exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	e46d9f65ff	DB: 2020-07-27 32 changes to exploits/shellcodes Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite) Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH) Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter) DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter) Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter) Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH) Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter) docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated) ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin) WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated) Bludit 3.9.2 - Directory Traversal LibreHealth 2.0.0 - Authenticated Remote Code Execution Online Course Registration 1.0 - Unauthenticated Remote Code Execution elaniin CMS - Authentication Bypass Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated) PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting Bio Star 2.8.2 - Local File Inclusion Webtareas 2.1p - Arbitrary File Upload (Authenticated) F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication) Socket.io-file 2.0.31 - Arbitrary File Upload pfSense 2.4.4-p3 - Cross-Site Request Forgery Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting Rails 5.0.1 - Remote Code Execution Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes) Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes) Windows/x86 - Download using mshta.exe Shellcode (100 bytes)	2020-07-27 05:02:04 +00:00
Offensive Security	1979df6cb3	DB: 2020-06-19 51 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Notepad++ < 7.7 (x64) - Denial of Service SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service InputMapper 1.6.10 - Denial of Service SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH) XnConvert 1.82 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC) SpotDialup 1.6.7 - 'Key' Denial of Service (PoC) Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) FreeBSD 12.0 - 'fd' Local Privilege Escalation iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH) DeviceViewer 3.12.0.1 - Arbitrary Password Change Winrar 5.80 - XML External Entity Injection Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution Siemens TIA Portal - Remote Command Execution Android 7 < 9 - Remote Code Execution CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit) CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit) CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit) MyBB < 1.8.21 - Remote Code Execution Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit) Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery Publisure Hybrid - Multiple Vulnerabilities NetGain EM Plus 10.1.68 - Remote Command Execution Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion DotNetNuke 9.3.2 - Cross-Site Scripting VehicleWorkshop 1.0 - 'bookingid' SQL Injection WordPress Plugin Tutor.1.5.3 - Local File Inclusion WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting WordPress Plugin Wordfence.7.4.5 - Local File Disclosure WordPress Plugin contact-form-7 5.1.6 - Remote File Upload WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Joomla! 3.9.0 < 3.9.7 - CSV Injection PlaySMS 1.4.3 - Template Injection / Remote Code Execution Wing FTP Server - Authenticated CSRF (Delete Admin) WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification UADMIN Botnet 1.0 - 'link' SQL Injection Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload Wordpress Plugin PicUploader 1.0 - Remote File Upload PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution WordPress Plugin Helpful 2.4.11 - SQL Injection Prestashop 1.7.6.4 - Cross-Site Request Forgery WordPress Plugin Simple File List 5.4 - Remote Code Execution Library CMS Powerful Book Management System 2.2.0 - Session Fixation Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection Beauty Parlour Management System 1.0 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes) Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes) Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)	2020-06-19 05:02:01 +00:00
Offensive Security	bb9f12afc7	DB: 2020-06-16 3 changes to exploits/shellcodes SOS JobScheduler 1.13.3 - Stored Password Decryption Linux/ARM - execve /bin/dash Shellcode (32 bytes) Linux/ARM - Bind (0.0.0.0:1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (100 bytes)	2020-06-16 05:01:56 +00:00
Offensive Security	7b87f30fbc	DB: 2020-04-25 5 changes to exploits/shellcodes Popcorn Time 6.2 - 'Update service' Unquoted Service Path EspoCRM 5.8.5 - Privilege Escalation Edimax EW-7438RPn 1.13 - Remote Code Execution Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)	2020-04-25 05:01:51 +00:00
Offensive Security	1c5c38825d	DB: 2020-04-22 10 changes to exploits/shellcodes Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation WordPress 2.0.2 - 'cache' Remote Shell Injection Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption WordPress Core 2.0.2 - 'cache' Remote Shell Injection CSZ CMS 1.2.7 - Persistent Cross-Site Scripting PMB 5.6 - 'logid' SQL Injection CSZ CMS 1.2.7 - 'title' HTML Injection IQrouter 3.3.1 Firmware - Remote Code Execution NSClient++ 0.5.2.35 - Authenticated Remote Code Execution jizhi CMS 1.6.7 - Arbitrary File Download P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)	2020-04-22 05:01:47 +00:00
