bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1733 commits 1 branch 0 tags 272 MiB
Commit graph

101 commits

Author SHA1 Message Date
Offensive Security
e8dcb9f022 DB: 2019-01-03 
12 changes to exploits/shellcodes

EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
WebKit JSC - 'AbstractValue::set' Use-After-Free
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write

Ayukov NFTP FTP Client 2.0 - Buffer Overflow
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection
Frog CMS 0.9.5 - Cross-Site Scripting
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
WSTMart 2.0.8 - Cross-Site Scripting
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
WSTMart 2.0.8 - Cross-Site Scripting

FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection

Craft CMS 3.0.25 - Cross-Site Scripting
bludit Pages Editor 3.0.0 - Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
bludit Pages Editor 3.0.0 - Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
Vtiger CRM 7.1.0 - Remote Code Execution
 2019-01-03 05:01:43 +00:00
Offensive Security
1b31850a46 DB: 2018-12-25 
15 changes to exploits/shellcodes

Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)
Google Chrome 70 - SQLite Magellan Crash (PoC)
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
Keybase keybase-redirector - '$PATH' Local Privilege Escalation
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
Netatalk - Bypass Authentication
Kubernetes - (Unauthenticated) Arbitrary Requests
Kubernetes - (Authenticated) Arbitrary Requests
WSTMart 2.0.8 - Cross-Site Scripting
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)

Linux/x86 - Kill All Processes Shellcode (14 bytes)
 2018-12-25 05:01:44 +00:00
Offensive Security
0275ca3128 DB: 2018-12-22 
6 changes to exploits/shellcodes

AnyBurn 4.3 - Local Buffer Overflow Denial of Service
AnyBurn 4.3 - Local Buffer Overflow (PoC)
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service

SQLScan 1.0 - Denial of Service (PoC)
AnyBurn 4.3 - Local Buffer Overflow (SEH)
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read

Netatalk < 3.1.12 - Authentication Bypass

ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
 2018-12-22 05:01:56 +00:00
Offensive Security
1ddc5edd5d DB: 2018-12-21 
6 changes to exploits/shellcodes

VBScript - VbsErase Reference Leak Use-After-Free
VBScript - MSXML Execution Policy Bypass
LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)
XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)

Erlang - Port Mapper Daemon Cookie RCE (Metasploit)
 2018-12-21 05:01:52 +00:00
Offensive Security
aedf107ce9 DB: 2018-12-20 
12 changes to exploits/shellcodes

MiniShare Server 1.3.2 - Remote Denial of Service
MiniShare 1.3.2 - Remote Denial of Service

MiniShare 1.5.5 - Local Buffer Overflow (SEH)
MiniShare 1.5.5 - 'users.txt' Local Buffer Overflow (SEH)
Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure
PassFab RAR 9.3.2 - Buffer Overflow (SEH)
LanSpy 2.0.1.159 - Local Buffer Overflow
PDF Explorer 1.5.66.2 - Buffer Overflow (SEH)

MiniShare HTTP 1.5.5 - Remote Buffer Overflow
MiniShare 1.5.5 - Remote Buffer Overflow

MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)
Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting
Integria IMS 5.0.83 - Cross-Site Request Forgery
Bolt CMS < 3.6.2 - Cross-Site Scripting
Yeswiki Cercopitheque - 'id' SQL Injection
IBM Operational Decision Manager 8.x - XML External Entity Injection

Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)
 2018-12-20 05:01:43 +00:00
Offensive Security
e3c06fe0f7 DB: 2018-12-15 
16 changes to exploits/shellcodes

Angry IP Scanner 3.5.3 - Denial of Service (PoC)
UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC)

Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)
Cisco RV110W - Password Disclosure / Command Execution
Safari - Proxy Object Type Confusion (Metasploit)

Adminer 4.3.1 - Server-Side Request Forgery
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)
Huawei Router HG532e - Command Execution
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
Double Your Bitcoin Script Automatic - Authentication Bypass
 2018-12-15 05:01:46 +00:00
Offensive Security
04a490a7c2 DB: 2018-12-14 
3 changes to exploits/shellcodes

