bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1996 commits 1 branch 0 tags 270 MiB
Commit graph

169 commits

Author SHA1 Message Date
Offensive Security
e3e102da5b DB: 2019-12-21 
4 changes to exploits/shellcodes

Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC)

FreeSWITCH 1.10.1 - Command Execution

phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting
 2019-12-21 05:01:57 +00:00
Offensive Security
012657c6b9 DB: 2019-12-20 
2 changes to exploits/shellcodes

FTP Navigator 8.03 -  'Custom Command' Denial of Service (SEH)

Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation
 2019-12-20 05:02:03 +00:00
Offensive Security
b7471ba451 DB: 2019-12-19 
9 changes to exploits/shellcodes

XnView 2.49.1 - 'Research' Denial of Service (PoC)
macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()

AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow

OpenMRS - Java Deserialization RCE (Metasploit)
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting
Telerik UI - Remote Code Execution via Insecure Deserialization
 2019-12-19 05:01:59 +00:00
Offensive Security
b92604bb93 DB: 2019-12-18 
7 changes to exploits/shellcodes

D-Link DIR-615 Wireless Router  -  Persistent Cross-Site Scripting
Roxy Fileman 1.4.5 - Directory Traversal
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting
Netgear R6400 - Remote Code Execution
NopCommerce 4.2.0 -  Privilege Escalation

Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)
 2019-12-18 05:02:05 +00:00
Offensive Security
b1b4d70ced DB: 2019-12-17 
3 changes to exploits/shellcodes

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds
OpenBSD 6.x - Dynamic Loader Privilege Escalation

D-Link DIR-615 - Privilege Escalation
 2019-12-17 05:01:50 +00:00
Offensive Security
c1ff771809 DB: 2019-12-14 
2 changes to exploits/shellcodes

FTP Commander Pro 8.03 - Local Stack Overflow

NVMS 1000 - Directory Traversal
 2019-12-14 05:01:53 +00:00
Offensive Security
09d5da74fb DB: 2019-12-11 
3 changes to exploits/shellcodes

Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery
Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution
 2019-12-11 05:01:56 +00:00
Offensive Security
44b163c8d1 DB: 2019-12-10 
11 changes to exploits/shellcodes

Omron PLC 1.0.0 - Denial of Service (PoC)
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
Microsoft Windows - Multiple UAC Protection Bypasses
Microsoft Windows - 'WSReset' UAC Protection Bypass (Registry)
Microsoft Windows 10 - 'WSReset' UAC Protection Bypass (propsys.dll)
SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow (SEH)
Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting
PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass
Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution
Alcatel-Lucent Omnivista 8770 - Remote Code Execution
Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting
 2019-12-10 05:01:48 +00:00
Offensive Security
6308ce9aab DB: 2019-12-05 
5 changes to exploits/shellcodes

Microsoft Visual Basic 2010 Express - XML External Entity Injection
Online Clinic Management System 2.2 - HTML Injection
SSDWLAB 6.1 - Authentication Bypass
Cisco WLC 2504 8.9 - Denial of Service (PoC)
OwnCloud 8.1.8 - Username Disclosure
 2019-12-05 05:01:46 +00:00
Offensive Security
ecbca9d505 DB: 2019-12-04 
6 changes to exploits/shellcodes

Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting
Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery
Revive Adserver 4.2 - Remote Code Execution
 2019-12-04 05:01:42 +00:00
Offensive Security
8ae8522082 DB: 2019-11-30 
8 changes to exploits/shellcodes

SpotAuditor 5.3.2 - 'Key' Denial of Service
SpotAuditor 5.3.2 - 'Name' Denial of Service
TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path
Bash 5.0 Patch 11 -  SUID Priv Drop Exploit

Mersive Solstice 2.8.0 - Remote Code Execution
Online Inventory Manager 3.2 - Persistent Cross-Site Scripting
 2019-11-30 05:01:42 +00:00
Offensive Security
7921f1a523 DB: 2019-11-29 
4 changes to exploits/shellcodes

