diff --git a/files.csv b/files.csv index 0e6e976ee..9a3a5b47a 100755 --- a/files.csv +++ b/files.csv @@ -4043,7 +4043,7 @@ id,file,description,date,author,platform,type,port 4394,platforms/windows/remote/4394.html,"Microsoft Visual Studio 6.0 - (VBTOVSI.DLL 1.0.0.0) File Overwrite Exploit",2007-09-11,shinnai,windows,remote,0 4395,platforms/php/webapps/4395.txt,"NuclearBB Alpha 2 - (root_path) Remote File Inclusion",2007-09-11,"Rootshell Security",php,webapps,0 4396,platforms/php/webapps/4396.txt,"X-Cart - Multiple Remote File Inclusion",2007-09-11,aLiiF,php,webapps,0 -4397,platforms/php/webapps/4397.rb,"WordPress Multiple Versions - Pwnpress Exploitation Tookit (0.2pub)",2007-09-14,"Lance M. Havok",php,webapps,0 +4397,platforms/php/webapps/4397.rb,"WordPress Core 1.5.1.1 <= 2.2.2 - Multiple Vulnerabilities",2007-09-14,"Lance M. Havok",php,webapps,0 4398,platforms/windows/remote/4398.html,"Microsoft SQL Server Distributed Management Objects BoF Exploit",2007-09-12,96sysim,windows,remote,0 4399,platforms/multiple/remote/4399.html,"Apple Quicktime (Multiple Browsers) Command Execution PoC (0Day)",2007-09-12,pdp,multiple,remote,0 4400,platforms/php/webapps/4400.txt,"KwsPHP Module jeuxflash 1.0 - (id) SQL Injection",2007-09-13,Houssamix,php,webapps,0 @@ -9781,7 +9781,7 @@ id,file,description,date,author,platform,type,port 10532,platforms/php/webapps/10532.txt,"Piwik Open Flash Chart - Remote Code Execution",2009-12-17,"Braeden Thomas",php,webapps,0 10533,platforms/php/webapps/10533.txt,"VirtueMart 'product_id' Parameter SQL Injection",2009-12-17,Neo-GabrieL,php,webapps,0 10534,platforms/php/webapps/10534.txt,"Rumba XML suffers from a Cross-Site scripting",2009-12-17,"Hadi Kiamarsi",php,webapps,0 -10535,platforms/php/webapps/10535.txt,"WordPress and Pyrmont 2.x - SQL Injection",2009-12-18,Gamoscu,php,webapps,0 +10535,platforms/php/webapps/10535.txt,"WordPress Pyrmont 2.x Plugin - SQL Injection",2009-12-18,Gamoscu,php,webapps,0 10537,platforms/php/webapps/10537.txt,"gpEasy 1.5RC3 - Remote File Inclusion Exploit",2009-12-18,"cr4wl3r ",php,webapps,0 10540,platforms/asp/webapps/10540.txt,"E-Smartcart SQL Injection",2009-12-18,R3d-D3V!L,asp,webapps,0 10542,platforms/windows/remote/10542.py,"TFTP Server 1.4 - Buffer Overflow Remote Exploit (2)",2009-12-18,Molotov,windows,remote,69 @@ -10487,7 +10487,7 @@ id,file,description,date,author,platform,type,port 11455,platforms/php/webapps/11455.txt,"Généré par KDPics 1.18 - Remote Add Admin",2010-02-15,snakespc,php,webapps,0 11456,platforms/php/webapps/11456.txt,"superengine CMS (Custom Pack) SQL Injection",2010-02-15,10n1z3d,php,webapps,0 11457,platforms/windows/remote/11457.pl,"Microsoft Internet Explorer 6/7 - Remote Code Execution (Remote User Add Exploit)",2010-02-15,"Sioma Labs",windows,remote,0 -11458,platforms/php/webapps/11458.txt,"WordPress Copperleaf Photolog 0.16 - SQL injection",2010-02-15,kaMtiEz,php,webapps,0 +11458,platforms/php/webapps/11458.txt,"WordPress Copperleaf Photolog 0.16 Plugin - SQL injection",2010-02-15,kaMtiEz,php,webapps,0 11460,platforms/php/webapps/11460.txt,"Dodo Upload 1.3 - Upload Shell (Bypass)",2010-02-15,indoushka,php,webapps,0 11461,platforms/php/webapps/11461.txt,"CoffieNet CMS - Bypass Admin",2010-02-15,indoushka,php,webapps,0 11462,platforms/php/webapps/11462.txt,"blog ink Bypass Setting",2010-02-15,indoushka,php,webapps,0 @@ -15962,7 +15962,7 @@ id,file,description,date,author,platform,type,port 18413,platforms/php/webapps/18413.txt,"SpamTitan Application 5.08x - SQL Injection",2012-01-23,Vulnerability-Lab,php,webapps,0 18701,platforms/php/webapps/18701.txt,"phpPaleo - Local File Inclusion",2012-04-04,"Mark Stanislav",php,webapps,0 18416,platforms/jsp/webapps/18416.txt,"stoneware webnetwork6 - Multiple Vulnerabilities",2012-01-24,"Jacob Holcomb",jsp,webapps,0 -18417,platforms/php/webapps/18417.txt,"WordPress 3.3.1 - Multiple Vulnerabilities",2012-01-25,"Trustwave's SpiderLabs",php,webapps,0 +18417,platforms/php/webapps/18417.txt,"WordPress Core 3.3.1 - Multiple Vulnerabilities",2012-01-25,"Trustwave's SpiderLabs",php,webapps,0 18418,platforms/php/webapps/18418.html,"VR GPub 4.0 - CSRF",2012-01-26,Cyber-Crystal,php,webapps,0 18419,platforms/php/webapps/18419.html,"phplist 2.10.9 - CSRF/XSS",2012-01-26,Cyber-Crystal,php,webapps,0 18420,platforms/windows/remote/18420.rb,"Sysax Multi Server 5.50 - Create Folder Remote Code Execution BoF (Metasploit)",2012-01-26,"Craig Freyman",windows,remote,0 @@ -26793,7 +26793,7 @@ id,file,description,date,author,platform,type,port 29751,platforms/php/webapps/29751.php,"PHPStats 0.1.9 PHP-Stats-Options.php Remote Code Execution",2007-03-17,rgod,php,webapps,0 29752,platforms/php/remote/29752.php,"PHP 5.1.6 Mb_Parse_Str Function Register_Globals Activation Weakness",2007-03-19,"Stefan Esser",php,remote,0 29753,platforms/linux/remote/29753.c,"File(1) 4.13 Command File_PrintF Integer Underflow",2007-03-19,"Jean-Sebastien Guay-Leroux",linux,remote,0 -29754,platforms/php/webapps/29754.html,"WordPress 2.x - PHP_Self Cross-Site Scripting",2007-03-19,"Alexander Concha",php,webapps,0 +29754,platforms/php/webapps/29754.html,"WordPress Core 2.x - PHP_Self Cross-Site Scripting",2007-03-19,"Alexander Concha",php,webapps,0 29755,platforms/php/webapps/29755.html,"Guesbara 1.2 Administrator Password Change",2007-03-19,Kacper,php,webapps,0 29756,platforms/php/webapps/29756.txt,"PHPX 3.5.15/3.5.16 print.php news_id Parameter SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0 29757,platforms/php/webapps/29757.txt,"PHPX 3.5.15/3.5.16 forums.php Multiple Parameter SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0 @@ -26879,7 +26879,7 @@ id,file,description,date,author,platform,type,port 30163,platforms/multiple/dos/30163.html,"Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow",2007-06-08,"Dennis Rand",multiple,dos,0 30164,platforms/hardware/remote/30164.txt,"3Com OfficeConnect Secure Router 1.04-168 - Tk Parameter Cross-Site