bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2395 commits 1 branch 0 tags 258 MiB
Commit graph

106 commits

Author SHA1 Message Date
Offensive Security
db4eeaac41 DB: 2021-06-18 
9 changes to exploits/shellcodes

Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path
Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path
Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path
VX Search 13.5.28 - 'Multiple' Unquoted Service Path
Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path
Unified Office Total Connect Now 1.0 - 'data' SQL Injection
Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated)
 2021-06-18 05:01:58 +00:00
Offensive Security
b1cf12c4ea DB: 2021-05-28 
2 changes to exploits/shellcodes

Postbird 0.8.4 - Javascript Injection
 2021-05-28 05:01:57 +00:00
Offensive Security
bd9f3cd966 DB: 2021-05-25 
9 changes to exploits/shellcodes

iDailyDiary 4.30 - Denial of Service (PoC)
DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path
ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path

WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated)
Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated)
Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting (XSS)
Codiad 2.8.4 - Remote Code Execution (Authenticated) (2)
WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)
 2021-05-25 05:01:58 +00:00
Offensive Security
bccca11e26 DB: 2021-04-15 
8 changes to exploits/shellcodes

MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution
Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass)
CITSmart ITSM 9.1.2.22 - LDAP Injection
CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
jQuery 1.2 - Cross-Site Scripting (XSS)
jQuery 1.0.3 - Cross-Site Scripting (XSS)
 2021-04-15 05:01:57 +00:00
Offensive Security
e6cd1b38eb DB: 2021-03-30 
9 changes to exploits/shellcodes

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption

vsftpd 3.0.3 - Remote Denial of Service
WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)
Concrete5 8.5.4 - 'name' Stored XSS
Equipment Inventory System 1.0 - 'multiple' Stored XSS
Budget Management System 1.0 - 'Budget title' Stored XSS
Novel Boutique House-plus 3.5.1 - Arbitrary File Download
SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow
 2021-03-30 05:01:56 +00:00
Offensive Security
c031a43059 DB: 2021-03-06 
2 changes to exploits/shellcodes

CatDV 9.2 - RMI Authentication Bypass

Fluig 1.7.0 - Path Traversal
 2021-03-06 05:01:53 +00:00
Offensive Security
bbe36569c3 DB: 2021-02-18 
4 changes to exploits/shellcodes

Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquote Service Path
Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquoted Service Path

Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS
Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting
Billing Management System 2.0 - 'email' SQL injection Auth Bypass
 2021-02-18 05:01:56 +00:00
Offensive Security
f268b6f221 DB: 2021-01-28 
4 changes to exploits/shellcodes

Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)
STVS ProVision 5.9.10 - File Disclosure (Authenticated)
STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
 2021-01-28 05:01:55 +00:00
Offensive Security
9847785d4c DB: 2021-01-27 
5 changes to exploits/shellcodes

Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)
Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
Simple College Website 1.0 - 'full' Stored Cross Site Scripting
Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
 2021-01-27 05:01:58 +00:00
Offensive Security
3e80d07fdb DB: 2021-01-23 
15 changes to exploits/shellcodes

Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation
Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)
Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
Library System 1.0 - Authentication Bypass Via SQL Injection
CASAP Automated Enrollment System 1.0 - Authentication Bypass
ERPNext 12.14.0 - SQL Injection (Authenticated)
Atlassian Confluence Widget Connector Macro - SSTI

Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Socat Bind Shellcode (113 bytes)
Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes)

Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)
Linux/x86 - Egghunter (0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)

Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes)
 2021-01-23 05:01:59 +00:00
Offensive Security
206c9f4f7e DB: 2021-01-09 
9 changes to exploits/shellcodes

dnsrecon 0.10.0 - CSV Injection

PHP Handicapper - 'Process_signup.php' HTTP Response Splitting
PHP Handicapper (2005) - 'Process_signup.php' HTTP Response Splitting
Life Insurance Management System 1.0 - Multiple Stored XSS
Online Doctor Appointment System 1.0 - Multiple Stored XSS
Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)
Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)
 2021-01-09 05:01:55 +00:00
Offensive Security
e95d9f2c13 DB: 2021-01-07 
23 changes to exploits/shellcodes

dirsearch 0.4.1 - CSV Injection
IObit Uninstaller 10 Pro - Unquoted Service Path
WinAVR Version 20100110 - Insecure Folder Permissions
PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
H2 Database 1.4.199 - JNI Code Execution

