bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1255 commits 1 branch 0 tags 264 MiB
Commit graph

1255 commits

This branch
This branch
All branches
Author SHA1 Message Date
g0tmi1k
ed901b5499 Move the ordering about (to help regex) 2017-06-26 17:52:14 +01:00
g0tmi1k
c35249ca4b Output is sorted by the title 2017-06-26 11:54:53 +01:00
g0tmi1k
2b95b7a760 Add "--exclude" to remove values from results 2017-06-14 15:58:54 +01:00
g0tmi1k
d029dd02ce Add (hidden) additional long arguments commands 2017-06-14 15:58:29 +01:00
g0tmi1k
62241c3543 Code clean up 2017-06-14 15:58:12 +01:00
Offensive Security
2170122160 DB: 2017-06-14 
7 new exploits

MyServer 0.7.1 - (POST) Denial of Service
MyServer 0.7.1 - 'POST' Denial of Service

Foxmail 2.0 - (MAIL FROM:) Denial of Service
Foxmail 2.0 - 'MAIL FROM:' Denial of Service

Nokia Symbian 60 - (BlueTooth Nickname) Remote Restart (2)
Nokia Symbian 60 - 'BlueTooth Nickname' Remote Restart (2)
Ethereal 0.10.10 / tcpdump 3.9.1 - (rsvp_print) Infinite Loop Denial of Service
Tcpdump 3.8.x - (ldp_print) Infinite Loop Denial of Service
Tcpdump 3.8.x - (rt_routing_info) Infinite Loop Denial of Service
Tcpdump 3.8.x/3.9.1 - (isis_print) Infinite Loop Denial of Service
Ethereal 0.10.10 / tcpdump 3.9.1 - 'rsvp_print' Infinite Loop Denial of Service
Tcpdump 3.8.x - 'ldp_print' Infinite Loop Denial of Service
Tcpdump 3.8.x - 'rt_routing_info' Infinite Loop Denial of Service
Tcpdump 3.8.x/3.9.1 - 'isis_print' Infinite Loop Denial of Service

Ethereal 0.10.10 - (dissect_ipc_state) Remote Denial of Service
Ethereal 0.10.10 - 'dissect_ipc_state' Remote Denial of Service
phpBB 2.0.15 - Register Multiple Users Denial of Service (Perl)
phpBB 2.0.15 - Register Multiple Users Denial of Service (C)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)

Stream / Raped (Windows) - Denial of Service Attack
Stream / Raped (Windows) - Denial of Service
Ipswitch WS_FTP Server 5.03 - (RNFR) Buffer Overflow
Mercury/32 Mail Server 4.01a - (check) Buffer Overflow
Golden FTP Server Pro 2.52 - (USER) Remote Buffer Overflow
Ipswitch WS_FTP Server 5.03 - 'RNFR' Buffer Overflow
Mercury/32 Mail Server 4.01a - 'check' Buffer Overflow
Golden FTP Server Pro 2.52 - 'USER' Remote Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (SMTP) Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (FTP) Buffer Overflow
GTChat 0.95 Alpha - (adduser) Remote Denial of Service
Inframail Advantage Server Edition 6.0 < 6.37 - 'SMTP' Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - 'FTP' Buffer Overflow
GTChat 0.95 Alpha - 'adduser' Remote Denial of Service

P2P Pro 1.0 - (command) Denial of Service
P2P Pro 1.0 - 'command' Denial of Service

Mozilla Products - (Host:) Buffer Overflow Denial of Service String
Mozilla Products - 'Host:' Buffer Overflow Denial of Service String

Fastream NETFile Web Server 7.1.2 - (HEAD) Denial of Service
Fastream NETFile Web Server 7.1.2 - 'HEAD' Denial of Service

RBExplorer 1.0 - (Hijacking Command) Denial of Service
RBExplorer 1.0 - Hijacking Command Denial of Service

Freeciv 2.0.7 - (Jumbo Malloc) Denial of Service Crash
Freeciv 2.0.7 - (Jumbo Malloc) Crash (Denial of Service)
XChat 2.6.7 - (Windows) Remote Denial of Service (PHP)
XChat 2.6.7 - (Windows) Remote Denial of Service (Perl)
XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)
XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)

Nokia Symbian 60 3rd Edition - Browser Denial of Service Crash
Nokia Symbian 60 3rd Edition - Browser Crash (Denial of Service)

Macromedia Flash 9 - (IE Plugin) Remote Denial of Service Crash
Macromedia Flash 9 - (IE Plugin) Remote Crash (Denial of Service)

AIDeX Mini-WebServer 1.1 - Remote Denial of Service Crash
AIDeX Mini-WebServer 1.1 - Remote Crash (Denial of Service)

Microsoft Windows - NtRaiseHardError 'Csrss.exe/winsrv.dll' Double-Free
Microsoft Windows - 'Csrss.exe/winsrv.dll' NtRaiseHardError Double-Free

Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Denial of Service Hang / Crash
Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Hang / Crash (Denial of Service)

Half-Life CSTRIKE Server 1.6 - Denial of Service (no-steam)
Half-Life CSTRIKE Server 1.6 - 'no-steam' Denial of Service

AyeView 2.20 - (malformed gif image) Local Crash
AyeView 2.20 - Malformed .GIF Image Local Crash

Microsoft Windows - '.chm' Denial of Service (HTML compiled)
Microsoft Windows - '.chm' Denial of Service (HTML Compiled)

Winamp 5.541 - '.mp3'/'.aiff' Multiple Denial of Services
Winamp 5.541 - '.mp3'/'.aiff' File Multiple Denial of Service Vulnerabilities

Multiple HTTP Server - Low Bandwidth Denial of Service (slowloris.pl)
Multiple HTTP Server - 'slowloris.pl' Low Bandwidth Denial of Service

Google Picasa 3.5 - Local Denial of Service Buffer Overflow
Google Picasa 3.5 - Local Buffer Overflow (Denial of Service)

3Com OfficeConnect Routers - (Content-Type) Denial of Service
3Com OfficeConnect Routers - 'Content-Type' Denial of Service

VSO Medoa Player 1.0.2.2 - Local Denial of Services (PoC)
VSO Medoa Player 1.0.2.2 - Local Denial of Service (PoC)

QtWeb 3.0 - Remote Denial of Service/Crash
QtWeb 3.0 - Remote Crash (Denial of Service)

NovaPlayer 1.0 - '.mp3' Local Denial of Service (2)
NovaPlayer 1.0 - '.mp3' File Local Denial of Service (2)

Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' Denial of Service/Crash
Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' File Crash (Denial of Service)

eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash SEH (PoC)
eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash (SEH) (PoC)

Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Denial of Service (Crash)
Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Crash (Denial of Service)

Optimal Archive 1.38 - '.zip' SEH (PoC)
Optimal Archive 1.38 - '.zip' File (SEH) (PoC)
MovieLibrary 1.4.401 - Local Denial of Service (.dmv)
Book Library 1.4.162 - Local Denial of Service (.bkd)
MovieLibrary 1.4.401 - '.dmv' Local Denial of Service
Book Library 1.4.162 - '.bkd' Local Denial of Service

Huawei EchoLife HG520c - Denial of Service / Modem Reset
Huawei EchoLife HG520c - Modem Reset (Denial of Service)

CommView 6.1 (Build 636) - Local Denial of Service (Blue Screen of Death)
CommView 6.1 (Build 636) - Local Blue Screen of Death (Denial of Service)

QtWeb 3.3 - Remote Denial of Service/Crash
QtWeb 3.3 - Remote Crash (Denial of Service)

Subtitle Translation Wizard 3.0.0 - SEH (PoC)
Subtitle Translation Wizard 3.0.0 - (SEH) (PoC)

Opera - Denial of Service by canvas Element
Opera - Canvas Element (Denial of Service)

Microsoft IIS 6.0 - ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065)
Microsoft IIS 6.0 - ASP Stack Overflow Stack Exhaustion (Denial of Service) (MS10-065)

HP Data Protector Manager 6.11 - Remote Denial of Service in RDS Service
HP Data Protector Manager 6.11 - RDS Service Remote Denial of Service

