exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	f564ddfd17	DB: 2020-05-13 10 changes to exploits/shellcodes LanSend 3.2 - Buffer Overflow (SEH) MacOS 320.whatis Script - Privilege Escalation Phase Botnet - Blind SQL Injection Orchard Core RC1 - Persistent Cross-Site Scripting ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection CuteNews 2.1.2 - Authenticated Arbitrary File Upload Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting qdPM 9.1 - Arbitrary File Upload TylerTech Eagle 2018.3.11 - Remote Code Execution	2020-05-13 05:01:48 +00:00
Offensive Security	0f5a9de36d	DB: 2020-04-29 8 changes to exploits/shellcodes Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit) NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path CloudMe 1.11.2 - Buffer Overflow (PoC) School ERP Pro 1.0 - 'es_messagesid' SQL Injection School ERP Pro 1.0 - Remote Code Execution	2020-04-29 05:01:47 +00:00
Offensive Security	c3e827f657	DB: 2020-04-17 8 changes to exploits/shellcodes VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit) TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit) Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit) ThinkPHP - Multiple PHP Injection RCEs (Metasploit) Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit) PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit) DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit) Apache Solr - Remote Code Execution via Velocity Template (Metasploit)	2020-04-17 05:01:48 +00:00
Offensive Security	d3992973f1	DB: 2020-03-21 2 changes to exploits/shellcodes VMware Fusion 11.5.2 - Privilege Escalation Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)	2020-03-21 05:01:49 +00:00
Offensive Security	85cdf30cea	DB: 2020-03-19 7 changes to exploits/shellcodes NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Microsoft VSCode Python Extension - Code Execution VMWare Fusion - Local Privilege Escalation Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) Netlink GPON Router 1.0.11 - Remote Code Execution Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)	2020-03-19 05:01:49 +00:00
Offensive Security	b7471ba451	DB: 2019-12-19 9 changes to exploits/shellcodes XnView 2.49.1 - 'Research' Denial of Service (PoC) macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event() AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow OpenMRS - Java Deserialization RCE (Metasploit) Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown) Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin) Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting Telerik UI - Remote Code Execution via Insecure Deserialization	2019-12-19 05:01:59 +00:00
Offensive Security	f1354b784a	DB: 2019-11-23 4 changes to exploits/shellcodes Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path LiteManager 4.5.0 - Insecure File Permissions macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache	2019-11-23 05:01:42 +00:00
Offensive Security	52ab59aad8	DB: 2019-11-06 12 changes to exploits/shellcodes FileOptimizer 14.00.2524 - Denial of Service (PoC) JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common() Blue Stacks App Player 2.4.44.62.57 - _BstHdLogRotatorSvc_ Unquote Service Path Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path thejshen Globitek CMS 1.4 - 'id' SQL Injection thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting html5_snmp 1.11 - 'Router_ID' SQL Injection SD.NET RIM 4.7.3c - 'idtyp' SQL Injection	2019-11-06 05:01:40 +00:00
Offensive Security	577557762c	DB: 2019-11-05 6 changes to exploits/shellcodes Apple macOS 10.15.1 - Denial of Service (PoC) Aida64 6.10.5200 - Buffer Overflow (SEH) OpenVPN Connect 3.0.0.272 - 'agent_ovpnconnect' Unquoted Service Path Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit) Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow	2019-11-05 05:01:42 +00:00
Offensive Security	da622bb1aa	DB: 2019-10-10 3 changes to exploits/shellcodes Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service (PoC) XNU - Remote Double-Free via Data Race in IPComp Input Path DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow (DEP Bypass)	2019-10-10 05:01:46 +00:00
Offensive Security	d6e0b04877	DB: 2019-09-20 4 changes to exploits/shellcodes macOS 18.7.0 Kernel - Local Privilege Escalation Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting	2019-09-20 05:02:06 +00:00
Offensive Security	d1ba848ff5	DB: 2019-08-06 4 changes to exploits/shellcodes macOS iMessage - Heap Overflow when Deserializing Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit) ARMBot Botnet - Arbitrary Code Execution	2019-08-06 05:02:23 +00:00
Offensive Security	808010b53f	DB: 2019-07-03 2 changes to exploits/shellcodes Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit) Linux Mint 18.3-19.1 - 'yelp' Command Injection Linux Mint 18.3-19.1 - 'yelp' Command Injection (Metasploit) Centreon 19.04 - Remote Code Execution Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)	2019-07-03 05:01:50 +00:00
Offensive Security	7e48b809b3	DB: 2019-06-20 3 changes to exploits/shellcodes BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution	2019-06-20 05:01:55 +00:00
Offensive Security	18a676ca3b	DB: 2019-05-28 3 changes to exploits/shellcodes Pidgin 2.13.0 - Denial of Service (PoC) Typora 0.9.9.24.6 - Directory Traversal Deltek Maconomy 2.2.5 - Local File Inclusion	2019-05-28 05:01:55 +00:00
