EXPLOIT_android

DescriptionAuthorDate
Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download Google Security Research2017/11/28

EXPLOIT_cgi

DescriptionAuthorDate
ITGuard-Manager 0.0.0.1 - Remote Code Execution Nassim Asrir2017/12/15
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read Jakub Palaczynski2017/12/13
LaCie 5big Network 2.2.8 - Command Injection Timo Sablowski2017/12/07
Synology StorageManager 5.2 - Root Remote Command Execution ecuriTea2017/11/28

Denial Of Service

DescriptionAuthorDate
Linux - 'mincore()' Uninitialized Kernel Heap Page Disclosure Google Security Research2017/11/24
WebKit - 'WebCore::TreeScope::documentScope' Use-After-Free Google Security Research2017/11/22
WebKit - 'WebCore::InputType::element' Use-After-Free Google Security Research2017/11/22
WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free Google Security Research2017/11/22
WebKit - 'WebCore::AXObjectCache::performDeferredCacheUpdate' Use-After-Free Google Security Research2017/11/22
WebKit - 'WebCore::RenderText::localCaretRect' Out-of-Bounds Read Google Security Research2017/11/22
WebKit - 'WebCore::SimpleLineLayout::RunResolver::runForPoint' Out-of-Bounds Read Google Security Research2017/11/22
WebKit - 'WebCore::SVGPatternElement::collectPatternAttributes' Out-of-Bounds Read Google Security Research2017/11/22
WebKit - 'WebCore::Style::TreeResolver::styleForElement' Use-After-Free Google Security Research2017/11/22
WebKit - 'WebCore::DocumentLoader::frameLoader' Use-After-Free Google Security Research2017/11/22
WebKit - 'WebCore::RenderObject::previousSibling' Use-After-Free Google Security Research2017/11/22
WebKit - 'WebCore::FormSubmission::create' Use-After-Free Google Security Research2017/11/22
Vonage VDV-23 - Denial of Service u11By72017/11/21
Microsoft Windows 10 - 'nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry)' Pool Memory Disclosure Google Security Research2017/11/21
iOS < 11.1 / tvOS < 11.1 / watchOS < 4.1 - Denial of Service Russian Otter2017/11/20
Microsoft Edge - 'Object.setPrototypeOf' Memory Corruption Google Security Research2017/11/16
Microsoft Edge Chakra JIT - Type Confusion with switch Statements Google Security Research2017/11/16
Microsoft Edge Chakra: JIT - 'Lowerer::LowerBoundCheck' Incorrect Integer Overflow Check Google Security Research2017/11/16
Microsoft Edge Chakra: JIT - 'OP_Memset' Type Confusion Google Security Research2017/11/16
PSFTPd Windows FTP Server 10.0.4 Build 729 - Log Injection / Use-After-Free X41 D-Sec GmbH2017/11/14
D-Link DIR605L - Denial of Service Enrique Castillo2017/11/14
Microsoft Internet Explorer 11 - 'jscript!JsErrorToString' Use-After-Free Google Security Research2017/11/09
PHP 7.1.8 - Heap-Based Buffer Overflow Wei Lei and Liu Yang2017/11/09
Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC) zy2017/11/07
Avaya OfficeScan (IPO) < 10.1 - ActiveX Buffer Overflow yp3rlin2017/11/05
SMPlayer 17.11.0 - '.m3u' Buffer Overflow (PoC) zy2017/11/05
GraphicsMagick - Memory Disclosure / Heap Overflow ecuriTea2017/11/03
Ipswitch WS_FTP Professional < 12.6.0.3 - Local Buffer Overflow (SEH) Kevin McGuigan2017/11/03
Debut Embedded httpd 1.20 - Denial of Service 002017/11/02
WhatsApp 2.17.52 - Memory Corruption Juan Sacco2017/11/01
Tizen Studio 1.3 Smart Development Bridge <2.3.2 - Buffer Overflow (PoC) Marcin Kopec2017/10/27
Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference Parvez Anwar2017/10/26
ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service Berk Cem Göksel2017/10/21
Mozilla Firefox < 55 - Denial of Service Amit Sangra2017/10/20
Xen - Unbounded Recursion in Pagetable De-typing Google Security Research2017/10/18
Linux Kernel - 'AF_PACKET' Use-After-Free ecuriTea2017/10/17
Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass Google Security Research2017/10/17
Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns Google Security Research2017/10/17
Microsoft Edge Chakra - Accesses to Uninitialized Pointers in 'StackScriptFunction::BoxState::Box' Google Security Research2017/10/17
Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags Google Security Research2017/10/17
Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure Google Security Research2017/10/17
binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow Agostino Sarubbo2017/10/10
PyroBatchFTP 3.17 - Buffer Overflow (SEH) Kevin McGuigan2017/10/07
WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2) Google Security Research2017/10/04
Linux Kernel < 4.14.rc3 - Local Denial of Service Wang Chenyu2017/10/02
Dnsmasq < 2.78 - 2-byte Heap-Based Overflow Google Security Research2017/10/02
Dnsmasq < 2.78 - Heap-Based Overflow Google Security Research2017/10/02
Dnsmasq < 2.78 - Stack-Based Overflow Google Security Research2017/10/02
Dnsmasq < 2.78 - Information Leak Google Security Research2017/10/02
Dnsmasq < 2.78 - Lack of free() Denial of Service Google Security Research2017/10/02
Dnsmasq < 2.78 - Integer Underflow Google Security Research2017/10/02
Microsoft Excel - OLE Arbitrary Code Execution Eduardo Braun Prado2017/09/30
Trend Micro OfficeScan 11.0/XG (12.0) - Memory Corruption yp3rlin2017/09/29
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow (PoC) Touhid M.Shaikh2017/09/28
Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution Eduardo Braun Prado2017/09/28
Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing Google Security Research2017/09/25
Adobe Flash - Out-of-Bounds Write in MP4 Edge Processing Google Security Research2017/09/25
Adobe Flash - Out-of-Bounds Read in applyToRange Google Security Research2017/09/25
Linux Kernel <= 4.13.1 - BlueTooth Buffer Overflow (PoC) Marcin Kozlowski2017/09/21
Microsoft Edge - Chakra Incorrectly Parses Object Patterns Google Security Research2017/09/21
Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes Google Security Research2017/09/21
Microsoft Edge Chakra - 'Parser::ParseCatch' does not Handle 'eval' Google Security Research2017/09/21
Microsoft Edge Chakra - 'JavascriptFunction::ReparseAsmJsModule' Incorrectly Re-parses Google Security Research2017/09/21
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading Google Security Research2017/09/19
Microsoft Edge 38.14393.1066.0 - 'COptionsCollectionCacheItem::GetAt' Out-of-Bounds Read Google Security Research2017/09/19
Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure Google Security Research2017/09/18
Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure Google Security Research2017/09/18
Microsoft Windows Kernel - 'nt!NtSetIoCompletion / nt!NtRemoveIoCompletion' Pool Memory Disclosure Google Security Research2017/09/18
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Google Security Research2017/09/18
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed _glyf_ Table (win32k!fsc_CalcGrayRow) Google Security Research2017/09/18
Microsoft Windows Kernel - 'win32k!NtGdiGetFontResourceInfoInternalW' Stack Memory Disclosure Google Security Research2017/09/18
Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure Google Security Research2017/09/18
Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure Google Security Research2017/09/18
Microsoft Windows Kernel - 'win32k!NtQueryCompositionSurfaceBinding' Stack Memory Disclosure Google Security Research2017/09/18
WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization Google Security Research2017/09/12
tcprewrite - Heap-Based Buffer Overflow arazPajoha2017/09/11
IBM Notes 8.5.x/9.0.x - Denial of Service Dhiraj Mishra2017/09/02
OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow Ke Liu2017/09/01
IBM Notes 8.5.x/9.0.x - Denial of Service (2) Dhiraj Mishra2017/08/31
IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit) Dhiraj Mishra2017/08/31
libgig 4.0.0 - LinuxSampler Multiple Vulnerabilities flb.w2017/08/23
NoviFlow NoviWare <= NW400.2.6 - Multiple Vulnerabilities François Goichon2017/08/18
DSScan 1.0 - Local Buffer Overflow (PoC) Anurag Srivastava2017/08/18
MessengerScan 1.05 - Local Buffer Overflow (PoC) Anurag Srivastava2017/08/18
Microsoft Edge Chakra - 'PreVisitCatch' Missing Call Google Security Research2017/08/17
Microsoft Edge Chakra - 'chakra!Js::GlobalObject' Integer overflow Huang Anwen2017/08/17
Microsoft Edge Chakra - Buffer Overflow Huang Anwen2017/08/17
Microsoft Edge Chakra - NULL Pointer Dereference Huang Anwen2017/08/17
Microsoft Edge Chakra - Heap Buffer Overflow Huang Anwen2017/08/17
Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrectly Re-parses Google Security Research2017/08/17
Microsoft Edge Chakra - Incorrect Usage of 'PushPopFrameHelper' in 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Google Security Research2017/08/17
Microsoft Edge Chakra - Incorrect Usage of 'TryUndeleteProperty' Google Security Research2017/08/17
Microsoft Edge Chakra - 'EmitAssignment' uses the 'this' Register Without Initializing Google Security Research2017/08/17
Microsoft Edge Chakra - Incorrect JIT Optimization with TypedArray Setter #2 Google Security Research2017/08/17
Microsoft Edge Chakra - 'JavascriptArray::ConcatArgs' Type Confusion Google Security Research2017/08/17
Microsoft Edge Chakra - 'JavascriptFunction::EntryCall' Fails to Handle 'CallInfo' Properly Google Security Research2017/08/17
Microsoft Edge Chakra - Uninitialized Arguments Google Security Research2017/08/17
Microsoft Edge Chakra - Uninitialized Arguments (2) Google Security Research2017/08/17
Microsoft Edge Chakra - 'EmitNew' Integer Overflow Google Security Research2017/08/17
Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter #3 Google Security Research2017/08/17

