bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2271 commits 1 branch 0 tags 282 MiB
Commit graph

315 commits

Author SHA1 Message Date
Offensive Security
3d73ec60b6 DB: 2018-01-06 
23 changes to exploits/shellcodes

Emulive Server4 7560 - Remote Denial of Service
Emulive Server4 Build 7560 - Remote Denial of Service

ShareCenter D-Link DNS-320 - Remote reboot/shutdown/reset (Denial of Service)
D-Link DNS-320 ShareCenter - Remote Reboot/Shutdown/Reset (Denial of Service)

DNS4Me 3.0 - Denial of Service / Cross-Site Scripting

EmuLive Server4 - Authentication Bypass / Denial of Service
GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow
Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache

VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit)
keene digital media server 1.0.2 - Directory Traversal variant
Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting
Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting
Xedus Web Server 1.0 - Traversal Arbitrary File Access
Keene Digital Media Server 1.0.2 - Directory Traversal
Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting
Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting
Xedus Web Server 1.0 - Traversal Arbitrary File Access
D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access
WDMyCloud < 2.30.165 - Multiple Vulnerabilities
Ayukov NFTP FTP Client 2.0 - Buffer Overflow (Metasploit)
Cisco IOS - Remote Code Execution

Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection

WordPress 1.5.1.2 - xmlrpc Interface SQL Injection
WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection

MySQL Eventum 1.5.5 - 'login.php' SQL Injection

PHP live helper 2.0.1 - Multiple Vulnerabilities
PHP Live Helper 2.0.1 - Multiple Vulnerabilities

Zen Cart 1.3.9f (typefilter) - Local File Inclusion
Zen Cart 1.3.9f - 'typefilter' Local File Inclusion

phpWebSite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting
phpWebSite 0.7.3/0.8.x/0.9.x Comment Module - 'CM_pid' Cross-Site Scripting

YaBB 1.x/9.1.2000 - YaBB.pl IMSend Cross-Site Scripting
YaBB 1.x/9.1.2000 - 'YaBB.pl IMSend' Cross-Site Scripting
SugarCRM 1.x/2.0 Module - 'record' SQL Injection
SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access
SugarCRM 1.x/2.0 Module - 'record' SQL Injection
SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access
phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection
phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections
phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection
phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections
Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting
Kayako eSupport 2.x - Ticket System Multiple SQL Injections
Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting
Kayako eSupport 2.x - Ticket System Multiple SQL Injections

Kayako ESupport 2.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

Double Choco Latte 0.9.3/0.9.4 - 'main.php' Arbitrary PHP Code Execution

PHPCOIN 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access
phpCoin 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access
ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion
ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting
ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting
ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion
ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting
ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting
Yappa-ng 1.x/2.x - Remote File Inclusion
Yappa-ng 1.x/2.x - Cross-Site Scripting
Yappa-ng 1.x/2.x - Remote File Inclusion
Yappa-ng 1.x/2.x - Cross-Site Scripting

Notes Module for phpBB - SQL Injection
phpBB Notes Module - SQL Injection
osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities
SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities
osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities
SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities

Help Center Live 1.0/1.2.x - Multiple Input Validation Vulnerabilities
HelpCenter Live! 1.0/1.2.x - Multiple Input Validation Vulnerabilities

FusionBB 0.x - Multiple Input Validation Vulnerabilities
Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection
Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities
Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection
Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities

osCommerce 2.1/2.2 - Multiple HTTP Response Splitting Vulnerabilities

PAFaq - Question Cross-Site Scripting

PAFaq - Administrator 'Username' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections
UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection
UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection
Kayako LiveResponse 2.0 - 'index.php?Username' Cross-Site Scripting
Kayako LiveResponse 2.0 - 'index.php' Calendar Feature Multiple SQL Injections
Kayako Live Response 2.0 - 'index.php?Username' Cross-Site Scripting
Kayako Live Response 2.0 - 'index.php' Calendar Feature Multiple SQL Injections
MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting
MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting
MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting
MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting
MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting
MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting

RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection

EyeOS 0.8.x - Session Remote Command Execution
eyeOS 0.8.x - Session Remote Command Execution

CPAINT 1.3/2.0 - 'TYPE.php' Cross-Site Scripting
CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting

XMB Forum 1.8/1.9 - 'u2u.php?Username' Cross-Site Scripting

Zen Cart Web Shopping Cart 1.x - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion
Zen Cart Web Shopping Cart 1.3.0.2 - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion

osCommerce 2.1/2.2 - 'product_info.php' SQL Injection

CakePHP 1.1.7.3363 - 'Vendors.php' Directory Traversal

HAMweather 3.9.8 - 'template.php' Script Code Injection

Kayako SupportSuite 3.0.32 - PHP_SELF Trigger_Error Function Cross-Site Scripting
Kayako SupportSuite 3.0.32 - 'PHP_SELF Trigger_Error' Function Cross-Site Scripting

Jamroom 3.3.8 - Cookie Authentication Bypass
Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting
Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting
Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection
Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting
Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting
Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection

Vanilla 1.1.4 - HTML Injection / Cross-Site Scripting

UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
Zen Cart < 1.3.8a - SQL Injection
PHP Topsites < 2.2 - Multiple Vulnerabilities
phpLinks < 2.1.2 - Multiple Vulnerabilities
P-Synch < 6.2.5 - Multiple Vulnerabilities
WinMX < 2.6 - Design Error
FTP Service < 1.2 - Multiple Vulnerabilities
MegaBrowser < 0.71b - Multiple Vulnerabilities
Max Web Portal < 1.30 - Multiple Vulnerabilities
Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities
Gespage 7.4.8 - SQL Injection

Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)
 2018-01-06 05:02:14 +00:00
Offensive Security
b768a6ef6c DB: 2018-01-05 
5 changes to exploits/shellcodes

Multiple CPUs - 'Spectre' Information Disclosure (PoC)
Iopsys Router - 'dhcp' Remote Code Execution
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit)
Xplico - Remote Code Execution (Metasploit)
 2018-01-05 05:02:22 +00:00
Offensive Security
f6c5c427c3 DB: 2018-01-02 
5 changes to exploits/shellcodes

Apple macOS - IOHIDSystem Kernel Read/Write
HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit)
Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit)
Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit)

Huawei Router HG532 - Arbitrary Command Execution
 2018-01-02 05:02:10 +00:00
Offensive Security
26a51e4657 DB: 2017-12-31 
2 changes to exploits/shellcodes

COMTREND ADSL Router CT-5367 - Remote Code Execution
 2017-12-31 05:02:21 +00:00
Offensive Security
267f841bd8 DB: 2017-12-28 
9 changes to exploits/shellcodes

Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service
SysGauge Server 3.6.18 - Denial of Service
ALLMediaServer 0.95 - Buffer Overflow

Sony Playstation 4 4.05 FW - Local Kernel Loader
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
Easy!Appointments 1.2.1 - Cross-Site Scripting
Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery
Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download
 2017-12-28 05:02:19 +00:00
Offensive Security
b91055c9da DB: 2017-12-27 
8 changes to exploits/shellcodes

GetGo Download Manager 5.3.0.2712 - Buffer Overflow

Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation

COMTREND ADSL Router CT-5367 - Remote Code Execution
Joomla! Component JEXTN FAQ Pro 4.0.0 - 'id' SQL Injection
Biometric Shift Employee Management System 3.0 - Local File Disclosure
Sendroid < 6.5.0 - SQL Injection
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection

Cells Blog 3.5 - 'bgid' / 'fmid' / 'fnid' SQL Injection
 2017-12-27 05:02:31 +00:00
Offensive Security
f0d075a5de DB: 2017-12-22 
6 changes to exploits/shellcodes

Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - 'NET::Ftp' Command Injection

Zabbix Agent 3.0.1 - mysql.size Shell Command Injection
Zabbix Agent 3.0.1 - 'mysql.size' Shell Command Injection
Cisco IOS 12.2 < 12.4 /  15.0 < 15.6 - Security Association Negotiation Request Device Memory
Technicolor DPC3928SL - SNMP Authentication Bypass
Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor
Netcore / Netis Routers - UDP Backdoor

NETGEAR R7000 - Command Injection
NETGEAR R7000 - Command Injection (PoC)

Conarc iChannel - Improper Access Restrictions
 2017-12-22 05:02:19 +00:00
Offensive Security
f93f05e46f DB: 2017-12-20 
12 changes to exploits/shellcodes

Microsoft Windows - 'jscript!NameTbl::GetValDef' Use-After-Free
Microsoft Internet Explorer 11 - 'jscript!JSONStringifyObject' Use-After-Free
Microsoft Windows - 'jscript!RegExpComp::Compile' Heap Overflow Through IE or Local Network via WPAD
Microsoft Windows - jscript.dll 'Array.sort' Heap Overflow
Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable
Microsoft Windows - 'jscript!RegExpFncObj::LastParen' Out-of-Bounds Read
Intel Content Protection HECI Service - Type Confusion Privilege Escalation

TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC)
Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit)
Jenkins - XStream Groovy classpath Deserialization (Metasploit)
BrightSign Digital Signage - Multiple Vulnerablities
Joomla! Component NextGen Editor 2.1.0 - 'plname' SQL Injection
 2017-12-20 05:02:22 +00:00
Offensive Security
f76fbb1072 DB: 2017-12-19 
19 changes to exploits/shellcodes

CDex 1.96 - Buffer Overflow
Zoom Linux Client 2.0.106600.0904 - Command Injection
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow

Firejail - Local Privilege Escalation

Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape

Linux kernel < 4.10.15 - Race Condition Privilege Escalation
Outlook for Android - Attachment Download Directory Traversal
Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit)
GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution

Joomla! Component Guru Pro - SQL Injection
Joomla! Component Guru Pro - 'Itemid' SQL Injection
Joomla! Component User Bench 1.0 - 'userid' SQL Injection
Joomla! Component My Projects 2.0 - SQL Injection
vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution
vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion
Linksys WVBR0 - 'User-Agent' Remote Command Injection
Joomla! Component JB Visa 1.0 - 'visatype' SQL Injection
Joomla! Component Guru Pro - 'promocode' SQL Injection

