bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/webapps
History
Offensive Security ccea007282 DB: 2020-05-01 
81 changes to exploits/shellcodes

WordPress 2.9 - Denial of Service
WordPress Core 2.9 - Denial of Service

Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)

IBM AIX 4.3.1 - 'adb' Denial of Service

Jzip -  Buffer Overflow (PoC) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
WordPress 4.0 - Denial of Service
WordPress < 4.0.1 - Denial of Service
WordPress Core 4.0 - Denial of Service
WordPress Core < 4.0.1 - Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

PHPFreeChat 1.7 - Denial of Service

XenForo 2 - CSS Loader Denial of Service

MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)

Windows PowerShell - Unsanitized Filename Command Execution
Microsoft Windows PowerShell - Unsanitized Filename Command Execution

QEMU - Denial of Service

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

FTP Navigator 8.03 -  'Custom Command' Denial of Service (SEH)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

FTPGetter Professional 5.97.0.223 -  Denial of Service (PoC)
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)

Tautulli 2.1.9 - Denial of Service (Metasploit)

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Cisco IP Phone 11.7 - Denial of service (PoC)

PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions  Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass

IBM AIX 4.3.1 - 'adb' Denial of Service

Systrace 1.x (Linux Kernel  x64) - Aware Local Privilege Escalation
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation

Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation

Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Pronestor Health Monitoring < 8.1.11.0  - Privilege Escalation
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation

Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

Linux Kernel 4.8.0-34 < 4.8.0-45  (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation

Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows NTFS - Privileged File Access Enumeration
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
Microsoft Windows NTFS - Privileged File Access Enumeration
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

_GCafé 3.0  - 'gbClienService' Unquoted Service Path
_GCafé 3.0 - 'gbClienService' Unquoted Service Path

Wondershare Application Framework Service - _WsAppService_  Unquote Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)

Bash 5.0 Patch 11 -  SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit

Windows - Shell COM Server Registrar Local Privilege Escalation
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation

Windows Kernel  - Information Disclosure
Microsoft Windows Kernel - Information Disclosure
NVIDIA Update Service Daemon 1.0.21  - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service  1.0.64.7  - 'Andrea ST Filters Service ' Unquoted Service Path
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path

Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)

WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)

Windows PowerShell ISE - Remote Code Execution
Microsoft Windows PowerShell ISE - Remote Code Execution

QEMU - Denial of Service

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

WordPress 1.2 - HTTP Splitting
WordPress Core 1.2 - HTTP Splitting

WordPress 1.5.1.1 - SQL Injection
WordPress Core 1.5.1.1 - SQL Injection

WordPress 1.5.1.1 - 'add new admin' SQL Injection
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection

WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress 1.5.1.3 - Remote Code Execution
WordPress 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress Core 1.5.1.3 - Remote Code Execution
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)

WordPress 2.0.5 - Trackback UTF-7 SQL Injection
WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection

WordPress 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection

WordPress 2.1.2 - 'xmlrpc' SQL Injection
WordPress Core 2.1.2 - 'xmlrpc' SQL Injection

WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing

WordPress 2.2 - 'xmlrpc.php' SQL Injection
WordPress Core 2.2 - 'xmlrpc.php' SQL Injection

WordPress 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload

WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities

WordPress 2.3.1 - Charset SQL Injection
WordPress Core 2.3.1 - Charset SQL Injection

Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection
Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection

WordPress 2.6.1 - SQL Column Truncation
WordPress Core 2.6.1 - SQL Column Truncation

WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)

WordPress 2.8.1 - 'url' Cross-Site Scripting
WordPress Core 2.8.1 - 'url' Cross-Site Scripting

WordPress 2.8.3 - Remote Admin Reset Password
WordPress Core 2.8.3 - Remote Admin Reset Password
WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

WordPress 2.9 - Failure to Restrict URL Access
WordPress Core 2.9 - Failure to Restrict URL Access

Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion

Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection

Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting

Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion

WordPress 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection

WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)

WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)

WordPress 3.1.3 - SQL Injection
WordPress Core 3.1.3 - SQL Injection

WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities

WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting

WordPress 1.5 - 'post.php' Cross-Site Scripting
WordPress Core 1.5 - 'post.php' Cross-Site Scripting

