exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	afe5797b88	DB: 2020-03-03 12 changes to exploits/shellcodes Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH) Wing FTP Server 6.2.3 - Privilege Escalation Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow Joplin Desktop 1.0.184 - Cross-Site Scripting Netis WF2419 2.2.36123 - Remote Code Execution Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware) Wing FTP Server 6.2.5 - Privilege Escalation TP LINK TL-WR849N - Remote Code Execution Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload) Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)	2020-03-03 05:01:48 +00:00
Offensive Security	228a37da9c	DB: 2020-02-18 15 changes to exploits/shellcodes HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path Cuckoo Clock v5.0 - Buffer Overflow Anviz CrossChex - Buffer Overflow (Metasploit) SOPlanning 1.45 - 'by' SQL Injection Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Avaya Aura Communication Manager 5.2 - Remote Code Execution Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User) WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting SOPlanning 1.45 - Cross-Site Request Forgery (Add User) SOPlanning 1.45 - 'users' SQL Injection LabVantage 8.3 - Information Disclosure	2020-02-18 05:01:54 +00:00
Offensive Security	ea7a01d8fb	DB: 2020-02-12 18 changes to exploits/shellcodes Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC) Sudo 1.8.25p - Buffer Overflow Torrent iPod Video Converter 1.51 - Stack Overflow DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path Disk Savvy Enterprise 12.3.18 - Unquoted Service Path Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow Sudo 1.8.25p - 'pwfeedback' Buffer Overflow OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution Microsoft SharePoint - Deserialization Remote Code Execution CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit)	2020-02-12 05:01:58 +00:00
Offensive Security	e3e102da5b	DB: 2019-12-21 4 changes to exploits/shellcodes Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC) FreeSWITCH 1.10.1 - Command Execution phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting	2019-12-21 05:01:57 +00:00
Offensive Security	30a6a01b6c	DB: 2019-12-07 3 changes to exploits/shellcodes Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Verot 2.0.3 - Remote Code Execution	2019-12-07 05:02:08 +00:00
Offensive Security	c8181201fd	DB: 2019-11-13 38 changes to exploits/shellcodes Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH) Wondershare Application Framework Service - _WsAppService_ Unquote Service Path eMerge E3 Access Controller 4.6.07 - Remote Code Execution eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit) CBAS-Web 19.0.0 - Information Disclosure Prima FlexAir Access Control 2.3.38 - Remote Code Execution Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting eMerge E3 1.00-06 - Unauthenticated Directory Traversal eMerge E3 1.00-06 - Privilege Escalation eMerge E3 1.00-06 - Remote Code Execution eMerge E3 1.00-06 - Cross-Site Request Forgery Atlassian Confluence 6.15.1 - Directory Traversal eMerge E3 1.00-06 - Arbitrary File Upload eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting eMerge50P 5000P 4.6.07 - Remote Code Execution CBAS-Web 19.0.0 - Remote Code Execution CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin) CBAS-Web 19.0.0 - Username Enumeration CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection Joomla 3.9.13 - 'Host' Header Injection Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Prima Access Control 2.3.35 - Arbitrary File Upload Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit) Optergy 2.3.0a - Remote Code Execution FlexAir Access Control 2.4.9api3 - Remote Code Execution Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin) Optergy 2.3.0a - Username Disclosure Optergy 2.3.0a - Remote Code Execution (Backdoor) Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting FlexAir Access Control 2.3.35 - Authentication Bypass Bematech Printer MP-4200 - Denial of Service	2019-11-13 05:01:43 +00:00
Offensive Security	7e9d444235	DB: 2019-11-12 8 changes to exploits/shellcodes iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC) iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table) _GCafé 3.0 - 'gbClienService' Unquoted Service Path Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path XML Notepad 2.8.0.4 - XML External Entity Injection	2019-11-12 05:01:40 +00:00
Offensive Security	577557762c	DB: 2019-11-05 6 changes to exploits/shellcodes Apple macOS 10.15.1 - Denial of Service (PoC) Aida64 6.10.5200 - Buffer Overflow (SEH) OpenVPN Connect 3.0.0.272 - 'agent_ovpnconnect' Unquoted Service Path Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit) Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow	2019-11-05 05:01:42 +00:00