Offensive Security	970f7b1104	DB: 2019-05-24 18 changes to exploits/shellcodes macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free NetAware 1.20 - 'Add Block' Denial of Service (PoC) NetAware 1.20 - 'Share Name' Denial of Service (PoC) Terminal Services Manager 3.2.1 - Denial of Service Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free Microsoft Windows 10 (17763.379) - Install DLL Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation Apple Mac OS X - Feedback Assistant Race Condition (Metasploit) Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation Microsoft Internet Explorer 11 - Sandbox Escape Microsoft Windows - 'Win32k' Local Privilege Escalation Axis Network Camera - .srv to parhand RCE (Metasploit) Axis Network Camera - .srv to parhand Remote Code Execution (Metasploit) HP Intelligent Management - Java Deserialization RCE (Metasploit) HP Intelligent Management - Java Deserialization Remote Code Execution (Metasploit) Erlang - Port Mapper Daemon Cookie RCE (Metasploit) Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit) CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit) CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit) AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit) Pimcore < 5.71 - Unserialize RCE (Metasploit) AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit) Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit) Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit) Nagios XI 5.6.1 - SQL injection BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind (31337/TCP) Shell (/bin/sh) Shellcode (94 bytes) Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes) Linux/x86 - Flush IPTables Rules (execve(/sbin/iptables -F)) Shellcode (70 bytes) Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables --flush) Shellcode (69 bytes) Linux/x86 - iptables --flush Shellcode (43 bytes) Linux/x86 - Flush IPTables Rules (iptables --flush) Shellcode (43 bytes) Linux/x86 - iptables -F Shellcode (43 bytes) Linux/x86 - Flush IPTables Rules (iptables -F) Shellcode (43 bytes) Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/x86 - Reverse (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/x86 - Reverse TCP (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes) Linux/x86 - Reverse (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes) Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes) macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) Apple macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) Apple macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes) Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (63 bytes) Linux/x86 - Add User (sshd/root) to Passwd File Shellcode (149 bytes) Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes) Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes) Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes) Linux/x86 - Rabbit Shellcode Crypter (200 bytes) Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes) Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes) Linux/ARM - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (S59!) + Null-Free Shellcode (100 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes) Linux/x86 - OpenSSL Encrypt (aes256cbc) Files (test.txt) Shellcode (185 bytes) Linux/x86 - shred file Shellcode (72 bytes) Linux/x86 - execve /bin/sh Shellcode (20 bytes) Linux/x86 - /sbin/iptables -F Shellcode (43 bytes) Linux x86_64 - Delete File Shellcode (28 bytes) Linux/x86 - Shred file (test.txt) Shellcode (72 bytes) Linux/x86 - execve(/bin/sh) Shellcode (20 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (43 bytes) Linux/x86_64 - Delete File (test.txt) Shellcode (28 bytes) Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)	2019-05-24 05:02:03 +00:00
Offensive Security	ab955a9b5d	DB: 2019-04-19 5 changes to exploits/shellcodes Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC) Evernote 7.9 - Code Execution via Path Traversal LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit) ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)	2019-04-19 05:02:10 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	55fab34db7	DB: 2019-03-02 10 changes to exploits/shellcodes Linux Kernel 3.10.0 (CentOS7) - Denial of Service Linux Kernel 3.10.0 (CentOS 7) - Denial of Service Google Chrome < M72 - PaymentRequest Service Use-After-Free Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost Google Chrome < M72 - FileWriterImpl Use-After-Free tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation	2019-03-02 05:01:54 +00:00
Offensive Security	26efc559c7	DB: 2019-02-21 8 changes to exploits/shellcodes FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC) WinRAR 5.61 - '.lng' Denial of Service FaceTime - Texture Processing Memory Corruption Android Kernel < 4.8 - ptrace seccomp Filter Bypass MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - File Permissions SYSTEM Privilege Escalation MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation Apple macOS 10.13.5 - Local Privilege Escalation mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers mIRC < 7.55 - 'Custom URI Protocol Handlers' Remote Command Execution Belkin Wemo UPnP - Remote Code Execution (Metasploit) HotelDruid 2.3 - Cross-Site Scripting	2019-02-21 05:01:57 +00:00
Offensive Security	68794471c9	DB: 2019-02-01 13 changes to exploits/shellcodes Anyburn 4.3 - 'Convert image to file format' Denial of Service Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC) AMAC Address Change 5.4 - Denial of Service (PoC) ASPRunner Professional 6.0.766 - Denial of Service (PoC) FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC) LanHelper 1.74 - Denial of Service (PoC) macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass) 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) (DEP Bypass) R 3.5.0 - Local Buffer Overflow (SEH) UltraISO 9.7.1.3519 - 'Output FileName' Local Buffer Overflow (SEH)	2019-02-01 05:01:49 +00:00
Offensive Security	6e7548ed0d	DB: 2019-01-25 10 changes to exploits/shellcodes Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC) AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit) Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Joomla! Component J-CruisePortal 6.0.4 - SQL Injection Joomla! Component JHotelReservation 6.0.7 - SQL Injection SimplePress CMS 1.0.7 - SQL Injection SirsiDynix e-Library 3.5.x - Cross-Site Scripting Splunk Enterprise 7.2.3 - Authenticated Custom App RCE ImpressCMS 1.3.11 - 'bid' SQL Injection Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery	2019-01-25 05:01:41 +00:00
Offensive Security	e3c06fe0f7	DB: 2018-12-15 16 changes to exploits/shellcodes Angry IP Scanner 3.5.3 - Denial of Service (PoC) UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC) Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH) Cisco RV110W - Password Disclosure / Command Execution Safari - Proxy Object Type Confusion (Metasploit) Adminer 4.3.1 - Server-Side Request Forgery Responsive FileManager 9.13.4 - Multiple Vulnerabilities Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2) Huawei Router HG532e - Command Execution Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password) Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution Double Your Bitcoin Script Automatic - Authentication Bypass	2018-12-15 05:01:46 +00:00
