bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2424 commits 1 branch 0 tags 267 MiB
Commit graph

109 commits

Author SHA1 Message Date
Offensive Security
6cf35b330f DB: 2019-12-12 
5 changes to exploits/shellcodes

Product Key Explorer 4.2.0.0 - 'Name' Denial of Service (POC)
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)
AppXSvc 17763 - Arbitrary File Overwrite (DoS)
Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font

Apache Olingo OData 4.0 - XML External Entity Injection
 2019-12-12 05:01:58 +00:00
Offensive Security
44b163c8d1 DB: 2019-12-10 
11 changes to exploits/shellcodes

Omron PLC 1.0.0 - Denial of Service (PoC)
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
Microsoft Windows - Multiple UAC Protection Bypasses
Microsoft Windows - 'WSReset' UAC Protection Bypass (Registry)
Microsoft Windows 10 - 'WSReset' UAC Protection Bypass (propsys.dll)
SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow (SEH)
Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting
PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass
Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution
Alcatel-Lucent Omnivista 8770 - Remote Code Execution
Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting
 2019-12-10 05:01:48 +00:00
Offensive Security
b6ed2c7176 DB: 2019-11-09 
6 changes to exploits/shellcodes

SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path
Android Janus - APK Signature Bypass (Metasploit)

rConfig - install Command Execution (Metasploit)
Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
Adive Framework 2.0.7 - Privilege Escalation
Nextcloud 17 - Cross-Site Request Forgery
 2019-11-09 05:01:40 +00:00
Offensive Security
47d2a76f4f DB: 2019-11-02 
7 changes to exploits/shellcodes

OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path

Nostromo - Directory Traversal Remote Command Execution (Metasploit)
TheJshen contentManagementSystem 1.04 - 'id' SQL Injection
ownCloud 10.3.0 stable - Cross-Site Request Forgery
Apache Solr 8.2.0 - Remote Code Execution
 2019-11-02 05:01:41 +00:00
Offensive Security
bfcf0daec9 DB: 2019-10-08 
8 changes to exploits/shellcodes

logrotten 3.15.1 - Privilege Escalation
ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP)
CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation

freeFTP 1.0.8 - Remote Buffer Overflow
Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Zabbix 4.2 - Authentication Bypass
Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload
 2019-10-08 05:01:48 +00:00
Offensive Security
e852f6f799 DB: 2019-09-12 
2 changes to exploits/shellcodes

Enigma NMS 65.0.0 - Cross-Site Request Forgery
Enigma NMS 65.0.0 - OS Command Injection
Enigma NMS 65.0.0 - SQL Injection
Enigma NMS 65.0.0 - Cross-Site Request Forgery
Enigma NMS 65.0.0 - OS Command Injection
Enigma NMS 65.0.0 - SQL Injection
AVCON6 systems management platform - OGNL Remote Command Execution
eWON Flexy - Authentication Bypass
 2019-09-12 05:02:26 +00:00
Offensive Security
a26ef1328e DB: 2019-09-04 
6 changes to exploits/shellcodes

ktsuss 1.4 - suid Privilege Escalation (Metasploit)
ptrace - Sudo Token Privilege Escalation (Metasploit)
Cisco UCS Director - default scpuser password (Metasploit)
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)

FileThingie 2.5.7 - Arbitrary File Upload
 2019-09-04 05:02:30 +00:00
Offensive Security
6f05fdc74e DB: 2019-07-21 
1 changes to exploits/shellcodes
 2019-07-21 05:02:06 +00:00
Offensive Security
978c16266a DB: 2019-07-13 
9 changes to exploits/shellcodes

Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData

SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow
Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation

Xymon 4.3.25 - useradm Command Execution (Metasploit)
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
Sahi Pro 8.0.0 - Remote Command Execution
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution

Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)
 2019-07-13 05:02:17 +00:00
Offensive Security
8cbfa5df7f DB: 2019-06-18 
13 changes to exploits/shellcodes