Offensive Security	606ad946d3	DB: 2020-03-26 7 changes to exploits/shellcodes AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path 10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH) Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Joomla! Component GMapFP 3.30 - Arbitrary File Upload LeptonCMS 4.5.0 - Persistent Cross-Site Scripting Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)	2020-03-26 05:01:48 +00:00
Offensive Security	b84d953124	DB: 2020-03-24 10 changes to exploits/shellcodes ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC) Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC) CyberArk PSMP 10.9.1 - Policy Restriction Bypass PHPMailer < 5.2.18 - Remote Code Execution (Bash) FIBARO System Home Center 5.021 - Remote File Include rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)	2020-03-24 05:01:50 +00:00
Offensive Security	85cdf30cea	DB: 2020-03-19 7 changes to exploits/shellcodes NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Microsoft VSCode Python Extension - Code Execution VMWare Fusion - Local Privilege Escalation Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) Netlink GPON Router 1.0.11 - Remote Code Execution Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)	2020-03-19 05:01:49 +00:00
Offensive Security	cf92ea269e	DB: 2020-02-25 22 changes to exploits/shellcodes Quick N Easy Web Server 3.3.8 - Denial of Service (PoC) Go SSH servers 0.0.2 - Denial of Service (PoC) Android Binder - Use-After-Free (Metasploit) Diamorphine Rootkit - Signal Privilege Escalation (Metasploit) Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit) Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Real Web Pentesting Tutorial Step by Step - [Persian] AMSS++ v 4.31 - 'id' SQL Injection SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin) AMSS++ 4.7 - Backdoor Admin Account SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure ATutor 2.2.4 - 'id' SQL Injection I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure ManageEngine EventLog Analyzer 10.0 - Information Disclosure eLection 2.0 - 'id' SQL Injection DotNetNuke 9.5 - Persistent Cross-Site Scripting DotNetNuke 9.5 - File Upload Restrictions Bypass Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure Cacti 1.2.8 - Remote Code Execution Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)	2020-02-25 05:01:52 +00:00
Offensive Security	8cbf7883c1	DB: 2020-02-11 11 changes to exploits/shellcodes Dota 2 7.23f - Denial of Service (PoC) usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand() Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow Ricoh Driver - Privilege Escalation (Metasploit) D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit) OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit) Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Linux/x86 - Bind Shell Generator Shellcode (114 bytes)	2020-02-11 05:02:02 +00:00
Offensive Security	9f56865d3d	DB: 2020-01-31 3 changes to exploits/shellcodes OpenSMTPD 6.6.2 - Remote Code Execution rConfig 3.9.3 - Authenticated Remote Code Execution Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)	2020-01-31 05:02:01 +00:00
Offensive Security	82e6691834	DB: 2020-01-23 4 changes to exploits/shellcodes KeePass 2.44 - Denial of Service (PoC) Citrix XenMobile Server 10.8 - XML External Entity Injection Windows/7 - Screen Lock Shellcode (9 bytes)	2020-01-23 05:02:01 +00:00
Offensive Security	c7085a57b4	DB: 2020-01-09 9 changes to exploits/shellcodes Cisco DCNM JBoss 10.4 - Credential Leakage EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow ASTPP VoIP 4.0.1 - Remote Code Execution JetBrains TeamCity 2018.2.4 - Remote Code Execution Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting Online Book Store 1.0 - Unauthenticated Remote Code Execution Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)	2020-01-09 05:02:04 +00:00
Offensive Security	95c6eeab79	DB: 2020-01-07 33 changes to exploits/shellcodes NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC) SpotIE 2.9.5 - 'Key' Denial of Service (PoC) Dnss Domain Name Search Software - 'Key' Denial of Service (PoC) BlueAuditor 1.7.2.0 - 'Name' Denial of Service (PoC) ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service (PoC) NetShareWatcher 1.5.8.0 - 'Key' Denial of Service (PoC) Dnss Domain Name Search Software - 'Name' Denial of Service (PoC) TextCrawler Pro3.1.1 - Denial of Service (PoC) RemShutdown 2.9.0.0 - 'Key' Denial of Service (PoC) Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service (PoC) RemShutdown 2.9.0.0 - 'Name' Denial of Service (PoC) NBMonitor 1.6.6.0 - 'Key' Denial of Service (PoC) Office Product Key Finder 1.5.4 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service (PoC) SpotMSN 2.4.6 - 'Name' Denial of Service (PoC) SpotIM 2.2 - 