Offensive Security	62445895aa	DB: 2018-11-30 8 changes to exploits/shellcodes WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit) Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit) Mac OS X - libxpc MITM Privilege Escalation (Metasploit) PHP imap_open - Remote Code Execution (Metasploit) TeamCity Agent - XML-RPC Command Execution (Metasploit)	2018-11-30 05:01:41 +00:00
Offensive Security	e3299ef341	DB: 2018-11-21 4 changes to exploits/shellcodes macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC) Qpopper 4.0.x - poppassd Privilege Escalation Qpopper 4.0.x - 'poppassd' Privilege Escalation HP-UX 11.0/11.11 - swxxx Privilege Escalation HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation ABRT - raceabrt Privilege Escalation(Metasploit) ABRT - 'raceabrt' Privilege Escalation (Metasploit) ImageMagick - Memory Leak Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Simple E-Document 1.31 - 'username' SQL Injection 2-Plan Team 1.0.4 - Arbitrary File Upload PHP Mass Mail 1.0 - Arbitrary File Upload WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Helpdezk 1.1.1 - Arbitrary File Upload DomainMOD 4.11.01 - Cross-Site Scripting Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Simple E-Document 1.31 - 'username' SQL Injection 2-Plan Team 1.0.4 - Arbitrary File Upload PHP Mass Mail 1.0 - Arbitrary File Upload WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Helpdezk 1.1.1 - Arbitrary File Upload DomainMOD 4.11.01 - Cross-Site Scripting Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)	2018-11-21 05:01:38 +00:00
Offensive Security	1d25aee539	DB: 2018-11-15 15 changes to exploits/shellcodes AMPPS 2.7 - Denial of Service (PoC) Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC) ntpd 4.2.8p10 - Out-of-Bounds Read (PoC) SwitchVPN for macOS 2.1012.03 - Privilege Escalation Atlassian Jira - Authenticated Upload Code Execution (Metasploit) iServiceOnline 1.0 - 'r' SQL Injection Helpdezk 1.1.1 - 'query' SQL Injection Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password) EdTv 2 - 'id' SQL Injection Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities Advanced Comment System 1.0 - SQL Injection Rmedia SMS 1.0 - SQL Injection Pedidos 1.0 - SQL Injection Electricks eCommerce 1.0 - Persistent Cross-Site Scripting DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload	2018-11-15 05:01:40 +00:00
Offensive Security	3a7153b2ac	DB: 2018-11-14 24 changes to exploits/shellcodes CuteFTP Mac 3.1 - Denial of Service (PoC) Evince 3.24.0 - Command Injection Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode) xorg-x11-server < 1.20.1 - Local Privilege Escalation Data Center Audit 2.6.2 - 'username' SQL Injection Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal Paroiciel 11.20 - 'tRecIdListe' SQL Injection Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting Paroiciel 11.20 - 'tRecIdListe' SQL Injection The Don 1.0.1 - 'login' SQL Injection Facturation System 1.0 - 'modid' SQL Injection The Don 1.0.1 - 'login' SQL Injection Facturation System 1.0 - 'modid' SQL Injection GPS Tracking System 2.12 - 'username' SQL Injection ServerZilla 1.0 - 'email' SQL Injection GPS Tracking System 2.12 - 'username' SQL Injection ServerZilla 1.0 - 'email' SQL Injection Nominas 0.27 - 'username' SQL Injection CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting Surreal ToDo 0.6.1.2 - SQL Injection Surreal ToDo 0.6.1.2 - Local File Inclusion Alienor Web Libre 2.0 - SQL Injection Musicco 2.0.0 - Arbitrary Directory Download Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin) Tina4 Stack 1.0.3 - SQL Injection / Database File Download Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin) Easyndexer 1.0 - Arbitrary File Download ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin) Gumbo CMS 0.99 - SQL Injection Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin) Webiness Inventory 2.3 - SQL Injection SIPve 0.0.2-R19 - SQL Injection Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)	2018-11-14 05:01:43 +00:00
Offensive Security	11366ca935	DB: 2018-11-07 18 changes to exploits/shellcodes FaceTime - RTP Video Processing Heap Corruption FaceTime - 'readSPSandGetDecoderParams' Stack Corruption FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption Blue Server 1.1 - Denial of Service (PoC) eToolz 3.4.8.0 - Denial of Service (PoC) VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC) Arm Whois 3.11 - Buffer Overflow (SEH) libiec61850 1.3 - Stack Based Buffer Overflow Morris Worm - sendmail Debug Mode Shell Escape (Metasploit) blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit) Morris Worm - fingerd Stack Buffer Overflow (Metasploit) PHP Proxy 3.0.3 - Local File Inclusion Voovi Social Networking Script 1.0 - 'user' SQL Injection CMS Made Simple 2.2.7 - Remote Code Execution OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin) Grocery crud 1.6.1 - 'search_field' SQL Injection OOP CMS BLOG 1.0 - 'search' SQL Injection OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection LibreHealth 2.0.0 - Arbitrary File Actions	2018-11-07 05:01:44 +00:00
Offensive Security	363500a603	DB: 2018-11-06 13 changes to exploits/shellcodes Softros LAN Messenger 9.2 - Denial of Service (PoC) Microsoft Internet Explorer 11 - Null Pointer Dereference LiquidVPN 1.36 / 1.37 - Privilege Escalation Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel SiAdmin 1.1 - 'id' SQL Injection Advantech WebAccess SCADA 8.3.2 - Remote Code Execution WebVet 0.1a - 'id' SQL Injection Virgin Media Hub 3.0 Router - Denial of Service (PoC) Poppy Web Interface Generator 0.8 - Arbitrary File Upload Mongo Web Admin 6.0 - Information Disclosure PHP Proxy 3.0.3 - Local File Inclusion Royal TS/X - Information Disclosure Voovi Social Networking Script 1.0 - 'user' SQL Injection	2018-11-06 05:01:40 +00:00