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
 2019-06-18 05:01:54 +00:00
Offensive Security
76be51b7d6 DB: 2019-06-05 
8 changes to exploits/shellcodes

DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)
NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
IceWarp 10.4.4 - Local File Inclusion
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting
 2019-06-05 05:01:56 +00:00
Offensive Security
0a2b5fd16f DB: 2019-05-30 
7 changes to exploits/shellcodes

Free SMTP Server 2.5 - Denial of Service (PoC)
Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)

Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)

pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
 2019-05-30 05:01:56 +00:00
Offensive Security
6d57564d7c DB: 2019-05-22 
12 changes to exploits/shellcodes

Deluge 1.3.15 - 'URL' Denial of Service (PoC)
Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)
macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
 2019-05-22 05:01:55 +00:00
Offensive Security
f3c28b3d62 DB: 2019-05-01 
23 changes to exploits/shellcodes

SpotAuditor 3.6.7 - Denial of Service (PoC)
SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC)
SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)

DeviceViewer 3.12.0.1 - 'user' SEH Overflow
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow
Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit)
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)
Pimcore < 5.71 - Unserialize RCE (Metasploit)
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
HumHub 1.3.12 - Cross-Site Scripting
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
Domoticz 4.10577 - Unauthenticated Remote Command Execution
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
Hyvikk Fleet Manager - Shell Upload
Agent Tesla Botnet - Information Disclosure
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
 2019-05-01 05:02:01 +00:00
Offensive Security
be3b22b6f7 DB: 2019-04-27 
4 changes to exploits/shellcodes

NSauditor 3.1.2.0 - 'Community' Denial of Service (PoC)
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)
systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process

Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting
 2019-04-27 05:02:04 +00:00
Offensive Security
23f668ca8d DB: 2019-04-09 
14 changes to exploits/shellcodes

FlexHEX 2.71 - SEH Buffer Overflow (Unicode)
AllPlayer 7.4 - SEH Buffer Overflow (Unicode)
River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow
Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow
Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation

QNAP Netatalk < 3.1.12 - Authentication Bypass
Jobgator - 'experience' SQL Injection
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
SaLICru -SLC-20-cube3(5) - HTML Injection
CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting
Tradebox CryptoCurrency - 'symbol' SQL Injection
WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
 2019-04-09 05:02:03 +00:00
Offensive Security
2afed97ceb DB: 2019-03-20 
16 changes to exploits/shellcodes

libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons
Google Chrome < M73 - Double-Destruction Race in StoragePartitionService
Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
Microsoft VBScript - VbsErase Memory Corruption
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject
Google Chrome < M73 - MidiManagerWin Use-After-Free
Google Chrome < M73 - FileSystemOperationRunner Use-After-Free

Advanced Host Monitor 11.92 beta - Local Buffer Overflow

Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit)

TheCarProject v2 - Multiple SQL Injection
TheCarProject 2 - Multiple SQL Injection
Gila CMS 1.9.1 - Cross-Site Scripting
MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting
eNdonesia Portal 8.7 - Multiple Vulnerabilities
Netartmedia Event Portal 2.0 - 'Email' SQL Injection
Netartmedia PHP Mall 4.1 - SQL Injection
Netartmedia Real Estate Portal 5.0 - SQL Injection
 2019-03-20 05:01:53 +00:00
Offensive Security
b4e61d43c1 DB: 2019-03-15 
6 changes to exploits/shellcodes

Microsoft Windows - .reg File / Dialog Box Message Spoofing
Microsoft Windows - '.reg' File / Dialog Box Message Spoofing
FTPGetter Standard 5.97.0.177 - Remote Code Execution
Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution
 2019-03-15 05:01:51 +00:00
Offensive Security
880bbe402e DB: 2019-03-08 
14991 changes to exploits/shellcodes

HTC Touch - vCard over IP Denial of Service

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities

PeerBlock 1.1 - Blue Screen of Death

WS10 Data Server - SCADA Overflow (PoC)

Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

man-db 2.4.1 - 'open_cat_stream()' Local uid=man

CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

CCProxy 6.2 - 'ping' Remote Buffer Overflow

Savant Web Server 3.1 - Remote Buffer Overflow (2)