FreeBSD 8.0 - Local Denial of Service (Forced Reboot)
FreeBSD 8.0 - Local Forced Reboot (Denial of Service)

Hanso Player 1.4.0.0 - Buffer Overflow Denial of Service Skinfile
Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service)

CiscoKits 1.0 - TFTP Server Denial of Service (Write command)
CiscoKits 1.0 - TFTP Server 'Write Command' Denial of Service

Apache - Remote Denial of Service (Memory Exhaustion)
Apache - Remote Memory Exhaustion (Denial of Service)

TOWeb 3.0 - Local Format String Denial of Service (TOWeb.MO file Corruption)
TOWeb 3.0 - Local Format String Denial of Service 'TOWeb.MO' File Corruption

BlueZone Desktop Multiple - Malformed files Local Denial of Service Vulnerabilities
BlueZone Desktop Multiple - Malformed Files Local Denial of Service Vulnerabilities

NJStar Communicator MiniSmtp - Buffer Overflow [ASLR Bypass]
NJStar Communicator MiniSmtp - Buffer Overflow (ASLR Bypass)

Wyse - Unauthenticated Machine Remote Power Off )Denial of Service) (Metasploit)
Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit)

Qutecom SoftPhone 2.2.1 - Heap Overflow Denial of Service/Crash (PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)

Network Associates Gauntlet Firewall 5.0 - Denial of Service Attack
Network Associates Gauntlet Firewall 5.0 - Denial of Service
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (1)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (2)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (1)
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - 'Services.exe' Denial of Service (2)

Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service Attack
Mirabilis ICQ 0.99/98.0 a/2000.0 A/99a - Remote Denial of Service

Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service Attack
Microsoft NT 4.0 RAS/PPTP - Malformed Control Packet Denial of Service

(Linux Kernel) ReiserFS 3.5.28 - Denial of Service (Possible Code Execution)
(Linux Kernel) ReiserFS 3.5.28 - Potential Code Execution / Denial of Service

Winlog Lite SCADA HMI system - SEH 0verwrite
Winlog Lite SCADA HMI system - (SEH) Overwrite

FL Studio 10 Producer Edition - SEH Based Buffer Overflow (PoC)
FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC)

OptiSoft Blubster 2.5 - Remote Denial of Service Attack
OptiSoft Blubster 2.5 - Remote Denial of Service

ChatZilla 0.8.23 - Remote Denial of Service Attack
ChatZilla 0.8.23 - Remote Denial of Service

ACDSee 9.0 Photo Manager - Multiple BMP Denial of Service Vulnerabilities
ACDSee 9.0 Photo Manager - Multiple '.BMP' Denial of Service Vulnerabilities

Motorola SBG6580 Cable Modem & Wireless Router - Denial of Service Reboot
Motorola SBG6580 Cable Modem & Wireless Router - Reboot (Denial of Service)

Unreal Tournament 3 - Denial of Service / Memory Corruption
Unreal Tournament 3 - Memory Corruption (Denial of Service)

Gold MP4 Player 3.3 - Universal SEH Exploit (Metasploit)
Gold MP4 Player 3.3 - Universal Exploit (SEH) (Metasploit)

Jzip - SEH Unicode Buffer Overflow (Denial of Service)
Jzip - Buffer Overflow (SEH Unicode) (Denial of Service)

Symantec Endpoint Protection Manager 12.1.x - SEH Overflow (PoC)
Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC)

Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Issue
Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities

NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary memory read
NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary Memory Read

Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow/Denial of Service EIP Overwrite
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite

JourneyMap 5.0.0RC2 Ultimate Edition - Denial of Service (Resource Consumption)
JourneyMap 5.0.0RC2 Ultimate Edition - Resource Consumption (Denial of Service)

Mediacoder 0.8.33 build 5680 - Buffer Overflow (SEH) Denial of Service (.lst)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service

i.FTP 2.21 - SEH Overflow Crash (PoC)
i.FTP 2.21 - (SEH) Overflow Crash (PoC)

Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' Denial of service (Crush Application)
Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service)

Sam Spade 1.14 - Scan From IP Address Field SEH Overflow Crash (PoC)
Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC)

Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service/Elevation of Privilege (MS15-111)
Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service / Privilege Escalation (MS15-111)

Sam Spade 1.14 - S-Lang Command Field SEH Overflow
Sam Spade 1.14 - S-Lang Command Field Overflow (SEH)

SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field SEH Overflow
SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field Overflow (SEH)

Network Scanner 4.0.0.0 - SEH Crash (PoC)
Network Scanner 4.0.0.0 - (SEH)Crash (PoC)

Zortam Mp3 Media Studio 20.15 - SEH Overflow Denial of Service
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service

i.FTP 2.21 - Host Address / URL Field SEH Exploit
i.FTP 2.21 - Host Address / URL Field (SEH)

Oracle VirtualBox Guest Additions 5.1.18 -  Unprivileged Windows User-Mode Guest Code Double-Free
Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing
LG MRA58K - 'ASFParser::ParseHeaderExtensionObjects' Missing Bounds-Checking

Microsoft Windows Server 2000 - Utility Manager Privilege Elevation Exploit (MS04-019)
Microsoft Windows Server 2000 - Utility Manager Privilege Escalation (MS04-019)

Microsoft Windows - 'keybd_event' Local Privilege Elevation Exploit
Microsoft Windows - 'keybd_event' Local Privilege Escalation

Microsoft Vista - (NtRaiseHardError) Privilege Escalation
Microsoft Vista - 'NtRaiseHardError' Privilege Escalation

Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation
Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Escalation

eTrust AntiVirus Agent r8 - Local Privilege Elevation Exploit
eTrust AntiVirus Agent r8 - Local Privilege Escalation

WinPcap 4.0 - 'NPF.SYS' Privilege Elevation (PoC)
WinPcap 4.0 - 'NPF.SYS' Privilege Escalation (PoC)

IntelliTamper (2.07/2.08) - Language Catalog SEH Overflow
IntelliTamper (2.07/2.08) - Language Catalog Overflow (SEH)

WINMOD 1.4 - '.lst' Local Stack Overflow XP SP3 (RET + SEH) (3)
WINMOD 1.4 - '.lst' File Local Stack Overflow XP SP3 (RET + SEH) (3)

CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH)

DJ Studio Pro 5.1.6.5.2 - SEH Exploit
DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit

Winamp 5.572 - SEH Exploit
Winamp 5.572 - (SEH) Exploit

Orbital Viewer 1.04 - '.orb' Local Universal SEH Overflow
Orbital Viewer 1.04 - '.orb' File Local Universal Overflow (SEH)

ZipScan 2.2c - SEH Exploit
ZipScan 2.2c - (SEH) Exploit
ZipCentral - '.zip' SEH Exploit
eZip Wizard 3.0 - '.zip' SEH Exploit
ZipCentral - '.zip' File (SEH)
eZip Wizard 3.0 - '.zip' File (SEH)

PHP 6.0 Dev - str_transliterate() Buffer Overflow (NX + ASLR Bypass)
PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow (NX + ASLR Bypass)

Winamp 5.572 - 'whatsnew.txt' SEH (Metasploit)
Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit)

ZipWrangler 1.20 - '.zip' SEH Exploit
ZipWrangler 1.20 - '.zip' File (SEH)

Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' SEH Exploit
Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' File (SEH)

Mediacoder 0.7.3.4672 - SEH Exploit
Mediacoder 0.7.3.4672 - (SEH) Exploit

VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (1)
VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (1)

Castripper 2.50.70 - '.pls' Stack Buffer Overflow DEP Bypass
Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass
BlazeDVD 5.1 - '.plf' Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass)
Winamp 5.572 - Local Buffer Overflow (EIP & SEH DEP Bypass)
BlazeDVD 5.1 - '.plf' File Stack Buffer Overflow (PoC) (Windows 7 ASLR + DEP Bypass)
Winamp 5.572 - Local Buffer Overflow (EIP + SEH DEP Bypass)

BlazeDVD 6.0 - '.plf' SEH Universal Buffer Overflow
BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow

RM Downloader 3.1.3 - Local SEH Exploit (Windows 7 ASLR + DEP Bypass)
RM Downloader 3.1.3 (Windows 7) - Local ASLR + DEP Bypass (SEH)

ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS ASLR + DEP Bypass) (Metasploit)
ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit)

A-PDF WAV to MP3 1.0.0 - Universal Local SEH Exploit
A-PDF WAV to MP3 1.0.0 - Universal Local (SEH)

Acoustica MP3 Audio Mixer 2.471 - Extended M3U directives SEH Exploit
Acoustica MP3 Audio Mixer 2.471 - Extended .M3U Directives (SEH)

MP3 Workstation 9.2.1.1.2 - SEH Exploit
MP3 Workstation 9.2.1.1.2 - (SEH) Exploit
DJ Studio Pro 8.1.3.2.1 - SEH Exploit
A-PDF All to MP3 Converter 1.1.0 - Universal Local SEH Exploit
DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit
A-PDF All to MP3 Converter 1.1.0 - Universal Local (SEH)

MP3 Workstation 9.2.1.1.2 - SEH Exploit (Metasploit)
MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit)

iworkstation 9.3.2.1.4 - SEH Exploit
iworkstation 9.3.2.1.4 - (SEH) Exploit
Quick Player 1.3 - Unicode SEH Exploit
AudioTran 1.4.2.4 - SafeSEH + SEHOP Exploit
Quick Player 1.3 - Unicode (SEH)
AudioTran 1.4.2.4 - (SafeSEH + SEHOP) Exploit

Microsoft Windows Vista/7 - Elevation of Privileges (UAC Bypass)
Microsoft Windows Vista/7 - Privilege Escalation (UAC Bypass)

Nokia MultiMedia Player 1.0 - SEH Unicode Exploit
Nokia MultiMedia Player 1.0 - (SEH Unicode)

WM Downloader 3.1.2.2 2010.04.15 - '.m3u' Buffer Overflow (DEP Bypass)
WM Downloader 3.1.2.2 2010.04.15 - '.m3u' File Buffer Overflow (DEP Bypass)

Adobe PDF - Escape EXE Social Engineering (No JavaScript)(Metasploit)
Adobe PDF - Escape EXE Social Engineering (No JavaScript) (Metasploit)

POP Peeper 3.7 - SEH Exploit
POP Peeper 3.7 - (SEH) Exploit

MPlayer Lite r33064 - '.m3u' SEH Overflow
MPlayer Lite r33064 - '.m3u' Overflow (SEH)

Wireshark 1.4.1 < 1.4.4 - SEH Overflow
Wireshark 1.4.1 < 1.4.4 - Overflow (SEH)

Subtitle Processor 7.7.1 - SEH Unicode Buffer Overflow
Subtitle Processor 7.7.1 - Buffer Overflow (SEH Unicode)

Subtitle Processor 7.7.1 - '.m3u' SEH Unicode Buffer Overflow (Metasploit)
Subtitle Processor 7.7.1 - '.m3u' File Buffer Overflow (SEH Unicode) (Metasploit)

The KMPlayer 3.0.0.1440 - '.mp3' Buffer Overflow (Windows XP SP3 DEP Bypass)
The KMPlayer 3.0.0.1440 - '.mp3' File Buffer Overflow (Windows XP SP3 DEP Bypass)

MPlayer Lite r33064 - m3u Buffer Overflow (DEP Bypass)
MPlayer Lite r33064 - '.m3u' Buffer Overflow (DEP Bypass)

DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass Exploit
DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass

MY MP3 Player 3.0 - '.m3u' Exploit DEP Bypass
MY MP3 Player 3.0 - '.m3u' DEP Bypass

TORCS 1.3.2 - xml Buffer Overflow /SAFESEH evasion
TORCS 1.3.2 - '.xml' File Buffer Overflow /SafeSEH Evasion

DJ Studio Pro 5.1.6.5.2 - SEH Exploit (Metasploit)
DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit)

BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass
BlazeVideo HDTV Player 6.6 Professional - (SEH + ASLR + DEP Bypass)

Corel Linux OS 1.0 - Denial of Serviceemu Distribution Configuration
Corel Linux OS 1.0 - Dosemu Distribution Configuration

MyMp3 Player Stack - '.m3u' DEP Bypass
MyMp3 Player Stack - '.m3u' File DEP Bypass

CoolPlayer+ Portable 2.19.2 - Buffer Overflow ASLR Bypass (Large Shellcode)
CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (Large Shellcode)
Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Elevation
Microsoft IIS 5.0 - In-Process Table Privilege Elevation
Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation
Microsoft IIS 5.0 - In-Process Table Privilege Escalation

Taylor UUCP 1.0.6 - Argument Handling Privilege Elevation
Taylor UUCP 1.0.6 - Argument Handling Privilege Escalation

Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Elevation
Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Escalation

Huawei Technologies Internet Mobile - Unicode SEH Exploit
Huawei Technologies Internet Mobile - Unicode (SEH)

MySQL (Linux) - Database Privilege Elevation Exploit
MySQL (Linux) - Database Privilege Escalation

Man Utility 2.3.19 - Local Compression Program Privilege Elevation
Man Utility 2.3.19 - Local Compression Program Privilege Escalation

BlazeDVD 6.1 - PLF Exploit DEP/ASLR Bypass (Metasploit)
BlazeDVD 6.1 - PLF Exploit (DEP + ASLR Bypass) (Metasploit)

BOINC Manager (Seti@home) 7.0.64 - Field SEH based Buffer Overflow
BOINC Manager (Seti@home) 7.0.64 - Field Buffer Overflow (SEH)

Static HTTP Server 1.0 - SEH Overflow
Static HTTP Server 1.0 - (SEH) Overflow

ALLPlayer 5.6.2 - '.m3u' Local Buffer Overflow (SEH/Unicode)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH)

VUPlayer 2.49 - '.m3u' Universal Buffer Overflow (DEP Bypass) (2)
VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (2)

Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) ASLR + DEP Bypass
Adrenalin Player 2.2.5.3 - '.m3u' File Buffer Overflow (SEH) (ASLR + DEP Bypass)

OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege
OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation

Nidesoft MP3 Converter 2.6.18 - SEH Local Buffer Overflow
Nidesoft MP3 Converter 2.6.18 - Local Buffer Overflow (SEH)

Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege
Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation

Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Elevation of Privilege
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation
Quick Search 1.1.0.189 - 'search textbox' Unicode SEH Egghunter Buffer Overflow
Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow
Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow (Windows 7 DEP Bypass)
Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter)
Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH)
Free MP3 CD Ripper 2.6 2.8 - '.wav' File Buffer Overflow (SEH) (Windows 7 DEP Bypass)

Microsoft HTML Help Compiler 4.74.8702.0 - SEH Based Overflow
Microsoft HTML Help Compiler 4.74.8702.0 - Overflow (SEH)

MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' SEH Based Buffer Overflow (ASLR & SAFESEH Bypass)
MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)

Mozilla - Maintenance Service Log File Overwrite Elevation of Privilege
Mozilla - Maintenance Service Log File Overwrite Privilege Escalation

Logitech Webcam Software 1.1 - eReg.exe SEH/Unicode Buffer Overflow
Logitech Webcam Software 1.1 - 'eReg.exe' Buffer Overflow (SEH Unicode)

Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow
Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH)
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP_ Denial of Service 7/8.1/10)
KiTTY Portable 0.65.0.2p - Local kitty.ini Overflow (Wow64 Egghunter Windows 7)
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP / Denial of Service 7/8.1/10)
KiTTY Portable 0.65.0.2p (Windows 7) - Local kitty.ini Overflow (Wow64 Egghunter)

Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Elevation Exploit
Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Escalation

Internet Download Manager 6.25 Build 14 - 'Find file' Unicode SEH Exploit
Internet Download Manager 6.25 Build 14 - 'Find file' Unicode (SEH)

Cogent Datahub 7.3.9 Gamma Script - Elevation of Privilege
Cogent Datahub 7.3.9 Gamma Script - Privilege Escalation

Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal ASLR + DEP Bypass)
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File Exploit (Universal ASLR + DEP Bypass)

Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (Metasploit)
Tomabo MP4 Player 3.11.6 - Stack Overflow (SEH) (Metasploit)
Mediacoder 0.8.43.5852 - '.m3u' SEH Exploit
CoolPlayer+ Portable 2.19.6 - '.m3u' Stack Overflow (Egghunter + ASLR Bypass)
Mediacoder 0.8.43.5852 - '.m3u' (SEH)
CoolPlayer+ Portable 2.19.6 - '.m3u' File Stack Overflow (Egghunter + ASLR Bypass)

VUPlayer 2.49 - '.pls' Stack Buffer Overflow (DEP Bypass)
VUPlayer 2.49 - '.pls' File Stack Buffer Overflow (DEP Bypass)

Netgear Genie 2.4.32 - Unquoted Service Path Elevation of Privilege
Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation

Network Scanner 4.0.0 - SEH Local Buffer Overflow
Network Scanner 4.0.0 - Local Buffer Overflow (SEH)

Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow

Microsoft Windows - '.ani' GDI Remote Elevation of Privilege Exploit (MS07-017)
Microsoft Windows - '.ani' GDI Remote Privilege Escalation (MS07-017)

Move Networks Quantum Streaming Player - SEH Overflow
Move Networks Quantum Streaming Player - Overflow (SEH)

Quick TFTP Server Pro 2.1 - Remote SEH Overflow
Quick TFTP Server Pro 2.1 - Remote Overflow (SEH)

Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit
Debian OpenSSH - Authenticated Remote SELinux Privilege Escalation

FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH STACK Overflow
FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH Stack Overflow

PowerTCP FTP module - Multiple Technique Exploit (SEH/HeapSpray)
PowerTCP FTP module - Multiple Technique Exploit (SEH HeapSpray)

BigAnt Server 2.52 - SEH Exploit
BigAnt Server 2.52 - (SEH) Exploit

File Sharing Wizard 1.5.0 - SEH Exploit
File Sharing Wizard 1.5.0 - (SEH) Exploit

Kolibri 2.0 - Buffer Overflow RET + SEH Exploit (HEAD)
Kolibri 2.0 - (HEAD) Buffer Overflow RET + (SEH)

Easy File Sharing HTTP Server 7.2 - SEH Overflow (Metasploit)
Easy File Sharing HTTP Server 7.2 - Overflow (SEH) (Metasploit)

WorldMail IMAPd 3.0 - SEH Overflow (Egg Hunter)
WorldMail IMAPd 3.0 - Overflow (SEH) (Egg Hunter)

Sysax Multi Server 5.53 - SFTP Authenticated SEH Exploit
Sysax Multi Server 5.53 - SFTP Authenticated (SEH)

Simple Web Server 2.2-rc2 - ASLR Bypass Exploit
Simple Web Server 2.2-rc2 - ASLR Bypass

Microsoft SQL 2000/7.0 - Agent Jobs Privilege Elevation
Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation

BigAnt Server 2.52 SP5 - SEH Stack Overflow ROP-based Exploit (ASLR + DEP Bypass)
BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass)

Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution
Intrasrv Simple Web Server 1.0 - Remote Code Execution (SEH)

Apache suEXEC - Privilege Elevation / Information Disclosure
Apache suEXEC - Information Disclosure / Privilege Escalation

Easy Internet Sharing Proxy Server 2.2 - SEH Overflow (Metasploit)
Easy Internet Sharing Proxy Server 2.2 - Overflow (SEH) (Metasploit)

Kolibri Web Server 2.0 - GET Request SEH Exploit
Kolibri Web Server 2.0 - GET Request (SEH)

Microsoft Windows Kerberos - Elevation of Privilege (MS14-068)
Microsoft Windows Kerberos - Privilege Escalation (MS14-068)

X360 VideoPlayer ActiveX Control 2.6 - (ASLR + DEP Bypass)
X360 VideoPlayer ActiveX Control 2.6 - ASLR + DEP Bypass

i.FTP 2.21 - Time Field SEH Exploit
i.FTP 2.21 - Time Field (SEH)

Konica Minolta FTP Utility 1.00 - Authenticated CWD Command SEH Overflow (Metasploit)
Konica Minolta FTP Utility 1.00 - Authenticated CWD Command Overflow (SEH) (Metasploit)

Easy File Sharing Web Server 7.2 - Remote SEH Based Overflow
Easy File Sharing Web Server 7.2 - Remote Overflow (SEH)

Konica Minolta FTP Utility 1.00 - CWD Command SEH Overflow
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)

Sysax Multi Server 6.50 - HTTP File Share SEH Overflow Remote Code Execution
Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH)

TFTP Server 1.4 - WRQ Buffer Overflow (Egghunter)
TFTP Server 1.4 - 'WRQ' Buffer Overflow (Egghunter)

Easy File Sharing Web Server 7.2 - SEH Overflow (Egghunter)
Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter)

Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow

Win32 - SEH omelet Shellcode
Win32 - SEH Omelet Shellcode
dotWidget CMS 1.0.6 - (file_path) Remote File Inclusion
DreamAccount 3.1 - (da_path) Remote File Inclusion
dotWidget CMS 1.0.6 - 'file_path' Remote File Inclusion
DreamAccount 3.1 - 'da_path' Remote File Inclusion

AWF CMS 1.11 - (spaw_root) Remote File Inclusion
AWF CMS 1.11 - 'spaw_root' Remote File Inclusion

Download-Engine 1.4.2 - (spaw) Remote File Inclusion
Download-Engine 1.4.2 - 'spaw' Remote File Inclusion

Newsscript 1.0 - Administrative Privilege Elevation
Newsscript 1.0 - Administrative Privilege Escalation

UBBCentral UBB.Threads 3.4/3.5 - Denial of Serviceearch.php SQL Injection
UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL Injection

Cerberus Helpdesk 2.649 - cer_KnowledgebaseHandler.class.php _load_article_details Function SQL Injection
Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php' '_load_article_details' Function SQL Injection

cPanel 10.9 - Denial of Serviceetmytheme theme Parameter Cross-Site Scripting
cPanel 10.9 - dosetmytheme 'theme' Parameter Cross-Site Scripting

WordPress < 2.1.2  - PHP_Self Cross-Site Scripting
WordPress < 2.1.2 - PHP_Self Cross-Site Scripting
WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection
Real Estate Classifieds Script - SQL Injection
 2017-06-14 05:01:26 +00:00
g0tmi1k
6bf2cee7fc Merge pull request #90 from g0tmi1k/searchsploit 
Better EDB-ID detection - able to put in path and it will extract the value
 2017-06-13 13:50:12 +01:00
g0tmi1k
2be6186aa3 Better EDB-ID detection - able to put in path and it will extract the value 2017-06-13 13:48:07 +01:00
Offensive Security
117f75fdfc DB: 2017-06-13 
5 new exploits

GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference
DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow
Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow
Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution
Easy File Sharing Web Server 7.2 - Authentication Bypass
 2017-06-13 05:01:23 +00:00
Offensive Security
dea52f68f5 DB: 2017-06-12 
8 new exploits

Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC)

Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
VMware vSphere Data Protection 5.x/6.x - Java Deserialization
EFS Easy Chat Server 3.1 - Buffer Overflow (SEH)
IPFire 2.19 - Remote Code Execution
eCom Cart 1.3 - SQL Injection
EFS Easy Chat Server 3.1 - Password Disclosure
EFS Easy Chat Server 3.1 - Password Reset
PaulShop - SQL Injection
 2017-06-12 05:01:24 +00:00
Offensive Security
fbe517f675 DB: 2017-06-10 
6 new exploits

Mapscrn 2.03 - Local Buffer Overflow
libcroco 0.6.12 - Denial of Service
libquicktime 1.2.4 - Denial of Service
Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition
Apple macOS - Disk Arbitration Daemon Race Condition

Craft CMS 2.6 - Cross-Site Scripting
 2017-06-10 05:01:19 +00:00
Offensive Security
bed1811f1d DB: 2017-06-09 
4 new exploits

Linux Kernel - 'ping' Local Denial of Service

VMware Workstation 12 Pro - Denial of Service
Net Monitor for Employees Pro < 5.3.4 - Unquoted Service Path Privilege Escalation
Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
 2017-06-09 05:01:17 +00:00
Offensive Security
b002e06bf6 DB: 2017-06-08 
9 new exploits

