exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	e46d9f65ff	DB: 2020-07-27 32 changes to exploits/shellcodes Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite) Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH) Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter) DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter) Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter) Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH) Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter) docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated) ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin) WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated) Bludit 3.9.2 - Directory Traversal LibreHealth 2.0.0 - Authenticated Remote Code Execution Online Course Registration 1.0 - Unauthenticated Remote Code Execution elaniin CMS - Authentication Bypass Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated) PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting Bio Star 2.8.2 - Local File Inclusion Webtareas 2.1p - Arbitrary File Upload (Authenticated) F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication) Socket.io-file 2.0.31 - Arbitrary File Upload pfSense 2.4.4-p3 - Cross-Site Request Forgery Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting Rails 5.0.1 - Remote Code Execution Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes) Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes) Windows/x86 - Download using mshta.exe Shellcode (100 bytes)	2020-07-27 05:02:04 +00:00
Offensive Security	533f33f3f4	DB: 2020-06-05 17 changes to exploits/shellcodes IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path AirControl 1.4.2 - PreAuth Remote Code Execution Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated) Clinic Management System 1.0 - Unauthenticated Remote Code Execution Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated) Oriol Espinal CMS 1.0 - 'id' SQL Injection Clinic Management System 1.0 - Authenticated Arbitrary File Upload Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin) VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Navigate CMS 2.8.7 - Authenticated Directory Traversal D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Online Marriage Registration System 1.0 - Remote Code Execution Cayin Content Management Server 11.0 - Remote Command Injection (root) SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User) Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Cayin Signage Media Player 3.0 - Remote Command Injection (root) Cayin Digital Signage System xPost 2.5 - Remote Command Injection	2020-06-05 05:01:53 +00:00
Offensive Security	6aad755e5e	DB: 2020-05-19 10 changes to exploits/shellcodes HP LinuxKI 6.01 - Remote Command Injection Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection Online Examination System 1.0 - 'eid' SQL Injection Oracle Hospitality RES 3700 5.7 - Remote Code Execution forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload online Chatting System 1.0 - 'id' SQL Injection Online Healthcare Patient Record Management System 1.0 - Authentication Bypass Online Healthcare management system 1.0 - Authentication Bypass	2020-05-19 05:01:51 +00:00
Offensive Security	a5ffe5baef	DB: 2020-05-16 2 changes to exploits/shellcodes vBulletin 5.6.1 - 'nodeId' SQL Injection ManageEngine Service Desk 10.0 - Cross-Site Scripting	2020-05-16 05:01:47 +00:00
Offensive Security	522576cc79	DB: 2020-05-15 6 changes to exploits/shellcodes Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH) Complaint Management System 1.0 - 'username' SQL Injection Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution E-Commerce System 1.0 - Unauthenticated Remote Code Execution	2020-05-15 05:01:49 +00:00
Offensive Security	f564ddfd17	DB: 2020-05-13 10 changes to exploits/shellcodes LanSend 3.2 - Buffer Overflow (SEH) MacOS 320.whatis Script - Privilege Escalation Phase Botnet - Blind SQL Injection Orchard Core RC1 - Persistent Cross-Site Scripting ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection CuteNews 2.1.2 - Authenticated Arbitrary File Upload Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting qdPM 9.1 - Arbitrary File Upload TylerTech Eagle 2018.3.11 - Remote Code Execution	2020-05-13 05:01:48 +00:00
