Permalink
Commits on Nov 21, 2018
  1. DB: 2018-11-21

    Offensive Security
    Offensive Security committed Nov 21, 2018
    4 changes to exploits/shellcodes
    
    macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)
    
    Qpopper 4.0.x - poppassd Privilege Escalation
    Qpopper 4.0.x - 'poppassd' Privilege Escalation
    
    HP-UX 11.0/11.11 - swxxx Privilege Escalation
    HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation
    
    ABRT - raceabrt Privilege Escalation(Metasploit)
    ABRT - 'raceabrt' Privilege Escalation (Metasploit)
    ImageMagick - Memory Leak
    Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
    
    Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
    Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
    Simple E-Document 1.31 - 'username' SQL Injection
    2-Plan Team 1.0.4 - Arbitrary File Upload
    PHP Mass Mail 1.0 - Arbitrary File Upload
    WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
    Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
    Helpdezk 1.1.1 - Arbitrary File Upload
    DomainMOD 4.11.01 - Cross-Site Scripting
    Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
    Simple E-Document 1.31 - 'username' SQL Injection
    2-Plan Team 1.0.4 - Arbitrary File Upload
    PHP Mass Mail 1.0 - Arbitrary File Upload
    WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
    Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
    Helpdezk 1.1.1 - Arbitrary File Upload
    DomainMOD 4.11.01 - Cross-Site Scripting
    Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)
Commits on Nov 20, 2018
  1. DB: 2018-11-20

    Offensive Security
    Offensive Security committed Nov 20, 2018
    3 changes to exploits/shellcodes
    
    XMPlay 3.8.3 - '.m3u' Denial of Service (PoC)
    Microsoft Edge Chakra - OP_Memset Type Confusion
    
    HTML Video Player 1.2.5 - Buffer-Overflow (SEH)
Commits on Nov 18, 2018
  1. DB: 2018-11-18

    Offensive Security
    Offensive Security committed Nov 18, 2018
    4 changes to exploits/shellcodes
    
    systemd - reexec State Injection
    systemd - chown_one() can Dereference Symlinks
    systemd - 'reexec' State Injection
    
    Centos 7.1 / Fedora 22 - abrt Privilege Escalation
    abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation
    
    Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download
    Google Chrome (Fedora 25 / Ubuntu 16.04) - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download
    
    glibc - 'getcwd()' Local Privilege Escalation
    glibc < 2.26 - 'getcwd()' Local Privilege Escalation
    
    Linux Kernel <  4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation
    Linux Kernel <  4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation
    
    systemd - 'chown_one()' Dereference Symlinks
    
    SilverStripe CMS 3.0.2 - Multiple Vulnerabilities
    SilverStripe CMS 3.0.2 - (Multiple Vulnerabilities) Cross-Site Scripting / Cross-Site Request Forgery
    
    EditMe CMS - Cross-Site Request Forgery (Add New Admin)
    EditMe CMS - Cross-Site Request Forgery (Add Admin)
    
    Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure
    WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure
    
    WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User)
    WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)
    
    Drupal < 7.58 - 'drupalgeddon3' (Authenticated) Remote Code Execution (PoC)
    Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)
    
    IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
    IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)
    
    KingMedia 4.1 - Remote Code Execution
    KingMedia 4.1 - File Upload
    
    CMS Made Simple 2.2.7 - Remote Code Execution
    CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution
    
    LibreHealth 2.0.0 - Arbitrary File Actions
    LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
Commits on Nov 17, 2018
  1. DB: 2018-11-17

    Offensive Security
    Offensive Security committed Nov 17, 2018
    6 changes to exploits/shellcodes
    
    Mumsoft Easy Software 2.0 - Denial of Service (PoC)
    Easy Outlook Express Recovery 2.0 - Denial of Service (PoC)
    