EXPLOIT_hardware

DescriptionAuthorDate
Palo Alto Networks Firewalls - Remote root Code Execution Philip Pettersson2017/12/14
MikroTik 6.40.5 ICMP - Denial of Service arazPajoha2017/12/11
MikroTik RouterBoard 6.39.2 / 6.40.5 DNS - Denial of Service arazPajoha2017/11/30
ZTE ZXDSL 831CII - Improper Access Restrictions Ibad Shah2017/11/27

EXPLOIT_linux

DescriptionAuthorDate
glibc ld.so - Memory Leak / Buffer Overflow Qualys Corporation2017/12/13
LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow Jungun Baek2017/12/11
Linux Kernel - DCCP Socket Use-After-Free Mohamed Ghannam2017/12/07
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page indec2017/11/30
QEMU - NBD Server Long Export Name Stack Buffer Overflow Eric Blake2017/11/29

Local Dos / Privilege Escalation

DescriptionAuthorDate
ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode) icknes2017/11/25
Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass Google Security Research2017/11/20
VX Search 10.2.14 - 'Proxy' Local Buffer Overflow (SEH) etw0r2017/11/16
IKARUS anti.virus 2.16.7 - 'ntguard_x64' Privilege Escalation Parvez Anwar2017/11/13
Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass yp3rlin2017/11/10
Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP Privilege Escalation all2017/11/06
Vir.IT eXplorer Anti-Virus - Privilege Escalation Parvez Anwar2017/11/01
HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow baye2017/10/26
PHPMailer < 5.2.21 - Local File Disclosure Maciek Krupa2017/10/25
Mikogo 5.4.1.160608 - Local Credentials Disclosure iquidWor2017/10/23
Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation @XeR_0x2A and @chaign_c2017/10/22
Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection yp3rlin2017/10/19
shadowsocks-libev 3.1.0 - Command Execution X41 D-Sec GmbH2017/10/17
Shadowsocks - Log File Command Execution X41 D-Sec GmbH2017/10/17
ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow Parichay Rai2017/10/11
ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass) Nitesh Shilpkar2017/10/08
Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow ibera2017/10/06
Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Buffer Overflow (SEH) Venkat Rajgor2017/10/05
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow 4t0ps12017/10/03
UCOPIA Wireless Appliance < 5.1.8 - Privilege Escalation ysdrea2017/10/02
UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape ysdrea2017/10/02
Microsoft Word 2007 (x86) - Information Disclosure Eduardo Braun Prado2017/09/30
Dup Scout Enterprise 10.0.18 - 'Import Command' Buffer Overflow Touhid M.Shaikh2017/09/29
Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass yp3rlin2017/09/28
DiskBoss Enterprise 8.4.16 - 'Import Command' Buffer Overflow Touhid M.Shaikh2017/09/28
CyberLink LabelPrint < 2.5 - Buffer Overflow (SEH Unicode) 3c2017/09/23
Netdecision 5.8.2 - Local Privilege Escalation Peter Baris2017/09/16
Jungo DriverWizard WinDriver <= 12.4.0 - Kernel Pool Overflow r_m2017/09/12
Jungo DriverWizard WinDriver - Kernel Pool Overflow r_m2017/09/06
Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation r_m2017/09/06
Tor - Linux Sandbox Breakout via X11 Google Security Research2017/09/06
RubyGems < 2.6.13 - Arbitrary File Overwrite am2017/09/04
Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow Touhid M.Shaikh2017/09/04
Lotus Notes Diagnostic Tool 8.5/9.0 - Privilege Escalation aragonSe2017/09/02
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass Roee Hay2017/09/01
Easy WMV/ASF/ASX to DVD Burner 2.3.11 - Buffer Overflow (SEH) Touhid M.Shaikh2017/08/28
Easy RM RMVB to DVD Burner 1.8.11 - Buffer Overflow (SEH) Touhid M.Shaikh2017/08/28
Easy Vedio to PSP Converter 1.6.20 - Buffer Overflow (SEH) Kishan Sharma2017/08/28
Apple iOS <= 10.3.1 - Kernel Exploit Zimperium zLabs Team2017/08/26
Easy DVD Creator 2.5.11 - Buffer Overflow (SEH) r0ubl3m4k32017/08/26
Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Buffer Overflow (SEH) Anurag Srivastava2017/08/24
Easy AVI DivX Converter 1.2.24 - Buffer Overflow (SEH) Anurag Srivastava2017/08/24
My Video Converter 1.5.24 - Buffer Overflow (SEH) Anurag Srivastava2017/08/24
MP3 WAV to CD Burner 1.4.24 - Buffer Overflow (SEH) Anurag Srivastava2017/08/24
Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Anurag Srivastava2017/08/22
Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow Anurag Srivastava2017/08/22
VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow Anurag Srivastava2017/08/22
Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit) etasploi2017/08/22
Automated Logic WebCTRL 6.5 - Local Privilege Escalation iquidWor2017/08/22
PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution Daniele Votta2017/08/21
Easy DVD Creater 2.5.11 - Buffer Overflow (SEH) Anurag Srivastava2017/08/19
ALLPlayer 7.4 - Buffer Overflow (SEH Unicode) 3c2017/08/15
Internet Download Manager 6.28 Build 17 - Buffer Overflow (SEH Unicode) 3c2017/08/15
Xamarin Studio for Mac 6.2.1 (build 3)/6.3 (build 863) - Privilege Escalation ecurif2017/08/14
NoMachine 5.3.9 - Privilege Escalation Daniele Linguaglossa2017/08/09
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2) ensePos2017/08/08
Microsoft Windows - LNK Shortcut File Code Execution ixaw2017/08/06
DNSTracer 1.9 - Buffer Overflow 0lam2017/08/03
VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation Google Security Research2017/08/03
VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation Google Security Research2017/08/03
Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit) etasploi2017/08/02
iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation Google Security Research2017/08/01
Microsoft Windows - LNK Shortcut File Code Execution (Metasploit) Yorick Koster2017/07/26
MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH) uhann42017/07/26
AudioCoder 0.8.46 - Local Buffer Overflow (SEH) uhann42017/07/26
MAWK 1.3.3-17 - Local Buffer Overflow Juan Sacco2017/07/24
Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit) etasploi2017/07/24
Docker Daemon - Unprotected TCP Socket Martin Pizala2017/07/20
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) ai2017/07/19
Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation Mark Wadham2017/07/18
Apple Mac OS X + Safari - Local Javascript Quarantine Bypass Filippo Cavallarin2017/07/15
CyberArk Viewfinity 5.5.10.95 - Privilege Escalation eod2017/07/13
NfSen < 1.3.7 / AlienVault OSSIM < 5.3.6 - Privilege Escalation Paul Taylor2017/07/10
Pelco VideoXpert 1.12.105 - Privilege Escalation iquidWor2017/07/10
Counter Strike: Condition Zero - '.BSP' Map File Code Execution Grant Hernandez2017/07/07
Flat Assembler 1.7.21 - Buffer Overflow Juan Sacco2017/06/28
Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH) hak2017/06/28
Oracle Solaris 11.1 / 11.3 RSH - Local Root Stack Clash Exploit Qualys Corporation2017/06/28
OpenBSD - 'at' Local Root Stack Clash Exploit Qualys Corporation2017/06/28
Linux - 'offset2lib' Stack Clash Exploit Qualys Corporation2017/06/28
Linux - 'ldso_hwcap' Local Root Stack Clash Exploit Qualys Corporation2017/06/28
Linux - 'ldso_hwcap_64' Local Root Stack Clash Exploit Qualys Corporation2017/06/28
Linux - 'ldso_dynamic' Local Root Stack Clash Exploit Qualys Corporation2017/06/28
JAD Java Decompiler 1.5.8e - Buffer Overflow Juan Sacco2017/06/26
VX Search Enterprise 9.7.18 - Local Buffer Overflow crR1pTK1dd12017/06/15
Sudo - 'get_process_ttyname()' Privilege Escalation Qualys Corporation2017/06/14
Easy MOV Converter 1.4.24 - 'Enter User Name' Buffer Overflow (SEH) batchy12017/06/13
Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow batchy12017/06/12
DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow batchy12017/06/11
Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow batchy12017/06/11
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow batchy12017/06/10
Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition Google Security Research2017/06/09
Apple macOS - Disk Arbitration Daemon Race Condition hoenhe2017/06/09
Net Monitor for Employees Pro < 5.3.4 - Unquoted Service Path Privilege Escalation Saeid Atabaki2017/06/08
Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit) etasploi2017/06/08
Parallels Desktop - Virtual Machine Escape Mohammad Reza Espargham2017/06/05
Subsonic 6.1.1 - XML External Entity Injection yp3rlin2017/06/05
BIND 9.10.5 - Unquoted Service Path Privilege Escalation yp3rlin2017/06/05
TiEmu 2.08 - Local Buffer Overflow Juan Sacco2017/05/30
JAD java Decompiler 1.5.8e - Local Buffer Overflow Juan Sacco2017/05/26

EXPLOIT_macos

DescriptionAuthorDate
macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig Google Security Research2017/12/12
macOS - 'necp_get_socket_attributes' so_pcb Type Confusion Google Security Research2017/12/11
macOS - 'getrusage' Stack Leak Through struct Padding Google Security Research2017/12/11
macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures Google Security Research2017/12/11
Arq 5.9.7 - Local Privilege Escalation Mark Wadham2017/12/06
Murus 1.4.11 - Local Privilege Escalation Mark Wadham2017/12/06
Arq 5.9.6 - Local Privilege Escalation Mark Wadham2017/12/06
Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation Mark Wadham2017/12/06
Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation Mark Wadham2017/12/06
Sera 1.2 - Local Privilege Escalation / Password Disclosure Mark Wadham2017/12/06
Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation Mark Wadham2017/12/06
Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation Mark Wadham2017/12/06
Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation Mark Wadham2017/12/06
Proxifier for Mac 2.19 - Local Privilege Escalation Mark Wadham2017/12/06
Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation Mark Wadham2017/12/06
macOS High Sierra - Root Privilege Escalation (Metasploit) etasploi2017/11/30
Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation emiorha2017/11/28

EXPLOIT_multiple

DescriptionAuthorDate
Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms Google Security Research2017/12/12
macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient Google Security Research2017/12/12
macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling Google Security Research2017/12/12
iOS/macOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules Google Security Research2017/12/11
Wireshark 2.4.0 - 2.4.2 / 2.2.0 - 2.2.10 - CIP Safety Dissector Crash ireshar2017/12/07
MistServer 2.12 - Cross-Site Scripting yp3rlin2017/12/01
Exim 4.89 - 'BDAT' Denial of Service e2017/11/27
CommuniGatePro 6.1.16 - Cross-Site Scripting Boumediene KADDOUR2017/11/15