Offensive Security	595ac97a33	DB: 2019-10-30 6 changes to exploits/shellcodes Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass rConfig 3.9.2 - Remote Code Execution Wordpress 5.2.4 - Cross-Origin Resource Sharing	2019-10-30 05:01:40 +00:00
Offensive Security	6d83c21135	DB: 2019-10-18 8 changes to exploits/shellcodes BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Serive Path ThinVNC 1.0b1 - Authentication Bypass Wordpress FooGallery 1.8.12 - Persistent Cross-Site Scripting Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution	2019-10-18 05:01:45 +00:00
Offensive Security	bfcf0daec9	DB: 2019-10-08 8 changes to exploits/shellcodes logrotten 3.15.1 - Privilege Escalation ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP) CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation freeFTP 1.0.8 - Remote Buffer Overflow Joomla 3.4.6 - 'configuration.php' Remote Code Execution Zabbix 4.2 - Authentication Bypass Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload	2019-10-08 05:01:48 +00:00
Offensive Security	d1bcd4121d	DB: 2019-10-04 5 changes to exploits/shellcodes Mobatek MobaXterm 12.1 - Buffer Overflow (SEH) Mobatek MobaXterm 12.1 - Buffer Overflow (SEH) mintinstall 7.9.9 - Code Execution AnchorCMS < 0.12.3a - Information Disclosure	2019-10-04 05:01:47 +00:00
Offensive Security	ee1067a45b	DB: 2019-10-03 3 changes to exploits/shellcodes Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit) Detrix EDMS 1.2.3.1505 - SQL Injection	2019-10-03 05:01:46 +00:00
Offensive Security	4802945877	DB: 2019-09-28 10 changes to exploits/shellcodes Mobatek MobaXterm 12.1 - Buffer Overflow (SEH) thesystem App 1.0 - Persistent Cross-Site Scripting InoERP 0.7.2 - Persistent Cross-Site Scripting thesystem App 1.0 - 'server_name' SQL Injection thesystem App 1.0 - 'username' SQL Injection V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting	2019-09-28 05:01:47 +00:00
Offensive Security	d7ea903400	DB: 2019-09-25 7 changes to exploits/shellcodes DeviceViewer 3.12.0.1 - 'creating user' Denial of Service Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow File Sharing Wizard 1.5.0 - POST SEH Overflow Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit) Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection	2019-09-25 05:04:03 +00:00
Offensive Security	d1ba848ff5	DB: 2019-08-06 4 changes to exploits/shellcodes macOS iMessage - Heap Overflow when Deserializing Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit) ARMBot Botnet - Arbitrary Code Execution	2019-08-06 05:02:23 +00:00
Offensive Security	40febc17ca	DB: 2019-07-18 5 changes to exploits/shellcodes WinMPG iPod Convert 3.0 - 'Register' Denial of Service Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting	2019-07-18 05:02:15 +00:00
Offensive Security	70a1295bcf	DB: 2019-07-06 2 changes to exploits/shellcodes Microsoft Exchange 2003 - base64-MIME Remote Code Execution WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC) Karenderia Multiple Restaurant System 5.3 - Local File Inclusion	2019-07-06 05:01:54 +00:00
Offensive Security	1a13989f12	DB: 2019-07-04 5 changes to exploits/shellcodes Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit) Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit) AZADMIN CMS 1.0 - SQL Injection WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection Symantec DLP 15.5 MP1 - Cross-Site Scripting Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)	2019-07-04 05:01:54 +00:00
Offensive Security	0e66e648a7	DB: 2019-06-22 1 changes to exploits/shellcodes EA Origin < 10.5.38 - Remote Code Execution	2019-06-22 05:01:55 +00:00
Offensive Security	e76aee5eaf	DB: 2019-06-06 4 changes to exploits/shellcodes Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit) LibreNMS - addhost Command Injection (Metasploit) Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery	2019-06-06 05:01:56 +00:00
Offensive Security	1a6935f64a	DB: 2019-05-29 3 changes to exploits/shellcodes Microsoft Windows - 'Win32k' Local Privilege Escalation EquityPandit 1.0 - Password Disclosure Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass Phraseanet < 4.0.7 - Cross-Site Scripting	2019-05-29 05:01:59 +00:00
Offensive Security	76aff025ee	DB: 2019-05-25 9 changes to exploits/shellcodes Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC) Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC) Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC) Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC) Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC) Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC) Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC	2019-05-25 05:01:58 +00:00
Offensive Security	5a4d21a1cf	DB: 2019-05-09 9 changes to exploits/shellcodes jetAudio 8.1.7.20702 Basic - 'Enter URL' Denial of Service (PoC) MiniFtp - 'parseconf_load_setting' Buffer Overflow Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE) Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit) PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit) Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit) NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass Linux/x86 - execve /bin/sh Shellcode (20 bytes)	2019-05-09 05:02:02 +00:00
