exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	d65226277c	DB: 2021-01-21 4 changes to exploits/shellcodes ChurchRota 2.6.4 - RCE (Authenticated) Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution) Linux/x86 - Socat Bind Shellcode (113 bytes)	2021-01-21 05:01:57 +00:00
Offensive Security	8d70b4e885	DB: 2021-01-19 6 changes to exploits/shellcodes Life Insurance Management System 1.0 - 'client_id' SQL Injection Life Insurance Management System 1.0 - File Upload RCE (Authenticated) Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated) Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated) Cisco UCS Manager 2.2(1d) - Remote Command Execution Xwiki CMS 12.10.2 - Cross Site Scripting (XSS) Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)	2021-01-19 05:01:58 +00:00
Offensive Security	969e7d6c90	DB: 2021-01-16 13 changes to exploits/shellcodes Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS E-Learning System 1.0 - Authentication Bypass & RCE POC Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit) PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message) WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS) Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF) Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection EyesOfNetwork 5.3 - File Upload Remote Code Execution BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes) BSD/x86 - execve(/bin/sh) + Encoded Shellcode (49 bytes) FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes) FreeBSD x86/x64 - execve(/bin/sh) + Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - setreuid() + execve(pfctl -d) Shellcode (56 bytes) FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes) FreeBSD/x86 - execve(/bin/sh) + Encoded Shellcode (48 bytes) Linux/PPC - read + exec Shellcode (32 bytes) Linux/PPC - read() + exec Shellcode (32 bytes) Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Append RSA Key To /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - Reverse PHP (Writes To /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive + Payload Loader Shellcode (68+ bytes) BSD/x86 - symlink . /bin/sh Shellcode (32 bytes) BSD/x86 - symlink /bin/sh Shellcode (32 bytes) Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Linux/x86 - Overwrite MBR On /dev/sda With _LOL!' Shellcode (43 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + No Password + exit() Shellcode (107 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) With umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x64 - setuid(0) + chmod (/etc/passwd 0777) + exit(0) Shellcode (63 bytes) Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - chmod(/etc/shadow 0777) + Polymorphic Shellcode (84 bytes) Linux/ARM - chmod(/etc/shadow 0777) Shellcode (35 bytes) Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (6778/TCP) Shell + Polymorphic + XOR Encoded Shellcode (125 bytes) Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind (0x1337/TCP) Listener + Receive + Payload Loader Shellcode Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/SuperH (sh4) - setuid(0) + chmod (/etc/shadow 0666) + exit(0) Shellcode (43 bytes) Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit) Windows - Download File + Execute Via DNS + IPv6 Shellcode (Generator) (Metasploit) Linux/MIPS (Little Endian) - system() Shellcode (80 bytes) Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid() + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts Shellcode (77 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (77-85/90-98 bytes) Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Windows/x64 (XP) - Download File + Execute Shellcode Using PowerShell (Generator) Linux/MIPS (Little Endian) - chmod(/etc/shadow 666) Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod(/etc/passwd 666) Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - execve(/bin/sh) + ROT13 Encoded Shellcode (68 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts + Obfuscated Shellcode (98 bytes) Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Custom execve() + 'Followtheleader' Shellcode (Encoder/Decoder) (Generator) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - mkdir(HACK) + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Reboot() Shellcode (28 bytes) Linux/x86 - reboot() Shellcode (28 bytes) Linux/x64 - execve() Encoded Shellcode (57 bytes) Linux/x64 - execve() + Encoded Shellcode (57 bytes) Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Windows/x86 - Download File (//192.168.1.19/c) Via WebDAV + Execute Null-Free Shellcode (96 bytes) Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes) Windows - Keylogger To File (./log.bin) + Null-Free Shellcode (431 bytes) Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes) Windows - Keylogger To File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes) BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) BSD / Linux / Windows (x86/x64) - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Shellcode (194 bytes) (Generator) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing Via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes) BSD/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes) Linux/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes) BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (31 bytes) Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes) Linux/x86 - Audio (knock knock knock) Via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes) Linux/x86 - Remote File Download Shellcode (42 bytes) Linux/x86 - Download File Shellcode (42 bytes) Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes) Linux/x86 - reboot() + Mutated + Null-Free Shellcode (55 