Linux Kernel - 'ping' Local Denial of Service
Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service
PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption
Artifex MuPDF - Null Pointer Dereference
Artifex MuPDF mujstest 1.10a - Null Pointer Dereference

DC/OS Marathon UI - Docker Exploit (Metasploit)
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting
Xavier 2.4 - SQL Injection
Robert 0.5 - Multiple Vulnerabilities
 2017-06-08 05:01:17 +00:00
Offensive Security
0ef7d9b9ec DB: 2017-06-07 
8 new exploits

Wireshark 2.2.6 - IPv6 Dissector Denial of Service
Wireshark 2.2.0 to 2.2.12 - ROS Dissector Denial of Service
Apple Safari 10.1 - Spread Operator Integer Overflow Remote Code Execution
Home Web Server 1.9.1 build 164 - Remote Code Execution

Linux/x86-64 - /bin/sh Shellcode (31 bytes)
Kronos Telestaff < 2.92EU29 - SQL Injection
WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting
Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure
 2017-06-07 05:01:18 +00:00
Offensive Security
cd6e21e600 DB: 2017-06-06 
11 new exploits

Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
DNSTracer 1.8.1 - Buffer Overflow
Parallels Desktop - Virtual Machine Escape
Subsonic 6.1.1 - XML External Entity Injection
BIND 9.10.5 - Unquoted Service Path Privilege Escalation

Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution
Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
Subsonic 6.1.1 - Cross-Site Request Forgery
Subsonic 6.1.1 - Server-Side Request Forgery
Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
 2017-06-06 05:01:15 +00:00
Offensive Security
42e94b4366 DB: 2017-06-05 
26 new exploits

Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine

Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files
Microsoft MsMpEng - Use-After-Free via Saved Callers
WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
WebKit - 'Element::setAttributeNodeNS' Use-After-Free
reiserfstune 3.6.25 - Local Buffer Overflow

TiEmu 2.08 - Local Buffer Overflow
Octopus Deploy - Authenticated Code Execution (Metasploit)
Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)

CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities

Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes)

uc-http Daemon - Local File Inclusion / Directory Traversal
Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow

WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
Piwigo Plugin Facetag 0.0.3 - SQL Injection
OV3 Online Administration 3.0 - Directory Traversal
OV3 Online Administration 3.0 - Remote Code Execution
OV3 Online Administration 3.0 - SQL Injection
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting
WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
 2017-06-05 05:01:15 +00:00
Offensive Security
b1d5f96f79 DB: 2017-05-27 
6 new exploits

Sandboxie 5.18 - Local Denial of Service
JAD java Decompiler 1.5.8e - Local Buffer Overflow
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands

Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write
D-Link DCS Series Cameras - Insecure Crossdomain
QWR-1104 Wireless-N Router - Cross-Site Scripting
 2017-05-27 05:01:15 +00:00
Offensive Security
d77e2b2ada DB: 2017-05-26 
11 new exploits

Apple WebKit / Safari 10.0.3(12602.4.8) - 'WebCore::FrameView::scheduleRelayout' Use-After-Free
Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine
Mozilla Firefox < 53 - 'gfxTextRun' Out-of-Bounds Read
Mozilla Firefox < 53 - 'ConvolvePixel' Memory Disclosure

WinRAR 3.60 Beta 6 - (SFX Path) Local Stack Overflow
WinRAR 3.60 Beta 6 - SFX Path Local Stack Overflow

Ability Server 2.34 - FTP STOR Buffer Overflow
Ability Server 2.34 - FTP 'STOR' Buffer Overflow

TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow
TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Buffer Overflow

Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (3)
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (3)
MailEnable Enterprise Edition 1.1 - (EXAMINE) Buffer Overflow
Eudora Qualcomm WorldMail 3.0 - (IMAPd) Remote Overflow
MailEnable Enterprise Edition 1.1 - 'EXAMINE' Buffer Overflow
Eudora Qualcomm WorldMail 3.0 - 'IMAPd' Remote Overflow

Alt-N MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow
Alt-N MDaemon POP3 Server < 9.06 - 'USER' Remote Heap Overflow

HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow
HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Unauthenticated Overflow (SEH)

Microsoft Internet Explorer - XML Parsing Buffer Overflow (Windows Vista)
Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow

Eudora Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit)
Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Buffer Overflow (Metasploit)

qualcomm worldmail server 3.0 - Directory Traversal
Qualcomm WorldMail Server 3.0 - Directory Traversal

Samba 3.5.0 - Remote Code Execution

SolarWinds orion network performance monitor 10.2.2 - Multiple Vulnerabilities
SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities

Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php q Parameter' SQL Injection
Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php' q Parameter SQL Injection

PlaySMs 1.4 - 'import.php' Remote Code Execution
PlaySMS 1.4 - 'import.php' Remote Code Execution
Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting
WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting
WebKit - 'ContainerNode::parserInsertBefore' Universal Cross-Site Scripting
WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting
WebKit - Stealing Variables via Page Navigation in FrameLoader::clear
Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scripting
 2017-05-26 05:01:18 +00:00
Offensive Security
07c41df34d DB: 2017-05-25 
2 new exploits

Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE (PoC) (MS12-034)
Microsoft Windows XP - Keyboard Layouts Pool Corruption (PoC) (MS12-034)

Microsoft Internet Explorer 6 - HtmlDlgSafeHelper Remote Denial of Service
Microsoft Internet Explorer 6 - 'HtmlDlgSafeHelper' Remote Denial of Service

Dup Scout Enterprise 9.7.18 - '.xml' Local Buffer Overflow

NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion
 2017-05-25 05:01:17 +00:00
Offensive Security
2907a841a7 DB: 2017-05-24 
9 new exploits

Apple iOS/macOS - Memory Corruption Due to Bad Bounds Checking in NSCharacterSet Coding for NSKeyedUnarchiver
Apple iOS/macOS - NSUnarchiver Heap Corruption Due to Lack of Bounds Checking in [NSBuiltinCharacterSet initWithCoder:]
Apple iOS/macOS - NSKeyedArchiver Heap Corruption Due to Rounding Error in 'TIKeyboardLayout initWithCoder:'
Apple iOS/macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in 'CAMediaTimingFunctionBuiltin'
Apple iOS/macOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization
Apple iOS/macOS Kernel - Memory Disclosure Due to Lack of Bounds Checking in netagent Socket Option Handling
Apple macOS - Local Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization

KDE 4/5 - 'KAuth' Privilege Escalation

VX Search Enterprise 9.5.12 - GET Buffer Overflow (Metasploit)
 2017-05-24 05:01:19 +00:00
Offensive Security
bc7f6091d4 DB: 2017-05-23 
4 new exploits

Apple macOS - '32-bit syscall exit' Kernel Register Leak
Apple macOS - 'stackshot' Raw Frame Pointers
Linux Kernel 4.11 - eBPF Verifier Log Leaks Lower Half of map Pointer

VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Config Host Root Privilege Escalation

Joomla! 3.7.0 - 'com_fields' SQL Injection
Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC)
 2017-05-23 05:01:15 +00:00
Offensive Security
6351914249 DB: 2017-05-22 
5 new exploits

Sure Thing Disc Labeler 6.2.138.0 - Buffer Overflow (PoC)

Secure Auditor 3.0 - Directory Traversal
KMCIS CaseAware - Cross-Site Scripting
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
PlaySMs 1.4 - 'import.php' Remote Code Execution
 2017-05-22 05:01:18 +00:00
Offensive Security
df07287e80 DB: 2017-05-21 2017-05-21 05:01:16 +00:00
Offensive Security
3f846368c1 DB: 2017-05-20 
9 new exploits

Microsoft Windows - Unauthenticated SMB Remote Code Execution (MS17-010) (Metasploit)
Microsoft Windows - Unauthenticated SMB Remote Code Execution Scanner (MS17-010) (Metasploit)

Linux chfn (SuSE 9.3 / 10) - Privilege Escalation
Linux chfn (SuSE 9.3/10) - Privilege Escalation