Offensive Security	9de5d20d13	DB: 2020-05-02 9 changes to exploits/shellcodes VirtualTablet Server 3.0.2 - Denial of Service (PoC) Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit) ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting Online Scheduling System 1.0 - Persistent Cross-Site Scripting php-fusion 9.03.50 - Persistent Cross-Site Scripting Super Backup 2.0.5 for iOS - Directory Traversal HardDrive 2.1 for iOS - Arbitrary File Upload Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover) Online Scheduling System 1.0 - Authentication Bypass	2020-05-02 05:01:58 +00:00
Offensive Security	7b87f30fbc	DB: 2020-04-25 5 changes to exploits/shellcodes Popcorn Time 6.2 - 'Update service' Unquoted Service Path EspoCRM 5.8.5 - Privilege Escalation Edimax EW-7438RPn 1.13 - Remote Code Execution Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)	2020-04-25 05:01:51 +00:00
Offensive Security	c3e827f657	DB: 2020-04-17 8 changes to exploits/shellcodes VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit) TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit) Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit) ThinkPHP - Multiple PHP Injection RCEs (Metasploit) Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit) PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit) DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit) Apache Solr - Remote Code Execution via Velocity Template (Metasploit)	2020-04-17 05:01:48 +00:00
Offensive Security	0137126a8e	DB: 2020-04-15 4 changes to exploits/shellcodes B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter) Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution WSO2 3.1.0 - Persistent Cross-Site Scripting Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution	2020-04-15 05:01:49 +00:00
Offensive Security	be2aa5d840	DB: 2020-04-14 7 changes to exploits/shellcodes Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH) Huawei HG630 2 Router - Authentication Bypass TVT NVMS 1000 - Directory Traversal Webtateas 2.0 - Arbitrary File Read WSO2 3.1.0 - Arbitrary File Delete Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection	2020-04-14 05:01:51 +00:00
Offensive Security	284325fbf5	DB: 2020-03-28 5 changes to exploits/shellcodes Everest 5.50.2100 - 'Open File' Denial of Service (PoC) Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH) ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin) Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution	2020-03-28 05:01:48 +00:00
Offensive Security	153c392dd9	DB: 2020-03-13 9 changes to exploits/shellcodes ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin) rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution rConfig 3.9 - 'searchColumn' SQL Injection Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion Horde Groupware Webmail Edition 5.2.22 - PHAR Loading	2020-03-13 05:01:50 +00:00
Offensive Security	0a0ad49d15	DB: 2020-03-11 7 changes to exploits/shellcodes Counter Strike: GO - '.bsp' Memory Control (PoC) Nagios XI - Authenticated Remote Command Execution (Metasploit) PHPStudy - Backdoor Remote Code execution (Metasploit) Sysaid 20.1.11 b26 - Remote Command Execution YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting Persian VIP Download Script 1.0 - 'active' SQL Injection	2020-03-11 05:01:47 +00:00
Offensive Security	4df22c7404	DB: 2020-03-10 13 changes to exploits/shellcodes Microsoft Windows - 'WizardOpium' Local Privilege Escalation OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit) Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit) PHP-FPM - Underflow Remote Code Execution (Metasploit) Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit) Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit) Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit) ManageEngine ServiceDesk Plus 9.3 - User Enumeration 60CycleCMS - 'news.php' SQL Injection Sahi pro 8.x - Directory Traversal Sentrifugo HRMS 3.2 - 'id' SQL Injection	2020-03-10 05:01:44 +00:00