Linux - 'userfaultfd' Bypasses tmpfs File Permissions
WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains

CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
 2018-12-14 05:01:46 +00:00
Offensive Security
a07949d1c7 DB: 2018-12-12 
21 changes to exploits/shellcodes

SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation

DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting

Tourism Website Blog - Remote Code Execution / SQL Injection
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
ZTE ZXHN H168N - Improper Access Restrictions
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting
Apache OFBiz 16.11.05 - Cross-Site Scripting
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
Adobe ColdFusion 2018 - Arbitrary File Upload

Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
 2018-12-12 05:01:43 +00:00
Offensive Security
60710bbfd9 DB: 2018-12-05 
19 changes to exploits/shellcodes

Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
Wireshark - 'find_signature' Heap Out-of-Bounds Read
Xorg X11 Server (AIX) - Local Privilege Escalation
Emacs - movemail Privilege Escalation (Metasploit)
OpenSSH < 7.7 - User Enumeration (2)
HP Intelligent Management - Java Deserialization RCE (Metasploit)
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
KeyBase Botnet 1.5 - SQL Injection
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting

Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
 2018-12-05 05:01:44 +00:00
Offensive Security
62445895aa DB: 2018-11-30 
8 changes to exploits/shellcodes

WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object
Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit)
Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
PHP imap_open - Remote Code Execution (Metasploit)
TeamCity Agent - XML-RPC Command Execution (Metasploit)
 2018-11-30 05:01:41 +00:00
Offensive Security
dfd1e454e1 DB: 2018-11-28 
10 changes to exploits/shellcodes

MariaDB Client 10.1.26 - Denial of Service (PoC)
Arm Whois 3.11 - Buffer Overflow (ASLR)
Xorg X11 Server - SUID privilege escalation (Metasploit)
ELBA5 5.8.0 - Remote Code Execution
Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
Ticketly 1.0 - 'kind_id' SQL Injection
No-Cms 1.0 - 'order_by' SQL Injection
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
 2018-11-28 11:08:29 +00:00
Offensive Security
e3299ef341 DB: 2018-11-21 
4 changes to exploits/shellcodes

macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)

Qpopper 4.0.x - poppassd Privilege Escalation
Qpopper 4.0.x - 'poppassd' Privilege Escalation

HP-UX 11.0/11.11 - swxxx Privilege Escalation
HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation

ABRT - raceabrt Privilege Escalation(Metasploit)
ABRT - 'raceabrt' Privilege Escalation (Metasploit)
ImageMagick - Memory Leak
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation

Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Simple E-Document 1.31 - 'username' SQL Injection
2-Plan Team 1.0.4 - Arbitrary File Upload
PHP Mass Mail 1.0 - Arbitrary File Upload
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
Helpdezk 1.1.1 - Arbitrary File Upload
DomainMOD 4.11.01 - Cross-Site Scripting
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Simple E-Document 1.31 - 'username' SQL Injection
2-Plan Team 1.0.4 - Arbitrary File Upload
PHP Mass Mail 1.0 - Arbitrary File Upload
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
Helpdezk 1.1.1 - Arbitrary File Upload
DomainMOD 4.11.01 - Cross-Site Scripting
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)
 2018-11-21 05:01:38 +00:00
Offensive Security
268e737bb6 DB: 2018-11-16 
21 changes to exploits/shellcodes

Notepad3 1.0.2.350 - Denial of Service (PoC)

PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / Disable Functions Bypass

PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass
PHP 5.2.4 ionCube - 'ioncube_read_file' Safe Mode / Disable Functions Bypass

PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass
PHP 5.x COM - Safe Mode / Disable Functions Bypass

VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation
VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation

Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation
Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation

Libuser - 'roothelper' Privilege Escalation (Metasploit)
Libuser - 'roothelper' Local Privilege Escalation (Metasploit)

Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)
Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)

Sun Solaris 11.3 AVS - Local Kernel root Exploit
Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation
PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass
Webkit (Safari) - Universal Cross-site Scripting
Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting

PHP < 5.6.2 - 'Shellshock' 'disable_functions()' Bypass Command Injection
PHP < 5.6.2 - 'Shellshock' Safe Mode / Disable Functions Bypass / Command Injection

PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function
PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' Disable Functions Bypass / Load Dynamic Library

PHP Imagick 3.3.0 - disable_functions Bypass
Imagick 3.3.0 (PHP 5.4) - Disable Functions Bypass
Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)
PHP-Proxy 5.1.0 - Local File Inclusion
BitZoom 1.0 - 'rollno' SQL Injection
Net-Billetterie 2.9 - 'login' SQL Injection
Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection
EverSync 0.5 - Arbitrary File Download
Meneame English Pligg 5.8 - 'search' SQL Injection
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Simple E-Document 1.31 - 'username' SQL Injection
2-Plan Team 1.0.4 - Arbitrary File Upload
PHP Mass Mail 1.0 - Arbitrary File Upload
Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
 2018-11-16 05:01:40 +00:00
Offensive Security
ef70ec156b DB: 2018-10-31 
22 changes to exploits/shellcodes

ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
SIPp 3.3.990 - Local Buffer Overflow (PoC)
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
xorg-x11-server 1.20.3 - Privilege Escalation
Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)

Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
Electricks eCommerce 1.0 - 'prodid' SQL Injection
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
Webiness Inventory 2.9 - Arbitrary File Upload
NETGEAR WiFi Router R6120 - Credential Disclosure
MyBB Downloads 2.0.3 - SQL Injection
Expense Management 1.0 - Arbitrary File Upload
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
Notes Manager 1.0 - Arbitrary File Upload
Instagram Clone 1.0 - Arbitrary File Upload
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
CI User Login and Management 1.0 - Arbitrary File Upload

Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)
 2018-10-31 05:01:53 +00:00
Offensive Security
bbbf700308 DB: 2018-10-27 
5 changes to exploits/shellcodes

xorg-x11-server < 1.20.3 - Local Privilege Escalation
Quick Count 2.0 - 'txtInstID' SQL Injection
MPS Box 0.1.8.0 - Arbitrary File Upload
Delta Sql 1.8.2 - 'id' SQL Injection
Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
 2018-10-27 05:01:46 +00:00
Offensive Security
dac8dd4731 DB: 2018-10-25 
15 changes to exploits/shellcodes

Adult Filter 1.0 - Denial of Service (PoC)

Microsoft Data Sharing - Local Privilege Escalation (PoC)

Webmin 1.5 - Web Brute Force (CGI)

exim 4.90 - Remote Code Execution
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
SG ERP 1.0 - 'info' SQL Injection
Fifa Master XLS 2.3.2 - 'usw' SQL Injection
Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
Apache OFBiz 16.11.04 - XML External Entity Injection
D-Link Routers - Command Injection
D-Link Routers - Plaintext Password
D-Link Routers - Directory Traversal

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes
 2018-10-25 05:01:46 +00:00
Offensive Security
defa138d04 DB: 2018-10-23 
17 changes to exploits/shellcodes

Modbus Poll 7.2.2 - Denial of Service (PoC)
AudaCity 2.3 - Denial of Service (PoC)
Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking
Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas

Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)

Countly - Persistent Cross-Site Scripting
Countly - Cross-Site Scripting
MySQL Edit Table 1.0 - 'id' SQL Injection
School ERP Ultimate 2018 - Arbitrary File Download
Oracle Siebel CRM 8.1.1 - CSV Injection
The Open ISES Project 3.30A - 'tick_lat' SQL Injection
School ERP Ultimate 2018 - 'fid' SQL Injection
eNdonesia Portal 8.7 - 'artid' SQL Injection
The Open ISES Project 3.30A - Arbitrary File Download
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
 2018-10-23 05:01:48 +00:00
Offensive Security
9d143a6b42 DB: 2018-10-13 
22 changes to exploits/shellcodes

