exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	e4e566f5ff	DB: 2019-10-22 7 changes to exploits/shellcodes winrar 5.80 64bit - Denial of Service Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2) sudo 1.2.27 - Security Bypass sudo 1.8.27 - Security Bypass winrar 5.80 - XML External Entity Injection Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Solaris 11.4 - xscreensaver Privilege Escalation CyberArk Password Vault 10.6 - Authentication Bypass	2019-10-22 05:01:40 +00:00
Offensive Security	588067072a	DB: 2019-10-17 15 changes to exploits/shellcodes sudo 1.8.28 - Security Bypass sudo 1.2.27 - Security Bypass Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path X.Org X Server 1.20.4 - Local Stack Overflow LiteManager 4.5.0 - 'romservice' Unquoted Serive Path Solaris xscreensaver 11.4 - Privilege Escalation Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path Whatsapp 2.19.216 - Remote Code Execution Accounts Accounting 7.02 - Persistent Cross-Site Scripting CyberArk Password Vault 10.6 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)	2019-10-17 05:01:44 +00:00
Offensive Security	d1bcd4121d	DB: 2019-10-04 5 changes to exploits/shellcodes Mobatek MobaXterm 12.1 - Buffer Overflow (SEH) Mobatek MobaXterm 12.1 - Buffer Overflow (SEH) mintinstall 7.9.9 - Code Execution AnchorCMS < 0.12.3a - Information Disclosure	2019-10-04 05:01:47 +00:00
Offensive Security	c0ff0bbedd	DB: 2019-08-20 10 changes to exploits/shellcodes RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service Kimai 2 - Persistent Cross-Site Scripting FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit) FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Neo Billing 3.5 - Persistent Cross-Site Scripting Webmin 1.920 - Remote Code Execution YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes) Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes) Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)	2019-08-20 05:02:44 +00:00
Offensive Security	a8a07cdedf	DB: 2019-07-23 4 changes to exploits/shellcodes BACnet Stack 0.8.6 - Denial of Service Docker - Container Escape Comtrend-AR-5310 - Restricted Shell Escape Axway SecureTransport 5 - Unauthenticated XML Injection	2019-07-23 05:02:15 +00:00
Offensive Security	7ec7ea72de	DB: 2019-07-20 10 changes to exploits/shellcodes MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter) fuelCMS 1.4.1 - Remote Code Execution Web Ofisi E-Ticaret 3 - 'a' SQL Injection Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection Web Ofisi Emlak 2 - 'ara' SQL Injection Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection Web Ofisi Firma Rehberi 1 - 'il' SQL Injection Web Ofisi Rent a Car 3 - 'klima' SQL Injection Web Ofisi Firma 13 - 'oz' SQL Injection REDCap < 9.1.2 - Cross-Site Scripting	2019-07-20 05:02:15 +00:00
Offensive Security	c4cf663c5d	DB: 2019-07-19 2 changes to exploits/shellcodes Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting	2019-07-19 05:02:11 +00:00
Offensive Security	40febc17ca	DB: 2019-07-18 5 changes to exploits/shellcodes WinMPG iPod Convert 3.0 - 'Register' Denial of Service Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting	2019-07-18 05:02:15 +00:00
Offensive Security	2935a5c0af	DB: 2019-07-17 10 changes to exploits/shellcodes Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass) DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH) Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit) PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit) CentOS Control Web Panel 0.9.8.836 - Authentication Bypass CentOS Control Web Panel 0.9.8.836 - Privilege Escalation CentOS Control Web Panel 0.9.8.838 - User Enumeration	2019-07-17 05:02:03 +00:00
Offensive Security	1a13989f12	DB: 2019-07-04 5 changes to exploits/shellcodes Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit) Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit) AZADMIN CMS 1.0 - SQL Injection WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection Symantec DLP 15.5 MP1 - Cross-Site Scripting Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)	2019-07-04 05:01:54 +00:00
Offensive Security	4afcc04eda	DB: 2019-07-02 24 changes to exploits/shellcodes Linux Mint 18.3-19.1 - 'yelp' Command Injection FaceSentry Access Control System 6.4.8 - Remote SSH Root WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection PowerPanel Business Edition - Cross-Site Scripting ZoneMinder 1.32.3 - Cross-Site Scripting SAP Crystal Reports - Information Disclosure Sahi pro 8.x - Directory Traversal CyberPanel 1.8.4 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Command Injection FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Root Exploit Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes) Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes) Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes) Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes) Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes) Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes) Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)	2019-07-02 05:01:50 +00:00
Offensive Security	5a4d21a1cf	DB: 2019-05-09 9 changes to exploits/shellcodes jetAudio 8.1.7.20702 Basic - 'Enter URL' Denial of Service (PoC) MiniFtp - 'parseconf_load_setting' Buffer Overflow Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE) Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit) PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit) Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit) NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass Linux/x86 - execve /bin/sh Shellcode (20 bytes)	2019-05-09 05:02:02 +00:00
Offensive Security	c0676d0ecf	DB: 2019-05-01 2 changes to exploits/shellcodes CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting	2019-05-01 12:01:09 +00:00
Offensive Security	23f668ca8d	DB: 2019-04-09 14 changes to exploits/shellcodes FlexHEX 2.71 - SEH Buffer Overflow (Unicode) AllPlayer 7.4 - SEH Buffer Overflow (Unicode) River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation QNAP Netatalk < 3.1.12 - Authentication Bypass Jobgator - 'experience' SQL Injection Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities SaLICru -SLC-20-cube3(5) - HTML Injection CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting Tradebox CryptoCurrency - 'symbol' SQL Injection WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass ManageEngine ServiceDesk Plus 9.3 - User Enumeration	2019-04-09 05:02:03 +00:00
Offensive Security	d68f18cb8e	DB: 2019-03-30 6 changes to exploits/shellcodes Fat Free CRM 0.19.0 - HTML Injection CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting	2019-03-30 05:02:01 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	31edb35a91	DB: 2019-03-01 9 changes to exploits/shellcodes FTP Server 1.32 - Denial of Service WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service TransMac 12.3 - Denial of Service (PoC) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Joomla! Component J2Store < 3.3.7 - SQL Injection Usermin 1.750 - Remote Command Execution (Metasploit) Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)	2019-03-01 05:01:57 +00:00
Offensive Security	e2ed64fffa	DB: 2019-02-23 5 changes to exploits/shellcodes WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter Nuuo Central Management - Authenticated SQL Server SQL Injection (Metasploit) Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation Teracue ENC-400 - Command Injection / Missing Authentication	2019-02-23 05:01:55 +00:00
Offensive Security	1982f33252	DB: 2019-02-13 16 changes to exploits/shellcodes AirDroid 4.2.1.6 - Denial of Service River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH) Android - binder Use-After-Free via fdget() Optimization Android - binder Use-After-Free of VMA via race Between reclaim and munmap Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH) runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution Ubuntu snapd < 2.37.1 - Local Privilege Escalation IPFire 2.21 - Cross-Site Scripting MyBB Bans List 1.0 - Cross-Site Scripting IPFire 2.21 - Cross-Site Scripting MyBB Bans List 1.0 - Cross-Site Scripting Webiness Inventory 2.3 - 'email' SQL Injection OPNsense < 19.1.1 - Cross-Site Scripting Jenkins 2.150.2 - Remote Command Execution (Metasploit) BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution LayerBB 1.1.2 - Cross-Site Scripting	2019-02-13 05:01:49 +00:00