EXPLOIT_php

DescriptionAuthorDate
Movie Guide 2.0 - SQL Injection Ihsan Sencan2017/12/15
Readymade Video Sharing Script 3.2 - HTML Injection Ihsan Sencan2017/12/14
Paid To Read Script 2.0.5 - 'uid' / 'fnum' / 'fn' SQL Injection Ihsan Sencan2017/12/14
FS Lynda Clone 1.0 - SQL Injection Ihsan Sencan2017/12/14
Bus Booking Script 1.0 - 'txtname' SQL Injection Ihsan Sencan2017/12/14
Piwigo 2.9.1 - 'cat_true' / 'cat_false' SQL Injection kity2017/12/14
pfSense 2.4.1 - CSRF Error Page Clickjacking (Metasploit) etasploi2017/12/14
Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection Ihsan Sencan2017/12/13
Joomla! Component JEXTN Video Gallery 3.0.5 - 'id' SQL Injection Ihsan Sencan2017/12/13
Joomla! Component JBuildozer 1.4.1 - 'appid' SQL Injection Ihsan Sencan2017/12/12
Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload Colette Chamberland2017/12/12
Facebook Clone Script 1.0 - 'id' / 'send' SQL Injection Ihsan Sencan2017/12/11
Food Order Script 1.0 - 'list?city' SQL Injection Ihsan Sencan2017/12/11
Yoga Class Script 1.0 - 'list?city' SQL Injection Ihsan Sencan2017/12/11
Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection Ihsan Sencan2017/12/11
Hot Scripts Clone 3.1 - 'subctid' / 'mctid' SQL Injection Ihsan Sencan2017/12/11
Foodspotting Clone Script 1.0 - 'quicksearch.php?q' SQL Injection Ihsan Sencan2017/12/11
Kickstarter Clone Acript 2.0 - 'projid' SQL Injection Ihsan Sencan2017/12/11
Secure E-commerce Script 2.0.1 - 'searchcat' / 'searchmain' SQL Injection Ihsan Sencan2017/12/11
Laundry Booking Script 1.0 - 'list?city' SQL Injection Ihsan Sencan2017/12/11
Lawyer Search Script 1.1 - 'lawyer-list?city' SQL Injection Ihsan Sencan2017/12/11
Multivendor Penny Auction Clone Script 1.0 - SQL Injection Ihsan Sencan2017/12/11
Online Exam Test Application Script 1.6 - 'exams.php?sort' SQL Injection Ihsan Sencan2017/12/11
Opensource Classified Ads Script 3.2 - SQL Injection Ihsan Sencan2017/12/11
PHP Multivendor Ecommerce 1.0 - 'sid' / 'searchcat' / 'chid1' SQL Injection Ihsan Sencan2017/12/11
Professional Service Script 1.0 - 'service-list?city' SQL Injection Ihsan Sencan2017/12/11
Readymade PHP Classified Script 3.3 - 'subctid' / 'mctid' SQL Injection Ihsan Sencan2017/12/11
Readymade Video Sharing Script 3.2 - SQL Injection Ihsan Sencan2017/12/11
Responsive Realestate Script 3.2 - 'property-list?tbud' SQL Injection Ihsan Sencan2017/12/11
Multireligion Responsive Matrimonial 4.7.2 - 'succid' SQL Injection Ihsan Sencan2017/12/11
Responsive Events & Movie Ticket Booking Script 3.2.1 - 'findcity.php?q' SQL Injection Ihsan Sencan2017/12/11
Multiplex Movie Theater Booking Script 3.1.5 - 'moid' / 'eid' SQL Injection Ihsan Sencan2017/12/11
Single Theater Booking Script 3.2.1 - 'findcity.php?q' SQL Injection Ihsan Sencan2017/12/11
Advanced Real Estate Script 4.0.7 - SQL Injection Ihsan Sencan2017/12/11
Entrepreneur Bus Booking Script 3.0.4 - 'sourcebus' SQL Injection Ihsan Sencan2017/12/11
MLM Forex Market Plan Script 2.0.4 - 'newid' / 'eventid' SQL Injection Ihsan Sencan2017/12/11
MLM Forced Matrix 2.0.9 - 'newid' SQL Injection Ihsan Sencan2017/12/11
Car Rental Script 2.0.4 - 'val' SQL Injection Ihsan Sencan2017/12/11
Groupon Clone Script 3.01 - 'state_id' / 'search' SQL Injection Ihsan Sencan2017/12/11
Muslim Matrimonial Script 3.02 - 'succid' SQL Injection Ihsan Sencan2017/12/11
Advanced World Database 2.0.5 - SQL Injection Ihsan Sencan2017/12/11
Resume Clone Script 2.0.5 - SQL Injection Ihsan Sencan2017/12/11
Basic Job Site Script 2.0.5 - SQL Injection Ihsan Sencan2017/12/11
Vanguard 1.4 - Arbitrary File Upload Ihsan Sencan2017/12/11
Vanguard 1.4 - SQL Injection Ihsan Sencan2017/12/11
Advance Online Learning Management Script 3.1 - 'subcatid' / 'popcourseid' SQL Injection Ihsan Sencan2017/12/09
Affiliate MLM Script 1.0 - 'product-category.php?key' SQL Injection Ihsan Sencan2017/12/09
Basic B2B Script 2.0.8 - 'product_details.php?id' SQL Injection Ihsan Sencan2017/12/09
Beauty Parlour Booking Script 1.0 - 'gender' / 'city' SQL Injection Ihsan Sencan2017/12/09
FS Linkedin Clone 1.0 - 'grid' / 'fid' / 'id' SQL Injection Ihsan Sencan2017/12/09
FS Indiamart Clone 1.0 - 'token' / 'id' / 'c' SQL Injection Ihsan Sencan2017/12/09
FS IMDB Clone 1.0 - 'f' / 's' / 'id' SQL Injection Ihsan Sencan2017/12/09
FS Grubhub Clone 1.0 - 'keywords' SQL Injection Ihsan Sencan2017/12/09
FS Groupon Clone 1.0 - 'id' SQL Injection Ihsan Sencan2017/12/09
FS Gigs Script 1.0 - 'cat' / 'sc' SQL Injection Ihsan Sencan2017/12/09
FS Freelancer Clone 1.0 - 'profile.php?u' SQL Injection Ihsan Sencan2017/12/09
FS Ebay Clone 1.0 - 'id' / 'sub_category_id' / 'category_id' SQL Injection Ihsan Sencan2017/12/09
FS Crowdfunding Script 1.0 - 'latest_news_details.php?id' SQL Injection Ihsan Sencan2017/12/09
FS Care Clone 1.0 - 'jobFrequency' / 'jobType' SQL Injection Ihsan Sencan2017/12/09
FS Amazon Clone 1.0 - SQL Injection Ihsan Sencan2017/12/09
FS Trademe Clone 1.0 - 'search' / 'id' SQL Injection Ihsan Sencan2017/12/09
FS Expedia Clone 1.0 - 'fl_orig' / 'fl_dest' / 'id' SQL Injection Ihsan Sencan2017/12/09
FS Foodpanda Clone 1.0 - SQL Injection Ihsan Sencan2017/12/09
Advance B2B Script 2.1.3 - 'show_id' / 'pid' SQL Injection Ihsan Sencan2017/12/09
Nearbuy Clone Script 3.2 - 'search' SQL Injection Ihsan Sencan2017/12/08
Cab Booking Script 1.0 - 'city' SQL Injection Ihsan Sencan2017/12/08
Chartered Accountant Booking Script 1.0 - 'city' SQL Injection Ihsan Sencan2017/12/08
Child Care Script 1.0 - 'city' SQL Injection Ihsan Sencan2017/12/08
CMS Auditor Website 1.0 - SQL Injection Ihsan Sencan2017/12/08
Co-work Space Search Script 1.0 - 'city' SQL Injection Ihsan Sencan2017/12/08
Consumer Complaints Clone Script 1.0 - 'id' SQL Injection Ihsan Sencan2017/12/08
Entrepreneur Job Portal Script 2.0.6 - 'jobsearch_all.php?rid1' SQL Injection Ihsan Sencan2017/12/08
Doctor Search Script 1.0 - 'city' SQL Injection Ihsan Sencan2017/12/08
E-commerce MLM Software 1.0 - SQL Injection Ihsan Sencan2017/12/08
Entrepreneur Dating Script 2.0.1 - 'marital' / 'gender' / 'country' / 'profileid' SQL Injection Ihsan Sencan2017/12/08
Event Calendar Category Script 1.0 - 'city' SQL Injection Ihsan Sencan2017/12/08
DomainSale PHP Script 1.0 - 'id' SQL Injection Ihsan Sencan2017/12/08
Simple Chatting System 1.0.0 - Arbitrary File Upload Ihsan Sencan2017/12/08
Website Auction Marketplace 2.0.5 - 'cat_id' SQL Injection Ihsan Sencan2017/12/08
Realestate Crowdfunding Script 2.7.2 - 'pid' SQL Injection Ihsan Sencan2017/12/08
FS Thumbtack Clone 1.0 - 'cat' / 'sc' SQL Injection Ihsan Sencan2017/12/08
FS Stackoverflow Clone 1.0 - 'keywords' SQL Injection Ihsan Sencan2017/12/08
FS Shutterstock Clone 1.0 - 'keywords' SQL Injection Ihsan Sencan2017/12/08
FS Quibids Clone 1.0 - SQL Injection Ihsan Sencan2017/12/08
FS Olx Clone 1.0 - 'scat' / 'pid' SQL Injection Ihsan Sencan2017/12/08
FS Monster Clone 1.0 - 'Employer_Details.php?id' SQL Injection Ihsan Sencan2017/12/08
FS Makemytrip Clone 1.0 - 'fl_orig' / 'fl_dest' SQL Injection Ihsan Sencan2017/12/08
FS IMDB Clone - 'id' SQL Injection an2017/12/07
FS Facebook Clone - 'token' SQL Injection an2017/12/07
OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting SEC Consult2017/12/07
FS Makemytrip Clone - 'id' SQL Injection an2017/12/06
WinduCMS 3.1 - Local File Disclosure Maciek Krupa2017/12/06
FS Shaadi Clone - 'token' SQL Injection an2017/12/06
Techno Portfolio Management Panel - 'id' SQL Injection Ihsan Sencan2017/12/05
Readymade Classifieds Script 1.0 - SQL Injection Ihsan Sencan2017/12/05
Artica Web Proxy 3.06 - Remote Code Execution yp3rlin2017/12/01
Jobs2Careers / Coroflot Clone - SQL Injection bitse2017/11/30
WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal u2x2002017/11/28
osCommerce 2.3.4.1 - Arbitrary File Upload Simon Scannell2017/11/11