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection
Wikidforum 2.20 - Cross-Site Scripting
WAGO 750-881 01.09.18 - Cross-Site Scripting
E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
Phoenix Contact WebVisit 6.40.00 - Password Disclosure
HaPe PKH 1.1 - 'id' SQL Injection
LUYA CMS 1.0.12 - Cross-Site Scripting
Phoenix Contact WebVisit 2985725 - Authentication Bypass
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
CAMALEON CMS 2.4 - Cross-Site Scripting
HaPe PKH 1.1 - Arbitrary File Upload
SugarCRM 6.5.26 - Cross-Site Scripting
FluxBB < 1.5.6 - SQL Injection
 2018-10-13 05:01:46 +00:00
Offensive Security
b311000a22 DB: 2018-10-09 
16 changes to exploits/shellcodes

net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)
net-snmp 5.7.3 - Authenticated Denial of Service (PoC)
Linux - Kernel Pointer Leak via BPF
Android - sdcardfs Changes current->fs Without Proper Locking
360 3.5.0.1033 - Sandbox Escape
Git Submodule - Arbitrary Code Execution
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)
Cisco Prime Infrastructure - Unauthenticated Remote Code Execution
Unitrends UEB - HTTP API Remote Code Execution (Metasploit)
Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
Imperva SecureSphere 13 - Remote Command Execution

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
 2018-10-09 05:01:44 +00:00
Offensive Security
4e39fa0f91 DB: 2018-09-26 
35 changes to exploits/shellcodes

WebKit - 'WebCore::SVGAnimateElementBase::resetAnimatedType' Use-After-Free
WebKit - 'WebCore::AXObjectCache::handleMenuItemSelected' Use-After-Free
WebKit - 'WebCore::Node::ensureRareData' Use-After-Free
WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read
WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free
WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free
WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free
WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free
WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free
Easy PhoroResQ 1.0 - Buffer Overflow
Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit)
Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH)

Collectric CMU 1.0 - 'lang' SQL injection
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
RICOH MP C2003 Printer - Cross-Site Scripting
Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection
Super Cms Blog Pro 1.0 - SQL Injection
Joomla! Component Raffle Factory 3.5.2 - SQL Injection
Joomla! Component Music Collection 3.0.3 - SQL Injection
Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection
Joomla! Component Questions 1.4.3 - SQL Injection
Joomla! Component Jobs Factory 2.0.4 - SQL Injection
Joomla! Component Social Factory 3.8.3 - SQL Injection
RICOH MP C6503 Plus Printer - Cross-Site Scripting
Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component Swap Factory 2.2.1 - SQL Injection
Joomla! Component Collection Factory 4.1.9 - SQL Injection
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection
Joomla! Component Timetable Schedule 3.6.8 - SQL Injection
RICOH MP 305+ Printer - Cross-Site Scripting
RICOH MP C406Z Printer - Cross-Site Scripting
Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection

Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) + sigaction() Shellcode (52 Bytes)
 2018-09-26 05:02:43 +00:00
Offensive Security
ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
 2018-09-25 05:01:51 +00:00
Offensive Security
4d86f9e781 DB: 2018-09-22 
2 changes to exploits/shellcodes

WebRTC - VP9 Processing Use-After-Free
WebRTC - FEC Out-of-Bounds Read
 2018-09-22 05:01:43 +00:00
Offensive Security
87053f010c DB: 2018-09-11 
12 changes to exploits/shellcodes

SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH)
Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH)
Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Zenmap (Nmap) 7.70 - Denial of Service (PoC)
Ghostscript - Failed Restore Command Execution (Metasploit)
VirtualBox 5.2.6.r120293 - VM Escape

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities
RPi Cam Control < 6.3.14 - Multiple Vulnerabilities
LW-N605R 12.20.2.1486 - Remote Code Execution
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
 2018-09-11 05:01:54 +00:00
Offensive Security
32f471140a DB: 2018-09-06 
18 changes to exploits/shellcodes

Microsoft people 10.1807.2131.0 - Denial of service (PoC)

GNU glibc < 2.27 - Local Buffer Overflow

UltraISO 9.7.1.3519 - Buffer Overflow (SEH)

JBoss 4.2.x/4.3.x - Information Disclosure

Git < 2.17.1 - Remote Code Execution

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

Monstra CMS 3.0.4 - Remote Code Execution

OpenDaylight - SQL Injection
Tenda ADSL Router D152 - Cross-Site Scripting

Pivotal Spring Java Framework < 5.0 - Remote Code Execution
 2018-09-06 05:01:55 +00:00
Offensive Security
18e2848633 DB: 2018-08-28 
25 changes to exploits/shellcodes

