bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1952 commits 1 branch 0 tags 261 MiB
Commit graph

216 commits

Author SHA1 Message Date
Offensive Security
e4e566f5ff DB: 2019-10-22 
7 changes to exploits/shellcodes

winrar 5.80 64bit - Denial of Service
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)

sudo 1.2.27 - Security Bypass
sudo 1.8.27 - Security Bypass
winrar 5.80 - XML External Entity Injection
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
Solaris 11.4 - xscreensaver Privilege Escalation

CyberArk Password Vault 10.6 - Authentication Bypass
 2019-10-22 05:01:40 +00:00
Offensive Security
588067072a DB: 2019-10-17 
15 changes to exploits/shellcodes

sudo 1.8.28 - Security Bypass
sudo 1.2.27 - Security Bypass
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path
X.Org X Server 1.20.4 - Local Stack Overflow
LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
Solaris xscreensaver 11.4 - Privilege Escalation
Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path

Whatsapp 2.19.216 - Remote Code Execution
Accounts Accounting 7.02 - Persistent Cross-Site Scripting
CyberArk Password Vault 10.6 - Authentication Bypass

Linux/x86 -  Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
 2019-10-17 05:01:44 +00:00
Offensive Security
bae704d681 DB: 2019-10-16 
4 changes to exploits/shellcodes

sudo 1.8.28 - Security Bypass
ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path

Podman & Varlink 1.5.1 - Remote Code Execution

Bolt CMS 3.6.10 - Cross-Site Request Forgery
 2019-10-16 05:01:45 +00:00
Offensive Security
c4b3e48aea DB: 2019-10-11 
10 changes to exploits/shellcodes

Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit_ DEP Bypass)

freeFTP 1.0.8 - Remote Buffer Overflow
freeFTP 1.0.8 - 'PASS' Remote Buffer Overflow
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
TP-Link TL-WR1043ND 2 - Authentication Bypass

Linux/x86 -  Add User to /etc/passwd Shellcode (59 bytes)
 2019-10-11 05:01:46 +00:00
Offensive Security
bfcf0daec9 DB: 2019-10-08 
8 changes to exploits/shellcodes

logrotten 3.15.1 - Privilege Escalation
ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP)
CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation

freeFTP 1.0.8 - Remote Buffer Overflow
Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Zabbix 4.2 - Authentication Bypass
Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload
 2019-10-08 05:01:48 +00:00
Offensive Security
d1bcd4121d DB: 2019-10-04 
5 changes to exploits/shellcodes

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)
mintinstall 7.9.9 - Code Execution
AnchorCMS < 0.12.3a - Information Disclosure
 2019-10-04 05:01:47 +00:00
Offensive Security
4eaf273757 DB: 2019-10-02 
9 changes to exploits/shellcodes

kic 2.4a - Denial of Service
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads
WebKit - Universal XSS in WebCore::command
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
WebKit - Universal XSS Using Cached Pages

DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
vBulletin 5 - 'routestring' Remote Code Execution
vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion
vBulletin 5.x - 'routestring' Remote Code Execution
vBulletin 5.x - 'cacheTemplates' Remote Arbitrary File Deletion
PHP 7.1 < 7.3 - disable_functions Bypass
vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution
DotNetNuke < 9.4.0 - Cross-Site Scripting
 2019-10-02 05:01:46 +00:00
Offensive Security
ba928141e7 DB: 2019-09-26 
10 changes to exploits/shellcodes

SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service

Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow
ABRT - sosreport Privilege Escalation (Metasploit)

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting
WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting
NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
YzmCMS 5.3 - 'Host' Header Injection
 2019-09-26 05:01:47 +00:00
Offensive Security
a3b360fc6c DB: 2019-09-11 
7 changes to exploits/shellcodes

Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
LibreNMS - Collectd Command Injection (Metasploit)
October CMS - Upload Protection Bypass Code Execution (Metasploit)

Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection
Enigma NMS 65.0.0 - SQL Injection
Online Appointment - SQL Injection
Enigma NMS 65.0.0 - SQL Injection
Online Appointment - SQL Injection
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
Dolibarr ERP-CRM 10.0.1 - SQL Injection
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
Dolibarr ERP-CRM 10.0.1 - SQL Injection
WordPress Plugin Photo Gallery 1.5.34 - SQL Injection
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
 2019-09-11 05:02:35 +00:00
Offensive Security
ad97ff4198 DB: 2019-09-07 
3 changes to exploits/shellcodes

SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation

Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation

Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2)

Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3)

SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
FusionPBX 4.4.8 - Remote Code Execution

Inventory Webapp - 'itemquery' SQL injection

Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)
 2019-09-07 05:02:21 +00:00
Offensive Security
835218237b DB: 2019-09-06 
2 changes to exploits/shellcodes

AwindInc SNMP Service - Command Injection (Metasploit)

Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
 2019-09-06 05:02:26 +00:00
Offensive Security
a26ef1328e DB: 2019-09-04 
6 changes to exploits/shellcodes

ktsuss 1.4 - suid Privilege Escalation (Metasploit)
ptrace - Sudo Token Privilege Escalation (Metasploit)
Cisco UCS Director - default scpuser password (Metasploit)
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)

FileThingie 2.5.7 - Arbitrary File Upload
 2019-09-04 05:02:30 +00:00
Offensive Security
b4225f5fa8 DB: 2019-08-31 
12 changes to exploits/shellcodes

SQL Server Password Changer 1.90 - Denial of Service
Easy MP3 Downloader 4.7.8.8 - 'Unlock Code' Denial of Service
Asus Precision TouchPad 11.0.0.25 - Denial of Service
VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service

Canon PRINT 2.5.5 - Information Disclosure

QEMU - Denial of Service
Sentrifugo 3.2 - File Upload Restriction Bypass
Sentrifugo 3.2 - Persistent Cross-Site Scripting
DomainMod 4.13 - Cross-Site Scripting
YouPHPTube 7.4 - Remote Code Execution
WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
 2019-08-31 05:02:54 +00:00
Offensive Security
6adaedca69 DB: 2019-08-27 
6 changes to exploits/shellcodes

Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)
LSoft ListServ < 16.5-2018a - Cross-Site Scripting
WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection
WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting
openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery
 2019-08-27 05:02:18 +00:00
Offensive Security
c0ff0bbedd DB: 2019-08-20 
10 changes to exploits/shellcodes

RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service
Kimai 2 - Persistent Cross-Site Scripting
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
Neo Billing 3.5 - Persistent Cross-Site Scripting
Webmin 1.920 - Remote Code Execution
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection

Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes)
Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)
Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)
 2019-08-20 05:02:44 +00:00
Offensive Security
7e6884af13 DB: 2019-08-15 
12 changes to exploits/shellcodes

Windows PowerShell - Unsanitized Filename Command Execution
ABC2MTEX 1.6.1 - Command Line Stack Overflow

Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion

Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection
D-Link DIR-600M - Authentication Bypass (Metasploit)
WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery
TortoiseSVN 1.12.1 - Remote Code Execution
ManageEngine opManager 12.3.150 - Authenticated Code Execution
 2019-08-15 05:02:48 +00:00
Offensive Security
a32e028b88 DB: 2019-08-13 
17 changes to exploits/shellcodes

VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
Linux - Use-After-Free Reads in show_numa_stats()
WebKit - UXSS via XSLT and Nested Document Replacements

Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Formula Injection
osTicket 1.12 - Persistent Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection

Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)

Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)

Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
 2019-08-13 05:02:31 +00:00
Offensive Security
fe9103a0fb DB: 2019-08-07 
2 changes to exploits/shellcodes

Tor Browser < 0.3.2.10 - Use After Free (PoC)
 2019-08-07 05:02:36 +00:00
Offensive Security
00f5094d48 DB: 2019-07-31 
8 changes to exploits/shellcodes

macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects

WP Database Backup < 5.2 - Remote Code Execution (Metasploit)
WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit)
Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)

Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
 2019-07-31 05:02:25 +00:00
Offensive Security
6f49190671 DB: 2019-07-27 
19 changes to exploits/shellcodes

pdfresurrect 0.15 - Buffer Overflow

Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (1)
Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)
Linux Kernel 4.8.0-34 < 4.8.0-45  (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
VMware Workstation/Player < 12.5.5 - Local Privilege Escalation
S-nail < 14.8.16 - Local Privilege Escalation
Deepin Linux 15 - 'lastore-daemon' Local Privilege Escalation
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2)
ASAN/SUID - Local Privilege Escalation
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation

Ovidentia 8.4.3 - SQL Injection
Moodle Filepicker 3.5.2 - Server Side Request Forgery
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
 2019-07-27 05:02:19 +00:00
Offensive Security
a8a07cdedf DB: 2019-07-23 
4 changes to exploits/shellcodes