Remote Exploits

DescriptionAuthorDate
Microsoft Office - OLE Remote Code Execution mbed2017/11/20
D-Link DIR-850L - Unauthenticated OS Command Execution (Metasploit) etasploi2017/11/14
Dup Scout Enterprise 10.0.18 - 'Login' Buffer Overflow icknes2017/11/14
Ulterius Server < 1.9.5.0 - Directory Traversal Rick Osgood2017/11/13
Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit) etasploi2017/11/09
Avaya OfficeScan (IPO) < 10.1 - 'SoftConsole' Buffer Overflow (SEH) yp3rlin2017/11/05
Actiontec C1000A Modem - Backdoor Account Joseph McDonagh2017/11/04
tnftp - 'savefile' Arbitrary Command Execution (Metasploit) etasploi2017/11/03
ZyXEL PK5001Z Modem - Backdoor Account Matthew Sheimo2017/10/31
MitraStar DSL-100HN-T1/GPT-2541GNAC - Privilege Escalation 0lam2017/10/28
Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Unauthenticated Remote Code Execution (Metasploit) etasploi2017/10/25
Unitrends UEB 9 - http api/storage Remote Root (Metasploit) etasploi2017/10/23
Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit) etasploi2017/10/23
Polycom - Command Shell Authorization Bypass (Metasploit) etasploi2017/10/23
Ayukov NFTP FTP Client < 2.0 - Buffer Overflow Berk Cem Göksel2017/10/21
Sync Breeze Enterprise 10.1.16 - 'POST' Remote Buffer Overflow schen2017/10/20
Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit) etasploi2017/10/17
Microsoft Internet Explorer 11 (Windows 7 x86) - 'mshtml.dll' Remote Code Execution (MS17-007) schen2017/10/17
Apple iOS 10.2 (14C92) - Remote Code Execution Google Security Research2017/10/17
Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit) etw0r2017/10/13
Rancher Server - Docker Daemon Code Execution (Metasploit) etasploi2017/10/09
OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit) etasploi2017/10/09
VX Search Enterprise 10.1.12 - Buffer Overflow Revnic Vasile2017/10/09
Qmail SMTP - Bash Environment Variable Injection (Metasploit) etasploi2017/10/02
UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Unauthenticated Root Remote Code Execution gi2017/10/02
Sync Breeze Enterprise 10.0.28 - Buffer Overflow Owais Mehtab2017/09/30
Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution yp3rlin2017/09/28
Oracle WebLogic Server 10.3.6.0 - Java Deserialization lidingWindo2017/09/27
LAquis SCADA 4.1.0.2385 - Directory Traversal (Metasploit) James Fitts2017/09/27
Cisco Prime Collaboration Provisioning < 12.1 - Authentication Bypass / Remote Code Execution Adam Brown2017/09/27
Tiny HTTPd 0.1.0 - Directory Traversal Touhid M.Shaikh2017/09/26
NodeJS Debugger - Command Injection (Metasploit) etasploi2017/09/26
Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH) icknes2017/09/25
Supervisor 3.0a1 - 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit) etasploi2017/09/25
Oracle 9i XDB 9.2.0.1 - HTTP PASS Buffer Overflow Charles Dardaman2017/09/25
Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response Google Security Research2017/09/25
FLIR Thermal Camera F/FC/PT/D - SSH Backdoor iquidWor2017/09/25
Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit) etasploi2017/09/21
ERS Data System 1.8.1 - Java Deserialization West Shepherd2017/09/21
HPE < 7.2 - Java Deserialization Raphael Kuhn2017/09/19
EMC AlphaStor Library Manager < 4.0 build 910 - Opcode 0x4f Buffer Overflow (Metasploit) James Fitts2017/09/14
EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit) James Fitts2017/09/14
Lockstep Backup for Workgroups 4.0.3 - Buffer Overflow (Metasploit) James Fitts2017/09/14
haneWIN DNS Server 1.5.3 - Buffer Overflow (Metasploit) James Fitts2017/09/14
KingScada AlarmServer 3.1.2.13 - Stack Buffer Overflow (Metasploit) James Fitts2017/09/14
Cloudview NMS 2.00b - Writable Directory Traversal Execution (Metasploit) James Fitts2017/09/14
Mako Web Server 2.5 - Multiple Vulnerabilities yp3rlin2017/09/13
ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit) James Fitts2017/09/13
Trend Micro Control Manager - ImportFile Directory Traversal RCE (Metasploit) James Fitts2017/09/13
Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit) James Fitts2017/09/13
Sielco Sistemi Winlog 2.07.16 - Buffer Overflow (Metasploit) James Fitts2017/09/13
Motorola Netopia Netoctopus SDCS - Stack Buffer Overflow (Metasploit) James Fitts2017/09/13
Infinite Automation Mango Automation - Command Injection (Metasploit) James Fitts2017/09/13
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit) James Fitts2017/09/13
EMC CMCNE Inmservlets.war FileUploadController 11.2.1 - Remote Code Execution (Metasploit) James Fitts2017/09/13
EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit) James Fitts2017/09/13
Dameware Mini Remote Control 4.0 - Username Stack Buffer Overflow (Metasploit) James Fitts2017/09/13
Cloudview NMS < 2.00b - Arbitrary File Upload (Metasploit) James Fitts2017/09/13
Alienvault OSSIM av-centerd Util.pm sync_rserver - Command Execution (Metasploit) James Fitts2017/09/13
Alienvault OSSIM av-centerd 4.7.0 - 'get_log_line' Command Injection (Metasploit) James Fitts2017/09/13
Microsoft Windows .NET Framework - Remote Code Execution oulne2017/09/13
Astaro Security Gateway 7 - Remote Code Execution Jakub Palaczynski2017/09/13
Docker Daemon - Unprotected TCP Socket (Metasploit) etasploi2017/09/11
Gh0st Client - Buffer Overflow (Metasploit) etasploi2017/09/07
Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution arflo2017/09/06
Mongoose Web Server 6.5 - Cross-Site Request Forgery / Remote Code Execution yp3rlin2017/09/04
Git <= 2.7.5 - Command Injection (Metasploit) etasploi2017/08/31
QNAP Transcode Server - Command Execution (Metasploit) etasploi2017/08/29
Dup Scout Enterprise 9.9.14 - Buffer Overflow (SEH) Nipun Jaswal2017/08/25
Disk Savvy Enterprise 9.9.14 - Buffer Overflow (SEH) Nipun Jaswal2017/08/25
Sync Breeze Enterprise 9.9.16 - Buffer Overflow (SEH) Nipun Jaswal2017/08/25
Disk Pulse Enterprise 9.9.16 - Buffer Overflow (SEH) Nipun Jaswal2017/08/25
IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit) etasploi2017/08/22
Mozilla Firefox < 45.0 - 'nsHtml5TreeBuilder' Use-After-Free (EMET 5.52 Bypass) Hans Jerry Illikainen2017/08/18
Unitrends UEB 9.1 - 'Unitrends bpserverd' Remote Command Execution Jared Arave2017/08/08
Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution Jared Arave2017/08/08
Jenkins < 1.650 - Java Deserialization Janusz Piechówka2017/07/30
DiskBoss Enterprise 8.2.14 - Buffer Overflow Ahmad Mahfouz2017/07/30
Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007) Mohamed Hamdy2017/07/24
CenturyLink ZyXEL PK5001Z Router - Root Remote Code Execution xagas2017/07/24
IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit) etasploi2017/07/24
VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit) etasploi2017/07/24
SKILLS.com.au Industry App - MITM Remote Code Execution ntern02017/07/20
Virtual Postage (VPA) - MITM Remote Code Execution ntern02017/07/20
Belkin NetCam F7D7601 - Multiple Vulnerabilities adee2017/07/17
Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution h2017/07/14
FTPGetter 5.89.0.85 - Buffer Overflow (SEH) Paul Purcell2017/07/14
Skype for Business 2016 - Cross-Site Scripting yxgee2017/07/12
Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) leepy2017/07/11
NfSen <= 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection Paul Taylor2017/07/10
Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (DEP Bypass) Sungchul Park2017/07/08
Yaws 1.91 - Remote File Disclosure yp3rlin2017/07/07
GoAutoDial 3.3 - Authentication Bypass / Command Injection (Metasploit) etasploi2017/07/05
Lepide Auditor Suite - 'createdb()' Web Console Database Injection Remote Code Execution r_m2017/07/05
eVestigator Forensic PenTester - MITM Remote Code Execution ntern02017/06/30
BestSafe Browser - MITM Remote Code Execution ntern02017/06/30
Australian Education App - Remote Code Execution ntern02017/06/30
Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit) etasploi2017/06/29
ActiveMQ < 5.14.0 - web shell upload (Metasploit) etasploi2017/06/29
Easy File Sharing Web Server 7.2 - GET HTTP Request (PassWD) Buffer Overflow (SEH) lubj2017/06/27