Offensive Security	cf92ea269e	DB: 2020-02-25 22 changes to exploits/shellcodes Quick N Easy Web Server 3.3.8 - Denial of Service (PoC) Go SSH servers 0.0.2 - Denial of Service (PoC) Android Binder - Use-After-Free (Metasploit) Diamorphine Rootkit - Signal Privilege Escalation (Metasploit) Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit) Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Real Web Pentesting Tutorial Step by Step - [Persian] AMSS++ v 4.31 - 'id' SQL Injection SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin) AMSS++ 4.7 - Backdoor Admin Account SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure ATutor 2.2.4 - 'id' SQL Injection I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure ManageEngine EventLog Analyzer 10.0 - Information Disclosure eLection 2.0 - 'id' SQL Injection DotNetNuke 9.5 - Persistent Cross-Site Scripting DotNetNuke 9.5 - File Upload Restrictions Bypass Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure Cacti 1.2.8 - Remote Code Execution Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)	2020-02-25 05:01:52 +00:00
Offensive Security	228a37da9c	DB: 2020-02-18 15 changes to exploits/shellcodes HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path Cuckoo Clock v5.0 - Buffer Overflow Anviz CrossChex - Buffer Overflow (Metasploit) SOPlanning 1.45 - 'by' SQL Injection Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Avaya Aura Communication Manager 5.2 - Remote Code Execution Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User) WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting SOPlanning 1.45 - Cross-Site Request Forgery (Add User) SOPlanning 1.45 - 'users' SQL Injection LabVantage 8.3 - Information Disclosure	2020-02-18 05:01:54 +00:00
Offensive Security	923f53211e	DB: 2020-02-07 16 changes to exploits/shellcodes AbsoluteTelnet 11.12 - _license name_ Denial of Service (PoC) AbsoluteTelnet 11.12 - 'license name' Denial of Service (PoC) VIM 8.2 - Denial of Service (PoC) AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC) TapinRadio 2.12.3 - 'address' Denial of Service (PoC) TapinRadio 2.12.3 - 'username' Denial of Service (PoC) RarmaRadio 2.72.4 - 'username' Denial of Service (PoC) RarmaRadio 2.72.4 - 'server' Denial of Service (PoC) ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path Online Job Portal 1.0 - 'user_email' SQL Injection Online Job Portal 1.0 - Remote Code Execution Online Job Portal 1.0 - Cross Site Request Forgery (Add User) Ecommerce Systempay 1.0 - Production KEY Brute Force Cisco Data Center Network Manager 11.2 - Remote Code Execution Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection	2020-02-07 05:02:01 +00:00
Offensive Security	7d757326b8	DB: 2020-02-06 8 changes to exploits/shellcodes Socat 1.7.3.4 - Heap-Based Overflow (PoC) xglance-bin 11.00 - Privilege Escalation HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account AVideo Platform 8.1 - Information Disclosure (User Enumeration) Wago PFC200 - Authenticated Remote Code Execution (Metasploit) Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC) AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)	2020-02-06 05:02:08 +00:00
Offensive Security	8683ee3eea	DB: 2020-02-04 8 changes to exploits/shellcodes BearFTP 0.1.0 - 'PASV' Denial of Service P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC) Jobberbase 2.0 CMS - 'jobs-in' SQL Injection IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting phpList 3.5.0 - Authentication Bypass Jira 8.3.4 - Information Disclosure (Username Enumeration) Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection School ERP System 1.0 - Cross Site Request Forgery (Add Admin)	2020-02-04 05:02:00 +00:00
Offensive Security	3b5a0d91fe	DB: 2020-01-30 9 changes to exploits/shellcodes XMLBlueprint 16.191112 - XML External Entity Injection Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Kibana 6.6.1 - CSV Injection Liferay CE Portal 6.0.2 - Remote Command Execution Cups Easy 1.0 - Cross Site Request Forgery (Password Reset) Satellian 1.12 - Remote Code Execution Centreon 19.10.5 - 'Pollers' Remote Command Execution Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting	2020-01-30 05:02:05 +00:00
Offensive Security	8128628aa6	DB: 2020-01-22 2 changes to exploits/shellcodes NEOWISE CARBONFTP 1.4 - Weak Password Encryption ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection	2020-01-22 05:02:00 +00:00
Offensive Security	1a9ce31a5f	DB: 2020-01-17 12 changes to exploits/shellcodes SunOS 5.10 Generic_147148-26 - Local Privilege Escalation Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP) Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting VICIDIAL Call Center Suite - Multiple SQL Injections Online Book Store 1.0 - 'bookisbn' SQL Injection WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Online Book Store 1.0 - Arbitrary File Upload Tautulli 2.1.9 - Denial of Service ( Metasploit ) Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection	2020-01-17 05:02:10 +00:00