Scripting",2007-06-08,"Secunia Research",hardware,remote,0 30165,platforms/asp/webapps/30165.txt,"Ibrahim Ã?AKICI Okul Portal Haber_Oku.ASP - SQL Injection",2007-06-08,ertuqrul,asp,webapps,0 -30166,platforms/php/webapps/30166.txt,"WordPress 2.2 - Request_URI Parameter Cross-Site Scripting",2007-06-08,zamolx3,php,webapps,0 +30166,platforms/php/webapps/30166.txt,"WordPress Core 2.2 - Request_URI Parameter Cross-Site Scripting",2007-06-08,zamolx3,php,webapps,0 30167,platforms/hardware/dos/30167.txt,"Packeteer PacketShaper 7.x Web Interface Remote Denial of Service",2007-06-08,nnposter,hardware,dos,0 30168,platforms/php/webapps/30168.txt,"vBSupport 2.0.0 Integrated Ticket System vBSupport.php SQL Injection",2007-06-09,rUnViRuS,php,webapps,0 30169,platforms/windows/remote/30169.txt,"WindowsPT 1.2 User ID Key Spoofing",2007-06-11,nnposter,windows,remote,0 @@ -30624,7 +30624,7 @@ id,file,description,date,author,platform,type,port 33987,platforms/php/webapps/33987.txt,"PHP Banner Exchange 1.2 - 'signupconfirm.php' Cross-Site Scripting",2010-01-03,indoushka,php,webapps,0 34112,platforms/windows/local/34112.txt,"Microsoft Windows XP SP3 MQAC.sys - Arbitrary Write Privilege Escalation",2014-07-19,KoreLogic,windows,local,0 33990,platforms/multiple/remote/33990.rb,"Gitlist - Unauthenticated Remote Command Execution",2014-07-07,Metasploit,multiple,remote,80 -33991,platforms/php/remote/33991.rb,"WordPress MailPoet - (wysija-newsletters) Unauthenticated File Upload",2014-07-07,Metasploit,php,remote,80 +33991,platforms/php/remote/33991.rb,"WordPress MailPoet Newsletters 2.6.8 Plugin - (wysija-newsletters) Unauthenticated File Upload",2014-07-07,Metasploit,php,remote,80 33992,platforms/asp/webapps/33992.txt,"Platnik 8.1.1 - Multiple SQL Injection",2010-05-17,podatnik386,asp,webapps,0 33993,platforms/php/webapps/33993.txt,"Planet Script 1.x - 'idomains.php' Cross-Site Scripting",2010-05-14,Mr.ThieF,php,webapps,0 33994,platforms/php/webapps/33994.txt,"PonVFTP Insecure Cookie Authentication Bypass",2010-05-17,SkuLL-HackeR,php,webapps,0 @@ -31512,7 +31512,7 @@ id,file,description,date,author,platform,type,port 34982,platforms/win_x86/local/34982.rb,"Microsoft Bluetooth Personal Area Networking - (BthPan.sys) Privilege Escalation",2014-10-15,Metasploit,win_x86,local,0 34994,platforms/cgi/webapps/34994.txt,"OpenWrt 10.03 - Multiple Cross-Site Scripting Vulnerabilities",2010-11-13,"dave b",cgi,webapps,0 34995,platforms/php/webapps/34995.txt,"Simea CMS 'index.php' SQL Injection",2010-11-16,Cru3l.b0y,php,webapps,0 -34984,platforms/php/webapps/34984.py,"Drupal Core 7.32 - SQL Injection (1)",2014-10-16,fyukyuk,php,webapps,0 +34984,platforms/php/webapps/34984.py,"Drupal Core 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (1)",2014-10-16,fyukyuk,php,webapps,0 34985,platforms/php/remote/34985.txt,"pfSense 2 Beta 4 - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities",2010-11-05,"dave b",php,remote,0 34986,platforms/hardware/remote/34986.txt,"D-Link DIR-300 - Multiple Security Bypass Vulnerabilities",2010-11-09,"Karol Celia",hardware,remote,0 34987,platforms/linux/local/34987.c,"Linux Kernel 2.6.x - 'net/core/filter.c' Local Information Disclosure",2010-11-09,"Dan Rosenberg",linux,local,0 @@ -31520,7 +31520,7 @@ id,file,description,date,author,platform,type,port 34989,platforms/php/webapps/34989.txt,"WeBid 0.85P1 - Multiple Input Validation Vulnerabilities",2010-11-10,"John Leitch",php,webapps,0 34990,platforms/php/webapps/34990.txt,"Ricoh Web Image Monitor 2.03 - Cross-Site Scripting",2010-11-09,thelightcosine,php,webapps,0 34996,platforms/php/webapps/34996.txt,"Raised Eyebrow CMS 'venue.php' SQL Injection",2010-11-16,Cru3l.b0y,php,webapps,0 -34992,platforms/php/webapps/34992.txt,"Drupal Core 7.32 - SQL Injection (2)",2014-10-17,"Claudio Viviani",php,webapps,0 +34992,platforms/php/webapps/34992.txt,"Drupal Core 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (2)",2014-10-17,"Claudio Viviani",php,webapps,0 34993,platforms/php/webapps/34993.php,"Drupal Core 7.32 - SQL Injection (PHP)",2014-10-17,"Dustin Dörr",php,webapps,0 34997,platforms/windows/remote/34997.txt,"DServe Multiple Cross-Site Scripting Vulnerabilities",2010-11-16,Axiell,windows,remote,0 34998,platforms/linux/remote/34998.txt,"Eclipse 3.6.1 Help Server help/index.jsp URI XSS",2010-11-16,"Aung Khant",linux,remote,0 @@ -31672,7 +31672,7 @@ id,file,description,date,author,platform,type,port 35146,platforms/php/webapps/35146.txt,"PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock)",2014-11-03,"Ryan King (Starfall)",php,webapps,0 35148,platforms/linux/remote/35148.txt,"IBM Tivoli Access Manager 6.1.1 for e-business Directory Traversal",2010-12-24,anonymous,linux,remote,0 35149,platforms/php/webapps/35149.txt,"LiveZilla 3.2.0.2 - 'Track' Module 'server.php' Cross-Site Scripting",2010-12-27,"Ulisses Castro",php,webapps,0 -35150,platforms/php/webapps/35150.php,"Drupal < 7.32 Pre Auth SQL Injection",2014-11-03,"Stefan Horst",php,webapps,443 +35150,platforms/php/webapps/35150.php,"Drupal Core < 7.32 - Pre Auth SQL Injection",2014-11-03,"Stefan Horst",php,webapps,443 35151,platforms/hardware/remote/35151.rb,"Xerox Multifunction Printers (MFP) 'Patch' DLM",2014-11-03,Metasploit,hardware,remote,9100 35153,platforms/osx/dos/35153.c,"Mac OS X Mavericks - IOBluetoothHCIUserClient Privilege Escalation",2014-11-03,"rpaleari and joystick",osx,dos,0 35154,platforms/asp/dos/35154.txt,"Sigma Portal - 'ShowObjectPicture.aspx' Denial of Service",2010-12-27,"Pouya Daneshmand",asp,dos,0 @@ -32078,12 +32078,12 @@ id,file,description,date,author,platform,type,port 35600,platforms/linux/dos/35600.c,"Linux Kernel 2.6.x - 'inotify_init1()' Double Free Local Denial of Service",2011-04-11,anonymous,linux,dos,0 35601,platforms/php/webapps/35601.txt,"Etki Video PRO 2.0 izle.asp id Parameter SQL Injection",2011-04-11,Kurd-Team,php,webapps,0 35602,platforms/php/webapps/35602.txt,"Etki Video PRO 2.0 kategori.asp