Shell Codes

DescriptionAuthorDate
Windows x64 - API Hooking Shellcode (117 bytes) Roziul Hasan Khan Shifat2017/10/16
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) Manuel Mancera2017/10/12
Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes) Touhid M.Shaikh2017/09/25
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (192 bytes) Andrea Sindoni2017/09/10
Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes) Andrea Sindoni2017/09/10
Linux/x86 - Fork Bomb Shellcode (9 bytes) Touhid M.Shaikh2017/08/30
Linux/x86_64 - kill All Processes Shellcode (19 bytes) Touhid M.Shaikh2017/08/19
Linux/x86_64 - Fork Bomb Shellcode (11 bytes) Touhid M.Shaikh2017/08/19
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) Touhid M.Shaikh2017/08/17
Linux x86 - /bin/sh Shellcode (24 bytes) Touhid M.Shaikh2017/08/06
Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes) 4n3dw0l2017/07/19
Linux/x86 - Bind Shell Shellcode (75 bytes) etw0r2017/06/26
Linux/x86 - Reverse UDP Shellcode (668 bytes) DONTON Fetenat C2017/06/20
Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes) ullparasit2017/06/15
Linux/x86_64 - execve(_/bin/sh_) Shellcode (24 bytes) 4n3dw0l2017/06/15
Linux/x86-64 - /bin/sh Shellcode (31 bytes) Touhid M.Shaikh2017/06/05
Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes) Filippo Bersani2017/05/17
Linux/x86 - Disable ASLR Shellcode (80 bytes) batchy12017/05/08
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes) raka2017/05/08
Linux/x86 - Egg-hunter Shellcode (18 bytes) hackt_u2017/04/22
Linux/x86-64 - execve(_/bin/sh_) Shellcode (31 bytes) angYihan2017/04/13
Windows 10 x64 - Egghunter Shellcode (45 bytes) Peter Baris2017/04/06
Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes) angYihan2017/03/29
Linux/x86-64 - execve(_/bin/sh_) Shellcode (21 Bytes) angYihan2017/03/28
Linux/x86 - Reverse /bin/bash Shellcode (110 bytes) R0ch12017/03/24
Linux/x86 - File Reader Shellcode (54 Bytes) angYihan2017/03/19
Linux/x86 - Encoded exceve(_/bin/sh_) Shellcode (44 Bytes) angYihan2017/03/17
Linux/x86 - Bind Shell Shellcode (42 bytes) Oleg Boytsev2017/03/17
Windows x86 - Hide Console Window Shellcode (182 bytes) Ege Balci2017/03/11
Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes) Robert L. Taylor2017/03/04
Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes) Robert L. Taylor2017/03/04
Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes) Robert L. Taylor2017/03/03
Linux/x86-64 - Polymorphic Flush IPTables Shellcode (47 bytes) Robert L. Taylor2017/03/03
Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes) Snir Levi2017/03/01
Linux/x86-64 - Reverse Shell Shellcode (84 bytes) Manuel Mancera2017/02/28
Windows x86 - Executable Directory Search Shellcode (130 bytes) u0xhea2017/02/26
Linux/x86-64 - Random Listener Shellcode (54 bytes) Robert L. Taylor2017/02/26
Linux/x86-64 - Egghunter Shellcode (38 bytes) dzhancod2017/02/23
Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) u0xhea2017/02/20
Linux - TCP Reverse Shell Shellcode (65 bytes) Robert L. Taylor2017/02/19
Windows x86 - Protect Process Shellcode (229 bytes) Ege Balci2017/02/17
Linux - Dual/Multi mode Bind Shell Shellcode (156 bytes) dzhancod2017/02/16
Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode (103 bytes) Snir Levi2017/02/08
Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes) dzhancod2017/02/02
Linux - Multi/Dual mode execve(_/bin/sh__ NULL_ 0) Shellcode (37 bytes) dzhancod2017/01/29
Linux/x86-64 - execve /bin/sh Shellcode (22 bytes) Robert L. Taylor2017/01/26
Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes) Ajith Kp2017/01/19
Linux/x86-64 - mkdir Shellcode (25 bytes) Ajith Kp2017/01/18
Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Roziul Hasan Khan Shifat2017/01/15
Windows x64 - Password Protected Bind Shellcode (825 bytes) Roziul Hasan Khan Shifat2017/01/01
Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Filippo Bersani2016/12/16
Windows x64 - Bind Shell TCP Shellcode (508 bytes) Roziul Hasan Khan Shifat2016/12/08
Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes) Filippo Bersani2016/12/05
Linux/x86 - Egg-hunter Shellcode (31 bytes) Filippo Bersani2016/11/25
Windows x64 - Download & Execute Shellcode (358 bytes) Roziul Hasan Khan Shifat2016/11/23
Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes) Ashiyane Digital Security Team2016/11/22
Windows x64 - Reverse Shell TCP Shellcode (694 bytes) Roziul Hasan Khan Shifat2016/11/18
Windows x64 - WinExec() Shellcode (93 bytes) Roziul Hasan Khan Shifat2016/10/17
Windows x86 - Keylogger Reverse UDP Shellcode (493 bytes) ug2016/10/17
Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes) Sean Dillon2016/09/16
Windows x86 - Password Protected TCP Bind Shellcode (637 bytes) Roziul Hasan Khan Shifat2016/09/13
Windows 7 x86 - Bind Shell TCP 4444 Shellcode (357 Bytes) Roziul Hasan Khan Shifat2016/09/08
Windows x86 - Persistent Reverse Shell TCP (494 Bytes) Roziul Hasan Khan Shifat2016/09/05
Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Roziul Hasan Khan Shifat2016/08/18
Windows x86 - MessageBoxA Shellcode (242 bytes) Roziul Hasan Khan Shifat2016/08/16
Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Roziul Hasan Khan Shifat2016/08/16
Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes) hry2016/08/10
Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes) hry2016/08/10
Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes) Roziul Hasan Khan Shifat2016/07/29
Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes) yze2016/07/29
Linux/x86-64 - Subtle Probing Reverse Shell / Timer_ Burst / Password / Multi-Terminal Shellcode (84_ 122_ 172 bytes) yze2016/07/21
Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) ashi2016/07/20
Linux/x86 - execve /bin/sh Shellcode (19 bytes) ajit2016/07/20
Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83_ 148_ 177 bytes) yze2016/07/19
Windows x86 - URLDownloadToFileA() / SetFileAttributesA() / WinExec() / ExitProcess() Shellcode (394 bytes) Roziul Hasan Khan Shifat2016/07/13
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 Shellcode (68 bytes) T2016/07/13
Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password Shellcode (172 bytes) yze2016/07/11
Linux/x86 - TCP Reverse Shellcode (75 bytes) ajit2016/07/08
Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes) yze2016/07/06
Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes) yze2016/07/04
Linux/x86 - Bind Shell Port 4444/TCP Shellcode (98 bytes) ajit2016/07/04
Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes) Roziul Hasan Khan Shifat2016/06/28
Linux/x86 - /bin/sh Shellcode + ASLR Bruteforce Pawan Lal2016/06/27
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Roziul Hasan Khan Shifat2016/06/22
Windows XP < 10 - Download & Execute Shellcode 3mB42016/06/20
Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Roziul Hasan Khan Shifat2016/06/10
Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Roziul Hasan Khan Shifat2016/06/07
Linux/x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) ajit2016/06/07
Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) dzhancod2016/06/06
Linux/x86-64 - XOR Encode execve Shellcode (84 bytes) Roziul Hasan Khan Shifat2016/05/30
Linux/x86 - Bind Shell Port 4444/TCP Shellcode (656 bytes) Brandon Dennis2016/05/25
Linux/x86-64 - Information Stealer Shellcode (399 bytes) Roziul Hasan Khan Shifat2016/05/23
Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes) Sudhanshu Chauhan2016/05/20
Linux/x86 - Bindshell with Configurable Port Shellcode (87 bytes) ollyFrog2016/05/16
Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes) ug2016/05/10
Linux/x86-64 - Bind 1472/TCP Shellcode (IPv6) (199 bytes) Roziul Hasan Khan Shifat2016/05/04
Linux/x86-64 - Reverse TCP Shellcode (IPv6) (203 bytes) Roziul Hasan Khan Shifat2016/05/04
Win32 .Net Framework - Execute Native x86 Shellcode acky5112016/05/02
Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes) Roziul Hasan Khan Shifat2016/04/25
Linux/x86 - Bind TCP Port 1472 (IPv6) Shellcode (1250 bytes) Roziul Hasan Khan Shifat2016/04/25