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3  - Remote Code Execution

Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
 2019-03-08 05:01:50 +00:00
Offensive Security
d5509de389 DB: 2019-03-07 
6 changes to exploits/shellcodes

Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
Android - binder Use-After-Free via racy Initialization of ->allow_user_free
Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass

Java Debug Wire Protocol (JDWP) - Remote Code Execution

Linux/x86 - XOR Encoder / Decoder execve() /bin/sh Shellcode (45 bytes)
Linux/x86 - XOR Encoder / Decoder execve(/bin/sh) Shellcode (45 bytes)
 2019-03-07 05:01:53 +00:00
Offensive Security
bb86158c6e DB: 2019-02-26 
7 changes to exploits/shellcodes

Xlight FTP Server 3.9.1 - Buffer Overflow (PoC)

Jenkins - Remote Code Execution
Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
zzzphp CMS 1.6.1 - Remote Code Execution
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection
News Website Script 2.0.5 - SQL Injection
Advance Gift Shop Pro Script 2.0.3 - SQL Injection
Drupal < 8.6.9 - REST Module Remote Code Execution
 2019-02-26 05:01:47 +00:00
Offensive Security
79a4beaea4 DB: 2019-02-20 
13 changes to exploits/shellcodes

NetSetMan 4.7.1 - 'Workgroup' Denial of Service (PoC)
Valentina Studio 9.0.4 - 'Host' Denial of Service (PoC)
BulletProof FTP Server 2019.0.0.50 - 'SMTP Server' Denial of Service (PoC)

MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - File Permissions SYSTEM Privilege Escalation
Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection
Listing Hub CMS 1.0 - 'pages.php id' SQL Injection
Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting
eDirectory - SQL Injection
XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection
Jenkins - Remote Code Execution
 2019-02-20 05:01:54 +00:00
Offensive Security
cd868436ff DB: 2019-02-19 
25 changes to exploits/shellcodes

Realterm Serial Terminal 2.0.0.70 - Denial of Service
Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH)
NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process

mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers
qdPM 9.1 - 'type' Cross-Site Scripting
qdPM 9.1 - 'search[keywords]' Cross-Site Scripting
Master IP CAM 01 3.3.4.2103 - Remote Command Execution
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
CMSsite 1.0 - 'post' SQL Injection
M/Monit 3.7.2 - Privilege Escalation
Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
Apache CouchDB 2.3.0 - Cross-Site Scripting
ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting
Comodo Dome Firewall 2.7.0 - Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload
WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing

macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)
macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)
macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)
 2019-02-19 05:02:08 +00:00
Offensive Security
d667cf901c DB: 2019-02-06 
11 changes to exploits/shellcodes

Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC)
River Past Audio Converter 7.7.16 - Denial of Service (PoC)
ResourceSpace 8.6 - 'watched_searches.php' SQL Injection
SuiteCRM 7.10.7 - 'parentTab' SQL Injection
SuiteCRM 7.10.7 - 'record' SQL Injection
ResourceSpace 8.6 - 'watched_searches.php' SQL Injection
SuiteCRM 7.10.7 - 'parentTab' SQL Injection
SuiteCRM 7.10.7 - 'record' SQL Injection
BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery
devolo dLAN 550 duo+ Starter Kit - Remote Code Execution
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
OpenMRS Platform < 2.24.0 - Insecure Object Deserialization

Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)
 2019-02-06 05:01:42 +00:00
Offensive Security
b68cbec24d DB: 2019-01-29 
26 changes to exploits/shellcodes

Sricam gSOAP 2.8 - Denial of Service
Smart VPN 1.1.3.0 - Denial of Service (PoC)
MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)
BEWARD Intercom 2.3.1 - Credentials Disclosure
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference
CMSsite 1.0 - 'cat_id' SQL Injection
CMSsite 1.0 - 'search' SQL Injection
Cisco RV300 / RV320 - Information Disclosure
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
Newsbull Haber Script 1.0.0 - 'search' SQL Injection
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection
Teameyo Project Management System 1.0 - SQL Injection
Mess Management System 1.0 - SQL Injection
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection

Linux/x86 - exit(0) Shellcode (5 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2)
Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes)
Linux/ARM -  Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
 2019-01-29 05:01:52 +00:00
Offensive Security
7cc86c322f DB: 2018-12-01 
8 changes to exploits/shellcodes

Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
VBScript - 'rtFilter' Out-of-Bounds Read
HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation

Apache Spark - Unauthenticated Command Execution (Metasploit)
Schneider Electric PLC - Session Calculation Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
 2018-12-01 05:01:40 +00:00
Offensive Security
1d25aee539 DB: 2018-11-15 
15 changes to exploits/shellcodes

AMPPS 2.7 - Denial of Service (PoC)
Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)
ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)
SwitchVPN for macOS 2.1012.03 - Privilege Escalation

Atlassian Jira - Authenticated Upload Code Execution (Metasploit)
iServiceOnline 1.0 - 'r' SQL Injection
Helpdezk 1.1.1 - 'query' SQL Injection
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
EdTv 2 - 'id' SQL Injection
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
Advanced Comment System 1.0 - SQL Injection
Rmedia SMS 1.0 - SQL Injection
Pedidos 1.0 - SQL Injection
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
 2018-11-15 05:01:40 +00:00
Offensive Security
dac8dd4731 DB: 2018-10-25 
15 changes to exploits/shellcodes

Adult Filter 1.0 - Denial of Service (PoC)

Microsoft Data Sharing - Local Privilege Escalation (PoC)

Webmin 1.5 - Web Brute Force (CGI)

exim 4.90 - Remote Code Execution
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
SG ERP 1.0 - 'info' SQL Injection
Fifa Master XLS 2.3.2 - 'usw' SQL Injection
Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
Apache OFBiz 16.11.04 - XML External Entity Injection
D-Link Routers - Command Injection
D-Link Routers - Plaintext Password
D-Link Routers - Directory Traversal

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes
 2018-10-25 05:01:46 +00:00
Offensive Security
defa138d04 DB: 2018-10-23 
17 changes to exploits/shellcodes

Modbus Poll 7.2.2 - Denial of Service (PoC)
AudaCity 2.3 - Denial of Service (PoC)
Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking
Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas

Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)

Countly - Persistent Cross-Site Scripting
Countly - Cross-Site Scripting
MySQL Edit Table 1.0 - 'id' SQL Injection
School ERP Ultimate 2018 - Arbitrary File Download
Oracle Siebel CRM 8.1.1 - CSV Injection
The Open ISES Project 3.30A - 'tick_lat' SQL Injection
School ERP Ultimate 2018 - 'fid' SQL Injection
eNdonesia Portal 8.7 - 'artid' SQL Injection
The Open ISES Project 3.30A - Arbitrary File Download
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
 2018-10-23 05:01:48 +00:00
Offensive Security
716ece3cc6 DB: 2018-10-02 
13 changes to exploits/shellcodes

Snes9K 0.0.9z - Denial of Service (PoC)
Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
H2 Database 1.4.196 - Remote Code Execution
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
Fork CMS 5.4.0 - Cross-Site Scripting
Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection
Education Website 1.0 - 'subject' SQL Injection
Singleleg MLM Software 1.0 - 'msg_id' SQL Injection
Binary MLM Software 1.0 - 'pid' SQL Injection
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
WUZHICMS 2.0 - Cross-Site Scripting
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
 2018-10-02 05:01:58 +00:00
Offensive Security
91ac09507e DB: 2018-09-28 
4 changes to exploits/shellcodes

EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting
Rausoft ID.prove 2.95 - 'Username' SQL injection

Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes)
Linux/x86 - Bind (5555/TCP) Shell (/bin/sh) Shellcode (98 bytes)
 2018-09-28 05:01:59 +00:00
Offensive Security
ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
 2018-09-25 05:01:51 +00:00
Offensive Security
f1d68507cd DB: 2018-09-18 
7 changes to exploits/shellcodes

XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
Notebook Pro 2.0 - Denial Of Service (PoC)
Oracle VirtualBox Manager 5.2.18 r124319  - 'Name Attribute' Denial of Service (PoC)
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)

CA Release Automation NiMi 6.5 - Remote Command Execution

Gitweb 1.7.3.3 - Cross-Site Scripting
gitWeb 1.7.3.3 - Cross-Site Scripting
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection

Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)
Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes)
Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes)
Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes)
Linux/x86 - Read File (/etc/passwd) + MSF Optimized Shellcode (61 bytes)
Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)
Linux/x86 - echo _Hello World_ + Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
 2018-09-18 05:01:45 +00:00
Offensive Security
32f471140a DB: 2018-09-06 
18 changes to exploits/shellcodes

Microsoft people 10.1807.2131.0 - Denial of service (PoC)

GNU glibc < 2.27 - Local Buffer Overflow

UltraISO 9.7.1.3519 - Buffer Overflow (SEH)

JBoss 4.2.x/4.3.x - Information Disclosure

Git < 2.17.1 - Remote Code Execution

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

Monstra CMS 3.0.4 - Remote Code Execution

OpenDaylight - SQL Injection
Tenda ADSL Router D152 - Cross-Site Scripting

Pivotal Spring Java Framework < 5.0 - Remote Code Execution
 2018-09-06 05:01:55 +00:00
Offensive Security
e5c23cdd53 DB: 2018-08-13 
4 changes to exploits/shellcodes

LG NAS 3718.510.a0 - Remote Command Execution
Monstra 3.0.4 - Cross-Site Scripting
Wavemaker Studio 6.6 - Server-Side Request Forgery
Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking)
 2018-08-13 05:01:45 +00:00
Offensive Security
addac3a875 DB: 2018-08-07 
9 changes to exploits/shellcodes

mySCADA myPRO 7 - Hard-Coded Credentials

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload

Open-AudIT Community 2.2.6 - Cross-Site Scripting
Subrion CMS 4.2.1 - Cross-Site Scripting
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
CMS ISWEB 3.5.3 - Directory Traversal
Monstra 3.0.4 - Cross-Site Scripting
 2018-08-07 05:01:44 +00:00
Offensive Security
a657b64301 DB: 2018-07-17 
7 changes to exploits/shellcodes

macOS/iOS - JavaScript Injection Bug in OfficeImporter
Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)
Hadoop YARN ResourceManager - Command Execution (Metasploit)

VelotiSmart WiFi B-380 Camera - Directory Traversal
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting

Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)
 2018-07-17 05:01:49 +00:00
Offensive Security
b374aca9a3 DB: 2018-07-14 
10 changes to exploits/shellcodes

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow

Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)

HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit)
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)

IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)
IBM QRadar SIEM - Remote Code Execution (Metasploit)
Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)
Apache CouchDB - Arbitrary Command Execution (Metasploit)
phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)
Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)

Dolibarr 3.2.0 < Alpha - File Inclusion
Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion

Dolibarr ERP/CRM - OS Command Injection
Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection

Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection
Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection

Dolibarr CMS 3.5.3 - Multiple Vulnerabilities
Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities

Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr ERP/CRM 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr ERP/CRM - '/user/index.php' Multiple SQL Injections
Dolibarr ERP/CRM - '/user/info.php?id' SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php?rowid' SQL Injection
Dolibarr ERP/CRM 3.1.0 - '/user/index.php' Multiple SQL Injections
Dolibarr ERP/CRM 3.1.0 - '/user/info.php?id' SQL Injection
Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection

Dolibarr CMS 3.x - '/adherents/fiche.php' SQL Injection
Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection

Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities

Dolibarr 7.0.0 - SQL Injection
Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection

Dolibarr ERP CRM  < 7.0.3 - PHP Code Injection
Dolibarr ERP/CRM  < 7.0.3 - PHP Code Injection