cat Parameter SQL Injection",2011-04-11,Kurd-Team,php,webapps,0 -35603,platforms/php/webapps/35603.txt,"Live Wire 2.3.1 For WordPress - Multiple Security Vulnerabilities",2011-04-11,MustLive,php,webapps,0 +35603,platforms/php/webapps/35603.txt,"Wordpress Live Wire 2.3.1 Theme - Multiple Security Vulnerabilities",2011-04-11,MustLive,php,webapps,0 35604,platforms/php/webapps/35604.txt,"eForum 1.1 - '/eforum.php' Arbitrary File Upload",2011-04-09,QSecure,php,webapps,0 35605,platforms/php/webapps/35605.txt,"Lazarus Guestbook 1.22 - Multiple Vulnerabilities",2014-12-24,TaurusOmar,php,webapps,80 35606,platforms/linux/remote/35606.txt,"MIT Kerberos 5 kadmind Change Password Feature Remote Code Execution",2011-04-11,"Felipe Ortega",linux,remote,0 35607,platforms/php/webapps/35607.txt,"Spellchecker Plugin 3.1 for WordPress - 'general.php' Local File Inclusion / Remote File Inclusion",2011-04-12,"Dr Trojan",php,webapps,0 -35608,platforms/php/webapps/35608.txt,"The Gazette Edition 2.9.4 For WordPress - Multiple Security Vulnerabilities",2011-04-12,MustLive,php,webapps,0 +35608,platforms/php/webapps/35608.txt,"WordPress The Gazette Edition 2.9.4 Theme - Multiple Security Vulnerabilities",2011-04-12,MustLive,php,webapps,0 35609,platforms/php/webapps/35609.txt,"WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-04-12,"High-Tech Bridge SA",php,webapps,0 35610,platforms/php/webapps/35610.txt,"Plogger 1.0 RC1 - 'gallery_name' Parameter Cross-Site Scripting",2011-04-12,"High-Tech Bridge SA",php,webapps,0 35611,platforms/php/webapps/35611.txt,"Website Baker 2.8.1 - Multiple SQL Injection",2011-04-12,"High-Tech Bridge SA",php,webapps,0 @@ -32501,7 +32501,7 @@ id,file,description,date,author,platform,type,port 36056,platforms/windows/remote/36056.rb,"Achat 0.150 beta7 - Buffer Overflow (Metasploit)",2015-02-11,Metasploit,windows,remote,9256 36057,platforms/cgi/webapps/36057.txt,"IBM Endpoint Manager - Stored XSS",2015-02-11,"RedTeam Pentesting",cgi,webapps,52311 36070,platforms/php/dos/36070.txt,"PHP Prior to 5.3.7 - Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities",2011-08-19,"Maksymilian Arciemowicz",php,dos,0 -36061,platforms/php/webapps/36061.php,"WordPress Webdorado Spider Event Calendar 1.4.9 - SQL Injection",2015-02-13,"Mateusz Lach",php,webapps,0 +36061,platforms/php/webapps/36061.php,"WordPress Webdorado Spider Event Calendar 1.4.9 Plugin - SQL Injection",2015-02-13,"Mateusz Lach",php,webapps,0 36062,platforms/windows/local/36062.txt,"Realtek 11n Wireless LAN utility - Privilege Escalation",2015-02-13,"Humberto Cabrera",windows,local,0 36063,platforms/asp/webapps/36063.txt,"Code Widgets Online Job Application 'admin.asp' Multiple SQL Injection",2011-08-17,"L0rd CrusAd3r",asp,webapps,0 36064,platforms/asp/webapps/36064.txt,"Code Widgets DataBound Index Style Menu 'category.asp' SQL Injection",2011-08-17,Inj3ct0r,asp,webapps,0 @@ -32628,7 +32628,7 @@ id,file,description,date,author,platform,type,port 36192,platforms/php/webapps/36192.txt,"A2CMS 'index.php' Local File Disclosure",2011-09-28,St493r,php,webapps,0 36193,platforms/php/webapps/36193.txt,"WordPress WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection",2011-09-30,"Miroslav Stampar",php,webapps,0 36194,platforms/php/webapps/36194.txt,"ProjectForum 7.0.1 3038 - 'more' Object HTML Injection",2011-09-30,"Paul Davis",php,webapps,0 -36195,platforms/php/webapps/36195.txt,"WordPress Trending 0.1 - 'cpage' Parameter Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 +36195,platforms/php/webapps/36195.txt,"WordPress Trending 0.1 Theme - 'cpage' Parameter Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 36196,platforms/php/webapps/36196.txt,"SonicWall Viewpoint 6.0 - 'scheduleID' Parameter SQL Injection",2011-10-02,Rem0ve,php,webapps,0 36197,platforms/php/webapps/36197.txt,"ezCourses admin.asp Security Bypass",2011-10-01,J.O,php,webapps,0 36198,platforms/multiple/dos/36198.pl,"Polipo 1.0.4.1 POST/PUT Requests HTTP Header Processing Denial Of Service",2011-10-01,"Usman Saeed",multiple,dos,0 @@ -32836,7 +32836,7 @@ id,file,description,date,author,platform,type,port 36402,platforms/asp/webapps/36402.txt,"Hero 3.69 - 'month' Parameter Cross-Site Scripting",2011-12-01,"Gjoko Krstic",asp,webapps,0 36403,platforms/windows/dos/36403.html,"HP Device Access Manager for HP ProtectTools 5.0/6.0 Heap Memory Corruption",2011-12-02,"High-Tech Bridge SA",windows,dos,0 36404,platforms/linux/dos/36404.c,"GNU glibc Timezone Parsing Remote Integer Overflow",2009-06-01,dividead,linux,dos,0 -36414,platforms/php/webapps/36414.txt,"WordPress WPML - Multiple Vulnerabilities",2015-03-16,"Jouko Pynnonen",php,webapps,80 +36414,platforms/php/webapps/36414.txt,"WordPress WPML 3.1.9 Plugin - Multiple Vulnerabilities",2015-03-16,"Jouko Pynnonen",php,webapps,80 36415,platforms/java/remote/36415.rb,"ElasticSearch - Search Groovy Sandbox Bypass",2015-03-16,Metasploit,java,remote,9200 36482,platforms/php/webapps/36482.txt,"Siena CMS 1.242 - 'err' Parameter Cross-Site Scripting",2012-01-01,Net.Edit0r,php,webapps,0 36483,platforms/php/webapps/36483.txt,"WordPress WP Live.php 1.2.1 - 's' Parameter Cross-Site Scripting",2012-01-01,"H4ckCity Security Team",php,webapps,0 @@ -33240,7 +33240,7 @@ id,file,description,date,author,platform,type,port 36835,platforms/php/webapps/36835.txt,"Joomla Xcomp 'com_xcomp' Component Local File Inclusion",2012-02-18,KedAns-Dz,php,webapps,0 36836,platforms/multiple/remote/36836.py,"Legend Perl IRC Bot - Remote Code Execution PoC",2015-04-27,"Jay Turla",multiple,remote,0 36837,platforms/windows/local/36837.rb,"iTunes 10.6.1.7 - '.PLS' Title Buffer Overflow",2015-04-27,"Fady Mohammed Osman",windows,local,0 -36844,platforms/php/webapps/36844.txt,"WordPress 4.2 - Stored XSS",2015-04-27,klikki,php,webapps,0 +36844,platforms/php/webapps/36844.txt,"WordPress Core 4.2 - Stored XSS",2015-04-27,klikki,php,webapps,0 36839,platforms/multiple/remote/36839.py,"MiniUPnPd 1.0 - Stack