Permalink
Commits on Dec 11, 2018
  1. DB: 2018-12-11

    Offensive Security
    Offensive Security committed Dec 11, 2018
    2 changes to exploits/shellcodes
    
    Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting
    DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
    Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting
    DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
Commits on Dec 10, 2018
  1. DB: 2018-12-10

    Offensive Security
    Offensive Security committed Dec 10, 2018
    4 changes to exploits/shellcodes
    
    Textpad 8.1.2 - Denial Of Service (PoC)
    i-doit CMDB 1.11.2 - Remote Code Execution
    Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting
    DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
Commits on Dec 6, 2018
  1. DB: 2018-12-06

    Offensive Security
    Offensive Security committed Dec 6, 2018
    2 changes to exploits/shellcodes
    
    ImageMagick - Memory Leak
    Apache Superset 0.23 - Remote Code Execution
    Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
    Apache Superset < 0.23 - Remote Code Execution
    WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
    
    HasanMWB 1.0 - SQL Injection
Commits on Dec 5, 2018
  1. DB: 2018-12-05

    Offensive Security
    Offensive Security committed Dec 5, 2018
    19 changes to exploits/shellcodes
    
    Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
    Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
    Wireshark - 'find_signature' Heap Out-of-Bounds Read
    Xorg X11 Server (AIX) - Local Privilege Escalation
    Emacs - movemail Privilege Escalation (Metasploit)
    OpenSSH < 7.7 - User Enumeration (2)
    HP Intelligent Management - Java Deserialization RCE (Metasploit)
    Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
    DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
    NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
    KeyBase Botnet 1.5 - SQL Injection
    Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
    DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
    DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
    NUUO NVRMini2 3.9.1 - Authenticated Command Injection
    DomainMOD 4.11.01 - Registrar Cross-Site Scripting
    FreshRSS 1.11.1 - Cross-Site Scripting
    
    Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
    Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
Commits on Dec 4, 2018
  1. DB: 2018-12-04

    Offensive Security
    Offensive Security committed Dec 4, 2018
    10 changes to exploits/shellcodes
    
    Mozilla Firefox 63.0.1 - Denial of Service (PoC)
    Budabot 4.0 - Denial of Service (PoC)
    
    CyberArk 9.7 - Memory Disclosure
    Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
    Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
    PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
    Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
    PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
    Apache Superset 0.23 - Remote Code Execution
    Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
Commits on Dec 1, 2018
  1. DB: 2018-12-01

    Offensive Security
    Offensive Security committed Dec 1, 2018
    8 changes to exploits/shellcodes
    
    Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
    VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
    VBScript - 'rtFilter' Out-of-Bounds Read
    HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)
    xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation
    
    Apache Spark - Unauthenticated Command Execution (Metasploit)
    Schneider Electric PLC - Session Calculation Authentication Bypass
    Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
Commits on Nov 30, 2018
  1. DB: 2018-11-30

    Offensive Security
    Offensive Security committed Nov 30, 2018
    8 changes to exploits/shellcodes
    
    WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
    WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion
    WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object
    Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit)
    Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
    Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
    PHP imap_open - Remote Code Execution (Metasploit)
    TeamCity Agent - XML-RPC Command Execution (Metasploit)
Commits on Nov 28, 2018
  1. DB: 2018-11-28

    Offensive Security
    Offensive Security committed Nov 28, 2018
    10 changes to exploits/shellcodes
    
    MariaDB Client 10.1.26 - Denial of Service (PoC)
    Arm Whois 3.11 - Buffer Overflow (ASLR)
    Xorg X11 Server - SUID privilege escalation (Metasploit)
    ELBA5 5.8.0 - Remote Code Execution
    Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
    Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
    WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
    Ticketly 1.0 - 'kind_id' SQL Injection
    No-Cms 1.0 - 'order_by' SQL Injection
    Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
Commits on Nov 22, 2018
  1. DB: 2018-11-22