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution

WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure
Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery
 2018-07-14 05:01:50 +00:00
Offensive Security
d659af98fd DB: 2018-07-05 
5 changes to exploits/shellcodes

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution
CMS Made Simple 2.2.5 - Remote Code Execution
Online Trade - Information Disclosure
ShopNx - Arbitrary File Upload
 2018-07-05 05:01:52 +00:00
Offensive Security
2c912f897c DB: 2018-06-27 
3 changes to exploits/shellcodes

PoDoFo 0.9.5 - Buffer Overflow

Liferay Portal < 7.0.4 - Server-Side Request Forgery
 2018-06-27 05:01:48 +00:00
Offensive Security
ac267cb298 DB: 2018-06-21 
11 changes to exploits/shellcodes

Redis 5.0 - Denial of Service
ntp 4.2.8p11 - Local Buffer Overflow (PoC)
Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Mirasys DVMS Workstation 5.12.6 - Path Traversal
MaDDash 2.0.2 - Directory Listing
NewMark CMS 2.1 - 'sec_id' SQL Injection
TP-Link TL-WA850RE - Remote Command Execution
Apache CouchDB < 2.1.0 - Remote Code Execution
IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
VideoInsight WebClient 5 - SQL Injection
 2018-06-21 05:01:44 +00:00
Offensive Security
61159b7f3e DB: 2018-06-05 
5 changes to exploits/shellcodes

R 3.4.4 - Local Buffer Overflow
RGui 3.4.4 - Local Buffer Overflow
Zip-n-Go 4.9 - Buffer Overflow (SEH)
Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)

CyberArk < 10 - Memory Disclosure
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
SearchBlox 8.6.7 - XML External Entity Injection
EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting
 2018-06-05 05:01:52 +00:00
Offensive Security
89ee92def8 DB: 2018-05-31 
6 changes to exploits/shellcodes

Siemens SIMATIC S7-300 CPU - Remote Denial of Service

Procps-ng - Multiple Vulnerabilities
SearchBlox 8.6.6 - Cross-Site Request Forgery
Yosoro 1.0.4 - Remote Code Execution
MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass
Dolibarr 7.0.0 - SQL Injection
 2018-05-31 05:01:44 +00:00
Offensive Security
96e4f1686b DB: 2018-05-30 
9 changes to exploits/shellcodes

GNU Barcode 0.99 - Buffer Overflow
GNU Barcode 0.99 - Memory Leak
IssueTrak 7.0 - SQL Injection
Sitemakin SLAC 1.0 -  'my_item_search' SQL Injection
NUUO NVRmini2 / NVRsolo - Arbitrary File Upload
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
Facebook Clone Script 1.0.5 - 'search' SQL Injection
Facebook Clone Script 1.0.5 - Cross-Site Request Forgery
 2018-05-30 05:01:46 +00:00
Offensive Security
c0126aa27f DB: 2018-05-25 
16 changes to exploits/shellcodes

DynoRoot DHCP - Client Command Injection
DynoRoot DHCP Client - Command Injection
Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution
Flash ActiveX 18.0.0.194 - Code Execution
Microsoft Internet Explorer 11 - javascript Code Execution
Flash ActiveX 28.0.0.137 - Code Execution (1)
Flash ActiveX 28.0.0.137 - Code Execution (2)
GNU glibc < 2.27 - Local Buffer Overflow

NewsBee CMS 1.4 - Cross-Site Request Forgery
ASP.NET jVideo Kit - 'query' SQL Injection
PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting
OpenDaylight - SQL Injection
Timber 1.1 - Cross-Site Request Forgery
Honeywell XL Web Controller - Cross-Site Scripting
EU MRV Regulatory Complete Solution 1 - Authentication Bypass

Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes)
Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)
 2018-05-25 05:01:45 +00:00
Offensive Security
7bbc323854 DB: 2018-05-23 
20 changes to exploits/shellcodes

Siemens SIMATIC S7-1500 CPU - Remote Denial of Service
Microsoft Edge Chakra JIT - Magic Value Type Confusion
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read
MakeMyTrip 7.2.4 - Information Disclosure
Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)
Microsoft Windows - 'POP/MOV SS' Privilege Escalation

Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting
Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting
Zechat 1.5 - SQL Injection / Cross-Site Request Forgery

Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery
Private Message PHP Script 2.0 - Persistent Cross-Site Scripting
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Private Message PHP Script 2.0 - Cross-Site Scripting
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery

ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting
ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting

Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass
Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities
Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass
Wchat PHP AJAX Chat Script  1.5 - Persistent Cross-Site Scripting
Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities
Wchat PHP AJAX Chat Script  1.5 - Cross-Site Scripting
Nordex N149/4.0-4.5 - SQL Injection
WebSocket Live Chat - Cross-Site Scripting
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
PaulPrinting CMS Printing 1.0 - SQL Injection
iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery
ERPnext 11 - Cross-Site Scripting
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
Feedy RSS News Ticker 2.0 - 'cat' SQL Injection
NewsBee CMS 1.4 - 'download.php' SQL Injection
Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting
 2018-05-23 05:01:45 +00:00
Offensive Security
08c35595ed DB: 2018-05-22 
23 changes to exploits/shellcodes

Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit)
R 3.4.4 - Local Buffer Overflow (DEP Bypass)

KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection

Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution
Superfood 1.0 - Multiple Vulnerabilities
Private Message PHP Script 2.0 - Persistent Cross-Site Scripting
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Zenar Content Management System - Cross-Site Scripting
GitBucket 4.23.1 - Remote Code Execution
ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting
Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery
Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery
Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery
Teradek Cube 7.3.6 - Cross-Site Request Forgery
Teradek Slice 7.3.15 - Cross-Site Request Forgery
Schneider Electric PLCs - Cross-Site Request Forgery
Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass
Merge PACS 7.0 - Cross-Site Request Forgery
Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass
Wchat PHP AJAX Chat Script  1.5 - Persistent Cross-Site Scripting
 2018-05-22 05:01:47 +00:00
Offensive Security
1873a7d234 DB: 2018-05-17 
12 changes to exploits/shellcodes

WhatsApp 2.18.31 - Memory Corruption
Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation
Libuser - roothelper Privilege Escalation (Metasploit)

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution
MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery
VirtueMart 3.1.14 - Persistent Cross-Site Scripting
Rockwell Scada System 27.011 - Cross-Site Scripting
Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting
Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery
totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery
WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery
RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting
 2018-05-17 05:01:47 +00:00
Offensive Security
e7bb9d2985 DB: 2018-05-11 
7 changes to exploits/shellcodes

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service

Mantis 1.1.3 - manage_proj_page PHP Code Execution (Metasploit)
Fastweb FASTGate 0.00.47 - Cross-site Request Forgery
ModbusPal 1.6b - XML External Entity Injection
MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

Linux/x86 - Read /etc/passwd Shellcode (62 bytes)
 2018-05-11 05:01:46 +00:00
Offensive Security
c249d94cb7 DB: 2018-04-25 
28 changes to exploits/shellcodes

gif2apng 1.9 - '.gif' Stack Buffer Overflow
VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC)
Kaspersky KSN for Linux 5.2 - Memory Corruption
Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service
Adobe Flash - Overflow when Playing Sound
Adobe Flash - Overflow in Slab Rendering
Adobe Flash - Info Leak in Image Inflation
Adobe Flash - Out-of-Bounds Write in blur Filtering
Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion
R 3.4.4 - Local Buffer Overflow
Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH)
lastore-daemon D-Bus - Privilege Escalation (Metasploit)
Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)
ASUS infosvr - Auth Bypass Command Execution (Metasploit)
UK Cookie Consent - Persistent Cross-Site Scripting
WUZHI CMS 4.1.0 - Cross-Site Request Forgery
Open-AudIT 2.1 - CSV Macro Injection
Monstra CMS 3.0.4 - Arbitrary Folder Deletion
Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting

Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode
Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes)
Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes)
Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)
 2018-04-25 05:01:39 +00:00