Firefox 55.0.3 - Denial of Service (PoC)
Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)
Libpango 1.40.8 - Denial of Service (PoC)
Adobe Flash - AVC Processing Out-of-Bounds Read

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
CuteFTP 5.0 - Buffer Overflow
Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

OpenSSH 7.7 - Username Enumeration
OpenSSH 2.3 < 7.7 - Username Enumeration
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (2)
Node.JS - 'node-serialize' Remote Code Execution
Electron WebPreferences - Remote Code Execution
HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

Auditor Website 2.0.1 - Cross-Site Scripting
Basic B2B Script 2.0.0 - Cross-Site Scripting
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting

Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
LiteCart 2.1.2 - Arbitrary File Upload
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
Responsive FileManager < 9.13.4 - Directory Traversal
WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection
 2018-08-28 05:01:59 +00:00
Offensive Security
1e34c2b6a5 DB: 2018-08-14 
11 changes to exploits/shellcodes

IP Finder 1.5 - Denial of Service (PoC)
Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)
PLC Wireless Router GPN2.4P21-C-CN - Denial of Service
Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow
PostgreSQL 9.4-0.5.3 - Privilege Escalation
Android - Directory Traversal over USB via Injection in blkid Output

Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution

Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)

Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking)
Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)

IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting

Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)
 2018-08-14 05:01:45 +00:00
Offensive Security
1d21694058 DB: 2018-08-10 
13 changes to exploits/shellcodes

reSIProcate 1.10.2 - Heap Overflow

CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)

AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)

Linux Kernel  4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)

Responsive Filemanager 9.13.1 - Server-Side Request Forgery

Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection

Sitecore.Net 8.1 - Directory Traversal

Monstra 3.0.4 - Cross-Site Scripting
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
 2018-08-10 05:01:46 +00:00
Offensive Security
addac3a875 DB: 2018-08-07 
9 changes to exploits/shellcodes

mySCADA myPRO 7 - Hard-Coded Credentials

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload

Open-AudIT Community 2.2.6 - Cross-Site Scripting
Subrion CMS 4.2.1 - Cross-Site Scripting
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
CMS ISWEB 3.5.3 - Directory Traversal
Monstra 3.0.4 - Cross-Site Scripting
 2018-08-07 05:01:44 +00:00
Offensive Security
903bf974eb DB: 2018-08-02 
10 changes to exploits/shellcodes

ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)
Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)
WebRTC - VP8 Block Decoding Use-After-Free
WebRTC - FEC Processing Overflow
WebRTC - H264 NAL Packet Processing Type Confusion

Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH)
Axis Network Camera - .srv to parhand RCE (Metasploit)
SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit)

Synology DiskStation Manager 4.1 - Directory Traversal

Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)
 2018-08-02 05:02:43 +00:00
Offensive Security
582d8f748e DB: 2018-07-28 
6 changes to exploits/shellcodes

QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)
NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC)
Skia - Heap Overflow in SkScan::FillPath due to Precision Error

WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)

Wordpress Background Takeover < 4.1.4 - Directory Traversal
WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal

Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion
WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion
WordPress Form Maker Plugin 1.12.24 - SQL Injection
WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection
WordPress Plugin Form Maker 1.12.24 - SQL Injection
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
Online Trade 1 - Information Disclosure
SoftNAS Cloud < 4.0.3 - OS Command Injection
 2018-07-28 05:01:47 +00:00
Offensive Security
bf0a56a02f DB: 2018-07-20 
6 changes to exploits/shellcodes

Google Chrome - Swiftshader Texture Allocation Integer Overflow
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors
Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak

Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)

WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting

MyBB New Threads Plugin 1.1 - Cross-Site Scripting
 2018-07-20 05:01:44 +00:00
Offensive Security
a2ac269de5 DB: 2018-07-19 
8 changes to exploits/shellcodes

JavaScript Core - Arbitrary Code Execution
QNAP Q'Center - change_passwd Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs RCE (Metasploit)
QNAP Q'Center - 'change_passwd' Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit)
HomeMatic Zentrale CCU2 - Remote Code Execution