Offensive Security	d622832ea0	DB: 2019-02-12 21 changes to exploits/shellcodes KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (PoC) (SEH) Jzip - Buffer Overflow (Denial of Service) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC) STIMS Buffer 1.1.20 - Buffer Overflow (PoC) (SEH Overwrite) Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service) Zortam Mp3 Media Studio 20.15 - Overflow (PoC) (SEH) Netatalk 3.1.12 - Authentication Bypass (PoC) IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC) Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC) IP-Tools 2.50 - Local Buffer Overflow (PoC) Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite) FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC) FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite) Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC) Remote Process Explorer 1.0.0.16 - Buffer Overflow (PoC) (SEH Overwrite) AirDroid 4.2.1.6 - Denial of Service FutureDj Pro 1.7.2.0 - Denial of Service NordVPN 6.19.6 - Denial of Service (PoC) River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH) IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter) River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH) Evince - CBT File Command Injection (Metasploit) Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure Netatalk - Bypass Authentication Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit) NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit) Indusoft Web Studio 8.1 SP2 - Remote Code Execution Smoothwall Express 3.1-SP4 - Cross-Site Scripting Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset IPFire 2.21 - Cross-Site Scripting MyBB Bans List 1.0 - Cross-Site Scripting VA MAX 8.3.4 - Authenticated Remote Code Execution CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting Webiness Inventory 2.3 - 'email' SQL Injection	2019-02-12 05:01:49 +00:00
Offensive Security	9ef926e1a1	DB: 2019-01-24 12 changes to exploits/shellcodes Microsoft Windows CONTACT - HTML Injection / Remote Code Execution Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation Joomla! Component vBizz 1.0.7 - SQL Injection Joomla! Component vBizz 1.0.7 - Remote Code Execution Joomla! Component vWishlist 1.0.1 - SQL Injection Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection Joomla! Component vReview 1.9.11 - SQL Injection Joomla! Component vRestaurant 1.9.4 - SQL Injection Joomla! Component VMap 1.9.6 - SQL Injection Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection	2019-01-24 05:01:41 +00:00
Offensive Security	516678356d	DB: 2018-12-06 2 changes to exploits/shellcodes ImageMagick - Memory Leak Apache Superset 0.23 - Remote Code Execution Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting Apache Superset < 0.23 - Remote Code Execution WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting HasanMWB 1.0 - SQL Injection	2018-12-06 05:01:45 +00:00
Offensive Security	0a4925cc93	DB: 2018-12-04 10 changes to exploits/shellcodes Mozilla Firefox 63.0.1 - Denial of Service (PoC) Budabot 4.0 - Denial of Service (PoC) CyberArk 9.7 - Memory Disclosure Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Apache Superset 0.23 - Remote Code Execution Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting	2018-12-04 05:01:48 +00:00
Offensive Security	1d25aee539	DB: 2018-11-15 15 changes to exploits/shellcodes AMPPS 2.7 - Denial of Service (PoC) Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC) ntpd 4.2.8p10 - Out-of-Bounds Read (PoC) SwitchVPN for macOS 2.1012.03 - Privilege Escalation Atlassian Jira - Authenticated Upload Code Execution (Metasploit) iServiceOnline 1.0 - 'r' SQL Injection Helpdezk 1.1.1 - 'query' SQL Injection Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password) EdTv 2 - 'id' SQL Injection Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities Advanced Comment System 1.0 - SQL Injection Rmedia SMS 1.0 - SQL Injection Pedidos 1.0 - SQL Injection Electricks eCommerce 1.0 - Persistent Cross-Site Scripting DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload	2018-11-15 05:01:40 +00:00
Offensive Security	3a6748b9d9	DB: 2018-11-13 15 changes to exploits/shellcodes HeidiSQL 9.5.0.5196 - Denial of Service (PoC) CuteFTP 9.3.0.3 - Denial of Service (PoC) Mongoose Web Server 6.9 - Denial of Service (PoC) Data Center Audit 2.6.2 - 'username' SQL Injection TufinOS 2.17 Build 1193 - XML External Entity Injection Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal Paroiciel 11.20 - 'tRecIdListe' SQL Injection TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure) The Don 1.0.1 - 'login' SQL Injection Facturation System 1.0 - 'modid' SQL Injection Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin) GPS Tracking System 2.12 - 'username' SQL Injection ServerZilla 1.0 - 'email' SQL Injection D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery Nominas 0.27 - 'username' SQL Injection	2018-11-13 05:01:42 +00:00
Offensive Security	b311000a22	DB: 2018-10-09 16 changes to exploits/shellcodes net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC) net-snmp 5.7.3 - Authenticated Denial of Service (PoC) Linux - Kernel Pointer Leak via BPF Android - sdcardfs Changes current->fs Without Proper Locking 360 3.5.0.1033 - Sandbox Escape Git Submodule - Arbitrary Code Execution Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit) Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit) Cisco Prime Infrastructure - Unauthenticated Remote Code Execution Unitrends UEB - HTTP API Remote Code Execution (Metasploit) Navigate CMS - Unauthenticated Remote Code Execution (Metasploit) FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Imperva SecureSphere 13 - Remote Command Execution Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)	2018-10-09 05:01:44 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	c7cec74ceb	DB: 2018-09-20 6 changes to exploits/shellcodes Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion WordPress Plugin Localize My Post 1.0 - Local File Inclusion LG SuperSign EZ CMS 2.5 - Local File Inclusion	2018-09-20 05:01:45 +00:00
Offensive Security	c1b7aa12fc	DB: 2018-09-15 10 changes to exploits/shellcodes CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC) InfraRecorder 0.53 - '.txt' Denial of Service (PoC) Faleemi Plus 1.0.2 - Denial of Service (PoC) Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH) Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit) Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes) Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes) Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes) Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)	2018-09-15 05:01:52 +00:00
Offensive Security	b42759b8b8	DB: 2018-09-13 15 changes to exploits/shellcodes jiNa OCR Image to Text 1.0 - Denial of Service (PoC) PixGPS 1.1.8 - Denial of Service (PoC) RoboImport 1.2.0.72 - Denial of Service (PoC) PicaJet FX 2.6.5 - Denial of Service (PoC) iCash 7.6.5 - Denial of Service (PoC) PDF Explorer 1.5.66.2 - Denial of Service (PoC) Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC) Apple macOS 10.13.4 - Denial of Service (PoC) CirCarLife SCADA 4.3.0 - Credential Disclosure Rubedo CMS 3.4.0 - Directory Traversal SynaMan 4.0 build 1488 - Authenticated Cross-Site Scripting (XSS) SynaMan 4.0 build 1488 - SMTP Credential Disclosure IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection MyBB 1.8.17 - Cross-Site Scripting LG Smart IP Camera 1508190 - Backup File Download	2018-09-13 05:01:52 +00:00
Offensive Security	87053f010c	DB: 2018-09-11 12 changes to exploits/shellcodes SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH) Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH) Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH) Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH) Any Sound Recorder 2.93 - Denial of Service (PoC) Zenmap (Nmap) 7.70 - Denial of Service (PoC) Ghostscript - Failed Restore Command Execution (Metasploit) VirtualBox 5.2.6.r120293 - VM Escape Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit) RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities RPi Cam Control < 6.3.14 - Multiple Vulnerabilities LW-N605R 12.20.2.1486 - Remote Code Execution RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution	2018-09-11 05:01:54 +00:00