    Offensive Security
    Offensive Security committed Nov 22, 2018
    4 changes to exploits/shellcodes
    
    macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)
    Apple macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)
    Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)
    Ticketly 1.0 - 'name' SQL Injection
    WordPress CherryFramework Themes 3.1.4 - Backup File Download
    WebOfisi E-Ticaret V4 - 'urun' SQL Injection
Commits on Nov 21, 2018
  1. DB: 2018-11-21

    Offensive Security
    Offensive Security committed Nov 21, 2018
    4 changes to exploits/shellcodes
    
    macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)
    
    Qpopper 4.0.x - poppassd Privilege Escalation
    Qpopper 4.0.x - 'poppassd' Privilege Escalation
    
    HP-UX 11.0/11.11 - swxxx Privilege Escalation
    HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation
    
    ABRT - raceabrt Privilege Escalation(Metasploit)
    ABRT - 'raceabrt' Privilege Escalation (Metasploit)
    ImageMagick - Memory Leak
    Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
    
    Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
    Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
    Simple E-Document 1.31 - 'username' SQL Injection
    2-Plan Team 1.0.4 - Arbitrary File Upload
    PHP Mass Mail 1.0 - Arbitrary File Upload
    WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
    Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
    Helpdezk 1.1.1 - Arbitrary File Upload
    DomainMOD 4.11.01 - Cross-Site Scripting
    Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
    Simple E-Document 1.31 - 'username' SQL Injection
    2-Plan Team 1.0.4 - Arbitrary File Upload
    PHP Mass Mail 1.0 - Arbitrary File Upload
    WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
    Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
    Helpdezk 1.1.1 - Arbitrary File Upload
    DomainMOD 4.11.01 - Cross-Site Scripting
    Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)
Commits on Nov 20, 2018
  1. DB: 2018-11-20

    Offensive Security
    Offensive Security committed Nov 20, 2018
    3 changes to exploits/shellcodes
    
    XMPlay 3.8.3 - '.m3u' Denial of Service (PoC)
    Microsoft Edge Chakra - OP_Memset Type Confusion
    
    HTML Video Player 1.2.5 - Buffer-Overflow (SEH)
Commits on Nov 18, 2018
  1. DB: 2018-11-18

    Offensive Security
    Offensive Security committed Nov 18, 2018
    4 changes to exploits/shellcodes
    
    systemd - reexec State Injection
    systemd - chown_one() can Dereference Symlinks
    systemd - 'reexec' State Injection
    
    Centos 7.1 / Fedora 22 - abrt Privilege Escalation
    abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation
    
    Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download
    Google Chrome (Fedora 25 / Ubuntu 16.04) - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download
    
    glibc - 'getcwd()' Local Privilege Escalation
    glibc < 2.26 - 'getcwd()' Local Privilege Escalation
    
    Linux Kernel <  4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation
    Linux Kernel <  4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation
    
    systemd - 'chown_one()' Dereference Symlinks
    
    SilverStripe CMS 3.0.2 - Multiple Vulnerabilities
    SilverStripe CMS 3.0.2 - (Multiple Vulnerabilities) Cross-Site Scripting / Cross-Site Request Forgery
    
    EditMe CMS - Cross-Site Request Forgery (Add New Admin)
    EditMe CMS - Cross-Site Request Forgery (Add Admin)
    
    Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure
    WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure
    
    WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User)
    WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)
    
    Drupal < 7.58 - 'drupalgeddon3' (Authenticated) Remote Code Execution (PoC)
    Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)
    
    IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
    IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)
    
    KingMedia 4.1 - Remote Code Execution
    KingMedia 4.1 - File Upload
    
    CMS Made Simple 2.2.7 - Remote Code Execution
    CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution
    
    LibreHealth 2.0.0 - Arbitrary File Actions
    LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
Commits on Nov 17, 2018
  1. DB: 2018-11-17

