diff --git a/exploits/linux/dos/45715.txt b/exploits/linux/local/45715.txt similarity index 100% rename from exploits/linux/dos/45715.txt rename to exploits/linux/local/45715.txt diff --git a/exploits/php/webapps/37116.py b/exploits/php/webapps/37116.py index f57b75bc0..a2ef88dfd 100755 --- a/exploits/php/webapps/37116.py +++ b/exploits/php/webapps/37116.py @@ -1,10 +1,11 @@ -source: http://www.securityfocus.com/bid/53282/info - -SilverStripe is prone to a remote PHP code-injection vulnerability. - -An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. - -SilverStripe 2.4.7 is vulnerable; other versions may also be affected. +# source: http://www.securityfocus.com/bid/53282/info +# +# SilverStripe is prone to a remote PHP code-injection vulnerability. +# +# An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. +# +# SilverStripe 2.4.7 is vulnerable; other versions may also be affected. +# #!/usr/bin/env python # -*- coding:utf-8 -*- diff --git a/files_exploits.csv b/files_exploits.csv index 4d380e63b..274073ea0 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -6161,8 +6161,7 @@ id,file,description,date,author,type,platform,port 45705,exploits/windows_x86-64/dos/45705.py,"Navicat 12.0.29 - 'SSH' Denial of Service (PoC)",2018-10-29,"Rafael Alfaro",dos,windows_x86-64, 45708,exploits/windows_x86-64/dos/45708.py,"AlienIP 2.41 - Denial of Service (PoC)",2018-10-29,"Arturo de la Cruz Tellez",dos,windows_x86-64, 45711,exploits/windows_x86-64/dos/45711.py,"Local Server 1.0.9 - Denial of Service (PoC)",2018-10-29,"Ihsan Sencan",dos,windows_x86-64, -45714,exploits/linux/dos/45714.c,"systemd - reexec State Injection",2018-10-29,"Google Security Research",dos,linux, -45715,exploits/linux/dos/45715.txt,"systemd - chown_one() can Dereference Symlinks",2018-10-29,"Google Security Research",dos,linux, +45714,exploits/linux/dos/45714.c,"systemd - 'reexec' State Injection",2018-10-29,"Google Security Research",dos,linux, 45716,exploits/windows/dos/45716.txt,"ASRock Drivers - Privilege Escalation",2018-10-29,SecureAuth,dos,windows, 45732,exploits/windows/dos/45732.txt,"Modbus Slave 7.0.0 - Denial of Service (PoC)",2018-10-29,"Ihsan Sencan",dos,windows, 45746,exploits/hardware/dos/45746.php,"ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure",2018-10-30,"numan türle",dos,hardware,21 @@ -9362,7 +9361,7 @@ id,file,description,date,author,type,platform,port 38792,exploits/windows/local/38792.txt,"Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation",2015-11-23,"Google Security Research",local,windows, 38817,exploits/linux/local/38817.txt,"Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String",2013-10-26,"Daniel Kahn Gillmor",local,linux, 38832,exploits/linux/local/38832.py,"RHEL 7.0/7.1 - 'abrt/sosreport' Local Privilege Escalation",2015-12-01,rebel,local,linux, -38835,exploits/multiple/local/38835.py,"Centos 7.1 / Fedora 22 - abrt Privilege Escalation",2015-12-01,rebel,local,multiple, +38835,exploits/multiple/local/38835.py,"abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation",2015-12-01,rebel,local,multiple, 38847,exploits/windows/local/38847.py,"Acunetix WVS 10 - Local Privilege Escalation",2015-12-02,"Daniele Linguaglossa",local,windows, 38871,exploits/windows/local/38871.txt,"Cyclope Employee Surveillance 8.6.1 - Insecure File Permissions",2015-12-06,loneferret,local,windows, 38903,exploits/windows/local/38903.txt,"iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File Permissions",2015-12-08,LiquidWorm,local,windows, @@ -9600,7 +9599,7 @@ id,file,description,date,author,type,platform,port 40931,exploits/multiple/local/40931.txt,"Apple macOS 10.12 16A323 XNU Kernel / iOS 10.1.1 - 'set_dp_control_port' Lack of Locking Use-After-Free",2016-12-16,"Google Security Research",local,multiple, 40937,exploits/linux/local/40937.txt,"Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution",2016-12-14,"Donncha OCearbhaill",local,linux, 40938,exploits/linux/local/40938.py,"RedStar 3.0 Server - 'Shellshock' 'BEAM' / 'RSSMON' Command Injection",2016-12-18,"Hacker Fantastic",local,linux, -40943,exploits/linux/local/40943.txt,"Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download",2016-12-13,"Chris Evans",local,linux, +40943,exploits/linux/local/40943.txt,"Google Chrome (Fedora 25 / Ubuntu 16.04) - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download",2016-12-13,"Chris Evans",local,linux, 40950,exploits/aix/local/40950.sh,"IBM AIX 6.1/7.1/7.2 - 'Bellmail' Local Privilege Escalation",2016-12-22,"Hector X. Monsegur",local,aix, 40953,exploits/linux/local/40953.sh,"Vesta Control Panel 0.9.8-16 - Local Privilege Escalation",2016-12-22,"Luka Pusic",local,linux, 40956,exploits/macos/local/40956.c,"Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free",2016-12-22,"Google Security Research",local,macos, @@ -9654,7 +9653,7 @@ id,file,description,date,author,type,platform,port 43494,exploits/windows/local/43494.cpp,"Jungo Windriver 12.5.1 - Local Privilege Escalation",2018-01-10,"Fidus