Responsive ELearning System 1.0 - 'id' Sql Injection
Responsive E-Learning System 1.0 - 'id' Sql Injection
Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)
IPeakCMS 3.5 - Boolean-based blind SQLi
Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting
WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
Responsive E-Learning System 1.0 - Stored Cross Site Scripting
WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting
Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
Resumes Management and Job Application Website 1.0 - Multiple Stored XSS
Gitea 1.7.5 - Remote Code Execution
Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
 2021-01-07 05:01:58 +00:00
Offensive Security
fc0129fabf DB: 2020-12-12 
12 changes to exploits/shellcodes

Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass
Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011)
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting
Openfire 4.6.0 - 'groupchatJID' Stored XSS
Openfire 4.6.0 - 'users' Stored XSS
Openfire 4.6.0 - 'sql' Stored XSS
Medical Center Portal Management System 1.0 - Multiple Stored XSS
Jenkins 2.235.3 - 'Description' Stored XSS
Rukovoditel 2.6.1 - RCE
Supply Chain Management System - Auth Bypass SQL Injection
Dolibarr 12.0.3 - SQLi to RCE
Courier Management System 1.0 - 'First Name' Stored XSS
Courier Management System 1.0 - 'MULTIPART street ((custom) ' SQL Injection
Courier Management System 1.0 - 'ref_no' SQL Injection
 2020-12-12 05:01:57 +00:00
Offensive Security
3cad5bf9ad DB: 2020-11-03 
6 changes to exploits/shellcodes

Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)
Quick N Easy FTP Service 3.2 - Unquoted Service Path
Apache Flink 1.9.x - File Upload RCE (Unauthenticated)
WordPress Plugin Simple File List 5.4 - Arbitrary File Upload
Monitorr 1.7.6m - Remote Code Execution (Unauthenticated)
Monitorr 1.7.6m - Authorization Bypass
 2020-11-03 05:02:04 +00:00
Offensive Security
48bd7b3ea6 DB: 2020-10-30 
4 changes to exploits/shellcodes

Online Examination System 1.0 - 'name' Stored Cross Site Scripting
Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS)
WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request
Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot
 2020-10-30 05:02:03 +00:00
Offensive Security
5aa3bfc759 DB: 2020-10-21 
12 changes to exploits/shellcodes

Comtrend AR-5387un router - Persistent XSS (Authenticated)
Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)
Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure
Visitor Management System in PHP 1.0 - SQL Injection (Authenticated)
Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated)
WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload
User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS
RiteCMS 2.2.1 - Remote Code Execution (Authenticated)
Mobile Shop System v1.0 - SQL Injection Authentication Bypass
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection
WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)
 2020-10-21 05:02:11 +00:00
Offensive Security
ae14b71248 DB: 2020-10-20 
16 changes to exploits/shellcodes

Tourism Management System 1.0 - Arbitrary File Upload
Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting
Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection
Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection
Online Student's Management System 1.0 - Remote Code Execution (Authenticated)
Online Discussion Forum Site 1.0 - XSS in Messaging System
Online Job Portal 1.0 - Cross Site Scripting (Stored)
HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal
HiSilicon Video Encoders - RCE via unauthenticated command injection
HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware
HiSilicon Video Encoders - Full admin access via backdoor password
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)
Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in
Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)
Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated)
Textpattern CMS 4.6.2 - Cross-site Request Forgery
 2020-10-20 05:02:13 +00:00
Offensive Security
f697a81a18 DB: 2020-10-02 
12 changes to exploits/shellcodes

Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow
BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery (Unauthenticated)
BrightSign Digital Signage Diagnostic Web Server 8.2.26 - File Delete Path Traversal
SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure
SpinetiX Fusion Digital Signage 3.4.8 - Cross-Site Request Forgery (Add Admin)
SpinetiX Fusion Digital Signage 3.4.8 - Username Enumeration
MonoCMS Blog 1.0 - Arbitrary File Deletion (Authenticated)
WebsiteBaker 2.12.2 - 'display_name' SQL Injection (authenticated)
GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting (Authenticated)
CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting (Authenticated)
Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting

Exhibitor Web UI 1.7.1 - Remote Code Execution
 2020-10-02 05:02:08 +00:00
Offensive Security
73dd822b51 DB: 2020-09-10 
4 changes to exploits/shellcodes

Input Director 1.4.3 - 'Input Director' Unquoted Service Path
Audio Playback Recorder 3.2.2 - Local Buffer Overflow (SEH)
Tailor Management System - 'id' SQL Injection
Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery (change admin password)
 2020-09-10 05:02:04 +00:00
Offensive Security
f288c52ef9 DB: 2020-09-08 
3 changes to exploits/shellcodes

Cabot 0.11.12 - Persistent Cross-Site Scripting
grocy 2.7.1 - Persistent Cross-Site Scripting
ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)
 2020-09-08 05:02:07 +00:00
Offensive Security
ba30f5e257 DB: 2020-08-11 
3 changes to exploits/shellcodes

BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path
Warehouse Inventory System 1.0 - Cross-Site Request Forgery (Change Admin Password)
ManageEngine ADSelfService Build prior to 6003 - Remote Code Execution (Unauthenticated)
 2020-08-11 05:01:48 +00:00
Offensive Security
e46d9f65ff DB: 2020-07-27 
32 changes to exploits/shellcodes

Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH)
Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)
DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter)
Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter)
Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH)
Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)
docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)
GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)
ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution
UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin)
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)
Bludit 3.9.2 - Directory Traversal
LibreHealth 2.0.0 - Authenticated Remote Code Execution
Online Course Registration 1.0 - Unauthenticated Remote Code Execution
elaniin CMS - Authentication Bypass
Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated)
PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting
Bio Star 2.8.2 - Local File Inclusion
Webtareas 2.1p - Arbitrary File Upload (Authenticated)
F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)
Socket.io-file 2.0.31 - Arbitrary File Upload
pfSense 2.4.4-p3 - Cross-Site Request Forgery
Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting
Rails 5.0.1 - Remote Code Execution

Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes)
Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)
Windows/x86 - Download using mshta.exe Shellcode (100 bytes)
 2020-07-27 05:02:04 +00:00
Offensive Security
533f33f3f4 DB: 2020-06-05 
17 changes to exploits/shellcodes

IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path
AirControl 1.4.2 - PreAuth Remote Code Execution
Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated)
Clinic Management System 1.0 - Unauthenticated Remote Code Execution
Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated)
Oriol Espinal CMS 1.0 - 'id' SQL Injection
Clinic Management System 1.0 - Authenticated Arbitrary File Upload
Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin)
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution
Navigate CMS 2.8.7 - Authenticated Directory Traversal
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass
Online Marriage Registration System 1.0 - Remote Code Execution
Cayin Content Management Server 11.0 - Remote Command Injection (root)
SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User)
Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read
Cayin Signage Media Player 3.0 - Remote Command Injection (root)
Cayin Digital Signage System xPost 2.5 - Remote Command Injection
 2020-06-05 05:01:53 +00:00
Offensive Security
6aad755e5e DB: 2020-05-19 
10 changes to exploits/shellcodes