Microsoft Windows XP SP3 x86 / 2003 SP2 (x86) - 'NDProxy' Privilege Escalation (MS14-002)
Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Privilege Escalation (MS14-002)

Microsoft Windows Server 2008 R2 SP1 (x64) (Standard) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)
Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)

Microsoft Windows Windows 8/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)

Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Joomla 3.7.0 - 'com_fields' SQL Injection
Oracle PeopleSoft - Server-Side Request Forgery
Belden Garrettcom 6K/10K Switches - Authentication Bypass / Memory Corruption
SAP Business One for Android 1.2.3 - XML External Entity Injection
ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass
PlaySMS 1.4 - Remote Code Execution
D-Link DIR-600M Wireless N 150 - Authentication Bypass
 2017-05-20 05:01:16 +00:00
Offensive Security
684c4e4362 DB: 2017-05-19 2017-05-19 05:01:15 +00:00
Offensive Security
94f7a8c8f5 DB: 2017-05-18 
15 new exploits

Apple iOS < 10.3.2 - Notifications API Denial of Service
Adobe Flash - AVC Deblocking Out-of-Bounds Read
Adobe Flash - Margin Handling Heap Corruption
Adobe Flash - Out-of-Bounds Read in Getting TextField Width
Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Mozilla Firefox 50 - 55 - Stack Overflow Denial of Service

Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation
Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit)
Serviio Media Server - checkStreamUrl Command Execution (Metasploit)
WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit)
Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution

Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes)
INFOR EAM 11.0 Build 201410 - 'filtervalue' SQL Injection
INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields
 2017-05-18 05:01:18 +00:00
Offensive Security
cf40ee3ab5 DB: 2017-05-17 
3 new exploits

LabF nfsAxe 3.7 FTP Client - Buffer Overflow (SEH)
Sophos Web Appliance 4.3.1.1 - Session Fixation
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities
 2017-05-17 05:01:16 +00:00
Offensive Security
7eac4c3a2c DB: 2017-05-16 
10 new exploits

Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH)
Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)
Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token
Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure
Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys

Quest Privilege Manager - pmmasterd Buffer Overflow (Metasploit)
PlaySms 1.4 - Remote Code Execution
Mailcow 0.14 - Cross-Site Request Forgery
Admidio 3.2.8 - Cross-Site Request Forgery
 2017-05-16 05:01:17 +00:00
Offensive Security
b8fcb1ba1f DB: 2017-05-14 
1 new exploits

Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege Escalation
 2017-05-14 05:01:18 +00:00
Offensive Security
66b205e6c7 DB: 2017-05-13 
3 new exploits

Cerberus FTP Server 1.x - Buffer Overflow Denial of Service
Palo Alto Networks PanOS root_trace - Privilege Escalation
Palo Alto Networks PanOS - root_reboot Privilege Escalation
Palo Alto Networks PanOS - 'root_trace' Privilege Escalation
Palo Alto Networks PanOS - 'root_reboot' Privilege Escalation

Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation
Linux Kernel 4.8.0 (Ubuntu) - Packet Socket Local Privilege Escalation
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation

Microsoft IIS WebDav - ScStoragePathFromUrl Overflow (Metasploit)
Microsoft IIS - WebDav 'ScStoragePathFromUrl' Overflow (Metasploit)
Vanilla Forums < 2.3 - Remote Code Execution

N-able N-central - Cross-Site Request Forgery

CMS Made Simple 2.1.6 - Multiple Vulnerabilities
 2017-05-13 05:01:18 +00:00
Offensive Security
b6bbf710eb DB: 2017-05-12 
5 new exploits

OpenVPN 2.4.0 - Unauthenticated Denial of Service

Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Privilege Escalation (3)

Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation

Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)
Microsoft Windows - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)

Microsoft IIS WebDav - ScStoragePathFromUrl Overflow (Metasploit)
 2017-05-12 05:01:18 +00:00
Offensive Security
5aee851cfb DB: 2017-05-11 
5 new exploits

PocketPC Mms Composer - (WAPPush) Denial of Service
PocketPC Mms Composer - 'WAPPush' Denial of Service

BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs)
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoC)

DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs)
DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoC)

otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs)
otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoC)

KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service) (PoC)

Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service

Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service

Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion

Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035)
Microsoft Internet Explorer 8/9/10 - 'CInput' Use-After-Free Crash (PoC) (MS14-035)

SAP SAPCAR 721.510 - Heap-Based Buffer Overflow

Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1)
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Privilege Escalation (1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)
Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)

HT Editor 2.0.20 - Buffer Overflow (ROP PoC)
HT Editor 2.0.20 - Buffer Overflow (ROP) (PoC)

Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities

Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation
Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Privilege Escalation

Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2)
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2)

Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1)

Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution

Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow (Metasploit)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit)

Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing
Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing

Netscape Enterprise Server_ Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities
Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities

Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2)
Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3)

Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)

Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)

Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion
Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion

visual tools dvr 3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities
Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities

Microsoft Internet Explorer 8 / 9 - Steal Any Cookie
Microsoft Internet Explorer 8/9 - Steal Any Cookie

PHPOpenChat 2.3.4/3.0.1 - ENGLISH_poc.php Remote File Inclusion
PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion

COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change
COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change

Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities

C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S_ DVR - Credentials Disclosure / Authentication Bypass
C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass

AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities
AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass
BanManager WebUI 1.5.8 - PHP Code Injection
Gongwalker API Manager 1.1 - Cross-Site Request Forgery
 2017-05-11 05:01:18 +00:00
Offensive Security
4e3947178d DB: 2017-05-10 
10 new exploits

LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls
LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers
LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflows
wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One
Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion
Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution
Crypttech CryptoLog - Remote Code Execution (Metasploit)
BSD/x86 - portbind port 31337 Shellcode (83 bytes)
BSD/x86 - portbind port random Shellcode (143 bytes)
BSD/x86 - Portbind Port 31337 Shellcode (83 bytes)
BSD/x86 - Portbind Random Port Shellcode (143 bytes)

BSD/x86 - execve /bin/sh Crypt /bin/sh Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes)

BSD/x86 - reverse 6969 portbind Shellcode (129 bytes)
BSD/x86 - Portbind Reverse 6969 Shellcode (129 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes)
FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Rortbind Reverse 127.0.0.1:8000 /bin/sh Shellcode (89 bytes)

FreeBSD/x86 - portbind 4883 with auth Shellcode (222 bytes)
FreeBSD/x86 - Portbind Port 4883 with Auth Shellcode (222 bytes)

FreeBSD/x86 - connect (Port 31337) Shellcode (102 bytes)
FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes)
Linux/x86 - execve Null Free Shellcode (Generator)
Linux/x86 - Portbind Payload Shellcode (Generator)
Windows XP SP1 - Portbind Payload Shellcode (Generator)
Linux/x86 - execve Null-Free Shellcode (Generator)
Linux/x86 - Portbind Shellcode (Generator)
Windows XP SP1 - Portbind Shellcode (Generator)

Linux/x86 - cmd Null Free Shellcode (Generator)
Linux/x86 - cmd Null-Free Shellcode (Generator)

Cisco IOS - Connectback (Port 21) Shellcode
Cisco IOS - Connectback Port 21 Shellcode

Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind Shellcode (276 bytes)
Linux/MIPS (Linksys WRT54G/GL) - Bind Port 4919 Shellcode (276 bytes)

Linux/SPARC - portbind port 8975 Shellcode (284 bytes)
Linux/SPARC - Portbind Port 8975 Shellcode (284 bytes)

Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - Binding Port 4444 Shellcode (xor-encoded) (152 bytes)
Linux/x86 - bindport 8000 & execve iptables -F Shellcode (176 bytes)
Linux/x86 - bindport 8000 & add user with root access Shellcode (225+ bytes)
Linux/x86 - 8000 Bind Port ASM Code Linux Shellcode (179 bytes)
Linux/x86 - Bind Port 8000 & Execve Iptables -F Shellcode (176 bytes)
Linux/x86 - Bind Port 8000 & Add User with Root Access Shellcode (225+ bytes)
Linux/x86 - Bind Port 8000 ASM Code Linux Shellcode (179 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture Shellcode (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Connectback Port 54321/UDP Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)