WordPress 2.0 - Comment Post HTML Injection
WordPress Core 2.0 - Comment Post HTML Injection

WordPress 2.0.5 - 'functions.php' Remote File Inclusion
WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion

WordPress 1.x/2.0.x - 'template.php' HTML Injection
WordPress Core 1.x/2.0.x - 'template.php' HTML Injection

WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress 2.1.1 - 'post.php' Cross-Site Scripting
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting
WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress 2.1.1 - Arbitrary Command Execution
WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress Core 2.1.1 - Arbitrary Command Execution
WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution

WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting

WordPress 2.2 - 'Request_URI' Cross-Site Scripting
WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting

WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting

WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting

WordPress 2.3.1 - Unauthorized Post Access
WordPress Core 2.3.1 - Unauthorized Post Access

WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting

WordPress 2.3.3 - 'cat' Directory Traversal
WordPress Core 2.3.3 - 'cat' Directory Traversal

WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 4.2 - Persistent Cross-Site Scripting
WordPress Core 4.2 - Persistent Cross-Site Scripting

WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities

WordPress 3.4.2 - Cross-Site Request Forgery
WordPress Core 3.4.2 - Cross-Site Request Forgery

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery

WordPress 4.5.3 - Directory Traversal / Denial of Service
WordPress Core 4.5.3 - Directory Traversal / Denial of Service

PHPFreeChat 1.7 - Denial of Service
WordPress 4.7.0/4.7.1 - Content Injection (Python)
WordPress 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)

WordPress < 4.7.1 - Username Enumeration
WordPress Core < 4.7.1 - Username Enumeration

WordPress Multiple Plugins - Arbitrary File Upload
Multiple  WordPress Plugins - Arbitrary File Upload

Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download

Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal

Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection

Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
WordPress 4.6 - Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
WordPress Core 4.6 - Remote Code Execution
WordPress Core < 4.7.4 - Unauthorized Password Reset

XenForo 2 - CSS Loader Denial of Service

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion

Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)

Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)

MikroTik 6.41.4 - FTP daemon Denial of Service PoC

Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting

Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla! Component Ek Rishta 2.10 - SQL Injection

Raisecom  XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection

Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection

Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection

Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting

WordPress CherryFramework Themes 3.1.4 - Backup File Download
WordPress Theme CherryFramework 3.1.4 - Backup File Download

WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting

Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing

Jenkins 2.150.2 -  Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Simple Online Hotel Reservation System  - SQL Injection
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

phpBB 3.2.3  - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution

60CycleCMS  - 'news.php' SQL Injection
60CycleCMS - 'news.php' SQL Injection

Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC

WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting

Centreon 19.04  - Remote Code Execution
Centreon 19.04 - Remote Code Execution

WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery

Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection

WordPress 5.2.3 - Cross-Site Host Modification
WordPress Core 5.2.3 - Cross-Site Host Modification

Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution

WordPress Arforms 3.7.1 - Directory Traversal
WordPress Plugin Arforms 3.7.1 - Directory Traversal
WordPress Plugin  FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin  Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin  Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0  - Remote Code Execution
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution

Joomla 3.9.13 - 'Host' Header Injection
Joomla! 3.9.13 - 'Host' Header Injection

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

NopCommerce 4.2.0 -  Privilege Escalation
NopCommerce 4.2.0 - Privilege Escalation

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Online Book Store 1.0 -  'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal ( Metasploit )
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal (Metasploit)

Tautulli 2.1.9 - Denial of Service ( Metasploit )
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass

LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash  LMS 3.1.2 - Reflective Cross-Site Scripting

WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)

Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting

Cacti 1.2.8 - Authenticated  Remote Code Execution
Cacti 1.2.8 - Authenticated Remote Code Execution

Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)

Wordpress Plugin Search Meter 2.13.2 - CSV injection
WordPress Plugin Search Meter 2.13.2 - CSV injection

Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection

Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion

Oracle WebLogic Server 12.2.1.4.0  -  Remote Code Execution
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution

Cisco IP Phone 11.7 - Denial of service (PoC)

Linux/ARM -  Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)