Overflow RCE for AirTies RT Series (MIPS)",2015-04-27,"Onur Alanbel (BGA)",multiple,remote,0 36840,platforms/multiple/dos/36840.py,"Wireshark 1.12.4 - Memory Corruption and Access Violation PoC",2015-04-27,"Avinash Thapa",multiple,dos,0 36841,platforms/windows/local/36841.py,"UniPDF 1.2 - 'xml' Buffer Overflow Crash PoC",2015-04-27,"Avinash Thapa",windows,local,0 @@ -33354,7 +33354,7 @@ id,file,description,date,author,platform,type,port 36954,platforms/php/webapps/36954.txt,"WordPress Yet Another Related Posts Plugin 4.2.4 - CSRF",2015-05-08,Evex,php,webapps,80 36955,platforms/osx/remote/36955.py,"MacKeeper URL Handler Remote Code Execution",2015-05-08,"Braden Thomas",osx,remote,0 36956,platforms/windows/remote/36956.rb,"Adobe Flash Player domainMemory ByteArray Use After Free",2015-05-08,Metasploit,windows,remote,0 -36957,platforms/php/remote/36957.rb,"WordPress RevSlider File Upload and Execute",2015-05-08,Metasploit,php,remote,80 +36957,platforms/php/remote/36957.rb,"WordPress RevSlider 3.0.95 Plugin - File Upload and Execute",2015-05-08,Metasploit,php,remote,80 36958,platforms/php/webapps/36958.txt,"WordPress Ultimate Profile Builder Plugin 2.3.3 - CSRF",2015-05-08,"Kaustubh G. Padwad",php,webapps,80 36959,platforms/php/webapps/36959.txt,"WordPress ClickBank Ads Plugin 1.7 - CSRF",2015-05-08,"Kaustubh G. Padwad",php,webapps,80 36960,platforms/windows/webapps/36960.txt,"Manage Engine Asset Explorer 6.1.0 Build: 6110 - CSRF",2015-05-08,"Kaustubh G. Padwad",windows,webapps,8080 @@ -33496,7 +33496,7 @@ id,file,description,date,author,platform,type,port 37108,platforms/php/webapps/37108.txt,"WordPress Landing Pages Plugin 1.8.4 - Multiple Vulnerabilities",2015-05-26,"Adrián M. F.",php,webapps,80 37109,platforms/php/webapps/37109.txt,"WordPress GigPress Plugin 2.3.8 - SQL Injection",2015-05-26,"Adrián M. F.",php,webapps,80 37110,platforms/java/webapps/37110.py,"Apache Jackrabbit WebDAV XXE Exploit",2015-05-26,"Mikhail Egorov",java,webapps,8080 -37111,platforms/php/webapps/37111.txt,"WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution",2015-05-26,woodspeed,php,webapps,80 +37111,platforms/php/webapps/37111.txt,"WordPress MailChimp Subscribe Forms 1.1 - Remote Code Execution",2015-05-26,woodspeed,php,webapps,80 37112,platforms/php/webapps/37112.txt,"WordPress church_admin Plugin 0.800 Stored XSS",2015-05-26,woodspeed,php,webapps,80 37113,platforms/php/webapps/37113.txt,"Wordpess Simple Photo Gallery 1.7.8 Blind SQL Injection",2015-05-26,woodspeed,php,webapps,80 37114,platforms/jsp/webapps/37114.txt,"Sendio ESP Information Disclosure",2015-05-26,"Core Security",jsp,webapps,80 @@ -33582,7 +33582,7 @@ id,file,description,date,author,platform,type,port 37201,platforms/php/webapps/37201.txt,"WordPress Sharebar Plugin 1.2.1 - SQL Injection / Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37202,platforms/php/webapps/37202.txt,"Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37203,platforms/php/webapps/37203.txt,"WordPress Soundcloud Is Gold 2.1 - 'width' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37204,platforms/php/webapps/37204.txt,"WordPress Track That Stat 1.0.8 Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37204,platforms/php/webapps/37204.txt,"WordPress Track That Stat 1.0.8 - Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37205,platforms/php/webapps/37205.txt,"LongTail JW Player 'debug' Parameter Cross-Site Scripting",2012-05-16,gainover,php,webapps,0 37206,platforms/php/webapps/37206.txt,"SiliSoftware phpThumb() 1.7.11-201108081537 demo/phpThumb.demo.showpic.php title Parameter XSS",2012-05-16,"Gjoko Krstic",php,webapps,0 37207,platforms/php/webapps/37207.txt,"SiliSoftware phpThumb() 1.7.11-201108081537 demo/phpThumb.demo.random.php dir Parameter XSS",2012-05-16,"Gjoko Krstic",php,webapps,0 @@ -33659,7 +33659,7 @@ id,file,description,date,author,platform,type,port 37271,platforms/multiple/webapps/37271.txt,"Opsview 4.6.2 - Multiple XSS Vulnerabilities",2015-06-12,"Dolev Farhi",multiple,webapps,80 37272,platforms/jsp/webapps/37272.txt,"ZCMS 1.1 - Multiple Vulnerabilities",2015-06-12,hyp3rlinx,jsp,webapps,8080 37274,platforms/php/webapps/37274.txt,"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal",2015-06-12,"Larry W. Cashdollar",php,webapps,80 -37275,platforms/php/webapps/37275.txt,"WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload",2015-06-12,"Larry W. Cashdollar",php,webapps,80 +37275,platforms/php/webapps/37275.txt,"WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta - Shell Upload",2015-06-12,"Larry W. Cashdollar",php,webapps,80 37277,platforms/php/webapps/37277.txt,"concrete5 index.php/tools/required/files/search_dialog ocID Parameter XSS",2012-05-20,AkaStep,php,webapps,0 37278,platforms/php/webapps/37278.txt,"concrete5 index.php/tools/required/files/customize_search_columns searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0 37279,platforms/php/webapps/37279.txt,"concrete5 index.php/tools/required/files/search_results searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0 @@ -33772,7 +33772,7 @@ id,file,description,date,author,platform,type,port 37416,platforms/java/webapps/37416.txt,"Squiz CMS Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities",2012-06-14,"Nadeem Salim",java,webapps,0 37417,platforms/php/webapps/37417.php,"WordPress Multiple Themes 'upload.php' Arbitrary File Upload",2012-06-18,"Sammy FORGIT",php,webapps,0 37418,platforms/php/webapps/37418.php,"WordPress LB Mixed Slideshow Plugin 'upload.php' Arbitrary File Upload",2012-06-18,"Sammy FORGIT",php,webapps,0 -37419,platforms/php/webapps/37419.txt,"WordPress Wp-ImageZoom 'file' Parameter Remote File Disclosure",2012-06-18,"Sammy FORGIT",php,webapps,0 +37419,platforms/php/webapps/37419.txt,"WordPress Wp-ImageZoom - 'file' Parameter Remote File Disclosure",2012-06-18,"Sammy FORGIT",php,webapps,0 37420,platforms/php/webapps/37420.txt,"VANA CMS 'index.php' Script SQL Injection",2012-06-18,"Black