistent Cross-Site Scripting
WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress 3.4.2 - Cross-Site Request Forgery
WordPress Core 3.4.2 - Cross-Site Request Forgery
Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress 4.5.3 - Directory Traversal / Denial of Service
WordPress Core 4.5.3 - Directory Traversal / Denial of Service
PHPFreeChat 1.7 - Denial of Service
WordPress 4.7.0/4.7.1 - Content Injection (Python)
WordPress 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress < 4.7.1 - Username Enumeration
WordPress Core < 4.7.1 - Username Enumeration
WordPress Multiple Plugins - Arbitrary File Upload
Multiple WordPress Plugins - Arbitrary File Upload
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download
Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal
Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection
Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
WordPress 4.6 - Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
WordPress Core 4.6 - Remote Code Execution
WordPress Core < 4.7.4 - Unauthorized Password Reset
XenForo 2 - CSS Loader Denial of Service
Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion
Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)
Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla! Component Ek Rishta 2.10 - SQL Injection
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection
Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress CherryFramework Themes 3.1.4 - Backup File Download
WordPress Theme CherryFramework 3.1.4 - Backup File Download
WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting
Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
phpBB 3.2.3 - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution
60CycleCMS - 'news.php' SQL Injection
60CycleCMS - 'news.php' SQL Injection
Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution
Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
Centreon 19.04 - Remote Code Execution
Centreon 19.04 - Remote Code Execution
WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery
Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress 5.2.3 - Cross-Site Host Modification
WordPress Core 5.2.3 - Cross-Site Host Modification
Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution
WordPress Arforms 3.7.1 - Directory Traversal
WordPress Plugin Arforms 3.7.1 - Directory Traversal
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution
Joomla 3.9.13 - 'Host' Header Injection
Joomla! 3.9.13 - 'Host' Header Injection
Bematech Printer MP-4200 - Denial of Service
Cisco WLC 2504 8.9 - Denial of Service (PoC)
NopCommerce 4.2.0 - Privilege Escalation
NopCommerce 4.2.0 - Privilege Escalation
WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service
Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal ( Metasploit )
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal (Metasploit)
Tautulli 2.1.9 - Denial of Service ( Metasploit )
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting
WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
Cacti 1.2.8 - Authenticated Remote Code Execution
Cacti 1.2.8 - Authenticated Remote Code Execution
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
Wordpress Plugin Search Meter 2.13.2 - CSV injection
WordPress Plugin Search Meter 2.13.2 - CSV injection
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
TP-Link Archer C50 3 - Denial of Service (PoC)
Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)
Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution
Cisco IP Phone 11.7 - Denial of service (PoC)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
2020-05-01 05:02:03 +00:00
Offensive Security
8cbf7883c1
DB: 2020-02-11
...
11 changes to exploits/shellcodes
Dota 2 7.23f - Denial of Service (PoC)
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
Ricoh Driver - Privilege Escalation (Metasploit)
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
2020-02-11 05:02:02 +00:00
Offensive Security
0cd38b15b8
DB: 2020-01-29
...
5 changes to exploits/shellcodes
macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image
Pachev FTP Server 1.0 - Path Traversal
ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection
Webtareas 2.0 - 'id' SQL Injection
OLK Web Store 2020 - Cross-Site Request Forgery
Webtareas 2.0 - 'id' SQL Injection
OLK Web Store 2020 - Cross-Site Request Forgery
Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)
Octeth Oempro 4.8 - 'CampaignID' SQL Injection
Centreon 19.10.5 - Database Credentials Disclosure
Centreon 19.10.5 - Remote Command Execution
2020-01-29 05:02:04 +00:00
Offensive Security
82e6691834
DB: 2020-01-23
...
4 changes to exploits/shellcodes
KeePass 2.44 - Denial of Service (PoC)
Citrix XenMobile Server 10.8 - XML External Entity Injection
Windows/7 - Screen Lock Shellcode (9 bytes)
2020-01-23 05:02:01 +00:00
Offensive Security
7e9d444235
DB: 2019-11-12
...
8 changes to exploits/shellcodes
iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)
_GCafé 3.0 - 'gbClienService' Unquoted Service Path
Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path
XML Notepad 2.8.0.4 - XML External Entity Injection
2019-11-12 05:01:40 +00:00
Offensive Security
52ab59aad8
DB: 2019-11-06
...
12 changes to exploits/shellcodes
FileOptimizer 14.00.2524 - Denial of Service (PoC)
JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive
macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()
Blue Stacks App Player 2.4.44.62.57 - _BstHdLogRotatorSvc_ Unquote Service Path
Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path
thejshen Globitek CMS 1.4 - 'id' SQL Injection
thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting
rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection
html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting
html5_snmp 1.11 - 'Router_ID' SQL Injection
SD.NET RIM 4.7.3c - 'idtyp' SQL Injection
2019-11-06 05:01:40 +00:00
Offensive Security
caad53ed8d
DB: 2019-10-31
...