BACnet Stack 0.8.6 - Denial of Service

Docker - Container Escape

Comtrend-AR-5310 - Restricted Shell Escape

Axway SecureTransport 5 - Unauthenticated XML Injection
 2019-07-23 05:02:15 +00:00
Offensive Security
7ec7ea72de DB: 2019-07-20 
10 changes to exploits/shellcodes

MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter)
fuelCMS 1.4.1 - Remote Code Execution
Web Ofisi E-Ticaret 3 - 'a' SQL Injection
Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection
Web Ofisi Emlak 2 - 'ara' SQL Injection
Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection
Web Ofisi Firma Rehberi 1 - 'il' SQL Injection
Web Ofisi Rent a Car 3 - 'klima' SQL Injection
Web Ofisi Firma 13 - 'oz' SQL Injection
REDCap < 9.1.2 - Cross-Site Scripting
 2019-07-20 05:02:15 +00:00
Offensive Security
c4cf663c5d DB: 2019-07-19 
2 changes to exploits/shellcodes

Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation

WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting
 2019-07-19 05:02:11 +00:00
Offensive Security
40febc17ca DB: 2019-07-18 
5 changes to exploits/shellcodes

WinMPG iPod Convert 3.0 - 'Register' Denial of Service
Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME
Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting
 2019-07-18 05:02:15 +00:00
Offensive Security
2935a5c0af DB: 2019-07-17 
10 changes to exploits/shellcodes

Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH)
Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)

PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
CentOS Control Web Panel 0.9.8.836 - Privilege Escalation
CentOS Control Web Panel 0.9.8.838 - User Enumeration
 2019-07-17 05:02:03 +00:00
Offensive Security
894b9e59aa DB: 2019-07-10 
3 changes to exploits/shellcodes

Firefox 67.0.4 - Denial of Service

Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)

Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)

WordPress Plugin Like Button 1.6.0 - Authentication Bypass
 2019-07-10 05:02:07 +00:00
Offensive Security
3f8a751f28 DB: 2019-07-07 
1 changes to exploits/shellcodes
 2019-07-07 05:01:58 +00:00
Offensive Security
1a13989f12 DB: 2019-07-04 
5 changes to exploits/shellcodes

Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)

Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)

AZADMIN CMS 1.0 - SQL Injection
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection

Symantec DLP 15.5 MP1 - Cross-Site Scripting

Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-04 05:01:54 +00:00
Offensive Security
4afcc04eda DB: 2019-07-02 
24 changes to exploits/shellcodes

Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-02 05:01:50 +00:00
Offensive Security
ee2531c421 DB: 2019-06-27 
2 changes to exploits/shellcodes

Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion

Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
 2019-06-27 05:01:52 +00:00
Offensive Security
3ef90f18d0 DB: 2019-06-21 
6 changes to exploits/shellcodes

Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
Tuneclone 2.20 - Local SEH Buffer Overflow
Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)

Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)
WebERP 4.15 - SQL injection
BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection
 2019-06-21 05:01:58 +00:00
Offensive Security
745971e212 DB: 2019-06-19 
5 changes to exploits/shellcodes

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
Sahi pro 7.x/8.x - Directory Traversal
Sahi pro 8.x - SQL Injection
Sahi pro 8.x - Cross-Site Scripting

Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)
 2019-06-19 05:01:55 +00:00
Offensive Security
8cbfa5df7f DB: 2019-06-18 
13 changes to exploits/shellcodes

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
 2019-06-18 05:01:54 +00:00
Offensive Security
5e935da854 DB: 2019-06-15 
3 changes to exploits/shellcodes

CentOS 7.6 - 'ptrace_scope' Privilege Escalation
Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow
 2019-06-15 05:01:55 +00:00
Offensive Security
29aeb0c030 DB: 2019-06-12 
5 changes to exploits/shellcodes

ProShow 9.0.3797 - Local Privilege Escalation

Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)
WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
phpMyAdmin 4.8 - Cross-Site Request Forgery
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
 2019-06-12 05:01:53 +00:00
Offensive Security
51bf94ed48 DB: 2019-06-11 
5 changes to exploits/shellcodes

Ubuntu 18.04 - 'lxd' Privilege Escalation

UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting

Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)
 2019-06-11 05:01:53 +00:00
Offensive Security
85fbab2de4 DB: 2019-06-08 
5 changes to exploits/shellcodes

Nvidia GeForce Experience Web Helper - Command Injection
Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)

Exim 4.87 < 4.91 - (Local / Remote) Command Execution

Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
 2019-06-08 05:01:56 +00:00
Offensive Security
e76aee5eaf DB: 2019-06-06 
4 changes to exploits/shellcodes

Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
LibreNMS - addhost Command Injection (Metasploit)

Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
 2019-06-06 05:01:56 +00:00
Offensive Security
5a28a97130 DB: 2019-05-11 
12 changes to exploits/shellcodes

jetCast Server 2.0 - Denial of Service (PoC)
SpotIM 2.2 - Denial of Service (PoC)
SpotPaltalk 1.1.5 - Denial of Service (PoC)
ASPRunner.NET 10.1 - Denial of Service (PoC)
PHPRunner 10.1 - Denial of Service (PoC)
TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
dotCMS 5.1.1 - HTML Injection
RICOH SP 4510DN Printer - HTML Injection
RICOH SP 4520DN Printer - HTML Injection
CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection
 2019-05-11 05:02:00 +00:00
Offensive Security
5a4d21a1cf DB: 2019-05-09 
9 changes to exploits/shellcodes

jetAudio 8.1.7.20702 Basic - 'Enter URL' Denial of Service (PoC)

MiniFtp - 'parseconf_load_setting' Buffer Overflow
Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)
Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)
PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)
Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)

NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass

Linux/x86 - execve /bin/sh Shellcode (20 bytes)
 2019-05-09 05:02:02 +00:00
Offensive Security
2ae6cf2b7f DB: 2019-05-04 
9 changes to exploits/shellcodes

SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service

Windows PowerShell ISE - Remote Code Execution

Blue Angel Software Suite - Command Execution
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
Instagram Auto Follow - Authentication Bypass
Zotonic < 0.47.0 mod_admin - Cross-Site Scripting
Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper
Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes)
 2019-05-04 05:02:03 +00:00
Offensive Security
43c06dc5d4 DB: 2019-05-03 
2 changes to exploits/shellcodes

Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)
 2019-05-03 05:02:04 +00:00
Offensive Security
c0676d0ecf DB: 2019-05-01 
2 changes to exploits/shellcodes

CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting
 2019-05-01 12:01:09 +00:00
Offensive Security
f3c28b3d62 DB: 2019-05-01 
23 changes to exploits/shellcodes

SpotAuditor 3.6.7 - Denial of Service (PoC)
SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC)
SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)

DeviceViewer 3.12.0.1 - 'user' SEH Overflow
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow
Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit)
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)
Pimcore < 5.71 - Unserialize RCE (Metasploit)
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
HumHub 1.3.12 - Cross-Site Scripting
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
Domoticz 4.10577 - Unauthenticated Remote Command Execution
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
Hyvikk Fleet Manager - Shell Upload
Agent Tesla Botnet - Information Disclosure
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
 2019-05-01 05:02:01 +00:00
Offensive Security
be3b22b6f7 DB: 2019-04-27 
4 changes to exploits/shellcodes

NSauditor 3.1.2.0 - 'Community' Denial of Service (PoC)
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)
systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process

Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting
 2019-04-27 05:02:04 +00:00
Offensive Security
eed95d3393 DB: 2019-04-24 
4 changes to exploits/shellcodes

systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition
Linux - 'page->_refcount' Overflow via FUSE

Ross Video DashBoard 8.5.1 - Insecure Permissions
 2019-04-24 05:02:04 +00:00
Offensive Security
aaf10d8566 DB: 2019-04-20 
4 changes to exploits/shellcodes

SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)

Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit)
Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal
Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
 2019-04-20 05:01:59 +00:00
Offensive Security
fd2946662d DB: 2019-04-13 
7 changes to exploits/shellcodes

CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
Microsoft Internet Explorer 11 - XML External Entity Injection
Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)

Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)

ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)

Linux/x86 - Add User to Passwd File Shellcode (149 bytes)
 2019-04-13 05:02:03 +00:00
Offensive Security
23f668ca8d DB: 2019-04-09 
14 changes to exploits/shellcodes

FlexHEX 2.71 - SEH Buffer Overflow (Unicode)
AllPlayer 7.4 - SEH Buffer Overflow (Unicode)
River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow
Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow
Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation

QNAP Netatalk < 3.1.12 - Authentication Bypass
Jobgator - 'experience' SQL Injection
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
SaLICru -SLC-20-cube3(5) - HTML Injection
CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting
Tradebox CryptoCurrency - 'symbol' SQL Injection
WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
 2019-04-09 05:02:03 +00:00
Offensive Security
d68f18cb8e DB: 2019-03-30 
6 changes to exploits/shellcodes

Fat Free CRM 0.19.0 - HTML Injection

CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting
 2019-03-30 05:02:01 +00:00