bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1751 commits 1 branch 0 tags 292 MiB
Commit graph

150 commits

Author SHA1 Message Date
Offensive Security
f700c5347d DB: 2019-01-31 
8 changes to exploits/shellcodes

Advanced File Manager 3.4.1 - Denial of Service (PoC)
iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure
IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)
Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)
HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass)
HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH)
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass)

PDF Signer 3.0 - SSTI to RCE via CSRF Cookie
PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)
Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection

Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes)
 2019-01-31 05:01:49 +00:00
Offensive Security
b68cbec24d DB: 2019-01-29 
26 changes to exploits/shellcodes

Sricam gSOAP 2.8 - Denial of Service
Smart VPN 1.1.3.0 - Denial of Service (PoC)
MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)
BEWARD Intercom 2.3.1 - Credentials Disclosure
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference
CMSsite 1.0 - 'cat_id' SQL Injection
CMSsite 1.0 - 'search' SQL Injection
Cisco RV300 / RV320 - Information Disclosure
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
Newsbull Haber Script 1.0.0 - 'search' SQL Injection
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection
Teameyo Project Management System 1.0 - SQL Injection
Mess Management System 1.0 - SQL Injection
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection

Linux/x86 - exit(0) Shellcode (5 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2)
Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes)
Linux/ARM -  Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
 2019-01-29 05:01:52 +00:00
Offensive Security
5a69ff88a0 DB: 2019-01-26 
6 changes to exploits/shellcodes

Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
GreenCMS 2.x - SQL Injection
GreenCMS 2.x - Arbitrary File Download
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
 2019-01-26 05:01:42 +00:00
Offensive Security
6e7548ed0d DB: 2019-01-25 
10 changes to exploits/shellcodes

Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)

AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
Joomla! Component J-CruisePortal 6.0.4 - SQL Injection
Joomla! Component JHotelReservation 6.0.7 - SQL Injection
SimplePress CMS 1.0.7 - SQL Injection
SirsiDynix e-Library 3.5.x - Cross-Site Scripting
Splunk Enterprise 7.2.3 - Authenticated Custom App RCE
ImpressCMS 1.3.11 - 'bid' SQL Injection
Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
 2019-01-25 05:01:41 +00:00
Offensive Security
40d3df51a4 DB: 2019-01-19 
18 changes to exploits/shellcodes

Watchr 1.1.0.0 - Denial of Service (PoC)
One Search 1.1.0.0 - Denial of Service (PoC)
Eco Search 1.0.2.0 - Denial of Service (PoC)
7 Tik 1.0.1.0 - Denial of Service (PoC)
VPN Browser+ 1.1.0.0 - Denial of Service (PoC)
FastTube 1.0.1.0 - Denial of Service (PoC)
Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
Microsoft Edge Chakra - 'InitClass' Type Confusion
Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free
Webmin 1.900 - Remote Command Execution (Metasploit)
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion
phpTransformer 2016.9 - SQL Injection
phpTransformer 2016.9 - Directory Traversal
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload
 2019-01-19 05:01:57 +00:00
Offensive Security
fa261f0558 DB: 2019-01-17 
18 changes to exploits/shellcodes

Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
Roxy Fileman 1.4.5 - Arbitrary File Download
doorGets CMS 7.0 - Arbitrary File Download
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
 2019-01-17 05:01:45 +00:00
Offensive Security
518c704a2f DB: 2019-01-15 
32 changes to exploits/shellcodes

xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation

Hootoo HT-05 - Remote Code Execution (Metasploit)
Across DR-810 ROM-0 - Backup File Disclosure
i-doit CMDB 1.12 - Arbitrary File Download
i-doit CMDB 1.12 - SQL Injection
Horde Imp - 'imap_open' Remote Command Execution
Modern POS 1.3 - Arbitrary File Download
Modern POS 1.3 - SQL Injection
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
Find a Place CMS Directory 1.5 - SQL Injection
Cleanto 5.0 - SQL Injection
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
HealthNode Hospital Management System 1.0 - SQL Injection
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
ThinkPHP 5.X - Remote Command Execution
Real Estate Custom Script 2.0 - SQL Injection
Job Portal Platform 1.0 - SQL Injection
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
AudioCode 400HD - Command Injection
 2019-01-15 05:01:52 +00:00
Offensive Security
c2a1585898 DB: 2019-01-10 
10 changes to exploits/shellcodes

Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
MDwiki < 0.6.2 - Cross-Site Scripting
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
BlogEngine 3.3 - XML External Entity Injection

Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
 2019-01-10 05:01:43 +00:00
Offensive Security
deaee53895 DB: 2019-01-08 
19 changes to exploits/shellcodes

Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference
BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC)
SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)

KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation

Mailcleaner - Authenticated Remote Code Execution (Metasploit)
Embed Video Scripts - Persistent Cross-Site Scripting
All in One Video Downloader 1.2 - Authenticated SQL Injection
LayerBB 1.1.1 - Persistent Cross-Site Scripting
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting
Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection
Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)
 2019-01-08 05:01:58 +00:00
Offensive Security
e3c06fe0f7 DB: 2018-12-15 
16 changes to exploits/shellcodes

Angry IP Scanner 3.5.3 - Denial of Service (PoC)
UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC)

Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)
Cisco RV110W - Password Disclosure / Command Execution
Safari - Proxy Object Type Confusion (Metasploit)

Adminer 4.3.1 - Server-Side Request Forgery
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)
Huawei Router HG532e - Command Execution
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
Double Your Bitcoin Script Automatic - Authentication Bypass
 2018-12-15 05:01:46 +00:00
Offensive Security
a07949d1c7 DB: 2018-12-12 
21 changes to exploits/shellcodes

SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation

DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting

Tourism Website Blog - Remote Code Execution / SQL Injection
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
ZTE ZXHN H168N - Improper Access Restrictions
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting
Apache OFBiz 16.11.05 - Cross-Site Scripting
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
Adobe ColdFusion 2018 - Arbitrary File Upload

Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
 2018-12-12 05:01:43 +00:00
Offensive Security
60710bbfd9 DB: 2018-12-05 
19 changes to exploits/shellcodes

Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
Wireshark - 'find_signature' Heap Out-of-Bounds Read
Xorg X11 Server (AIX) - Local Privilege Escalation
Emacs - movemail Privilege Escalation (Metasploit)
OpenSSH < 7.7 - User Enumeration (2)
HP Intelligent Management - Java Deserialization RCE (Metasploit)
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
KeyBase Botnet 1.5 - SQL Injection
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting

Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
 2018-12-05 05:01:44 +00:00
Offensive Security
0a4925cc93 DB: 2018-12-04 
10 changes to exploits/shellcodes

Mozilla Firefox 63.0.1 - Denial of Service (PoC)
Budabot 4.0 - Denial of Service (PoC)

CyberArk 9.7 - Memory Disclosure
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
Apache Superset 0.23 - Remote Code Execution
Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
 2018-12-04 05:01:48 +00:00
Offensive Security
7cc86c322f DB: 2018-12-01 
8 changes to exploits/shellcodes

Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
VBScript - 'rtFilter' Out-of-Bounds Read
HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation

Apache Spark - Unauthenticated Command Execution (Metasploit)
Schneider Electric PLC - Session Calculation Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
 2018-12-01 05:01:40 +00:00
Offensive Security
dfd1e454e1 DB: 2018-11-28 
10 changes to exploits/shellcodes

MariaDB Client 10.1.26 - Denial of Service (PoC)
Arm Whois 3.11 - Buffer Overflow (ASLR)
Xorg X11 Server - SUID privilege escalation (Metasploit)
ELBA5 5.8.0 - Remote Code Execution
Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
Ticketly 1.0 - 'kind_id' SQL Injection
No-Cms 1.0 - 'order_by' SQL Injection
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
 2018-11-28 11:08:29 +00:00
Offensive Security
7967efda82 DB: 2018-11-22 
4 changes to exploits/shellcodes

macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)
Apple macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)
Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)
Ticketly 1.0 - 'name' SQL Injection
WordPress CherryFramework Themes 3.1.4 - Backup File Download
WebOfisi E-Ticaret V4 - 'urun' SQL Injection
 2018-11-22 05:01:42 +00:00
Offensive Security
268e737bb6 DB: 2018-11-16 
21 changes to exploits/shellcodes

Notepad3 1.0.2.350 - Denial of Service (PoC)

PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / Disable Functions Bypass

PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass
PHP 5.2.4 ionCube - 'ioncube_read_file' Safe Mode / Disable Functions Bypass

PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass
PHP 5.x COM - Safe Mode / Disable Functions Bypass

VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation
VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation

Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation
Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation

Libuser - 'roothelper' Privilege Escalation (Metasploit)
Libuser - 'roothelper' Local Privilege Escalation (Metasploit)

Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)
Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)

Sun Solaris 11.3 AVS - Local Kernel root Exploit
Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation
PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass
Webkit (Safari) - Universal Cross-site Scripting
Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting

PHP < 5.6.2 - 'Shellshock' 'disable_functions()' Bypass Command Injection
PHP < 5.6.2 - 'Shellshock' Safe Mode / Disable Functions Bypass / Command Injection

PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function
PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' Disable Functions Bypass / Load Dynamic Library

PHP Imagick 3.3.0 - disable_functions Bypass
Imagick 3.3.0 (PHP 5.4) - Disable Functions Bypass
Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)
PHP-Proxy 5.1.0 - Local File Inclusion
BitZoom 1.0 - 'rollno' SQL Injection
Net-Billetterie 2.9 - 'login' SQL Injection
Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection
EverSync 0.5 - Arbitrary File Download
Meneame English Pligg 5.8 - 'search' SQL Injection
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Simple E-Document 1.31 - 'username' SQL Injection
2-Plan Team 1.0.4 - Arbitrary File Upload
PHP Mass Mail 1.0 - Arbitrary File Upload
Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
 2018-11-16 05:01:40 +00:00
Offensive Security
3a6748b9d9 DB: 2018-11-13 
15 changes to exploits/shellcodes

HeidiSQL 9.5.0.5196 - Denial of Service (PoC)
CuteFTP 9.3.0.3 - Denial of Service (PoC)
Mongoose Web Server 6.9 - Denial of Service (PoC)
Data Center Audit 2.6.2 - 'username' SQL Injection
TufinOS 2.17 Build 1193 - XML External Entity Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
Nominas 0.27 - 'username' SQL Injection
 2018-11-13 05:01:42 +00:00
Offensive Security
363500a603 DB: 2018-11-06 
13 changes to exploits/shellcodes

Softros LAN Messenger 9.2 - Denial of Service (PoC)
Microsoft Internet Explorer 11 - Null Pointer Dereference
LiquidVPN 1.36 / 1.37 - Privilege Escalation
Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
SiAdmin 1.1 - 'id' SQL Injection
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
WebVet 0.1a - 'id' SQL Injection
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
Mongo Web Admin 6.0 - Information Disclosure
PHP Proxy 3.0.3 - Local File Inclusion
Royal TS/X - Information Disclosure
Voovi Social Networking Script 1.0 - 'user' SQL Injection
 2018-11-06 05:01:40 +00:00
Offensive Security
ef70ec156b DB: 2018-10-31 
22 changes to exploits/shellcodes

ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
SIPp 3.3.990 - Local Buffer Overflow (PoC)
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
xorg-x11-server 1.20.3 - Privilege Escalation
Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)

Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
Electricks eCommerce 1.0 - 'prodid' SQL Injection
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
Webiness Inventory 2.9 - Arbitrary File Upload
NETGEAR WiFi Router R6120 - Credential Disclosure
MyBB Downloads 2.0.3 - SQL Injection
Expense Management 1.0 - Arbitrary File Upload
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
Notes Manager 1.0 - Arbitrary File Upload
Instagram Clone 1.0 - Arbitrary File Upload
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
CI User Login and Management 1.0 - Arbitrary File Upload

Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)
 2018-10-31 05:01:53 +00:00
Offensive Security
dac8dd4731 DB: 2018-10-25 
15 changes to exploits/shellcodes

Adult Filter 1.0 - Denial of Service (PoC)

Microsoft Data Sharing - Local Privilege Escalation (PoC)

Webmin 1.5 - Web Brute Force (CGI)

exim 4.90 - Remote Code Execution
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
SG ERP 1.0 - 'info' SQL Injection
Fifa Master XLS 2.3.2 - 'usw' SQL Injection
Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
Apache OFBiz 16.11.04 - XML External Entity Injection
D-Link Routers - Command Injection
D-Link Routers - Plaintext Password
D-Link Routers - Directory Traversal