Offensive Security	8379495e8e	DB: 2018-09-07 10 changes to exploits/shellcodes Cisco Umbrella Roaming Client 2.0.168 - Privilege Escalation FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure) Tenda ADSL Router D152 - Cross-Site Scripting Jorani Leave Management 0.6.5 - Cross-Site Scripting Jorani Leave Management 0.6.5 - 'startdate' SQL Injection Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure) WirelessHART Fieldgate SWG70 3.0 - Directory Traversal Online Quiz Maker 1.0 - 'catid' SQL Injection Logicspice FAQ Script 2.9.7 - Remote Code Execution PHP File Browser Script 1 - Directory Traversal Online Quiz Maker 1.0 - 'catid' SQL Injection D-Link Dir-600M N150 - Cross-Site Scripting Logicspice FAQ Script 2.9.7 - Remote Code Execution PHP File Browser Script 1 - Directory Traversal	2018-09-07 05:01:55 +00:00
Offensive Security	16744756bc	DB: 2018-08-18 10 changes to exploits/shellcodes TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC) CEWE Photoshow 6.3.4 - Denial of Service (PoC) Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl Microsoft Edge Chakra JIT - Scope Parsing Type Confusion Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion OpenSSH 2.3 < 7.4 - Username Enumeration (PoC) Mikrotik WinBox 6.42 - Credential Disclosure (golang) Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit) Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection ADM 3.1.2RHG1 - Remote Code Execution	2018-08-18 05:01:47 +00:00
Offensive Security	0424dfc05b	DB: 2018-08-17 8 changes to exploits/shellcodes TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC) ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC) Central Management Software 1.4.13 - Denial of Service (PoC) WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC) OpenEMR 5.0.1.3 - Arbitrary File Actions Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery	2018-08-17 05:02:00 +00:00
Offensive Security	e0f6cc4569	DB: 2018-08-15 4 changes to exploits/shellcodes Wansview 1.0.2 - Denial of Service (PoC) Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit) cgit 1.2.1 - Directory Traversal (Metasploit) Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)	2018-08-15 05:01:45 +00:00
Offensive Security	1d21694058	DB: 2018-08-10 13 changes to exploits/shellcodes reSIProcate 1.10.2 - Heap Overflow CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass) AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH) Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit) Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page) Responsive Filemanager 9.13.1 - Server-Side Request Forgery Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Sitecore.Net 8.1 - Directory Traversal Monstra 3.0.4 - Cross-Site Scripting TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot) TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)	2018-08-10 05:01:46 +00:00
Offensive Security	9d8170fd85	DB: 2018-08-09 9 changes to exploits/shellcodes TP-Link Wireless N Router WR840N - Denial of Service (PoC) Splinterware System Scheduler Pro 5.12 - Privilege Escalation iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow iSmartViewPro 1.5 - 'Account' Buffer Overflow OpenEMR < 5.0.1 - Remote Code Execution Kirby CMS 2.5.12 - Cross-Site Scripting osTicket 1.10.1 - Arbitrary File Upload LG-Ericsson iPECS NMS 30M - Directory Traversal LAMS < 3.1 - Cross-Site Scripting onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) Monstra 3.0.4 - Cross-Site Scripting LAMS < 3.1 - Cross-Site Scripting onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) Monstra 3.0.4 - Cross-Site Scripting	2018-08-09 05:01:53 +00:00
Offensive Security	903bf974eb	DB: 2018-08-02 10 changes to exploits/shellcodes ipPulse 1.92 - 'Licence Key' Denial of Service (PoC) Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC) WebRTC - VP8 Block Decoding Use-After-Free WebRTC - FEC Processing Overflow WebRTC - H264 NAL Packet Processing Type Confusion Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH) Axis Network Camera - .srv to parhand RCE (Metasploit) SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit) Synology DiskStation Manager 4.1 - Directory Traversal Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)	2018-08-02 05:02:43 +00:00
Offensive Security	b02440845e	DB: 2018-07-31 5 changes to exploits/shellcodes fusermount - user_allow_other Restriction Bypass and SELinux Label Control ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC) Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC) Charles Proxy 4.2 - Local Privilege Escalation H2 Database 1.4.197 - Information Disclosure	2018-07-31 05:01:47 +00:00
Offensive Security	582d8f748e	DB: 2018-07-28 6 changes to exploits/shellcodes QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC) NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC) Skia - Heap Overflow in SkScan::FillPath due to Precision Error WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit) Wordpress Background Takeover < 4.1.4 - Directory Traversal WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion WordPress Form Maker Plugin 1.12.24 - SQL Injection WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection WordPress Plugin Form Maker 1.12.24 - SQL Injection WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass) Online Trade 1 - Information Disclosure SoftNAS Cloud < 4.0.3 - OS Command Injection	2018-07-28 05:01:47 +00:00
Offensive Security	e76244b41a	DB: 2018-07-13 8 changes to exploits/shellcodes Adobe Flash Player 10.0.22 and AIR - 'intf_count' Integer Overflow Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions VLC media player 2.2.8 - Arbitrary Code Execution (PoC) Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation 212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities 212Cafe Board 0.08 Beta / 6.30 Beta - Multiple Cross-Site Scripting Vulnerabilities 123 Flash Chat - Multiple Vulnerabilities 123 Flash Chat 7.8 - Multiple Vulnerabilities Dicoogle PACS 2.5.0 - Directory Traversal	2018-07-13 05:02:00 +00:00
Offensive Security	52954b4751	DB: 2018-07-12 5 changes to exploits/shellcodes Nibbleblog - Arbitrary File Upload (Metasploit) Nibbleblog 4.0.3 - Arbitrary File Upload (Metasploit) IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit) Nibbleblog - Multiple SQL Injections Nibbleblog 3 - Multiple SQL Injections Instagram-Clone Script 2.0 - Cross-Site Scripting Dicoogle PACS 2.5.0 - Directory Traversal	2018-07-12 05:01:59 +00:00
Offensive Security	02fa7c70d3	DB: 2018-07-11 9 changes to exploits/shellcodes HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit) HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit) OpenSSH < 6.6 SFTP (x64) - Command Execution OpenSSH < 6.6 SFTP - Command Execution ModSecurity 3.0.0 - Cross-Site Scripting Gitea 1.4.0 - Remote Code Execution WolfSight CMS 3.2 - SQL Injection Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution Elektronischer Leitz-Ordner 10 - SQL Injection D-Link DIR601 2.02 - Credential Disclosure	2018-07-11 05:01:52 +00:00
Offensive Security	6a98e55e9d	DB: 2018-07-04 4 changes to exploits/shellcodes openslp 2.0.0 - Double-Free Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (Metasploit) FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit) FTPShell Client 6.70 (Enterprise Edition) - Stack Buffer Overflow (Metasploit) ModSecurity 3.0.0 - Cross-Site Scripting ntop-ng < 3.4.180617 - Authentication Bypass	2018-07-04 05:01:48 +00:00