    Offensive Security
    Offensive Security committed Nov 17, 2018
    6 changes to exploits/shellcodes
    
    Mumsoft Easy Software 2.0 - Denial of Service (PoC)
    Easy Outlook Express Recovery 2.0 - Denial of Service (PoC)
    
    Linux - Broken uid/gid Mapping for Nested User Namespaces
    
    Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
    WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
    Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
    Helpdezk 1.1.1 - Arbitrary File Upload
    DomainMOD 4.11.01 - Cross-Site Scripting
Commits on Nov 16, 2018
  1. DB: 2018-11-16

    Offensive Security
    Offensive Security committed Nov 16, 2018
    21 changes to exploits/shellcodes
    
    Notepad3 1.0.2.350 - Denial of Service (PoC)
    
    PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass
    PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / Disable Functions Bypass
    
    PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass
    PHP 5.2.4 ionCube - 'ioncube_read_file' Safe Mode / Disable Functions Bypass
    
    PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass
    PHP 5.x COM - Safe Mode / Disable Functions Bypass
    
    VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation
    VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation
    
    Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation
    Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation
    
    Libuser - 'roothelper' Privilege Escalation (Metasploit)
    Libuser - 'roothelper' Local Privilege Escalation (Metasploit)
    
    Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)
    Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)
    
    Sun Solaris 11.3 AVS - Local Kernel root Exploit
    Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation
    PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass
    Webkit (Safari) - Universal Cross-site Scripting
    Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting
    
    PHP < 5.6.2 - 'Shellshock' 'disable_functions()' Bypass Command Injection
    PHP < 5.6.2 - 'Shellshock' Safe Mode / Disable Functions Bypass / Command Injection
    
    PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function
    PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' Disable Functions Bypass / Load Dynamic Library
    
    PHP Imagick 3.3.0 - disable_functions Bypass
    Imagick 3.3.0 (PHP 5.4) - Disable Functions Bypass
    Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)
    PHP-Proxy 5.1.0 - Local File Inclusion
    BitZoom 1.0 - 'rollno' SQL Injection
    Net-Billetterie 2.9 - 'login' SQL Injection
    Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection
    EverSync 0.5 - Arbitrary File Download
    Meneame English Pligg 5.8 - 'search' SQL Injection
    Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
    Simple E-Document 1.31 - 'username' SQL Injection
    2-Plan Team 1.0.4 - Arbitrary File Upload
    PHP Mass Mail 1.0 - Arbitrary File Upload
    Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Commits on Nov 15, 2018
  1. DB: 2018-11-15

    Offensive Security
    Offensive Security committed Nov 15, 2018
    15 changes to exploits/shellcodes
    
    AMPPS 2.7 - Denial of Service (PoC)
    Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)
    ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)
    SwitchVPN for macOS 2.1012.03 - Privilege Escalation
    
    Atlassian Jira - Authenticated Upload Code Execution (Metasploit)
    iServiceOnline 1.0 - 'r' SQL Injection
    Helpdezk 1.1.1 - 'query' SQL Injection
    Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
    EdTv 2 - 'id' SQL Injection
    Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
    Advanced Comment System 1.0 - SQL Injection
    Rmedia SMS 1.0 - SQL Injection
    Pedidos 1.0 - SQL Injection
    Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
    DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
Commits on Nov 14, 2018
  1. DB: 2018-11-14

    Offensive Security
    Offensive Security committed Nov 14, 2018
    24 changes to exploits/shellcodes
    
    CuteFTP Mac 3.1 - Denial of Service (PoC)
    Evince 3.24.0 - Command Injection
    Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service
    XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
    xorg-x11-server < 1.20.1 - Local Privilege Escalation
    