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes
 2018-10-25 05:01:46 +00:00
Offensive Security
635345499a DB: 2018-10-18 
15 changes to exploits/shellcodes

Git Submodule - Arbitrary Code Execution
Git Submodule - Arbitrary Code Execution (PoC)
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
Git Submodule - Arbitrary Code Execution

Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)

Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials
BigTree CMS 4.2.23 - Cross-Site Scripting
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
Time and Expense Management System 3.0 - 'table' SQL Injection
 2018-10-18 05:01:46 +00:00
Offensive Security
712d629b6b DB: 2018-10-17 
13 changes to exploits/shellcodes

Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
VLC Media Player - MKV Use-After-Free (Metasploit)
HotelDruid 2.2.4 - 'anno' SQL Injection
Navigate CMS 2.8.5 - Arbitrary File Download
Library CMS 2.1.1 - Cross-Site Scripting
Kados R10 GreenBee - 'release_id' SQL Injection
Vishesh Auto Index 3.1 - 'fid' SQL Injection
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
 2018-10-17 05:01:42 +00:00
Offensive Security
731dd0f423 DB: 2018-10-16 
22 changes to exploits/shellcodes

Snes9K 0.0.9z - Buffer Overflow (SEH)

NoMachine < 5.3.27 - Remote Code Execution

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
FLIR Brickstream 3D+ - RTSP Stream Disclosure
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure

CAMALEON CMS 2.4 - Cross-Site Scripting
Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
AlchemyCMS 4.1 - Cross-Site Scripting
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
College Notes Management System 1.0 - 'user' SQL Injection
Advanced HRM 1.6 - Remote Code Execution
Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
Academic Timetable Final Build 7.0 - Information Disclosure
KORA 2.7.0 - 'cid' SQL Injection
 2018-10-16 05:01:45 +00:00
Offensive Security
9d143a6b42 DB: 2018-10-13 
22 changes to exploits/shellcodes

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection
Wikidforum 2.20 - Cross-Site Scripting
WAGO 750-881 01.09.18 - Cross-Site Scripting
E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
Phoenix Contact WebVisit 6.40.00 - Password Disclosure
HaPe PKH 1.1 - 'id' SQL Injection
LUYA CMS 1.0.12 - Cross-Site Scripting
Phoenix Contact WebVisit 2985725 - Authentication Bypass
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
CAMALEON CMS 2.4 - Cross-Site Scripting
HaPe PKH 1.1 - Arbitrary File Upload
SugarCRM 6.5.26 - Cross-Site Scripting
FluxBB < 1.5.6 - SQL Injection
 2018-10-13 05:01:46 +00:00
Offensive Security
038ac7b860 DB: 2018-10-11 
4 changes to exploits/shellcodes

FileZilla 3.33 - Buffer Overflow (PoC)

WhatsApp - RTP Processing Heap Corruption

MicroTik RouterOS < 6.43rc3 - Remote Root

Ektron CMS 9.20 SP2 - Improper Access Restrictions
 2018-10-11 05:01:43 +00:00
Offensive Security
b311000a22 DB: 2018-10-09 
16 changes to exploits/shellcodes

net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)
net-snmp 5.7.3 - Authenticated Denial of Service (PoC)
Linux - Kernel Pointer Leak via BPF
Android - sdcardfs Changes current->fs Without Proper Locking
360 3.5.0.1033 - Sandbox Escape
Git Submodule - Arbitrary Code Execution
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)
Cisco Prime Infrastructure - Unauthenticated Remote Code Execution
Unitrends UEB - HTTP API Remote Code Execution (Metasploit)
Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
Imperva SecureSphere 13 - Remote Command Execution

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
 2018-10-09 05:01:44 +00:00
Offensive Security
b602c2f493 DB: 2018-10-07 
2 changes to exploits/shellcodes

Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure
 2018-10-07 05:02:05 +00:00
Offensive Security
21717894fe DB: 2018-10-06 
4 changes to exploits/shellcodes

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR & DEP Bypass)

NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR)
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities
ISPConfig < 3.1.13 - Remote Command Execution
Chamilo LMS 1.11.8 - Cross-Site Scripting

Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)
Linux/x86 - execve(/bin/sh) + ROT-N/Shift-N/XOR-N Encoded Shellcode (77 bytes)

Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)
Linux/x86 - execve(/bin/sh) + ROT-13/RShift-2/XOR Encoded Shellcode (44 bytes)

Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (50 byes)
Linux/x86 - execve(/bin/sh) + NOT/SHIFT-N/XOR-N Encoded Shellcode (50 byes)
 2018-10-06 05:01:59 +00:00
Offensive Security
05328d91a4 DB: 2018-10-04 
5 changes to exploits/shellcodes

FTP Voyager 16.2.0 - Denial of Service (PoC)

OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
Zechat 1.5 - 'uname' SQL Injection
Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection
Airties AIR5342 1.0.0.18 - Cross-Site Scripting
RICOH MP C1803 JPN Printer - Cross-Site Scripting
 2018-10-04 05:01:54 +00:00
Offensive Security
716ece3cc6 DB: 2018-10-02 
13 changes to exploits/shellcodes

Snes9K 0.0.9z - Denial of Service (PoC)
Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
H2 Database 1.4.196 - Remote Code Execution
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
Fork CMS 5.4.0 - Cross-Site Scripting
Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection
Education Website 1.0 - 'subject' SQL Injection
Singleleg MLM Software 1.0 - 'msg_id' SQL Injection
Binary MLM Software 1.0 - 'pid' SQL Injection
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
WUZHICMS 2.0 - Cross-Site Scripting
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
 2018-10-02 05:01:58 +00:00
Offensive Security
6efd01d5b6 DB: 2018-09-27 
5 changes to exploits/shellcodes

TransMac 12.2 - Denial of Service (PoC)
CrossFont 7.5 - Denial of Service (PoC)

Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath

Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)
 2018-09-27 05:01:58 +00:00
Offensive Security
4e39fa0f91 DB: 2018-09-26 
35 changes to exploits/shellcodes

WebKit - 'WebCore::SVGAnimateElementBase::resetAnimatedType' Use-After-Free
WebKit - 'WebCore::AXObjectCache::handleMenuItemSelected' Use-After-Free
WebKit - 'WebCore::Node::ensureRareData' Use-After-Free
WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read
WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free
WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free
WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free
WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free
WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free
Easy PhoroResQ 1.0 - Buffer Overflow
Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit)
Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH)

Collectric CMU 1.0 - 'lang' SQL injection
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
RICOH MP C2003 Printer - Cross-Site Scripting
Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection
Super Cms Blog Pro 1.0 - SQL Injection
Joomla! Component Raffle Factory 3.5.2 - SQL Injection
Joomla! Component Music Collection 3.0.3 - SQL Injection
Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection
Joomla! Component Questions 1.4.3 - SQL Injection
Joomla! Component Jobs Factory 2.0.4 - SQL Injection
Joomla! Component Social Factory 3.8.3 - SQL Injection
RICOH MP C6503 Plus Printer - Cross-Site Scripting
Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component Swap Factory 2.2.1 - SQL Injection
Joomla! Component Collection Factory 4.1.9 - SQL Injection
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection
Joomla! Component Timetable Schedule 3.6.8 - SQL Injection
RICOH MP 305+ Printer - Cross-Site Scripting
RICOH MP C406Z Printer - Cross-Site Scripting
Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection

Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) + sigaction() Shellcode (52 Bytes)
 2018-09-26 05:02:43 +00:00
Offensive Security
ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
 2018-09-25 05:01:51 +00:00
Offensive Security
c7cec74ceb DB: 2018-09-20 
6 changes to exploits/shellcodes

Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
LG SuperSign EZ CMS 2.5 - Local File Inclusion
 2018-09-20 05:01:45 +00:00
Offensive Security
29542c36ab DB: 2018-09-19 
7 changes to exploits/shellcodes

Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)
Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion
Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion

Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution

HongCMS 3.0.0 - SQL Injection
HongCMS 3.0.0 - (Authenticated) SQL Injection

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting

WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting

Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)
 2018-09-19 05:01:45 +00:00
Offensive Security
f1d68507cd DB: 2018-09-18 
7 changes to exploits/shellcodes

XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
Notebook Pro 2.0 - Denial Of Service (PoC)
Oracle VirtualBox Manager 5.2.18 r124319  - 'Name Attribute' Denial of Service (PoC)
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)

CA Release Automation NiMi 6.5 - Remote Command Execution

Gitweb 1.7.3.3 - Cross-Site Scripting
gitWeb 1.7.3.3 - Cross-Site Scripting
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection

Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)
Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes)
Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes)
Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes)
Linux/x86 - Read File (/etc/passwd) + MSF Optimized Shellcode (61 bytes)
Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)
Linux/x86 - echo _Hello World_ + Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
 2018-09-18 05:01:45 +00:00
Offensive Security
b42759b8b8 DB: 2018-09-13 
15 changes to exploits/shellcodes

jiNa OCR Image to Text 1.0 - Denial of Service (PoC)
PixGPS 1.1.8 - Denial of Service (PoC)
RoboImport 1.2.0.72 - Denial of Service (PoC)
PicaJet FX 2.6.5 - Denial of Service (PoC)
iCash 7.6.5 - Denial of Service (PoC)
PDF Explorer 1.5.66.2 - Denial of Service (PoC)
Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC)
Apple macOS 10.13.4 - Denial of Service (PoC)
CirCarLife SCADA 4.3.0 - Credential Disclosure
Rubedo CMS 3.4.0 - Directory Traversal
SynaMan 4.0 build 1488 - Authenticated Cross-Site Scripting (XSS)
SynaMan 4.0 build 1488 - SMTP Credential Disclosure
IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection
MyBB 1.8.17 - Cross-Site Scripting
LG Smart IP Camera 1508190 - Backup File Download
 2018-09-13 05:01:52 +00:00
Offensive Security
87053f010c DB: 2018-09-11 
12 changes to exploits/shellcodes

SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH)
Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH)
Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Zenmap (Nmap) 7.70 - Denial of Service (PoC)
Ghostscript - Failed Restore Command Execution (Metasploit)
VirtualBox 5.2.6.r120293 - VM Escape

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities
RPi Cam Control < 6.3.14 - Multiple Vulnerabilities
LW-N605R 12.20.2.1486 - Remote Code Execution
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
 2018-09-11 05:01:54 +00:00
Offensive Security
76af808136 DB: 2018-09-08 
6 changes to exploits/shellcodes

DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH)
iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow (SEH)

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution

D-Link Dir-600M N150 - Cross-Site Scripting
MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection
Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
QNAP Photo Station 5.7.0 - Cross-Site Scripting
 2018-09-08 05:01:54 +00:00
Offensive Security
8379495e8e DB: 2018-09-07 
10 changes to exploits/shellcodes

Cisco Umbrella Roaming Client 2.0.168 - Privilege Escalation

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)

Tenda ADSL Router D152 - Cross-Site Scripting
Jorani Leave Management 0.6.5 - Cross-Site Scripting
Jorani Leave Management 0.6.5 - 'startdate' SQL Injection
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
Online Quiz Maker 1.0 - 'catid' SQL Injection
Logicspice FAQ Script 2.9.7 - Remote Code Execution
PHP File Browser Script 1 - Directory Traversal
Online Quiz Maker 1.0 - 'catid' SQL Injection
D-Link Dir-600M N150 - Cross-Site Scripting
Logicspice FAQ Script 2.9.7 - Remote Code Execution
PHP File Browser Script 1 - Directory Traversal
 2018-09-07 05:01:55 +00:00
Offensive Security
32f471140a DB: 2018-09-06 
18 changes to exploits/shellcodes

Microsoft people 10.1807.2131.0 - Denial of service (PoC)

GNU glibc < 2.27 - Local Buffer Overflow

UltraISO 9.7.1.3519 - Buffer Overflow (SEH)

JBoss 4.2.x/4.3.x - Information Disclosure

Git < 2.17.1 - Remote Code Execution

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

Monstra CMS 3.0.4 - Remote Code Execution

OpenDaylight - SQL Injection
Tenda ADSL Router D152 - Cross-Site Scripting

Pivotal Spring Java Framework < 5.0 - Remote Code Execution
 2018-09-06 05:01:55 +00:00
Offensive Security
925b2171f4 DB: 2018-09-04 
10 changes to exploits/shellcodes