Offensive Security	641d6cca75	DB: 2018-06-28 3 changes to exploits/shellcodes WinEggDropShell 1.7 - Unauthenticated Multiple Remote Stack Overflows (PoC) WinEggDropShell 1.7 - Multiple Remote Stack Overflows (PoC) FileCOPA FTP Server 1.01 - 'USER' Unauthenticated Remote Denial of Service FileCOPA FTP Server 1.01 - 'USER' Remote Denial of Service Asterisk 1.2.15/1.4.0 - Unauthenticated Remote Denial of Service Asterisk 1.2.15/1.4.0 - Remote Denial of Service Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC) Mercury/32 Mail SMTPD - Remote Stack Overrun (PoC) Hexamail Server 3.0.0.001 - 'pop3' Unauthenticated Remote Overflow (PoC) Hexamail Server 3.0.0.001 - 'pop3' Remote Overflow (PoC) Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Airsensor M520 - HTTPd Remote Denial of Service / Buffer Overflow (PoC) McAfee E-Business Server 8.5.2 - Unauthenticated Remote Code Execution / Denial of Service (PoC) McAfee E-Business Server 8.5.2 - Remote Code Execution / Denial of Service (PoC) freeSSHd 1.2.1 - Authenticated Remote Stack Overflow (PoC) freeSSHd 1.2.1 - (Authenticated) Remote Stack Overflow (PoC) vsftpd 2.0.5 - 'CWD' Authenticated Remote Memory Consumption vsftpd 2.0.5 - 'CWD' (Authenticated) Remote Memory Consumption Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC) Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC) Oracle Internet Directory 10.1.4 - Unauthenticated Remote Denial of Service Oracle Internet Directory 10.1.4 - Remote Denial of Service RhinoSoft Serv-U FTP Server 7.3 - Authenticated 'stou con:1' Denial of Service RhinoSoft Serv-U FTP Server 7.3 - (Authenticated) 'stou con:1' Denial of Service Noticeware E-mail Server 5.1.2.2 - 'POP3' Unauthenticated Denial of Service Noticeware E-mail Server 5.1.2.2 - 'POP3' Denial of Service freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow (PoC) Addonics NAS Adapter - Authenticated Denial of Service Addonics NAS Adapter - (Authenticated) Denial of Service RhinoSoft Serv-U FTP Server 7.4.0.1 - 'SMNT' Authenticated Denial of Service RhinoSoft Serv-U FTP Server 7.4.0.1 - 'SMNT' (Authenticated) Denial of Service XRDP 0.4.1 - Unauthenticated Remote Buffer Overflow (PoC) XRDP 0.4.1 - Remote Buffer Overflow (PoC) Addonics NAS Adapter - 'bts.cgi' Authenticated Remote Denial of Service Addonics NAS Adapter - 'bts.cgi' (Authenticated) Remote Denial of Service MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String (PoC) MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC) FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service Cerberus FTP server 3.0.6 - Unauthenticated Denial of Service Cerberus FTP server 3.0.6 - Denial of Service FtpXQ 3.0 - Authenticated Remote Denial of Service FtpXQ 3.0 - (Authenticated) Remote Denial of Service httpdx 1.5.2 - Unauthenticated Remote Denial of Service (PoC) httpdx 1.5.2 - Remote Denial of Service (PoC) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Crash (PoC) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Crash (PoC) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (SEH) (PoC) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (PoC) EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (SEH) (PoC) EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (PoC) httpdx 1.5.3b - Multiple Unauthenticated Remote Denial of Service Vulnerabilities (PoC) Kerio MailServer 6.2.2 - Unauthenticated Remote Denial of Service (PoC) httpdx 1.5.3b - Multiple Remote Denial of Service Vulnerabilities (PoC) Kerio MailServer 6.2.2 - Remote Denial of Service (PoC) eDisplay Personal FTP Server 1.0.0 - Unauthenticated Denial of Service (PoC) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Crashs (SEH) (PoC) eDisplay Personal FTP Server 1.0.0 - Denial of Service (PoC) eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Crashs (SEH) (PoC) IncrediMail 2.0 - ActiveX (Authenticate) Buffer Overflow (PoC) IncrediMail 2.0 - ActiveX (Authenticated) Buffer Overflow (PoC) (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Unauthenticated Denial of Service (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Denial of Service Microsoft Windows Server 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow Microsoft Windows Server 2003 - AD BROWSER ELECTION Remote Heap Overflow IPComp - encapsulation Unauthenticated Kernel Memory Corruption IPComp - encapsulation Kernel Memory Corruption Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit) Wyse - Machine Remote Power Off (Denial of Service) (Metasploit) WFTPD 2.4.1RC11 - Unauthenticated MLST Command Remote Denial of Service WFTPD 2.4.1RC11 - MLST Command Remote Denial of Service RobotFTP Server 1.0/2.0 - Unauthenticated Remote Command Denial of Service RobotFTP Server 1.0/2.0 - Remote Command Denial of Service Alt-N MDaemon 2-8 - IMAP Unauthenticated Remote Buffer Overflow Alt-N MDaemon 2-8 - IMAP Remote Buffer Overflow Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Unauthenticated Remote Reboot (Denial of Service) Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Remote Reboot (Denial of Service) Microsoft Windows - Unauthenticated SMB Remote Code Execution Scanner (MS17-010) (Metasploit) Microsoft Windows - SMB Remote Code Execution Scanner (MS17-010) (Metasploit) OpenVPN 2.4.0 - Unauthenticated Denial of Service OpenVPN 2.4.0 - Denial of Service NetAccess IP3 - Authenticated Ping Option Command Injection NetAccess IP3 - (Authenticated) Ping Option Command Injection Cobalt Linux 6.0 - RaQ Authenticate Privilege Escalation Cobalt Linux 6.0 - RaQ (Authenticated) Privilege Escalation Hosting Controller 0.6.1 - Unauthenticated User Registration (1) Hosting Controller 0.6.1 - User Registration (1) Hosting Controller 0.6.1 - Unauthenticated User Registration (2) Hosting Controller 0.6.1 - User Registration (2) HP-UX FTP Server - Unauthenticated Directory Listing (Metasploit) HP-UX FTP Server - Directory Listing (Metasploit) IBM Lotus Domino Server 6.5 - Unauthenticated Remote Overflow IBM Lotus Domino Server 6.5 - Remote Overflow Frontbase 4.2.7 - Authenticated Remote Buffer Overflow (2.2) Frontbase 4.2.7 - (Authenticated) Remote Buffer Overflow (2.2) IBM Tivoli Provisioning Manager - Unauthenticated Remote Overflow (Egghunter) IBM Tivoli Provisioning Manager - Remote Overflow (Egghunter) Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Remote Overflow SIDVault LDAP Server - Unauthenticated Remote Buffer Overflow Mercury/32 Mail Server 3.32 < 4.51 - SMTP Unauthenticated EIP Overwrite SIDVault LDAP Server - Remote Buffer Overflow Mercury/32 Mail Server 3.32 < 4.51 - SMTP EIP Overwrite Mercury/32 4.52 IMAPD - 'SEARCH' Authenticated Overflow Mercury/32 4.52 IMAPD - 'SEARCH' (Authenticated) Overflow SAP MaxDB 7.6.03.07 - Unauthenticated Remote Command Execution SAP MaxDB 7.6.03.07 - Remote Command Execution MailEnable Professional/Enterprise 3.13 - 'Fetch' Authenticated Remote Buffer Overflow MailEnable Professional/Enterprise 3.13 - 'Fetch' (Authenticated) Remote Buffer Overflow NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal NetWin Surgemail 3.8k4-4 - IMAP (Authenticated) Remote LIST Universal HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Unauthenticated Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH) BigAnt Server 2.2 - Unauthenticated Remote Overflow (SEH) BigAnt Server 2.2 - Remote Overflow (SEH) freeSSHd 1.2.1 - Authenticated Remote Overflow (SEH) freeSSHd 1.2.1 - (Authenticated) Remote Overflow (SEH) Debian OpenSSH - Authenticated Remote SELinux Privilege Escalation Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation Serv-U FTP Server 7.3 - Authenticated Remote FTP File Replacement Serv-U FTP Server 7.3 - (Authenticated) Remote FTP File Replacement WinFTP Server 2.3.0 - 'LIST' Authenticated Remote Buffer Overflow WinFTP Server 2.3.0 - 'LIST' (Authenticated) Remote Buffer Overflow Telnet-Ftp Service Server 1.x - Multiple Authenticated Vulnerabilities Femitter FTP Server 1.x - Multiple Authenticated Vulnerabilities Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities cPanel - Authenticated 'lastvisit.html Domain' Arbitrary File Disclosure cPanel - (Authenticated) 'lastvisit.html Domain' Arbitrary File Disclosure Adobe JRun 4 - 'logfile' Authenticated Directory Traversal Adobe JRun 4 - 'logfile' (Authenticated) Directory Traversal HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Unauthenticated Remote Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Remote Buffer Overflow Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Overflow (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Remote Overflow EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (1) EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (1) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Buffer Overflow (Metasploit) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Buffer Overflow (Metasploit) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (1) eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Stack Buffer Overflows (1) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (2) eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Stack Buffer Overflows (2) EasyFTP Server 1.7.0.2 - 'MKD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.2 - 'MKD' (Authenticated) Remote Buffer Overflow Iomega Home Media Network Hard Drive 2.038 < 2.061 - Unauthenticated File-system Access Iomega Home Media Network Hard Drive 2.038 < 2.061 - File-system Access ProSSHD 1.2 - Authenticated Remote (ASLR + DEP Bypass) ProSSHD 1.2 - (Authenticated) Remote (ASLR + DEP Bypass) Tiki Wiki 15.1 - Unauthenticated File Upload (Metasploit) Tiki