Offensive Security	de1e6651e0	DB: 2020-01-10 8 changes to exploits/shellcodes ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC) MSN Password Recovery 1.30 - XML External Entity Injection Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery Oracle Weblogic 10.3.6.0.0 - Remote Command Execution	2020-01-10 05:02:00 +00:00
Offensive Security	c7085a57b4	DB: 2020-01-09 9 changes to exploits/shellcodes Cisco DCNM JBoss 10.4 - Credential Leakage EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow ASTPP VoIP 4.0.1 - Remote Code Execution JetBrains TeamCity 2018.2.4 - Remote Code Execution Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting Online Book Store 1.0 - Unauthenticated Remote Code Execution Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)	2020-01-09 05:02:04 +00:00
Offensive Security	b92604bb93	DB: 2019-12-18 7 changes to exploits/shellcodes D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Roxy Fileman 1.4.5 - Directory Traversal Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Netgear R6400 - Remote Code Execution NopCommerce 4.2.0 - Privilege Escalation Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)	2019-12-18 05:02:05 +00:00
Offensive Security	6cf35b330f	DB: 2019-12-12 5 changes to exploits/shellcodes Product Key Explorer 4.2.0.0 - 'Name' Denial of Service (POC) Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC) AppXSvc 17763 - Arbitrary File Overwrite (DoS) Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font Apache Olingo OData 4.0 - XML External Entity Injection	2019-12-12 05:01:58 +00:00
Offensive Security	44b163c8d1	DB: 2019-12-10 11 changes to exploits/shellcodes Omron PLC 1.0.0 - Denial of Service (PoC) Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack Microsoft Windows - Multiple UAC Protection Bypasses Microsoft Windows - 'WSReset' UAC Protection Bypass (Registry) Microsoft Windows 10 - 'WSReset' UAC Protection Bypass (propsys.dll) SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow (SEH) Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution Alcatel-Lucent Omnivista 8770 - Remote Code Execution Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting	2019-12-10 05:01:48 +00:00
Offensive Security	b6ed2c7176	DB: 2019-11-09 6 changes to exploits/shellcodes SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path Android Janus - APK Signature Bypass (Metasploit) rConfig - install Command Execution (Metasploit) Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting Adive Framework 2.0.7 - Privilege Escalation Nextcloud 17 - Cross-Site Request Forgery	2019-11-09 05:01:40 +00:00
Offensive Security	47d2a76f4f	DB: 2019-11-02 7 changes to exploits/shellcodes OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path Nostromo - Directory Traversal Remote Command Execution (Metasploit) TheJshen contentManagementSystem 1.04 - 'id' SQL Injection ownCloud 10.3.0 stable - Cross-Site Request Forgery Apache Solr 8.2.0 - Remote Code Execution	2019-11-02 05:01:41 +00:00
Offensive Security	bfcf0daec9	DB: 2019-10-08 8 changes to exploits/shellcodes logrotten 3.15.1 - Privilege Escalation ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP) CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation freeFTP 1.0.8 - Remote Buffer Overflow Joomla 3.4.6 - 'configuration.php' Remote Code Execution Zabbix 4.2 - Authentication Bypass Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload	2019-10-08 05:01:48 +00:00
Offensive Security	e852f6f799	DB: 2019-09-12 2 changes to exploits/shellcodes Enigma NMS 65.0.0 - Cross-Site Request Forgery Enigma NMS 65.0.0 - OS Command Injection Enigma NMS 65.0.0 - SQL Injection Enigma NMS 65.0.0 - Cross-Site Request Forgery Enigma NMS 65.0.0 - OS Command Injection Enigma NMS 65.0.0 - SQL Injection AVCON6 systems management platform - OGNL Remote Command Execution eWON Flexy - Authentication Bypass	2019-09-12 05:02:26 +00:00
Offensive Security	a26ef1328e	DB: 2019-09-04 6 changes to exploits/shellcodes ktsuss 1.4 - suid Privilege Escalation (Metasploit) ptrace - Sudo Token Privilege Escalation (Metasploit) Cisco UCS Director - default scpuser password (Metasploit) Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit) Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit) FileThingie 2.5.7 - Arbitrary File Upload	2019-09-04 05:02:30 +00:00