MailGust 1.9 - Board Takeover SQL Injection
MailGust 1.9 - Board Takeover (SQL Injection)

Cyphor 0.19 - Board Takeover SQL Injection
Cyphor 0.19 - Board Takeover (SQL Injection)

versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection
versatileBulletinBoard 1.00 RC2 - Board Takeover (SQL Injection)

WordPress 2.6.1 - SQL Column Truncation Admin Takeover
WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)

Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover
Invision Power Board 1.x?/2.x/3.x - Admin Takeover

Joomla! < 3.6.4 - Admin TakeOver
Joomla! < 3.6.4 - Admin Takeover
PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation
PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation
Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection
Open-AudIT Community 2.1.1 - Cross-Site Scripting
FTP2FTP 1.0 - Arbitrary File Download
Modx Revolution < 2.6.4 - Remote Code Execution
 2018-07-19 05:01:43 +00:00
Offensive Security
1f88d0a67a DB: 2018-07-18 
10 changes to exploits/shellcodes

Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass
Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials
QNAP Q'Center - change_passwd Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs RCE (Metasploit)
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root

Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)
 2018-07-18 05:01:47 +00:00
Offensive Security
a657b64301 DB: 2018-07-17 
7 changes to exploits/shellcodes

macOS/iOS - JavaScript Injection Bug in OfficeImporter
Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)
Hadoop YARN ResourceManager - Command Execution (Metasploit)

VelotiSmart WiFi B-380 Camera - Directory Traversal
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting

Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)
 2018-07-17 05:01:49 +00:00
Offensive Security
e76244b41a DB: 2018-07-13 
8 changes to exploits/shellcodes

Adobe Flash Player 10.0.22 and AIR - 'intf_count' Integer Overflow
Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow
Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes
Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read
Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions

VLC media player 2.2.8 - Arbitrary Code Execution (PoC)

Linux Kernel <  4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation

212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities
212Cafe Board 0.08 Beta / 6.30 Beta - Multiple Cross-Site Scripting Vulnerabilities

123 Flash Chat - Multiple Vulnerabilities
123 Flash Chat 7.8 - Multiple Vulnerabilities

Dicoogle PACS 2.5.0 - Directory Traversal
 2018-07-13 05:02:00 +00:00
Offensive Security
02fa7c70d3 DB: 2018-07-11 
9 changes to exploits/shellcodes

HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit)
HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit)
OpenSSH < 6.6 SFTP (x64) - Command Execution
OpenSSH < 6.6 SFTP - Command Execution

ModSecurity 3.0.0 - Cross-Site Scripting
Gitea 1.4.0 - Remote Code Execution
WolfSight CMS 3.2 - SQL Injection
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
Elektronischer Leitz-Ordner 10 - SQL Injection
D-Link DIR601 2.02 - Credential Disclosure
 2018-07-11 05:01:52 +00:00
Offensive Security
ac267cb298 DB: 2018-06-21 
11 changes to exploits/shellcodes

Redis 5.0 - Denial of Service
ntp 4.2.8p11 - Local Buffer Overflow (PoC)
Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Mirasys DVMS Workstation 5.12.6 - Path Traversal
MaDDash 2.0.2 - Directory Listing
NewMark CMS 2.1 - 'sec_id' SQL Injection
TP-Link TL-WA850RE - Remote Command Execution
Apache CouchDB < 2.1.0 - Remote Code Execution
IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
VideoInsight WebClient 5 - SQL Injection
 2018-06-21 05:01:44 +00:00
Offensive Security
0381c4c519 DB: 2018-06-09 
11 changes to exploits/shellcodes

Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service
WebKit - WebAssembly Compilation Info Leak
Google Chrome - Integer Overflow when Processing WebAssembly Locals
WebKit - Use-After-Free when Resuming Generator
WebRTC - VP9 Frame Processing  Out-of-Bounds Memory Access
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access

TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass

MantisBT XmlImportExport Plugin - PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2)

Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure
MantisBT 1.2.3 (db_type) - Local File Inclusion
Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure
Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion

Mantis 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis 0.19 - Remote Server-Side Script Execution
Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x - New Account Signup Mass Emailing
Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution
Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x - New Account Signup Mass Emailing

Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities

Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion
Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion

Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting

MantisBT 1.1.8 - Cross-Site Scripting / SQL Injection
Mantis Bug Tracker 1.1.8 - Cross-Site Scripting / SQL Injection

MantisBT 1.2.19 - Host Header
Mantis Bug Tracker 1.2.19 - Host Header

MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)

Monstra CMS < 3.0.4 - Cross-Site Scripting Automation
Monstra CMS < 3.0.4 - Cross-Site Scripting
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Splunk < 7.0.1 - Information Disclosure

Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)
 2018-06-09 05:01:42 +00:00
Offensive Security
0909e63d9e DB: 2018-06-07 
6 changes to exploits/shellcodes

PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow
macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver
macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist
XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP
Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass
Canon MF210/MF220 - Authenticaton Bypass
 2018-06-07 05:01:47 +00:00
Offensive Security
22ba7ab5f3 DB: 2018-06-02 
5 changes to exploits/shellcodes

Epiphany 3.28.2.1 - Denial of Service
Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader
Sony Playstation 4 (PS4) 5.1 - Kernel (PoC)
Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP)

Git < 2.17.1 - Remote Code Execution

Wordpress Plugin Events Calendar - SQL Injection
WordPress Plugin Events Calendar - SQL Injection

Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes)
Linux/x86 - Egghunter + Null-Free Shellcode (11 Bytes)
Linux/x86 - EggHunter + access() Shellcode (38 bytes)
Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)
Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes)
Linux/x86 - Egghunter (0xdeadbeef) + access() + execve(/bin/sh) Shellcode (38 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (105 bytes)
Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)
 2018-06-02 05:01:45 +00:00
Offensive Security
608176a851 DB: 2018-05-26 
8 changes to exploits/shellcodes

Microsoft Edge Chakra - Cross Context Use-After-Free
Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write

D-Link DSL-2750B - OS Command Injection (Metasploit)
KomSeo Cart 1.3 - 'my_item_search' SQL Injection
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting
SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
Oracle WebCenter FatWire Content Server < 7 - Improper Access Control
Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting
 2018-05-26 05:01:44 +00:00
Offensive Security
42f3759885 DB: 2018-05-21 
6 changes to exploits/shellcodes

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass)

mySCADA myPRO 7 - Hard-Coded Credentials
D-Link DSL-3782 - Authentication Bypass
Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution
Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection
 2018-05-21 05:01:47 +00:00
Offensive Security
5aca1b9763 DB: 2018-05-18 
8 changes to exploits/shellcodes

Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall

Libuser - roothelper Privilege Escalation (Metasploit)
Libuser - 'roothelper' Privilege Escalation (Metasploit)

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution
Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution
Jenkins CLI - HTTP Java Deserialization (Metasploit)
Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)
NodAPS 4.0 - SQL injection / Cross-Site Request Forgery
Intelbras NCLOUD 300 1.0 - Authentication bypass
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass
Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery
 2018-05-18 05:01:49 +00:00
Offensive Security
daa3579622 DB: 2018-05-16 
1 changes to exploits/shellcodes

JasperReports - Authenticated File Read

Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell Shellcode (96 Bytes)
Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)
 2018-05-16 05:01:47 +00:00
Offensive Security
39c7c53159 DB: 2018-05-05 
4 changes to exploits/shellcodes

Windows WMI - Recieve Notification Exploit (Metasploit)

Google Chrome V8 - Object Allocation Size Integer Overflow
WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting
IceWarp Mail Server < 11.1.1 - Directory Traversal
 2018-05-05 05:01:45 +00:00
Offensive Security
813a3efbb5 DB: 2018-05-04 
20 changes to exploits/shellcodes

Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow

Jnes 1.0.2 - Stack Buffer Overflow

Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow

netek 0.8.2 - Denial of Service

Cisco Smart Install - Crash (PoC)
Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service
Linux Kernel  < 4.17-rc1 - 'AF_LLC' Double Free

Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Local Privilege Escalation (1)
Linux Kernel 2.6.32 < 3.x (CentOS 5/6) - 'PERF_EVENTS' Local Privilege Escalation (1)
Adobe Reader PDF - Client Side Request Injection
Windows - Local Privilege Escalation

Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit)
Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit)

Adobe Flash < 28.0.0.161 - Use-After-Free
Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC)
GPON Routers - Authentication Bypass / Command Injection
TBK DVR4104 / DVR4216 - Credentials Leak
Call of Duty Modern Warefare 2 - Buffer Overflow

Squirrelcart 1.x.x - 'cart.php' Remote File Inclusion
Squirrelcart 1.x - 'cart.php' Remote File Inclusion

Infinity 2.x.x - options[style_dir] Local File Disclosure
Infinity 2.x - 'options[style_dir]' Local File Disclosure

PHP-Nuke 8.x.x - Blind SQL Injection
PHP-Nuke 8.x - Blind SQL Injection

WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - 'cart.php' Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure

WHMCompleteSolution (WHMCS) 3.x.x - 'clientarea.php' Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x - 'clientarea.php' Local File Disclosure

Ajax Availability Calendar 3.x.x - Multiple Vulnerabilities
Ajax Availability Calendar 3.x - Multiple Vulnerabilities

vBulletin vBSEO 4.x.x - 'visitormessage.php' Remote Code Injection
vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection

WordPress Theme Photocrati 4.x.x - SQL Injection / Cross-Site Scripting
WordPress Theme Photocrati 4.x - SQL Injection / Cross-Site Scripting

Subrion 3.X.x - Multiple Vulnerabilities
Subrion 3.x - Multiple Vulnerabilities

Ciuis CRM 1.0.7 - SQL Injection

LifeSize ClearSea 3.1.4 - Directory Traversal

WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting
DLINK DCS-5020L - Remote Code Execution (PoC)
Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection
 2018-05-04 05:01:47 +00:00
Offensive Security
be89b7c04a DB: 2018-05-03 
11 changes to exploits/shellcodes

WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free
LibreOffice/Open Office - '.odt' Information Disclosure
Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH)

ASUS infosvr - Auth Bypass Command Execution (Metasploit)
ASUS infosvr - Authentication Bypass Command Execution (Metasploit)

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)
xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit)
Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit)
Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)
Exim < 4.90.1 - 'base64d' Remote Code Execution

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)

Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery
 2018-05-03 05:01:45 +00:00
Offensive Security
df4d831719 DB: 2018-05-01 
6 changes to exploits/shellcodes

Navicat < 12.0.27 - Oracle Connection Overflow
macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules
macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)
WordPress Plugin Form Maker 1.12.20 - CSV Injection
Nagios XI 5.2.[6-9]_ 5.3_ 5.4 - Chained Remote Root
 2018-05-01 05:01:45 +00:00
Offensive Security
0579cde876 DB: 2018-04-30 
5 changes to exploits/shellcodes

ImageMagick 6.9.3-9/7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities

ImageMagick 6.9.3-9/7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit)
ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit)

Oracle WebLogic Server 10.3.6.0 - Java Deserialization
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution
Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution
Android Bluetooth - 'Blueborne' Information Leak (1)
Android Bluetooth - 'Blueborne' Information Leak (2)
Apache Struts 2.0.1 < 2.3.33 / 2.5 < 2.5.10 - Arbitrary Code Execution
 2018-04-30 05:01:48 +00:00
Offensive Security
2090553629 DB: 2018-04-26 
12 changes to exploits/shellcodes

VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read

Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service
Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)
Chrome V8 JIT - 'AwaitedPromise' Update Bug
Chrome V8 JIT - Arrow Function Scope Fixing Bug

Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC

Shopy Point of Sale v1.0 - CSV Injection
Blog Master Pro v1.0 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection
HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting
HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion

Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode
Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes)
Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access + Null-Free Shellcode (79 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)
Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)
Linux/x86 - execve(cp /bin/sh /tmp/sh; chmod +s /tmp/sh) + Null-Free Shellcode (74 bytes)
Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)
 2018-04-26 05:01:48 +00:00