Offensive Security	defa138d04	DB: 2018-10-23 17 changes to exploits/shellcodes Modbus Poll 7.2.2 - Denial of Service (PoC) AudaCity 2.3 - Denial of Service (PoC) Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit) Countly - Persistent Cross-Site Scripting Countly - Cross-Site Scripting MySQL Edit Table 1.0 - 'id' SQL Injection School ERP Ultimate 2018 - Arbitrary File Download Oracle Siebel CRM 8.1.1 - CSV Injection The Open ISES Project 3.30A - 'tick_lat' SQL Injection School ERP Ultimate 2018 - 'fid' SQL Injection eNdonesia Portal 8.7 - 'artid' SQL Injection The Open ISES Project 3.30A - Arbitrary File Download Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection	2018-10-23 05:01:48 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	3e5849385e	DB: 2018-09-17 29 changes to exploits/shellcodes Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting Naukri Clone Script - Persistent Cross-Site Scripting Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting Facebook Clone Script 1.0.5 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Arbitrary File Upload Lawyer Search Script 1.0.2 - Cross-Site Scripting Bitcoin MLM Software 1.0.2 - Cross-Site Scripting Select Your College Script 2.0.2 - Authentication Bypass Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting Learning and Examination Management System - Cross-Site Scripting Alibaba Clone Script 1.0.2 - Cross-Site Scripting Groupon Clone Script 3.0.2 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Authentication Bypass	2018-09-17 05:02:03 +00:00
Offensive Security	b42759b8b8	DB: 2018-09-13 15 changes to exploits/shellcodes jiNa OCR Image to Text 1.0 - Denial of Service (PoC) PixGPS 1.1.8 - Denial of Service (PoC) RoboImport 1.2.0.72 - Denial of Service (PoC) PicaJet FX 2.6.5 - Denial of Service (PoC) iCash 7.6.5 - Denial of Service (PoC) PDF Explorer 1.5.66.2 - Denial of Service (PoC) Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC) Apple macOS 10.13.4 - Denial of Service (PoC) CirCarLife SCADA 4.3.0 - Credential Disclosure Rubedo CMS 3.4.0 - Directory Traversal SynaMan 4.0 build 1488 - Authenticated Cross-Site Scripting (XSS) SynaMan 4.0 build 1488 - SMTP Credential Disclosure IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection MyBB 1.8.17 - Cross-Site Scripting LG Smart IP Camera 1508190 - Backup File Download	2018-09-13 05:01:52 +00:00
Offensive Security	b02440845e	DB: 2018-07-31 5 changes to exploits/shellcodes fusermount - user_allow_other Restriction Bypass and SELinux Label Control ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC) Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC) Charles Proxy 4.2 - Local Privilege Escalation H2 Database 1.4.197 - Information Disclosure	2018-07-31 05:01:47 +00:00
Offensive Security	0909e63d9e	DB: 2018-06-07 6 changes to exploits/shellcodes PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass Canon MF210/MF220 - Authenticaton Bypass	2018-06-07 05:01:47 +00:00
Offensive Security	89ee92def8	DB: 2018-05-31 6 changes to exploits/shellcodes Siemens SIMATIC S7-300 CPU - Remote Denial of Service Procps-ng - Multiple Vulnerabilities SearchBlox 8.6.6 - Cross-Site Request Forgery Yosoro 1.0.4 - Remote Code Execution MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Dolibarr 7.0.0 - SQL Injection	2018-05-31 05:01:44 +00:00
Offensive Security	df4d831719	DB: 2018-05-01 6 changes to exploits/shellcodes Navicat < 12.0.27 - Oracle Connection Overflow macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit) WordPress Plugin Form Maker 1.12.20 - CSV Injection Nagios XI 5.2.[6-9]_ 5.3_ 5.4 - Chained Remote Root	2018-05-01 05:01:45 +00:00
Offensive Security	dd3b710ae8	DB: 2018-03-21 14 changes to exploits/shellcodes Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit Pool Memory Disclosure Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit Stack Memory Disclosure Microsoft Windows Kernel - 'nt!KiDispatchException' 64-bit Stack Memory Disclosure Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure Internet Explorer - 'RegExp.lastMatch' Memory Disclosure Kamailio 5.1.1 / 5.1.0 / 5.0.0 - Off-by-One Heap Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation Microsoft Windows - Desktop Bridge VFS Privilege Escalation Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Escalation Intelbras Telefone IP TIP200 LITE - Local File Disclosure Vehicle Sales Management System - Multiple Vulnerabilities Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)	2018-03-21 05:01:50 +00:00
Offensive Security	7cb274b763	DB: 2018-03-04 6 changes to exploits/shellcodes Microsoft Windows Windows 8.1/2012 R2 - SMB Denial of Service Microsoft Windows 8.1/2012 R2 - SMBv3 Null Pointer Dereference Denial of Service Apple macOS Sierra 10.12.1 - 'IOFireWireFamily' FireWire Port Denial of Service Apple OS X Yosemite - 'flow_divert-heap-overflow' Kernel Panic Apple macOS Sierra 10.12.3 - 'IOFireWireFamily-null-deref' FireWire Port Denial of Service Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'namedobj ' Kernel Loader Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'NamedObj ' Kernel Loader Apple macOS High Sierra 10.13 - 'ctl_ctloutput-leak' Information Leak Apple macOS Sierra 10.12.1 - 'physmem' Local Privilege Escalation Apple OS X 10.10.5 - 'rootsh' Local Privilege Escalation Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' WebKit 5.01 / 'bpf' Kernel Loader 4.55 Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' 'setAttributeNodeNS' WebKit 5.02 / 'bpf' Kernel Loader 4.55	2018-03-04 05:01:52 +00:00
Offensive Security	145dac58fb	DB: 2018-02-10 1 changes to exploits/shellcodes macOS Kernel - Use-After-Free Due to Lack of Locking in 'AppleEmbeddedOSSupportHostClient::registerNotificationPort' HPE iLO4 < 2.53 - Add New Administrator User HPE iLO 4 < 2.53 - Add New Administrator User	2018-02-10 05:01:52 +00:00
Offensive Security	ef96c0511b	DB: 2018-01-30 4 changes to exploits/shellcodes macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding Arq 5.10 - Local Privilege Escalation (1) Arq 5.10 - Local Privilege Escalation (2) Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)	2018-01-30 05:01:49 +00:00
