bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2153 commits 1 branch 0 tags 264 MiB
Commit graph

103 commits

Author SHA1 Message Date
Offensive Security
1979df6cb3 DB: 2020-06-19 
51 changes to exploits/shellcodes

Tor Browser < 0.3.2.10 - Use After Free (PoC)
Notepad++ < 7.7 (x64)  - Denial of Service
SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
InputMapper 1.6.10 - Denial of Service

SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)

XnConvert 1.82 - Denial of Service (PoC)

SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC)

SpotDialup 1.6.7 - 'Key' Denial of Service (PoC)

Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)

FreeBSD 12.0 - 'fd' Local Privilege Escalation
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH)

DeviceViewer 3.12.0.1 - Arbitrary Password Change

Winrar 5.80 - XML External Entity Injection

Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution

Siemens TIA Portal - Remote Command Execution

Android 7 < 9 - Remote Code Execution
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)
CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit)

MyBB < 1.8.21 - Remote Code Execution

Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation

Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)

Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery

Publisure Hybrid - Multiple Vulnerabilities

NetGain EM Plus 10.1.68 - Remote Command Execution

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection

WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion

DotNetNuke 9.3.2 - Cross-Site Scripting

VehicleWorkshop 1.0 - 'bookingid' SQL Injection
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload

WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion

WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting

WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
Joomla! 3.9.0 < 3.9.7 - CSV Injection
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
Wing FTP Server - Authenticated CSRF (Delete Admin)

WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification

UADMIN Botnet 1.0 - 'link' SQL Injection

Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload

Wordpress Plugin PicUploader 1.0 - Remote File Upload

PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution

WordPress Plugin Helpful 2.4.11 - SQL Injection

Prestashop 1.7.6.4 - Cross-Site Request Forgery

WordPress Plugin Simple File List 5.4 - Remote Code Execution

Library CMS Powerful Book Management System 2.2.0 - Session Fixation

Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection

Beauty Parlour Management System 1.0 - Authentication Bypass

Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)

Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes)

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
 2020-06-19 05:02:01 +00:00
Offensive Security
7312a8330d DB: 2020-06-18 
3 changes to exploits/shellcodes

Code Blocks 17.12 - 'File Name' Local Buffer Overflow (Unicode) (SEH) (PoC)
College-Management-System-Php 1.0 - Authentication Bypass
OpenCTI 3.3.1 - Directory Traversal
 2020-06-18 05:01:57 +00:00
Offensive Security
8fc6092de1 DB: 2020-06-17 
4 changes to exploits/shellcodes

NETGEAR SSL312 Router - Denial of Service
Netgear SSL312 Router - Denial of Service

NETGEAR WGR614v9 Wireless Router - Denial of Service
Netgear WGR614v9 Wireless Router - Denial of Service

NETGEAR DG632 Router - Remote Denial of Service
Netgear DG632 Router - Remote Denial of Service

NETGEAR ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service
Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service

NETGEAR ProSafe - Denial of Service
Netgear ProSafe - Denial of Service

NETGEAR WGR614 - Administration Interface Remote Denial of Service
Netgear WGR614 - Administration Interface Remote Denial of Service

NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation
Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation

Outline Service 1.3.3  - 'Outline Service ' Unquoted Service Path
Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path

Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path

NETGEAR WG102 - Leaks SNMP Write Password With Read Access
Netgear WG102 - Leaks SNMP Write Password With Read Access

NETGEAR DG632 Router - Authentication Bypass
Netgear DG632 Router - Authentication Bypass

NETGEAR WNR2000 FW 1.2.0.8 - Information Disclosure
Netgear WNR2000 FW 1.2.0.8 - Information Disclosure

NETGEAR WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)
Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)

NETGEAR FM114P Wireless Firewall - File Disclosure
Netgear FM114P Wireless Firewall - File Disclosure

NETGEAR FM114P ProSafe Wireless Router - UPnP Information Disclosure
Netgear FM114P ProSafe Wireless Router - UPnP Information Disclosure

NETGEAR FM114P ProSafe Wireless Router - Rule Bypass
Netgear FM114P ProSafe Wireless Router - Rule Bypass

NETGEAR RP114 3.26 - Content Filter Bypass
Netgear RP114 3.26 - Content Filter Bypass

NETGEAR DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit)
Netgear DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit)

NETGEAR DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit)
Netgear DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit)

NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow
Netgear MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow

NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow
Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow

NETGEAR ReadyNAS - Perl Code Evaluation (Metasploit)
Netgear ReadyNAS - Perl Code Evaluation (Metasploit)

NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting
Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting

NETGEAR WNR2000 - Multiple Information Disclosure Vulnerabilities
Netgear WNR2000 - Multiple Information Disclosure Vulnerabilities

NETGEAR WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities
Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities

NETGEAR D6300B - '/diag.cgi?IPAddr4' Remote Command Execution
Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution

NETGEAR NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit)
Netgear NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit)
NETGEAR JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure
Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
Netgear WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure

NETGEAR WNR2000v5 - Remote Code Execution
Netgear WNR2000v5 - Remote Code Execution

NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)
Netgear R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)

NETGEAR WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)
Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)

NETGEAR DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit)
Netgear DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit)

NETGEAR - 'TelnetEnable' Magic Packet (Metasploit)
Netgear - 'TelnetEnable' Magic Packet (Metasploit)

WordPress MU < 1.3.2 - active_plugins option Code Execution
WordPress MU < 1.3.2 - 'active_plugins' Code Execution

NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery
Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery

NETGEAR SPH200D - Multiple Vulnerabilities
Netgear SPH200D - Multiple Vulnerabilities

NETGEAR DGN1000B - Multiple Vulnerabilities
Netgear DGN1000B - Multiple Vulnerabilities

NETGEAR DGN2200B - Multiple Vulnerabilities
Netgear DGN2200B - Multiple Vulnerabilities

NETGEAR WNR1000 - Authentication Bypass
Netgear WNR1000 - Authentication Bypass

NETGEAR WPN824v3 - Unauthorized Configuration Download
Netgear WPN824v3 - Unauthorized Configuration Download

NETGEAR DGN1000 / DGN2200 - Multiple Vulnerabilities
Netgear DGN1000 / DGN2200 - Multiple Vulnerabilities

NETGEAR ProSafe - Information Disclosure
Netgear ProSafe - Information Disclosure

NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)
Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)

NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities
Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities

NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities
Netgear WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities

NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting

NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure

NETGEAR WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access
Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access

NETGEAR ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure
Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure

NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation

NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities

NETGEAR WNR1000v4 - Authentication Bypass
Netgear WNR1000v4 - Authentication Bypass

NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities
Netgear NMS300 ProSafe Network Management System - Multiple Vulnerabilities
NETGEAR R7000 - Command Injection
NETGEAR R7000 - Cross-Site Scripting
Netgear R7000 - Command Injection
Netgear R7000 - Cross-Site Scripting

NETGEAR Routers - Password Disclosure
Netgear Routers - Password Disclosure

NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution
Netgear DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution

NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution
Netgear DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution

NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery
Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery

Multiple  WordPress Plugins - Arbitrary File Upload
Multiple WordPress Plugins - Arbitrary File Upload

NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution
Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution

NETGEAR WiFi Router R6120 - Credential Disclosure
Netgear WiFi Router R6120 - Credential Disclosure

NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass

WordPress Plugin LearnDash  LMS 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting

School File Management System 1.0  - 'username' SQL Injection
School File Management System 1.0 - 'username' SQL Injection

ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection
WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection

Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection
WordPress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection

Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)
WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)

Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation
WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation

Joomla J2  Store 3.3.11 - 'filter_order_Dir'  SQL Injection (Authenticated)
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)
Netgear R7000 Router - Remote Code Execution
Gila CMS 1.11.8 - 'query' SQL Injection
 2020-06-17 05:02:00 +00:00
Offensive Security
d2b3291be5 DB: 2020-06-13 
3 changes to exploits/shellcodes

Joomla J2 Store 3.3.11 - 'filter_order_Dir'  SQL Injection (Authenticated)
Joomla J2  Store 3.3.11 - 'filter_order_Dir'  SQL Injection (Authenticated)
SmarterMail 16 - Arbitrary File Upload
Avaya IP Office 11 - Password Disclosure
Sysax MultiServer 6.90 - Reflected Cross Site Scripting
 2020-06-13 05:01:56 +00:00
Offensive Security
533f33f3f4 DB: 2020-06-05 
17 changes to exploits/shellcodes

IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path
AirControl 1.4.2 - PreAuth Remote Code Execution
Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated)
Clinic Management System 1.0 - Unauthenticated Remote Code Execution
Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated)
Oriol Espinal CMS 1.0 - 'id' SQL Injection
Clinic Management System 1.0 - Authenticated Arbitrary File Upload
Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin)
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution
Navigate CMS 2.8.7 - Authenticated Directory Traversal
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass
Online Marriage Registration System 1.0 - Remote Code Execution
Cayin Content Management Server 11.0 - Remote Command Injection (root)
SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User)
Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read
Cayin Signage Media Player 3.0 - Remote Command Injection (root)
Cayin Digital Signage System xPost 2.5 - Remote Command Injection
 2020-06-05 05:01:53 +00:00
Offensive Security
b68cd4f38a DB: 2020-06-02 
3 changes to exploits/shellcodes

Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation
VMware vCenter Server 6.7 - Authentication Bypass
QuickBox Pro 2.1.8 - Authenticated Remote Code Execution
 2020-06-02 05:01:56 +00:00
Offensive Security
326e1cc9df DB: 2020-05-30 
2 changes to exploits/shellcodes

WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)
Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass
 2020-05-30 05:01:57 +00:00
Offensive Security
99dc6c7c33 DB: 2020-05-29 
4 changes to exploits/shellcodes

NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection
Online-Exam-System 2015 - 'fid' SQL Injection
EyouCMS 1.4.6 - Persistent Cross-Site Scripting
QNAP QTS and Photo Station 6.0.3 - Remote Command Execution
 2020-05-29 05:02:05 +00:00
Offensive Security
b6194a254f DB: 2020-05-22 
6 changes to exploits/shellcodes

AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)

CloudMe 1.11.2 - Buffer Overflow (SEH_DEP_ASLR)
forma.lms 5.6.40 - Cross-Site Request Forgery (Change Admin Email)
Composr CMS 10.0.30 - Persistent Cross-Site Scripting
PHPFusion 9.03.50 - Persistent Cross-Site Scripting
OpenEDX platform Ironwood 2.5 - Remote Code Execution
 2020-05-22 05:01:54 +00:00
Offensive Security
7cb5d48647 DB: 2020-05-12 
14 changes to exploits/shellcodes

SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions
Pi-hole < 4.4 - Authenticated Remote Code Execution
Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation
Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection
Kartris 1.6 - Arbitrary File Upload
Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting
CuteNews 2.1.2 - Arbitrary File Deletion
OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting
Victor CMS 1.0 - 'post' SQL Injection
Complaint Management System 1.0 - Authentication Bypass
LibreNMS 1.46 - 'search' SQL Injection
 2020-05-12 05:01:50 +00:00
Offensive Security
ccea007282 DB: 2020-05-01 
81 changes to exploits/shellcodes

WordPress 2.9 - Denial of Service
WordPress Core 2.9 - Denial of Service

Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)

IBM AIX 4.3.1 - 'adb' Denial of Service

Jzip -  Buffer Overflow (PoC) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
WordPress 4.0 - Denial of Service
WordPress < 4.0.1 - Denial of Service
WordPress Core 4.0 - Denial of Service
WordPress Core < 4.0.1 - Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

PHPFreeChat 1.7 - Denial of Service

XenForo 2 - CSS Loader Denial of Service

MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)

Windows PowerShell - Unsanitized Filename Command Execution
Microsoft Windows PowerShell - Unsanitized Filename Command Execution

QEMU - Denial of Service

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

FTP Navigator 8.03 -  'Custom Command' Denial of Service (SEH)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

FTPGetter Professional 5.97.0.223 -  Denial of Service (PoC)
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)

Tautulli 2.1.9 - Denial of Service (Metasploit)

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Cisco IP Phone 11.7 - Denial of service (PoC)

PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions  Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass

IBM AIX 4.3.1 - 'adb' Denial of Service

Systrace 1.x (Linux Kernel  x64) - Aware Local Privilege Escalation
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation

Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation

Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Pronestor Health Monitoring < 8.1.11.0  - Privilege Escalation
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation

Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

Linux Kernel 4.8.0-34 < 4.8.0-45  (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation

Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows NTFS - Privileged File Access Enumeration
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
Microsoft Windows NTFS - Privileged File Access Enumeration
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

_GCafé 3.0  - 'gbClienService' Unquoted Service Path
_GCafé 3.0 - 'gbClienService' Unquoted Service Path

Wondershare Application Framework Service - _WsAppService_  Unquote Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)

Bash 5.0 Patch 11 -  SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit

Windows - Shell COM Server Registrar Local Privilege Escalation
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation

Windows Kernel  - Information Disclosure
Microsoft Windows Kernel - Information Disclosure
NVIDIA Update Service Daemon 1.0.21  - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service  1.0.64.7  - 'Andrea ST Filters Service ' Unquoted Service Path
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path

Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)

WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)

Windows PowerShell ISE - Remote Code Execution
Microsoft Windows PowerShell ISE - Remote Code Execution

QEMU - Denial of Service

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

WordPress 1.2 - HTTP Splitting
WordPress Core 1.2 - HTTP Splitting

WordPress 1.5.1.1 - SQL Injection
WordPress Core 1.5.1.1 - SQL Injection

WordPress 1.5.1.1 - 'add new admin' SQL Injection
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection

WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress 1.5.1.3 - Remote Code Execution
WordPress 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress Core 1.5.1.3 - Remote Code Execution
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)

WordPress 2.0.5 - Trackback UTF-7 SQL Injection
WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection

WordPress 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection

WordPress 2.1.2 - 'xmlrpc' SQL Injection
WordPress Core 2.1.2 - 'xmlrpc' SQL Injection

WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing

WordPress 2.2 - 'xmlrpc.php' SQL Injection
WordPress Core 2.2 - 'xmlrpc.php' SQL Injection

WordPress 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload

WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities

WordPress 2.3.1 - Charset SQL Injection
WordPress Core 2.3.1 - Charset SQL Injection

Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection
Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection

WordPress 2.6.1 - SQL Column Truncation
WordPress Core 2.6.1 - SQL Column Truncation

WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)

WordPress 2.8.1 - 'url' Cross-Site Scripting
WordPress Core 2.8.1 - 'url' Cross-Site Scripting

WordPress 2.8.3 - Remote Admin Reset Password
WordPress Core 2.8.3 - Remote Admin Reset Password
WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

WordPress 2.9 - Failure to Restrict URL Access
WordPress Core 2.9 - Failure to Restrict URL Access

Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion

Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection

Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting

Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion

WordPress 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection

WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)

WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)

WordPress 3.1.3 - SQL Injection
WordPress Core 3.1.3 - SQL Injection

WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities

WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting

WordPress 1.5 - 'post.php' Cross-Site Scripting
WordPress Core 1.5 - 'post.php' Cross-Site Scripting

WordPress 2.0 - Comment Post HTML Injection
WordPress Core 2.0 - Comment Post HTML Injection

WordPress 2.0.5 - 'functions.php' Remote File Inclusion
WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion

WordPress 1.x/2.0.x - 'template.php' HTML Injection
WordPress Core 1.x/2.0.x - 'template.php' HTML Injection

WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress 2.1.1 - 'post.php' Cross-Site Scripting
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting
WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress 2.1.1 - Arbitrary Command Execution
WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress Core 2.1.1 - Arbitrary Command Execution
WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution

WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting

WordPress 2.2 - 'Request_URI' Cross-Site Scripting
WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting

WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting

WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting

WordPress 2.3.1 - Unauthorized Post Access
WordPress Core 2.3.1 - Unauthorized Post Access

WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting

WordPress 2.3.3 - 'cat' Directory Traversal
WordPress Core 2.3.3 - 'cat' Directory Traversal

WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 4.2 - Persistent Cross-Site Scripting
WordPress Core 4.2 - Persistent Cross-Site Scripting

WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities

WordPress 3.4.2 - Cross-Site Request Forgery
WordPress Core 3.4.2 - Cross-Site Request Forgery

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery

WordPress 4.5.3 - Directory Traversal / Denial of Service
WordPress Core 4.5.3 - Directory Traversal / Denial of Service

PHPFreeChat 1.7 - Denial of Service
WordPress 4.7.0/4.7.1 - Content Injection (Python)
WordPress 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)

WordPress < 4.7.1 - Username Enumeration
WordPress Core < 4.7.1 - Username Enumeration

WordPress Multiple Plugins - Arbitrary File Upload
Multiple  WordPress Plugins - Arbitrary File Upload

Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download

Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal

Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection

Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
WordPress 4.6 - Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
WordPress Core 4.6 - Remote Code Execution
WordPress Core < 4.7.4 - Unauthorized Password Reset

XenForo 2 - CSS Loader Denial of Service

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion

Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)

Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)

MikroTik 6.41.4 - FTP daemon Denial of Service PoC

Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting

Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla! Component Ek Rishta 2.10 - SQL Injection

Raisecom  XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection

Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection

Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection

Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting

WordPress CherryFramework Themes 3.1.4 - Backup File Download
WordPress Theme CherryFramework 3.1.4 - Backup File Download

WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting

Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing

Jenkins 2.150.2 -  Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Simple Online Hotel Reservation System  - SQL Injection
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

phpBB 3.2.3  - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution

60CycleCMS  - 'news.php' SQL Injection
60CycleCMS - 'news.php' SQL Injection

Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC

WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting

Centreon 19.04  - Remote Code Execution
Centreon 19.04 - Remote Code Execution

WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery

Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection

WordPress 5.2.3 - Cross-Site Host Modification
WordPress Core 5.2.3 - Cross-Site Host Modification

Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution

WordPress Arforms 3.7.1 - Directory Traversal
WordPress Plugin Arforms 3.7.1 - Directory Traversal
WordPress Plugin  FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin  Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin  Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0  - Remote Code Execution
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution

Joomla 3.9.13 - 'Host' Header Injection
Joomla! 3.9.13 - 'Host' Header Injection

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

NopCommerce 4.2.0 -  Privilege Escalation
NopCommerce 4.2.0 - Privilege Escalation

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Online Book Store 1.0 -  'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal ( Metasploit )
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal (Metasploit)

Tautulli 2.1.9 - Denial of Service ( Metasploit )
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass

LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash  LMS 3.1.2 - Reflective Cross-Site Scripting

WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)

Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting

Cacti 1.2.8 - Authenticated  Remote Code Execution
Cacti 1.2.8 - Authenticated Remote Code Execution

Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)

Wordpress Plugin Search Meter 2.13.2 - CSV injection
WordPress Plugin Search Meter 2.13.2 - CSV injection

Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection

Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion

Oracle WebLogic Server 12.2.1.4.0  -  Remote Code Execution
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution

Cisco IP Phone 11.7 - Denial of service (PoC)

Linux/ARM -  Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)

Linux/x86 - Rabbit Encoder Shellcode  (200 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
 2020-05-01 05:02:03 +00:00
Offensive Security
7b87f30fbc DB: 2020-04-25 
5 changes to exploits/shellcodes

Popcorn Time 6.2 - 'Update service' Unquoted Service Path
EspoCRM 5.8.5 - Privilege Escalation
Edimax EW-7438RPn 1.13 - Remote Code Execution
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
 2020-04-25 05:01:51 +00:00
Offensive Security
85bef6929f DB: 2020-04-07 
17 changes to exploits/shellcodes

Product Key Explorer 4.2.2.0 - 'Key' Denial of Service (PoC)
SpotAuditor 5.3.4 - 'Name' Denial of Service (PoC)
Nsauditor 3.2.0.0 - 'Name' Denial of Service (PoC)
Frigate 3.36 - Denial of Service (PoC)
UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service (PoC)
UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service (PoC)
UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service (PoC)
ZOC Terminal v7.25.5 - 'Private key file' Denial of Service (PoC)
Memu Play 7.1.3 - Insecure Folder Permissions
Triologic Media Player 8 - '.m3l' Buffer Overflow (Unicode) (SEH)
Microsoft NET USE win10 - Insufficient Authentication Logic
LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)
WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting
Bolt CMS 3.7.0 - Authenticated Remote Code Execution
LimeSurvey 4.1.11 - 'File Manager' Path Traversal
pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting
 2020-04-07 05:02:01 +00:00
Offensive Security
b84d953124 DB: 2020-03-24 
10 changes to exploits/shellcodes

ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)

CyberArk PSMP 10.9.1 - Policy Restriction Bypass

PHPMailer < 5.2.18 - Remote Code Execution (Bash)
FIBARO System Home Center 5.021 - Remote File Include
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection

Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
 2020-03-24 05:01:50 +00:00
Offensive Security
4df22c7404 DB: 2020-03-10 
13 changes to exploits/shellcodes

Microsoft Windows - 'WizardOpium' Local Privilege Escalation
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)
PHP-FPM - Underflow Remote Code Execution (Metasploit)
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)

ManageEngine ServiceDesk Plus 9.3 - User Enumeration
60CycleCMS  - 'news.php' SQL Injection

Sahi pro 8.x - Directory Traversal

Sentrifugo HRMS 3.2 - 'id' SQL Injection
 2020-03-10 05:01:44 +00:00
Offensive Security
04881134cd DB: 2020-03-07 
5 changes to exploits/shellcodes

Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path
SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path
ASUS GiftBox Desktop 1.1.1.127 - 'ASUSGiftBoxDesktop' Unquoted Service Path
Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path