Wiki 15.1 - File Upload (Metasploit) EasyFTP Server 1.7.0.11 - 'MKD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'CWD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'MKD' (Authenticated) Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'CWD' (Authenticated) Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow (Metasploit) UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflows EasyFTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflows Home FTP Server 1.11.1.149 - Authenticated Directory Traversal Home FTP Server 1.11.1.149 - (Authenticated) Directory Traversal Linksys WAP610N - Unauthenticated Root Access Security Linksys WAP610N - Root Access Security ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Authenticated Remote Buffer Overflow ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow Axis2 - Authenticated Code Execution (via REST) (Metasploit) Axis2 - (Authenticated) Code Execution (via REST) (Metasploit) Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP) (Metasploit) Axis2 / SAP BusinessObjects - (Authenticated) Code Execution (via SOAP) (Metasploit) Apache Tomcat Manager - Application Deployer Authenticated Code Execution (Metasploit) Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit) Microsoft Windows - Authenticated User Code Execution (Metasploit) Microsoft Windows - (Authenticated) User Code Execution (Metasploit) Novell NetMail 3.52d - IMAP Authenticate Buffer Overflow (Metasploit) Novell NetMail 3.52d - IMAP (Authenticated) Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Unauthenticated Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Stack Buffer Overflow (Metasploit) Squid - NTLM Authenticate Overflow (Metasploit) Squid - NTLM (Authenticated) Overflow (Metasploit) ManageEngine Applications Manager - Authenticated Code Execution (Metasploit) ManageEngine Applications Manager - (Authenticated) Code Execution (Metasploit) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (2) EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (2) ActFax Server FTP - Authenticated Remote Buffer Overflow ActFax Server FTP - (Authenticated) Remote Buffer Overflow Blue Coat Reporter - Unauthenticated Directory Traversal Blue Coat Reporter - Directory Traversal Avaya WinPDM UniteHostRouter 3.8.2 - Remote Unauthenticated Command Execution Avaya WinPDM UniteHostRouter 3.8.2 - Remote Command Execution Sysax Multi Server 5.53 - SFTP Authenticated (SEH) Sysax 5.53 - SSH 'Username' Remote Buffer Overflow Unauthenticated Remote Code Execution (Egghunter) Sysax Multi Server 5.53 - SFTP (Authenticated) (SEH) Sysax 5.53 - SSH 'Username' Remote Buffer Overflow Remote Code Execution (Egghunter) MailMax 4.6 - POP3 'USER' Unauthenticated Remote Buffer Overflow MailMax 4.6 - POP3 'USER' Remote Buffer Overflow Webmin 0.9x / Usermin 0.9x/1.0 - Unauthenticated Access Session ID Spoofing Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing MySQL - Unauthenticated Remote User Enumeration MySQL - Remote User Enumeration DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (1) DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (2) DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (3) DameWare Mini Remote Control Server 3.7x - Buffer Overflow (1) DameWare Mini Remote Control Server 3.7x - Buffer Overflow (2) DameWare Mini Remote Control Server 3.7x - Buffer Overflow (3) NetWin SurgeFTP - Authenticated Admin Command Injection (Metasploit) NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit) Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution Firebird 1.0 - Unauthenticated Remote Database Name Buffer Overrun Firebird 1.0 - Remote Database Name Buffer Overrun Novell NCP - Unauthenticated Remote Command Execution Novell NCP - Remote Command Execution Kordil EDms 2.2.60rc3 - Unauthenticated Arbitrary File Upload (Metasploit) Kordil EDms 2.2.60rc3 - Arbitrary File Upload (Metasploit) SAP ConfigServlet - Unauthenticated Remote Payload Execution (Metasploit) SAP ConfigServlet - Remote Payload Execution (Metasploit) phpMyAdmin - 'preg_replace' Authenticated Remote Code Execution (Metasploit) phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution (Metasploit) D-Link Devices - 'command.php' Unauthenticated Remote Command Execution (Metasploit) D-Link Devices - 'command.php' Remote Command Execution (Metasploit) D-Link Devices - 'tools_vct.xgi' Unauthenticated Remote Command Execution (Metasploit) D-Link Devices - 'tools_vct.xgi' Remote Command Execution (Metasploit) MikroTik RouterOS - sshd (ROSSSH) Unauthenticated Remote Heap Corruption MikroTik RouterOS - sshd (ROSSSH) Remote Heap Corruption Raidsonic NAS Devices - Unauthenticated Remote Command Execution (Metasploit) Raidsonic NAS Devices - Remote Command Execution (Metasploit) vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit) vTiger CRM 5.3.0 5.4.0 - (Authenticated) Remote Code Execution (Metasploit) Zabbix - Authenticated Remote Command Execution (Metasploit) ISPConfig - Authenticated Arbitrary PHP Code Execution (Metasploit) Zabbix - (Authenticated) Remote Command Execution (Metasploit) ISPConfig - (Authenticated) Arbitrary PHP Code Execution (Metasploit) ProcessMaker Open Source - Authenticated PHP Code Execution (Metasploit) ProcessMaker Open Source - (Authenticated) PHP Code Execution (Metasploit) Linksys E-series - Unauthenticated Remote Code Execution Linksys E-series - Remote Code Execution Apache Tomcat Manager - Application Upload Authenticated Code Execution (Metasploit) Apache Tomcat Manager - Application Upload (Authenticated) Code Execution (Metasploit) Fritz!Box Webcm - Unauthenticated Command Injection (Metasploit) Fritz!Box Webcm - Command Injection (Metasploit) Sophos Web Protection Appliance Interface - Authenticated Arbitrary Command Execution (Metasploit) Sophos Web Protection Appliance Interface - (Authenticated) Arbitrary Command Execution (Metasploit) Vtiger - 'Install' Unauthenticated Remote Command Execution (Metasploit) Vtiger - 'Install' Remote Command Execution (Metasploit) Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root Remote Code Execution (Metasploit) Unitrends Enterprise Backup 7.3.0 - Root Remote Code Execution (Metasploit) Gitlist - Unauthenticated Remote Command Execution (Metasploit) WordPress Plugin MailPoet Newsletters 2.6.8 - 'wysija-newsletters' Unauthenticated Arbitrary File Upload (Metasploit) Gitlist - Remote Command Execution (Metasploit) WordPress Plugin MailPoet Newsletters 2.6.8 - 'wysija-newsletters' Arbitrary File Upload (Metasploit) D-Link Devices - Unauthenticated UPnP M-SEARCH Multicast Command Injection (Metasploit) D-Link Devices - UPnP M-SEARCH Multicast Command Injection (Metasploit) F5 Big-IP - Unauthenticated rsync Access F5 Big-IP - rsync Access Wing FTP Server - Authenticated Command Execution (Metasploit) Wing FTP Server - (Authenticated) Command Execution (Metasploit) Tincd - Authenticated Remote TCP Stack Buffer Overflow (Metasploit) Tincd - (Authenticated) Remote TCP Stack Buffer Overflow (Metasploit) Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Unauthenticated Remote Code Execution Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Remote Code Execution Shuttle Tech ADSL Modem/Router 915 WM - Unauthenticated Remote DNS Change Shuttle Tech ADSL Modem/Router 915 WM - Remote DNS Change ManageEngine (Multiple Products) - Authenticated Arbitrary File Upload (Metasploit) ManageEngine (Multiple Products) - (Authenticated) Arbitrary File Upload (Metasploit) D-Link DSL-2740R - Unauthenticated Remote DNS Change D-Link DSL-2740R - Remote DNS Change LG DVR LE6016D - Unauthenticated Remote Users/Passwords Disclosure LG DVR LE6016D - Remote Users/Passwords Disclosure Symantec Web Gateway 5 - 'restore.php' Authenticated Command Injection (Metasploit) Symantec Web Gateway 5 - 'restore.php' (Authenticated) Command Injection (Metasploit) Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit) Seagate Business NAS - Remote Command Execution (Metasploit) ElasticSearch - Unauthenticated Remote Code Execution ElasticSearch - Remote Code Execution Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution (Metasploit) Barracuda Firmware 5.0.0.012 - (Authenticated) Remote Command Execution (Metasploit) Konica Minolta FTP Utility 1.00 - Authenticated CWD Command Overflow (SEH) (Metasploit) Konica Minolta FTP Utility 1.00 - (Authenticated) CWD Command Overflow (SEH) (Metasploit) Zpanel - Unauthenticated