    Linux - Broken uid/gid Mapping for Nested User Namespaces
    
    Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
    WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
    Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
    Helpdezk 1.1.1 - Arbitrary File Upload
    DomainMOD 4.11.01 - Cross-Site Scripting
Commits on Nov 16, 2018
  1. DB: 2018-11-16

    Offensive Security
    Offensive Security committed Nov 16, 2018
    21 changes to exploits/shellcodes
    
    Notepad3 1.0.2.350 - Denial of Service (PoC)
    
    PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass
    PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / Disable Functions Bypass
    
    PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass
    PHP 5.2.4 ionCube - 'ioncube_read_file' Safe Mode / Disable Functions Bypass
    
    PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass
    PHP 5.x COM - Safe Mode / Disable Functions Bypass
    
    VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation
    VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation
    
    Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation
    Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation
    
    Libuser - 'roothelper' Privilege Escalation (Metasploit)
    Libuser - 'roothelper' Local Privilege Escalation (Metasploit)
    
    Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)
    Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)
    
    Sun Solaris 11.3 AVS - Local Kernel root Exploit
    Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation
    PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass
    Webkit (Safari) - Universal Cross-site Scripting
    Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting
    
    PHP < 5.6.2 - 'Shellshock' 'disable_functions()' Bypass Command Injection
    PHP < 5.6.2 - 'Shellshock' Safe Mode / Disable Functions Bypass / Command Injection
    
    PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function
    PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' Disable Functions Bypass / Load Dynamic Library
    
    PHP Imagick 3.3.0 - disable_functions Bypass
    Imagick 3.3.0 (PHP 5.4) - Disable Functions Bypass
    Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)
    PHP-Proxy 5.1.0 - Local File Inclusion
    BitZoom 1.0 - 'rollno' SQL Injection
    Net-Billetterie 2.9 - 'login' SQL Injection
    Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection
    EverSync 0.5 - Arbitrary File Download
    Meneame English Pligg 5.8 - 'search' SQL Injection
    Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
    Simple E-Document 1.31 - 'username' SQL Injection
    2-Plan Team 1.0.4 - Arbitrary File Upload
    PHP Mass Mail 1.0 - Arbitrary File Upload
    Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Commits on Nov 15, 2018
  1. DB: 2018-11-15

    Offensive Security
    Offensive Security committed Nov 15, 2018
    15 changes to exploits/shellcodes
    
    AMPPS 2.7 - Denial of Service (PoC)
    Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)
    ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)
    SwitchVPN for macOS 2.1012.03 - Privilege Escalation
    
    Atlassian Jira - Authenticated Upload Code Execution (Metasploit)
    iServiceOnline 1.0 - 'r' SQL Injection
    Helpdezk 1.1.1 - 'query' SQL Injection
    Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
    EdTv 2 - 'id' SQL Injection
    Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
    Advanced Comment System 1.0 - SQL Injection
    Rmedia SMS 1.0 - SQL Injection
    Pedidos 1.0 - SQL Injection
    Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
    DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
Commits on Nov 14, 2018
  1. DB: 2018-11-14

    Offensive Security
    Offensive Security committed Nov 14, 2018
    24 changes to exploits/shellcodes
    
    CuteFTP Mac 3.1 - Denial of Service (PoC)
    Evince 3.24.0 - Command Injection
    Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service
    XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
    xorg-x11-server < 1.20.1 - Local Privilege Escalation
    
    Data Center Audit 2.6.2 - 'username' SQL Injection
    Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
    Paroiciel 11.20 - 'tRecIdListe' SQL Injection
    Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
    Paroiciel 11.20 - 'tRecIdListe' SQL Injection
    The Don 1.0.1 - 'login' SQL Injection
    Facturation System 1.0 - 'modid' SQL Injection
    The Don 1.0.1 - 'login' SQL Injection
    Facturation System 1.0 - 'modid' SQL Injection
    GPS Tracking System 2.12 - 'username' SQL Injection
    ServerZilla 1.0 - 'email' SQL Injection
    GPS Tracking System 2.12 - 'username' SQL Injection
    ServerZilla 1.0 - 'email' SQL Injection
    