'Name' Denial Of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Duplicate Cleaner Pro 4 - Denial of Service (PoC) Microsoft Outlook VCF cards - Denial of Service (PoC) Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path Windows - Shell COM Server Registrar Local Privilege Escalation Dairy Farm Shop Management System 1.0 - 'username' SQL Injection Complaint Management System 4.0 - 'cid' SQL injection IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin) Hostel Management System 2.0 - 'id' SQL Injection elaniin CMS 1.0 - Authentication Bypass Small CRM 2.0 - Authentication Bypass Voyager 1.3.0 - Directory Traversal Codoforum 4.8.3 - Persistent Cross-Site Scripting Django < 3.0 < 2.2 < 1.11 - Account Hijack Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)	2020-01-07 05:02:07 +00:00
Offensive Security	b92604bb93	DB: 2019-12-18 7 changes to exploits/shellcodes D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Roxy Fileman 1.4.5 - Directory Traversal Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Netgear R6400 - Remote Code Execution NopCommerce 4.2.0 - Privilege Escalation Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)	2019-12-18 05:02:05 +00:00
Offensive Security	caad53ed8d	DB: 2019-10-31 6 changes to exploits/shellcodes WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service JavaScriptCore - GetterSetter Type Confusion During DFG Compilation Ajenti 2.1.31 - Remote Code Exection (Metasploit) Citrix StoreFront Server 7.15 - XML External Entity Injection iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure Linux/x86 - (NOT\|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)	2019-10-31 05:01:41 +00:00
Offensive Security	a464ad083a	DB: 2019-10-23 5 changes to exploits/shellcodes winrar 5.80 - XML External Entity Injection Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit) Moxa EDR-810 - Command Injection / Information Disclosure Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)	2019-10-23 05:01:41 +00:00
Offensive Security	588067072a	DB: 2019-10-17 15 changes to exploits/shellcodes sudo 1.8.28 - Security Bypass sudo 1.2.27 - Security Bypass Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path X.Org X Server 1.20.4 - Local Stack Overflow LiteManager 4.5.0 - 'romservice' Unquoted Serive Path Solaris xscreensaver 11.4 - Privilege Escalation Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path Whatsapp 2.19.216 - Remote Code Execution Accounts Accounting 7.02 - Persistent Cross-Site Scripting CyberArk Password Vault 10.6 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)	2019-10-17 05:01:44 +00:00
Offensive Security	c4b3e48aea	DB: 2019-10-11 10 changes to exploits/shellcodes Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit_ DEP Bypass) freeFTP 1.0.8 - Remote Buffer Overflow freeFTP 1.0.8 - 'PASS' Remote Buffer Overflow SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery TP-Link TL-WR1043ND 2 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)	2019-10-11 05:01:46 +00:00
Offensive Security	54bc76dcfd	DB: 2019-10-09 3 changes to exploits/shellcodes vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution Zabbix 4.4 - Authentication Bypass vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution Linux/ARM - Fork Bomb Shellcode (20 bytes)	2019-10-09 05:01:45 +00:00
Offensive Security	0486c1c8ad	DB: 2019-10-05 4 changes to exploits/shellcodes Android - Binder Driver Use-After-Free PHP 7.1 < 7.3 - disable_functions Bypass PHP 7.1 < 7.3 - 'json serializer' Disable Functions Bypass LabCollector 5.423 - SQL Injection PHP 7.0 < 7.3 (Unix) - 'gc' Disable Functions Bypass Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)	2019-10-05 05:01:46 +00:00
Offensive Security	432e1efb44	DB: 2019-09-18 1 changes to exploits/shellcodes Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes)	2019-09-18 05:02:14 +00:00
Offensive Security	835218237b	DB: 2019-09-06 2 changes to exploits/shellcodes AwindInc SNMP Service - Command Injection (Metasploit) Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode	2019-09-06 05:02:26 +00:00
Offensive Security	0a59eb70a8	DB: 2019-08-21 3 changes to exploits/shellcodes SilverSHielD 6.x - Local Privilege Escalation WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes) Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes) Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (129 bytes) Linux/x86_64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (120 bytes) Linux/MIPS64 - Reverse (localhost:4444/TCP) Shell Shellcode (157 bytes)	2019-08-21 05:02:32 +00:00
Offensive Security	c0ff0bbedd	DB: 2019-08-20 10 changes to exploits/shellcodes RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service Kimai 2 - Persistent Cross-Site Scripting FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit) FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Neo Billing 3.5 - Persistent Cross-Site Scripting Webmin 1.920 - Remote Code Execution YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes) Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes) Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)	2019-08-20 05:02:44 +00:00