bytes) Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes) Linux/x86 - execve(wget) + Mutated + Null-Free Shellcode (96 bytes) Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes) Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes) Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes) Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + Execute Shellcode (108 bytes) Linux/x86 - execve(/bin/sh) Using jump/call/pop Shellcode (52 bytes) Linux/x86 - Copy /etc/passwd To /tmp/outfile Shellcode (97 bytes) Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Linux/x64 - execve(/bin/sh -c reboot) Shellcode (89 bytes) Linux/x64 - mkdir() Shellcode (25 bytes) Linux/x64 - mkdir(ajit) Shellcode (25 bytes) IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes) IRIX - Bind (/TCP) Shell (/bin/sh) Shellcode (364 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes) Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (79 bytes) Linux/ARM - chmod(/etc/passwd 0777) Shellcode (39 bytes) Linux/x64 - Execute /bin/sh Shellcode (27 bytes) Linux/x64 - execve(/bin/sh) Shellcode (27 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (96 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes) Linux/x64 - shutdown -h now Shellcode (64 bytes) Linux/x64 - /sbin/shutdown -h now Shellcode (65 bytes) Linux/x64 - /sbin/shutdown -h now Shellcode (64 bytes) Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator) Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes) Linux/x64 - execve(/bin/sh) + Custom Encoded XOR Shellcode Linux/x64 - execve(/bin/sh) + Custom Encoded XOR + Polymorphic Shellcode (Generator) Linux/x64 - execve(/bin/sh) + Twofish Encoded + DNS (CNAME) Password + Shellcode Linux/x86 - execve(/bin/sh) + NOT Encoder / Decoder Shellcode (44 bytes) Linux/x64 - x64 Assembly Shellcode (Generator) Linux/x64 - execve() Assembly Shellcode (Generator) Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes) Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (37 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + (Dual IPv4 and IPv6) Shellcode (146 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + IPv4/6 Shellcode (146 bytes) Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (28 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (20 Bytes) Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes) Linux/x86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes) Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (4 Bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse (192.168.2.157:31337/TCP) Shellcode (181 bytes) Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x86 - execve(/usr/bin/head -n99 cat etc/passwd) Shellcode (61 Bytes) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes) Windows/x86 - Download With TFTP And Execute Shellcode (51-60 bytes) (Generator) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + Execute Shellcode (119 bytes) Windows/x86 (XP Pro SP3) - Download File Via TFTP + Execute Shellcode (51-60 bytes) (Generator) Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes) Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes) Linux/ARM - Reverse (192.168.1.124:4321/TCP) Shell (/bin/sh) Shellcode (64 bytes) Windows/x86 - Download File (http://192.168.0.13/ms.msi) Via msiexec + Execute Shellcode (95 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (119 bytes) Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes) Linux/x86 - Add User (sshd/root) To /etc/passwd Shellcode (149 bytes) Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes) Linux/x86 - cat .bash_history + base64 Encode + cURL (http://localhost:8080) Shellcode (125 bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) Shellcode (91 Bytes) (Generator) Linux/x86 - Shred file (test.txt) Shellcode (72 bytes) Linux/x86 - Shred File (test.txt) Shellcode (72 bytes) Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes) Linux/x64 - execve(/bin/sh) Shellcode (23 bytes) Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + Reposition + INC Encoder Shellcode (66 bytes) Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe _c:\evil.exe_) Shellcode (210 Bytes) Windows/x86 - Download File (http://192.168.10.10/evil.exe _c:\evil.exe_) Via bitsadmin + Execute Shellcode (210 Bytes) Linux/x86 - Chmod + Execute (/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes) Linux/x86 - chmod + execute(/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (140 bytes) Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes) Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes) Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + mmap() + read() Stager Shellcode (60 Bytes) Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (8 Bytes) Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) Using JMP-CALL-POP Shellcode (21 bytes) Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes) Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes) Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (168 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + Polymorphic Shellcode (53 bytes) Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (107 bytes) Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes) Linux/x86_64 - execve(_/bin/sh_) + AVX2 XOR Decoder Shellcode (62 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes) Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes) Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (107 Bytes) Linux/x86 - Bind (43690/TCP) + Null-Free Shellcode (53 Bytes) Linux/x86 - execve(/bin/sh) + NOT + XOR-N + Random Encoded Shellcode (132 bytes) Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes) Linux/x86 - (NOT\|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes) Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Byte