    Data Center Audit 2.6.2 - 'username' SQL Injection
    Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
    Paroiciel 11.20 - 'tRecIdListe' SQL Injection
    Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
    Paroiciel 11.20 - 'tRecIdListe' SQL Injection
    The Don 1.0.1 - 'login' SQL Injection
    Facturation System 1.0 - 'modid' SQL Injection
    The Don 1.0.1 - 'login' SQL Injection
    Facturation System 1.0 - 'modid' SQL Injection
    GPS Tracking System 2.12 - 'username' SQL Injection
    ServerZilla 1.0 - 'email' SQL Injection
    GPS Tracking System 2.12 - 'username' SQL Injection
    ServerZilla 1.0 - 'email' SQL Injection
    
    Nominas 0.27 - 'username' SQL Injection
    CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
    Surreal ToDo 0.6.1.2 - SQL Injection
    Surreal ToDo 0.6.1.2 - Local File Inclusion
    Alienor Web Libre 2.0 - SQL Injection
    Musicco 2.0.0 - Arbitrary Directory Download
    Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin)
    Tina4 Stack 1.0.3 - SQL Injection / Database File Download
    Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)
    Easyndexer 1.0 - Arbitrary File Download
    ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)
    Gumbo CMS 0.99 - SQL Injection
    Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection
    ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
    Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload
    Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download
    Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
    Webiness Inventory 2.3 - SQL Injection
    SIPve 0.0.2-R19 - SQL Injection
    
    Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)
Commits on Nov 13, 2018
  1. DB: 2018-11-13

    Offensive Security
    Offensive Security committed Nov 13, 2018
    15 changes to exploits/shellcodes
    
    HeidiSQL 9.5.0.5196 - Denial of Service (PoC)
    CuteFTP 9.3.0.3 - Denial of Service (PoC)
    Mongoose Web Server 6.9 - Denial of Service (PoC)
    Data Center Audit 2.6.2 - 'username' SQL Injection
    TufinOS 2.17 Build 1193 - XML External Entity Injection
    Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
    Paroiciel 11.20 - 'tRecIdListe' SQL Injection
    TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)
    The Don 1.0.1 - 'login' SQL Injection
    Facturation System 1.0 - 'modid' SQL Injection
    Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
    GPS Tracking System 2.12 - 'username' SQL Injection
    ServerZilla 1.0 - 'email' SQL Injection
    D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
    Nominas 0.27 - 'username' SQL Injection
Commits on Nov 10, 2018
  1. DB: 2018-11-10

    Offensive Security
    Offensive Security committed Nov 10, 2018
    2 changes to exploits/shellcodes
    
    Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)
    Microsoft Windows 10 (x86/x64) - WLAN AutoConfig Denial of Service (PoC)
    Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
    Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation
    Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
    Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation
    
    openslp 2.0.0 - Double-Free
    OpenSLP 2.0.0 - Double-Free
    
    Windows Speech Recognition - Buffer Overflow (PoC)
    Microsoft Windows Speech Recognition - Buffer Overflow (PoC)
    
    Microsoft Windows Utility Manager - Local SYSTEM (MS04-011)
    Microsoft Windows Utility Manager - Local Privilege Escalation (MS04-011)
    
    Windows Firewall Control - Unquoted Service Path Privilege Escalation
    Microsoft Windows Firewall Control - Unquoted Service Path Privilege Escalation
    
    Windows DVD Maker 6.1.7 - XML External Entity Injection
    Microsoft Windows DVD Maker 6.1.7 - XML External Entity Injection
    
    Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
    Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
    
    Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
    Microsoft Windows 10  (Build 1703  Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
    
    Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation
    Microsoft Windows Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation
    
    Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation
    Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation
    
    Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
    Microsoft Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
    OpenSLP 2.0.0 - Multiple Vulnerabilities
    Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)
Commits on Nov 8, 2018
  1. DB: 2018-11-08

    Offensive Security
    Offensive Security committed Nov 8, 2018
    1 changes to exploits/shellcodes
    