Offensive Security	bfebc3fa5a	DB: 2018-01-20 62 changes to exploits/shellcodes macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability' Peercast < 0.1211 - Format String Trillian Pro < 2.01 - Design Error dbPowerAmp < 2.0/10.0 - Buffer Overflow PsychoStats < 2.2.4 Beta - Cross Site Scripting MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution GitStack 2.3.10 - Unauthenticated Remote Code Execution Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection (PoC) Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC) Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities DUWare Multiple Products - Multiple Vulnerabilities AutoRank PHP < 2.0.4 - SQL Injection (PoC) ASPapp Multiple Products - Multiple Vulnerabilities osCommerce < 2.2-MS2 - Multiple Vulnerabilities PostNuke < 0.726 Phoenix - Multiple Vulnerabilities MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities phpGedView < 2.65 beta 5 - Multiple Vulnerabilities phpShop < 0.6.1-b - Multiple Vulnerabilities Invision Power Board (IP.Board) < 1.3 - SQL Injection phpBB < 2.0.6d - Cross Site Scripting Phorum < 5.0.3 Beta - Cross Site Scripting vBulletin < 3.0.0 RC4 - Cross Site Scripting Mambo < 4.5 - Multiple Vulnerabilities phpBB < 2.0.7a - Multiple Vulnerabilities Invision Power Top Site List < 1.1 RC 2 - SQL Injection Invision Gallery < 1.0.1 - SQL Injection PhotoPost < 4.6 - Multiple Vulnerabilities TikiWiki < 1.8.1 - Multiple Vulnerabilities phpBugTracker < 0.9.1 - Multiple Vulnerabilities OpenBB < 1.0.6 - Multiple Vulnerabilities PHPX < 3.26 - Multiple Vulnerabilities Invision Power Board (IP.Board) < 1.3.1 - Design Error HelpCenter Live! < 1.2.7 - Multiple Vulnerabilities LiveWorld Multiple Products - Cross Site Scripting WHM.AutoPilot < 2.4.6.5 - Multiple Vulnerabilities PHP-Calendar < 0.10.1 - Arbitrary File Inclusion PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities ReviewPost < 2.84 - Multiple Vulnerabilities PhotoPost < 4.85 - Multiple Vulnerabilities AZBB < 1.0.07d - Multiple Vulnerabilities Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities Burning Board < 2.3.1 - SQL Injection XOOPS < 2.0.11 - Multiple Vulnerabilities PEAR XML_RPC < 1.3.0 - Remote Code Execution PHPXMLRPC < 1.1 - Remote Code Execution SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite XPCOM - Race Condition ADOdb < 4.71 - Cross Site Scripting Geeklog < 1.4.0 - Multiple Vulnerabilities PEAR LiveUser < 0.16.8 - Arbitrary File Access Mambo < 4.5.3h - Multiple Vulnerabilities phpRPC < 0.7 - Remote Code Execution Gallery 2 < 2.0.2 - Multiple Vulnerabilities PHPLib < 7.4 - SQL Injection SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite CubeCart < 3.0.12 - Multiple Vulnerabilities Claroline < 1.7.7 - Arbitrary File Inclusion X-Cart < 4.1.3 - Arbitrary Variable Overwrite Mambo < 4.5.4 - SQL Injection Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities D-Link DNS-343 ShareCenter < 1.05 - Command Injection D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)	2018-01-20 05:01:49 +00:00
Offensive Security	81d6f781ab	DB: 2018-01-12 31 changes to exploits/shellcodes MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege Escalation macOS - 'process_policy' Stack Leak Through Uninitialized Field Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read Jungo Windriver 12.5.1 - Privilege Escalation Jungo Windriver 12.5.1 - Local Privilege Escalation Parity Browser < 1.6.10 - Bypass Same Origin Policy Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' Man In The Middle Remote Code Execution Granding MA300 - Traffic Sniffing MitM Fingerprint PIN Disclosure Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit) phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit) eVestigator Forensic PenTester - MITM Remote Code Execution eVestigator Forensic PenTester - Man In The Middle Remote Code Execution BestSafe Browser - MITM Remote Code Execution BestSafe Browser - Man In The Middle Remote Code Execution SKILLS.com.au Industry App - MITM Remote Code Execution Virtual Postage (VPA) - MITM Remote Code Execution SKILLS.com.au Industry App - Man In The Middle Remote Code Execution Virtual Postage (VPA) - Man In The Middle Remote Code Execution Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution SAP NetWeaver J2EE Engine 7.40 - SQL Injection D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes) BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes) FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes) FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes) Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode HPUX - execve /bin/sh Shellcode (58 bytes) Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode HP-UX - execve /bin/sh Shellcode (58 bytes) OpenBSD/x86 - execve /bin/sh Shellcode (23 Bytes) OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes) ARM - Bind TCP Shell (0x1337/TCP) Shellcode ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes) Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 Bytes) Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 Bytes) Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes) FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes) FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes) FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes) FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes) FreeBSD - reboot() Shellcode (15 Bytes) IRIX - execve(/bin/sh -c) Shellcode (72 bytes) IRIX - execve(/bin/sh) Shellcode (43 bytes) IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes) IRIX - execve(/bin/sh) Shellcode (68 bytes) IRIX - stdin-read Shellcode (40 bytes) Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 Bytes) Linux/x86 - Read /etc/passwd Shellcode (54 bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 Bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)	2018-01-12 05:02:17 +00:00
Offensive Security	f6c5c427c3	DB: 2018-01-02 5 changes to exploits/shellcodes Apple macOS - IOHIDSystem Kernel Read/Write HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit) Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit) Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit) Huawei Router HG532 - Arbitrary Command Execution	2018-01-02 05:02:10 +00:00