GHIA CamIP 1.2 for iOS - 'Password' Denial of Service (PoC)
Wordpress 5.3 - User Disclosure
Mersive Solstice 2.8.0 - Remote Code Execution
 2019-11-29 05:01:48 +00:00
Offensive Security
8162754975 DB: 2019-11-26 
9 changes to exploits/shellcodes

SMPlayer 19.5.0 - Denial of Service (PoC)
InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)

ClamAV < 0.102.0 - 'bytecode_vm' Code Execution
Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path
Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation
VMware WorkStation 12.5.5 - Virtual Machine Escape
VMware WorkStation 12.5.3 - Virtual Machine Escape
 2019-11-26 05:01:44 +00:00
Offensive Security
58127b1f7c DB: 2019-11-22 
3 changes to exploits/shellcodes

GNU Mailutils 3.7 - Privilege Escalation
TestLink 1.9.19 - Persistent Cross-Site Scripting
Network Management Card 6.2.0 - Host Header Injection
 2019-11-22 05:01:53 +00:00
Offensive Security
3e9ff5a927 DB: 2019-11-19 
13 changes to exploits/shellcodes

iSmartViewPro 1.3.34 - Denial of Service (PoC)
Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path
MobileGo 8.5.0 - Insecure File Permissions
NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths

nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
Crystal Live HTTP Server 6.01 - Directory Traversal
Centova Cast 3.2.11 - Arbitrary File Download
TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)
TemaTres 3.0 - 'value' Persistent Cross-site Scripting
 2019-11-19 05:01:40 +00:00
Offensive Security
e84e1285da DB: 2019-11-14 
7 changes to exploits/shellcodes

ScanGuard Antivirus 2020 - Insecure Folder Permissions
Linear eMerge E3 1.00-06 - Remote Code Execution
FUDForum 3.0.9 - Remote Code Execution
Technicolor TD5130.2 - Remote Command Execution
Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting
gSOAP 2.8 - Directory Traversal
Fastweb Fastgate 0.00.81 - Remote Code Execution
 2019-11-14 05:01:41 +00:00
Offensive Security
c8181201fd DB: 2019-11-13 
38 changes to exploits/shellcodes

Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path
Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path
Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path
RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path
Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH)
Wondershare Application Framework Service - _WsAppService_  Unquote Service Path
eMerge E3 Access Controller 4.6.07 - Remote Code Execution
eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)
CBAS-Web 19.0.0 - Information Disclosure
Prima FlexAir Access Control 2.3.38 - Remote Code Execution
Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting
Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting
Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting
eMerge E3 1.00-06 - Unauthenticated Directory Traversal
eMerge E3 1.00-06 - Privilege Escalation
eMerge E3 1.00-06 - Remote Code Execution
eMerge E3 1.00-06 - Cross-Site Request Forgery
Atlassian Confluence 6.15.1 - Directory Traversal
eMerge E3 1.00-06 - Arbitrary File Upload
eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting
eMerge50P 5000P 4.6.07 - Remote Code Execution
CBAS-Web 19.0.0 - Remote Code Execution
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
CBAS-Web 19.0.0 - Username Enumeration
CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection
Joomla 3.9.13 - 'Host' Header Injection
Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting
Prima Access Control 2.3.35 - Arbitrary File Upload
Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)
Optergy 2.3.0a - Remote Code Execution
FlexAir Access Control 2.4.9api3 - Remote Code Execution
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)
Optergy 2.3.0a - Username Disclosure
Optergy 2.3.0a - Remote Code Execution (Backdoor)
Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting
FlexAir Access Control 2.3.35 - Authentication Bypass
Bematech Printer MP-4200 - Denial of Service
 2019-11-13 05:01:43 +00:00
Offensive Security
97f133e755 DB: 2019-11-07 
4 changes to exploits/shellcodes

Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path
QNAP NetBak Replicator 4.5.6.0607 - 'QVssService' Unquoted Service Path
Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass
Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure
 2019-11-07 05:01:39 +00:00
Offensive Security
caad53ed8d DB: 2019-10-31 
6 changes to exploits/shellcodes

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
Ajenti 2.1.31 - Remote Code Exection (Metasploit)
Citrix StoreFront Server 7.15 - XML External Entity Injection
iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure

Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
 2019-10-31 05:01:41 +00:00
Offensive Security
d4a236d578 DB: 2019-10-29 
9 changes to exploits/shellcodes

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed
JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path
ChaosPro 2.0 - Buffer Overflow (SEH)
Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection
Part-DB 0.4 - Authentication Bypass
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting
delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection
PHP-FPM + Nginx - Remote Code Execution
 2019-10-29 05:01:40 +00:00
Offensive Security
52e6461f47 DB: 2019-10-25 
4 changes to exploits/shellcodes

Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)
Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection
AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control
AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection
 2019-10-25 05:01:41 +00:00
Offensive Security
2b52915f75 DB: 2019-10-12 
3 changes to exploits/shellcodes

National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation
Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting
WordPress Arforms 3.7.1 - Directory Traversal
 2019-10-12 05:01:49 +00:00
Offensive Security
c4b3e48aea DB: 2019-10-11 
10 changes to exploits/shellcodes

Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit_ DEP Bypass)

freeFTP 1.0.8 - Remote Buffer Overflow
freeFTP 1.0.8 - 'PASS' Remote Buffer Overflow
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
TP-Link TL-WR1043ND 2 - Authentication Bypass

Linux/x86 -  Add User to /etc/passwd Shellcode (59 bytes)
 2019-10-11 05:01:46 +00:00
Offensive Security
4802945877 DB: 2019-09-28 
10 changes to exploits/shellcodes

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)

thesystem App 1.0 - Persistent Cross-Site Scripting
InoERP 0.7.2 - Persistent Cross-Site Scripting
thesystem App 1.0 - 'server_name' SQL Injection
thesystem App 1.0 - 'username' SQL Injection
V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download
V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery
V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation
WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting
 2019-09-28 05:01:47 +00:00
Offensive Security
d6e0b04877 DB: 2019-09-20 
4 changes to exploits/shellcodes

macOS 18.7.0 Kernel - Local Privilege Escalation
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution
DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection
GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting
 2019-09-20 05:02:06 +00:00
Offensive Security
e852f6f799 DB: 2019-09-12 
2 changes to exploits/shellcodes

Enigma NMS 65.0.0 - Cross-Site Request Forgery
Enigma NMS 65.0.0 - OS Command Injection
Enigma NMS 65.0.0 - SQL Injection
Enigma NMS 65.0.0 - Cross-Site Request Forgery
Enigma NMS 65.0.0 - OS Command Injection
Enigma NMS 65.0.0 - SQL Injection
AVCON6 systems management platform - OGNL Remote Command Execution
eWON Flexy - Authentication Bypass
 2019-09-12 05:02:26 +00:00
Offensive Security
45bddc9b1b DB: 2019-09-05 
2 changes to exploits/shellcodes

WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting
 2019-09-05 05:02:54 +00:00
Offensive Security
c0ff0bbedd DB: 2019-08-20 
10 changes to exploits/shellcodes

RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service
Kimai 2 - Persistent Cross-Site Scripting
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
Neo Billing 3.5 - Persistent Cross-Site Scripting
Webmin 1.920 - Remote Code Execution
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection

Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes)
Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)
Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)
 2019-08-20 05:02:44 +00:00
Offensive Security
7e6884af13 DB: 2019-08-15 
12 changes to exploits/shellcodes

Windows PowerShell - Unsanitized Filename Command Execution
ABC2MTEX 1.6.1 - Command Line Stack Overflow

Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion

Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection
D-Link DIR-600M - Authentication Bypass (Metasploit)
WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery
TortoiseSVN 1.12.1 - Remote Code Execution
ManageEngine opManager 12.3.150 - Authenticated Code Execution
 2019-08-15 05:02:48 +00:00
Offensive Security
a32e028b88 DB: 2019-08-13 
17 changes to exploits/shellcodes

VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
Linux - Use-After-Free Reads in show_numa_stats()
WebKit - UXSS via XSLT and Nested Document Replacements

Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Formula Injection
osTicket 1.12 - Persistent Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection

Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)

Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)

Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
 2019-08-13 05:02:31 +00:00
Offensive Security
2b7a0122f2 DB: 2019-08-02 
6 changes to exploits/shellcodes

Ultimate Loan Manager 2.0 - Cross-Site Scripting
WebIncorp ERP - SQL injection
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery

Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes)
Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)
Linux/x86 - Force Reboot Shellcode (51 bytes)
 2019-08-02 05:02:24 +00:00
Offensive Security
00f5094d48 DB: 2019-07-31 
8 changes to exploits/shellcodes

macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects

WP Database Backup < 5.2 - Remote Code Execution (Metasploit)
WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit)
Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)

Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
 2019-07-31 05:02:25 +00:00
Offensive Security
f529fc0415 DB: 2019-07-25 
5 changes to exploits/shellcodes

Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read

Trend Micro Deep Discovery Inspector IDS - Security Bypass
NoviSmart CMS - SQL injection
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery
WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions
 2019-07-25 05:02:07 +00:00
Offensive Security
2935a5c0af DB: 2019-07-17 
10 changes to exploits/shellcodes

Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH)
Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)

PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
CentOS Control Web Panel 0.9.8.836 - Privilege Escalation
CentOS Control Web Panel 0.9.8.838 - User Enumeration
 2019-07-17 05:02:03 +00:00
Offensive Security
4169f5d10e DB: 2019-07-16 
6 changes to exploits/shellcodes

Android 7 - 9 VideoPlayer - 'ihevcd_parse_pps' Out-of-Bounds Write
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)

Streamripper 2.6 - 'Song Pattern' Buffer Overflow
NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities
FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion
 2019-07-16 05:02:16 +00:00
Offensive Security
978c16266a DB: 2019-07-13 
9 changes to exploits/shellcodes

Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData

SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow
Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation

Xymon 4.3.25 - useradm Command Execution (Metasploit)
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
Sahi Pro 8.0.0 - Remote Command Execution
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution

Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)
 2019-07-13 05:02:17 +00:00
Offensive Security
4afcc04eda DB: 2019-07-02 
24 changes to exploits/shellcodes

Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-02 05:01:50 +00:00
Offensive Security
a90736625a DB: 2019-06-26 
7 changes to exploits/shellcodes

SuperDoctor5 - 'NRPE' Remote Code Execution
SAPIDO RB-1732 - Remote Command Execution
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
AZADMIN CMS 1.0 - SQL Injection
BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
 2019-06-26 05:01:53 +00:00
Offensive Security
8cbfa5df7f DB: 2019-06-18 
13 changes to exploits/shellcodes

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
 2019-06-18 05:01:54 +00:00
Offensive Security
35d500a3cb DB: 2019-06-07 
1 changes to exploits/shellcodes

Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion
 2019-06-07 05:01:54 +00:00
Offensive Security
43e70e67d0 DB: 2019-06-04 
3 changes to exploits/shellcodes

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
WordPress Plugin Form Maker 1.13.3 - SQL Injection
 2019-06-04 05:01:58 +00:00
Offensive Security
edfd130ad1 DB: 2019-05-23 
11 changes to exploits/shellcodes

BlueStacks 4.80.0.1060 - Denial of Service (PoC)
RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)
RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)
TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)
TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC)
Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting
Carel pCOWeb < B1.2.1 - Cross-Site Scripting
Carel pCOWeb < B1.2.1 - Credentials Disclosure
Horde Webmail 5.2.22 - Multiple Vulnerabilities
 2019-05-23 05:02:06 +00:00
Offensive Security
6d57564d7c DB: 2019-05-22 
12 changes to exploits/shellcodes