EXPLOIT_unix

DescriptionAuthorDate
Polycom Shell HDX Series - Traceroute Command Execution (Metasploit) etasploi2017/12/07
pfSense - Authenticated Group Member Remote Command Execution (Metasploit) etasploi2017/11/29

Web Applications

DescriptionAuthorDate
Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting Keith Thome2017/11/17
TP-Link TL-WR740N - Cross-Site Scripting l00d2017/11/16
LanSweeper 6.0.100.75 - Cross-Site Scripting Miguel Mendez Z2017/11/16
Vonage VDV23 - Cross-Site Scripting u11By72017/11/16
Zeta Components Mail 1.8.1 - Remote Code Execution alwareBenchmar2017/11/16
Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload xFFFFF2017/11/13
Kirby CMS < 2.5.7 - Cross-Site Scripting Ishaq Mohammed2017/11/13
MyBB 1.8.13 - Remote Code Execution abstersa2017/11/11
MyBB 1.8.13 - Cross-Site Scripting abstersa2017/11/11
pfSense 2.3.1_1 - Command Execution 4squatc2017/11/07
ManageEngine Applications Manager 13 - SQL Injection Cody Sixteen2017/11/07
WordPress Plugin Userpro < 4.9.17.1 - Authentication Bypass Colette Chamberland2017/11/04
WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection Lenon Leite2017/11/03
Ladon Framework for Python 0.9.40 - XML External Entity Expansion RedTeam Pentesting2017/11/03
Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting Dewank Pant2017/11/03
Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting Dewank Pant2017/11/03
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery Zain Sabahat2017/11/01
Ingenious School Management System 2.3.0 - 'friend_index' SQL injection Giulio Comi2017/11/01
WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection omplixse2017/10/30
Zomato Clone Script - 'resid' SQL Injection Ihsan Sencan2017/10/30
Website Broker Script - 'status_id' SQL Injection Ihsan Sencan2017/10/30
Vastal I-Tech Agent Zone - SQL Injection Ihsan Sencan2017/10/30
Php Inventory - Arbitrary File Upload Ihsan Sencan2017/10/30
Online Exam Test Application - 'sort' SQL Injection Ihsan Sencan2017/10/30
Nice PHP FAQ Script - 'nice_theme' SQL Injection Ihsan Sencan2017/10/30
Fake Magazine Cover Script - SQL Injection Ihsan Sencan2017/10/30
CPA Lead Reward Script - SQL Injection Ihsan Sencan2017/10/30
Basic B2B Script - SQL Injection Ihsan Sencan2017/10/30
CmsLite 1.4 - 'S' SQL Injection Ihsan Sencan2017/10/30
MyMagazine 1.0 - 'id' SQL Injection Ihsan Sencan2017/10/30
News 1.0 - SQL Injection Ihsan Sencan2017/10/30
Newspaper 1.0 - SQL Injection Ihsan Sencan2017/10/30
US Zip Codes Database - 'state' SQL Injection Ihsan Sencan2017/10/30
Shareet - 'photo' SQL Injection Ihsan Sencan2017/10/30
AROX School ERP PHP Script - 'id' SQL Injection Ihsan Sencan2017/10/30
Protected Links - SQL Injection Ihsan Sencan2017/10/30
ZeeBuddy 2x - 'groupid' SQL Injection Ihsan Sencan2017/10/30
Vastal I-Tech Dating Zone 0.9.9 - 'product_id' SQL Injection Ihsan Sencan2017/10/30
tPanel 2009 - Authentication Bypass Ihsan Sencan2017/10/30
Sokial Social Network Script 1.0 - SQL Injection Ihsan Sencan2017/10/30
SoftDatepro Dating Social Network 1.3 - SQL Injection Ihsan Sencan2017/10/30
Same Sex Dating Software Pro 1.0 - SQL Injection Ihsan Sencan2017/10/30
PHP CityPortal 2.0 - SQL Injection Ihsan Sencan2017/10/30
PG All Share Video 1.0 - SQL Injection Ihsan Sencan2017/10/30
MyBuilder Clone 1.0 - 'subcategory' SQL Injection Ihsan Sencan2017/10/30
Mailing List Manager Pro 3.0 - SQL Injection Ihsan Sencan2017/10/30
Joomla! Component Zh YandexMap 6.1.1.0 - 'placemarklistid' SQL Injection Ihsan Sencan2017/10/30
Joomla! Component NS Download Shop 2.2.6 - 'id' SQL Injection Ihsan Sencan2017/10/30
Job Board Script - 'nice_theme' SQL Injection Ihsan Sencan2017/10/30
iTech Gigs Script 1.21 - SQL Injection Ihsan Sencan2017/10/30
iStock Management System 1.0 - Arbitrary File Upload Ihsan Sencan2017/10/30
iProject Management System 1.0 - 'ID' SQL Injection Ihsan Sencan2017/10/30
Article Directory Script 3.0 - 'id' SQL Injection Ihsan Sencan2017/10/30
Adult Script Pro 2.2.4 - SQL Injection Ihsan Sencan2017/10/30
D-Park Pro 1.0 - SQL Injection Ihsan Sencan2017/10/30
Ingenious 2.3.0 - Arbitrary File Upload Ihsan Sencan2017/10/30
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure r_m2017/10/30
PHP Melody 2.6.1 - SQL Injection Venkat Rajgor2017/10/28
PHPMyFAQ 2.9.8 - Cross-Site Scripting (3) Nikhil Mittal2017/10/28
phpMyFAQ 2.9.8 - Cross-Site Request Forgery Nikhil Mittal2017/10/27
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection Ishaq Mohammed2017/10/25
KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting Ishaq Mohammed2017/10/25
Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection Anthony Cole2017/10/24
FS Shutter Stock Clone - 'keywords' SQL Injection bitse2017/10/24
FS Thumbtack Clone - 'ser' SQL Injection bitse2017/10/24
FS Trademe Clone - 'id' SQL Injection bitse2017/10/24
FS Monster Clone - 'id' SQL Injection bitse2017/10/24
FS Care Clone - 'sitterService' SQL Injection bitse2017/10/24
FS Crowdfunding Script - 'id' SQL Injection bitse2017/10/24
FS Realtor Clone - 'id' SQL Injection bitse2017/10/24
Kaltura < 13.1.0 - Remote Code Execution Robin Verton2017/10/23
FS Car Rental Script - 'pickup_location' SQL Injection bitse2017/10/23
FS Amazon Clone - 'category_id' SQL Injection bitse2017/10/23
FS Book Store Script - 'category' SQL Injection bitse2017/10/23
FS Ebay Clone - 'pd_maincat_id' SQL Injection bitse2017/10/23
FS Food Delivery Script - 'keywords' SQL Injection bitse2017/10/23
FS Expedia Clone - 'hid' SQL Injection bitse2017/10/23
FS Freelancer Clone - 'sk' SQL Injection bitse2017/10/23
FS Groupon Clone - 'category' SQL Injection bitse2017/10/23
FS Indiamart Clone - 'keywords' SQL Injection bitse2017/10/23
FS Lynda Clone - 'category' SQL Injection bitse2017/10/23
FS OLX Clone - 'catg_id' SQL Injection bitse2017/10/23
CometChat < 6.2.0 BETA 1 - Local File Inclusion aradoxi2017/10/22
Linksys E Series - Multiple Vulnerabilities SEC Consult2017/10/18
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities SEC Consult2017/10/18
Check_MK 1.2.8p25 - Information Disclosure Julien Ahrens2017/10/18
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution Michael Stepankin and Olga Barinova2017/10/17
Career Portal 1.0 - SQL Injection bitse2017/10/17
Wordpress Plugin Car Park Booking - SQL Injection bitse2017/10/17
TP-Link WR940N - Authenticated Remote Code Exploit Fidus InfoSecurity2017/10/17
Squid Analysis Report Generator 2.3.10 - Remote Code Execution Pavel Suprunyuk2017/10/17
OpenText Documentum Content Server - Privilege Escalation Andrey B. Panfilov2017/10/17
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation Andrey B. Panfilov2017/10/17
OpenText Documentum Content Server - dmr_content Privilege Escalation Andrey B. Panfilov2017/10/17
OpenText Documentum Content Server - Arbitrary File Download Andrey B. Panfilov2017/10/17
3CX Phone System 15.5.3554.1 - Directory Traversal Jens Regel2017/10/16
Webmin 1.850 - Multiple Vulnerabilities yp3rlin2017/10/15
Logitech Media Server - Cross-Site Scripting Thiago Sena2017/10/14
TYPO3 Extension Restler 1.7.0 - Local File Disclosure rashBandico2017/10/13
phpMyFAQ 2.9.8 - Cross-Site Scripting Ishaq Mohammed2017/10/13

EXPLOIT_windows

DescriptionAuthorDate
Sync Breeze 10.2.12 - Denial of Service Manuel García Cárdenas2017/12/15
Microsoft Office - DDE Payload Delivery (Metasploit) etasploi2017/12/14
Dup Scout Enterprise - Login Buffer Overflow (Metasploit) etasploi2017/12/14
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit) etasploi2017/12/14
LabF nfsAxe FTP Client 3.7 - Buffer Overflow (DEP Bypass) etw0r2017/12/08
Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path Google Security Research2017/12/07
Claymore Dual ETH + DCR/SC/LBC/PASC GPU Miner - Stack Buffer Overflow / Path Traversal intinwe2017/12/07
VX Search 10.2.14 - 'command_name' Buffer Overflow 01fier002017/12/05
Perspective ICM Investigation & Case 5.1.1.16 - Privilege Escalation Konstantinos Alexiou2017/12/05
Abyss Web Server < 2.11.6 - Heap Memory Corruption yp3rlin2017/12/01
HP iMC Plat 7.2 - Remote Code Execution (2) Chris Lyne2017/11/29
Dup Scout Enterprise 10.0.18 - 'Input Directory' Local Buffer Overflow (SEH) Miguel Mendez Z2017/11/29
HP iMC Plat 7.2 - Remote Code Execution Chris Lyne2017/11/28
Microsoft Edge Chakra JIT - 'BailOutOnTaggedValue' Bailouts Type Confusion Google Security Research2017/11/27
Microsoft Edge Chakra JIT - 'Inline::InlineCallApplyTarget_Shared' does not Return the return Instruction Google Security Research2017/11/27
Microsoft Edge Chakra JIT - Incorrect Function Declaration Scope Google Security Research2017/11/27
Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly Google Security Research2017/11/27
Diving Log 6.0 - XML External Entity Injection Trent Gordon2017/11/27
KMPlayer 4.2.2.4 - Denial of Service .Yavar2017/11/22
Winamp Pro 5.66.Build.3512 - Denial of Service .Yavar2017/11/22

EXPLOIT_win_x86

DescriptionAuthorDate
Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation P2017/11/27