Offensive Security	6f05fdc74e	DB: 2019-07-21 1 changes to exploits/shellcodes	2019-07-21 05:02:06 +00:00
Offensive Security	978c16266a	DB: 2019-07-13 9 changes to exploits/shellcodes Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation Xymon 4.3.25 - useradm Command Execution (Metasploit) Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting Sahi Pro 8.0.0 - Remote Command Execution Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)	2019-07-13 05:02:17 +00:00
Offensive Security	8cbfa5df7f	DB: 2019-06-18 13 changes to exploits/shellcodes HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write Netperf 2.6.0 - Stack-Based Buffer Overflow Thunderbird ESR < 60.7.XXX - Type Confusion Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow Exim 4.87 - 4.91 - Local Privilege Escalation Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell) AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit) RedwoodHQ 2.5.5 - Authentication Bypass CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities Spring Security OAuth - Open Redirector Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)	2019-06-18 05:01:54 +00:00
Offensive Security	76be51b7d6	DB: 2019-06-05 8 changes to exploits/shellcodes DVD X Player 5.5 Pro - Local Buffer Overflow (SEH) NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow Cisco RV130W 1.0.3.44 - Remote Stack Overflow IceWarp 10.4.4 - Local File Inclusion Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting	2019-06-05 05:01:56 +00:00
Offensive Security	0a2b5fd16f	DB: 2019-05-30 7 changes to exploits/shellcodes Free SMTP Server 2.5 - Denial of Service (PoC) Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2) Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit) pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting	2019-05-30 05:01:56 +00:00
Offensive Security	6d57564d7c	DB: 2019-05-22 12 changes to exploits/shellcodes Deluge 1.3.15 - 'URL' Denial of Service (PoC) Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC) macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution	2019-05-22 05:01:55 +00:00
Offensive Security	f3c28b3d62	DB: 2019-05-01 23 changes to exploits/shellcodes SpotAuditor 3.6.7 - Denial of Service (PoC) SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC) SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC) Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter) IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter) DeviceViewer 3.12.0.1 - 'user' SEH Overflow Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit) AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit) Pimcore < 5.71 - Unserialize RCE (Metasploit) Netgear DGN2200 / DGND3700 - Admin Password Disclosure Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Joomla! Component ARI Quiz 3.7.4 - SQL Injection Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery HumHub 1.3.12 - Cross-Site Scripting Spring Cloud Config 2.1.x - Path Traversal (Metasploit) Domoticz 4.10577 - Unauthenticated Remote Command Execution Joomla! Component JiFile 2.3.1 - Arbitrary File Download Hyvikk Fleet Manager - Shell Upload Agent Tesla Botnet - Information Disclosure Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution	2019-05-01 05:02:01 +00:00
Offensive Security	be3b22b6f7	DB: 2019-04-27 4 changes to exploits/shellcodes NSauditor 3.1.2.0 - 'Community' Denial of Service (PoC) NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC) systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting	2019-04-27 05:02:04 +00:00
Offensive Security	23f668ca8d	DB: 2019-04-09 14 changes to exploits/shellcodes FlexHEX 2.71 - SEH Buffer Overflow (Unicode) AllPlayer 7.4 - SEH Buffer Overflow (Unicode) River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation QNAP Netatalk < 3.1.12 - Authentication Bypass Jobgator - 'experience' SQL Injection Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities SaLICru -SLC-20-cube3(5) - HTML Injection CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting Tradebox CryptoCurrency - 'symbol' SQL Injection WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass ManageEngine ServiceDesk Plus 9.3 - User Enumeration	2019-04-09 05:02:03 +00:00