6 changes to exploits/shellcodes
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
Ajenti 2.1.31 - Remote Code Exection (Metasploit)
Citrix StoreFront Server 7.15 - XML External Entity Injection
iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
2019-10-31 05:01:41 +00:00
Offensive Security
d4a236d578
DB: 2019-10-29
...
9 changes to exploits/shellcodes
WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed
JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path
ChaosPro 2.0 - Buffer Overflow (SEH)
Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection
Part-DB 0.4 - Authentication Bypass
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting
delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection
PHP-FPM + Nginx - Remote Code Execution
2019-10-29 05:01:40 +00:00
Offensive Security
4eaf273757
DB: 2019-10-02
...
9 changes to exploits/shellcodes
kic 2.4a - Denial of Service
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads
WebKit - Universal XSS in WebCore::command
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
WebKit - Universal XSS Using Cached Pages
DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
vBulletin 5 - 'routestring' Remote Code Execution
vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion
vBulletin 5.x - 'routestring' Remote Code Execution
vBulletin 5.x - 'cacheTemplates' Remote Arbitrary File Deletion
PHP 7.1 < 7.3 - disable_functions Bypass
vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution
DotNetNuke < 9.4.0 - Cross-Site Scripting
2019-10-02 05:01:46 +00:00
Offensive Security
0364a6e37f
DB: 2019-08-30
...
3 changes to exploits/shellcodes
Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform
Jobberbase 2.0 - 'subscribe' SQL Injection
PilusCart 1.4.1 - Local File Disclosure
2019-08-30 05:02:43 +00:00
Offensive Security
ab6387922c
DB: 2019-08-16
...
23 changes to exploits/shellcodes
NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String
Adobe Acrobat CoolType (AFDKO) - Memory Corruption in the Handling of Type 1 Font load/store Operators
Adobe Acrobat CoolType (AFDKO) - Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts
Microsoft Font Subsetting - DLL Returning a Dangling Pointer via MergeFontPackage
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in GetGlyphIdx
Microsoft Font Subsetting - DLL Double Free in MergeFormat12Cmap / MakeFormat12MergedGlyphList
Microsoft Font Subsetting - DLL Heap Corruption in FixSbitSubTables
Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure
Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure
Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1
Adobe Acrobat Reader DC for Windows - Heap-Based Out-of-Bounds read due to Malformed JP2 Stream
Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow While Processing Malformed PDF
Adobe Acrobat Reader DC for Windows - Static Buffer Overflow due to Malformed Font Stream
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed Font Stream
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow in CoolType.dll
Adobe Acrobat Reader DC for Windows - Heap-Based Memory Corruption due to Malformed TTF Font
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream
Adobe Acrobat Reader DC for Windows - free() of Uninitialized Pointer due to Malformed JBIG2Globals Stream
Adobe Acrobat Reader DC for Windows - Double Free due to Malformed JP2 Stream
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities
2019-08-16 05:02:25 +00:00
Offensive Security
a32e028b88
DB: 2019-08-13
...
17 changes to exploits/shellcodes
VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
Linux - Use-After-Free Reads in show_numa_stats()
WebKit - UXSS via XSLT and Nested Document Replacements
Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Formula Injection
osTicket 1.12 - Persistent Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
2019-08-13 05:02:31 +00:00
Offensive Security
44a9c2cd04
DB: 2019-08-08
...
2 changes to exploits/shellcodes
Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability
WordPress Plugin JoomSport 3.3 - SQL Injection
2019-08-08 05:02:37 +00:00
Offensive Security
00f5094d48
DB: 2019-07-31
...
8 changes to exploits/shellcodes
macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects
WP Database Backup < 5.2 - Remote Code Execution (Metasploit)
WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit)
Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
2019-07-31 05:02:25 +00:00
Offensive Security
f671a16b46
DB: 2019-07-26
...
4 changes to exploits/shellcodes
WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads
Ovidentia 8.4.3 - Cross-Site Scripting
Ovidentia 8.4.3 - SQL Injection
2019-07-26 05:02:11 +00:00
Offensive Security
c4e67ef73c
DB: 2019-07-11
...
20 changes to exploits/shellcodes
Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes
Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes
Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar
Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Unbounded iFD
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator
Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index
Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table
Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Empty ROS Strings
2019-07-11 05:02:13 +00:00
Offensive Security
894b9e59aa
DB: 2019-07-10
...
3 changes to exploits/shellcodes
Firefox 67.0.4 - Denial of Service
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
2019-07-10 05:02:07 +00:00
Offensive Security
ee2531c421
DB: 2019-06-27
...
2 changes to exploits/shellcodes
Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
2019-06-27 05:01:52 +00:00
Offensive Security
8cbfa5df7f
DB: 2019-06-18
...
13 changes to exploits/shellcodes
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)
AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector
Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
2019-06-18 05:01:54 +00:00
Offensive Security
e76aee5eaf
DB: 2019-06-06
...