Hat Group",php,webapps,0 37565,platforms/php/webapps/37565.txt,"Mahara 1.4.1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2012-08-02,anonymous,php,webapps,0 37566,platforms/php/dos/37566.php,"PHP 5.4.3 PDO Memory Access Violation Denial of Service",2012-08-02,0x721427D8,php,dos,0 @@ -33805,7 +33805,7 @@ id,file,description,date,author,platform,type,port 37449,platforms/hardware/webapps/37449.txt,"Polycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities",2015-06-30,"SEC Consult",hardware,webapps,0 37450,platforms/php/webapps/37450.txt,"Amazon S3 Uploadify Script 'uploadify.php' Arbitrary File Upload",2012-06-23,"Sammy FORGIT",php,webapps,0 37451,platforms/php/webapps/37451.txt,"SilverStripe Pixlr Image Editor 'upload.php' Arbitrary File Upload",2012-06-23,"Sammy FORGIT",php,webapps,0 -37452,platforms/php/webapps/37452.txt,"WordPress Flip Book 'php.php' Arbitrary File Upload",2012-06-23,"Sammy FORGIT",php,webapps,0 +37452,platforms/php/webapps/37452.txt,"WordPress Flip Book - 'php.php' Arbitrary File Upload",2012-06-23,"Sammy FORGIT",php,webapps,0 37453,platforms/php/webapps/37453.php,"Drupal Drag & Drop Gallery 'upload.php' Arbitrary File Upload",2012-06-25,"Sammy FORGIT",php,webapps,0 37454,platforms/hardware/webapps/37454.txt,"D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities",2015-07-01,DNO,hardware,webapps,0 37499,platforms/php/webapps/37499.txt,"Phonalisa - Multiple HTML-Injection Cross-Site Scripting",2012-07-12,"Benjamin Kunz Mejri",php,webapps,0 @@ -33837,7 +33837,7 @@ id,file,description,date,author,platform,type,port 37482,platforms/php/webapps/37482.txt,"WordPress custom tables Plugin 'key' Parameter Cross-Site Scripting",2012-07-03,"Sammy FORGIT",php,webapps,0 37483,platforms/php/webapps/37483.txt,"WordPress church_admin Plugin 'id' parameter Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 37484,platforms/php/webapps/37484.txt,"WordPress Knews Multilingual Newsletters Plugin Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 -37485,platforms/php/webapps/37485.txt,"WordPress PHPFreeChat 'url' Parameter Cross-Site Scripting",2012-07-05,"Sammy FORGIT",php,webapps,0 +37485,platforms/php/webapps/37485.txt,"WordPress PHPFreeChat - 'url' Parameter Cross-Site Scripting",2012-07-05,"Sammy FORGIT",php,webapps,0 37486,platforms/php/webapps/37486.txt,"sflog! 'section' Parameter Local File Inclusion",2012-07-06,dun,php,webapps,0 37487,platforms/multiple/dos/37487.txt,"Apache Sling Denial Of Service",2012-07-06,IOactive,multiple,dos,0 37488,platforms/asp/webapps/37488.txt,"WebsitePanel 'ReturnUrl' Parameter URI Redirection",2012-07-09,"Anastasios Monachos",asp,webapps,0 @@ -34008,7 +34008,7 @@ id,file,description,date,author,platform,type,port 37674,platforms/php/webapps/37674.txt,"PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0 37675,platforms/php/webapps/37675.txt,"Joomla! Komento Component 'cid' Parameter SQL Injection",2012-08-27,Crim3R,php,webapps,0 37676,platforms/asp/webapps/37676.txt,"Power-eCommerce Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,asp,webapps,0 -37677,platforms/php/webapps/37677.txt,"WordPress Finder 'order' Parameter Cross-Site Scripting",2012-08-25,Crim3R,php,webapps,0 +37677,platforms/php/webapps/37677.txt,"WordPress Finder - 'order' Parameter Cross-Site Scripting",2012-08-25,Crim3R,php,webapps,0 37678,platforms/asp/webapps/37678.txt,"Web Wiz Forums Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,asp,webapps,0 37679,platforms/php/webapps/37679.txt,"LibGuides Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,php,webapps,0 37680,platforms/php/webapps/37680.txt,"Mihalism Multi Host 'users.php' Cross-Site Scripting",2012-08-25,Explo!ter,php,webapps,0 @@ -34034,7 +34034,7 @@ id,file,description,date,author,platform,type,port 37706,platforms/linux/dos/37706.txt,"Libuser Library - Multiple Vulnerabilities",2015-07-27,"Qualys Corporation",linux,dos,0 37737,platforms/windows/local/37737.rb,"Heroes of Might and Magic III .h3m Map file Buffer Overflow",2015-08-07,Metasploit,windows,local,0 37825,platforms/osx/local/37825.txt,"OS X 10.10.5 - XNU Local Privilege Escalation",2015-08-18,kpwn,osx,local,0 -37826,platforms/php/webapps/37826.txt,"WordPress Multiple Path Dislosure Vulnerabilities",2012-09-18,AkaStep,php,webapps,0 +37826,platforms/php/webapps/37826.txt,"WordPress Core 3.4.2 - Multiple Path Dislosure Vulnerabilities",2012-09-18,AkaStep,php,webapps,0 37751,platforms/php/webapps/37751.txt,"WordPress WPTF Image Gallery 1.03 - Aribtrary File Download",2015-08-10,"Larry W. Cashdollar",php,webapps,80 37752,platforms/php/webapps/37752.txt,"WordPress Recent Backups Plugin 0.7 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",php,webapps,80 37705,platforms/php/webapps/37705.txt,"WordPress Unite Gallery Lite Plugin 1.4.6 - Multiple Vulnerabilities",2015-07-27,"Nitin Venkatesh",php,webapps,80 @@ -34075,7 +34075,7 @@ id,file,description,date,author,platform,type,port 37741,platforms/osx/dos/37741.txt,"OSX Keychain - EXC_BAD_ACCESS DoS",2015-08-08,"Juan Sacco",osx,dos,0 37824,platforms/php/webapps/37824.txt,"WordPress WP Symposium Plugin 15.1 - SQL Injection",2015-08-18,PizzaHatHacker,php,webapps,80 37743,platforms/linux/dos/37743.pl,"Brasero - Crash Proof Of Concept",2015-08-08,"Mohammad Reza Espargham",linux,dos,0 -37744,platforms/php/webapps/37744.txt,"WordPress Video Gallery 2.7 SQL Injection",2015-08-09,"Kacper Szurek",php,webapps,0 +37744,platforms/php/webapps/37744.txt,"WordPress Video Gallery 2.7 - SQL Injection",2015-08-09,"Kacper Szurek",php,webapps,0 37749,platforms/lin_x86/shellcode/37749.c,"Linux/x86 - Egg Hunter Shellcode (19 bytes)",2015-08-10,"Guillaume Kaddouch",lin_x86,shellcode,0 37750,platforms/php/webapps/37750.txt,"WDS CMS - SQL Injection",2015-08-10,"Ismail Marzouk",php,webapps,80 37746,platforms/windows/remote/37746.py,"Netsparker 2.3.x - Remote Code Execution",2015-08-09,"Hesam Bazvand",windows,remote,0 @@ -34167,7 +34167,7 @@ id,file,description,date,author,platform,type,port 38067,platforms/hardware/webapps/38067.py,"Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass",2015-09-02,Orwelllabs,hardware,webapps,80 37833,platforms/php/webapps/37833.txt,"YCommerce - Multiple SQL Injection",2012-09-21,"Ricardo Almeida",php,webapps,0 37834,platforms/linux/remote/37834.py,"Samba 3.5.11/3.6.3 Unspecified Remote Code Execution",2012-09-24,kb,linux,remote,0 -37835,platforms/php/webapps/37835.html,"WordPress Cross Site Request Forgery",2012-09-22,AkaStep,php,webapps,0 +37835,platforms/php/webapps/37835.html,"WordPress - Cross Site Request Forgery",2012-09-22,AkaStep,php,webapps,0 37836,platforms/php/webapps/37836.txt,"WordPress Token Manager Plugin 'tid' Parameter Cross-Site Scripting",2012-09-25,TheCyberNuxbie,php,webapps,0 37837,platforms/php/webapps/37837.html,"WordPress Sexy Add Template Plugin Cross Site Request Forgery",2012-09-22,the_cyber_nuxbie,php,webapps,0 37838,platforms/php/webapps/37838.txt,"Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross-Site Scripting",2011-12-30,farbodmahini,php,webapps,0 @@ -34377,7 +34377,7 @@ id,file,description,date,author,platform,type,port 38061,platforms/php/webapps/38061.txt,"Beat Websites 'id' Parameter SQL Injection",2012-11-24,Metropolis,php,webapps,0 38062,platforms/multiple/webapps/38062.txt,"Forescout CounterACT 'a' Parameter Open Redirection",2012-11-26,"Joseph Sheridan",multiple,webapps,0 38063,platforms/php/webapps/38063.txt,"WordPress Wp-ImageZoom Theme 'id' Parameter SQL Injection",2012-11-26,Amirh03in,php,webapps,0 -38064,platforms/php/webapps/38064.txt,"WordPress CStar Design 'id' Parameter SQL Injection",2012-11-27,Amirh03in,php,webapps,0 +38064,platforms/php/webapps/38064.txt,"WordPress CStar Design Theme - 'id' Parameter SQL Injection",2012-11-27,Amirh03in,php,webapps,0 38065,platforms/osx/shellcode/38065.txt,"OS-X/x86-64 - /bin/sh Null Free Shellcode (34 bytes)",2015-09-02,"Fitzl Csaba",osx,shellcode,0 38068,platforms/php/webapps/38068.txt,"MantisBT 1.2.19 - Host Header Attack",2015-09-02,"Pier-Luc Maltais",php,webapps,80 38071,platforms/php/webapps/38071.rb,"YesWiki 0.2 - Path Traversal",2015-09-02,HaHwul,php,webapps,80 @@ -34409,7 +34409,7 @@ id,file,description,date,author,platform,type,port 38096,platforms/linux/remote/38096.rb,"Endian Firewall Proxy Password Change Command Injection",2015-09-07,Metasploit,linux,remote,10443 38097,platforms/hardware/webapps/38097.txt,"NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation",2015-09-07,"Elliott Lewis",hardware,webapps,80 38098,platforms/jsp/webapps/38098.txt,"JSPMySQL Administrador - Multiple Vulnerabilities",2015-09-07,hyp3rlinx,jsp,webapps,8081 -38105,platforms/php/webapps/38105.txt,"WordPress White-Label Framework 2.0.6 - XSS",2015-09-08,Outlasted,php,webapps,80 +38105,platforms/php/webapps/38105.txt,"WordPress White-Label Framework 2.0.6 Theme - XSS",2015-09-08,Outlasted,php,webapps,80 38108,platforms/windows/dos/38108.txt,"Advantech WebAccess 8.0_ 3.4.3 ActiveX - Multiple Vulnerabilities",2015-09-08,"Praveen Darshanam",windows,dos,0 38109,platforms/linux/remote/38109.pl,"Oracle MySQL and MariaDB Insecure Salt Generation Security Bypass Weakness",2012-12-06,kingcope,linux,remote,0 38110,platforms/php/webapps/38110.txt,"DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities",2015-09-08,"Ashiyane Digital Security Team",php,webapps,0 @@ -34859,7 +34859,7 @@ id,file,description,date,author,platform,type,port 38582,platforms/hardware/remote/38582.html,"Brickcom Multiple IP Cameras Cross Site Request Forgery",2013-06-12,Castillo,hardware,remote,0 38583,platforms/hardware/remote/38583.html,"Sony CH and DH Series IP Cameras Multiple Cross Site Request Forgery Vulnerabilities",2013-06-12,Castillo,hardware,remote,0 38584,platforms/hardware/remote/38584.txt,"Grandstream Multiple IP Cameras Cross Site Request Forgery",2013-06-12,Castillo,hardware,remote,0 -38585,platforms/php/webapps/38585.pl,"WordPress NextGEN Gallery 'upload.php' Arbitrary File Upload",2013-06-12,"Marcos Garcia",php,webapps,0 +38585,platforms/php/webapps/38585.pl,"WordPress NextGEN Gallery - 'upload.php' Arbitrary File Upload",2013-06-12,"Marcos Garcia",php,webapps,0 38586,platforms/android/remote/38586.txt,"TaxiMonger for Android 'name' Parameter HTML Injection",2013-06-15,"Ismail Kaleem",android,remote,0 38587,platforms/multiple/remote/38587.txt,"Monkey HTTP Daemon Mandril Security Plugin Security Bypass",2013-06-14,felipensp,multiple,remote,0 38588,platforms/php/webapps/38588.php,"bloofoxCMS 'index.php' Arbitrary File Upload",2013-06-17,"CWH Underground",php,webapps,0 @@ -34897,7 +34897,7 @@ id,file,description,date,author,platform,type,port 38632,platforms/hardware/remote/38632.txt,"Multiple Zoom Telephonics Devices Multiple Security Vulnerabilities",2013-07-09,"Kyle Lovett",hardware,remote,0 38630,platforms/php/webapps/38630.html,"phpVibe Information Disclosure and Remote File Inclusion",2013-07-06,indoushka,php,webapps,0 38620,platforms/linux/dos/38620.txt,"FreeType 2.6.1 TrueType tt_cmap14_validate Parsing Heap-Based Out-of-Bounds Reads",2015-11-04,"Google Security Research",linux,dos,0 -38621,platforms/php/webapps/38621.txt,"WordPress Xorbin Digital Flash Clock 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 +38621,platforms/php/webapps/38621.txt,"WordPress Xorbin Digital Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 38622,platforms/linux/dos/38622.txt,"libvirt 'virConnectListAllInterfaces' Method Denial of Service",2013-07-01,"Daniel P. Berrange",linux,dos,0 38623,platforms/multiple/dos/38623.html,"RealNetworks RealPlayer Denial of Service",2013-07-02,"Akshaysinh Vaghela",multiple,dos,0 38624,platforms/php/webapps/38624.txt,"WordPress WP Feed Plugin 'nid' Parameter SQL Injection",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 @@ -35512,7 +35512,7 @@ id,file,description,date,author,platform,type,port 39266,platforms/php/webapps/39266.txt,"SeaWell