Remote Code Execution (Metasploit) Zpanel - Remote Code Execution (Metasploit) SKIDATA Freemotion.Gate - Unauthenticated Web Services Multiple Command Execution Vulnerabilities SKIDATA Freemotion.Gate - Web Services Multiple Command Execution Vulnerabilities D-Link DCS-930L - Authenticated Remote Command Execution (Metasploit) D-Link DCS-930L - (Authenticated) Remote Command Execution (Metasploit) OpenSSH 7.2p1 - Authenticated xauth Command Injection OpenSSH 7.2p1 - (Authenticated) xauth Command Injection Novell ServiceDesk - Authenticated Arbitrary File Upload (Metasploit) Novell ServiceDesk - (Authenticated) Arbitrary File Upload (Metasploit) Bomgar Remote Support - Unauthenticated Code Execution (Metasploit) Bomgar Remote Support - Code Execution (Metasploit) Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) (3) Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution (Metasploit) Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) (3) Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit) AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution AsusWRT Router < 3.0.0.4.380.7743 - LAN Remote Code Execution NETGEAR JNR1010 ADSL Router - Authenticated Remote File Disclosure NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - Authenticated Remote File Disclosure NETGEAR JNR1010 ADSL Router - (Authenticated) Remote File Disclosure NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure D-Link DIR-Series Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) D-Link DIR-Series Routers - HNAP Login Stack Buffer Overflow (Metasploit) MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit) MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Command Execution (Metasploit) HPE iMC - dbman RestoreDBase Unauthenticated Remote Command Execution (Metasploit) HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit) HPE iMC - dbman 'RestoreDBase' Remote Command Execution (Metasploit) HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit) phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit) phpCollab 2.5.1 - File Upload (Metasploit) Supervisor 3.0a1 < 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit) Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit) NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit) NETGEAR WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit) Tenable Appliance < 4.5 - Unauthenticated Root Remote Code Execution Tenable Appliance < 4.5 - Root Remote Code Execution Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution Oracle GoldenGate 12.1.2.0.0 - Remote Code Execution Octopus Deploy - Authenticated Code Execution (Metasploit) Octopus Deploy - (Authenticated) Code Execution (Metasploit) Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution Logpoint < 5.6.4 - Root Remote Code Execution VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Unauthenticated Command Execution (Metasploit) VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Command Execution (Metasploit) UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Unauthenticated Root Remote Code Execution UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Root Remote Code Execution Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Unauthenticated Remote Code Execution (Metasploit) Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Remote Code Execution (Metasploit) Wireless IP Camera (P2P) WIFICAM - Unauthenticated Remote Code Execution Wireless IP Camera (P2P) WIFICAM - Remote Code Execution D-Link DIR-850L - Unauthenticated OS Command Execution (Metasploit) D-Link DIR-850L - OS Command Execution (Metasploit) pfSense - Authenticated Group Member Remote Command Execution (Metasploit) pfSense - (Authenticated) Group Member Remote Command Execution (Metasploit) AsusWRT LAN - Unauthenticated Remote Code Execution (Metasploit) AsusWRT LAN - Remote Code Execution (Metasploit) Tenda AC15 Router - Unauthenticated Remote Code Execution Tenda AC15 Router - Remote Code Execution Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution Unitrends UEB 10.0 - Root Remote Code Execution xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit) xdebug < 2.5.5 - OS Command Execution (Metasploit) PlaySMS - 'import.php' Authenticated CSV File Upload Code Execution (Metasploit) PlaySMS 1.4 - 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit) PlaySMS - 'import.php' (Authenticated) CSV File Upload Code Execution (Metasploit) PlaySMS 1.4 - 'sendfromfile.php?Filename' (Authenticated) 'Code Execution (Metasploit) Quest KACE Systems Management - Command Injection (Metasploit) Hosting Controller 0.6.1 - Unauthenticated User Registration (3) Hosting Controller 0.6.1 - User Registration (3) Hosting Controller 6.1 Hotfix 3.2 - Unauthenticated Access Hosting Controller 6.1 Hotfix 3.2 - Access e107 0.7.8 - 'mailout.php' Authenticated Access Escalation e107 0.7.8 - 'mailout.php' (Authenticated) Access Escalation Joomla! Component JPad 1.0 - Authenticated SQL Injection Joomla! Component JPad 1.0 - (Authenticated) SQL Injection AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload zFeeder 1.6 - 'admin.php' Unauthenticated Admin Bypass zFeeder 1.6 - 'admin.php' Admin Bypass Hannon Hill Cascade Server - Authenticated Command Execution Hannon Hill Cascade Server - (Authenticated) Command Execution Gravity Board X 2.0 Beta - SQL Injection / Authenticated Code Execution Gravity Board X 2.0 Beta - SQL Injection / (Authenticated) Code Execution Papoo CMS 3.7.3 - Authenticated Arbitrary Code Execution Papoo CMS 3.7.3 - (Authenticated) Arbitrary Code Execution HP Release Control - Authenticated XML External Entity (Metasploit) HP Release Control - (Authenticated) XML External Entity (Metasploit) 3Com* iMC (Intelligent Management Center) - Unauthenticated Traversal File Retrieval 3Com* iMC (Intelligent Management Center) - Traversal File Retrieval Apache Axis2 Administration Console - Authenticated Cross-Site Scripting Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting dotDefender 3.8-5 - Unauthenticated Remote Code Execution (via Cross-Site Scripting) dotDefender 3.8-5 - Remote Code Execution (via Cross-Site Scripting) Mitel AWC - Unauthenticated Command Execution Mitel AWC - Command Execution TYPO3 - Unauthenticated Arbitrary File Retrieval TYPO3 - Arbitrary File Retrieval vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion vTiger CRM 5.0.4 - Local File Inclusion N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code N_CMS 1.1E - Local File Inclusion / Remote Code IF-CMS 2.07 - Unauthenticated Local File Inclusion (1) IF-CMS 2.07 - Local File Inclusion (1) SQL-Ledger 2.8.33 - Authenticated Local File Inclusion / Edit SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit IF-CMS 2.07 - Unauthenticated Local File Inclusion (Metasploit) (2) IF-CMS 2.07 - Local File Inclusion (Metasploit) (2) Sun/Oracle GlassFish Server - Authenticated Code Execution (Metasploit) Sun/Oracle GlassFish Server - (Authenticated) Code Execution (Metasploit) TomatoCart 1.1 - Authenticated Local File Inclusion TomatoCart 1.1 - (Authenticated) Local File Inclusion ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Unauthenticated Directory Traversal ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal PHP Grade Book 1.9.4 - Unauthenticated SQL Database Export PHP Grade Book 1.9.4 - SQL Database Export Dolibarr ERP/CRM 3 - Authenticated OS Command Injection (Metasploit) Dolibarr ERP/CRM 3 - (Authenticated) OS Command Injection (Metasploit) WebCalendar 1.2.4 - Unauthenticated Remote Code Injection (Metasploit) WebCalendar 1.2.4 - Remote Code Injection (Metasploit) SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Authenticated SQL Injection SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / (Authenticated) SQL Injection PostNuke 0.6 - Unauthenticated User Login PostNuke 0.6 - User Login Trend Micro Control Manager 5.5/6.0 AdHocQuery - Authenticated Blind SQL Injection Trend Micro Control Manager 5.5/6.0 AdHocQuery - (Authenticated) Blind SQL Injection WordPress Theme Archin 3.2 - Unauthenticated Configuration Access WordPress Theme Archin 3.2 - Configuration Access Exper EWM-01 ADSL/MODEM - Unauthenticated DNS Change Exper EWM-01 ADSL/MODEM - DNS Change Geeklog 1.3.x - Authenticated SQL Injection Geeklog 1.3.x - (Authenticated) SQL Injection FirePass SSL VPN - Unauthenticated Local File Inclusion FirePass SSL VPN - Local File Inclusion vbPortal 2.0 alpha 8.1 - Authenticated