Free Shellcode (188 bytes) Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes) Windows/7 - Screen Lock Shellcode (9 bytes) Linux/x86 - Add Root User (vl43ck/test) To /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) To /etc/passwd Shellcode (74 bytes) Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) Socket Reuse Shellcode (42 bytes) Linux/x86 - execve(/bin/sh) + NOT\|ROT+8 Encoded + Null-Free Shellcode (47 bytes) Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Free Shellcode (188 bytes) Linux/x86 - execve() + Alphanumeric Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + Random Bytes Encoder + XOR/SUB/NOT/ROR Shellcode (114 bytes) Windows/x64 (7) - Screen Lock Shellcode (9 bytes) Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows/x86 - WinExec Calc.exe + Null-Free Shellcode (195 bytes) Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes) Linux/x86 - Reboot + Polymorphic Shellcode (26 bytes) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes) Linux/ARM - execve /bin/dash Shellcode (32 bytes) Windows/x86 - MSVCRT System + Dynamic Null-Free + Add RDP Admin (MajinBuu/TurnU2C@ndy!!) + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Password (P3WP3Wl4ZerZ) + Null-free Shellcode (272 Bytes) Linux/ARM - execve(/bin/dash) Shellcode (32 bytes) Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes) Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (124 bytes) Windows/x86 - Download using mshta.exe Shellcode (100 bytes) Windows/x86 - Download File (http://192.168.43.192:8080/9MKWaRO.hta) Via mshta Shellcode (100 bytes)	2021-01-16 05:01:56 +00:00
Offensive Security	91f4f8025d	DB: 2021-01-13 4 changes to exploits/shellcodes Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated) Cemetry Mapping and Information System 1.0 - Multiple SQL Injections SmartAgent 3.1.0 - Privilege Escalation Linux/x86 - bind shell on port 13377 Shellcode (65 bytes)	2021-01-13 05:01:55 +00:00
Offensive Security	66f2f8c3b5	DB: 2021-01-12 9 changes to exploits/shellcodes PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval EyesOfNetwork 5.3 - RCE & PrivEsc Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting EyesOfNetwork 5.3 - LFI Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS) OpenCart 3.0.36 - ATO via Cross Site Request Forgery Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection	2021-01-12 05:01:58 +00:00
Offensive Security	206c9f4f7e	DB: 2021-01-09 9 changes to exploits/shellcodes dnsrecon 0.10.0 - CSV Injection PHP Handicapper - 'Process_signup.php' HTTP Response Splitting PHP Handicapper (2005) - 'Process_signup.php' HTTP Response Splitting Life Insurance Management System 1.0 - Multiple Stored XSS Online Doctor Appointment System 1.0 - Multiple Stored XSS Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated) Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit) WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit) Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)	2021-01-09 05:01:55 +00:00
Offensive Security	e95d9f2c13	DB: 2021-01-07 23 changes to exploits/shellcodes dirsearch 0.4.1 - CSV Injection IObit Uninstaller 10 Pro - Unquoted Service Path WinAVR Version 20100110 - Insecure Folder Permissions PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation H2 Database 1.4.199 - JNI Code Execution Responsive ELearning System 1.0 - 'id' Sql Injection Responsive E-Learning System 1.0 - 'id' Sql Injection Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF) IPeakCMS 3.5 - Boolean-based blind SQLi Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE Responsive E-Learning System 1.0 - Stored Cross Site Scripting WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting Newgen Correspondence Management System (corms) eGov 12.0 - IDOR Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated) Resumes Management and Job Application Website 1.0 - Multiple Stored XSS Gitea 1.7.5 - Remote Code Execution Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)	2021-01-07 05:01:58 +00:00
Offensive Security	2c7e8b1ddc	DB: 2021-01-06 19 changes to exploits/shellcodes Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission IncomCMS 2.0 - Insecure File Upload House Rental and Property Listing 1.0 - Multiple Stored XSS Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection) WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[currency_code]' Stored XSS WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS Online Movie Streaming 1.0 - Authentication Bypass Responsive ELearning System 1.0 - 'id' Sql Injection Baby Care System 1.0 - 'Post title' Stored XSS Responsive FileManager 9.13.4 - 'path' Path Traversal Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated) HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities Cassandra Web 0.5.0 - Remote File Read CSZ CMS 1.2.9 - Multiple Cross-Site Scripting Online Learning Management System 1.0 - RCE (Authenticated) Klog Server 2.4.1 - Command Injection (Unauthenticated) EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting	2021-01-06 05:01:59 +00:00
Offensive Security	8e0113decc	DB: 2021-01-05 12 changes to exploits/shellcodes Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path Knockpy 4.1.1 - CSV Injection Wordpress Core 5.2.2 - 'post previews' XSS 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Advanced Comment System 1.0 - 'ACS_path' Path Traversal sar2html 3.2.1 - 'plot' Remote Code Execution CMS Made Simple 2.2.15 - RCE (Authenticated) Subrion CMS 4.2.1 - 'avatar[path]' XSS Click2Magic 1.1.5 - Stored Cross-Site Scripting Arteco Web Client DVR/NVR - 'SessionId' Brute Force	2021-01-05 05:02:00 +00:00