Offensive Security	d07aa0ed2a	DB: 2017-12-13 6 changes to exploits/shellcodes Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling Joomla! Component JBuildozer 1.4.1 - 'appid' SQL Injection Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload	2017-12-13 05:02:40 +00:00
Offensive Security	9cea53a35b	DB: 2017-12-12 35 changes to exploits/shellcodes MikroTik RouterBoard 6.39.2 / 6.40.5 DNS - Denial of Service MikroTik 6.40.5 ICMP - Denial of Service iOS/macOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures macOS - 'getrusage' Stack Leak Through struct Padding macOS - 'necp_get_socket_attributes' so_pcb Type Confusion LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow Entrepreneur Dating Script 2.0.1 - 'marital' / 'gender' / 'country' / 'profileid' SQL Injection Secure E-commerce Script 2.0.1 - 'searchcat' / 'searchmain' SQL Injection Laundry Booking Script 1.0 - 'list?city' SQL Injection Lawyer Search Script 1.1 - 'lawyer-list?city' SQL Injection Multivendor Penny Auction Clone Script 1.0 - SQL Injection Online Exam Test Application Script 1.6 - 'exams.php?sort' SQL Injection Opensource Classified Ads Script 3.2 - SQL Injection PHP Multivendor Ecommerce 1.0 - 'sid' / 'searchcat' / 'chid1' SQL Injection Professional Service Script 1.0 - 'service-list?city' SQL Injection Readymade PHP Classified Script 3.3 - 'subctid' / 'mctid' SQL Injection Readymade Video Sharing Script 3.2 - SQL Injection Responsive Realestate Script 3.2 - 'property-list?tbud' SQL Injection Multireligion Responsive Matrimonial 4.7.2 - 'succid' SQL Injection Responsive Events & Movie Ticket Booking Script 3.2.1 - 'findcity.php?q' SQL Injection Multiplex Movie Theater Booking Script 3.1.5 - 'moid' / 'eid' SQL Injection Single Theater Booking Script 3.2.1 - 'findcity.php?q' SQL Injection Advanced Real Estate Script 4.0.7 - SQL Injection Entrepreneur Bus Booking Script 3.0.4 - 'sourcebus' SQL Injection MLM Forex Market Plan Script 2.0.4 - 'newid' / 'eventid' SQL Injection MLM Forced Matrix 2.0.9 - 'newid' SQL Injection Car Rental Script 2.0.4 - 'val' SQL Injection Groupon Clone Script 3.01 - 'state_id' / 'search' SQL Injection Muslim Matrimonial Script 3.02 - 'succid' SQL Injection Advanced World Database 2.0.5 - SQL Injection Resume Clone Script 2.0.5 - SQL Injection Basic Job Site Script 2.0.5 - SQL Injection Vanguard 1.4 - Arbitrary File Upload Vanguard 1.4 - SQL Injection	2017-12-12 05:02:17 +00:00
Offensive Security	c35d9b35f7	DB: 2017-12-09 14 changes to exploits/shellcodes macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement Apple macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free Apple macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement Apple macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free Apple macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption Apple macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free Apple macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free Wireshark 2.4.0 - 2.4.2 / 2.2.0 - 2.2.10 - CIP Safety Dissector Crash Linux Kernel - DCCP Socket Use-After-Free Wireshark 2.4.0 < 2.4.2 / 2.2.0 < 2.2.10 - CIP Safety Dissector Crash Linux Kernel 4.10.5 / < 4.14.3 (Ubuntu) - DCCP Socket Use-After-Free iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free Apple iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation Apple macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation Apple iOS/macOS - 'xpc_data' Objects Sandbox Escape Privilege Escalation macOS High Sierra - Local Privilege Escalation (Metasploit) Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation (Metasploit) Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation LabF nfsAxe FTP Client 3.7 - Buffer Overflow (DEP Bypass) DomainSale PHP Script 1.0 - 'id' SQL Injection Simple Chatting System 1.0.0 - Arbitrary File Upload Website Auction Marketplace 2.0.5 - 'cat_id' SQL Injection Realestate Crowdfunding Script 2.7.2 - 'pid' SQL Injection FS Thumbtack Clone 1.0 - 'cat' / 'sc' SQL Injection FS Stackoverflow Clone 1.0 - 'keywords' SQL Injection FS Shutterstock Clone 1.0 - 'keywords' SQL Injection FS Quibids Clone 1.0 - SQL Injection FS Olx Clone 1.0 - 'scat' / 'pid' SQL Injection FS Monster Clone 1.0 - 'Employer_Details.php?id' SQL Injection	2017-12-09 05:02:21 +00:00
Offensive Security	08d2346400	DB: 2017-12-07 13 changes to exploits/shellcodes Arq 5.9.7 - Local Privilege Escalation Murus 1.4.11 - Local Privilege Escalation Arq 5.9.6 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation Sera 1.2 - Local Privilege Escalation / Password Disclosure Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation Proxifier for Mac 2.19 - Local Privilege Escalation FS Makemytrip Clone - 'id' SQL Injection WinduCMS 3.1 - Local File Disclosure FS Shaadi Clone - 'token' SQL Injection	2017-12-07 05:02:26 +00:00
Offensive Security	a24ecf72c3	DB: 2017-12-01 82 changes to exploits/shellcodes 32 new exploits/shellcodes Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC) CA BrightStor HSM r11.5 - Remote Stack Based Overflow / Denial of Service CA BrightStor HSM r11.5 - Remote Stack Overflow / Denial of Service Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC) Rosoft Media Player 4.1.8 - RML Stack Buffer Overflow (PoC) Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow FontForge - '.BDF' Font File Stack Based Buffer Overflow FontForge - '.BDF' Font File Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC) Libmodplug 0.8.8.2 - '.abc' Stack Buffer Overflow (PoC) Citrix XenApp / XenDesktop - Stack Based Buffer Overflow Citrix XenApp / XenDesktop - Stack Buffer Overflow Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC) Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC) IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow Oracle Outside-In - '.LWP' File Parsing Stack Based Buffer Overflow Oracle Outside-In - '.LWP' File Parsing Stack Buffer Overflow mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC) mcrypt 2.6.8 - Stack Buffer Overflow (PoC) MySQL (Linux) - Stack Based Buffer Overrun (PoC) MySQL (Linux) - Heap Based Overrun (PoC) MySQL (Linux) - Stack Buffer Overrun (PoC) MySQL (Linux) - Heap Overrun (PoC) Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Based Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (1) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow Multiple Vendor Telnet Client - Env_opt_add Heap Buffer Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow Winamp 5.63 - Stack Based Buffer Overflow Winamp 5.63 - Stack Buffer Overflow Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap-Based Buffer Overflow (MS14-056) Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap Buffer Overflow (MS14-056) MPlayer 1.0 - AVIHeader.C Heap Based Buffer Overflow MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Based Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow Google Android Web Browser - '.GIF' File Heap Buffer Overflow Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC) Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow OpenVms 8.3 Finger Service - Stack Based Buffer Overflow OpenVms 8.3 Finger Service - Stack Buffer Overflow Free Download Manager - Stack Based Buffer Overflow Free Download Manager - Stack Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Buffer Overflow Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Valhala Honeypot 1.8 - Stack Based Buffer Overflow Valhala Honeypot 1.8 - Stack Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Based Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Based Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Based Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read FBZX 2.10 - Local Stack Based Buffer Overflow TACK 1.07 - Local Stack Based Buffer Overflow FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Out-of-Bounds Read FBZX 2.10 - Local Stack Buffer Overflow TACK 1.07 - Local Stack Buffer Overflow Gnome Nautilus 3.16 - Denial of Service Wireshark - iseries_parse_packet Heap Based Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow Wireshark - iseries_parse_packet Heap Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Buffer Overflow Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow Wireshark - find_signature Stack Based Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow Wireshark - getRate Stack Based Out-of-Bounds Read Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow Wireshark - find_signature Stack Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Buffer Overflow Wireshark - getRate Stack Out-of-Bounds Read Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1) Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (1) pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read pdfium - CPDF_Function::Call Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Buffer Overflow Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC) glibc - 'getaddrinfo' Stack Buffer Overflow (PoC) Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow libxml2 - xmlDictAddString Heap Based Buffer Overread libxml2 - xmlParseEndTag2 Heap Based Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread libxml2 - htmlCurrentChar Heap Based Buffer Overread Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow libxml2 - xmlDictAddString Heap Buffer Overread libxml2 - xmlParseEndTag2 Heap Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread libxml2 - htmlCurrentChar Heap Buffer Overread Kamailio 4.3.4 - Heap Based Buffer Overflow Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read Kamailio 4.3.4 - Heap Buffer Overflow Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2) Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2) Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow Graphite2 - GlyphCache::Loader Heap Based Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow Graphite2 - GlyphCache::Loader Heap Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097) Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) SAP SAPCAR 721.510 - Heap-Based Buffer Overflow SAP SAPCAR 721.510 - Heap Buffer Overflow Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow OpenJPEG - 'mqc.c' Heap Buffer Overflow tcprewrite - Heap-Based Buffer Overflow tcprewrite - Heap Buffer Overflow Dnsmasq < 2.78 - 2-byte Heap-Based Overflow Dnsmasq < 2.78 - Heap-Based Overflow Dnsmasq < 2.78 - Stack-Based Overflow Dnsmasq < 2.78 - 2-byte Heap Overflow Dnsmasq < 2.78 - Heap Overflow Dnsmasq < 2.78 - Stack Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow PHP 7.1.8 - Heap-Based Buffer Overflow PHP 7.1.8 - Heap Buffer Overflow QEMU - NBD Server Long Export Name Stack Buffer Overflow Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page TerminatorX 3.81 - Local Stack Overflow / Privilege Escalation TerminatorX 3.81 - Local Stack Overflow / Local Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Local Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Local Privilege Escalation AIX lquerylv - Local Buffer Overflow / Privilege Escalation AIX lquerylv - Local Buffer Overflow / Local Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Local Privilege Escalation libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Privilege Escalation Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Local Privilege Escalation Gopher 3.0.9 - '+VIEWS' Remote Client-Side Buffer Overflow Gopher 3.0.9 - '+VIEWS' Client-Side Buffer Overflow XMail 1.21 - '-t' Command Line Option Buffer Overflow / Privilege Escalation XMail 1.21 - '-t' Command Line Option Local Buffer Overflow / Local Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation Microsoft Excel - Remote Code Execution Microsoft Excel - Code Execution HP-UX 11i - 'swpackage' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swpackage' Local Stack Overflow / Local Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation News Rover 12.1 Rev 1 - Remote Stack Overflow (1) News Rover 12.1 Rev 1 - Stack Overflow (1) News Rover 12.1 Rev 1 - Remote Stack Overflow (2) News Rover 12.1 Rev 1 - Stack Overflow (2) FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation Apple Mac OSX - mount_smbfs Stack Based Buffer Overflow Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit) MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Buffer Overflows Libmodplug - 's3m' Remote Buffer Overflow Libmodplug - 's3m' Buffer Overflow Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin) Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) Microsoft