Remote Exploits
| Datum | A | V | Name/Beschreibung | Platform | Author | |
|---|---|---|---|---|---|---|
| 11.03.2017 |
MobaXterm Personal Edition 9.4 - Directory Traversal
|
878 | Windows | Javier Perez | ||
| 07.03.2017 |
Azure Data Expert Ultimate 2.2.16 - Buffer Overflow
|
843 | Windows | Javier Perez | ||
| 04.03.2017 |
FTPShell Client 6.53 - Buffer Overflow
|
841 | Windows | Javier Perez | ||
| 28.02.2017 |
SysGauge 1.5.18 - Buffer Overflow
|
754 | Windows | Javier Perez | ||
| 27.02.2017 |
MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit)
|
761 | ARM | |||
| 27.02.2017 |
WePresent WiPG-1500 - Backdoor Account
|
806 | Hardware | Quentin Olagne | ||
| 23.02.2017 |
macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read
|
713 | macOS | |||
| 22.02.2017 |
Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH)
|
822 | Windows | Javier Perez | ||
| 15.02.2017 |
OpenText Documentum D2 - Remote Code Execution
|
791 | Java | Andrey B. Panfilov | ||
| 14.02.2017 |
Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit)
|
777 | PHP | myst |
Denial of Service Exploits
| Datum | A | V | Name/Beschreibung | Platform | Author | |
|---|---|---|---|---|---|---|
| 09.03.2017 |
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service
|
835 | Hardware | Rootshell | ||
| 07.03.2017 |
Evostream Media Server 1.7.1 (x64) - Denial of Service
|
773 | Windows | Blake | ||
| 02.03.2017 |
Conext ComBox 865-1058 - Denial of Service
|
796 | Hardware | Mark Liapustin and Arik Kublanov | ||
| 28.02.2017 |
Synchronet BBS 3.16c - Denial of Service
|
791 | Windows | Blake | ||
| 28.02.2017 |
BlueIris 4.5.1.4 - Denial of Service
|
778 | Windows | Blake | ||
| 26.02.2017 |
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)
|
846 | Linux | Andrey Konovalov | ||
| 24.02.2017 |
Microsoft Edge and Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion
|
767 | Windows | Blake | ||
| 22.02.2017 |
EasyCom For PHP 4.0.0 - Denial of Service
|
830 | Windows | Blake | ||
| 22.02.2017 |
EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)
|
2414 | Windows | Blake | ||
| 22.02.2017 |
Google Chrome - 'layout' Out-of-Bounds Read
|
833 | Multiple | st3n |
Exploit Shellcode
| Datum | A | V | Name/Beschreibung | Platform | Author | |
|---|---|---|---|---|---|---|
| 11.03.2017 |
Windows x86 - Hide Console Window Shellcode (182 bytes)
|
837 | Win_x86 | Albert Nubdy | ||
| 04.03.2017 |
Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes)
|
761 | Lin_x86-64 | ROTShB | ||
| 04.03.2017 |
Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes)
|
820 | Lin_x86-64 | ROTShB | ||
| 03.03.2017 |
Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes)
|
747 | Lin_x86-64 | ROTShB | ||
| 03.03.2017 |
Linux/x86-64 - Polymorphic Flush IPTables Shellcode (47 bytes)
|
749 | Lin_x86-64 | ROTShB | ||
| 01.03.2017 |
Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes)
|
774 | Win_x86 | Albert Nubdy | ||
| 28.02.2017 |
Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
|
790 | Linux | Gregory Duchemin | ||
| 26.02.2017 |
Linux/x86-64 - Random Listener Shellcode (54 bytes)
|
778 | Lin_x86-64 | ROTShB | ||
| 26.02.2017 |
Windows x86 - Executable Directory Search Shellcode (130 bytes)
|
727 | Win_x86 | Albert Nubdy | ||
| 23.02.2017 |
Linux/x86-64 - Egghunter Shellcode (38 bytes)
|
754 | Linux | Gregory Duchemin |
Web Application Exploits
| Datum | A | V | Name/Beschreibung | Platform | Author | |
|---|---|---|---|---|---|---|
| 11.03.2017 |
Yacht Listing Script 2.0 - SQL Injection
|
774 | PHP | Gerardo Vazquez, Eduardo Arriols | ||
| 11.03.2017 |
Property Listing Script 3.1 - SQL Injection
|
762 | PHP | Gerardo Vazquez, Eduardo Arriols | ||
| 11.03.2017 |
Yellow Pages Script 3.2 - 'category_id' Parameter SQL Injection
|
797 | PHP | Gerardo Vazquez, Eduardo Arriols | ||
| 11.03.2017 |
Pet Listing Script 3.0 - SQL Injection
|
789 | PHP | Gerardo Vazquez, Eduardo Arriols | ||
| 11.03.2017 |
Domain Marketplace Script - SQL Injection
|
786 | PHP | Gerardo Vazquez, Eduardo Arriols | ||
| 11.03.2017 |
Vanelo - SQL Injection
|
799 | PHP | Gerardo Vazquez, Eduardo Arriols | ||
| 11.03.2017 |
Mirage - SQL Injection
|
569 | PHP | Gerardo Vazquez, Eduardo Arriols | ||
| 11.03.2017 |
Travel Tours Script 2.0 - SQL Injection
|
984 | PHP | Gerardo Vazquez, Eduardo Arriols | ||
| 11.03.2017 |
PHP Forum Script 3.0 - SQL Injection
|
757 | PHP | Gerardo Vazquez, Eduardo Arriols | ||
| 11.03.2017 |
Global In - SQL Injection
|
824 | PHP | Gerardo Vazquez, Eduardo Arriols |
Local Exploits
| Datum | A | V | Name/Beschreibung | Platform | Author | |
|---|---|---|---|---|---|---|
| 07.03.2017 |
USBPcap - Privilege Escalation
|
820 | Windows | Ruben Garrote Garca | ||
| 06.03.2017 |
CyberGhost 6.0.4.2205 - Privilege Escalation
|
783 | Windows | Ruben Garrote Garca | ||
| 28.02.2017 |
Cisco AnyConnect Secure Mobility Client 4.3.04027 - Privilege Escalation
|
793 | Windows | Pcchillin | ||
| 26.02.2017 |
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation
|
782 | Linux | metasploit | ||
| 14.02.2017 |
ShadeYouVPN Client 2.0.1.11 - Privilege Escalation
|
650 | Windows | Ruben Garrote Garca | ||
| 14.02.2017 |
ntfs-3g - Unsanitized modprobe Environment Privilege Escalation
|
674 | Linux | metasploit | ||
| 12.02.2017 |
Cimetrics BACstac 6.2f - Privilege Escalation
|
752 | Windows | Ruben Garrote Garca | ||
| 12.02.2017 |
Cimetrics BACnet Explorer 4.0 - XML External Entity Injection
|
663 | Windows | Ruben Garrote Garca | ||
| 06.02.2017 |
IVPN Client 2.6.1 - Privilege Escalation
|
673 | Windows | Ruben Garrote Garca | ||
| 03.02.2017 |
ntfs-3g (Debian 9) - Privilege Escalation
|
721 | Linux | metasploit |
Security Papers and Articles
| Datum | A | V | Name/Beschreibung | Platform | Author |
|---|