Offensive Security	cd30696d15	DB: 2020-12-22 15 changes to exploits/shellcodes Queue Management System 4.0.0 - _Add User_ Stored XSS Spotweb 1.4.9 - 'search' SQL Injection Academy-LMS 4.3 - Stored XSS Spiceworks 7.5 - HTTP Header Injection Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload SCO Openserver 5.0.7 - 'section' Reflected XSS SCO Openserver 5.0.7 - 'outputform' Command Injection Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS Point of Sale System 1.0 - Multiple Stored XSS Online Marriage Registration System 1.0 - 'searchdata' SQL Injection Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC) Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)	2020-12-22 05:01:58 +00:00
Offensive Security	d7c025fc8d	DB: 2020-12-15 13 changes to exploits/shellcodes System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password) LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC) Seacms 11.1 - 'ip and weburl' Remote Command Execution Seacms 11.1 - 'file' Local File Inclusion Seacms 11.1 - 'checkuser' Stored XSS WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Rumble Mail Server 0.51.3135 - 'servername' Stored XSS Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS Rumble Mail Server 0.51.3135 - 'username' Stored XSS Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation Gitlab 11.4.7 - Remote Code Execution	2020-12-15 05:02:04 +00:00
Offensive Security	c5f0b6dbf5	DB: 2020-12-10 9 changes to exploits/shellcodes Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption SmarterMail Build 6985 - Remote Code Execution Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow (SEH) Huawei HedEx Lite 200R006C00SPC005 - Path Traversal VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation VestaCP 0.9.8-26 - 'backup' Information Disclosure Task Management System 1.0 - 'First Name and Last Name' Stored XSS Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution Task Management System 1.0 - 'id' SQL Injection	2020-12-10 05:02:01 +00:00
Offensive Security	9dd5a95a94	DB: 2020-12-08 18 changes to exploits/shellcodes TapinRadio 2.13.7 - Denial of Service (PoC) RarmaRadio 2.72.5 - Denial of Service (PoC) Realtek Audio Service 1.0.0.55 - 'RtkAudioService64.exe' Unquoted Service Path Realtek Andrea RT Filters 1.0.64.7 - 'AERTSr64.EXE' Unquoted Service Path Rumble Mail Server 0.51.3135 - 'rumble_win32.exe' Unquoted Service Path Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell) Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution Joomla! 1.5 < 3.4.6 - Object Injection 'x-forwarded-for' Header Remote Code Execution Eaton Intelligent Power Manager 1.6 - Directory Traversal PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities Employee Record Management System 1.1 - Login Bypass SQL Injection User Registration & Login and User Management System 2.1 - Cross Site Request Forgery Cyber Cafe Management System Project (CCMS) 1.0 - Persistent Cross-Site Scripting Savsoft Quiz 5 - 'Skype ID' Stored XSS vBulletin 5.6.3 - 'group' Cross Site Scripting	2020-12-08 05:01:56 +00:00
Offensive Security	045c2fe1ae	DB: 2020-12-05 13 changes to exploits/shellcodes IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path Chromium 83 - Full CSP Bypass Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated) Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection MiniCMS 1.10 - 'content box' Stored XSS Testa Online Test Management System 3.4.7 - 'q' SQL Injection Savsoft Quiz 5 - 'field_title' Stored Cross-Site Scripting Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting Laravel Nova 3.7.0 - 'range' DoS CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload (Authenticated) Zabbix 5.0.0 - Stored XSS via URL Widget Iframe	2020-12-05 05:01:54 +00:00
Offensive Security	d560e654b7	DB: 2020-12-04 9 changes to exploits/shellcodes Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020 Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities Online Matrimonial Project 1.0 - Authenticated Remote Code Execution Coastercms 5.8.18 - Stored XSS EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting	2020-12-04 05:01:55 +00:00
Offensive Security	0ffa4d35c4	DB: 2020-12-03 32 changes to exploits/shellcodes aSc TimeTables 2021.6.2 - Denial of Service (PoC) IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path Microsoft Windows - Win32k Elevation of Privilege Ksix Zigbee Devices - Playback Protection Bypass (PoC) Mitel mitel-cs018 - Call Data Information Disclosure Expense Management System - 'description' Stored Cross Site Scripting ILIAS Learning Management System 4.3 - SSRF Pharmacy Store Management System 1.0 - 'id' SQL Injection Under Construction Page with CPanel 1.0 - SQL injection EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF Student Result Management System 1.0 - Authentication Bypass SQL Injection EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution WonderCMS 3.1.3 - Authenticated Remote Code Execution PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting NewsLister - Authenticated Persistent Cross-Site Scripting Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile DotCMS 20.11 - Stored Cross-Site Scripting WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass ChurchCRM 4.2.0 - CSV/Formula Injection ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS) Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover Simple College Website 1.0 - 'page' Local File Inclusion Car Rental Management System 1.0 - SQL Injection / Local File include WordPress Plugin Wp-FileManager 6.8 - RCE	2020-12-03 05:01:56 +00:00