4 changes to exploits/shellcodes
Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
LibreNMS - addhost Command Injection (Metasploit)
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
2019-06-06 05:01:56 +00:00
Offensive Security
0a2b5fd16f
DB: 2019-05-30
...
7 changes to exploits/shellcodes
Free SMTP Server 2.5 - Denial of Service (PoC)
Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)
pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
2019-05-30 05:01:56 +00:00
Offensive Security
6d57564d7c
DB: 2019-05-22
...
12 changes to exploits/shellcodes
Deluge 1.3.15 - 'URL' Denial of Service (PoC)
Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)
macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
2019-05-22 05:01:55 +00:00
Offensive Security
945107caf5
DB: 2019-05-14
...
10 changes to exploits/shellcodes
SpotMSN 2.4.6 - Denial of Service (PoC)
DNSS 2.1.8 - Denial of Service (PoC)
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write
TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
SOCA Access Control System 180612 - Information Disclosure
SOCA Access Control System 180612 - SQL Injection
SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)
XOOPS 2.5.9 - SQL Injection
OpenProject 5.0.0 - 8.3.1 - SQL Injection
Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
2019-05-14 05:01:58 +00:00
Offensive Security
56498e7891
DB: 2019-04-23
...
10 changes to exploits/shellcodes
Ease Audio Converter 5.30 - '.mp4' Denial of Service (PoC)
QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service
Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)
LabF nfsAxe 3.7 Ping Client - 'Host IP' Buffer Overflow (Direct Ret)
ManageEngine Applications Manager 14.0 - Authentication Bypass / Remote Command Execution (Metasploit)
WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery / Local File Inclusion
74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)
Msvod 10 - Cross-Site Request Forgery (Change User Information)
UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting
Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes)
2019-04-23 05:02:04 +00:00
Offensive Security
ab955a9b5d
DB: 2019-04-19
...
5 changes to exploits/shellcodes
Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)
Evernote 7.9 - Code Execution via Path Traversal
LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)
ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)
2019-04-19 05:02:10 +00:00
Offensive Security
5e1aca383e
DB: 2019-04-18
...
5 changes to exploits/shellcodes
ASUS HG100 - Denial of Service
DHCP Server 2.5.2 - Denial of Service (PoC)
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID
MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow
2019-04-18 05:01:57 +00:00
Offensive Security
9d7b2f64d5
DB: 2019-04-04
...
18 changes to exploits/shellcodes
Canarytokens 2019-03-01 - Detection Bypass
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)
WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion
iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free
WebKitGTK+ - 'ThreadedCompositor' Race Condition
Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion
AIDA64 Business 5.99.4900 - SEH Buffer Overflow (EggHunter)
AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow
AIDA64 Extreme / Engineer / Network Audit 5.99.4900 - SEH Buffer Overflow (EggHunter)
TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit)
PhreeBooks ERP 5.2.3 - Remote Command Execution
Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
iScripts ReserveLogic - SQL Injection
Clinic Pro v4 - 'month' SQL Injection
Ashop Shopping Cart Software - SQL Injection
PhreeBooks ERP 5.2.3 - Arbitrary File Upload
2019-04-04 05:02:18 +00:00
Offensive Security
c09f5132f7
DB: 2019-03-27
...
9 changes to exploits/shellcodes
Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)
Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow
Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection
Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting
XooGallery - Multiple SQL Injection
XooDigital - 'p' SQL Injection
Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion
SJS Simple Job Script - SQL Injection / Cross-Site Scripting
2019-03-27 05:01:59 +00:00
Offensive Security
2afed97ceb
DB: 2019-03-20
...
16 changes to exploits/shellcodes
libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons
Google Chrome < M73 - Double-Destruction Race in StoragePartitionService
Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
Microsoft VBScript - VbsErase Memory Corruption
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject
Google Chrome < M73 - MidiManagerWin Use-After-Free
Google Chrome < M73 - FileSystemOperationRunner Use-After-Free
Advanced Host Monitor 11.92 beta - Local Buffer Overflow
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit)
TheCarProject v2 - Multiple SQL Injection
TheCarProject 2 - Multiple SQL Injection
Gila CMS 1.9.1 - Cross-Site Scripting
MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting
eNdonesia Portal 8.7 - Multiple Vulnerabilities
Netartmedia Event Portal 2.0 - 'Email' SQL Injection
Netartmedia PHP Mall 4.1 - SQL Injection
Netartmedia Real Estate Portal 5.0 - SQL Injection
2019-03-20 05:01:53 +00:00
Offensive Security
880bbe402e
DB: 2019-03-08
...
14991 changes to exploits/shellcodes
HTC Touch - vCard over IP Denial of Service
TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities
PeerBlock 1.1 - Blue Screen of Death
WS10 Data Server - SCADA Overflow (PoC)
Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
man-db 2.4.1 - 'open_cat_stream()' Local uid=man
CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation
CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
CCProxy 6.2 - 'ping' Remote Buffer Overflow
Savant Web Server 3.1 - Remote Buffer Overflow (2)
Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution
Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
2019-03-08 05:01:50 +00:00