SQL Injection vbPortal 2.0 alpha 8.1 - (Authenticated) SQL Injection IRIS Citations Management Tool - Authenticated Remote Command Execution IRIS Citations Management Tool - (Authenticated) Remote Command Execution BetaParticle blog 2.0/3.0 - 'upload.asp' Unauthenticated Arbitrary File Upload BetaParticle blog 2.0/3.0 - 'myFiles.asp' Unauthenticated File Manipulation BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload BetaParticle blog 2.0/3.0 - 'myFiles.asp' File Manipulation YeaLink IP Phone Firmware 9.70.0.100 - Unauthenticated Phone Call YeaLink IP Phone Firmware 9.70.0.100 - Phone Call HelpDeskZ 1.0.2 - Unauthenticated Arbitrary File Upload HelpDeskZ 1.0.2 - Arbitrary File Upload aoblogger 2.3 - 'create.php' Unauthenticated Entry Creation aoblogger 2.3 - 'create.php' Entry Creation WordPress Plugin Dexs PM System - Authenticated Persistent Cross-Site Scripting WordPress Plugin Dexs PM System - (Authenticated) Persistent Cross-Site Scripting ASUS DSL-X11 ADSL Router - Unauthenticated DNS Change ASUS DSL-X11 ADSL Router - DNS Change COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - DNS Change Tenda ADSL2/2+ Modem 963281TAN - Unauthenticated DNS Change Tenda ADSL2/2+ Modem 963281TAN - DNS Change PLANET VDR-300NU ADSL Router - Unauthenticated DNS Change PLANET VDR-300NU ADSL Router - DNS Change PIKATEL 96338WS_ 96338L-2M-8M - Unauthenticated DNS Change PIKATEL 96338WS_ 96338L-2M-8M - DNS Change Inteno EG101R1 VoIP Router - Unauthenticated DNS Change Inteno EG101R1 VoIP Router - DNS Change LifeSize UVC 1.2.6 - Authenticated Remote Code Execution LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Web Shell Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell EMC Cloud Tiering Appliance 10.0 - Unauthenticated XML External Entity Arbitrary File Read (Metasploit) EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read (Metasploit) Alienvault 4.5.0 - Authenticated SQL Injection (Metasploit) Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit) Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting Alienvault 4.3.1 - SQL Injection / Cross-Site Scripting Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit) Alienvault Open Source SIEM (OSSIM) 4.6.1 - (Authenticated) SQL Injection (Metasploit) FreePBX 13.0.x < 13.0.154 - Unauthenticated Remote Command Execution FreePBX 13.0.x < 13.0.154 - Remote Command Execution Lunar CMS 3.3 - Unauthenticated Remote Command Execution Lunar CMS 3.3 - Remote Command Execution ISPConfig 3.0.54p1 - Authenticated Admin Privilege Escalation ISPConfig 3.0.54p1 - (Authenticated) Admin Privilege Escalation Plogger 1.0-RC1 - Authenticated Arbitrary File Upload Plogger 1.0-RC1 - (Authenticated) Arbitrary File Upload ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution ActualAnalyzer Lite 2.81 - Command Execution WordPress Plugin Huge-IT Image Gallery 1.0.1 - Authenticated SQL Injection WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection WordPress Plugin Premium Gallery Manager - Unauthenticated Configuration Access WordPress Plugin Premium Gallery Manager - Configuration Access ZTE ZXDSL-931VII - Unauthenticated Configuration Dump ZTE ZXDSL-931VII - Configuration Dump IPFire - Cgi Web Interface Authenticated Bash Environment Variable Code Injection IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection SEO Control Panel 3.6.0 - Authenticated SQL Injection SEO Control Panel 3.6.0 - (Authenticated) SQL Injection Tapatalk for vBulletin 4.x - Unauthenticated Blind SQL Injection Subex Fms 7.4 - Unauthenticated SQL Injection Tapatalk for vBulletin 4.x - Blind SQL Injection Subex Fms 7.4 - SQL Injection WordPress Plugin wpDataTables 1.5.3 - Unauthenticated Arbitrary File Upload WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload WordPress Plugin WP Symposium 14.11 - Unauthenticated Arbitrary File Upload WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload PMB 4.1.3 - Authenticated SQL Injection PMB 4.1.3 - (Authenticated) SQL Injection D-Link DSL-2640B ADSL Router - 'ddnsmngr' Unauthenticated Remote DNS Change D-Link DSL-2640B ADSL Router - 'ddnsmngr' Remote DNS Change Seagate Business NAS 2014.00319 - Unauthenticated Remote Code Execution Seagate Business NAS 2014.00319 - Remote Code Execution WordPress Plugin Ultimate Product Catalogue - Unauthenticated SQL Injection (1) WordPress Plugin Ultimate Product Catalogue - Unauthenticated SQL Injection (2) WordPress Plugin Ultimate Product Catalogue - SQL Injection (1) WordPress Plugin Ultimate Product Catalogue - SQL Injection (2) WordPress Plugin Freshmail 1.5.8 - Unauthenticated SQL Injection WordPress Plugin Freshmail 1.5.8 - SQL Injection Broadlight Residential Gateway DI3124 - Unauthenticated Remote DNS Change Broadlight Residential Gateway DI3124 - Remote DNS Change D-Link DSL-2780B DLink_1.01.14 - Unauthenticated Remote DNS Change TP-Link TD-W8950ND ADSL2+ - Unauthenticated Remote DNS Change D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change TP-Link TD-W8950ND ADSL2+ - Remote DNS Change D-Link DSL-526B ADSL2+ AU_2.01 - Unauthenticated Remote DNS Change D-Link DSL-526B ADSL2+ AU_2.01 - Remote DNS Change phpCollab 2.5 - Unauthenticated Direct Request Multiple Protected Page Access phpCollab 2.5 - Direct Request Multiple Protected Page Access AirDroid - Unauthenticated Arbitrary File Upload AirDroid - Arbitrary File Upload D-Link DSL-2750u / DSL-2730u - Authenticated Local File Disclosure D-Link DSL-2750u / DSL-2730u - (Authenticated) Local File Disclosure Zenoss 3.2.1 - Authenticated Remote Command Execution Zenoss 3.2.1 - (Authenticated) Remote Command Execution WordPress Plugin Download Manager Free 2.7.94 & Pro 4 - Authenticated Persistent Cross-Site Scripting WordPress Plugin Download Manager Free 2.7.94 & Pro 4 - (Authenticated) Persistent Cross-Site Scripting Magento CE < 1.9.0.1 - Authenticated Remote Code Execution Magento CE < 1.9.0.1 - (Authenticated) Remote Code Execution BigTree CMS 4.2.3 - Authenticated SQL Injection BigTree CMS 4.2.3 - (Authenticated) SQL Injection vTiger CRM 6.3.0 - Authenticated Remote Code Execution vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution ZTE ZXHN H108N Router - Unauthenticated Configuration Disclosure ZTE ZXHN H108N Router - Configuration Disclosure vBulletin 5.1.x - Unauthenticated Remote Code Execution vBulletin 5.1.x - Remote Code Execution Jenkins 1.633 - Unauthenticated Credential Recovery Jenkins 1.633 - Credential Recovery MediaAccess TG788vn - Unauthenticated File Disclosure MediaAccess TG788vn - File Disclosure WhatsUp Gold 16.3 - Unauthenticated Remote Code Execution WhatsUp Gold 16.3 - Remote Code Execution WordPress Plugin Booking Calendar Contact Form 1.1.23 - Unauthenticated SQL Injection WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection Dell OpenManage Server Administrator 8.2 - Authenticated Directory Traversal Dell OpenManage Server Administrator 8.2 - (Authenticated) Directory Traversal Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Unauthenticated Remote Command Execution (Metasploit) Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Remote Command Execution (Metasploit) Observium 0.16.7533 - Authenticated Arbitrary Command Execution Observium 0.16.7533 - (Authenticated) Arbitrary Command Execution Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize / Arbitrary Write File Magento < 2.0.6 - Arbitrary Unserialize / Arbitrary Write File Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Unauthenticated Arbitrary File Upload Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Arbitrary File Upload CyberPower Systems PowerPanel 3.1.2 - Unauthenticated XML External Entity Out-Of-Band Data Retrieval CyberPower Systems PowerPanel 3.1.2 - XML External Entity Out-Of-Band Data Retrieval vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection AXIS (Multiple Products) - 'devtools ' Authenticated Remote Command Execution AXIS (Multiple Products) - 'devtools ' (Authenticated) Remote Command Execution PHP gettext 1.0.12 - 'gettext.php' Unauthenticated Code Execution PHP gettext 1.0.12 - 'gettext.php' Code Execution phpMyAdmin 4.6.2 - Authenticated Remote Code Execution phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution vBulletin 5.2.2 - Unauthenticated Server-Side Request Forgery vBulletin 5.2.2 - Server-Side Request Forgery MESSOA IP Cameras (Multiple Models) - Unauthenticated Password Change MESSOA IP Cameras (Multiple Models) - Password