Offensive Security	998fb1eeec	DB: 2019-08-14 6 changes to exploits/shellcodes Steam Windows Client - Local Privilege Escalation Agent Tesla Botnet - Arbitrary Code Execution AZORult Botnet - SQL Injection Linux/Tru64 alpha - execve(/bin/sh) Shellcode (108 bytes) Linux/x86 - execve(_/bin/sh_) + tolower() Shellcode Linux/x86 - Multiple In-Memory Modules (Prompt + Privilege Restore + Break Chroot Jail + Backdoor) + Signature Evasion Shellcode	2019-08-14 05:02:24 +00:00
Offensive Security	2b7a0122f2	DB: 2019-08-02 6 changes to exploits/shellcodes Ultimate Loan Manager 2.0 - Cross-Site Scripting WebIncorp ERP - SQL injection Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes) Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes) Linux/x86 - Force Reboot Shellcode (51 bytes)	2019-08-02 05:02:24 +00:00
Offensive Security	852694f982	DB: 2019-07-30 6 changes to exploits/shellcodes Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit) WP Database Backup < 5.2 - Remote Code Execution (Metasploit) WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting GigToDo 1.3 - Cross-Site Scripting Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode	2019-07-30 05:02:12 +00:00
Offensive Security	5c06a41d94	DB: 2019-07-24 1 changes to exploits/shellcodes Linux/x86_64 - Wget Linux Enumeration Script Shellcode (155 Bytes)	2019-07-24 05:02:23 +00:00
Offensive Security	978c16266a	DB: 2019-07-13 9 changes to exploits/shellcodes Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation Xymon 4.3.25 - useradm Command Execution (Metasploit) Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting Sahi Pro 8.0.0 - Remote Command Execution Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)	2019-07-13 05:02:17 +00:00
Offensive Security	1a13989f12	DB: 2019-07-04 5 changes to exploits/shellcodes Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit) Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit) AZADMIN CMS 1.0 - SQL Injection WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection Symantec DLP 15.5 MP1 - Cross-Site Scripting Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)	2019-07-04 05:01:54 +00:00
Offensive Security	4afcc04eda	DB: 2019-07-02 24 changes to exploits/shellcodes Linux Mint 18.3-19.1 - 'yelp' Command Injection FaceSentry Access Control System 6.4.8 - Remote SSH Root WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection PowerPanel Business Edition - Cross-Site Scripting ZoneMinder 1.32.3 - Cross-Site Scripting SAP Crystal Reports - Information Disclosure Sahi pro 8.x - Directory Traversal CyberPanel 1.8.4 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Command Injection FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Root Exploit Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes) Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes) Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes) Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes) Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes) Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes) Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)	2019-07-02 05:01:50 +00:00
Offensive Security	70484f5916	DB: 2019-06-29 3 changes to exploits/shellcodes LibreNMS 1.46 - 'addhost' Remote Code Execution Windows/x86 - Start iexplore.exe Shellcode (191 Bytes) Linux/x86 - chmod + execute + hide output via /usr/bin/wget Shellcode (129 bytes)	2019-06-29 05:01:51 +00:00
Offensive Security	5632d13fea	DB: 2019-06-28 2 changes to exploits/shellcodes Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode Linux/x86_64 - Reverse (0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode Linux/x86 - ASCII AND_ SUB_ PUSH_ POPAD Encoder Shellcode Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe _c:\evil.exe_) Shellcode (210 Bytes)	2019-06-28 05:01:52 +00:00
Offensive Security	97334ae3af	DB: 2019-06-25 9 changes to exploits/shellcodes GSearch 1.0.1.0 - Denial of Service (PoC) Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation dotProject 2.1.9 - SQL Injection SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting SeedDMS versions < 5.1.11 - Remote Command Execution GrandNode 4.40 - Path Traversal / Arbitrary File Download Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode	2019-06-25 05:01:51 +00:00
Offensive Security	745971e212	DB: 2019-06-19 5 changes to exploits/shellcodes Serv-U FTP Server < 15.1.7 - Local Privilege Escalation Sahi pro 7.x/8.x - Directory Traversal Sahi pro 8.x - SQL Injection Sahi pro 8.x - Cross-Site Scripting Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)	2019-06-19 05:01:55 +00:00
Offensive Security	8cbfa5df7f	DB: 2019-06-18 13 changes to exploits/shellcodes HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write Netperf 2.6.0 - Stack-Based Buffer Overflow Thunderbird ESR < 60.7.XXX - Type Confusion Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow Exim 4.87 - 4.91 - Local Privilege Escalation Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell) AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit) RedwoodHQ 2.5.5 - Authentication Bypass CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities Spring Security OAuth - Open Redirector Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)	2019-06-18 05:01:54 +00:00