ManageEngine Desktop Central - 'FileStorage getChartImage' Deserialization / Unauthenticated Remote Code Execution
 2020-03-07 05:01:49 +00:00
Offensive Security
afe5797b88 DB: 2020-03-03 
12 changes to exploits/shellcodes

Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
Wing FTP Server 6.2.3 - Privilege Escalation
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
Joplin Desktop 1.0.184 - Cross-Site Scripting
Netis WF2419 2.2.36123 - Remote Code Execution
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
Wing FTP Server 6.2.5 - Privilege Escalation
TP LINK TL-WR849N - Remote Code Execution
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
 2020-03-03 05:01:48 +00:00
Offensive Security
016ad02a70 DB: 2020-02-29 
1 changes to exploits/shellcodes

qdPM < 9.1 - Remote Code Execution
 2020-02-29 05:01:46 +00:00
Offensive Security
02aee6c80e DB: 2020-02-28 
5 changes to exploits/shellcodes

Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
Comtrend VR-3033 - Command Injection
Apache Tomcat - AJP 'Ghostcat File Read/Inclusion
Cacti 1.2.8 - Authenticated  Remote Code Execution
Cacti 1.2.8 - Unauthenticated Remote Code Execution
 2020-02-28 05:01:52 +00:00
Offensive Security
cf92ea269e DB: 2020-02-25 
22 changes to exploits/shellcodes

Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)
Go SSH servers 0.0.2 - Denial of Service (PoC)
Android Binder - Use-After-Free (Metasploit)
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)

Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
Real Web Pentesting Tutorial Step by Step - [Persian]
AMSS++ v 4.31 - 'id' SQL Injection
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
AMSS++ 4.7 - Backdoor Admin Account
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
ATutor 2.2.4 - 'id' SQL Injection
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
eLection 2.0 - 'id' SQL Injection
DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 - File Upload Restrictions Bypass
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
Cacti 1.2.8 - Remote Code Execution

Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
 2020-02-25 05:01:52 +00:00
Offensive Security
8cbf7883c1 DB: 2020-02-11 
11 changes to exploits/shellcodes

Dota 2 7.23f - Denial of Service (PoC)
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
Ricoh Driver - Privilege Escalation (Metasploit)
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting

Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
 2020-02-11 05:02:02 +00:00
Offensive Security
54935a7883 DB: 2020-02-08 
7 changes to exploits/shellcodes

Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit)
QuickDate 1.3.2 - SQL Injection
VehicleWorkshop 1.0 - 'bookingid' SQL Injection
PackWeb Formap E-learning 1.0 - 'NumCours' SQL Injection
EyesOfNetwork 5.3 - Remote Code Execution
ExpertGPS 6.38 - XML External Entity Injection
Google Invisible RECAPTCHA 3 - Spoof Bypass
 2020-02-08 05:01:59 +00:00
Offensive Security
1a9ce31a5f DB: 2020-01-17 
12 changes to exploits/shellcodes

SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP)

Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution

VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities

ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting

ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting

VICIDIAL Call Center Suite - Multiple SQL Injections

Online Book Store 1.0 -  'bookisbn' SQL Injection
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
Online Book Store 1.0 - Arbitrary File Upload
Tautulli 2.1.9 - Denial of Service ( Metasploit )
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal
Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection
Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection
 2020-01-17 05:02:10 +00:00
Offensive Security
83d2726c75 DB: 2020-01-14 
14 changes to exploits/shellcodes

SpotDialup 1.6.7 - 'Name' Denial of Service (PoC)
SpotOutlook 1.2.6 - 'Name' Denial of Service (PoC)
Top Password Software Dialup Password Recovery 1.30 - Denial of Service (PoC)
Backup Key Recovery 2.2.5 - 'Name' Denial of Service (PoC)
TaskCanvas 1.4.0 - 'Registration' Denial Of Service
Top Password Firefox Password Recovery 2.8 - Denial of Service (PoC)
Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions
Allok Video Converter 4.6.1217 - Stack Overflow (SEH)
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow (SEH)
Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass)
Chevereto 3.13.4 Core - Remote Code Execution
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
 2020-01-14 05:02:00 +00:00
Offensive Security
d3ca859971 DB: 2020-01-11 
6 changes to exploits/shellcodes