Offensive Security	4b9e53700f	DB: 2020-12-02 18 changes to exploits/shellcodes 10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH) EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path TypeSetter 5.1 - CSRF (Change admin e-mail) Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Online Shopping Alphaware 1.0 - Error Based SQL injection Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL Injection Setelsa Conacwin 3.7.1.2 - Local File Inclusion Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting Medical Center Portal Management System 1.0 - 'login' SQL Injection Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020 Social Networking Site - Authentication Bypass (SQli) Tendenci 12.3.1 - CSV/ Formula Injection	2020-12-02 05:01:55 +00:00
Offensive Security	673a45a464	DB: 2020-11-28 13 changes to exploits/shellcodes libupnp 1.6.18 - Stack-based buffer overflow (DoS) SAP Lumira 1.31 - Stored Cross-Site Scripting Foxit Reader 9.0.1.1049 - Arbitrary Code Execution Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution Laravel Administrator 4 - Unrestricted File Upload (Authenticated) Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF Moodle 3.8 - Unrestricted File Upload Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated) House Rental 1.0 - 'keywords' SQL Injection ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting Best Support System 3.0.4 - 'ticket_body' Persistent XSS (Authenticated)	2020-11-28 05:01:59 +00:00
Offensive Security	a41b8b4637	DB: 2020-11-25 7 changes to exploits/shellcodes docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit) Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated) OpenCart 3.0.3.6 - 'Profile Image' Stored Cross-Site Scripting (Authenticated) OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting	2020-11-25 05:01:56 +00:00
Offensive Security	35dd7185fd	DB: 2020-11-24 6 changes to exploits/shellcodes Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH) MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass VTiger v7.0 CRM - 'To' Persistent XSS LifeRay 7.2.1 GA2 - Stored XSS	2020-11-24 05:02:01 +00:00
Offensive Security	21fa83f241	DB: 2020-11-20 12 changes to exploits/shellcodes Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC) Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure Joomla! Component com_memorix - SQL Injection Joomla! Component com_informations - SQL Injection Joomla! Component com_memorix - SQL Injection Joomla! Component com_informations - SQL Injection PESCMS TEAM 2.3.2 - Multiple Reflected XSS Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification xuucms 3 - 'keywords' SQL Injection Gitlab 12.9.0 - Arbitrary File Read (Authenticated) TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution TestBox CFML Test Framework 4.1.0 - Directory Traversal Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection M/Monit 3.7.4 - Privilege Escalation M/Monit 3.7.4 - Password Disclosure Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting	2020-11-20 05:02:04 +00:00
Offensive Security	e57ba82919	DB: 2020-11-19 3 changes to exploits/shellcodes ZeroLogon - Netlogon Elevation of Privilege Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting (Authenticated) BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery	2020-11-19 05:02:00 +00:00
Offensive Security	b33d1ec015	DB: 2020-11-14 10 changes to exploits/shellcodes DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path SAntivirus IC 10.0.21.61 - 'SAntivirusIC' Unquoted Service Path IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path Bludit 3.9.2 - Authentication Bruteforce Bypass (Metasploit) Citrix ADC NetScaler - Local File Inclusion (Metasploit) Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion (Metasploit) Touchbase.io 1.10 - Stored Cross Site Scripting OpenCart Theme Journal 3.1.0 - Sensitive Data Exposure October CMS Build 465 - Arbitrary File Read Exploit (Authenticated) ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit)	2020-11-14 05:01:59 +00:00
Offensive Security	e797f5230d	DB: 2020-11-10 24 changes to exploits/shellcodes HP Display Assistant x64 Edition 3.20 - 'DTSRVC' Unquoted Service Path KMSpico 17.1.0.0 - 'Service KMSELDI' Unquoted Service Path Winstep 18.06.0096 - 'Xtreme Service' Unquoted Service Path OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path IPTInstaller 4.0.9 - 'PassThru Service' Unquoted Service Path Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path Syncplify.me Server! 5.0.37 - 'SMWebRestServicev5' Unquoted Service Path HP WMI Service 1.4.8.0 - 'HPWMISVC.exe' Unquoted Service Path Motorola Device Manager 2.4.5 - 'ForwardDaemon.exe ' Unquoted Service Path Motorola Device Manager 2.5.4 - 'MotoHelperService.exe' Unquoted Service Path Motorola Device Manager 2.5.4 - 'ForwardDaemon.exe ' Unquoted Service Path Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path MEMU PLAY 3.7.0 - 'MEmusvc' Unquoted Service Path Magic Mouse 2 utilities 2.20 - 'magicmouse2service' Unquoted Service Path iDeskService 3.0.2.1 - 'iDeskService' Unquoted Service Path Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path RealTimes Desktop Service 18.1.4 - 'rpdsvc.exe' Unquoted Service Path DiskBoss v11.7.28 - Multiple Services Unquoted Service Path Privacy Drive v3.17.0 - 'pdsvc.exe' Unquoted Service Path Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated) Joplin 1.2.6 - 'link' Cross Site Scripting	2020-11-10 05:02:05 +00:00
Offensive Security	d852416732	DB: 2020-10-31 5 changes to exploits/shellcodes CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting DedeCMS v.5.8 - _keyword_ Cross-Site Scripting Citadel WebCit < 926 - Session Hijacking Exploit Online Job Portal 1.0 - 'userid' SQL Injection Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution	2020-10-31 05:02:05 +00:00