Change D-Link DSL-2640R - Unauthenticated DNS Change D-Link DSL-2640R - DNS Change GitStack 2.3.10 - Unauthenticated Remote Code Execution GitStack 2.3.10 - Remote Code Execution InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Command Execution InfraPower PPS-02-S Q213V1 - Remote Command Execution Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - (Authenticated) Arbitrary File Upload Pirelli DRG A115 ADSL Router - Unauthenticated DNS Change Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change Pirelli DRG A115 ADSL Router - DNS Change Tenda ADSL2/2+ Modem D840R - DNS Change Tenda ADSL2/2+ Modem D820R - Unauthenticated DNS Change Tenda ADSL2/2+ Modem D820R - DNS Change Pirelli DRG A115 v3 ADSL Router - Unauthenticated DNS Change Pirelli DRG A115 v3 ADSL Router - DNS Change HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python) WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby) WordPress 4.7.0/4.7.1 - Content Injection (Python) WordPress 4.7.0/4.7.1 - Content Injection (Ruby) vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion vBulletin 5 - 'routestring' Remote Code Execution vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion Cobbler 2.8.0 - Authenticated Remote Code Execution Cobbler 2.8.0 - (Authenticated) Remote Code Execution FiberHome AN5506 - Unauthenticated Remote DNS Change FiberHome AN5506 - Remote DNS Change GitStack - Unauthenticated Remote Code Execution Ametys CMS 4.0.2 - Unauthenticated Password Reset GitStack - Remote Code Execution Ametys CMS 4.0.2 - Password Reset Geneko Routers - Unauthenticated Path Traversal Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution Geneko Routers - Path Traversal Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Remote Code Execution WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - Unauthenticated File Upload (Metasploit) WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit) WordPress 4.6 - Unauthenticated Remote Code Execution WordPress 4.6 - Remote Code Execution TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Root Remote Code Execution TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution iBall Baton iB-WRA150N - Unauthenticated DNS Change iBall Baton iB-WRA150N - DNS Change UTstarcom WA3002G4 - Unauthenticated DNS Change D-Link DSL-2640U - Unauthenticated DNS Change Beetel BCM96338 Router - Unauthenticated DNS Change D-Link DSL-2640B ADSL Router - 'dnscfg' Unauthenticated Remote DNS Change UTstarcom WA3002G4 - DNS Change D-Link DSL-2640U - DNS Change Beetel BCM96338 Router - DNS Change D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution TP-Link WR940N - Authenticated Remote Code TP-Link WR940N - (Authenticated) Remote Code Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload Accesspress Anonymous Post Pro < 3.2.0 - Arbitrary File Upload ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit) ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit) Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit) Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit) Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC) Drupal < 7.58 - 'drupalgeddon3' (Authenticated) Remote Code Execution (PoC) HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting HRSALE The Ultimate HRM 1.0.2 - (Authenticated) Cross-Site Scripting Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution GitList 0.6 - Unauthenticated Remote Code Execution TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot GitList 0.6 - Remote Code Execution TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit) Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit) WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site Scripting WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - (Authenticated) Persistent Cross-Site Scripting JasperReports - Authenticated File Read JasperReports - (Authenticated) File Read Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion HPE VAN SDN 2.7.18.0503 - Remote Root	2018-06-28 05:01:45 +00:00
Offensive Security	d8206fb5eb	DB: 2018-06-26 13 changes to exploits/shellcodes KVM (Nested Virtualization) - L1 Guest Privilege Escalation DIGISOL DG-BR4000NG - Buffer Overflow (PoC) Foxit Reader 9.0.1.1049 - Remote Code Execution WordPress Plugin iThemes Security < 7.0.3 - SQL Injection phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1) phpMyAdmin 4.8.1 - Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2) WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Cross-Site Request Forgery (Add Admin) DIGISOL DG-BR4000NG - Cross-Site Scripting Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser) AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password) Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Arbitrary File Upload WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection	2018-06-26 05:01:46 +00:00
Offensive Security	ac267cb298	DB: 2018-06-21 11 changes to exploits/shellcodes Redis 5.0 - Denial of Service ntp 4.2.8p11 - Local Buffer Overflow (PoC) Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Mirasys DVMS Workstation 5.12.6 - Path Traversal MaDDash 2.0.2 - Directory Listing NewMark CMS 2.1 - 'sec_id' SQL Injection TP-Link TL-WA850RE - Remote Command Execution Apache CouchDB < 2.1.0 - Remote Code Execution IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit) VideoInsight WebClient 5 - SQL Injection	2018-06-21 05:01:44 +00:00
Offensive Security	086cfb2c76	DB: 2018-06-19 16 changes to exploits/shellcodes Nikto 2.1.6 - CSV Injection Pale Moon Browser < 27.9.3 - Use After Free (PoC) Audiograbber 1.83 - Local Buffer Overflow (SEH) Redis-cli < 5.0 - Buffer Overflow (PoC) Microsoft COM for Windows - Privilege Escalation Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass Canon MF210/MF220 - Authenticaton Bypass Canon LBP7110Cw - Authentication Bypass Canon LBP6030w - Authentication Bypass Joomla! Component jomres 9.11.2 - Cross-Site Request Forgery RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery Redatam Web Server < 7 - Directory Traversal	2018-06-19 05:01:47 +00:00
Offensive Security	0381c4c519	DB: 2018-06-09 11 changes to exploits/shellcodes Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service WebKit - WebAssembly Compilation Info Leak Google Chrome - Integer Overflow when Processing WebAssembly Locals WebKit - Use-After-Free when Resuming Generator WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass MantisBT XmlImportExport Plugin - PHP Code Injection (Metasploit) Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2) Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure MantisBT 1.2.3 (db_type) - Local File Inclusion Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion Mantis 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution Mantis 0.19 - Remote Server-Side Script Execution Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x - New Account Signup Mass Emailing Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis Bug Tracker 0.x - New Account Signup Mass Emailing Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting MantisBT 1.1.8 - Cross-Site Scripting / SQL Injection Mantis Bug Tracker 1.1.8 - Cross-Site Scripting / SQL Injection MantisBT 1.2.19 - Host Header Mantis Bug Tracker 1.2.19 - Host Header MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit) Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1) Monstra CMS < 3.0.4 - Cross-Site Scripting Automation Monstra CMS < 3.0.4 - Cross-Site Scripting XiongMai uc-httpd 1.0.0 - Buffer Overflow Splunk < 7.0.1 - Information Disclosure Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes) Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes) Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)	2018-06-09 05:01:42 +00:00
Offensive Security	ad4b4f15f3	DB: 2018-06-06 11 changes to exploits/shellcodes Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Clone2GO Video converter 2.8.2 - Buffer Overflow 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) 10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH) 10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH) WebKitGTK+ < 2.21.3 - Crash (PoC) WebKit - not_number defineProperties UAF (Metasploit) EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting Pagekit < 1.0.13 - Cross-Site Scripting Code Generator Brother HL Series Printers 1.15 - Cross-Site Scripting Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)	2018-06-06 05:01:46 +00:00

1 2

70 commits