HP LinuxKI 6.01 - Remote Command Injection
Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection
Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection
Online Examination System 1.0 - 'eid' SQL Injection
Oracle Hospitality RES 3700 5.7 - Remote Code Execution
forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting
Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload
online Chatting System 1.0 - 'id' SQL Injection
Online Healthcare Patient Record Management System 1.0 - Authentication Bypass
Online Healthcare management system 1.0 - Authentication Bypass
 2020-05-19 05:01:51 +00:00
Offensive Security
a5ffe5baef DB: 2020-05-16 
2 changes to exploits/shellcodes

vBulletin 5.6.1 - 'nodeId' SQL Injection
ManageEngine Service Desk 10.0 - Cross-Site Scripting
 2020-05-16 05:01:47 +00:00
Offensive Security
522576cc79 DB: 2020-05-15 
6 changes to exploits/shellcodes

Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH)
Complaint Management System 1.0 - 'username' SQL Injection
Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution
E-Commerce System 1.0 - Unauthenticated Remote Code Execution
 2020-05-15 05:01:49 +00:00
Offensive Security
f564ddfd17 DB: 2020-05-13 
10 changes to exploits/shellcodes

LanSend 3.2 - Buffer Overflow (SEH)
MacOS 320.whatis Script - Privilege Escalation
Phase Botnet - Blind SQL Injection
Orchard Core RC1 - Persistent Cross-Site Scripting
ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection
CuteNews 2.1.2 - Authenticated Arbitrary File Upload
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting
qdPM 9.1 - Arbitrary File Upload
TylerTech Eagle 2018.3.11 - Remote Code Execution
 2020-05-13 05:01:48 +00:00
Offensive Security
9de5d20d13 DB: 2020-05-02 
9 changes to exploits/shellcodes

VirtualTablet Server 3.0.2 - Denial of Service (PoC)

Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)
ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting
Online Scheduling System 1.0 - Persistent Cross-Site Scripting
php-fusion 9.03.50 - Persistent Cross-Site Scripting
Super Backup 2.0.5 for iOS - Directory Traversal
HardDrive 2.1 for iOS - Arbitrary File Upload
Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover)
Online Scheduling System 1.0 - Authentication Bypass
 2020-05-02 05:01:58 +00:00
Offensive Security
7b87f30fbc DB: 2020-04-25 
5 changes to exploits/shellcodes

Popcorn Time 6.2 - 'Update service' Unquoted Service Path
EspoCRM 5.8.5 - Privilege Escalation
Edimax EW-7438RPn 1.13 - Remote Code Execution
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
 2020-04-25 05:01:51 +00:00
Offensive Security
c3e827f657 DB: 2020-04-17 
8 changes to exploits/shellcodes

VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)
TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)
Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
Apache Solr - Remote Code Execution via Velocity Template (Metasploit)
 2020-04-17 05:01:48 +00:00
Offensive Security
0137126a8e DB: 2020-04-15 
4 changes to exploits/shellcodes

B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)
Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution
WSO2 3.1.0 - Persistent Cross-Site Scripting
Oracle WebLogic Server 12.2.1.4.0  -  Remote Code Execution
 2020-04-15 05:01:49 +00:00
Offensive Security
be2aa5d840 DB: 2020-04-14 
7 changes to exploits/shellcodes

Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)
Huawei HG630 2 Router - Authentication Bypass
TVT NVMS 1000 - Directory Traversal
Webtateas 2.0 - Arbitrary File Read
WSO2 3.1.0 - Arbitrary File Delete
Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
 2020-04-14 05:01:51 +00:00
Offensive Security
284325fbf5 DB: 2020-03-28 
5 changes to exploits/shellcodes

Everest 5.50.2100 - 'Open File' Denial of Service (PoC)

Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH)
ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)
Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution
 2020-03-28 05:01:48 +00:00
Offensive Security
153c392dd9 DB: 2020-03-13 
9 changes to exploits/shellcodes

ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path
Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection
WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution
rConfig 3.9 - 'searchColumn' SQL Injection
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
 2020-03-13 05:01:50 +00:00
Offensive Security
0a0ad49d15 DB: 2020-03-11 
7 changes to exploits/shellcodes