Offensive Security	51bf94ed48	DB: 2019-06-11 5 changes to exploits/shellcodes Ubuntu 18.04 - 'lxd' Privilege Escalation UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)	2019-06-11 05:01:53 +00:00
Offensive Security	85fbab2de4	DB: 2019-06-08 5 changes to exploits/shellcodes Nvidia GeForce Experience Web Helper - Command Injection Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3) Exim 4.87 < 4.91 - (Local / Remote) Command Execution Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)	2019-06-08 05:01:56 +00:00
Offensive Security	970f7b1104	DB: 2019-05-24 18 changes to exploits/shellcodes macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free NetAware 1.20 - 'Add Block' Denial of Service (PoC) NetAware 1.20 - 'Share Name' Denial of Service (PoC) Terminal Services Manager 3.2.1 - Denial of Service Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free Microsoft Windows 10 (17763.379) - Install DLL Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation Apple Mac OS X - Feedback Assistant Race Condition (Metasploit) Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation Microsoft Internet Explorer 11 - Sandbox Escape Microsoft Windows - 'Win32k' Local Privilege Escalation Axis Network Camera - .srv to parhand RCE (Metasploit) Axis Network Camera - .srv to parhand Remote Code Execution (Metasploit) HP Intelligent Management - Java Deserialization RCE (Metasploit) HP Intelligent Management - Java Deserialization Remote Code Execution (Metasploit) Erlang - Port Mapper Daemon Cookie RCE (Metasploit) Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit) CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit) CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit) AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit) Pimcore < 5.71 - Unserialize RCE (Metasploit) AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit) Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit) Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit) Nagios XI 5.6.1 - SQL injection BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind (31337/TCP) Shell (/bin/sh) Shellcode (94 bytes) Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes) Linux/x86 - Flush IPTables Rules (execve(/sbin/iptables -F)) Shellcode (70 bytes) Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables --flush) Shellcode (69 bytes) Linux/x86 - iptables --flush Shellcode (43 bytes) Linux/x86 - Flush IPTables Rules (iptables --flush) Shellcode (43 bytes) Linux/x86 - iptables -F Shellcode (43 bytes) Linux/x86 - Flush IPTables Rules (iptables -F) Shellcode (43 bytes) Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/x86 - Reverse (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/x86 - Reverse TCP (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes) Linux/x86 - Reverse (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes) Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes) macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) Apple macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) Apple macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes) Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (63 bytes) Linux/x86 - Add User (sshd/root) to Passwd File Shellcode (149 bytes) Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes) Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes) Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes) Linux/x86 - Rabbit Shellcode Crypter (200 bytes) Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes) Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes) Linux/ARM - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (S59!) + Null-Free Shellcode (100 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes) Linux/x86 - OpenSSL Encrypt (aes256cbc) Files (test.txt) Shellcode (185 bytes) Linux/x86 - shred file Shellcode (72 bytes) Linux/x86 - execve /bin/sh Shellcode (20 bytes) Linux/x86 - /sbin/iptables -F Shellcode (43 bytes) Linux x86_64 - Delete File Shellcode (28 bytes) Linux/x86 - Shred file (test.txt) Shellcode (72 bytes) Linux/x86 - execve(/bin/sh) Shellcode (20 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (43 bytes) Linux/x86_64 - Delete File (test.txt) Shellcode (28 bytes) Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)	2019-05-24 05:02:03 +00:00
Offensive Security	44198f828c	DB: 2019-05-21 16 changes to exploits/shellcodes Huawei eSpace Meeting 1.1.11.103 - 'cenwpoll.dll' SEH Buffer Overflow (Unicode) Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow Huawei eSpace 1.1.11.103 - 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow Encrypt PDF 2.3 - Denial of Service (PoC) PCL Converter 2.7 - Denial of Service (PoC) docPrint Pro 8.0 - Denial of Service (PoC) AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC) BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service (PoC) BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service (PoC) xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab) xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation Huawei eSpace 1.1.11.103 - DLL Hijacking Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1) Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2) GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit) eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution Linux x86_64 - Delete File Shellcode (28 bytes)	2019-05-21 05:02:05 +00:00