    Nominas 0.27 - 'username' SQL Injection
    CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
    Surreal ToDo 0.6.1.2 - SQL Injection
    Surreal ToDo 0.6.1.2 - Local File Inclusion
    Alienor Web Libre 2.0 - SQL Injection
    Musicco 2.0.0 - Arbitrary Directory Download
    Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin)
    Tina4 Stack 1.0.3 - SQL Injection / Database File Download
    Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)
    Easyndexer 1.0 - Arbitrary File Download
    ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)
    Gumbo CMS 0.99 - SQL Injection
    Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection
    ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
    Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload
    Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download
    Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
    Webiness Inventory 2.3 - SQL Injection
    SIPve 0.0.2-R19 - SQL Injection
    
    Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)
Commits on Nov 13, 2018
  1. DB: 2018-11-13

    Offensive Security
    Offensive Security committed Nov 13, 2018
    15 changes to exploits/shellcodes
    
    HeidiSQL 9.5.0.5196 - Denial of Service (PoC)
    CuteFTP 9.3.0.3 - Denial of Service (PoC)
    Mongoose Web Server 6.9 - Denial of Service (PoC)
    Data Center Audit 2.6.2 - 'username' SQL Injection
    TufinOS 2.17 Build 1193 - XML External Entity Injection
    Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
    Paroiciel 11.20 - 'tRecIdListe' SQL Injection
    TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)
    The Don 1.0.1 - 'login' SQL Injection
    Facturation System 1.0 - 'modid' SQL Injection
    Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
    GPS Tracking System 2.12 - 'username' SQL Injection
    ServerZilla 1.0 - 'email' SQL Injection
    D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
    Nominas 0.27 - 'username' SQL Injection
Commits on Nov 10, 2018
  1. DB: 2018-11-10

    Offensive Security
    Offensive Security committed Nov 10, 2018
    2 changes to exploits/shellcodes
    
    Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)
    Microsoft Windows 10 (x86/x64) - WLAN AutoConfig Denial of Service (PoC)
    Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
    Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation
    Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
    Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation
    
    openslp 2.0.0 - Double-Free
    OpenSLP 2.0.0 - Double-Free
    
    Windows Speech Recognition - Buffer Overflow (PoC)
    Microsoft Windows Speech Recognition - Buffer Overflow (PoC)
    
    Microsoft Windows Utility Manager - Local SYSTEM (MS04-011)
    Microsoft Windows Utility Manager - Local Privilege Escalation (MS04-011)
    
    Windows Firewall Control - Unquoted Service Path Privilege Escalation
    Microsoft Windows Firewall Control - Unquoted Service Path Privilege Escalation
    
    Windows DVD Maker 6.1.7 - XML External Entity Injection
    Microsoft Windows DVD Maker 6.1.7 - XML External Entity Injection
    
    Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
    Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
    
    Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
    Microsoft Windows 10  (Build 1703  Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
    
    Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation
    Microsoft Windows Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation
    
    Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation
    Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation
    
    Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
    Microsoft Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
    OpenSLP 2.0.0 - Multiple Vulnerabilities
    Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)
Commits on Nov 8, 2018
  1. DB: 2018-11-08

    Offensive Security
    Offensive Security committed Nov 8, 2018
    1 changes to exploits/shellcodes
    
    Grocery crud 1.6.1 - 'search_field' SQL Injection
    OOP CMS BLOG 1.0 - 'search' SQL Injection
    OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
    LibreHealth 2.0.0 - Arbitrary File Actions
    Grocery crud 1.6.1 - 'search_field' SQL Injection
    OOP CMS BLOG 1.0 - 'search' SQL Injection
    OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
    LibreHealth 2.0.0 - Arbitrary File Actions
    PlayJoom 0.10.1 - 'catid' SQL Injection
Commits on Nov 7, 2018
  1. DB: 2018-11-07