Linux/x86 - Connect Back Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes)
Linux/x86 - setuid/portbind (Port 31337) Shellcode (96 bytes)
Linux/x86 - portbind (2707) Shellcode (84 bytes)
Linux/x86 - setuid/portbind Port 31337 Shellcode (96 bytes)
Linux/x86 - Portbind 2707 Shellcode (84 bytes)

Linux/x86 - SET_PORT() portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - SET_PORT() Portbind 31337/TCP Shellcode (100 bytes)
Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) Shellcode (86 bytes)
Linux/x86 - Password Authentication Portbind 64713 Shellcode (166 bytes)
Linux/x86 - Portbind Port 64713 Shellcode (86 bytes)
Linux/x86 - portbind port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add user 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - Portbind Port 5074 toupper Shellcode (226 bytes)
Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - portbind port 5074 Shellcode (92 bytes)
Linux/x86 - portbind port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add user 't00r' Shellcode (82 bytes)
Linux/x86 - Portbind Port 5074 Shellcode (92 bytes)
Linux/x86 - Portbind Port 5074 + fork() Shellcode (130 bytes)
Linux/x86 - Add User 't00r' Shellcode (82 bytes)

Linux/x86-64 - bindshell port 4444 Shellcode (132 bytes)
Linux/x86-64 - Bindshell Port 4444 Shellcode (132 bytes)

NetBSD/x86 - callback Shellcode (port 6666) (83 bytes)
NetBSD/x86 - Callback Port 6666 Shellcode (83 bytes)

OpenBSD/x86 - portbind port 6969 Shellcode (148 bytes)
OpenBSD/x86 - Portbind Port 6969 Shellcode (148 bytes)

Solaris/SPARC - portbind (port 6666) Shellcode (240 bytes)
Solaris/SPARC - Portbind Port 6666 Shellcode (240 bytes)

Solaris/SPARC - portbind port 6789 Shellcode (228 bytes)
Solaris/SPARC - Portbind Port 6789 Shellcode (228 bytes)
Solaris/SPARC - portbinding Shellcode (240 bytes)
Solaris/x86 - portbind/TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free Shellcode (39 bytes)
Solaris/SPARC - Portbind Shellcode (240 bytes)
Solaris/x86 - Portbind TCP Shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null-Free Shellcode (39 bytes)

Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 Shellcode
Windows 5.0 < 7.0 x86 - Bind Shell Port 28876 Null-Free Shellcode

Win32 - telnetbind by Winexec 23 port Shellcode (111 bytes)
Win32 - Winexec Telnet Bind 23 Port Shellcode (111 bytes)

Win32 XP SP2 FR - Sellcode cmd.exe Shellcode (32 bytes)
Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes)

Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Download & Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)

Win32 - download and execute Shellcode (124 bytes)
Win32 - Download & Execute Shellcode (124 bytes)

Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes)
Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes)
Windows XP - download and exec source Shellcode
Windows XP SP1 - Portshell on port 58821 Shellcode (116 bytes)
Windows XP - Download & Exec Shellcode
Windows XP SP1 - Portshell Port 58821 Shellcode (116 bytes)

Win64 - (URLDownloadToFileA) download and execute Shellcode (218+ bytes)
Win64 - (URLDownloadToFileA) Download & Execute Shellcode (218+ bytes)
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 Shellcode
FreeBSD/x86 - portbind (Port 1337) Shellcode (167 bytes)
Win32 XP SP3 - Add Firewall Rule to Allow TCP Traffic on Port 445 Shellcode
FreeBSD/x86 - Portbind Port 1337 Shellcode (167 bytes)
Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes)
Windows XP Professional SP2 (English) - Message Box Null-Free Shellcode (16 bytes)
Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)

Win32 XP SP2 FR - calc Shellcode (19 bytes)
Win32 XP SP2 (FR) - calc Shellcode (19 bytes)
Win32 XP SP3 English - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 Turkish - cmd.exe Shellcode (26 bytes)
Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes)
Windows XP Home Edition SP2 English - calc.exe Shellcode (37 bytes)
Windows XP Home Edition SP3 English - calc.exe Shellcode (37 bytes)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)

Windows XP Professional SP2 ITA - calc.exe Shellcode (36 bytes)
Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes)

Windows XP SP2 FR - Download and Exec Shellcode
Windows XP SP2 (FR) - Download & Exec Shellcode

Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Windows 7 Professional SP1 x64 (FR) - (Beep) Shellcode (39 bytes)

Linux/x86 - netcat connect back port 8080 Shellcode (76 bytes)
Linux/x86 - Netcat Connectback Port 8080 Shellcode (76 bytes)
Linux/x86-64 - Add root user _shell-storm_ with password _leet_ Shellcode (390 bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86-64 - Add root user _shell-storm_ with password 'leet' Shellcode (390 bytes)
Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)

Linux/x86 - bind shell port 64533 Shellcode (97 bytes)
Linux/x86 - Bind Shell Port 64533 Shellcode (97 bytes)
Linux - 125 bind port to 6778 XOR encoded polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ polymorphic Shellcode (91 bytes)
Linux - 125 Bind Port 6778 XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes)
Linux/x86 - netcat bindshell port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes)
Linux/x86 - Netcat BindShell Port 8080 Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes)

BSD/x86 - bindshell on port 2525 Shellcode (167 bytes)
BSD/x86 - Bindshell Port 2525 Shellcode (167 bytes)

Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes)
Win32/XP Pro SP3 (EN) x86 - Add new local administrator _secuid0_ Shellcode (113 bytes)
Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes)
ARM - Bindshell port 0x1337 Shellcode
Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes)
Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes)
ARM - Bindshell Port 0x1337 Shellcode

OSX/Intel (x86-64) - setuid shell  Shellcode (51 bytes)
OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)

Win32 - speaking Shellcode
Win32 - Speaking 'You got pwned!' Shellcode

BSD/x86 - 31337 portbind + fork Shellcode (111 bytes)
BSD/x86 - 31337 Portbind + fork Shellcode (111 bytes)

Linux/x86 - netcat bindshell port 6666 Shellcode (69 bytes)
Linux/x86 - Netcat BindShell Port 6666 Shellcode (69 bytes)

Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes)
Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)

Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes)
Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)

Linux/MIPS - connect back Shellcode (port 0x7a69) (168 bytes)
Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)

Windows XP Pro SP3 - Full ROP calc Shellcode (428 bytes)
Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes)

Windows RT ARM - Bind Shell (Port 4444) Shellcode
Windows RT ARM - Bind Shell Port 4444 Shellcode

Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)
Windows - Add Administrator 'BroK3n' Shellcode (194 bytes)

Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User 'ALI' & Execute /bin/bash Obfuscated Shellcode (521 bytes)

Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (81 bytes / 96 bytes with password)
Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x86 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)

Windows XP x86-64 - Download & execute Shellcode (Generator)
Windows XP x86-64 - Download & Execute Shellcode (Generator)

Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes)
Linux/x86 - Bind Shell Port 33333/TCP Shellcode (96 bytes)

Win32/XP SP3 - Create (_file.txt_) Shellcode (83 bytes)
Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes)

Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)
Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes)

OSX/x86-64 - /bin/sh Null Free Shellcode (34 bytes)
OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes)

OSX/x86-64 - 4444/TPC port bind Nullfree Shellcode (144 bytes)
OSX/x86-64 - Bind Port 4444/TPC Null-free Shellcode (144 bytes)

Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)

Linux/x86-64 - Bindshell 31173 port with Password Shellcode (92 bytes)
Linux/x86-64 - Bindshell Port 31173 with Password Shellcode (92 bytes)

Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)
Windows XP < 10 - WinExec Null-Free Shellcode (Python) (Generator)

Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bind Port 4444/TCP Shellcode (103 bytes)

Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes)

Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)
Windows x86 - Download & Run via WebDAV Null-Free Shellcode (96 bytes)

Linux/x86-64 - bindshell (Port 5600) Shellcode (81 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (81 bytes)

Linux/x86-64 - bindshell (Port 5600) Shellcode (86 bytes)
Linux/x86-64 - Bindshell Port 5600 Shellcode (86 bytes)

