Exploits

Most of my modules started off as N-days, and went to the Metasploit repository. I’ve written a lot of modules, from exploits, post, evasion, tools, etc, so it’d take a long time to compile all that into a list. Here are the ones with arbitrary code execution, the rest could be found here.

I’d also like to thank those who have worked with me to write these modules together. All wonderful memories.

Oct 21 2019
Total.js CMS JavaScript Code Injection Vulnerability

Sep 09 2019
Zip Slip (TAR Extraction) Vulnerability

Jun 18 2019
Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability

Jun 10 2019
Cisco Prime Infrastructure runrshell Local Privilege Escalation

Jun 07 2019
Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerability

May 24 2019
Oracle Application Testing Suite WebLogic Server Administration Console War Deployment

May 01 2019
Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution

Jan 05 2018
Ayukov NFTP FTP Client Buffer Overflow

Aug 02 2017
Nitro Pro PDF Reader 11.0.3.173 Remote Code Execution

Apr 24 2017
Microsoft Office Word Malicious Hta Execution

Mar 27 2017
Github Enterprise Default Session Secret And Deserialization

Feb 10 2017
Apache OpenOffice Text Document Malicious Macro Execution

Feb 08 2017
Microsoft Office Word Malicious Macro Execution

Jan 12 2017
Cisco Firepower Management Console 6.0 Post Authentication UserAdd

May 17 2016
Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection

Dec 14 2015
ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability

Dec 04 2015
Atlassian HipChat for Jira Plugin Velocity Template Injection

Dec 03 2015
Oracle BeeHive 2 voice-servlet processEvaluation() Vulnerability

Dec 03 2015
Oracle BeeHive 2 voice-servlet prepareAudioToPlay() Arbitrary File Upload