Counter Strike: GO - '.bsp' Memory Control (PoC)
Nagios XI - Authenticated Remote Command Execution (Metasploit)
PHPStudy - Backdoor Remote Code execution (Metasploit)
Sysaid 20.1.11 b26 - Remote Command Execution
YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting
Persian VIP Download Script 1.0 - 'active' SQL Injection
 2020-03-11 05:01:47 +00:00
Offensive Security
4df22c7404 DB: 2020-03-10 
13 changes to exploits/shellcodes

Microsoft Windows - 'WizardOpium' Local Privilege Escalation
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)
PHP-FPM - Underflow Remote Code Execution (Metasploit)
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)

ManageEngine ServiceDesk Plus 9.3 - User Enumeration
60CycleCMS  - 'news.php' SQL Injection

Sahi pro 8.x - Directory Traversal

Sentrifugo HRMS 3.2 - 'id' SQL Injection
 2020-03-10 05:01:44 +00:00
Offensive Security
cf92ea269e DB: 2020-02-25 
22 changes to exploits/shellcodes

Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)
Go SSH servers 0.0.2 - Denial of Service (PoC)
Android Binder - Use-After-Free (Metasploit)
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)

Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
Real Web Pentesting Tutorial Step by Step - [Persian]
AMSS++ v 4.31 - 'id' SQL Injection
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
AMSS++ 4.7 - Backdoor Admin Account
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
ATutor 2.2.4 - 'id' SQL Injection
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
eLection 2.0 - 'id' SQL Injection
DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 - File Upload Restrictions Bypass
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
Cacti 1.2.8 - Remote Code Execution

Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
 2020-02-25 05:01:52 +00:00
Offensive Security
228a37da9c DB: 2020-02-18 
15 changes to exploits/shellcodes

HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path
TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path
Cuckoo Clock v5.0 - Buffer Overflow

Anviz CrossChex - Buffer Overflow (Metasploit)
SOPlanning 1.45 - 'by' SQL Injection
Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
Avaya Aura Communication Manager 5.2 - Remote Code Execution
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
SOPlanning 1.45 - 'users' SQL Injection
LabVantage 8.3 - Information Disclosure
 2020-02-18 05:01:54 +00:00
Offensive Security
923f53211e DB: 2020-02-07 
16 changes to exploits/shellcodes

AbsoluteTelnet 11.12 - _license name_ Denial of Service (PoC)
AbsoluteTelnet 11.12 - 'license name' Denial of Service (PoC)
VIM 8.2 - Denial of Service (PoC)
AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC)
TapinRadio 2.12.3 - 'address' Denial of Service (PoC)
TapinRadio 2.12.3 - 'username' Denial of Service (PoC)
RarmaRadio 2.72.4 - 'username' Denial of Service (PoC)
RarmaRadio 2.72.4 - 'server' Denial of Service (PoC)

ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path
Online Job Portal 1.0 - 'user_email' SQL Injection
Online Job Portal 1.0 - Remote Code Execution
Online Job Portal 1.0 - Cross Site Request Forgery (Add User)
Ecommerce Systempay 1.0 - Production KEY Brute Force
Cisco Data Center Network Manager 11.2 - Remote Code Execution
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection
 2020-02-07 05:02:01 +00:00
Offensive Security
7d757326b8 DB: 2020-02-06 
8 changes to exploits/shellcodes

Socat 1.7.3.4 - Heap-Based Overflow (PoC)
xglance-bin 11.00 - Privilege Escalation

HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account
AVideo Platform 8.1 - Information Disclosure (User Enumeration)
Wago PFC200 - Authenticated Remote Code Execution (Metasploit)
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)
AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
 2020-02-06 05:02:08 +00:00
Offensive Security
8683ee3eea DB: 2020-02-04 
8 changes to exploits/shellcodes

BearFTP 0.1.0 - 'PASV' Denial of Service
P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC)

Jobberbase 2.0 CMS - 'jobs-in' SQL Injection
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
phpList 3.5.0 - Authentication Bypass
Jira 8.3.4 - Information Disclosure (Username Enumeration)
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
 2020-02-04 05:02:00 +00:00
Offensive Security
3b5a0d91fe DB: 2020-01-30 
9 changes to exploits/shellcodes