Offensive Security	79a9df09f0	DB: 2019-05-07 13 changes to exploits/shellcodes iOS 12.1.3 - 'cfprefsd' Memory Corruption Windows PowerShell ISE - Remote Code Execution NSClient++ 0.5.2.35 - Privilege Escalation Windows PowerShell ISE - Remote Code Execution LG Supersign EZ CMS - Remote Code Execution (Metasploit) Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter) ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution PHPads 2.0 - 'click.php3?bannerID' SQL Injection microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes) Linux/x86 - shred file Shellcode (72 bytes)	2019-05-07 05:01:58 +00:00
Offensive Security	f3c28b3d62	DB: 2019-05-01 23 changes to exploits/shellcodes SpotAuditor 3.6.7 - Denial of Service (PoC) SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC) SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC) Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter) IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter) DeviceViewer 3.12.0.1 - 'user' SEH Overflow Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit) AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit) Pimcore < 5.71 - Unserialize RCE (Metasploit) Netgear DGN2200 / DGND3700 - Admin Password Disclosure Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Joomla! Component ARI Quiz 3.7.4 - SQL Injection Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery HumHub 1.3.12 - Cross-Site Scripting Spring Cloud Config 2.1.x - Path Traversal (Metasploit) Domoticz 4.10577 - Unauthenticated Remote Command Execution Joomla! Component JiFile 2.3.1 - Arbitrary File Download Hyvikk Fleet Manager - Shell Upload Agent Tesla Botnet - Information Disclosure Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution	2019-05-01 05:02:01 +00:00
Offensive Security	ab955a9b5d	DB: 2019-04-19 5 changes to exploits/shellcodes Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC) Evernote 7.9 - Code Execution via Path Traversal LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit) ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)	2019-04-19 05:02:10 +00:00
Offensive Security	5e1aca383e	DB: 2019-04-18 5 changes to exploits/shellcodes ASUS HG100 - Denial of Service DHCP Server 2.5.2 - Denial of Service (PoC) Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4 Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow	2019-04-18 05:01:57 +00:00
Offensive Security	0d739de6f9	DB: 2019-04-16 13 changes to exploits/shellcodes UltraVNC Viewer 1.2.2.4 - 'VNC Server' Denial of Service (PoC) UltraVNC Launcher 1.2.2.4 - 'Path' Denial of Service (PoC) MailCarrier 2.51 - 'RCPT TO' Buffer Overflow RemoteMouse 3.008 - Arbitrary Remote Command Execution CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit) MailCarrier 2.51 - POP3 'USER' Buffer Overflow MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit) Manage Engine ServiceDesk Plus 10.0 - Privilege Escalation DirectAdmin 1.561 - Multiple Vulnerabilities Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes) Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)	2019-04-16 05:02:04 +00:00
Offensive Security	764ac4bf5c	DB: 2019-04-03 13 changes to exploits/shellcodes AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow Mozilla Firefox 3 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting Vulnerabilities Google Chrome 0.2.149 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting Vulnerabilities Inout EasyRooms - SQL Injection Inout RealEstate - 'city' SQL Injection WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery LimeSurvey < 3.16 - Remote Code Execution CMS Made Simple < 2.2.10 - SQL Injection Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting phpFileManager 1.7.8 - Local File Inclusion	2019-04-03 05:02:02 +00:00
Offensive Security	790034e7df	DB: 2019-03-16 7 changes to exploits/shellcodes Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow NetData 1.13.0 - HTML Injection CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload ICE HRM 23.0 - Multiple Vulnerabilities Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Laundry CMS - Multiple Vulnerabilities Moodle 3.4.1 - Remote Code Execution	2019-03-16 05:01:58 +00:00
Offensive Security	b4e61d43c1	DB: 2019-03-15 6 changes to exploits/shellcodes Microsoft Windows - .reg File / Dialog Box Message Spoofing Microsoft Windows - '.reg' File / Dialog Box Message Spoofing FTPGetter Standard 5.97.0.177 - Remote Code Execution Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password) Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution	2019-03-15 05:01:51 +00:00
