bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1481 commits 1 branch 0 tags 292 MiB
Commit graph

6 commits

Author SHA1 Message Date
Offensive Security
d1b70e7a13 DB: 2018-01-25 
8 changes to exploits/shellcodes

RAVPower 2.000.056 - Memory Disclosure

Acunetix WVS 10 - Local Privilege Escalation
Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit)
Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape
Blizzard Update Agent - JSON RPC DNS Rebinding

NoMachine 5.3.9 - Local Privilege Escalation

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)

Acunetix WVS 10 - Remote Command Execution
RAVPower 2.000.056 - Root Remote Code Execution
Kaltura - Remote PHP Code Execution over Cookie (Metasploit)
GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit)

Vodafone Mobile Wifi - Reset Admin Password

Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution
Professional Local Directory Script 1.0 - SQL Injection
WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure
 2018-01-25 05:01:47 +00:00
Offensive Security
81d6f781ab DB: 2018-01-12 
31 changes to exploits/shellcodes

MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service
Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon
Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass
Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation
Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege Escalation
macOS - 'process_policy' Stack Leak Through Uninitialized Field
Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read

Jungo Windriver 12.5.1 - Privilege Escalation
Jungo Windriver 12.5.1 - Local Privilege Escalation
Parity Browser < 1.6.10 - Bypass Same Origin Policy
Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping

VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution
VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' Man In The Middle Remote Code Execution

Granding MA300 - Traffic Sniffing MitM Fingerprint PIN Disclosure
Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure
LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit)
phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit)

eVestigator Forensic PenTester - MITM Remote Code Execution
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution

BestSafe Browser - MITM Remote Code Execution
BestSafe Browser - Man In The Middle Remote Code Execution
SKILLS.com.au Industry App - MITM Remote Code Execution
Virtual Postage (VPA) - MITM Remote Code Execution
SKILLS.com.au Industry App - Man In The Middle Remote Code Execution
Virtual Postage (VPA) - Man In The Middle Remote Code Execution

Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution
Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution
SAP NetWeaver J2EE Engine 7.40 - SQL Injection
D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution

FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes)
BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes)

FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes)
FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes)
Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode
HPUX - execve /bin/sh Shellcode (58 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode
HP-UX - execve /bin/sh Shellcode (58 bytes)

OpenBSD/x86 - execve /bin/sh Shellcode (23 Bytes)
OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes)
ARM - Bind TCP Shell (0x1337/TCP) Shellcode
ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
ARM - ifconfig eth0 192.168.0.2 up Shellcode
Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode
Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode

FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes)

Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 Bytes)
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes)

Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes)

Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes)

Linux/x86 - exceve /bin/sh Encoded Shellcode (44 Bytes)
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)
FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes)
FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes)
FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)
FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes)
FreeBSD - reboot() Shellcode (15 Bytes)
IRIX - execve(/bin/sh -c) Shellcode (72 bytes)
IRIX - execve(/bin/sh) Shellcode (43 bytes)
IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes)
IRIX - execve(/bin/sh) Shellcode (68 bytes)
IRIX - stdin-read Shellcode (40 bytes)
Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)

Linux/x86 - Read /etc/passwd Shellcode (54 Bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (21 Bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
 2018-01-12 05:02:17 +00:00
Offensive Security
f93f05e46f DB: 2017-12-20 
12 changes to exploits/shellcodes

Microsoft Windows - 'jscript!NameTbl::GetValDef' Use-After-Free
Microsoft Internet Explorer 11 - 'jscript!JSONStringifyObject' Use-After-Free
Microsoft Windows - 'jscript!RegExpComp::Compile' Heap Overflow Through IE or Local Network via WPAD
Microsoft Windows - jscript.dll 'Array.sort' Heap Overflow
Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable
Microsoft Windows - 'jscript!RegExpFncObj::LastParen' Out-of-Bounds Read
Intel Content Protection HECI Service - Type Confusion Privilege Escalation

TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC)
Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit)
Jenkins - XStream Groovy classpath Deserialization (Metasploit)
BrightSign Digital Signage - Multiple Vulnerablities
Joomla! Component NextGen Editor 2.1.0 - 'plname' SQL Injection
 2017-12-20 05:02:22 +00:00
Offensive Security
f76fbb1072 DB: 2017-12-19 
19 changes to exploits/shellcodes

CDex 1.96 - Buffer Overflow
Zoom Linux Client 2.0.106600.0904 - Command Injection
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow

Firejail - Local Privilege Escalation

Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape

Linux kernel < 4.10.15 - Race Condition Privilege Escalation
Outlook for Android - Attachment Download Directory Traversal
Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit)
GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution

Joomla! Component Guru Pro - SQL Injection
Joomla! Component Guru Pro - 'Itemid' SQL Injection
Joomla! Component User Bench 1.0 - 'userid' SQL Injection
Joomla! Component My Projects 2.0 - SQL Injection
vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution
vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion
Linksys WVBR0 - 'User-Agent' Remote Command Injection
Joomla! Component JB Visa 1.0 - 'visatype' SQL Injection
Joomla! Component Guru Pro - 'promocode' SQL Injection

Monstra CMS 3.0.4 - Arbitrary File Upload / Remote Code Execution
 2017-12-19 05:02:17 +00:00
Offensive Security
ed1c4edf3e DB: 2017-12-15 
13 changes to exploits/shellcodes

Dup Scout Enterprise 10.0.18 - 'Input Directory' Local Buffer Overflow (SEH)
Microsoft Office - DDE Payload Delivery (Metasploit)
Dup Scout Enterprise - Login Buffer Overflow (Metasploit)
pfSense 2.4.1 - CSRF Error Page Clickjacking (Metasploit)
Palo Alto Networks Firewalls - Remote root Code Execution
Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection
Joomla! Component JEXTN Video Gallery 3.0.5 - 'id' SQL Injection
Readymade Video Sharing Script 3.2 - HTML Injection
Paid To Read Script 2.0.5 - 'uid' / 'fnum' / 'fn' SQL Injection
FS Lynda Clone 1.0 - SQL Injection
Bus Booking Script 1.0 - 'txtname' SQL Injection
Piwigo 2.9.1 - 'cat_true' / 'cat_false' SQL Injection
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit)
 2017-12-15 05:02:23 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00