Offensive Security	5aa3bfc759	DB: 2020-10-21 12 changes to exploits/shellcodes Comtrend AR-5387un router - Persistent XSS (Authenticated) Loan Management System 1.0 - Multiple Cross Site Scripting (Stored) Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure Visitor Management System in PHP 1.0 - SQL Injection (Authenticated) Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated) WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS RiteCMS 2.2.1 - Remote Code Execution (Authenticated) Mobile Shop System v1.0 - SQL Injection Authentication Bypass Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)	2020-10-21 05:02:11 +00:00
Offensive Security	a3aad6c41a	DB: 2020-10-15 3 changes to exploits/shellcodes Guild Wars 2 - Insecure Folder Permissions TimeClock Software 0.995 - Multiple SQL Injections TimeClock Software 0.995 - (Authenticated ) Multiple SQL Injections TimeClock Software 1.01 0 - (Authenticated) Time-Based SQL Injection NodeBB Forum 1.12.2-1.14.2 - Account Takeover	2020-10-15 05:02:06 +00:00
Offensive Security	14fcd4863f	DB: 2020-10-13 5 changes to exploits/shellcodes Small CRM 2.0 - 'email' SQL Injection MedDream PACS Server 6.8.3.751 - Remote Code Execution (Unauthenticated) Liman 0.7 - Cross-Site Request Forgery (Change Password) Online Students Management System 1.0 - 'username' SQL Injections Cisco ASA and FTD 9.6.4.42 - Path Traversal	2020-10-13 05:02:09 +00:00
Offensive Security	1569af9b59	DB: 2020-10-06 2 changes to exploits/shellcodes MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection SpamTitan 7.07 - Unauthenticated Remote Code Execution	2020-10-06 05:02:05 +00:00
Offensive Security	345eb88be8	DB: 2020-09-29 3 changes to exploits/shellcodes MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation Mida eFramework 2.8.9 - Remote Code Execution Joplin 1.0.245 - Arbitrary Code Execution (PoC)	2020-09-29 05:02:03 +00:00
Offensive Security	18829b7a22	DB: 2020-09-26 4 changes to exploits/shellcodes BigTree CMS 4.4.10 - Remote Code Execution Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated) B-swiss 3 Digital Signage System 3.6.5 - Cross-Site Request Forgery (Add Maintenance Admin) B-swiss 3 Digital Signage System 3.6.5 - Database Disclosure	2020-09-26 05:02:04 +00:00
Offensive Security	1a8b74a305	DB: 2020-09-23 2 changes to exploits/shellcodes Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting	2020-09-23 05:02:05 +00:00
Offensive Security	87f49d4427	DB: 2020-09-22 6 changes to exploits/shellcodes ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path Online Shop Project 1.0 - 'p' SQL Injection BlackCat CMS 1.3.6 - Cross-Site Request Forgery Seat Reservation System 1.0 - 'id' SQL Injection Mida eFramework 2.9.0 - Back Door Access B-swiss 3 Digital Signage System 3.6.5 - Remote Code Execution	2020-09-22 05:02:05 +00:00
Offensive Security	0d8101f1a1	DB: 2020-09-19 2 changes to exploits/shellcodes SpamTitan 7.07 - Remote Code Execution (Authenticated) Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)	2020-09-19 05:02:05 +00:00
Offensive Security	e2117e4eb7	DB: 2020-09-12 4 changes to exploits/shellcodes Gnome Fonts Viewer 3.34.0 - Heap Corruption Internet Explorer 11 - Use-After-Free VTENEXT 19 CE - Remote Code Execution Tea LaTex 1.0 - Remote Code Execution (Unauthenticated)	2020-09-12 05:02:05 +00:00
Offensive Security	f288c52ef9	DB: 2020-09-08 3 changes to exploits/shellcodes Cabot 0.11.12 - Persistent Cross-Site Scripting grocy 2.7.1 - Persistent Cross-Site Scripting ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)	2020-09-08 05:02:07 +00:00
Offensive Security	abfd379775	DB: 2020-08-29 4 changes to exploits/shellcodes Online Shopping Alphaware 1.0 - 'id' SQL Injection Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation	2020-08-29 05:01:59 +00:00
Offensive Security	2621b3c52e	DB: 2020-08-28 3 changes to exploits/shellcodes ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow (DEP_ASLR Bypass) (PoC) Mida eFramework 2.9.0 - Remote Code Execution Wordpress Plugin Autoptimize 2.7.6 - Arbitrary File Upload (Authenticated)	2020-08-28 05:01:55 +00:00
Offensive Security	8bf2002f51	DB: 2020-08-27 3 changes to exploits/shellcodes Ericom Access Server x64 9.2.0 - Server-Side Request Forgery Eibiz i-Media Server Digital Signage 3.8.0 - Directory Traversal	2020-08-27 05:01:55 +00:00
Offensive Security	e46d9f65ff	DB: 2020-07-27 32 changes to exploits/shellcodes Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite) Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH) Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter) DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter) Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter) Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH) Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter) docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated) ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin) WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated) Bludit 3.9.2 - Directory Traversal LibreHealth 2.0.0 - Authenticated Remote Code Execution Online Course Registration 1.0 - Unauthenticated Remote Code Execution elaniin CMS - Authentication Bypass Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated) PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting Bio Star 2.8.2 - Local File Inclusion Webtareas 2.1p - Arbitrary File Upload (Authenticated) F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication) Socket.io-file 2.0.31 - Arbitrary File Upload pfSense 2.4.4-p3 - Cross-Site Request Forgery Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting Rails 5.0.1 - Remote Code Execution Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes) Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes) Windows/x86 - Download using mshta.exe Shellcode (100 bytes)	2020-07-27 05:02:04 +00:00