Linux/x86 - Rabbit Encoder Shellcode  (200 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
2020-05-01 05:02:03 +00:00
..
6026.pl DB: 2017-11-24 2017-11-24 20:56:23 +00:00
10261.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
10262.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
10263.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
10426.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
10427.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
10429.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
10430.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
10433.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
10755.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
10756.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
10757.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
14177.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
14818.pl DB: 2017-11-24 2017-11-24 20:56:23 +00:00
16889.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
17941.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
18343.pl DB: 2017-11-24 2017-11-24 20:56:23 +00:00
18797.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
18932.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
19406.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
20037.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
20038.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
20064.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
20706.rb DB: 2019-03-08 2019-03-08 05:01:50 +00:00
20707.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
21836.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
23110.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
24932.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
27776.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
28175.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
28243.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
28558.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
28653.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
28979.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
30085.txt DB: 2018-09-25 2018-09-25 05:01:51 +00:00
30286.txt DB: 2019-03-08 2019-03-08 05:01:50 +00:00
30472.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
32869.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
34086.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
34130.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
34241.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
34672.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
36442.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
36619.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
36689.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
36963.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
37442.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
38383.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
38833.txt DB: 2017-12-02 2017-12-02 05:02:32 +00:00
39500.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
39642.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
40171.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
40180.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
40249.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
40377.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
40378.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41040.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41141.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41223.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41224.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41312.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41414.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41437.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41570.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41628.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41676.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41677.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41697.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41698.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41950.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41962.sh DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41963.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
41976.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
42101.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
42149.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
42187.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
42269.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