    Grocery crud 1.6.1 - 'search_field' SQL Injection
    OOP CMS BLOG 1.0 - 'search' SQL Injection
    OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
    LibreHealth 2.0.0 - Arbitrary File Actions
    Grocery crud 1.6.1 - 'search_field' SQL Injection
    OOP CMS BLOG 1.0 - 'search' SQL Injection
    OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
    LibreHealth 2.0.0 - Arbitrary File Actions
    PlayJoom 0.10.1 - 'catid' SQL Injection
Commits on Nov 7, 2018
  1. DB: 2018-11-07

    Offensive Security
    Offensive Security committed Nov 7, 2018
    18 changes to exploits/shellcodes
    
    FaceTime - RTP Video Processing Heap Corruption
    FaceTime - 'readSPSandGetDecoderParams' Stack Corruption
    FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption
    Blue Server 1.1 - Denial of Service (PoC)
    eToolz 3.4.8.0 - Denial of Service (PoC)
    VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)
    Arm Whois 3.11 - Buffer Overflow (SEH)
    libiec61850 1.3 - Stack Based Buffer Overflow
    Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
    blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)
    Morris Worm - fingerd Stack Buffer Overflow (Metasploit)
    
    PHP Proxy 3.0.3 - Local File Inclusion
    
    Voovi Social Networking Script 1.0 - 'user' SQL Injection
    CMS Made Simple 2.2.7 - Remote Code Execution
    OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)
    Grocery crud 1.6.1 - 'search_field' SQL Injection
    OOP CMS BLOG 1.0 - 'search' SQL Injection
    OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
    LibreHealth 2.0.0 - Arbitrary File Actions
Commits on Nov 6, 2018
  1. DB: 2018-11-06

    Offensive Security
    Offensive Security committed Nov 6, 2018
    13 changes to exploits/shellcodes
    
    Softros LAN Messenger 9.2 - Denial of Service (PoC)
    Microsoft Internet Explorer 11 - Null Pointer Dereference
    LiquidVPN 1.36 / 1.37 - Privilege Escalation
    Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
    SiAdmin 1.1 - 'id' SQL Injection
    Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
    WebVet 0.1a - 'id' SQL Injection
    Virgin Media Hub 3.0 Router - Denial of Service (PoC)
    Poppy Web Interface Generator 0.8 - Arbitrary File Upload
    Mongo Web Admin 6.0 - Information Disclosure
    PHP Proxy 3.0.3 - Local File Inclusion
    Royal TS/X - Information Disclosure
    Voovi Social Networking Script 1.0 - 'user' SQL Injection
Commits on Nov 4, 2018
  1. DB: 2018-11-04

    Offensive Security
    Offensive Security committed Nov 4, 2018
    1 changes to exploits/shellcodes
Commits on Nov 3, 2018
  1. DB: 2018-11-03

    Offensive Security
    Offensive Security committed Nov 3, 2018
    9 changes to exploits/shellcodes
    
    WinMTR 0.91 - Denial of Service (PoC)
    CdCatalog 2.3.1 - Denial of Service (PoC)
    Zint Barcode Generator 2.6 - Denial of Service (PoC)
    
    Anviz AIM CrossChex Standard 4.3 - CSV Injection
    Fantastic Blog CMS 1.0 - 'id' SQL Injection
    Jelastic 5.4 - 'host' SQL Injection
    Gate Pass Management System 2.1 - 'login' SQL Injection
    qdPM 9.1 - 'filter_by' SQL Injection
    Yot CMS 3.3.1 - 'aid' SQL Injection
Commits on Nov 2, 2018
  1. DB: 2018-11-02

    Offensive Security
    Offensive Security committed Nov 2, 2018
    3 changes to exploits/shellcodes
    
    Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)
    WebDrive 18.00.5057 - Denial of Service (PoC)
    Arm Whois 3.11 - Denial of Service (PoC)
Commits on Nov 1, 2018
  1. DB: 2018-11-01