Monstra CMS 3.0.4 - Arbitrary File Upload / Remote Code Execution
 2017-12-19 05:02:17 +00:00
Offensive Security
cfef56c321 DB: 2017-12-16 
5 changes to exploits/shellcodes

MikroTik RouterBoard 6.39.2 / 6.40.5 DNS - Denial of Service

Sync Breeze 10.2.12 - Denial of Service
ITGuard-Manager 0.0.0.1 - Remote Code Execution
Movie Guide 2.0 - SQL Injection
 2017-12-16 05:02:18 +00:00
Offensive Security
ed1c4edf3e DB: 2017-12-15 
13 changes to exploits/shellcodes

Dup Scout Enterprise 10.0.18 - 'Input Directory' Local Buffer Overflow (SEH)
Microsoft Office - DDE Payload Delivery (Metasploit)
Dup Scout Enterprise - Login Buffer Overflow (Metasploit)
pfSense 2.4.1 - CSRF Error Page Clickjacking (Metasploit)
Palo Alto Networks Firewalls - Remote root Code Execution
Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection
Joomla! Component JEXTN Video Gallery 3.0.5 - 'id' SQL Injection
Readymade Video Sharing Script 3.2 - HTML Injection
Paid To Read Script 2.0.5 - 'uid' / 'fnum' / 'fn' SQL Injection
FS Lynda Clone 1.0 - SQL Injection
Bus Booking Script 1.0 - 'txtname' SQL Injection
Piwigo 2.9.1 - 'cat_true' / 'cat_false' SQL Injection
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit)
 2017-12-15 05:02:23 +00:00
Offensive Security
9cea53a35b DB: 2017-12-12 
35 changes to exploits/shellcodes

MikroTik RouterBoard 6.39.2 / 6.40.5 DNS - Denial of Service
MikroTik 6.40.5 ICMP - Denial of Service
iOS/macOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules
macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures
macOS - 'getrusage' Stack Leak Through struct Padding
macOS - 'necp_get_socket_attributes' so_pcb Type Confusion
LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow

Entrepreneur Dating Script 2.0.1 - 'marital' / 'gender' / 'country' / 'profileid' SQL Injection
Secure E-commerce Script 2.0.1 - 'searchcat' / 'searchmain' SQL Injection
Laundry Booking Script 1.0 - 'list?city' SQL Injection
Lawyer Search Script 1.1 - 'lawyer-list?city' SQL Injection
Multivendor Penny Auction Clone Script 1.0 - SQL Injection
Online Exam Test Application Script 1.6 - 'exams.php?sort' SQL Injection
Opensource Classified Ads Script 3.2 - SQL Injection
PHP Multivendor Ecommerce 1.0 - 'sid' / 'searchcat' / 'chid1' SQL Injection
Professional Service Script 1.0 - 'service-list?city' SQL Injection
Readymade PHP Classified Script 3.3 - 'subctid' / 'mctid' SQL Injection
Readymade Video Sharing Script 3.2 - SQL Injection
Responsive Realestate Script 3.2 - 'property-list?tbud' SQL Injection
Multireligion Responsive Matrimonial 4.7.2 - 'succid' SQL Injection
Responsive Events & Movie Ticket Booking Script 3.2.1 - 'findcity.php?q' SQL Injection
Multiplex Movie Theater Booking Script 3.1.5 - 'moid' / 'eid' SQL Injection
Single Theater Booking Script 3.2.1 - 'findcity.php?q' SQL Injection
Advanced Real Estate Script 4.0.7 - SQL Injection
Entrepreneur Bus Booking Script 3.0.4 - 'sourcebus' SQL Injection
MLM Forex Market Plan Script 2.0.4 - 'newid' / 'eventid' SQL Injection
MLM Forced Matrix 2.0.9 - 'newid' SQL Injection
Car Rental Script 2.0.4 - 'val' SQL Injection
Groupon Clone Script 3.01 - 'state_id' / 'search' SQL Injection
Muslim Matrimonial Script 3.02 - 'succid' SQL Injection
Advanced World Database 2.0.5 - SQL Injection
Resume Clone Script 2.0.5 - SQL Injection
Basic Job Site Script 2.0.5 - SQL Injection
Vanguard 1.4 - Arbitrary File Upload
Vanguard 1.4 - SQL Injection
 2017-12-12 05:02:17 +00:00
Offensive Security
cc349de5d3 DB: 2017-11-29 
4 changes to exploits/shellcodes

Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)

YaBB 1 Gold - SP 1 YaBB.pl Cross-Site Scripting
YaBB 1 Gold SP 1 - 'YaBB.pl' Cross-Site Scripting

NetPilot/Soho Blue Router 6.1.15 - Privilege Escalation

Synology StorageManager 5.2 - Remote Root Command Execution
 2017-11-29 10:22:56 +00:00
Offensive Security
f52bbcb598 DB: 2017-11-28 
15 new exploits
 2017-11-28 19:14:29 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00