Visio 2002 - '.DXF' File Stack based Overflow Microsoft Visio 2002 - '.DXF' Local Stack Overflow AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit) AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit) Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Local Privilege Escalation BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (3) S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Local Privilege Escalation Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Local Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Local Privilege Escalation Internet Download Manager - Stack Based Buffer Overflow Internet Download Manager - Local Stack Buffer Overflow AFD 1.2.x - Working Directory Local Buffer Overflow / Privilege Escalation AFD 1.2.x - Working Directory Local Buffer Overflow / Local Privilege Escalation mcrypt 2.5.8 - Stack Based Overflow mcrypt 2.5.8 - Local Stack Overflow Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow / Privilege Escalation (MS04-020) Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation (1) Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1) Winamp 5.12 - '.m3u' Stack Based Buffer Overflow Winamp 5.12 - '.m3u' Local Stack Buffer Overflow RealNetworks RealOne Player/RealPlayer - '.RM' Local Stack Buffer Overflow KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow Super Player 3500 - '.m3u' Local Stack Based Buffer Overflow Super Player 3500 - '.m3u' Local Stack Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Based Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Buffer Overflow MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Based Buffer Overflow MuPDF 1.3 - Stack Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Based Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Local Privilege Escalation BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Privilege Escalation Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow Sim Editor 6.6 - Stack Based Buffer Overflow Sim Editor 6.6 - Local Stack Buffer Overflow Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022) Microsoft Word - Local Machine Zone Code Execution (MS15-022) Symantec Encryption Desktop 10 - Local Buffer Overflow / Privilege Escalation Symantec Encryption Desktop 10 - Local Buffer Overflow / Local Privilege Escalation AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (2) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2) Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042) Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042) TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow NRSS Reader 0.3.9 - Local Stack Based Overflow NRSS Reader 0.3.9 - Local Stack Overflow Linux - ecryptfs and /proc/$pid/environ Privilege Escalation Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099) Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099) NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow Callback / Privilege Escalation NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout) Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit) PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution PDF-XChange Viewer 2.5 Build 314.0 - Code Execution Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (2) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2) UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation macOS High Sierra - Root Privilege Escalation (Metasploit) lftp 2.6.9 - Remote Stack based Overflow lftp 2.6.9 - Remote Stack Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack/SEH Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack Overflow (SEH) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit) Microsoft MPEG Layer-3 Audio - Stack Overflow (MS10-026) (Metasploit) Citrix Gateway - ActiveX Control Stack Based Buffer Overflow (Metasploit) Citrix Gateway - ActiveX Control Stack Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack Buffer Overflow (Metasploit) Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (3) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (3) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (2) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities RealNetworks RealOne Player/RealPlayer - '.RM' File Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Based Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Buffer Overflow Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow Vim - 'mch_expand_wildcards()' Heap Buffer Overflow Acunetix 8 build 20120704 - Remote Stack Based Overflow Acunetix 8 build 20120704 - Remote Stack Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Based Buffer Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Based Buffer Overflow Stub TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub glibc - 'getaddrinfo' Stack Based Buffer Overflow glibc - 'getaddrinfo' Remote Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities R2/Extreme 1.65 - Stack Based Buffer Overflow / Directory Traversal R2/Extreme 1.65 - Stack Buffer Overflow / Directory Traversal Alligra Calligra - Heap Based Buffer Overflow Alligra Calligra - Heap Buffer Overflow Aloaha PDF Suite - Stack Based Buffer Overflow Aloaha PDF Suite - Remote Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit) ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit) pfSense - Authenticated Group Member Remote Command Execution (Metasploit) Almnzm - 'COOKIE: customer' SQL Injection Tutorialms 1.4 (show) - SQL Injection Tutorialms 1.4 - 'show' SQL Injection osCommerce 2.3.4.1 - Arbitrary File Upload Knowledge Base Enterprise Edition 4.62.00 - SQL Injection Knowledge Base Enterprise Edition 4.62.0 - SQL Injection WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload phpDolphin 2.0.5 - Multiple Vulnerabilities OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities AbanteCart 1.2.7 - Cross-Site Scripting MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection Synology StorageManager 5.2 - Remote Root Command Execution Synology StorageManager 5.2 - Root Remote Command Execution WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal	2017-12-01 10:57:46 +00:00
Offensive Security	d304cc3d3e	DB: 2017-11-24 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00

50 commits