TotalAV 2020 4.14.31 - Privilege Escalation
Pandora 7.0NG - Remote Code Execution
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution
ASTPP 4.0.1 VoIP Billing - Database Backup Download
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution
 2020-01-11 05:02:00 +00:00
Offensive Security
72cddaee51 DB: 2019-11-20 
13 changes to exploits/shellcodes

ipPulse 1.92 - 'Enter Key' Denial of Service (PoC)
Centova Cast 3.2.12 - Denial of Service (PoC)
scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC)
XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service
BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path
Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation
DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable'
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
Apache Httpd mod_rewrite - Open Redirects
WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
 2019-11-20 05:01:41 +00:00
Offensive Security
d1bcd4121d DB: 2019-10-04 
5 changes to exploits/shellcodes

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)
mintinstall 7.9.9 - Code Execution
AnchorCMS < 0.12.3a - Information Disclosure
 2019-10-04 05:01:47 +00:00
Offensive Security
4eaf273757 DB: 2019-10-02 
9 changes to exploits/shellcodes

kic 2.4a - Denial of Service
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads
WebKit - Universal XSS in WebCore::command
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
WebKit - Universal XSS Using Cached Pages

DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
vBulletin 5 - 'routestring' Remote Code Execution
vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion
vBulletin 5.x - 'routestring' Remote Code Execution
vBulletin 5.x - 'cacheTemplates' Remote Arbitrary File Deletion
PHP 7.1 < 7.3 - disable_functions Bypass
vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution
DotNetNuke < 9.4.0 - Cross-Site Scripting
 2019-10-02 05:01:46 +00:00
Offensive Security
afd22dbcb0 DB: 2019-09-24 
3 changes to exploits/shellcodes

Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure
HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure

Gila CMS < 1.11.1 - Local File Inclusion
 2019-09-24 05:03:03 +00:00
Offensive Security
fcce3705a3 DB: 2019-09-10 
9 changes to exploits/shellcodes

WordPress 5.2.3 - Cross-Site Host Modification
Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection
Enigma NMS 65.0.0 - Cross-Site Request Forgery
Enigma NMS 65.0.0 - OS Command Injection
Enigma NMS 65.0.0 - SQL Injection
Online Appointment - SQL Injection
Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
Dolibarr ERP-CRM 10.0.1 - SQL Injection
 2019-09-10 05:02:21 +00:00
Offensive Security
bc4836bfc1 DB: 2019-09-03 
12 changes to exploits/shellcodes

ChaosPro 2.0 - SEH Buffer Overflow
ChaosPro 2.1 - SEH Buffer Overflow
ChaosPro 3.1 - SEH Buffer Overflow
Kaseya VSA agent 9.5 - Privilege Escalation
Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection
IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read
Opencart 3.x - Cross-Site Scripting
Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
Alkacon OpenCMS 10.5.x - Cross-Site Scripting
Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)
Alkacon OpenCMS 10.5.x - Local File inclusion
Craft CMS 2.7.9/3.2.5 - Information Disclosure
 2019-09-03 05:02:22 +00:00
Offensive Security
85d19232de DB: 2019-08-28 
2 changes to exploits/shellcodes

Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass

Tableau - XML External Entity
 2019-08-28 05:02:15 +00:00
Offensive Security
6de82be6dd DB: 2019-08-24 
1 changes to exploits/shellcodes

Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal
 2019-08-24 05:02:22 +00:00
Offensive Security
803c63574c DB: 2019-08-22 
2 changes to exploits/shellcodes

LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)
 2019-08-22 05:02:30 +00:00
Offensive Security
d82ffc9cd0 DB: 2019-08-09 
7 changes to exploits/shellcodes

Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)
Aptana Jaxer 1.0.3.4547 - Local File inclusion
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download
Adive Framework 2.0.7 - Cross-Site Request Forgery
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection
 2019-08-09 05:02:23 +00:00
Offensive Security
2b7a0122f2 DB: 2019-08-02 
6 changes to exploits/shellcodes

Ultimate Loan Manager 2.0 - Cross-Site Scripting
WebIncorp ERP - SQL injection
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery

Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes)
Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)
Linux/x86 - Force Reboot Shellcode (51 bytes)
 2019-08-02 05:02:24 +00:00
Offensive Security
50dee4d769 DB: 2019-08-01 
1 changes to exploits/shellcodes

Oracle Hyperion Planning 11.1.2.3 - XML External Entity
 2019-08-01 05:02:17 +00:00
Offensive Security
f671a16b46 DB: 2019-07-26 
4 changes to exploits/shellcodes

WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads
Ovidentia 8.4.3 - Cross-Site Scripting
Ovidentia 8.4.3 - SQL Injection
 2019-07-26 05:02:11 +00:00
Offensive Security
1a13989f12 DB: 2019-07-04 
5 changes to exploits/shellcodes

Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)

Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)

AZADMIN CMS 1.0 - SQL Injection
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection

Symantec DLP 15.5 MP1 - Cross-Site Scripting

Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-04 05:01:54 +00:00
Offensive Security
4afcc04eda DB: 2019-07-02 
24 changes to exploits/shellcodes

Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-02 05:01:50 +00:00
Offensive Security
97334ae3af DB: 2019-06-25 
9 changes to exploits/shellcodes

GSearch 1.0.1.0 - Denial of Service (PoC)
Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation
dotProject 2.1.9 - SQL Injection
SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting
SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting
SeedDMS versions < 5.1.11 - Remote Command Execution
GrandNode 4.40 - Path Traversal / Arbitrary File Download

Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
 2019-06-25 05:01:51 +00:00
Offensive Security
745971e212 DB: 2019-06-19 
5 changes to exploits/shellcodes

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
Sahi pro 7.x/8.x - Directory Traversal
Sahi pro 8.x - SQL Injection
Sahi pro 8.x - Cross-Site Scripting

Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)
 2019-06-19 05:01:55 +00:00
Offensive Security
8cbfa5df7f DB: 2019-06-18 
13 changes to exploits/shellcodes

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
 2019-06-18 05:01:54 +00:00
Offensive Security
1a6935f64a DB: 2019-05-29 
3 changes to exploits/shellcodes

Microsoft Windows - 'Win32k' Local Privilege Escalation

EquityPandit 1.0 - Password Disclosure

Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass

Phraseanet < 4.0.7 - Cross-Site Scripting
 2019-05-29 05:01:59 +00:00
Offensive Security
18a676ca3b DB: 2019-05-28 
3 changes to exploits/shellcodes

Pidgin 2.13.0 - Denial of Service (PoC)

Typora 0.9.9.24.6 - Directory Traversal

Deltek Maconomy 2.2.5 - Local File Inclusion
 2019-05-28 05:01:55 +00:00
Offensive Security
edfd130ad1 DB: 2019-05-23 
11 changes to exploits/shellcodes

BlueStacks 4.80.0.1060 - Denial of Service (PoC)
RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)
RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)
TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)
TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC)
Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting
Carel pCOWeb < B1.2.1 - Cross-Site Scripting
Carel pCOWeb < B1.2.1 - Credentials Disclosure
Horde Webmail 5.2.22 - Multiple Vulnerabilities
 2019-05-23 05:02:06 +00:00
Offensive Security
945107caf5 DB: 2019-05-14 
10 changes to exploits/shellcodes

SpotMSN 2.4.6 - Denial of Service (PoC)
DNSS 2.1.8 - Denial of Service (PoC)
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write

TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
SOCA Access Control System 180612 - Information Disclosure
SOCA Access Control System 180612 - SQL Injection
SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)
XOOPS 2.5.9 - SQL Injection
OpenProject 5.0.0 - 8.3.1 - SQL Injection

Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
 2019-05-14 05:01:58 +00:00
Offensive Security
5a28a97130 DB: 2019-05-11 
12 changes to exploits/shellcodes

jetCast Server 2.0 - Denial of Service (PoC)
SpotIM 2.2 - Denial of Service (PoC)
SpotPaltalk 1.1.5 - Denial of Service (PoC)
ASPRunner.NET 10.1 - Denial of Service (PoC)
PHPRunner 10.1 - Denial of Service (PoC)
TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
dotCMS 5.1.1 - HTML Injection
RICOH SP 4510DN Printer - HTML Injection
RICOH SP 4520DN Printer - HTML Injection
CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection
 2019-05-11 05:02:00 +00:00
Offensive Security
6822a23f82 DB: 2019-05-08 
3 changes to exploits/shellcodes

Easy Chat Server 3.1 - 'message' Denial of Service (PoC)

Admin Express 1.2.5.485 - 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow

Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting
 2019-05-08 05:02:04 +00:00
Offensive Security
79a9df09f0 DB: 2019-05-07 
13 changes to exploits/shellcodes

iOS 12.1.3 - 'cfprefsd' Memory Corruption

Windows PowerShell ISE - Remote Code Execution
NSClient++ 0.5.2.35 - Privilege Escalation

Windows PowerShell ISE - Remote Code Execution
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
PHPads 2.0 - 'click.php3?bannerID' SQL Injection
microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)
Linux/x86 - shred file Shellcode (72 bytes)
 2019-05-07 05:01:58 +00:00