Networks Spectrum - Multiple Vulnerabilities",2016-01-18,"Karn Ganeshen",php,webapps,443 39267,platforms/php/webapps/39267.html,"Ilya Birman E2 - '/@actions/comment-process' SQL Injection",2014-07-23,"High-Tech Bridge",php,webapps,0 39268,platforms/php/webapps/39268.java,"Ubiquiti Networks UniFi Video Default 'crossdomain.xml' Security Bypass",2014-07-23,"Seth Art",php,webapps,0 -39269,platforms/php/webapps/39269.txt,"WordPress Lead Octopus Power 'id' Parameter SQL Injection",2014-07-28,Amirh03in,php,webapps,0 +39269,platforms/php/webapps/39269.txt,"WordPress Lead Octopus Power - 'id' Parameter SQL Injection",2014-07-28,Amirh03in,php,webapps,0 39270,platforms/php/webapps/39270.txt,"WhyDoWork AdSense Plugin for WordPress options-general.php Option Manipulation CSRF",2014-07-28,"Dylan Irzi",php,webapps,0 39271,platforms/php/webapps/39271.txt,"CMSimple Default Administrator Credentials",2014-07-28,"Govind Singh",php,webapps,0 39272,platforms/php/webapps/39272.txt,"CMSimple Remote file Inclusion",2014-07-28,"Govind Singh",php,webapps,0 @@ -35585,8 +35585,8 @@ id,file,description,date,author,platform,type,port 39338,platforms/linux/shellcode/39338.c,"Linux x86 & x86_64 - Read /etc/passwd Shellcode (156 bytes)",2016-01-27,B3mB4m,linux,shellcode,0 39339,platforms/php/webapps/39339.txt,"BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities",2016-01-27,"Rahul Pratap Singh",php,webapps,80 39340,platforms/android/local/39340.cpp,"Android - sensord Local Root Exploit",2016-01-27,s0m3b0dy,android,local,0 -39341,platforms/php/webapps/39341.txt,"WordPress Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities",2016-01-27,"i0akiN SEC-LABORATORY",php,webapps,80 -39342,platforms/php/webapps/39342.txt,"WordPress Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection",2016-01-27,"i0akiN SEC-LABORATORY",php,webapps,80 +39341,platforms/php/webapps/39341.txt,"WordPress Booking Calendar Contact Form 1.1.24 Plugin - Multiple Vulnerabilities",2016-01-27,"i0akiN SEC-LABORATORY",php,webapps,80 +39342,platforms/php/webapps/39342.txt,"WordPress Booking Calendar Contact Form 1.1.24 Plugin - addslashes SQL Injection",2016-01-27,"i0akiN SEC-LABORATORY",php,webapps,80 39343,platforms/php/webapps/39343.txt,"ol-commerce /OL-Commerce/affiliate_signup.php a_country Parameter SQL Injection",2014-07-17,"AtT4CKxT3rR0r1ST ",php,webapps,0 39344,platforms/php/webapps/39344.txt,"ol-commerce /OL-Commerce/affiliate_show_banner.php affiliate_banner_id Parameter SQL Injection",2014-07-17,"AtT4CKxT3rR0r1ST ",php,webapps,0 39345,platforms/php/webapps/39345.txt,"ol-commerce /OL-Commerce/create_account.php country Parameter SQL Injection",2014-07-17,"AtT4CKxT3rR0r1ST ",php,webapps,0 @@ -36331,7 +36331,7 @@ id,file,description,date,author,platform,type,port 40170,platforms/python/remote/40170.rb,"Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)",2016-07-27,Metasploit,python,remote,80 40172,platforms/windows/local/40172.py,"VUPlayer 2.49 - (.pls) Stack Buffer Overflow (DEP Bypass)",2016-07-29,vportal,windows,local,0 40173,platforms/windows/local/40173.txt,"mySCADAPro 7 - Local Privilege Escalation",2016-07-29,"Karn Ganeshen",windows,local,0 -40174,platforms/php/webapps/40174.txt,"Wordpress Ultimate Product Catalog 3.9.8 - (do_shortcode via ajax) Blind SQL Injection",2016-07-29,"i0akiN SEC-LABORATORY",php,webapps,80 +40174,platforms/php/webapps/40174.txt,"Wordpress Ultimate Product Catalog 3.9.8 Plugin - (do_shortcode via ajax) Blind SQL Injection",2016-07-29,"i0akiN SEC-LABORATORY",php,webapps,80 40175,platforms/win_x86/shellcode/40175.c,"Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)",2016-07-29,"Roziul Hasan Khan Shifat",win_x86,shellcode,0 40176,platforms/linux/remote/40176.rb,"Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Post Auth Remote Root Exploit (Metasploit) (3)",2016-07-29,xort,linux,remote,8000 40177,platforms/linux/remote/40177.rb,"Barracuda Web Application Firewall 8.0.1.008 - Post Auth Remote Root Exploit (Metasploit)",2016-07-29,xort,linux,remote,8000 @@ -36344,8 +36344,8 @@ id,file,description,date,author,platform,type,port 40190,platforms/php/webapps/40190.txt,"WordPress WP Live Chat Support Plugin 6.2.03 - Stored XSS",2016-08-01,"Dennis Kerdijk & Erwin Kievith",php,webapps,80 40191,platforms/php/webapps/40191.txt,"WordPress ALO EasyMail Newsletter Plugin 2.9.2 - (Add/Import Arbitrary Subscribers) CSRF",2016-08-01,"Yorick Koster",php,webapps,80 40192,platforms/windows/dos/40192.py,"Halliburton LogView Pro 9.7.5 - (.cgm/.tif/.tiff/.tifh) Crash PoC",2016-08-01,"Karn Ganeshen",windows,dos,0 -40194,platforms/multiple/dos/40194.txt,"Wireshark 1.12.0 - 1.12.12 - NDS Dissector Denial of Service",2016-08-03,"Chris Benedict",multiple,dos,0 -40195,platforms/multiple/dos/40195.txt,"Wireshark 2.0.0 to 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service",2016-08-03,"Antti Levomäki",multiple,dos,0 +40194,platforms/multiple/dos/40194.txt,"Wireshark 1.12.0-1.12.12 - NDS Dissector Denial of Service",2016-08-03,"Chris Benedict",multiple,dos,0 +40195,platforms/multiple/dos/40195.txt,"Wireshark 2.0.0 - 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service",2016-08-03,"Antti Levomäki",multiple,dos,0 40196,platforms/win_x86-64/dos/40196.txt,"Wireshark 2.0.0 - 2.0.4 - CORBA IDL Dissectors Denial of Service",2016-08-03,Igor,win_x86-64,dos,0 40197,platforms/multiple/dos/40197.txt,"Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - PacketBB Dissector Denial of Service",2016-08-03,"Chris Benedict",multiple,dos,0 40198,platforms/multiple/dos/40198.txt,"Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - WSP Dissector Denial of Service",2016-08-03,"Chris Benedict",multiple,dos,0 @@ -36373,10 +36373,11 @@ id,file,description,date,author,platform,type,port 40221,platforms/php/webapps/40221.txt,"Nagios Network Analyzer 2.2.1 - Multiple CSRF",2016-08-10,hyp3rlinx,php,webapps,80 40222,platforms/lin_x86/shellcode/40222.c,"Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)",2016-08-10,thryb,lin_x86,shellcode,0 40223,platforms/lin_x86/shellcode/40223.c,"Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)",2016-08-10,thryb,lin_x86,shellcode,0 -40224,platforms/windows/dos/40224.txt,"Microsoft Office Word 2007_2010_2013_2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)",2016-08-10,"Sébastien Morin",windows,dos,0 +40224,platforms/windows/dos/40224.txt,"Microsoft Office Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)",2016-08-10,"Sébastien Morin",windows,dos,0 40225,platforms/php/webapps/40225.py,"vBulletin 5.2.2 - Preauth Server Side Request Forgery (SSRF)",2016-08-10,"Dawid Golunski",php,webapps,80 40226,platforms/windows/local/40226.txt,"EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation",2016-08-10,LiquidWorm,windows,local,0 40227,platforms/php/webapps/40227.txt,"EyeLock nano NXT 3.5 - Local File Disclosure",2016-08-10,LiquidWorm,php,webapps,80 40228,platforms/php/webapps/40228.py,"EyeLock nano NXT 3.5 - Remote Root Exploit",2016-08-10,LiquidWorm,php,webapps,80 -40229,platforms/jsp/webapps/40229.txt,"WebNMS Framework Server 5.2 and 5.2 SP1 - Multiple Vulnerabilities",2016-08-10,"Pedro Ribeiro",jsp,webapps,0 +40229,platforms/jsp/webapps/40229.txt,"WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities",2016-08-10,"Pedro Ribeiro",jsp,webapps,0 40230,platforms/linux/dos/40230.txt,"SAP SAPCAR - Multiple Vulnerabilities",2016-08-10,"Core Security",linux,dos,0 +40231,platforms/java/webapps/40231.txt,"ColoradoFTP 1.3 Prime Edition (Build 8) - Directory Traversal",2016-08-11,Rv3Laboratory,java,webapps,80 diff --git a/platforms/java/webapps/40231.txt b/platforms/java/webapps/40231.txt new file mode 100755 index 000000000..a1781f179 --- /dev/null +++ b/platforms/java/webapps/40231.txt @@ -0,0 +1,134 @@ +################################################### + +01. ### Advisory Information ### + +Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime +Edition (Build 8) +Date published: n/a +Date of last update: n/a +Vendors contacted: ColoradoFTP author Sergei Abramov +Discovered by: Rv3Laboratory [Research Team] +Severity: High + + +02. ### Vulnerability Information ### + +OVE-ID: OVE-20160718-0006 +CVSS v2 Base Score: 8.5 +CVSS v2 Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C) +Component/s: ColoradoFTP Core v1.3 +Class: Path Traversal + + +03. ### Introduction ### + +ColoradoFTP is the open source Java FTP server. It is fast, reliable and +extendable. +Fully compatible with RFC 959 and RFC 3659 (File Transfer Protocol and +Extensions) +this implementation makes it easy to extend the functionality with +virtually any feature. +Well commented source code and existing plug-ins make it possible to +shape the +FTP server just the way you want! + +http://cftp.coldcore.com/ + +04. ### Vulnerability Description ### + +The default installation and configuration of Colorado FTP Prime Edition +(Build 8) is prone to a +security vulnerability. Colorado FTP contains a flaw that may allow a +remote attacker to traverse directories on the FTP server. +A remote attacker (a colorado FTP user) can send a command (MKDIR, PUT, +GET or DEL) followed by sequences (\\\..\\) to traverse directories +and create, upload, download or delete the contents of arbitrary files +and directories on the FTP server. +To exploit the vulnerability It is important to use "\\\" at the +beginning of string. + + +05. ### Technical Description / Proof of Concept Code ### + +By supplying "\\\..\\..\\..\\..\\" in the file path, it is possible to +trigger a directory traversal flaw, allowing the attacker +(anonymous user or Colorado FTP user) to upload or download a file +outside the virtual directory. + + +05.01 +We tried to upload a file (netcat - nc.exe), to Windows %systemroot% +directory (C:\WINDOWS\system32\) using a PUT command: + +ftp> put nc.exe \\\..\\..\\..\\Windows\\system32\\nc.exe + +Netcat was successfully uploaded. + + +05.02 +We tried to create a directory (test), using a MKDIR command: + +ftp> mkdir nc.exe \\\..\\..\\..\\test + +The directory test was successfully created. + + +06. ### Business Impact ### + +This may allow an attacker to upload and download files from remote machine. + + +07. ### Systems Affected ### + +This vulnerability was tested against: ColoradoFTP v1.3 Prime Edition +(Build 8) +O.S.: Microsoft Windows 7 32bit +JDK: v1.7.0_79 +Others versions are probably affected too, but they were not checked. + + +08. ### Vendor Information, Solutions and Workarounds ### + +This issue is fixed in ColoradoFTP Prime Edition (Build 9), +which can be downloaded from: + +http://cftp.coldcore.com/download.htm + + +09. ### Credits ### + +Rv3Laboratory [Research Team] - www.Rv3Lab.org + +This vulnerability has been discovered by: +Rv3Lab - [www.rv3lab.org] - research(at)rv3lab(dot)org +Christian Catalano aka wastasy - wastasy(at)rv3lab(dot)org +Marco Fornaro aka Chaplin89 - chaplin89(at)rv3lab(dot)org + + +10. ### Vulnerability History ### + +July 07th, 2016: Vulnerability discovered. +July 19th, 2016: Vendor informed. [Colorado FTP team] +July 21st, 2016: Vendor responds asking for details. +July 28th, 2016: Sent detailed information to the vendor. +August 08th, 2016: Vendor confirms vulnerability. +August 10th, 2016: Vendor reveals patch release date. +August 11th, 2016: Vulnerability disclosure + + +11. ### Disclaimer ### + +The information contained within this advisory is supplied "as-is" with +no warranties or guarantees of fitness of use or otherwise. +We accept no responsibility for any damage caused by the use or misuse of +this information. + + +12. ### About Rv3Lab ### + +Rv3Lab is an independent Security Research Lab. +For more information, please visit [www.Rv3Lab.org] +For more information regarding the vulnerability feel free to contact the +Rv3Research Team: research(at)rv3lab(dot)org + +###################################################