Offensive Security	67c1f99f41	DB: 2020-07-23 4 changes to exploits/shellcodes NetPCLinker 1.0.0.0 - Buffer Overflow (SEH Egghunter) Docsify.js 4.11.4 - Reflective Cross-Site Scripting WordPress Theme NexosReal Estate 1.7 - 'search_order' SQL Injection Sophos VPN Web Panel 2020 - Denial of Service (Poc)	2020-07-23 05:02:04 +00:00
Offensive Security	87c306bdc9	DB: 2020-07-15 2 changes to exploits/shellcodes BSA Radar 1.6.7234.24750 - Local File Inclusion Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 - Remote Code Execution (Metasploit)	2020-07-15 05:02:06 +00:00
Offensive Security	8f6367cf98	DB: 2020-07-08 8 changes to exploits/shellcodes Sony Playstation 4 (PS4) < 7.02 / FreeBSD 9 / FreeBSD 12 - 'ip6_setpktopt' Kernel Local Privilege Escalation (PoC) Microsoft Windows mshta.exe 2019 - XML External Entity Injection BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution (PoC) Sickbeard 0.1 - Remote Command Injection Online Shopping Portal 3.1 - 'email' SQL Injection Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation	2020-07-08 05:01:58 +00:00
Offensive Security	1bc852d2af	DB: 2020-07-07 7 changes to exploits/shellcodes Frigate 2.02 - Denial Of Service (PoC) Fire Web Server 0.1 - Remote Denial of Service (PoC) Grafana 7.0.1 - Denial of Service (PoC) File Management System 1.1 - Persistent Cross-Site Scripting RiteCMS 2.2.1 - Authenticated Remote Code Execution RSA IG&L Aveksa 7.1.1 - Remote Code Execution Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution	2020-07-07 05:01:57 +00:00
Offensive Security	d6a1f63996	DB: 2020-07-03 3 changes to exploits/shellcodes WhatsApp Remote Code Execution - Paper ZenTao Pro 8.8.2 - Command Injection OCS Inventory NG 2.7 - Remote Code Execution	2020-07-03 05:01:59 +00:00
Offensive Security	e48d268df5	DB: 2020-06-25 1 changes to exploits/shellcodes BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting	2020-06-25 05:01:52 +00:00
Offensive Security	09b5d3c1b6	DB: 2020-06-23 6 changes to exploits/shellcodes Frigate 2.02 - Denial Of Service (PoC) FileRun 2019.05.21 - Reflected Cross-Site Scripting Student Enrollment 1.0 - Unauthenticated Remote Code Execution Odoo 12.0 - Local File Inclusion Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload WebPort 1.19.1 - Reflected Cross-Site Scripting WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting	2020-06-23 05:02:25 +00:00
Offensive Security	1979df6cb3	DB: 2020-06-19 51 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Notepad++ < 7.7 (x64) - Denial of Service SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service InputMapper 1.6.10 - Denial of Service SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH) XnConvert 1.82 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC) SpotDialup 1.6.7 - 'Key' Denial of Service (PoC) Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) FreeBSD 12.0 - 'fd' Local Privilege Escalation iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH) DeviceViewer 3.12.0.1 - Arbitrary Password Change Winrar 5.80 - XML External Entity Injection Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution Siemens TIA Portal - Remote Command Execution Android 7 < 9 - Remote Code Execution CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit) CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit) CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit) MyBB < 1.8.21 - Remote Code Execution Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit) Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery Publisure Hybrid - Multiple Vulnerabilities NetGain EM Plus 10.1.68 - Remote Command Execution Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion DotNetNuke 9.3.2 - Cross-Site Scripting VehicleWorkshop 1.0 - 'bookingid' SQL Injection WordPress Plugin Tutor.1.5.3 - Local File Inclusion WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting WordPress Plugin Wordfence.7.4.5 - Local File Disclosure WordPress Plugin contact-form-7 5.1.6 - Remote File Upload WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Joomla! 3.9.0 < 3.9.7 - CSV Injection PlaySMS 1.4.3 - Template Injection / Remote Code Execution Wing FTP Server - Authenticated CSRF (Delete Admin) WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification UADMIN Botnet 1.0 - 'link' SQL Injection Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload Wordpress Plugin PicUploader 1.0 - Remote File Upload PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution WordPress Plugin Helpful 2.4.11 - SQL Injection Prestashop 1.7.6.4 - Cross-Site Request Forgery WordPress Plugin Simple File List 5.4 - Remote Code Execution Library CMS Powerful Book Management System 2.2.0 - Session Fixation Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection Beauty Parlour Management System 1.0 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes) Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes) Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)	2020-06-19 05:02:01 +00:00
Offensive Security	7312a8330d	DB: 2020-06-18 3 changes to exploits/shellcodes Code Blocks 17.12 - 'File Name' Local Buffer Overflow (Unicode) (SEH) (PoC) College-Management-System-Php 1.0 - Authentication Bypass OpenCTI 3.3.1 - Directory Traversal	2020-06-18 05:01:57 +00:00