Linux/x86 - Bind TCP Port 1472 (IPv6) Shellcode (1250 bytes)
Linux/x86 - Bind Port 1472/TCP (IPv6) Shellcode (1250 bytes)

Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes)
Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes)

Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)
Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes)

Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)
Linux/x86-64 - Reverse TCP Shell Null-Free Shellcode (134 bytes)
Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes)
Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)
Linux/x86 - Netcat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh Bind Port 9090/TCP Shellcode (96 bytes)
Linux/x86 - zsh Reverse Port 9090/TCP Shellcode (80 bytes)

Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86-64 - Bind Port 5600/TCP - Shellcode (87 bytes)
LogRhythm Network Monitor - Authentication Bypass / Command Injection
I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
 2017-05-10 05:01:16 +00:00
Offensive Security
6f37b94a66 DB: 2017-05-09 
5 new exploits

RPCBind / libtirpc - Denial of Service
Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH)
Xen 64bit PV Guest - pagetable use-after-type-change Breakout
Linux/x86 - Disable ASLR Shellcode (80 bytes)
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)
 2017-05-09 04:46:38 +00:00
Offensive Security
64159294a8 DB: 2017-05-06 
3 new exploits

CloudBees Jenkins 2.32.1 - Java Deserialization

Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free
Apple Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free

FOSS Gallery Public 1.0 - Arbitrary File Upload / Information (c99)
FOSS Gallery Public 1.0 - Arbitrary File Upload

1024 CMS 1.4.4 - Remote Command Execution with Remote File Inclusion (c99)
1024 CMS 1.4.4 - Remote Command Execution / Remote File Inclusion

ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion (c99)
ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion

C99Shell 1.0 Pre-Release build 16 - 'Ch99.php' Cross-Site Scripting
C99Shell 1.0 Pre-Release build 16 - 'ch99.php' Cross-Site Scripting

C99.php Shell - Authentication Bypass
C99 Shell - 'c99.php' Authentication Bypass
WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection
ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery
 2017-05-06 05:01:18 +00:00
Offensive Security
8f3ada9286 DB: 2017-05-05 
3 new exploits

Internet Explorer 11 - CMarkup::DestroySplayTree Use-After-Free
Microsoft Internet Explorer 11 - 'CMarkup::DestroySplayTree' Use-After-Free

Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free

WordPress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit
WordPress 2.6.1 - SQL Column Truncation Admin Takeover Exploit

WordPress Core & Plugins - Privileges Unchecked in admin.php / Multiple Information
WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures

WordPress 2.8.1 - (url) Cross-Site Scripting
WordPress 2.8.1 - 'url' Cross-Site Scripting

WordPress 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 NS8.1)
WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-comments-post.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-feed.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-trackback.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-comments-post.php' Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-feed.php' Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-trackback.php' Remote File Inclusion

WordPress 2.x - PHP_Self Cross-Site Scripting
WordPress < 2.1.2  - PHP_Self Cross-Site Scripting

WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection
WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection
WordPress 4.6 - Unauthenticated Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
 2017-05-05 05:01:18 +00:00
Offensive Security
b473ba51f3 DB: 2017-05-04 
5 new exploits

Internet Explorer 11 - CMarkup::DestroySplayTree Use-After-Free

Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
 2017-05-04 05:01:18 +00:00
Offensive Security
6515e26356 DB: 2017-05-03 
1 new exploits

MySQL <= 5.6.35 / <= 5.7.17 - Integer Overflow
MySQL < 5.6.35 / < 5.7.17 - Integer Overflow

Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit)

Tuleap Project Wiki 8.3 <= 9.6.99.86 - Command Injection
Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection
 2017-05-03 05:01:17 +00:00
Offensive Security
4aa75d9fe9 DB: 2017-05-02 
5 new exploits

MySQL <= 5.6.35 / <= 5.7.17 - Integer Overflow
HideMyAss Pro VPN Client for OS X 2.2.7.0 - Privilege Escalation
HideMyAss Pro VPN Client for macOS 3.x - Privilege Escalation
Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities
Tuleap Project Wiki 8.3 <= 9.6.99.86 - Command Injection
 2017-05-02 05:01:18 +00:00
Offensive Security
e4147fb21e DB: 2017-05-01 
5 new exploits

Panda Free Antivirus - 'PSKMAD.sys' Denial of Service
IrfanView 4.44 - Denial of Service
Emby MediaServer 3.2.5 - SQL Injection
Emby MediaServer 3.2.5 - Password Reset
Emby MediaServer 3.2.5 - Directory Traversal
 2017-05-01 05:01:18 +00:00
Offensive Security
72f98fab1c DB: 2017-04-28 
5 new exploits

Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption

Microsoft Office Word - Malicious Hta Execution (Metasploit)
Microsoft Office Word - '.RTF' Malicious HTA Execution (Metasploit)

Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)
TYPO3 News Module - SQL Injection
Simple File Uploader - Arbitrary File Download
Easy File Uploader - Arbitrary File Upload
 2017-04-28 05:01:19 +00:00
Offensive Security
0278b1993d DB: 2017-04-27 
1 new exploits

Oracle VM VirtualBox 3D Acceleration - Multiple Vulnerabilities
Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities

Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery
 2017-04-27 05:01:18 +00:00
Offensive Security
9e9bf495c2 DB: 2017-04-26 
26 new exploits

PHP 5.4.0RC6 (x64t) - Denial of Service
PHP 5.4.0RC6 (x64) - Denial of Service

Evostream Media Server 1.7.1 (x64) - Denial of Service

PrivateTunnel Client 2.8 - Local Buffer Overflow (SEH)
VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Dmitry 1.3a - Local Buffer Overflow
Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
Oracle VM VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write
Apple Safari - Array concat Memory Corruption
Oracle VirtualBox Guest Additions 5.1.18 -  Unprivileged Windows User-Mode Guest Code Double-Free
VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation
VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
Oracle VM VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation
Dell Customer Connect 1.3.28.0 - Privilege Escalation
LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation
Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation

Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit
Nginx 1.4.0 (Generic Linux x64) - Remote Exploit
Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution
Microsoft Office Word - Malicious Hta Execution (Metasploit)
WePresent WiPG-1000 - Command Injection (Metasploit)

OSX/Intel - setuid shell x86_64 Shellcode (51 bytes)
OSX/Intel (x86-64) - setuid shell  Shellcode (51 bytes)

OSX/Intel (x86_64) - reverse_tcp shell Shellcode (131 bytes)
OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes)
Linux x86 / x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86 / x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86 / x86_64 - Read /etc/passwd Shellcode (156 bytes)
Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)

Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)

Linux/x86-64 - Egghunter Shellcode (38 bytes)

Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery
WordPress Plugin KittyCatfish 2.2 - SQL Injection
WordPress Plugin Car Rental System 2.5 - SQL Injection
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection
WordPress Plugin Wow Forms 2.1 - SQL Injection
Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE
Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection
October CMS 1.0.412 - Multiple Vulnerabilities
 2017-04-26 05:01:18 +00:00
Offensive Security
dadce54852 DB: 2017-04-25 
1 new exploits

Microsoft Windows - 'afd.sys' (PoC) (MS11-046)
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)

Easy MOV Converter 1.4.24 - Local Buffer Overflow (SEH)
 2017-04-25 05:01:19 +00:00
g0tmi1k
a4fa3243c9 Merge pull request #88 from g0tmi1k/searchsploit 
Updated README output
 2017-04-24 16:23:21 +01:00
g0tmi1k
a0a08b85e3 Updated README output 2017-04-24 16:21:27 +01:00
Offensive Security
ebb6cf8831 DB: 2017-04-24 
2 new exploits

SquirrelMail < 1.4.22 - Remote Code Execution

Linux/x86 - Egg-hunter Shellcode (18 bytes)
 2017-04-24 05:01:21 +00:00
g0tmi1k
513d76a8b8 Merge pull request #86 from g0tmi1k/searchsploit 
Add brew update support
 2017-04-23 17:54:43 +01:00
Offensive Security
881dc9ebcc DB: 2017-04-22 2017-04-22 05:01:18 +00:00
g0tmi1k
0c3de08656 Add brew update support 2017-04-21 11:48:37 +01:00