Offensive Security	c5fbc00e3e	DB: 2019-03-14 8 changes to exploits/shellcodes Microsoft Windows - .reg File / Dialog Box Message Spoofing Core FTP Server FTP / SFTP Server v2 Build 674 - 'MDTM' Directory Traversal Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal Microsoft Windows MSHTML Engine - _Edit_ Remote Code Execution elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit) Apache Tika-server < 1.18 - Command Injection WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting	2019-03-14 05:01:58 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	e2ed64fffa	DB: 2019-02-23 5 changes to exploits/shellcodes WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter Nuuo Central Management - Authenticated SQL Server SQL Injection (Metasploit) Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation Teracue ENC-400 - Command Injection / Missing Authentication	2019-02-23 05:01:55 +00:00
Offensive Security	cd868436ff	DB: 2019-02-19 25 changes to exploits/shellcodes Realterm Serial Terminal 2.0.0.70 - Denial of Service Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH) NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC) Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers qdPM 9.1 - 'type' Cross-Site Scripting qdPM 9.1 - 'search[keywords]' Cross-Site Scripting Master IP CAM 01 3.3.4.2103 - Remote Command Execution MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module CMSsite 1.0 - 'post' SQL Injection M/Monit 3.7.2 - Privilege Escalation Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload Apache CouchDB 2.3.0 - Cross-Site Scripting ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)	2019-02-19 05:02:08 +00:00
Offensive Security	9e738d6dae	DB: 2019-01-23 3 changes to exploits/shellcodes CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt Microsoft Windows VCF or Contact' File - URL Manipulation-Spoof Arbitrary Code Execution PHP Dashboards NEW 5.8 - Local File Inclusion PHP Uber-style GeoTracking 1.1 - SQL Injection Adianti Framework 5.5.0 - SQL Injection PHP Dashboards NEW 5.8 - Local File Inclusion PHP Uber-style GeoTracking 1.1 - SQL Injection Adianti Framework 5.5.0 - SQL Injection Joomla! Component Easy Shop 1.2.3 - Local File Inclusion	2019-01-23 05:01:52 +00:00
Offensive Security	c6ebf8bc23	DB: 2018-12-19 10 changes to exploits/shellcodes VMware Fusion 2.0.5 - vmx86 kext Local Buffer Overflow (PoC) Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write AnyBurn 4.3 - Local Buffer Overflow Denial of Service Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service MegaPing - Local Buffer Overflow Denial of Service Exim 4.41 - 'dns_build_reverse' Local Exim 4.41 - 'dns_build_reverse' Local Buffer Overflow Microsoft Jet Database - 'msjet40.dll' Reverse Shell (2) Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2) Microsoft Windows Server 2003 - Token Kidnapping Local Microsoft Windows Server 2003 - Token Kidnapping Local Privilege Escalation VMware Fusion 2.0.5 - vmx86 kext Local Nsauditor 3.0.28.0 - Local SEH Buffer Overflow Google Android 2.0 < 2.1 - Reverse Shell Google Android 2.0 < 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222/TCP) MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method SDL Web Content Manager 8.5.0 - XML External Entity Injection	2018-12-19 05:01:45 +00:00
Offensive Security	9bd9fb0da3	DB: 2018-12-11 2 changes to exploits/shellcodes Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting	2018-12-11 05:01:44 +00:00
Offensive Security	60710bbfd9	DB: 2018-12-05 19 changes to exploits/shellcodes Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption Wireshark - 'find_signature' Heap Out-of-Bounds Read Xorg X11 Server (AIX) - Local Privilege Escalation Emacs - movemail Privilege Escalation (Metasploit) OpenSSH < 7.7 - User Enumeration (2) HP Intelligent Management - Java Deserialization RCE (Metasploit) Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage KeyBase Botnet 1.5 - SQL Injection Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting NUUO NVRMini2 3.9.1 - Authenticated Command Injection DomainMOD 4.11.01 - Registrar Cross-Site Scripting FreshRSS 1.11.1 - Cross-Site Scripting Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)	2018-12-05 05:01:44 +00:00
Offensive Security	0a4925cc93	DB: 2018-12-04 10 changes to exploits/shellcodes Mozilla Firefox 63.0.1 - Denial of Service (PoC) Budabot 4.0 - Denial of Service (PoC) CyberArk 9.7 - Memory Disclosure Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Apache Superset 0.23 - Remote Code Execution Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting	2018-12-04 05:01:48 +00:00
Offensive Security	dfd1e454e1	DB: 2018-11-28 10 changes to exploits/shellcodes MariaDB Client 10.1.26 - Denial of Service (PoC) Arm Whois 3.11 - Buffer Overflow (ASLR) Xorg X11 Server - SUID privilege escalation (Metasploit) ELBA5 5.8.0 - Remote Code Execution Netgear Devices - Unauthenticated Remote Command Execution (Metasploit) Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting Ticketly 1.0 - 'kind_id' SQL Injection No-Cms 1.0 - 'order_by' SQL Injection Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal	2018-11-28 11:08:29 +00:00