42290.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
42306.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
42314.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
42745.py DB: 2017-11-24 2017-11-24 20:56:23 +00:00
42769.rb DB: 2017-11-24 2017-11-24 20:56:23 +00:00
42975.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
42991.txt DB: 2017-11-24 2017-11-24 20:56:23 +00:00
43436.txt DB: 2018-01-06 2018-01-06 05:02:14 +00:00
44039.txt DB: 2018-02-15 2018-02-15 05:01:52 +00:00
44051.md DB: 2018-02-16 2018-02-16 05:01:50 +00:00
44054.md DB: 2018-02-16 2018-02-16 05:01:50 +00:00
44431.txt DB: 2018-04-10 2018-04-10 05:01:53 +00:00
44441.txt DB: 2018-04-11 2018-04-11 05:01:46 +00:00
44498.py DB: 2018-04-26 2018-04-26 05:01:48 +00:00
44543.txt DB: 2018-04-27 2018-04-27 05:01:49 +00:00
44545.py DB: 2018-04-27 2018-04-27 05:01:49 +00:00
44589.txt DB: 2018-05-07 2018-05-07 05:01:44 +00:00
44628.txt DB: 2018-05-17 2018-05-17 05:01:47 +00:00
44640.txt DB: 2018-05-18 2018-05-18 05:01:49 +00:00
44647.txt DB: 2018-05-19 2018-05-19 05:01:48 +00:00
44655.txt DB: 2018-05-19 2018-05-19 05:01:48 +00:00
44667.txt DB: 2018-05-22 2018-05-22 05:01:47 +00:00
44681.txt DB: 2018-05-22 2018-05-22 05:01:47 +00:00
44687.txt DB: 2018-05-23 2018-05-23 05:01:45 +00:00
44698.txt DB: 2018-05-23 2018-05-23 05:01:45 +00:00
44734.txt DB: 2018-05-24 2018-05-24 05:01:50 +00:00
44749.txt DB: 2018-05-25 2018-05-25 05:01:45 +00:00
44751.txt DB: 2018-05-25 2018-05-25 05:01:45 +00:00
44757.txt DB: 2018-05-26 2018-05-26 05:01:44 +00:00
44843.py DB: 2018-06-06 2018-06-06 05:01:46 +00:00
44865.txt DB: 2018-06-09 2018-06-09 05:01:42 +00:00
44902.txt DB: 2018-06-19 2018-06-19 05:01:47 +00:00
44911.txt DB: 2018-06-21 2018-06-21 05:01:44 +00:00
44913.py DB: 2018-06-21 2018-06-21 05:01:44 +00:00
44932.txt DB: 2018-06-26 2018-06-26 05:01:46 +00:00
44951.py DB: 2018-06-28 2018-06-28 05:01:45 +00:00
44999.txt DB: 2018-07-11 2018-07-11 05:01:52 +00:00
45073.txt DB: 2018-08-02 2018-08-02 05:02:43 +00:00
45090.txt DB: 2018-08-10 2018-08-10 05:01:46 +00:00
45094.txt DB: 2018-07-28 2018-07-28 05:01:47 +00:00
45103.txt DB: 2018-08-10 2018-08-10 05:01:46 +00:00
45105.py DB: 2018-07-31 2018-07-31 05:01:47 +00:00
45108.txt DB: 2018-08-10 2018-08-10 05:01:46 +00:00
45167.txt DB: 2018-08-17 2018-08-17 05:02:00 +00:00
45195.rb DB: 2018-08-15 2018-08-15 05:01:45 +00:00
45198.rb DB: 2018-08-18 2018-08-18 05:01:47 +00:00
45202.txt DB: 2018-08-17 2018-08-17 05:02:00 +00:00
45341.py DB: 2018-09-07 2018-09-07 05:01:55 +00:00
45361.py DB: 2018-09-11 2018-09-11 05:01:54 +00:00
45385.txt DB: 2018-09-13 2018-09-13 05:01:52 +00:00
45409.rb DB: 2018-09-15 2018-09-15 05:01:52 +00:00
45437.txt DB: 2018-09-20 2018-09-20 05:01:45 +00:00
45542.py DB: 2018-10-09 2018-10-09 05:01:44 +00:00
45808.txt DB: 2018-11-13 2018-11-13 05:01:42 +00:00
45852.py DB: 2018-11-15 2018-11-15 05:01:40 +00:00
45929.py DB: 2018-12-04 2018-12-04 05:01:48 +00:00
45933.py DB: 2018-12-06 2018-12-06 05:01:45 +00:00
46221.py DB: 2019-01-24 2019-01-24 05:01:41 +00:00
46349.txt DB: 2019-02-12 2019-02-12 05:01:49 +00:00
46352.rb DB: 2019-02-13 2019-02-13 05:01:49 +00:00
46450.txt DB: 2019-02-23 2019-02-23 05:01:55 +00:00
46468.rb DB: 2019-03-01 2019-03-01 05:01:57 +00:00
46629.txt DB: 2019-03-30 2019-03-30 05:02:01 +00:00
46669.txt DB: 2019-04-09 2019-04-09 05:02:03 +00:00
46784.txt DB: 2019-05-01 2019-05-01 12:01:09 +00:00
46811.txt DB: 2019-05-09 2019-05-09 05:02:02 +00:00
47059.txt DB: 2019-07-04 2019-07-04 05:01:54 +00:00
47123.txt DB: 2019-07-17 2019-07-17 05:02:03 +00:00
47124.txt DB: 2019-07-17 2019-07-17 05:02:03 +00:00
47125.txt DB: 2019-07-17 2019-07-17 05:02:03 +00:00
47132.txt DB: 2019-07-18 2019-07-18 05:02:15 +00:00
47136.txt DB: 2019-07-19 2019-07-19 05:02:11 +00:00
47138.py DB: 2019-07-20 2019-07-20 05:02:15 +00:00
47139.txt DB: 2019-07-20 2019-07-20 05:02:15 +00:00
47140.txt DB: 2019-07-20 2019-07-20 05:02:15 +00:00
47141.txt DB: 2019-07-20 2019-07-20 05:02:15 +00:00
47142.txt DB: 2019-07-20 2019-07-20 05:02:15 +00:00
47143.txt DB: 2019-07-20 2019-07-20 05:02:15 +00:00
47144.txt DB: 2019-07-20 2019-07-20 05:02:15 +00:00
47145.txt DB: 2019-07-20 2019-07-20 05:02:15 +00:00
47150.txt DB: 2019-07-23 2019-07-23 05:02:15 +00:00
47293.sh DB: 2019-08-20 2019-08-20 05:02:44 +00:00
47457.py DB: 2019-10-04 2019-10-04 05:01:47 +00:00
47537.txt DB: 2019-10-24 2019-10-24 05:01:42 +00:00
47571.txt DB: 2019-11-02 2019-11-02 05:01:41 +00:00
47900.txt DB: 2020-01-11 2020-01-11 05:02:00 +00:00
47996.py DB: 2020-02-05 2020-02-05 05:02:01 +00:00
48212.txt DB: 2020-03-19 2020-03-19 05:01:49 +00:00
48367.txt DB: 2020-04-23 2020-04-23 05:01:50 +00:00