    Offensive Security
    Offensive Security committed Nov 1, 2018
    2 changes to exploits/shellcodes
    
    SmartFTP Client 9.0.2615.0 - Denial of Service (PoC)
    
    Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
Commits on Oct 31, 2018
  1. DB: 2018-10-31

    Offensive Security
    Offensive Security committed Oct 31, 2018
    22 changes to exploits/shellcodes
    
    ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
    QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
    SIPp 3.3.990 - Local Buffer Overflow (PoC)
    R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
    xorg-x11-server 1.20.3 - Privilege Escalation
    Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)
    
    Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
    South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
    Electricks eCommerce 1.0 - 'prodid' SQL Injection
    phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
    Webiness Inventory 2.9 - Arbitrary File Upload
    NETGEAR WiFi Router R6120 - Credential Disclosure
    MyBB Downloads 2.0.3 - SQL Injection
    Expense Management 1.0 - Arbitrary File Upload
    University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
    Notes Manager 1.0 - Arbitrary File Upload
    Instagram Clone 1.0 - Arbitrary File Upload
    Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
    Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
    CI User Login and Management 1.0 - Arbitrary File Upload
    
    Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)
Commits on Oct 30, 2018
  1. Merge pull request #123 from etisdew/master

    g0tmi1k committed Oct 30, 2018
    wording change
  2. DB: 2018-10-30

    Offensive Security
    Offensive Security committed Oct 30, 2018
    33 changes to exploits/shellcodes
    
    Navicat 12.0.29 - 'SSH' Denial of Service (PoC)
    AlienIP 2.41 - Denial of Service (PoC)
    Local Server 1.0.9 - Denial of Service (PoC)
    systemd - reexec State Injection
    systemd - chown_one() can Dereference Symlinks
    ASRock Drivers - Privilege Escalation
    Modbus Slave 7.0.0 - Denial of Service (PoC)
    School Equipment Monitoring System 1.0 - 'login' SQL Injection
    Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)
    
    Paramiko 2.4.1 - Authentication Bypass
    Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection
    Grapixel New Media 2 - 'pageref' SQL Injection
    Library Management System 1.0 - 'frmListBooks' SQL Injection
    Open Faculty Evaluation System 7 - 'batch_name' SQL Injection
    Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
    MTGAS  MOGG Web Simulator Script - SQL Injection
    Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
    Curriculum Evaluation System 1.0 - SQL Injection
    Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
    Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection
    School Event Management System 1.0 - SQL Injection
    School Event Management System 1.0 - Arbitrary File Upload
    School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)
    School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
    School Attendance Monitoring System 1.0 - Arbitrary File Upload
    School Attendance Monitoring System 1.0 - SQL Injection
    PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
    RhinOS CMS 3.x - Arbitrary File Download
    E-Negosyo System 1.0 - SQL Injection
    SaltOS Erp Crm 3.1 r8126 - SQL Injection
    SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)
    SaltOS Erp Crm 3.1 r8126 - Database File Download
    K-iwi Framework 1775 - SQL Injection
Commits on Oct 27, 2018
  1. DB: 2018-10-27

    Offensive Security
    Offensive Security committed Oct 27, 2018
    5 changes to exploits/shellcodes
    
    xorg-x11-server < 1.20.3 - Local Privilege Escalation
    Quick Count 2.0 - 'txtInstID' SQL Injection
    MPS Box 0.1.8.0 - Arbitrary File Upload
    Delta Sql 1.8.2 - 'id' SQL Injection
    Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
  2. wording change

    etisdew committed Oct 27, 2018
    Unusual wording in the kali installation.
Commits on Oct 26, 2018
  1. DB: 2018-10-26

    Offensive Security
    Offensive Security committed Oct 26, 2018
    21 changes to exploits/shellcodes
    
    ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)
    BORGChat 1.0.0 build 438 - Denial of Service (PoC)
    
    libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
    Adult Filter 1.0 - Buffer Overflow (SEH)
    WebEx - Local Service Permissions Exploit (Metasploit)
    
    exim 4.90 - Remote Code Execution
    ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
    exim 4.90 - Remote Code Execution
    WebExec - Authenticated User Code Execution (Metasploit)
    
    ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
    Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
    phptpoint Pharmacy Management System 1.0 - 'username' SQL injection
    phptpoint Hospital Management System 1.0 - 'user' SQL injection
    Simple Chat System 1.0 - 'id' SQL Injection
    Delta Sql 1.8.2 - Arbitrary File Upload
    User Management 1.1 - Cross-Site Scripting
    ClipBucket 2.8 - 'id' SQL Injection
    Simple POS and Inventory 1.0 - 'cat' SQL Injection
    AiOPMSD Final 1.0.0 - 'q' SQL Injection
    AjentiCP 1.2.23.13 - Cross-Site Scripting
    MPS Box 0.1.8.0 - 'uuid' SQL Injection
    Open STA Manager 2.3 - Arbitrary File Download
Commits on Oct 25, 2018
  1. DB: 2018-10-25

    Offensive Security
    Offensive Security committed Oct 25, 2018
    15 changes to exploits/shellcodes
    
    Adult Filter 1.0 - Denial of Service (PoC)
    
    Microsoft Data Sharing - Local Privilege Escalation (PoC)
    
    Webmin 1.5 - Web Brute Force (CGI)
    
    exim 4.90 - Remote Code Execution
    School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
    SIM-PKH 2.4.1 - 'id' SQL Injection
    MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
    School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
    SIM-PKH 2.4.1 - 'id' SQL Injection
    MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
    SG ERP 1.0 - 'info' SQL Injection
    Fifa Master XLS 2.3.2 - 'usw' SQL Injection
    Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
    LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
    Apache OFBiz 16.11.04 - XML External Entity Injection
    D-Link Routers - Command Injection
    D-Link Routers - Plaintext Password
    D-Link Routers - Directory Traversal
    
    Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes
Commits on Oct 24, 2018
  1. DB: 2018-10-24

    Offensive Security
    Offensive Security committed Oct 24, 2018
    9 changes to exploits/shellcodes
    
    AudaCity 2.3 - Denial of Service (PoC)
    Audacity 2.3 - Denial of Service (PoC)
    
    ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)
    
    Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass)
    Appsource School Management System 1.0 - 'student_id' SQL Injection
    SIM-PKH 2.4.1 - Arbitrary File Upload
    ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
    School ERP Pro+Responsive 1.0 - Arbitrary File Download
    School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
    SIM-PKH 2.4.1 - 'id' SQL Injection
    MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
Commits on Oct 23, 2018
  1. DB: 2018-10-23

    Offensive Security
    Offensive Security committed Oct 23, 2018
    17 changes to exploits/shellcodes
    
    Modbus Poll 7.2.2 - Denial of Service (PoC)
    AudaCity 2.3 - Denial of Service (PoC)
    Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking
    Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
    Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
    Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
    Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
    Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas
    
    Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
    
    Countly - Persistent Cross-Site Scripting
    Countly - Cross-Site Scripting
    MySQL Edit Table 1.0 - 'id' SQL Injection
    School ERP Ultimate 2018 - Arbitrary File Download
    Oracle Siebel CRM 8.1.1 - CSV Injection
    The Open ISES Project 3.30A - 'tick_lat' SQL Injection
    School ERP Ultimate 2018 - 'fid' SQL Injection
    eNdonesia Portal 8.7 - 'artid' SQL Injection
    The Open ISES Project 3.30A - Arbitrary File Download
    Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
Commits on Oct 20, 2018
  1. DB: 2018-10-20

    Offensive Security
    Offensive Security committed Oct 20, 2018
    1 changes to exploits/shellcodes
    
    libSSH - Authentication Bypass
    
    PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin)
    PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)