    Offensive Security
    Offensive Security committed Nov 7, 2018
    18 changes to exploits/shellcodes
    
    FaceTime - RTP Video Processing Heap Corruption
    FaceTime - 'readSPSandGetDecoderParams' Stack Corruption
    FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption
    Blue Server 1.1 - Denial of Service (PoC)
    eToolz 3.4.8.0 - Denial of Service (PoC)
    VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)
    Arm Whois 3.11 - Buffer Overflow (SEH)
    libiec61850 1.3 - Stack Based Buffer Overflow
    Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
    blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)
    Morris Worm - fingerd Stack Buffer Overflow (Metasploit)
    
    PHP Proxy 3.0.3 - Local File Inclusion
    
    Voovi Social Networking Script 1.0 - 'user' SQL Injection
    CMS Made Simple 2.2.7 - Remote Code Execution
    OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)
    Grocery crud 1.6.1 - 'search_field' SQL Injection
    OOP CMS BLOG 1.0 - 'search' SQL Injection
    OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
    LibreHealth 2.0.0 - Arbitrary File Actions
Commits on Nov 6, 2018
  1. DB: 2018-11-06

    Offensive Security
    Offensive Security committed Nov 6, 2018
    13 changes to exploits/shellcodes
    
    Softros LAN Messenger 9.2 - Denial of Service (PoC)
    Microsoft Internet Explorer 11 - Null Pointer Dereference
    LiquidVPN 1.36 / 1.37 - Privilege Escalation
    Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
    SiAdmin 1.1 - 'id' SQL Injection
    Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
    WebVet 0.1a - 'id' SQL Injection
    Virgin Media Hub 3.0 Router - Denial of Service (PoC)
    Poppy Web Interface Generator 0.8 - Arbitrary File Upload
    Mongo Web Admin 6.0 - Information Disclosure
    PHP Proxy 3.0.3 - Local File Inclusion
    Royal TS/X - Information Disclosure
    Voovi Social Networking Script 1.0 - 'user' SQL Injection
Commits on Nov 4, 2018
  1. DB: 2018-11-04

    Offensive Security
    Offensive Security committed Nov 4, 2018
    1 changes to exploits/shellcodes
Commits on Nov 3, 2018
  1. DB: 2018-11-03

    Offensive Security
    Offensive Security committed Nov 3, 2018
    9 changes to exploits/shellcodes
    
    WinMTR 0.91 - Denial of Service (PoC)
    CdCatalog 2.3.1 - Denial of Service (PoC)
    Zint Barcode Generator 2.6 - Denial of Service (PoC)
    
    Anviz AIM CrossChex Standard 4.3 - CSV Injection
    Fantastic Blog CMS 1.0 - 'id' SQL Injection
    Jelastic 5.4 - 'host' SQL Injection
    Gate Pass Management System 2.1 - 'login' SQL Injection
    qdPM 9.1 - 'filter_by' SQL Injection
    Yot CMS 3.3.1 - 'aid' SQL Injection
Commits on Nov 2, 2018
  1. DB: 2018-11-02

    Offensive Security
    Offensive Security committed Nov 2, 2018
    3 changes to exploits/shellcodes
    
    Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)
    WebDrive 18.00.5057 - Denial of Service (PoC)
    Arm Whois 3.11 - Denial of Service (PoC)
Commits on Nov 1, 2018
  1. DB: 2018-11-01

    Offensive Security
    Offensive Security committed Nov 1, 2018
    2 changes to exploits/shellcodes
    
    SmartFTP Client 9.0.2615.0 - Denial of Service (PoC)
    
    Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
Commits on Oct 31, 2018
  1. DB: 2018-10-31

    Offensive Security
    Offensive Security committed Oct 31, 2018
    22 changes to exploits/shellcodes
    
    ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
    QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
    SIPp 3.3.990 - Local Buffer Overflow (PoC)
    R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
    xorg-x11-server 1.20.3 - Privilege Escalation
    Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)
    
    Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
    South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
    Electricks eCommerce 1.0 - 'prodid' SQL Injection
    phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
    Webiness Inventory 2.9 - Arbitrary File Upload
    NETGEAR WiFi Router R6120 - Credential Disclosure
    MyBB Downloads 2.0.3 - SQL Injection
    Expense Management 1.0 - Arbitrary File Upload
    University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
    Notes Manager 1.0 - Arbitrary File Upload
    Instagram Clone 1.0 - Arbitrary File Upload
    Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
    Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
    CI User Login and Management 1.0 - Arbitrary File Upload
    
    Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)
Commits on Oct 30, 2018
  1. Merge pull request #123 from etisdew/master

    g0tmi1k committed Oct 30, 2018
    wording change
  2. DB: 2018-10-30

    Offensive Security
    Offensive Security committed Oct 30, 2018
    33 changes to exploits/shellcodes
    
    Navicat 12.0.29 - 'SSH' Denial of Service (PoC)
    AlienIP 2.41 - Denial of Service (PoC)
    Local Server 1.0.9 - Denial of Service (PoC)
    systemd - reexec State Injection
    systemd - chown_one() can Dereference Symlinks
    ASRock Drivers - Privilege Escalation
    Modbus Slave 7.0.0 - Denial of Service (PoC)
    School Equipment Monitoring System 1.0 - 'login' SQL Injection
    Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)
    
    Paramiko 2.4.1 - Authentication Bypass
    Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection
    Grapixel New Media 2 - 'pageref' SQL Injection
    Library Management System 1.0 - 'frmListBooks' SQL Injection
    Open Faculty Evaluation System 7 - 'batch_name' SQL Injection
    Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
    MTGAS  MOGG Web Simulator Script - SQL Injection
    Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
    Curriculum Evaluation System 1.0 - SQL Injection
    Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
    Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection
    School Event Management System 1.0 - SQL Injection
    School Event Management System 1.0 - Arbitrary File Upload
    School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)
    School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
    School Attendance Monitoring System 1.0 - Arbitrary File Upload
    School Attendance Monitoring System 1.0 - SQL Injection
    PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
    RhinOS CMS 3.x - Arbitrary File Download
    E-Negosyo System 1.0 - SQL Injection
    SaltOS Erp Crm 3.1 r8126 - SQL Injection
    SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)
    SaltOS Erp Crm 3.1 r8126 - Database File Download
    K-iwi Framework 1775 - SQL Injection
Commits on Oct 27, 2018
  1. DB: 2018-10-27

    Offensive Security
    Offensive Security committed Oct 27, 2018
    5 changes to exploits/shellcodes
    
    xorg-x11-server < 1.20.3 - Local Privilege Escalation
    Quick Count 2.0 - 'txtInstID' SQL Injection
    MPS Box 0.1.8.0 - Arbitrary File Upload
    Delta Sql 1.8.2 - 'id' SQL Injection
    Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
  2. wording change

    etisdew committed Oct 27, 2018
    Unusual wording in the kali installation.
Commits on Oct 26, 2018
  1. DB: 2018-10-26

    Offensive Security
    Offensive Security committed Oct 26, 2018
    21 changes to exploits/shellcodes
    
    ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)
    BORGChat 1.0.0 build 438 - Denial of Service (PoC)
    
    libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
    Adult Filter 1.0 - Buffer Overflow (SEH)
    WebEx - Local Service Permissions Exploit (Metasploit)
    
    exim 4.90 - Remote Code Execution
    ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
    exim 4.90 - Remote Code Execution
    WebExec - Authenticated User Code Execution (Metasploit)
    
    ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
    Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
    phptpoint Pharmacy Management System 1.0 - 'username' SQL injection
    phptpoint Hospital Management System 1.0 - 'user' SQL injection
    Simple Chat System 1.0 - 'id' SQL Injection
    Delta Sql 1.8.2 - Arbitrary File Upload
    User Management 1.1 - Cross-Site Scripting
    ClipBucket 2.8 - 'id' SQL Injection
    Simple POS and Inventory 1.0 - 'cat' SQL Injection
    AiOPMSD Final 1.0.0 - 'q' SQL Injection
    AjentiCP 1.2.23.13 - Cross-Site Scripting
    MPS Box 0.1.8.0 - 'uuid' SQL Injection
    Open STA Manager 2.3 - Arbitrary File Download
Commits on Oct 25, 2018
  1. DB: 2018-10-25

    Offensive Security
    Offensive Security committed Oct 25, 2018
    15 changes to exploits/shellcodes
    
    Adult Filter 1.0 - Denial of Service (PoC)
    
    Microsoft Data Sharing - Local Privilege Escalation (PoC)
    
    Webmin 1.5 - Web Brute Force (CGI)
    
    exim 4.90 - Remote Code Execution
    School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
    SIM-PKH 2.4.1 - 'id' SQL Injection
    MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
    School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
    SIM-PKH 2.4.1 - 'id' SQL Injection
    MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
    SG ERP 1.0 - 'info' SQL Injection
    Fifa Master XLS 2.3.2 - 'usw' SQL Injection
    Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
    LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
    Apache OFBiz 16.11.04 - XML External Entity Injection
    D-Link Routers - Command Injection
    D-Link Routers - Plaintext Password
    D-Link Routers - Directory Traversal
    
    Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes
Commits on Oct 24, 2018
  1. DB: 2018-10-24

    Offensive Security
    Offensive Security committed Oct 24, 2018
    9 changes to exploits/shellcodes
    
    AudaCity 2.3 - Denial of Service (PoC)
    Audacity 2.3 - Denial of Service (PoC)
    
    ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)
    
    Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass)
    Appsource School Management System 1.0 - 'student_id' SQL Injection
    SIM-PKH 2.4.1 - Arbitrary File Upload
    ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
    School ERP Pro+Responsive 1.0 - Arbitrary File Download
    School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
    SIM-PKH 2.4.1 - 'id' SQL Injection
    MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
Commits on Oct 23, 2018
  1. DB: 2018-10-23

    Offensive Security
    Offensive Security committed Oct 23, 2018
    17 changes to exploits/shellcodes
    
    Modbus Poll 7.2.2 - Denial of Service (PoC)
    AudaCity 2.3 - Denial of Service (PoC)
    Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking
    Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
    Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
    Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
    Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
    Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas
    
    Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
    
    Countly - Persistent Cross-Site Scripting
    Countly - Cross-Site Scripting
    MySQL Edit Table 1.0 - 'id' SQL Injection
    School ERP Ultimate 2018 - Arbitrary File Download
    Oracle Siebel CRM 8.1.1 - CSV Injection
    The Open ISES Project 3.30A - 'tick_lat' SQL Injection
    School ERP Ultimate 2018 - 'fid' SQL Injection
    eNdonesia Portal 8.7 - 'artid' SQL Injection
    The Open ISES Project 3.30A - Arbitrary File Download
    Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
Commits on Oct 20, 2018
  1. DB: 2018-10-20

    Offensive Security
    Offensive Security committed Oct 20, 2018
    1 changes to exploits/shellcodes
    
    libSSH - Authentication Bypass
    
    PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin)
    PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)
Commits on Oct 19, 2018
  1. DB: 2018-10-19

    Offensive Security
    Offensive Security committed Oct 19, 2018
    3 changes to exploits/shellcodes
    
    MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
    HaPe PKH 1.1 - 'id' SQL Injection
    LUYA CMS 1.0.12 - Cross-Site Scripting
    Phoenix Contact WebVisit 2985725 - Authentication Bypass
    HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
    CAMALEON CMS 2.4 - Cross-Site Scripting
    HaPe PKH 1.1 - Arbitrary File Upload
    SugarCRM 6.5.26 - Cross-Site Scripting
    HaPe PKH 1.1 - 'id' SQL Injection
    LUYA CMS 1.0.12 - Cross-Site Scripting
    Phoenix Contact WebVisit 2985725 - Authentication Bypass
    HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
    CAMALEON CMS 2.4 - Cross-Site Scripting
    HaPe PKH 1.1 - Arbitrary File Upload
    SugarCRM 6.5.26 - Cross-Site Scripting
    
    Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection
    Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
    AlchemyCMS 4.1 - Cross-Site Scripting
    Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
    AlchemyCMS 4.1 - Cross-Site Scripting
    
    College Notes Management System 1.0 - 'user' SQL Injection
    Academic Timetable Final Build 7.0 - Information Disclosure
    KORA 2.7.0 - 'cid' SQL Injection
    HotelDruid 2.2.4 - 'anno' SQL Injection
    Navigate CMS 2.8.5 - Arbitrary File Download
    Library CMS 2.1.1 - Cross-Site Scripting
    Kados R10 GreenBee - 'release_id' SQL Injection
    Vishesh Auto Index 3.1 - 'fid' SQL Injection
    WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
    Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
    MV Video Sharing Software 1.2 - 'searchname' SQL Injection
    GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
    Academic Timetable Final Build 7.0 - Information Disclosure
    KORA 2.7.0 - 'cid' SQL Injection
    HotelDruid 2.2.4 - 'anno' SQL Injection
    Navigate CMS 2.8.5 - Arbitrary File Download
    Library CMS 2.1.1 - Cross-Site Scripting
    Kados R10 GreenBee - 'release_id' SQL Injection
    Vishesh Auto Index 3.1 - 'fid' SQL Injection
    WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
    Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
    MV Video Sharing Software 1.2 - 'searchname' SQL Injection
    GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
    
    BigTree CMS 4.2.23 - Cross-Site Scripting
    Learning with Texts 1.6.2 - 'start' SQL Injection
    PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin)
    OwnTicket 1.0 - 'TicketID' SQL Injection
Commits on Oct 18, 2018
  1. DB: 2018-10-18

    Offensive Security
    Offensive Security committed Oct 18, 2018
    15 changes to exploits/shellcodes
    
    Git Submodule - Arbitrary Code Execution
    Git Submodule - Arbitrary Code Execution (PoC)
    Any Sound Recorder 2.93 - Buffer Overflow (SEH)
    Git Submodule - Arbitrary Code Execution
    
    Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)
    
    Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
    Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
    
    FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials
    BigTree CMS 4.2.23 - Cross-Site Scripting
    Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
    TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
    Time and Expense Management System 3.0 - 'table' SQL Injection
Commits on Oct 17, 2018
  1. DB: 2018-10-17

    Offensive Security
    Offensive Security committed Oct 17, 2018
    13 changes to exploits/shellcodes
    
    Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure
    Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
    VLC Media Player - MKV Use-After-Free (Metasploit)
    HotelDruid 2.2.4 - 'anno' SQL Injection
    Navigate CMS 2.8.5 - Arbitrary File Download
    Library CMS 2.1.1 - Cross-Site Scripting
    Kados R10 GreenBee - 'release_id' SQL Injection
    Vishesh Auto Index 3.1 - 'fid' SQL Injection
    WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
    Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
    MV Video Sharing Software 1.2 - 'searchname' SQL Injection
    GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
    Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
Commits on Oct 16, 2018
  1. DB: 2018-10-16

    Offensive Security
    Offensive Security committed Oct 16, 2018
    22 changes to exploits/shellcodes
    
    Snes9K 0.0.9z - Buffer Overflow (SEH)
    