Sep 15 2015
MS15-100 Microsoft Windows Media Center MCL Code Execution

Jul 13 2015
Adobe Flash opaqueBackground Use After Free

Jul 08 2015
Adobe Flash Player ByteArray Use After Free

Apr 06 2015
Solarwinds Firewall Security Manager 6.6.5 Client Session Handling

Mar 18 2015
Adobe Flash Player PCRE Regex Logic Error

Mar 03 2015
Symantec Web Gateway 5 restore.php Command Injection

Jan 15 2015
Microsoft Windows NtApphelpCacheControl Improper Authorization Check

Jan 12 2015
Oracle MySQL for Microsoft Windows FILE Privilege Abuse

Nov 14 2014
MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python

Nov 13 2014
MS14-064 Microsoft Windows OLE Package Manager Code Execution

Oct 18 2014
MS14-060 Microsoft Windows OLE Package Manager Code Execution

Mar 20 2014
MS14-012 Internet Explorer TextRange Use-After-Free

Dec 17 2013
Adobe Reader ToolButton Use After Free

Nov 27 2013
Microsoft Tagged Image File Format (TIFF) Integer Overflow

Nov 08 2013
VICIdial Manager Send OS Command Injection

Oct 14 2013
MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free

Sep 30 2013
Microsoft Internet Explorer SetMouseCapture Use-After-Free

Sep 20 2013
MS13-069 Microsoft Internet Explorer CCaret Use-After-Free

Sep 09 2013
MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free

Sep 04 2013
MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free

Aug 16 2013
Java storeImageArray() Invalid Array Indexing

Aug 08 2013
Firefox onreadystatechange Event DocumentViewerImpl Use After Free

Jul 25 2013
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

Jul 18 2013
Apple Quicktime 7 Invalid Atom Length Buffer Overflow

Jul 01 2013
Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation

Jun 26 2013
ZPanel zsudo Local Privilege Escalation

Jun 26 2013
FreeBSD 9 Address Space Manipulation Privilege Escalation

Jun 23 2013
ZPanel 10.0.0.2 htpasswd Module Username Command Execution

Jun 22 2013
HP System Management Homepage JustGetSNMPQueue Command Injection

Jun 22 2013
LibrettoCMS File Manager Arbitrary File Upload

Jun 20 2013
Havalite CMS Arbitary File Upload

Jun 10 2013
Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow

May 07 2013
Microsoft Internet Explorer CGenericElement Object Use-After-Free

Jan 11 2013
Java Applet JMX Remote Code Execution

Jan 01 2013
Microsoft Internet Explorer Option Element Use-After-Free

Jan 02 2013
Microsoft Internet Explorer CButton Object Use-After-Free

Dec 31 2012
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free

Dec 24 2012
Netwin SurgeFTP Remote Command Execution

Dec 09 2012
Nagios XI Network Monitor Graph Explorer Component Command Injection

Dec 08 2012
FreeFloat FTP Server Arbitrary File Upload

Dec 08 2012
Maxthon3 about:history XCS Trusted Zone Code Execution

Dec 08 2012
Splunk 5.0 Custom App Remote Code Execution

Dec 07 2012
Oracle MySQL For Microsoft Windows MOF Execution

Dec 05 2012
Tectia SSH USERAUTH Change Request Password Reset

Nov 30 2012
BlazeVideo HDTV Player Pro 6.6 Filename Handling

Nov 29 2012
Network Shutdown Module 3.21 Remote PHP Code Injection

Nov 21 2012
Narcissus Image Configuration Passthru

Nov 13 2012
Invision IP.Board 3.3.4 unserialize() PHP Code Execution

Nov 02 2012
HP Intelligent Management Center UAM Buffer Overflow

Nov 01 2012
Aladdin Knowledge System Ltd ChooseFilePath Buffer Overflow

Oct 28 2012
ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection

Oct 15 2012
AjaXplorer checkInstall.php Remote Command Execution

Oct 12 2012
Project Pier Arbitrary File Upload

Oct 08 2012
PhpTax pfilez Parameter Exec Remote Code Injection

Sep 28 2012
Samba SetInformationPolicy AuditEventsInfo Heap Overflow

Sep 25 2012
Auxilium RateMyPet Arbitrary File Upload

Sep 17 2012
Microsoft Internet Explorer execCommand Use-After-Free

Sep 15 2012
Oracle BTM FlashTunnelService Remote Code Execution

Sep 14 2012
qdPM 7 Arbitrary PHP File Upload

Sep 07 2012
Sflog! CMS 1.0 Arbitrary File Upload

Sep 06 2012
Symantec Messaging Gateway 9.5 Default SSH Password

Sep 05 2012
MobileCartly 1.0 Arbitrary File Creation

Aug 28 2012
Java 7 Applet Remote Code Execution

Aug 17 2012
Adobe Flash Player 11.3 Font Parsing Code Execution

Aug 15 2012
Windows Service Trusted Path Privilege Escalation

Aug 14 2012
Cyclope Employee Surveillance Solution 6 SQL Injection

Aug 08 2012
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential

Aug 03 2012
Dell SonicWALL Scrutinizer 9 SQL Injection

Aug 01 2012
WebPageTest Arbitrary PHP File Upload

Jul 27 2012
Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection

Jul 10 2012
Java Applet Field Bytecode Verifier Cache Remote Code Execution

Jul 06 2012
Basilic 1.5.14 diff.php Arbitrary Command Execution

Jul 02 2012
HP Data Protector Create New Folder Buffer Overflow

Jun 29 2012
Apple QuickTime TeXML Stack Buffer Overflow

Jun 27 2012
SugarCRM 6.3.1 unserialize() PHP Code Execution

Jun 23 2012
Adobe Flash Player Object Type Confusion

Jun 16 2012
Microsoft XML Core Services MSXML Uninitialized Memory Corruption

Jun 14 2012
Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow

Jun 11 2012
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability

Jun 05 2012
Apache Struts 2.2.1.1 Remote Command Execution

Jun 03 2012
Log1 CMS writeInfo() PHP Code Injection

May 31 2012
PHP Volunteer Management System v1.0.2 Arbitrary File Upload

Mar 28 2012
Symantec Web Gateway 5.0.2.8 Command Execution

May 27 2012
QuickShare File Share 1.2.1 Directory Traversal

May 25 2012
RabidHamster R4 Log Entry sprintf() Buffer Overflow

May 24 2012
appRain CMF Arbitrary PHP File Upload Vulnerability

May 22 2012
FlexNet License Server Manager lmgrd Buffer Overflow

May 22 2012
HP StorageWorks P4000 Virtual SAN Appliance Command Execution

May 18 2012
Squiggle 1.7 SVG Browser Java Code Execution

May 11 2012
Distinct TFTP 3.01 Writable Directory Traversal Execution

May 11 2012
WikkaWiki 1.3.2 Spam Logging PHP Injection

Mar 06 2012
Solarwinds Storage Manager 5.1.0 SQL Injection

May 03 2012
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability

May 03 2012
VLC MMS Stream Handling Buffer Overflow

Apr 30 2012
WebCalendar 1.2.4 Pre-Auth Remote Code Injection

Apr 25 2012
MS12-027 MSCOMCTL ActiveX Buffer Overflow

Apr 17 2012
V-CMS PHP File Upload And Execute

Apr 10 2012
IBM Tivoli Provisioning Manager Express Overflow

Apr 07 2012
TRENDnet SecurView Internet Camera UltraMJCam OpenFileDlg Buffer Overflow