Deluge 1.3.15 - 'URL' Denial of Service (PoC)
Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)
macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
 2019-05-22 05:01:55 +00:00
Offensive Security
b04843e5cb DB: 2019-05-15 
9 changes to exploits/shellcodes

Selfie Studio 2.17 - 'Resize Image' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service (PoC)

PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)
Sales ERP 8.1 - Multiple SQL Injection
D-Link DWL-2600AP - Multiple OS Command Injection
Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection
PasteShr 1.6 - Multiple SQL Injection
 2019-05-15 05:01:56 +00:00
Offensive Security
5a28a97130 DB: 2019-05-11 
12 changes to exploits/shellcodes

jetCast Server 2.0 - Denial of Service (PoC)
SpotIM 2.2 - Denial of Service (PoC)
SpotPaltalk 1.1.5 - Denial of Service (PoC)
ASPRunner.NET 10.1 - Denial of Service (PoC)
PHPRunner 10.1 - Denial of Service (PoC)
TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
dotCMS 5.1.1 - HTML Injection
RICOH SP 4510DN Printer - HTML Injection
RICOH SP 4520DN Printer - HTML Injection
CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection
 2019-05-11 05:02:00 +00:00
Offensive Security
79a9df09f0 DB: 2019-05-07 
13 changes to exploits/shellcodes

iOS 12.1.3 - 'cfprefsd' Memory Corruption

Windows PowerShell ISE - Remote Code Execution
NSClient++ 0.5.2.35 - Privilege Escalation

Windows PowerShell ISE - Remote Code Execution
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
PHPads 2.0 - 'click.php3?bannerID' SQL Injection
microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)
Linux/x86 - shred file Shellcode (72 bytes)
 2019-05-07 05:01:58 +00:00
Offensive Security
2ae6cf2b7f DB: 2019-05-04 
9 changes to exploits/shellcodes

SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service

Windows PowerShell ISE - Remote Code Execution

Blue Angel Software Suite - Command Execution
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
Instagram Auto Follow - Authentication Bypass
Zotonic < 0.47.0 mod_admin - Cross-Site Scripting
Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper
Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes)
 2019-05-04 05:02:03 +00:00
Offensive Security
f3c28b3d62 DB: 2019-05-01 
23 changes to exploits/shellcodes

SpotAuditor 3.6.7 - Denial of Service (PoC)
SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC)
SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)

DeviceViewer 3.12.0.1 - 'user' SEH Overflow
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow
Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit)
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)
Pimcore < 5.71 - Unserialize RCE (Metasploit)
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
HumHub 1.3.12 - Cross-Site Scripting
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
Domoticz 4.10577 - Unauthenticated Remote Command Execution
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
Hyvikk Fleet Manager - Shell Upload
Agent Tesla Botnet - Information Disclosure
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
 2019-05-01 05:02:01 +00:00
Offensive Security
fae7f6fe32 DB: 2019-04-26 
8 changes to exploits/shellcodes

HeidiSQL 10.1.0.5464 - Denial of Service (PoC)
Backup Key Recovery 2.2.4 - Denial of Service (PoC)
JioFi 4G M2S 1.0.2 - Denial of Service
AnMing MP3 CD Burner 2.0 - Denial of Service (PoC)
Lavavo CD Ripper 4.20 - 'License Activation Name' Buffer Overflow (SEH)
RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)
JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting
osTicket 1.11 - Cross-Site Scripting / Local File Inclusion
 2019-04-26 05:02:02 +00:00
Offensive Security
ab1398c24c DB: 2019-04-17 
13 changes to exploits/shellcodes

PCHelpWare V2 1.0.0.5 - 'SC' Denial of Service (PoC)
PCHelpWare V2 1.0.0.5 - 'Group' Denial of Service (PoC)
AdminExpress 1.2.5 - 'Folder Path' Denial of Service (PoC)
Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation
Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation
Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation
Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
 2019-04-17 05:02:03 +00:00