Offensive Security	945107caf5	DB: 2019-05-14 10 changes to exploits/shellcodes SpotMSN 2.4.6 - Denial of Service (PoC) DNSS 2.1.8 - Denial of Service (PoC) Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery SOCA Access Control System 180612 - Information Disclosure SOCA Access Control System 180612 - SQL Injection SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin) XOOPS 2.5.9 - SQL Injection OpenProject 5.0.0 - 8.3.1 - SQL Injection Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)	2019-05-14 05:01:58 +00:00
Offensive Security	5a4d21a1cf	DB: 2019-05-09 9 changes to exploits/shellcodes jetAudio 8.1.7.20702 Basic - 'Enter URL' Denial of Service (PoC) MiniFtp - 'parseconf_load_setting' Buffer Overflow Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE) Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit) PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit) Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit) NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass Linux/x86 - execve /bin/sh Shellcode (20 bytes)	2019-05-09 05:02:02 +00:00
Offensive Security	79a9df09f0	DB: 2019-05-07 13 changes to exploits/shellcodes iOS 12.1.3 - 'cfprefsd' Memory Corruption Windows PowerShell ISE - Remote Code Execution NSClient++ 0.5.2.35 - Privilege Escalation Windows PowerShell ISE - Remote Code Execution LG Supersign EZ CMS - Remote Code Execution (Metasploit) Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter) ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution PHPads 2.0 - 'click.php3?bannerID' SQL Injection microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes) Linux/x86 - shred file Shellcode (72 bytes)	2019-05-07 05:01:58 +00:00
Offensive Security	2ae6cf2b7f	DB: 2019-05-04 9 changes to exploits/shellcodes SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service Windows PowerShell ISE - Remote Code Execution Blue Angel Software Suite - Command Execution Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection Instagram Auto Follow - Authentication Bypass Zotonic < 0.47.0 mod_admin - Cross-Site Scripting Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes)	2019-05-04 05:02:03 +00:00
Offensive Security	64a6267162	DB: 2019-04-25 4 changes to exploits/shellcodes VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation Google Chrome 72.0.3626.121 / 74.0.3725.0 - 'NewFixedDoubleArray' Integer Overflow Linux/x86 - Rabbit Shellcode Crypter (200 bytes)	2019-04-25 05:02:05 +00:00
Offensive Security	56498e7891	DB: 2019-04-23 10 changes to exploits/shellcodes Ease Audio Converter 5.30 - '.mp4' Denial of Service (PoC) QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC) LabF nfsAxe 3.7 Ping Client - 'Host IP' Buffer Overflow (Direct Ret) ManageEngine Applications Manager 14.0 - Authentication Bypass / Remote Command Execution (Metasploit) WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery / Local File Inclusion 74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User) Msvod 10 - Cross-Site Request Forgery (Change User Information) UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes)	2019-04-23 05:02:04 +00:00
Offensive Security	ab955a9b5d	DB: 2019-04-19 5 changes to exploits/shellcodes Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC) Evernote 7.9 - Code Execution via Path Traversal LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit) ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)	2019-04-19 05:02:10 +00:00
Offensive Security	0d739de6f9	DB: 2019-04-16 13 changes to exploits/shellcodes UltraVNC Viewer 1.2.2.4 - 'VNC Server' Denial of Service (PoC) UltraVNC Launcher 1.2.2.4 - 'Path' Denial of Service (PoC) MailCarrier 2.51 - 'RCPT TO' Buffer Overflow RemoteMouse 3.008 - Arbitrary Remote Command Execution CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit) MailCarrier 2.51 - POP3 'USER' Buffer Overflow MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit) Manage Engine ServiceDesk Plus 10.0 - Privilege Escalation DirectAdmin 1.561 - Multiple Vulnerabilities Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes) Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)	2019-04-16 05:02:04 +00:00
Offensive Security	fd2946662d	DB: 2019-04-13 7 changes to exploits/shellcodes CyberArk EPM 10.2.1.603 - Security Restrictions Bypass Microsoft Internet Explorer 11 - XML External Entity Injection Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit) Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit) ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit) Linux/x86 - Add User to Passwd File Shellcode (149 bytes)	2019-04-13 05:02:03 +00:00

1 2 3

122 commits