VSAXESS V2.6.2.70 build20171226_053 - 'Nickname' Denial of Service (PoC)
Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC)
D-Link DIR-615 - Denial of Service (PoC)
Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC)
Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)
Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC)
Wikipedia 12.0 - Denial of Service (PoC)
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting
Vox TG790 ADSL Router - Cross-Site Scripting
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting
Vox TG790 ADSL Router - Cross-Site Scripting
FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection
Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)
Online Quiz Maker 1.0 - 'catid' SQL Injection
 2018-09-04 05:01:55 +00:00
Offensive Security
a0f0afa2de DB: 2018-09-01 
5 changes to exploits/shellcodes

Acunetix WVS Reporter 10.0 - Denial of Service (PoC)
Argus Surveillance DVR 4.0.0.0 - Privilege Escalation
Network Manager VPNC - Username Privilege Escalation (Metasploit)
Vox TG790 ADSL Router - Cross-Site Scripting
DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)
 2018-09-01 05:01:55 +00:00
Offensive Security
011bb3564a DB: 2018-08-31 
8 changes to exploits/shellcodes

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC)
Nord VPN 6.14.31 - Denial of Service (PoC)
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
DLink DIR-601 - Credential Disclosure
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting

Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
 2018-08-31 05:01:57 +00:00
Offensive Security
444206a6be DB: 2018-08-30 
21 changes to exploits/shellcodes

NASA openVSP 3.16.1 - Denial of Service (PoC)
Immunity Debugger 1.85 - Denial of Service (PoC)
ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)
Fathom 2.4 - Denial Of Service (PoC)
Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)
Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)
HD Tune Pro 5.70 - Denial of Service (PoC)
Drive Power Manager 1.10 - Denial Of Service (PoC)
Easy PhotoResQ 1.0 - Denial Of Service (PoC)
Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC)
SIPP 3.3 - Stack-Based Buffer Overflow
R 3.4.4 - Buffer Overflow (SEH)

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure
phpMyAdmin 4.7.x - Cross-Site Request Forgery
Episerver 7 patch 4 - XML External Entity Injection
Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes)
Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode
Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes)
Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)
 2018-08-30 05:01:54 +00:00
Offensive Security
18e2848633 DB: 2018-08-28 
25 changes to exploits/shellcodes

Firefox 55.0.3 - Denial of Service (PoC)
Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)
Libpango 1.40.8 - Denial of Service (PoC)
Adobe Flash - AVC Processing Out-of-Bounds Read

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
CuteFTP 5.0 - Buffer Overflow
Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

OpenSSH 7.7 - Username Enumeration
OpenSSH 2.3 < 7.7 - Username Enumeration
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (2)
Node.JS - 'node-serialize' Remote Code Execution
Electron WebPreferences - Remote Code Execution
HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

Auditor Website 2.0.1 - Cross-Site Scripting
Basic B2B Script 2.0.0 - Cross-Site Scripting
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting

Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
LiteCart 2.1.2 - Arbitrary File Upload
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
Responsive FileManager < 9.13.4 - Directory Traversal
WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection
 2018-08-28 05:01:59 +00:00
Offensive Security
1ebf504a96 DB: 2018-08-25 
2 changes to exploits/shellcodes

SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
 2018-08-25 05:01:56 +00:00
Offensive Security
b81a1d9d72 DB: 2018-08-23 
12 changes to exploits/shellcodes

Textpad 7.6.4 - Denial Of Service (PoC)
UltraISO 9.7.1.3519 - Denial Of Service (PoC)
Easyboot 6.6.0 - Denial Of Service (PoC)
Softdisk 3.0.3 - Denial Of Service (PoC)

Soroush IM Desktop App 0.17.0 - Authentication Bypass
Project64 2.3.2 - Buffer Overflow (SEH)
Ghostscript - Multiple Vulnerabilities
Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation

OpenSSH 2.3 < 7.4 - Username Enumeration (PoC)
OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)

Geutebrueck re_porter 7.8.974.20 - Credential Disclosure
ZyXEL VMG3312-B10B - Cross-Site Scripting
KingMedia 4.1 - Remote Code Execution
Geutebrueck re_porter 16 - Cross-Site Scripting
 2018-08-23 05:01:49 +00:00
Offensive Security
8750f2fdd7 DB: 2018-08-22 
6 changes to exploits/shellcodes

Project64 2.3.2 - Denial Of Service (PoC)

Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution
Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code Execution
OpenSSH 7.7 - Username Enumeration

WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
Twitter-Clone 1 - 'userid' SQL Injection
Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)
Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
 2018-08-22 05:01:45 +00:00