Mar 30 2012
Java AtomicReferenceArray Type Violation

Mar 26 2012
Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow

Mar 22 2012
Dell Webcam CrazyTalk ActiveX BackImage Vulnerability

Mar 22 2012
MS10-002 Internet Explorer Object Memory Use-After-Free

Mar 15 2012
NetDecision 4.5.1 HTTP Server Buffer Overflow

Mar 08 2012
Adobe Flash Player .mp4 ‘cprt’ Overflow

Mar 05 2012
Sysax 5.53 SSH Username Buffer Overflow

Feb 29 2012
ASUS Net4Switch ipswcom.dll ActiveX Stack Buffer Overflow

Feb 10 2012
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow

Jan 28 2012
MS12-004 midiOutPlayNextPolyEvent Heap Overflow

Jan 20 2012
HP OpenView Network Node Manager ov.dll OVBuildPath Buffer Overflow

Jan 18 2012
McAfee SaaS MyCioScan ShowReport Remote Command Execution

Jan 04 2012
Adobe Reader U3D Memory Corruption

Dec 23 2011
Oracle Job Scheduler Named Pipe Command Execution

Dec 13 2011
CoDeSys SCADA 2.3 Webserver Stack Buffer Overflow

Oct 12 2011
Windows Manage Memory Payload Injection

Nov 30 2011
Java Applet Rhino Script Engine Remote Code Execution

Nov 20 2011
Wireshark 1.6 console.lua Pre-Load / Execution

Nov 13 2011
Aviosoft Digital TV Player Professional 1.0 Buffer Overflow

Nov 06 2011
MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow

Oct 20 2011
HP Power Manager ‘formExportDataLogs’ Buffer Overflow

Oct 17 2011
Apple Safari file:// Arbitrary Code Execution

Oct 14 2011
Mozilla Firefox Array.reduceRight() Integer Overflow

Sep 02 2011
DVD X Player 5.5 .plf PlayList Buffer Overflow

Aug 31 2011
Citrix Gateway ActiveX Control Stack Based Buffer Overflow

Aug 13 2011
TeeChart Professional ActiveX Control 2010.0.0.3 Trusted Integer Dereference

Aug 04 2011
Sun/Oracle GlassFish Server Authenticated Code Execution

Jul 06 2011
HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow

Jul 04 2011
HP OmniInet.exe Opcode 20 Buffer Overflow

Jun 25 2011
Siemens FactoryLink 8 CSService Logging Buffer Overflow

Jun 21 2011
Black Ice Cover Page ActiveX Control Arbitrary File Download

Jun 09 2011
7-Technologies IGSS 9 IGSSdataServer .RMS Rename Buffer Overflow

May 31 2011
7-Technologies IGSS 9 Data Server/Collector Packet Handling

May 16 2011
7-Technologies IGSS <= v9.00.00 b11063 IGSSdataServer.exe Stack Overflow

May 12 2011
ICONICS WebHMI ActiveX Buffer Overflow

May 12 2011
SPlayer 3.7 Content-Type Buffer Overflow

Apr 28 2011
Subtitle Processor 7.7.1 M3U SEH Unicode Buffer Overflow

Apr 17 2011
Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability

Apr 09 2011
Real Networks Arcade Games StubbyItil.ProcessMgr ActiveX Arbitrary Code Execution

Apr 08 2011
AOL Desktop 9.6 RTX Buffer Overflow

Apr 06 2011
IBM Lotus Domino iCalendar MAILTO Buffer Overflow

Mar 26 2011
VLC AMV Dangling Pointer Vulnerability

Mar 24 2011
HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow

Mar 23 2011
HP NNM CGI webappmon.exe execvp Buffer Overflow

Mar 23 2011
HP OpenView NNM nnmRptConfig nameParams Buffer Overflow

Mar 23 2011
HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow

Mar 18 2011
RealNetworks RealPlayer CDDA Initialization Vulnerability

Jun 02 2010
XFTP 3.0 Build 02.39 Long Filename Buffer Overflow

May 30 2010
IP2location.dll 1.0.0.1 Initialize() Buffer Overflow

May 22 2010
Rumba FTP Client 4.2.0.0 Buffer Overflow

May 06 2010
Ziepod+ 1.0 Cross Application Scripting

Feb 05 2010
Ipswitch IMail Server 11.0 Password Decryptor

Jan 07 2010
Quick Player 1.2 Unicode Buffer Overflow

Dec 13 2009
HP NNM 7.53 ovalarm.exe Buffer Overflow