Offensive Security	8fc6092de1	DB: 2020-06-17 4 changes to exploits/shellcodes NETGEAR SSL312 Router - Denial of Service Netgear SSL312 Router - Denial of Service NETGEAR WGR614v9 Wireless Router - Denial of Service Netgear WGR614v9 Wireless Router - Denial of Service NETGEAR DG632 Router - Remote Denial of Service Netgear DG632 Router - Remote Denial of Service NETGEAR ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service NETGEAR ProSafe - Denial of Service Netgear ProSafe - Denial of Service NETGEAR WGR614 - Administration Interface Remote Denial of Service Netgear WGR614 - Administration Interface Remote Denial of Service NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path NETGEAR WG102 - Leaks SNMP Write Password With Read Access Netgear WG102 - Leaks SNMP Write Password With Read Access NETGEAR DG632 Router - Authentication Bypass Netgear DG632 Router - Authentication Bypass NETGEAR WNR2000 FW 1.2.0.8 - Information Disclosure Netgear WNR2000 FW 1.2.0.8 - Information Disclosure NETGEAR WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit) Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit) NETGEAR FM114P Wireless Firewall - File Disclosure Netgear FM114P Wireless Firewall - File Disclosure NETGEAR FM114P ProSafe Wireless Router - UPnP Information Disclosure Netgear FM114P ProSafe Wireless Router - UPnP Information Disclosure NETGEAR FM114P ProSafe Wireless Router - Rule Bypass Netgear FM114P ProSafe Wireless Router - Rule Bypass NETGEAR RP114 3.26 - Content Filter Bypass Netgear RP114 3.26 - Content Filter Bypass NETGEAR DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit) Netgear DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit) NETGEAR DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit) Netgear DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit) NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow Netgear MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow NETGEAR ReadyNAS - Perl Code Evaluation (Metasploit) Netgear ReadyNAS - Perl Code Evaluation (Metasploit) NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting NETGEAR WNR2000 - Multiple Information Disclosure Vulnerabilities Netgear WNR2000 - Multiple Information Disclosure Vulnerabilities NETGEAR WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities NETGEAR D6300B - '/diag.cgi?IPAddr4' Remote Command Execution Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution NETGEAR NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit) Netgear NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit) NETGEAR JNR1010 ADSL Router - (Authenticated) Remote File Disclosure NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure Netgear WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure NETGEAR WNR2000v5 - Remote Code Execution Netgear WNR2000v5 - Remote Code Execution NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit) Netgear R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit) NETGEAR WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit) Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit) NETGEAR DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit) Netgear DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit) NETGEAR - 'TelnetEnable' Magic Packet (Metasploit) Netgear - 'TelnetEnable' Magic Packet (Metasploit) WordPress MU < 1.3.2 - active_plugins option Code Execution WordPress MU < 1.3.2 - 'active_plugins' Code Execution NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery NETGEAR SPH200D - Multiple Vulnerabilities Netgear SPH200D - Multiple Vulnerabilities NETGEAR DGN1000B - Multiple Vulnerabilities Netgear DGN1000B - Multiple Vulnerabilities NETGEAR DGN2200B - Multiple Vulnerabilities Netgear DGN2200B - Multiple Vulnerabilities NETGEAR WNR1000 - Authentication Bypass Netgear WNR1000 - Authentication Bypass NETGEAR WPN824v3 - Unauthorized Configuration Download Netgear WPN824v3 - Unauthorized Configuration Download NETGEAR DGN1000 / DGN2200 - Multiple Vulnerabilities Netgear DGN1000 / DGN2200 - Multiple Vulnerabilities NETGEAR ProSafe - Information Disclosure Netgear ProSafe - Information Disclosure NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit) Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit) NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities Netgear WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure NETGEAR WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access NETGEAR ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities NETGEAR WNR1000v4 - Authentication Bypass Netgear WNR1000v4 - Authentication Bypass NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities Netgear NMS300 ProSafe Network Management System - Multiple Vulnerabilities NETGEAR R7000 - Command Injection NETGEAR R7000 - Cross-Site Scripting Netgear R7000 - Command Injection Netgear R7000 - Cross-Site Scripting NETGEAR Routers - Password Disclosure Netgear Routers - Password Disclosure NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution Netgear DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution Netgear DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery Multiple WordPress Plugins - Arbitrary File Upload Multiple WordPress Plugins - Arbitrary File Upload NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution NETGEAR WiFi Router R6120 - Credential Disclosure Netgear WiFi Router R6120 - Credential Disclosure NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting School File Management System 1.0 - 'username' SQL Injection School File Management System 1.0 - 'username' SQL Injection ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection WordPress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated) WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated) Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation Joomla J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Netgear R7000 Router - Remote Code Execution Gila CMS 1.11.8 - 'query' SQL Injection	2020-06-17 05:02:00 +00:00

1 2 3

150 commits