XMLBlueprint 16.191112 - XML External Entity Injection
Microsoft Windows 10 - Theme API 'ThemePack' File Parsing
Kibana 6.6.1 - CSV Injection
Liferay CE Portal 6.0.2 - Remote Command Execution
Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)
Satellian 1.12 - Remote Code Execution
Centreon 19.10.5 - 'Pollers' Remote Command Execution
Centreon 19.10.5 - 'centreontrapd' Remote Command Execution
Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting
 2020-01-30 05:02:05 +00:00
Offensive Security
8128628aa6 DB: 2020-01-22 
2 changes to exploits/shellcodes

NEOWISE CARBONFTP 1.4 - Weak Password Encryption

ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection
 2020-01-22 05:02:00 +00:00
Offensive Security
1a9ce31a5f DB: 2020-01-17 
12 changes to exploits/shellcodes

SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP)

Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution

VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities

ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting

ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting

VICIDIAL Call Center Suite - Multiple SQL Injections

Online Book Store 1.0 -  'bookisbn' SQL Injection
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
Online Book Store 1.0 - Arbitrary File Upload
Tautulli 2.1.9 - Denial of Service ( Metasploit )
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal
Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection
Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection
 2020-01-17 05:02:10 +00:00
Offensive Security
de1e6651e0 DB: 2020-01-10 
8 changes to exploits/shellcodes

ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC)

MSN Password Recovery 1.30 - XML External Entity Injection

Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery

Oracle Weblogic 10.3.6.0.0 - Remote Command Execution
 2020-01-10 05:02:00 +00:00
Offensive Security
c7085a57b4 DB: 2020-01-09 
9 changes to exploits/shellcodes

Cisco DCNM JBoss 10.4 - Credential Leakage
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
ASTPP VoIP 4.0.1 - Remote Code Execution
JetBrains TeamCity 2018.2.4 - Remote Code Execution
Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting
Online Book Store 1.0 - Unauthenticated Remote Code Execution
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape
Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)

Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
 2020-01-09 05:02:04 +00:00
Offensive Security
b92604bb93 DB: 2019-12-18 
7 changes to exploits/shellcodes

D-Link DIR-615 Wireless Router  -  Persistent Cross-Site Scripting
Roxy Fileman 1.4.5 - Directory Traversal
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting
Netgear R6400 - Remote Code Execution
NopCommerce 4.2.0 -  Privilege Escalation

Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)
 2019-12-18 05:02:05 +00:00
Offensive Security
6cf35b330f DB: 2019-12-12 
5 changes to exploits/shellcodes

Product Key Explorer 4.2.0.0 - 'Name' Denial of Service (POC)
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)
AppXSvc 17763 - Arbitrary File Overwrite (DoS)
Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font

Apache Olingo OData 4.0 - XML External Entity Injection
 2019-12-12 05:01:58 +00:00
Offensive Security
44b163c8d1 DB: 2019-12-10 
11 changes to exploits/shellcodes

Omron PLC 1.0.0 - Denial of Service (PoC)
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
Microsoft Windows - Multiple UAC Protection Bypasses
Microsoft Windows - 'WSReset' UAC Protection Bypass (Registry)
Microsoft Windows 10 - 'WSReset' UAC Protection Bypass (propsys.dll)
SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow (SEH)
Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting
PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass
Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution
Alcatel-Lucent Omnivista 8770 - Remote Code Execution
Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting
 2019-12-10 05:01:48 +00:00
Offensive Security
b6ed2c7176 DB: 2019-11-09 
6 changes to exploits/shellcodes

SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path
Android Janus - APK Signature Bypass (Metasploit)

rConfig - install Command Execution (Metasploit)
Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
Adive Framework 2.0.7 - Privilege Escalation
Nextcloud 17 - Cross-Site Request Forgery
 2019-11-09 05:01:40 +00:00