    NoMachine < 5.3.27 - Remote Code Execution
    
    MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
    FLIR Brickstream 3D+ - RTSP Stream Disclosure
    FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure
    
    CAMALEON CMS 2.4 - Cross-Site Scripting
    Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection
    FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure
    FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure
    Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
    AlchemyCMS 4.1 - Cross-Site Scripting
    FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
    College Notes Management System 1.0 - 'user' SQL Injection
    Advanced HRM 1.6 - Remote Code Execution
    Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
    Academic Timetable Final Build 7.0 - Information Disclosure
    KORA 2.7.0 - 'cid' SQL Injection
Commits on Oct 13, 2018
  1. DB: 2018-10-13

    Offensive Security
    Offensive Security committed Oct 13, 2018
    22 changes to exploits/shellcodes
    
    Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection
    Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection
    Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection
    Wikidforum 2.20 - Cross-Site Scripting
    WAGO 750-881 01.09.18 - Cross-Site Scripting
    E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection
    jQuery-File-Upload 9.22.0 - Arbitrary File Upload
    Phoenix Contact WebVisit 6.40.00 - Password Disclosure
    HaPe PKH 1.1 - 'id' SQL Injection
    LUYA CMS 1.0.12 - Cross-Site Scripting
    Phoenix Contact WebVisit 2985725 - Authentication Bypass
    HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
    CAMALEON CMS 2.4 - Cross-Site Scripting
    HaPe PKH 1.1 - Arbitrary File Upload
    SugarCRM 6.5.26 - Cross-Site Scripting
    FluxBB < 1.5.6 - SQL Injection
Commits on Oct 11, 2018
  1. DB: 2018-10-11

    Offensive Security
    Offensive Security committed Oct 11, 2018
    4 changes to exploits/shellcodes
    
    FileZilla 3.33 - Buffer Overflow (PoC)
    
    WhatsApp - RTP Processing Heap Corruption
    
    MicroTik RouterOS < 6.43rc3 - Remote Root
    
    Ektron CMS 9.20 SP2 - Improper Access Restrictions
Commits on Oct 10, 2018
  1. DB: 2018-10-10

    Offensive Security
    Offensive Security committed Oct 10, 2018
    15 changes to exploits/shellcodes
    
    Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass
    Microsoft Edge Chakra JIT - Type Confusion
    
    Seqrite End Point Security 7.4 - Privilege Escalation
    
    Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass)
    
    360 3.5.0.1033 - Sandbox Escape
    ghostscript - executeonly Bypass with errorhandler Setup
    ifwatchd - Privilege Escalation (Metasploit)
    
    FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)
    
    Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit)
    
    Wikidforum 2.20 - 'select_sort' SQL Injection
    
    Wikidforum 2.20 - 'message_id' SQL Injection
    
    Monstra 3.0.4 - Cross-Site Scripting
Commits on Oct 9, 2018
  1. DB: 2018-10-09

    Offensive Security
    Offensive Security committed Oct 9, 2018
    16 changes to exploits/shellcodes
    
    net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)
    net-snmp 5.7.3 - Authenticated Denial of Service (PoC)
    Linux - Kernel Pointer Leak via BPF
    Android - sdcardfs Changes current->fs Without Proper Locking
    360 3.5.0.1033 - Sandbox Escape
    Git Submodule - Arbitrary Code Execution
    Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
    Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
    Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)
    Cisco Prime Infrastructure - Unauthenticated Remote Code Execution
    Unitrends UEB - HTTP API Remote Code Execution (Metasploit)
    Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)
    FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
    Imperva SecureSphere 13 - Remote Command Execution
    
    Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
    Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
Commits on Oct 7, 2018
  1. DB: 2018-10-07

    Offensive Security
    Offensive Security committed Oct 7, 2018
    2 changes to exploits/shellcodes
    
    Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting
    FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure