diff --git a/files.csv b/files.csv index 225d63a45..075afaaa0 100755 --- a/files.csv +++ b/files.csv @@ -556,7 +556,7 @@ id,file,description,date,author,platform,type,port 714,platforms/solaris/local/714.c,"Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow Exploit (2)",2004-12-24,"Marco Ivaldi",solaris,local,0 715,platforms/solaris/local/715.c,"Solaris 8/9 - passwd circ() Local Root Exploit",2004-12-24,"Marco Ivaldi",solaris,local,0 716,platforms/solaris/remote/716.c,"Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)",2004-12-24,"Marco Ivaldi",solaris,remote,513 -718,platforms/linux/local/718.c,"Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Exploit",2004-12-24,"Marco Ivaldi",linux,local,0 +718,platforms/linux/local/718.c,"Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation Exploit",2004-12-24,"Marco Ivaldi",linux,local,0 719,platforms/windows/remote/719.txt,"Microsoft Internet Explorer XP SP2 - HTML Help Control Local Zone Bypass",2004-12-25,Paul,windows,remote,0 720,platforms/php/webapps/720.pl,"Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)",2004-12-25,anonymous,php,webapps,0 721,platforms/windows/dos/721.html,"Microsoft Windows Kernel - ANI File Parsing Crash",2004-12-25,Flashsky,windows,dos,0 @@ -9501,7 +9501,7 @@ id,file,description,date,author,platform,type,port 10190,platforms/windows/dos/10190.txt,"Cisco VPN Client Integer Overflow (DOS)",2009-11-21,"Alex Hernandez",windows,dos,0 10192,platforms/php/webapps/10192.txt,"Joomla Component Com_Joomclip (cat) SQL injection",2009-11-21,"599eme Man",php,webapps,0 10201,platforms/windows/local/10201.pl,"TEKUVA Password Reminder Authentication Bypass",2009-11-21,iqlusion,windows,local,0 -10202,platforms/linux/dos/10202.txt,"Linux Kernel < 2.6.31-rc4 - nfs4_proc_lock() Denial of Service",2009-10-15,"Simon Vallet",linux,dos,0 +10202,platforms/linux/dos/10202.c,"Linux Kernel < 2.6.31-rc4 - nfs4_proc_lock() Denial of Service",2009-10-15,"Simon Vallet",linux,dos,0 10203,platforms/linux/dos/10203.txt,"BibTeX - (.bib) File Handling Memory Corruption",2009-11-13,"Vincent Lafevre",linux,dos,0 10204,platforms/windows/dos/10204.txt,"Foxit Reader - COM Objects Memory Corruption Remote Code Execution",2009-11-19,mrx,windows,dos,0 10205,platforms/multiple/dos/10205.txt,"LibTIFF - 'LZWDecodeCompat()' Remote Buffer Underflow",2009-11-12,wololo,multiple,dos,0 @@ -11744,7 +11744,7 @@ id,file,description,date,author,platform,type,port 13263,platforms/freebsd_x86/shellcode/13263.txt,"FreeBSD/x86 - connect back.send.exit /etc/passwd shellcode (112 bytes)",2008-09-10,suN8Hclf,freebsd_x86,shellcode,0 13264,platforms/freebsd_x86/shellcode/13264.txt,"FreeBSD/x86 - kill all processes shellcode (12 bytes)",2008-09-09,suN8Hclf,freebsd_x86,shellcode,0 13265,platforms/freebsd_x86/shellcode/13265.c,"FreeBSD/x86 - rev connect_ recv_ jmp_ return results shellcode (90 bytes)",2008-09-05,sm4x,freebsd_x86,shellcode,0 -13266,platforms/freebsd_x86/shellcode/13266.asm,"FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes)",2008-08-25,sm4x,freebsd_x86,shellcode,0 +13266,platforms/freebsd_x86/shellcode/13266.asm,"FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes)",2008-08-25,sm4x,freebsd_x86,shellcode,0 13267,platforms/freebsd_x86/shellcode/13267.asm,"FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh shellcode (89 bytes)",2008-08-21,sm4x,freebsd_x86,shellcode,0 13268,platforms/freebsd_x86/shellcode/13268.asm,"FreeBSD/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)",2008-08-21,sm4x,freebsd_x86,shellcode,0 13269,platforms/freebsd_x86/shellcode/13269.c,"FreeBSD/x86 - encrypted shellcode /bin/sh (48 bytes)",2008-08-19,c0d3_z3r0,freebsd_x86,shellcode,0 @@ -11759,15 +11759,15 @@ id,file,description,date,author,platform,type,port 13278,platforms/freebsd_x86/shellcode/13278.asm,"FreeBSD/x86 - connect (Port 31337) shellcode (102 bytes)",2004-09-26,Scrippie,freebsd_x86,shellcode,0 13279,platforms/freebsd_x86-64/shellcode/13279.c,"FreeBSD/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)",2009-05-18,"Hack'n Roll",freebsd_x86-64,shellcode,0 13280,platforms/freebsd_x86-64/shellcode/13280.c,"FreeBSD/x86-64 - execve /bin/sh shellcode (34 bytes)",2009-05-15,c0d3_z3r0,freebsd_x86-64,shellcode,0 -13281,platforms/generator/shellcode/13281.c,"Linux/x86 - execve shellcode null byte free (Generator)",2009-06-29,certaindeath,generator,shellcode,0 +13281,platforms/generator/shellcode/13281.c,"Linux/x86 - execve Null Free shellcode (Generator)",2009-06-29,certaindeath,generator,shellcode,0 13282,platforms/generator/shellcode/13282.php,"Linux/x86 - portbind payload shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0 13283,platforms/generator/shellcode/13283.php,"Windows XP SP1 - portbind payload shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0 13284,platforms/generator/shellcode/13284.txt,"(Generator) - /bin/sh Polymorphic shellcode with printable ASCII characters",2008-08-31,sorrow,generator,shellcode,0 -13285,platforms/generator/shellcode/13285.c,"Linux/x86 - cmd shellcode null free (Generator)",2008-08-19,BlackLight,generator,shellcode,0 +13285,platforms/generator/shellcode/13285.c,"Linux/x86 - cmd Null Free shellcode (Generator)",2008-08-19,BlackLight,generator,shellcode,0 13286,platforms/generator/shellcode/13286.c,"(Generator) - Alphanumeric Shellcode Encoder/Decoder",2008-08-04,"Avri Schneider",generator,shellcode,0 13288,platforms/generator/shellcode/13288.c,"HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)",2006-10-22,izik,generator,shellcode,0 13289,platforms/generator/shellcode/13289.c,"Win32 - Multi-Format Shellcode Encoding Tool (Generator)",2005-12-16,Skylined,generator,shellcode,0 -13290,platforms/hardware/shellcode/13290.txt,"iOS - Version-independent shellcode",2008-08-21,"Andy Davis",hardware,shellcode,0 +13290,platforms/ios/shellcode/13290.txt,"iOS - Version-independent shellcode",2008-08-21,"Andy Davis",ios,shellcode,0 13291,platforms/hardware/shellcode/13291.txt,"Cisco IOS - Connectback (Port 21) Shellcode",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0 13292,platforms/hardware/shellcode/13292.txt,"Cisco IOS - Bind Shellcode Password Protected (116 bytes)",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0 13293,platforms/hardware/shellcode/13293.txt,"Cisco IOS - Tiny Shellcode (New TTY_ Privilege level to 15_ No password)",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0 @@ -11939,7 +11939,7 @@ id,file,description,date,author,platform,type,port 13460,platforms/lin_x86/shellcode/13460.c,"Linux/x86 - execve /bin/sh toupper() evasion shellcode (55 bytes)",2000-08-08,anonymous,lin_x86,shellcode,0 13461,platforms/lin_x86/shellcode/13461.c,"Linux/x86 - Add user _z_ shellcode (70 bytes)",2000-08-07,anonymous,lin_x86,shellcode,0 13462,platforms/lin_x86/shellcode/13462.c,"Linux/x86 - break chroot setuid(0) + /bin/sh shellcode (132 bytes)",2000-08-07,anonymous,lin_x86,shellcode,0 -13463,platforms/lin_x86-64/shellcode/13463.c,"Linux/x86-64 - bindshell port:4444 shellcode (132 bytes)",2009-05-18,evil.xi4oyu,lin_x86-64,shellcode,0 +13463,platforms/lin_x86-64/shellcode/13463.c,"Linux/x86-64 - bindshell port 4444 shellcode (132 bytes)",2009-05-18,evil.xi4oyu,lin_x86-64,shellcode,0 13464,platforms/lin_x86-64/shellcode/13464.s,"Linux/x86-64 - execve(/bin/sh) shellcode (33 bytes)",2006-11-02,hophet,lin_x86-64,shellcode,0 13465,platforms/multiple/shellcode/13465.c,"Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (99 bytes)",2005-11-15,"Charles Stevenson",multiple,shellcode,0 13466,platforms/multiple/shellcode/13466.c,"OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (121 bytes)",2005-11-13,nemo,multiple,shellcode,0 @@ -11975,18 +11975,18 @@ id,file,description,date,author,platform,type,port 13496,platforms/solaris_sparc/shellcode/13496.c,"Solaris/SPARC - connect-bac shellcode k (204 bytes)",2004-09-26,"Claes Nyberg",solaris_sparc,shellcode,0 13497,platforms/solaris_sparc/shellcode/13497.txt,"Solaris/SPARC - portbinding shellcode (240 bytes)",2000-11-19,dopesquad.net,solaris_sparc,shellcode,0 13498,platforms/solaris_x86/shellcode/13498.php,"Solaris/x86 - portbind/tcp shellcode (Generator)",2009-06-16,"Jonathan Salwan",solaris_x86,shellcode,0 -13499,platforms/solaris_x86/shellcode/13499.c,"Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes)",2008-12-02,sm4x,solaris_x86,shellcode,0 +13499,platforms/solaris_x86/shellcode/13499.c,"Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free shellcode (39 bytes)",2008-12-02,sm4x,solaris_x86,shellcode,0 13500,platforms/solaris_x86/shellcode/13500.c,"Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) shellcode (59 bytes)",2008-12-02,sm4x,solaris_x86,shellcode,0 13501,platforms/solaris_x86/shellcode/13501.txt,"Solaris/x86 - execve /bin/sh toupper evasion shellcode (84 bytes)",2004-09-26,anonymous,solaris_x86,shellcode,0 13502,platforms/solaris_x86/shellcode/13502.txt,"Solaris/x86 - Add services and execve inetd shellcode (201 bytes)",2004-09-26,anonymous,solaris_x86,shellcode,0 13503,platforms/unixware/shellcode/13503.txt,"UnixWare - execve /bin/sh shellcode (95 bytes)",2004-09-26,K2,unixware,shellcode,0 -13504,platforms/win_x86/shellcode/13504.asm,"Windows 5.0 < 7.0 x86 - null-free bindshell shellcode",2009-07-27,Skylined,win_x86,shellcode,0 +13504,platforms/win_x86/shellcode/13504.asm,"Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 shellcode",2009-07-27,Skylined,win_x86,shellcode,0 13505,platforms/win_x86/shellcode/13505.c,"Win32/XP SP2 (EN) - cmd.exe shellcode (23 bytes)",2009-07-17,Stack,win_x86,shellcode,0 18615,platforms/windows/dos/18615.py,"TYPSoft FTP Server 1.1 - Remote DoS (APPE)",2012-03-17,"brock haun",windows,dos,0 18593,platforms/php/webapps/18593.txt,"ModX 2.2.0 - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0 18594,platforms/php/webapps/18594.txt,"Simple Posting System - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0 13507,platforms/win_x86/shellcode/13507.txt,"Win32 - SEH omelet shellcode",2009-03-16,Skylined,win_x86,shellcode,0 -13508,platforms/win_x86/shellcode/13508.asm,"Win32 - telnetbind by Winexec shellcode (111 bytes)",2009-02-27,DATA_SNIPER,win_x86,shellcode,0 +13508,platforms/win_x86/shellcode/13508.asm,"Win32 - telnetbind by Winexec 23 port shellcode (111 bytes)",2009-02-27,DATA_SNIPER,win_x86,shellcode,0 13509,platforms/win_x86/shellcode/13509.c,"Win32 - PEB!NtGlobalFlags shellcode (14 bytes)",2009-02-24,Koshi,win_x86,shellcode,0 13510,platforms/win_x86/shellcode/13510.c,"Win32 XP SP2 FR - Sellcode cmd.exe shellcode (32 bytes)",2009-02-20,Stack,win_x86,shellcode,0 13511,platforms/win_x86/shellcode/13511.c,"Win32/XP SP2 - cmd.exe shellcode (57 bytes)",2009-02-03,Stack,win_x86,shellcode,0 @@ -12001,7 +12001,7 @@ id,file,description,date,author,platform,type,port 13520,platforms/win_x86/shellcode/13520.c,"Win32/XP SP2 - Pop up message box shellcode (110 bytes)",2006-01-24,Omega7,win_x86,shellcode,0 13521,platforms/win_x86/shellcode/13521.asm,"Win32 - WinExec() Command Parameter shellcode (104+ bytes)",2006-01-24,Weiss,win_x86,shellcode,0 13522,platforms/win_x86/shellcode/13522.c,"Win32 - Download & Exec Shellcode (226+ bytes)",2005-12-23,darkeagle,win_x86,shellcode,0 -13523,platforms/win_x86/shellcode/13523.c,"Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes)",2005-10-28,darkeagle,win_x86,shellcode,0 +13523,platforms/win_x86/shellcode/13523.c,"Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes)",2005-10-28,darkeagle,win_x86,shellcode,0 13524,platforms/win_x86/shellcode/13524.txt,"Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)",2005-08-16,"Matthieu Suiche",win_x86,shellcode,0 13525,platforms/win_x86/shellcode/13525.c,"Windows 9x/NT/2000/XP - PEB method shellcode (29 bytes)",2005-07-26,loco,win_x86,shellcode,0 13526,platforms/win_x86/shellcode/13526.c,"Windows 9x/NT/2000/XP - PEB method shellcode (31 bytes)",2005-01-26,twoci,win_x86,shellcode,0 @@ -12031,8 +12031,8 @@ id,file,description,date,author,platform,type,port 13577,platforms/lin_x86/shellcode/13577.txt,"Linux/x86 - break chroot shellcode (79 bytes)",2009-12-30,root@thegibson,lin_x86,shellcode,0 13578,platforms/lin_x86/shellcode/13578.txt,"Linux/x86 - fork bomb shellcode (6 bytes)",2009-12-30,root@thegibson,lin_x86,shellcode,0 13579,platforms/lin_x86/shellcode/13579.c,"Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes)",2009-12-31,sandman,lin_x86,shellcode,0 -13581,platforms/windows/shellcode/13581.txt,"Windows XP Pro SP2 English - _Message-Box_ Shellcode Null-Free (16 bytes)",2010-01-03,Aodrulez,windows,shellcode,0 -13582,platforms/windows/shellcode/13582.txt,"Windows XP Pro SP2 English - _Wordpad_ Shellcode Null Free (12 bytes)",2010-01-03,Aodrulez,windows,shellcode,0 +13581,platforms/windows/shellcode/13581.txt,"Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes)",2010-01-03,Aodrulez,windows,shellcode,0 +13582,platforms/windows/shellcode/13582.txt,"Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes)",2010-01-03,Aodrulez,windows,shellcode,0 13586,platforms/lin_x86/shellcode/13586.txt,"Linux/x86 - eject /dev/cdrom shellcode (42 bytes)",2010-01-08,root@thegibson,lin_x86,shellcode,0 13595,platforms/win_x86/shellcode/13595.c,"Win32 XP SP2 FR - calc shellcode (19 bytes)",2010-01-20,SkuLL-HackeR,win_x86,shellcode,0 13599,platforms/lin_x86/shellcode/13599.txt,"Linux/x86 - polymorphic shellcode ip6tables -F (71 bytes)",2010-01-24,"Jonathan Salwan",lin_x86,shellcode,0 @@ -12863,7 +12863,7 @@ id,file,description,date,author,platform,type,port 14688,platforms/freebsd/local/14688.c,"FreeBSD - mbufs() sendfile Cache Poisoning Privilege Escalation",2010-08-19,kingcope,freebsd,local,0 14689,platforms/windows/dos/14689.pl,"Tuniac 100723 - Denial of Service",2010-08-19,d4rk-h4ck3r,windows,dos,0 14690,platforms/windows/dos/14690.pl,"Fennec 1.2 Beta 3 - Denial of Service",2010-08-19,d4rk-h4ck3r,windows,dos,0 -14691,platforms/lin_x86/shellcode/14691.c,"Linux/x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes)",2010-08-19,Aodrulez,lin_x86,shellcode,0 +14691,platforms/lin_x86/shellcode/14691.c,"Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes)",2010-08-19,Aodrulez,lin_x86,shellcode,0 14693,platforms/windows/local/14693.py,"Microsoft Word Record Parsing Buffer Overflow (MS09-027)",2010-08-20,anonymous,windows,local,0 14707,platforms/php/webapps/14707.txt,"Joomla Component (com_Fabrik) SQL Injection",2010-08-21,Mkr0x,php,webapps,0 14694,platforms/php/webapps/14694.txt,"Joomla Component com_extcalendar Blind SQL Injection",2010-08-20,Lagripe-Dz,php,webapps,0 @@ -13217,7 +13217,7 @@ id,file,description,date,author,platform,type,port 15200,platforms/php/webapps/15200.txt,"FAQMasterFlex 1.2 - SQL Injection",2010-10-04,cyb3r.anbu,php,webapps,0 15201,platforms/windows/local/15201.rb,"SnackAmp 3.1.3B - SMP Buffer Overflow (SEH DEP Bypass)",2010-10-04,"Muhamad Fadzil Ramli",windows,local,0 15202,platforms/win_x86/shellcode/15202.c,"Win32/XP Pro SP3 (EN) 32-bit - Add new local administrator _secuid0_ shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0 -15203,platforms/win_x86/shellcode/15203.c,"Win32 - Add new local administrator shellcode _secuid0_ (326 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0 +15203,platforms/win_x86/shellcode/15203.c,"Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0 15204,platforms/php/webapps/15204.txt,"DNET Live-Stats 0.8 - Local File Inclusion",2010-10-04,blake,php,webapps,0 15205,platforms/php/webapps/15205.txt,"Aspect Ratio CMS Blind SQL Injection",2010-10-04,"Stephan Sattler",php,webapps,0 15206,platforms/bsd/local/15206.c,"FreeBSD - 'pseudofs' NULL Pointer Dereference Local Privilege Escalation",2010-10-04,"Babcia Padlina",bsd,local,0 @@ -13323,7 +13323,7 @@ id,file,description,date,author,platform,type,port 15310,platforms/php/webapps/15310.py,"Jamb CSRF Arbitrary Add a Post",2010-10-25,Stoke,php,webapps,0 15312,platforms/windows/local/15312.py,"Winamp 5.5.8.2985 (in_mod plugin) - Stack Overflow",2010-10-25,"Mighty-D and 7eK",windows,local,0 15313,platforms/php/webapps/15313.txt,"Plesk Small Business Manager 10.2.0 and Site Editor - Multiple Vulnerabilities",2010-10-25,"David Hoyt",php,webapps,0 -15314,platforms/arm/shellcode/15314.asm,"ARM - Bindshell port 0x1337shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 +15314,platforms/arm/shellcode/15314.asm,"ARM - Bindshell port 0x1337 shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 15315,platforms/arm/shellcode/15315.asm,"ARM - Bind Connect UDP Port 68 shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 15316,platforms/arm/shellcode/15316.asm,"ARM - Loader Port 0x1337 shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 15317,platforms/arm/shellcode/15317.asm,"ARM - ifconfig eth0 and Assign Address 192.168.0.2 shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 @@ -13353,7 +13353,7 @@ id,file,description,date,author,platform,type,port 15341,platforms/multiple/dos/15341.html,"Firefox - Interleaving document.write and appendChild Denial of Service",2010-10-28,"Daniel Veditz",multiple,dos,0 15342,platforms/multiple/dos/15342.html,"Firefox - Memory Corruption Proof of Concept (Simplified)",2010-10-28,extraexploit,multiple,dos,0 15343,platforms/php/webapps/15343.php,"RoSPORA <= 1.5.0 - Remote PHP Code Injection",2010-10-28,EgiX,php,webapps,0 -15344,platforms/linux/dos/15344.c,"Linux Kernel <= 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite",2010-10-28,"Kees Cook",linux,dos,0 +15344,platforms/linux/local/15344.c,"Linux Kernel <= 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite",2010-10-28,"Kees Cook",linux,local,0 15345,platforms/php/webapps/15345.txt,"TFTgallery <= 0.13.1 - Local File Inclusion",2010-10-28,Havok,php,webapps,0 15346,platforms/multiple/dos/15346.c,"Platinum SDK Library post upnp sscanf Buffer Overflow",2010-10-28,n00b,multiple,dos,0 15347,platforms/windows/remote/15347.py,"XBMC 9.04.1r20672 soap_action_name post upnp sscanf Buffer Overflow",2010-10-28,n00b,windows,remote,0 @@ -13468,7 +13468,7 @@ id,file,description,date,author,platform,type,port 15476,platforms/multiple/dos/15476.php,"IBM OmniFind Crawler Denial of Service",2010-11-09,"Fatih Kilic",multiple,dos,0 15490,platforms/php/webapps/15490.txt,"XT:Commerce < 3.04 SP2.1 - XSS",2010-11-11,"Philipp Niedziela",php,webapps,0 15480,platforms/windows/local/15480.pl,"Free CD to MP3 Converter 3.1 - Buffer Overflow Exploit",2010-11-10,"C4SS!0 G0M3S",windows,local,0 -15481,platforms/linux/dos/15481.c,"Linux Kernel <= 2.4.0 - Stack Infoleaks",2010-11-10,"Dan Rosenberg",linux,dos,0 +15481,platforms/linux/local/15481.c,"Linux Kernel <= 2.4.0 - Stack Infoleaks",2010-11-10,"Dan Rosenberg",linux,local,0 15482,platforms/windows/dos/15482.html,"Qtweb Browser 3.5 - Buffer Overflow",2010-11-10,PoisonCode,windows,dos,0 15483,platforms/windows/local/15483.rb,"Free CD to MP3 Converter 3.1 - Buffer Overflow Exploit (SEH)",2010-11-10,"C4SS!0 G0M3S",windows,local,0 15486,platforms/php/webapps/15486.txt,"eBlog 1.7 - Multiple SQL Injection Vulnerabilities",2010-11-10,"Salvatore Fresta",php,webapps,0 @@ -13881,7 +13881,7 @@ id,file,description,date,author,platform,type,port 16022,platforms/windows/dos/16022.c,"Panda Global Protection 2010 - Local DoS",2011-01-21,Heurs,windows,dos,0 16023,platforms/windows/dos/16023.c,"Panda Global Protection 2010 - Local DoS (unfiltered wcscpy())",2011-01-21,Heurs,windows,dos,0 16024,platforms/windows/local/16024.txt,"Microsoft Fax Cover Page Editor <= 5.2.3790.3959 Double Free Memory Corruption",2011-01-24,"Luigi Auriemma",windows,local,0 -16025,platforms/bsd_x86/shellcode/16025.c,"bsd/x86 - connect back Shellcode (81 bytes)",2011-01-21,Tosh,bsd_x86,shellcode,0 +16025,platforms/freebsd_x86/shellcode/16025.c,"FreeBSD/x86 - connect back Shellcode (81 bytes)",2011-01-21,Tosh,freebsd_x86,shellcode,0 16026,platforms/bsd_x86/shellcode/16026.c,"BSD/x86 - 31337 portbind + fork shellcode (111 bytes)",2011-01-21,Tosh,bsd_x86,shellcode,0 16027,platforms/php/webapps/16027.txt,"phpcms 9.0 - Blind SQL Injection",2011-01-22,eidelweiss,php,webapps,0 16028,platforms/php/webapps/16028.txt,"cultbooking 2.0.4 - Multiple Vulnerabilities",2011-01-22,LiquidWorm,php,webapps,0 @@ -15817,7 +15817,7 @@ id,file,description,date,author,platform,type,port 18225,platforms/linux/dos/18225.c,"CSF Firewall Buffer Overflow",2011-12-09,"FoX HaCkEr",linux,dos,0 18226,platforms/linux_mips/shellcode/18226.c,"Linux/MIPS - connect back shellcode (port 0x7a69) (168 bytes)",2011-12-10,rigan,linux_mips,shellcode,0 18227,platforms/linux_mips/shellcode/18227.c,"Linux/MIPS - reboot() shellcode (32 bytes)",2011-12-10,rigan,linux_mips,shellcode,0 -18228,platforms/linux/local/18228.sh,"Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.10/11.04) - Privilege Boundary Crossing Local Root Exploit",2011-12-10,otr,linux,local,0 +18228,platforms/linux/local/18228.sh,"Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Privilege Boundary Crossing Local Root Exploit",2011-12-10,otr,linux,local,0 18230,platforms/php/webapps/18230.txt,"FCMS <= 2.7.2 CMS - Multiple Stored XSS",2011-12-10,"Ahmed Elhady Mohamed",php,webapps,0 18231,platforms/php/webapps/18231.txt,"WordPress UPM-POLLS Plugin 1.0.4 - Blind SQL Injection",2011-12-11,Saif,php,webapps,0 18232,platforms/php/webapps/18232.txt,"FCMS <= 2.7.2 CMS - Multiple CSRF Vulnerabilities",2011-12-11,"Ahmed Elhady Mohamed",php,webapps,0 @@ -16488,7 +16488,7 @@ id,file,description,date,author,platform,type,port 19082,platforms/linux/dos/19082.txt,"AMD K6 Processor",1998-06-01,Poulot-Cazajous,linux,dos,0 19083,platforms/windows/remote/19083.cpp,"Cheyenne Inoculan for Windows NT 4.0 Share",1998-06-10,"Paul Boyer",windows,remote,0 19084,platforms/multiple/remote/19084.txt,"Metainfo Sendmail 2.0/2.5 & MetaIP 3.1",1998-06-30,"Jeff Forristal",multiple,remote,0 -19085,platforms/linux/dos/19085.c,"Linux Kernel 2.0 / 2.1 - SIGIO",1998-06-30,"David Luyer",linux,dos,0 +19085,platforms/linux/dos/19085.c,"Linux Kernel 2.0 / 2.1 - Send a SIGIO Signal To Any Process",1998-06-30,"David Luyer",linux,dos,0 19086,platforms/linux/remote/19086.c,"wu-ftpd 2.4.2 & SCO Open Server <= 5.0.5 & ProFTPD 1.2 pre1 - realpath (1)",1999-02-09,"smiler and cossack",linux,remote,21 19087,platforms/linux/remote/19087.c,"wu-ftpd 2.4.2 & SCO Open Server <= 5.0.5 & ProFTPD 1.2 pre1 - realpath (2)",1999-02-09,"jamez and c0nd0r",linux,remote,21 19089,platforms/windows/dos/19089.txt,"Windows OpenType Font - File Format DoS Exploit",2012-06-12,Cr4sh,windows,dos,0 @@ -16661,7 +16661,7 @@ id,file,description,date,author,platform,type,port 19269,platforms/irix/local/19269.txt,"SGI IRIX <= 6.0.1 colorview",1995-02-09,"Dave Sill",irix,local,0 19270,platforms/linux/local/19270.c,"Debian Linux 2.0 - Super Syslog Buffer Overflow",1999-02-25,c0nd0r,linux,local,0 19271,platforms/linux/dos/19271.c,"Linux Kernel 2.0 - TCP Port DoS",1999-01-19,"David Schwartz",linux,dos,0 -19272,platforms/linux/local/19272.txt,"Linux Kernel 2.2 - 'ldd core' Force Reboot",1999-01-26,"Dan Burcaw",linux,local,0 +19272,platforms/linux/dos/19272.txt,"Linux Kernel 2.2 - 'ldd core' Force Reboot",1999-01-26,"Dan Burcaw",linux,dos,0 19273,platforms/irix/local/19273.sh,"SGI IRIX 6.2 - day5notifier",1997-05-16,"Mike Neuman",irix,local,0 19274,platforms/irix/local/19274.c,"SGI IRIX <= 6.3 df",1997-05-24,"David Hedley",irix,local,0 19275,platforms/irix/local/19275.c,"SGI IRIX <= 6.4 datman/cdman",1996-12-09,"Yuri Volobuev",irix,local,0 @@ -16946,7 +16946,7 @@ id,file,description,date,author,platform,type,port 19578,platforms/windows/dos/19578.txt,"Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 - Services.exe Denial of Service (2)",1999-10-31,.rain.forest.puppy,windows,dos,0 19673,platforms/windows/local/19673.txt,"Microsoft Windows 95/98/NT 4.0 Help File Trojan",1999-12-10,"Pauli Ojanpera",windows,local,0 19674,platforms/sco/local/19674.c,"SCO Unixware 7.0/7.0.1/7.1/7.1.1 - Privileged Program Debugging",1999-12-10,"Brock Tellier",sco,local,0 -19675,platforms/linux/dos/19675.c,"Debian 2.1_ Linux Kernel 2.0.x_ RedHat 5.2 - Packet Length with Options",1999-12-08,"Andrea Arcangeli",linux,dos,0 +19675,platforms/linux/dos/19675.c,"Linux Kernel 2.0.x (Debian 2.1 / RedHat 5.2) - Packet Length with Options",1999-12-08,"Andrea Arcangeli",linux,dos,0 19676,platforms/freebsd/local/19676.c,"FreeBSD 3.3_Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (1)",2000-05-17,"Brock Tellier",freebsd,local,0 19677,platforms/linux/local/19677.c,"FreeBSD 3.3_Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (2)",2000-05-17,"Larry W. Cashdollar",linux,local,0 19580,platforms/windows/remote/19580.txt,"Avirt Gateway Suite 3.3 a/3.5 Mail Server Buffer Overflow (1)",1999-10-31,"Luck Martins",windows,remote,0 @@ -17785,7 +17785,7 @@ id,file,description,date,author,platform,type,port 20455,platforms/aix/local/20455.c,"IBM AIX 4.3.x piobe Buffer Overflow",2000-12-01,"Last Stage of Delirium",aix,local,0 20456,platforms/windows/local/20456.c,"Microsoft SQL Server 7.0/2000_Data Engine 1.0/2000 xp_showcolv Buffer Overflow",2000-12-01,"David Litchfield",windows,local,0 20457,platforms/windows/local/20457.c,"Microsoft SQL Server 7.0/2000_Data Engine 1.0/2000 xp_peekqueue Buffer Overflow",2000-12-01,@stake,windows,local,0 -20458,platforms/linux/local/20458.txt,"Linux Kernel 2.2.x - Non-Readable File Ptrace",2000-11-30,"Lamagra Argamal",linux,local,0 +20458,platforms/linux/local/20458.txt,"Linux Kernel 2.2.x - Non-Readable File Ptrace Local Information Leak",2000-11-30,"Lamagra Argamal",linux,local,0 20459,platforms/windows/remote/20459.html,"Microsoft Internet Explorer 5 \'INPUT TYPE=FILE\'",2000-12-01,Key,windows,remote,0 20460,platforms/windows/remote/20460.txt,"Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow",2000-12-04,"Alberto Solino",windows,remote,0 20461,platforms/windows/remote/20461.txt,"Serv-U 2.4/2.5 FTP Directory Traversal",2000-12-05,Zoa_Chien,windows,remote,0 @@ -18685,7 +18685,7 @@ id,file,description,date,author,platform,type,port 21404,platforms/windows/dos/21404.htm,"Microsoft Internet Explorer 5/6 Self-Referential Object Denial of Service",2002-04-20,"Matthew Murphy",windows,dos,0 21405,platforms/cgi/webapps/21405.txt,"Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting",2002-04-20,BrainRawt,cgi,webapps,0 21406,platforms/cgi/webapps/21406.txt,"Philip Chinery's Guestbook 1.1 Script Injection",2002-04-21,"markus arndt",cgi,webapps,0 -21407,platforms/bsd/local/21407.c,"OS X 10.x_ FreeBSD 4.x_OpenBSD 2.x_Solaris 2.5/2.6/7.0/8 exec C Library Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0 +21407,platforms/bsd/local/21407.c,"OS X 10.x_ FreeBSD 4.x_ OpenBSD 2.x_ Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0 21408,platforms/unix/local/21408.pl,"SLRNPull 0.9.6 Spool Directory Command Line Parameter Buffer Overflow",2002-04-22,zillion,unix,local,0 21409,platforms/unix/dos/21409.pl,"PsyBNC 2.3 Oversized Passwords Denial of Service",2002-04-22,DVDMAN,unix,dos,0 21410,platforms/windows/remote/21410.pl,"Matu FTP 1.74 Client Buffer Overflow",2002-04-23,Kanatoko,windows,remote,0 @@ -18874,7 +18874,7 @@ id,file,description,date,author,platform,type,port 21595,platforms/windows/remote/21595.c,"Nullsoft Winamp 2.80 - Automatic Update Check Buffer Overflow",2002-07-03,anonymous,windows,remote,0 21596,platforms/osx/remote/21596.txt,"MacOS X 10.1.x SoftwareUpdate Arbitrary Package Installation",2002-07-08,"Russell Harding",osx,remote,0 21597,platforms/windows/remote/21597.txt,"Key Focus KF Web Server 1.0.2 - Directory Contents Disclosure",2002-07-08,Securiteinfo.com,windows,remote,0 -21598,platforms/linux/local/21598.c,"Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion",2002-07-08,"Paul Starzetz",linux,local,0 +21598,platforms/linux/dos/21598.c,"Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion",2002-07-08,"Paul Starzetz",linux,dos,0 21599,platforms/windows/remote/21599.txt,"Working Resources BadBlue 1.7.3 - cleanSearchString() Cross-Site Scripting",2002-07-08,"Matthew Murphy",windows,remote,0 21600,platforms/windows/dos/21600.txt,"Working Resources BadBlue 1.7.3 - Get Request Denial of Service",2002-07-08,"Matthew Murphy",windows,dos,0 21601,platforms/windows/remote/21601.c,"Microsoft Foundation Class Library 7.0 ISAPI Buffer Overflow",2002-07-08,"Matthew Murphy",windows,remote,0 @@ -19612,8 +19612,8 @@ id,file,description,date,author,platform,type,port 22359,platforms/multiple/dos/22359.xsl,"Sun JDK/SDK 1.3/1.4_IBM JDK 1.3.1_BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (2)",2003-03-15,"Marc Schoenefeld",multiple,dos,0 22360,platforms/multiple/dos/22360.java,"Sun JDK/SDK 1.3/1.4_IBM JDK 1.3.1_BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (3)",2003-03-15,"Marc Schoenefeld",multiple,dos,0 22361,platforms/linux/remote/22361.cpp,"Qpopper 3/4 Username Information Disclosure Weakness",2003-03-11,plasmahh,linux,remote,0 -22362,platforms/linux/local/22362.c,"Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (1)",2003-03-17,anszom@v-lo.krakow.pl,linux,local,0 -22363,platforms/linux/local/22363.c,"Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (2)",2003-04-10,"Wojciech Purczynski",linux,local,0 +22362,platforms/linux/local/22362.c,"Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (1)",2003-03-17,anszom@v-lo.krakow.pl,linux,local,0 +22363,platforms/linux/local/22363.c,"Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (2)",2003-04-10,"Wojciech Purczynski",linux,local,0 22364,platforms/cgi/webapps/22364.c,"Outblaze Webmail - Cookie Authentication Bypass",2003-03-17,"dong-h0un U",cgi,webapps,0 22365,platforms/windows/remote/22365.pl,"Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow (1)",2003-03-24,mat,windows,remote,0 22366,platforms/windows/remote/22366.c,"Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow (2)",2003-03-31,ThreaT,windows,remote,0 @@ -20079,7 +20079,7 @@ id,file,description,date,author,platform,type,port 22837,platforms/windows/remote/22837.c,"Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow",2003-06-25,firew0rker,windows,remote,0 22838,platforms/windows/remote/22838.txt,"BRS WebWeaver 1.0 Error Page Cross-Site Scripting",2003-06-26,"Carsten H. Eiram",windows,remote,0 22839,platforms/linux/dos/22839.c,"methane IRCd 0.1.1 - Remote Format String",2003-06-27,Dinos,linux,dos,0 -22840,platforms/linux/local/22840.c,"Linux Kernel 2.4 - suid execve() System Call Race Condition PoC",2003-06-26,IhaQueR,linux,local,0 +22840,platforms/linux/local/22840.c,"Linux Kernel 2.4 - suid execve() System Call Race Condition Executable File Read Proof of Concept",2003-06-26,IhaQueR,linux,local,0 22841,platforms/php/webapps/22841.txt,"iXmail 0.2/0.3 iXmail_NetAttach.php File Deletion",2003-06-26,leseulfrog,php,webapps,0 22842,platforms/php/webapps/22842.txt,"CutePHP CuteNews 1.3 HTML Injection",2003-06-29,"Peter Winter-Smith",php,webapps,0 22843,platforms/cgi/webapps/22843.txt,"MegaBook 1.1/2.0/2.1 - Multiple HTML Injection Vulnerabilities",2003-06-29,"Morning Wood",cgi,webapps,0 @@ -21238,7 +21238,7 @@ id,file,description,date,author,platform,type,port 24040,platforms/multiple/remote/24040.txt,"PISG 0.54 IRC Nick HTML Injection",2004-04-22,shr3kst3r,multiple,remote,0 24041,platforms/multiple/remote/24041.c,"Epic Games Unreal Tournament Engine 3 - UMOD Manifest.INI Remote Arbitrary File Overwrite",2004-04-22,"Luigi Auriemma",multiple,remote,0 24042,platforms/windows/dos/24042.txt,"Yahoo! Messenger 5.6 YInsthelper.DLL Multiple Buffer Overflow Vulnerabilities",2004-04-23,"Rafel Ivgi The-Insider",windows,dos,0 -24043,platforms/linux/local/24043.c,"Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling",2004-04-23,"Brad Spengler",linux,local,0 +24043,platforms/linux/local/24043.c,"Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Memory Read",2004-04-23,"Brad Spengler",linux,local,0 24044,platforms/php/webapps/24044.txt,"phpLiteAdmin <= 1.9.3 - Remote PHP Code Injection",2013-01-11,L@usch,php,webapps,0 24045,platforms/java/remote/24045.rb,"Java Applet JMX - Remote Code Execution (1)",2013-01-11,Metasploit,java,remote,0 24049,platforms/asp/webapps/24049.txt,"PW New Media Network Modular Site Management System 0.2.1 - Ver.asp Information Disclosure",2004-04-23,CyberTalon,asp,webapps,0 @@ -21639,7 +21639,7 @@ id,file,description,date,author,platform,type,port 24456,platforms/php/webapps/24456.txt,"glossword 1.8.12 - Multiple Vulnerabilities",2013-02-05,AkaStep,php,webapps,0 24457,platforms/php/webapps/24457.txt,"Glossword 1.8.3 - SQL Injection",2013-02-05,AkaStep,php,webapps,0 24458,platforms/linux/local/24458.txt,"Oracle Automated Service Manager 1.3 - Installation Local Privilege Escalation",2013-02-05,"Larry W. Cashdollar",linux,local,0 -24459,platforms/linux/dos/24459.sh,"Linux Kernel <= 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure",2013-02-05,vladz,linux,dos,0 +24459,platforms/linux/local/24459.sh,"Linux Kernel <= 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure",2013-02-05,vladz,linux,local,0 24461,platforms/windows/remote/24461.rb,"VMWare OVF Tools - Format String (2)",2013-02-12,Metasploit,windows,remote,0 24462,platforms/php/webapps/24462.txt,"Hiverr 2.2 - Multiple Vulnerabilities",2013-02-06,xStarCode,php,webapps,0 24463,platforms/windows/dos/24463.txt,"Cool PDF Reader 3.0.2.256 - Buffer Overflow",2013-02-07,"Chris Gabriel",windows,dos,0 @@ -21885,7 +21885,7 @@ id,file,description,date,author,platform,type,port 24725,platforms/multiple/remote/24725.php,"Trend Micro ScanMail for Domino 2.51/2.6 - Remote File Disclosure",2004-11-05,DokFLeed,multiple,remote,0 24726,platforms/windows/dos/24726.txt,"Software602 602 LAN Suite Multiple Remote Denial of Service Vulnerabilities",2004-11-06,"Luigi Auriemma",windows,dos,0 24727,platforms/windows/remote/24727.txt,"Microsoft Internet Explorer 6.0 - Local Resource Enumeration",2004-11-08,"Benjamin Tobias Franz",windows,remote,0 -24728,platforms/windows/remote/24728.txt,"Microsoft Internet Explorer 6.0_ Firefox 0.x_Netscape 7.x - IMG Tag Multiple Vulnerabilities",2004-11-10,"Wolfgang Schwarz",windows,remote,0 +24728,platforms/windows/remote/24728.txt,"Microsoft Internet Explorer 6.0 / Firefox 0.x / Netscape 7.x - IMG Tag Multiple Vulnerabilities",2004-11-10,"Wolfgang Schwarz",windows,remote,0 24729,platforms/php/webapps/24729.txt,"webcalendar 0.9.x - Multiple Vulnerabilities",2004-11-10,"Joxean Koret",php,webapps,0 24730,platforms/multiple/remote/24730.txt,"04webserver 1.42 - Multiple Vulnerabilities",2004-11-10,"Tan Chew Keong",multiple,remote,0 24731,platforms/php/webapps/24731.txt,"Aztek Forum 4.0 - Multiple Input Validation Vulnerabilities",2004-11-12,"benji lemien",php,webapps,0 @@ -22375,7 +22375,7 @@ id,file,description,date,author,platform,type,port 25231,platforms/windows/dos/25231.txt,"Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service",2005-03-17,"Hongzhen Zhou",windows,dos,0 25232,platforms/php/webapps/25232.txt,"McNews 1.x Install.php Arbitrary File Include",2005-03-17,"Jonathan Whiteley",php,webapps,0 25233,platforms/asp/webapps/25233.txt,"ACS Blog 0.8/0.9/1.0/1.1 - Search.ASP Cross-Site Scripting",2005-03-17,"farhad koosha",asp,webapps,0 -25234,platforms/linux/local/25234.sh,"Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities",2005-03-17,"Michal Zalewski",linux,local,0 +25234,platforms/linux/dos/25234.sh,"Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities",2005-03-17,"Michal Zalewski",linux,dos,0 25235,platforms/php/webapps/25235.txt,"Subdreamer 1.0 - SQL Injection",2005-03-18,"GHC team",php,webapps,0 25236,platforms/php/webapps/25236.html,"PHPOpenChat 3.0.1 - Multiple HTML Injection Vulnerabilities",2005-03-18,"PersianHacker Team",php,webapps,0 25237,platforms/php/webapps/25237.txt,"RunCMS 1.1 Database Configuration Information Disclosure",2005-03-18,"Majid NT",php,webapps,0 @@ -22427,7 +22427,7 @@ id,file,description,date,author,platform,type,port 25284,platforms/php/webapps/25284.txt,"Nuke Bookmarks 0.6 Marks.php SQL Injection",2005-03-26,"Gerardo Astharot Di Giacomo",php,webapps,0 25285,platforms/php/webapps/25285.txt,"MagicScripts E-Store Kit-2 PayPal Edition Cross-Site Scripting",2005-03-26,Dcrab,php,webapps,0 25286,platforms/php/webapps/25286.txt,"MagicScripts E-Store Kit-2 PayPal Edition Remote File Include",2005-03-26,Dcrab,php,webapps,0 -25287,platforms/linux/local/25287.c,"Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1)",2005-03-28,"ilja van sprundel",linux,local,0 +25287,platforms/linux/dos/25287.c,"Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1)",2005-03-28,"ilja van sprundel",linux,dos,0 25288,platforms/linux/local/25288.c,"Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root (2)",2005-04-08,qobaiashi,linux,local,0 25289,platforms/linux/local/25289.c,"Linux Kernel <= 2.4.30 / <= 2.6.11.5 - Bluetooth bluez_sock_create Local Root",2005-10-19,backdoored.net,linux,local,0 25291,platforms/multiple/remote/25291.txt,"Tincat Network Library Remote Buffer Overflow",2005-03-28,"Luigi Auriemma",multiple,remote,0 @@ -22630,7 +22630,7 @@ id,file,description,date,author,platform,type,port 25494,platforms/php/webapps/25494.txt,"ProfitCode Software PayProCart 3.0 AdminShop ProMod Cross-Site Scripting",2005-04-21,Lostmon,php,webapps,0 25495,platforms/php/webapps/25495.txt,"ProfitCode Software PayProCart 3.0 AdminShop MMActionComm Cross-Site Scripting",2005-04-21,Lostmon,php,webapps,0 25496,platforms/php/webapps/25496.txt,"php-Charts 1.0 - Code Execution",2013-05-17,"fizzle stick",php,webapps,0 -25497,platforms/lin_x86/shellcode/25497.c,"Linux/x86 - Reverse TCP Bind Shellcode (92 bytes)",2013-05-17,"Russell Willis",lin_x86,shellcode,0 +25497,platforms/lin_x86/shellcode/25497.c,"Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes)",2013-05-17,"Russell Willis",lin_x86,shellcode,0 25498,platforms/asp/webapps/25498.txt,"ASPNuke 0.80 Comments.ASP SQL Injection",2005-04-22,Dcrab,asp,webapps,0 25499,platforms/linux/dos/25499.py,"nginx 1.3.9-1.4.0 - DoS PoC",2013-05-17,"Mert SARICA",linux,dos,0 25500,platforms/asp/webapps/25500.txt,"ASPNuke 0.80 Detail.ASP SQL Injection",2005-04-22,Dcrab,asp,webapps,0 @@ -22784,7 +22784,7 @@ id,file,description,date,author,platform,type,port 25644,platforms/php/webapps/25644.txt,"e107 Website System 0.617 Request.php Directory Traversal",2005-05-10,Heintz,php,webapps,0 25645,platforms/php/webapps/25645.txt,"e107 Website System 0.617 Forum_viewforum.php SQL Injection",2005-05-10,Heintz,php,webapps,0 25646,platforms/windows/remote/25646.txt,"MyServer 0.8 - Cross-Site Scripting",2005-05-10,dr_insane,windows,remote,0 -25647,platforms/linux/local/25647.sh,"Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow",2005-05-11,"Paul Starzetz",linux,local,0 +25647,platforms/linux/dos/25647.sh,"Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow",2005-05-11,"Paul Starzetz",linux,dos,0 25648,platforms/cgi/remote/25648.txt,"neteyes nexusway border gateway - Multiple Vulnerabilities",2005-05-11,pokley,cgi,remote,0 25649,platforms/cgi/webapps/25649.txt,"showoff! digital media software 1.5.4 - Multiple Vulnerabilities",2011-05-11,dr_insane,cgi,webapps,0 25650,platforms/php/webapps/25650.txt,"Open Solution Quick.Cart 0.3 Index.php Cross-Site Scripting",2005-05-11,Lostmon,php,webapps,0 @@ -32061,7 +32061,7 @@ id,file,description,date,author,platform,type,port 35582,platforms/php/webapps/35582.txt,"ProjectSend r561 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80 35583,platforms/php/webapps/35583.txt,"Piwigo 2.7.2 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80 35584,platforms/php/webapps/35584.txt,"GQ File Manager 0.2.5 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80 -35586,platforms/lin_x86-64/shellcode/35586.c,"Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0 +35586,platforms/lin_x86-64/shellcode/35586.c,"Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0 35585,platforms/php/webapps/35585.txt,"Codiad 2.4.3 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80 35587,platforms/lin_x86-64/shellcode/35587.c,"Linux/x86-64 - Reverse TCP connect shellcode (77 to 85 bytes / 90 to 98 bytes with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0 35588,platforms/php/remote/35588.rb,"Lotus Mail Encryption Server (Protector for Mail) - LFI to RCE",2014-12-22,"Patrick Webster",php,remote,9000 @@ -32826,7 +32826,7 @@ id,file,description,date,author,platform,type,port 36395,platforms/lin_x86/shellcode/36395.c,"Linux/x86 - Obfuscated execve(_/bin/sh_) shellcode (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36481,platforms/php/webapps/36481.txt,"WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross Site Scripting",2011-12-31,6Scan,php,webapps,0 36397,platforms/lin_x86/shellcode/36397.c,"Linux/x86 - Reverse TCP Shell shellcode (72 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 -36398,platforms/lin_x86/shellcode/36398.c,"Linux/x86 - TCP Bind Shel shellcode l (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 +36398,platforms/lin_x86/shellcode/36398.c,"Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36407,platforms/php/webapps/36407.txt,"Elxis CMS 2009 administrator/index.php URI XSS",2011-12-05,"Ewerson Guimaraes",php,webapps,0 36408,platforms/php/webapps/36408.txt,"WordPress Pretty Link Plugin 1.5.2 - 'pretty-bar.php' Cross Site Scripting",2011-12-06,Am!r,php,webapps,0 36410,platforms/php/webapps/36410.txt,"Simple Machines Forum 1.1.15 - 'fckeditor' Arbitrary File Upload",2011-12-06,HELLBOY,php,webapps,0 @@ -33104,7 +33104,7 @@ id,file,description,date,author,platform,type,port 36689,platforms/linux/webapps/36689.txt,"BOA Web Server 0.94.8.2 - Arbitrary File Access",2000-12-19,llmora,linux,webapps,0 36690,platforms/linux/remote/36690.rb,"Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit",2015-04-09,xort,linux,remote,8000 36691,platforms/php/webapps/36691.txt,"WordPress Windows Desktop and iPhone Photo Uploader Plugin Arbitrary File Upload",2015-04-09,"Manish Tanwar",php,webapps,80 -36692,platforms/osx/local/36692.py,"Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0 +36692,platforms/osx/local/36692.py,"Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0 36693,platforms/php/webapps/36693.txt,"RabbitWiki 'title' Parameter Cross Site Scripting",2012-02-10,sonyy,php,webapps,0 36694,platforms/php/webapps/36694.txt,"eFront Community++ 3.6.10 SQL Injection and Multiple HTML Injection Vulnerabilities",2012-02-12,"Benjamin Kunz Mejri",php,webapps,0 36695,platforms/php/webapps/36695.txt,"Zimbra 'view' Parameter Cross Site Scripting",2012-02-13,sonyy,php,webapps,0 @@ -34087,7 +34087,7 @@ id,file,description,date,author,platform,type,port 37950,platforms/php/webapps/37950.txt,"jCore /admin/index.php path Parameter XSS",2012-10-17,"High-Tech Bridge",php,webapps,0 37951,platforms/windows/remote/37951.py,"Easy File Sharing Web Server 6.9 - USERID Remote Buffer Overflow",2015-08-24,"Tracy Turben",windows,remote,0 37757,platforms/multiple/webapps/37757.py,"Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XXE Exploit",2015-08-12,"David Bloom",multiple,webapps,0 -37758,platforms/win_x86/shellcode/37758.c,"Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes)",2015-08-12,noviceflux,win_x86,shellcode,0 +37758,platforms/win_x86/shellcode/37758.c,"Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)",2015-08-12,noviceflux,win_x86,shellcode,0 37759,platforms/linux/dos/37759.py,"NeuroServer 0.7.4 - (EEG TCP/IP Transceiver) Remote DoS",2015-08-12,nitr0us,linux,dos,0 37760,platforms/windows/local/37760.rb,"PDF Shaper 3.5 - Buffer Overflow",2015-08-12,metacom,windows,local,0 37761,platforms/ios/webapps/37761.txt,"Printer Pro 5.4.3 IOS - Persistent Cross Site Scripting",2015-08-12,"Taurus Omar",ios,webapps,0 @@ -34378,13 +34378,13 @@ id,file,description,date,author,platform,type,port 38062,platforms/multiple/webapps/38062.txt,"Forescout CounterACT 'a' Parameter Open Redirection",2012-11-26,"Joseph Sheridan",multiple,webapps,0 38063,platforms/php/webapps/38063.txt,"WordPress Wp-ImageZoom Theme 'id' Parameter SQL Injection",2012-11-26,Amirh03in,php,webapps,0 38064,platforms/php/webapps/38064.txt,"WordPress CStar Design 'id' Parameter SQL Injection",2012-11-27,Amirh03in,php,webapps,0 -38065,platforms/osx/shellcode/38065.txt,"OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes)",2015-09-02,"Fitzl Csaba",osx,shellcode,0 +38065,platforms/osx/shellcode/38065.txt,"OS-X/x86-64 - /bin/sh Null Free Shellcode (34 bytes)",2015-09-02,"Fitzl Csaba",osx,shellcode,0 38068,platforms/php/webapps/38068.txt,"MantisBT 1.2.19 - Host Header Attack",2015-09-02,"Pier-Luc Maltais",php,webapps,80 38071,platforms/php/webapps/38071.rb,"YesWiki 0.2 - Path Traversal",2015-09-02,HaHwul,php,webapps,80 38072,platforms/windows/dos/38072.py,"SphereFTP Server 2.0 - Crash PoC",2015-09-02,"Meisam Monsef",windows,dos,21 38073,platforms/hardware/webapps/38073.html,"GPON Home Router FTP G-93RG1 - CSRF Command Execution",2015-09-02,"Phan Thanh Duy",hardware,webapps,80 38074,platforms/php/webapps/38074.txt,"Cerb 7.0.3 - CSRF",2015-09-02,"High-Tech Bridge SA",php,webapps,80 -38075,platforms/system_z/shellcode/38075.txt,"Mainframe/System Z - Bind Shell shellcode (2488 bytes)",2015-09-02,"Bigendian Smalls",system_z,shellcode,0 +38075,platforms/system_z/shellcode/38075.txt,"Mainframe/System Z - Bind Shell Port 12345 Shellcode (2488 bytes)",2015-09-02,"Bigendian Smalls",system_z,shellcode,0 38086,platforms/php/webapps/38086.html,"WordPress Contact Form Generator <= 2.0.1 - Multiple CSRF Vulnerabilities",2015-09-06,"i0akiN SEC-LABORATORY",php,webapps,80 38076,platforms/php/webapps/38076.txt,"BigDump 0.29b and 0.32b - Multiple Vulnerabilities",2012-11-28,Ur0b0r0x,php,webapps,0 38077,platforms/php/webapps/38077.txt,"WordPress Toolbox Theme 'mls' Parameter SQL Injection",2012-11-29,"Ashiyane Digital Security Team",php,webapps,0 @@ -34427,7 +34427,7 @@ id,file,description,date,author,platform,type,port 38123,platforms/php/dos/38123.txt,"PHP Session Deserializer Use-After-Free",2015-09-09,"Taoguang Chen",php,dos,0 38124,platforms/android/remote/38124.py,"Android Stagefright - Remote Code Execution",2015-09-09,"Joshua J. Drake",android,remote,0 38125,platforms/php/dos/38125.txt,"PHP unserialize() Use-After-Free Vulnerabilities",2015-09-09,"Taoguang Chen",php,dos,0 -38126,platforms/osx/shellcode/38126.c,"OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes)",2015-09-10,"Fitzl Csaba",osx,shellcode,0 +38126,platforms/osx/shellcode/38126.c,"OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes)",2015-09-10,"Fitzl Csaba",osx,shellcode,0 38127,platforms/php/webapps/38127.php,"php - cgimode fpm writeprocmemfile bypass disable function demo",2015-09-10,ylbhz,php,webapps,0 38128,platforms/cgi/webapps/38128.txt,"Synology Video Station 1.5-0757 - Multiple Vulnerabilities",2015-09-10,"Han Sahin",cgi,webapps,5000 38129,platforms/php/webapps/38129.txt,"Octogate UTM 3.0.12 - Admin Interface Directory Traversal",2015-09-10,"Oliver Karow",php,webapps,0 @@ -34641,7 +34641,7 @@ id,file,description,date,author,platform,type,port 38350,platforms/hardware/webapps/38350.txt,"Western Digital My Cloud 04.01.03-421_ 04.01.04-422 - Command Injection",2015-09-29,absane,hardware,webapps,0 38351,platforms/asp/webapps/38351.txt,"Kaseya Virtual System Administrator - Multiple Vulnerabilities (2)",2015-09-29,"Pedro Ribeiro",asp,webapps,0 38352,platforms/windows/remote/38352.rb,"ManageEngine EventLog Analyzer Remote Code Execution",2015-09-29,Metasploit,windows,remote,8400 -38353,platforms/linux/local/38353.txt,"Ubuntu Apport - Local Privilege Escalation",2015-09-29,halfdog,linux,local,0 +38353,platforms/linux/local/38353.txt,"Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation",2015-09-29,halfdog,linux,local,0 38354,platforms/php/webapps/38354.txt,"Plogger Multiple Input Validation Vulnerabilities",2013-03-02,"Saadat Ullah",php,webapps,0 38355,platforms/php/webapps/38355.txt,"WordPress Uploader Plugin 'blog' Parameter Cross Site Scripting",2013-03-01,CodeV,php,webapps,0 38356,platforms/hardware/remote/38356.txt,"Foscam Prior to 11.37.2.49 Directory Traversal",2013-03-01,"Frederic Basse",hardware,remote,0 @@ -34752,7 +34752,7 @@ id,file,description,date,author,platform,type,port 38464,platforms/hardware/remote/38464.txt,"Cisco Linksys EA2700 Router Multiple Security Vulnerabilities",2013-04-15,"Phil Purviance",hardware,remote,0 38465,platforms/linux/dos/38465.txt,"Linux Kernel <= 3.2.1 - Tracing Mutiple Local Denial of Service Vulnerabilities",2013-04-15,anonymous,linux,dos,0 38467,platforms/windows/local/38467.py,"AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow",2015-10-15,hyp3rlinx,windows,local,0 -38469,platforms/lin_x86-64/shellcode/38469.c,"Linux/x86-64 - Bindshell with Password shellcode (92 bytes)",2015-10-15,d4sh&r,lin_x86-64,shellcode,0 +38469,platforms/lin_x86-64/shellcode/38469.c,"Linux/x86-64 - Bindshell 31173 port with Password shellcode (92 bytes)",2015-10-15,d4sh&r,lin_x86-64,shellcode,0 38470,platforms/hardware/webapps/38470.txt,"netis RealTek Wireless Router / ADSL Modem - Multiple Vulnerabilities",2015-10-15,"Karn Ganeshen",hardware,webapps,0 38471,platforms/hardware/webapps/38471.txt,"PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities",2015-10-15,"Karn Ganeshen",hardware,webapps,0 38472,platforms/windows/local/38472.py,"Blat.exe 2.7.6 SMTP / NNTP Mailer - Buffer Overflow",2015-10-15,hyp3rlinx,windows,local,0 @@ -35216,7 +35216,7 @@ id,file,description,date,author,platform,type,port 38956,platforms/php/webapps/38956.txt,"Command School Student Management System /sw/backup/backup_ray2.php Database Backup Direct Request Information Disclosure",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0 38957,platforms/php/webapps/38957.html,"Command School Student Management System /sw/admin_change_password.php Admin Password Manipulation CSRF",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0 38958,platforms/php/webapps/38958.html,"Command School Student Management System /sw/add_topic.php Topic Creation CSRF",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0 -38959,platforms/generator/shellcode/38959.py,"Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator)",2015-12-13,B3mB4m,generator,shellcode,0 +38959,platforms/generator/shellcode/38959.py,"Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)",2015-12-13,B3mB4m,generator,shellcode,0 38965,platforms/php/webapps/38965.txt,"ECommerceMajor - (productdtl.php_ prodid param) SQL Injection",2015-12-14,"Rahul Pratap Singh",php,webapps,80 38966,platforms/php/webapps/38966.txt,"WordPress Admin Management Xtended Plugin 2.4.0 - Privilege escalation",2015-12-14,"Kacper Szurek",php,webapps,80 39096,platforms/php/webapps/39096.txt,"i-doit Pro 'objID' Parameter SQL Injection",2014-02-17,"Stephan Rickauer",php,webapps,0 @@ -35400,8 +35400,8 @@ id,file,description,date,author,platform,type,port 39227,platforms/hardware/remote/39227.txt,"FingerTec Fingerprint Reader - Remote Access and Remote Enrollment",2016-01-12,"Daniel Lawson",hardware,remote,0 39149,platforms/lin_x86-64/shellcode/39149.c,"Linux/x86-64 - Bind TCP Port Shellcode (103 bytes)",2016-01-01,Scorpion_,lin_x86-64,shellcode,0 39150,platforms/php/webapps/39150.txt,"Open Audit SQL Injection",2016-01-02,"Rahul Pratap Singh",php,webapps,0 -39151,platforms/lin_x86-64/shellcode/39151.c,"Linux/x86-64 - bind TCP port shellcode (103 bytes)",2016-01-02,Scorpion_,lin_x86-64,shellcode,0 -39152,platforms/lin_x86-64/shellcode/39152.c,"Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes)",2016-01-02,"Sathish kumar",lin_x86-64,shellcode,0 +39151,platforms/lin_x86-64/shellcode/39151.c,"Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes)",2016-01-02,Scorpion_,lin_x86-64,shellcode,0 +39152,platforms/lin_x86-64/shellcode/39152.c,"Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes)",2016-01-02,"Sathish kumar",lin_x86-64,shellcode,0 39153,platforms/php/webapps/39153.txt,"iDevAffiliate 'idevads.php' SQL Injection",2014-04-22,"Robert Cooper",php,webapps,0 39154,platforms/hardware/remote/39154.txt,"Comtrend CT-5361T Router password.cgi Admin Password Manipulation CSRF",2014-04-21,"TUNISIAN CYBER",hardware,remote,0 39155,platforms/linux/remote/39155.txt,"lxml 'clean_html' Function Security Bypass",2014-04-15,"Maksim Kochkin",linux,remote,0 @@ -35748,7 +35748,7 @@ id,file,description,date,author,platform,type,port 39516,platforms/windows/dos/39516.py,"Quick Tftp Server Pro 2.3 - Read Mode Denial of Service",2016-03-02,"Guillaume Kaddouch",windows,dos,69 39517,platforms/windows/dos/39517.py,"Freeproxy Internet Suite 4.10 - Denial of Service",2016-03-02,"Guillaume Kaddouch",windows,dos,8080 39518,platforms/windows/dos/39518.txt,"PictureTrails Photo Editor GE.exe 2.0.0 - .bmp Crash PoC",2016-03-02,redknight99,windows,dos,0 -39519,platforms/win_x86/shellcode/39519.c,"Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)",2016-03-02,"Sean Dillon",win_x86,shellcode,0 +39519,platforms/win_x86/shellcode/39519.c,"Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",win_x86,shellcode,0 39520,platforms/win_x86-64/local/39520.txt,"Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation",2016-03-02,Cr4sh,win_x86-64,local,0 39521,platforms/php/webapps/39521.txt,"WordPress Bulk Delete Plugin 5.5.3 - Privilege Escalation",2016-03-03,"Panagiotis Vagenas",php,webapps,80 39522,platforms/hardware/remote/39522.txt,"Schneider Electric SBO / AS - Multiple Vulnerabilities",2016-03-03,"Karn Ganeshen",hardware,remote,0 @@ -35771,7 +35771,7 @@ id,file,description,date,author,platform,type,port 39541,platforms/linux/dos/39541.txt,"Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - mct_u232 Nullpointer Dereference",2016-03-09,"OpenSource Security",linux,dos,0 39543,platforms/linux/dos/39543.txt,"Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - cdc_acm Nullpointer Dereference",2016-03-09,"OpenSource Security",linux,dos,0 39544,platforms/linux/dos/39544.txt,"Linux Kernel <= 3.10.0 (CentOS / RHEL 7.1) - aiptek Nullpointer Dereference",2016-03-09,"OpenSource Security",linux,dos,0 -39545,platforms/linux/dos/39545.txt,"Linux Kernel 3.10_ 3.18 + 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption",2016-03-09,"Google Security Research",linux,dos,0 +39545,platforms/linux/dos/39545.txt,"Linux Kernel 3.10 / 3.18 / 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption",2016-03-09,"Google Security Research",linux,dos,0 39546,platforms/windows/dos/39546.txt,"Nitro Pro <= 10.5.7.32 & Nitro Reader <= 5.5.3.1 - Heap Memory Corruption",2016-03-10,"Francis Provencher",windows,dos,0 39547,platforms/php/webapps/39547.txt,"WordPress Best Web Soft Captcha Plugin <= 4.1.5 - Multiple Vulnerabilities",2016-03-10,"Colette Chamberland",php,webapps,80 39548,platforms/php/webapps/39548.txt,"WordPress WP Advanced Comment Plugin 0.10 - Persistent XSS",2016-03-10,"Mohammad Khaleghi",php,webapps,80 @@ -35940,7 +35940,7 @@ id,file,description,date,author,platform,type,port 39728,platforms/lin_x86-64/shellcode/39728.py,"Linux/x86-64 - Bind Shell Shellcode (Generator)",2016-04-25,"Ajith Kp",lin_x86-64,shellcode,0 39729,platforms/win_x86/remote/39729.rb,"PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)",2016-04-25,"Jonathan Smith",win_x86,remote,21 39730,platforms/ruby/webapps/39730.txt,"NationBuilder Multiple Stored XSS Vulnerabilities",2016-04-25,LiquidWorm,ruby,webapps,443 -39731,platforms/windows/shellcode/39731.c,"Windows - Null-Free Shellcode Primitive Keylogger to File (431 (0x01AF) bytes)",2016-04-25,Fugu,windows,shellcode,0 +39731,platforms/windows/shellcode/39731.c,"Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes)",2016-04-25,Fugu,windows,shellcode,0 39733,platforms/linux/dos/39733.py,"Rough Auditing Tool for Security (RATS) 2.3 - Crash PoC",2016-04-25,"David Silveiro",linux,dos,0 39734,platforms/linux/local/39734.py,"Yasr Screen Reader 0.6.9 - Local Buffer Overflow",2016-04-26,"Juan Sacco",linux,local,0 39735,platforms/windows/remote/39735.rb,"Advantech WebAccess Dashboard Viewer Arbitrary File Upload",2016-04-26,Metasploit,windows,remote,80 @@ -35978,7 +35978,7 @@ id,file,description,date,author,platform,type,port 39768,platforms/multiple/dos/39768.txt,"OpenSSL Padding Oracle in AES-NI CBC MAC Check",2016-05-04,"Juraj Somorovsky",multiple,dos,0 39769,platforms/linux/local/39769.txt,"Zabbix Agent 3.0.1 - mysql.size Shell Command Injection",2016-05-04,"Timo Lindfors",linux,local,0 39770,platforms/windows/dos/39770.txt,"McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption",2016-05-04,"Google Security Research",windows,dos,0 -39771,platforms/linux/dos/39771.txt,"Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)",2016-05-04,"Google Security Research",linux,dos,0 +39771,platforms/linux/local/39771.txt,"Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow)",2016-05-04,"Google Security Research",linux,local,0 39772,platforms/linux/local/39772.txt,"Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Local Root Exploit",2016-05-04,"Google Security Research",linux,local,0 39773,platforms/linux/dos/39773.txt,"Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps",2016-05-04,"Google Security Research",linux,dos,0 39774,platforms/windows/dos/39774.html,"Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing",2016-05-05,"liu zhu",windows,dos,0 @@ -35999,7 +35999,7 @@ id,file,description,date,author,platform,type,port 39791,platforms/multiple/local/39791.rb,"ImageMagick <= 6.9.3-9 / <= 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)",2016-05-09,Metasploit,multiple,local,0 39792,platforms/ruby/remote/39792.rb,"Ruby on Rails Development Web Console (v2) Code Execution",2016-05-09,Metasploit,ruby,remote,3000 39966,platforms/windows/dos/39966.txt,"Blat 3.2.14 - Stack Overflow",2016-06-16,Vishnu,windows,dos,0 -39794,platforms/windows/shellcode/39794.c,"Windows - Null-Free Shellcode Functional Keylogger to File (601 (0x0259) bytes)",2016-05-10,Fugu,windows,shellcode,0 +39794,platforms/windows/shellcode/39794.c,"Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)",2016-05-10,Fugu,windows,shellcode,0 39795,platforms/windows/dos/39795.pl,"MediaInfo 0.7.61 - Crash PoC",2016-05-10,"Mohammad Reza Espargham",windows,dos,0 39796,platforms/windows/dos/39796.py,"Ipswitch WS_FTP LE 12.3 - Search field SEH Overwrite POC",2016-05-10,"Zahid Adeel",windows,dos,0 39797,platforms/windows/dos/39797.py,"Core FTP Server 32-bit Build 587 - Heap Overflow",2016-05-10,"Paul Purcell",windows,dos,21 @@ -36048,7 +36048,7 @@ id,file,description,date,author,platform,type,port 39841,platforms/xml/webapps/39841.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure",2016-05-19,ERPScan,xml,webapps,0 39842,platforms/linux/dos/39842.txt,"4digits 1.1.4 - Local Buffer Overflow",2016-05-19,N_A,linux,dos,0 39843,platforms/windows/local/39843.c,"VirIT Explorer Lite & Pro 8.1.68 - Local Privilege Escalation",2016-05-19,"Paolo Stagno",windows,local,0 -39844,platforms/lin_x86-64/shellcode/39844.c,"Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes)",2016-05-20,"Sudhanshu Chauhan",lin_x86-64,shellcode,0 +39844,platforms/lin_x86-64/shellcode/39844.c,"Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)",2016-05-20,"Sudhanshu Chauhan",lin_x86-64,shellcode,0 39845,platforms/windows/local/39845.txt,"Operation Technology ETAP 14.1.0 - Local Privilege Escalation",2016-05-23,LiquidWorm,windows,local,0 39846,platforms/windows/dos/39846.txt,"Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities",2016-05-23,LiquidWorm,windows,dos,0 39847,platforms/lin_x86-64/shellcode/39847.c,"Linux/x86-64 - Information Stealer Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0 @@ -36280,7 +36280,7 @@ id,file,description,date,author,platform,type,port 40118,platforms/windows/local/40118.txt,"Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)",2016-06-22,"Brian Pak",windows,local,0 40119,platforms/linux/remote/40119.md,"DropBearSSHD <= 2015.71 - Command Injection",2016-03-03,tintinweb,linux,remote,0 40120,platforms/hardware/remote/40120.py,"Meinberg NTP Time Server ELX800/GPS M4x V5.30p - Remote Command Execution and Escalate Privileges",2016-07-17,b0yd,hardware,remote,0 -40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes)",2016-07-19,CripSlick,lin_x86-64,shellcode,0 +40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes)",2016-07-19,CripSlick,lin_x86-64,shellcode,0 40125,platforms/multiple/remote/40125.py,"Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String Exploit",2016-07-19,bashis,multiple,remote,0 40126,platforms/php/webapps/40126.txt,"NewsP Free News Script 1.4.7 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80 40127,platforms/php/webapps/40127.txt,"newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80 @@ -36295,7 +36295,7 @@ id,file,description,date,author,platform,type,port 40136,platforms/linux/remote/40136.py,"OpenSSHD <= 7.2p2 - Username Enumeration",2016-07-20,0_o,linux,remote,22 40137,platforms/php/webapps/40137.html,"WordPress Video Player Plugin 1.5.16 - SQL Injection",2016-07-20,"David Vaartjes",php,webapps,80 40138,platforms/windows/remote/40138.py,"TFTP Server 1.4 - WRQ Buffer Overflow Exploit (Egghunter)",2016-07-21,"Karn Ganeshen",windows,remote,69 -40139,platforms/lin_x86-64/shellcode/40139.c,"Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes)",2016-07-21,CripSlick,lin_x86-64,shellcode,0 +40139,platforms/lin_x86-64/shellcode/40139.c,"Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes)",2016-07-21,CripSlick,lin_x86-64,shellcode,0 40140,platforms/php/webapps/40140.txt,"TeamPass Passwords Management System 2.1.26 - Arbitrary File Download",2016-07-21,"Hasan Emre Ozer",php,webapps,80 40141,platforms/bsd/local/40141.c,"mail.local(8) (NetBSD) - Local Root Exploit (NetBSD-SA2016-006)",2016-07-21,akat1,bsd,local,0 40142,platforms/php/remote/40142.php,"Apache 2.4.7 & PHP <= 7.0.2 - openssl_seal() Uninitialized Memory Code Execution",2016-02-01,akat1,php,remote,0 diff --git a/platforms/bsd/local/21407.c b/platforms/bsd/local/21407.c index 730ee0fd4..e1545e6f1 100755 --- a/platforms/bsd/local/21407.c +++ b/platforms/bsd/local/21407.c @@ -1,8 +1,10 @@ +/* source: http://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are valid open files before exec()ing setuid images. Consequently, I/O that are opened by a setuid process may be assigned file descriptors equivelent to those used by the C library as 'standard input','standard output', and 'standard error'. This may result in untrusted, attacker supplied data being written to sensitive I/O channels. Local root compromise has been confirmed as a possible consequence. +*/ /* phased/b10z diff --git a/platforms/bsd_x86/shellcode/16025.c b/platforms/freebsd_x86/shellcode/16025.c similarity index 100% rename from platforms/bsd_x86/shellcode/16025.c rename to platforms/freebsd_x86/shellcode/16025.c diff --git a/platforms/hardware/shellcode/13290.txt b/platforms/ios/shellcode/13290.txt similarity index 100% rename from platforms/hardware/shellcode/13290.txt rename to platforms/ios/shellcode/13290.txt diff --git a/platforms/linux/dos/10202.txt b/platforms/linux/dos/10202.c similarity index 96% rename from platforms/linux/dos/10202.txt rename to platforms/linux/dos/10202.c index 7743100cb..f795a510b 100755 --- a/platforms/linux/dos/10202.txt +++ b/platforms/linux/dos/10202.c @@ -1,3 +1,4 @@ +/* Description of problem: execution of a particular program from the Arachne suite reliably causes a @@ -72,6 +73,7 @@ CR2: 0000000000000030 <0>Kernel panic - not syncing: Fatal exception PoC: +*/ #include #include diff --git a/platforms/linux/dos/19085.c b/platforms/linux/dos/19085.c index 5297849f3..b4e073755 100755 --- a/platforms/linux/dos/19085.c +++ b/platforms/linux/dos/19085.c @@ -1,6 +1,8 @@ +/* source: http://www.securityfocus.com/bid/111/info A vulnerability in the Linux kernel allows any user to send a SIGIO signal to any process. If the process does not catch or ignore the signal is will exit. +*/ /* On non-glibc systems you must add * diff --git a/platforms/linux/local/19272.txt b/platforms/linux/dos/19272.txt similarity index 100% rename from platforms/linux/local/19272.txt rename to platforms/linux/dos/19272.txt diff --git a/platforms/linux/dos/20566.c b/platforms/linux/dos/20566.c index 6d732095d..9260556a8 100755 --- a/platforms/linux/dos/20566.c +++ b/platforms/linux/dos/20566.c @@ -1,6 +1,8 @@ +/* source: http://www.securityfocus.com/bid/2247/info Linux kernel versions 2.1.89 to 2.2.3 are vulnerable to a denial of service attack caused when a 0-length IP fragment is received, if it is the first fragment in the list. Several thousands 0-length packets must be sent in order for this to initiate a denial of service against the target. +*/ /* * sesquipedalian.c - Demonstrates a DoS bug in Linux 2.1.89 - 2.2.3 diff --git a/platforms/linux/local/21598.c b/platforms/linux/dos/21598.c similarity index 90% rename from platforms/linux/local/21598.c rename to platforms/linux/dos/21598.c index 030f92a30..49a42c48c 100755 --- a/platforms/linux/local/21598.c +++ b/platforms/linux/dos/21598.c @@ -1,3 +1,4 @@ +/* source: http://www.securityfocus.com/bid/5178/info The Linux kernel is a freely available, open source kernel originally written by Linus Torvalds. It is the core of all Linux distributions. @@ -5,6 +6,7 @@ The Linux kernel is a freely available, open source kernel originally written by Recent versions of the Linux kernel include a collection of file descriptors which are reserved for usage by processes executing as the root user. By default, the size of this collection is set to 10 file descriptors. It is possible for a local, non-privileged user to open all system file descriptors. The malicious user may then exhaust the pool of reserved descriptors by opening several common suid binaries, resulting in a denial of service condition. +*/ #include diff --git a/platforms/linux/local/25234.sh b/platforms/linux/dos/25234.sh similarity index 100% rename from platforms/linux/local/25234.sh rename to platforms/linux/dos/25234.sh diff --git a/platforms/linux/local/25287.c b/platforms/linux/dos/25287.c similarity index 100% rename from platforms/linux/local/25287.c rename to platforms/linux/dos/25287.c diff --git a/platforms/linux/local/25647.sh b/platforms/linux/dos/25647.sh similarity index 100% rename from platforms/linux/local/25647.sh rename to platforms/linux/dos/25647.sh diff --git a/platforms/linux/dos/15344.c b/platforms/linux/local/15344.c similarity index 100% rename from platforms/linux/dos/15344.c rename to platforms/linux/local/15344.c diff --git a/platforms/linux/dos/15481.c b/platforms/linux/local/15481.c similarity index 100% rename from platforms/linux/dos/15481.c rename to platforms/linux/local/15481.c diff --git a/platforms/linux/dos/24459.sh b/platforms/linux/local/24459.sh similarity index 100% rename from platforms/linux/dos/24459.sh rename to platforms/linux/local/24459.sh diff --git a/platforms/linux/dos/39771.txt b/platforms/linux/local/39771.txt similarity index 100% rename from platforms/linux/dos/39771.txt rename to platforms/linux/local/39771.txt