Offensive Security	2afed97ceb	DB: 2019-03-20 16 changes to exploits/shellcodes libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons Google Chrome < M73 - Double-Destruction Race in StoragePartitionService Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML Microsoft VBScript - VbsErase Memory Corruption Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject Google Chrome < M73 - MidiManagerWin Use-After-Free Google Chrome < M73 - FileSystemOperationRunner Use-After-Free Advanced Host Monitor 11.92 beta - Local Buffer Overflow Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit) TheCarProject v2 - Multiple SQL Injection TheCarProject 2 - Multiple SQL Injection Gila CMS 1.9.1 - Cross-Site Scripting MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting eNdonesia Portal 8.7 - Multiple Vulnerabilities Netartmedia Event Portal 2.0 - 'Email' SQL Injection Netartmedia PHP Mall 4.1 - SQL Injection Netartmedia Real Estate Portal 5.0 - SQL Injection	2019-03-20 05:01:53 +00:00
Offensive Security	b4e61d43c1	DB: 2019-03-15 6 changes to exploits/shellcodes Microsoft Windows - .reg File / Dialog Box Message Spoofing Microsoft Windows - '.reg' File / Dialog Box Message Spoofing FTPGetter Standard 5.97.0.177 - Remote Code Execution Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password) Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution	2019-03-15 05:01:51 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	d5509de389	DB: 2019-03-07 6 changes to exploits/shellcodes Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem Android - binder Use-After-Free via racy Initialization of ->allow_user_free Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass Java Debug Wire Protocol (JDWP) - Remote Code Execution Linux/x86 - XOR Encoder / Decoder execve() /bin/sh Shellcode (45 bytes) Linux/x86 - XOR Encoder / Decoder execve(/bin/sh) Shellcode (45 bytes)	2019-03-07 05:01:53 +00:00
Offensive Security	bb86158c6e	DB: 2019-02-26 7 changes to exploits/shellcodes Xlight FTP Server 3.9.1 - Buffer Overflow (PoC) Jenkins - Remote Code Execution Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC) Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution zzzphp CMS 1.6.1 - Remote Code Execution PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection News Website Script 2.0.5 - SQL Injection Advance Gift Shop Pro Script 2.0.3 - SQL Injection Drupal < 8.6.9 - REST Module Remote Code Execution	2019-02-26 05:01:47 +00:00
Offensive Security	79a4beaea4	DB: 2019-02-20 13 changes to exploits/shellcodes NetSetMan 4.7.1 - 'Workgroup' Denial of Service (PoC) Valentina Studio 9.0.4 - 'Host' Denial of Service (PoC) BulletProof FTP Server 2019.0.0.50 - 'SMTP Server' Denial of Service (PoC) MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - File Permissions SYSTEM Privilege Escalation Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting eDirectory - SQL Injection XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection Jenkins - Remote Code Execution	2019-02-20 05:01:54 +00:00
Offensive Security	cd868436ff	DB: 2019-02-19 25 changes to exploits/shellcodes Realterm Serial Terminal 2.0.0.70 - Denial of Service Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH) NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC) Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers qdPM 9.1 - 'type' Cross-Site Scripting qdPM 9.1 - 'search[keywords]' Cross-Site Scripting Master IP CAM 01 3.3.4.2103 - Remote Command Execution MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module CMSsite 1.0 - 'post' SQL Injection M/Monit 3.7.2 - Privilege Escalation Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload Apache CouchDB 2.3.0 - Cross-Site Scripting ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)	2019-02-19 05:02:08 +00:00
Offensive Security	d667cf901c	DB: 2019-02-06 11 changes to exploits/shellcodes Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC) River Past Audio Converter 7.7.16 - Denial of Service (PoC) ResourceSpace 8.6 - 'watched_searches.php' SQL Injection SuiteCRM 7.10.7 - 'parentTab' SQL Injection SuiteCRM 7.10.7 - 'record' SQL Injection ResourceSpace 8.6 - 'watched_searches.php' SQL Injection SuiteCRM 7.10.7 - 'parentTab' SQL Injection SuiteCRM 7.10.7 - 'record' SQL Injection BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin) BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery devolo dLAN 550 duo+ Starter Kit - Remote Code Execution Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery OpenMRS Platform < 2.24.0 - Insecure Object Deserialization Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)	2019-02-06 05:01:42 +00:00

1 2

85 commits