Offensive Security	832a222df4	DB: 2018-10-26 21 changes to exploits/shellcodes ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC) BORGChat 1.0.0 build 438 - Denial of Service (PoC) libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer Adult Filter 1.0 - Buffer Overflow (SEH) WebEx - Local Service Permissions Exploit (Metasploit) exim 4.90 - Remote Code Execution ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write exim 4.90 - Remote Code Execution WebExec - Authenticated User Code Execution (Metasploit) ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Ekushey Project Manager CRM 3.1 - Cross-Site Scripting phptpoint Pharmacy Management System 1.0 - 'username' SQL injection phptpoint Hospital Management System 1.0 - 'user' SQL injection Simple Chat System 1.0 - 'id' SQL Injection Delta Sql 1.8.2 - Arbitrary File Upload User Management 1.1 - Cross-Site Scripting ClipBucket 2.8 - 'id' SQL Injection Simple POS and Inventory 1.0 - 'cat' SQL Injection AiOPMSD Final 1.0.0 - 'q' SQL Injection AjentiCP 1.2.23.13 - Cross-Site Scripting MPS Box 0.1.8.0 - 'uuid' SQL Injection Open STA Manager 2.3 - Arbitrary File Download	2018-10-26 05:01:46 +00:00
Offensive Security	635345499a	DB: 2018-10-18 15 changes to exploits/shellcodes Git Submodule - Arbitrary Code Execution Git Submodule - Arbitrary Code Execution (PoC) Any Sound Recorder 2.93 - Buffer Overflow (SEH) Git Submodule - Arbitrary Code Execution Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials BigTree CMS 4.2.23 - Cross-Site Scripting Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin) TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Time and Expense Management System 3.0 - 'table' SQL Injection	2018-10-18 05:01:46 +00:00
Offensive Security	731dd0f423	DB: 2018-10-16 22 changes to exploits/shellcodes Snes9K 0.0.9z - Buffer Overflow (SEH) NoMachine < 5.3.27 - Remote Code Execution MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection FLIR Brickstream 3D+ - RTSP Stream Disclosure FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure CAMALEON CMS 2.4 - Cross-Site Scripting Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin) AlchemyCMS 4.1 - Cross-Site Scripting FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution College Notes Management System 1.0 - 'user' SQL Injection Advanced HRM 1.6 - Remote Code Execution Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities Academic Timetable Final Build 7.0 - Information Disclosure KORA 2.7.0 - 'cid' SQL Injection	2018-10-16 05:01:45 +00:00
Offensive Security	6fe17058fb	DB: 2018-10-10 15 changes to exploits/shellcodes Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass Microsoft Edge Chakra JIT - Type Confusion Seqrite End Point Security 7.4 - Privilege Escalation Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass) 360 3.5.0.1033 - Sandbox Escape ghostscript - executeonly Bypass with errorhandler Setup ifwatchd - Privilege Escalation (Metasploit) FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH) Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit) Wikidforum 2.20 - 'select_sort' SQL Injection Wikidforum 2.20 - 'message_id' SQL Injection Monstra 3.0.4 - Cross-Site Scripting	2018-10-10 05:01:44 +00:00
Offensive Security	a54a696d48	DB: 2018-09-29 2 changes to exploits/shellcodes Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation PCProtect 4.8.35 - Privilege Escalation Microsoft Edge - Sandbox Escape	2018-09-29 05:01:58 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	29542c36ab	DB: 2018-09-19 7 changes to exploits/shellcodes Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC) Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit) NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet) Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution HongCMS 3.0.0 - SQL Injection HongCMS 3.0.0 - (Authenticated) SQL Injection Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)	2018-09-19 05:01:45 +00:00
Offensive Security	1e34c2b6a5	DB: 2018-08-14 11 changes to exploits/shellcodes IP Finder 1.5 - Denial of Service (PoC) Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC) PLC Wireless Router GPN2.4P21-C-CN - Denial of Service Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC) Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow PostgreSQL 9.4-0.5.3 - Privilege Escalation Android - Directory Traversal over USB via Injection in blkid Output Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit) Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking) Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking) IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)	2018-08-14 05:01:45 +00:00

1 2

98 commits