InfoSecurity",local,windows, 43499,exploits/multiple/local/43499.txt,"Parity Browser < 1.6.10 - Bypass Same Origin Policy",2018-01-10,tintinweb,local,multiple, 43500,exploits/multiple/local/43500.txt,"Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping",2016-07-03,tintinweb,local,multiple, -43775,exploits/linux/local/43775.c,"glibc - 'getcwd()' Local Privilege Escalation",2018-01-16,halfdog,local,linux, +43775,exploits/linux/local/43775.c,"glibc < 2.26 - 'getcwd()' Local Privilege Escalation",2018-01-16,halfdog,local,linux, 43925,exploits/macos/local/43925.rb,"Arq 5.10 - Local Privilege Escalation (1)",2018-01-29,"Mark Wadham",local,macos, 43926,exploits/macos/local/43926.sh,"Arq 5.10 - Local Privilege Escalation (2)",2018-01-29,"Mark Wadham",local,macos, 43929,exploits/windows/local/43929.c,"System Shield 5.0.0.136 - Privilege Escalation",2018-01-30,"Parvez Anwar",local,windows, @@ -9991,7 +9990,7 @@ id,file,description,date,author,type,platform,port 44984,exploits/hardware/local/44984.txt,"ADB Broadband Gateways / Routers - Privilege Escalation",2018-07-05,"SEC Consult",local,hardware, 44989,exploits/windows/local/44989.py,"Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH)",2018-07-09,Achilles,local,windows, 45009,exploits/linux/local/45009.txt,"Awk to Perl 1.007-5 - Buffer Overflow (PoC)",2018-07-11,"Todor Donev",local,linux, -45010,exploits/linux/local/45010.c,"Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation",2018-07-10,rlarabee,local,linux, +45010,exploits/linux/local/45010.c,"Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation",2018-07-10,rlarabee,local,linux, 45024,exploits/windows/local/45024.rb,"Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)",2018-07-13,Metasploit,local,windows, 45026,exploits/windows/local/45026.txt,"Microsoft Enterprise Mode Site List Manager - XML External Entity Injection",2018-07-16,hyp3rlinx,local,windows, 45041,exploits/hardware/local/45041.txt,"Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape",2018-07-17,LiquidWorm,local,hardware, @@ -10091,6 +10090,7 @@ id,file,description,date,author,type,platform,port 45697,exploits/multiple/local/45697.txt,"xorg-x11-server < 1.20.3 - Local Privilege Escalation",2018-10-25,"Hacker Fantastic",local,multiple, 45709,exploits/windows_x86-64/local/45709.vb,"School Equipment Monitoring System 1.0 - 'login' SQL Injection",2018-10-29,"Ihsan Sencan",local,windows_x86-64, 45710,exploits/windows_x86/local/45710.pl,"Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)",2018-10-29,"Kağan Çapar",local,windows_x86, +45715,exploits/linux/local/45715.txt,"systemd - 'chown_one()' Dereference Symlinks",2018-10-29,"Google Security Research",local,linux, 45738,exploits/windows/local/45738.py,"R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)",2018-10-30,"Charles Truscott",local,windows, 45742,exploits/openbsd/local/45742.sh,"xorg-x11-server 1.20.3 - Privilege Escalation",2018-10-30,"Marco Ivaldi",local,openbsd, 45744,exploits/windows/local/45744.rb,"Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)",2018-10-30,d3ckx1,local,windows, @@ -27520,7 +27520,7 @@ id,file,description,date,author,type,platform,port 23029,exploits/php/webapps/23029.txt,"SmartCMS - '/index.php?menuitem' SQL Injection / Cross-Site Scripting",2012-11-30,"Yakir Wizman",webapps,php, 23032,exploits/asp/webapps/23032.txt,"Clickcess ChitChat.NET - name Cross-Site Scripting",2003-08-13,G00db0y,webapps,asp, 23033,exploits/asp/webapps/23033.txt,"Clickcess ChitChat.NET - topic title Cross-Site Scripting",2003-08-13,G00db0y,webapps,asp, -23031,exploits/php/webapps/23031.txt,"SilverStripe CMS 3.0.2 - Multiple Vulnerabilities",2012-11-30,"Sense of Security",webapps,php, +23031,exploits/php/webapps/23031.txt,"SilverStripe CMS 3.0.2 - (Multiple Vulnerabilities) Cross-Site Scripting / Cross-Site Request Forgery",2012-11-30,"Sense of Security",webapps,php, 23039,exploits/php/webapps/23039.txt,"Fusion News 3.3 - Unauthorized Account Addition",2003-08-18,DarkKnight,webapps,php, 23055,exploits/asp/webapps/23055.txt,"IdealBB 1.4.9 Beta - HTML Injection",2003-08-23,"Scott M",webapps,asp, 23057,exploits/php/webapps/23057.txt,"newsPHP 216 - Remote File Inclusion",2003-08-25,Officerrr,webapps,php, @@ -38162,7 +38162,7 @@ id,file,description,date,author,type,platform,port 40772,exploits/php/webapps/40772.txt,"WordPress Plugin Sirv 1.3.1 - SQL Injection",2016-11-17,"Lenon Leite",webapps,php, 40782,exploits/php/webapps/40782.txt,"WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection",2016-11-12,"Lenon Leite",webapps,php, 40783,exploits/php/webapps/40783.txt,"WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection",2016-11-12,"Lenon Leite",webapps,php, -40776,exploits/php/webapps/40776.txt,"EditMe CMS - Cross-Site Request Forgery (Add New Admin)",2016-11-18,Vulnerability-Lab,webapps,php, +40776,exploits/php/webapps/40776.txt,"EditMe CMS - Cross-Site Request Forgery (Add Admin)",2016-11-18,Vulnerability-Lab,webapps,php, 40791,exploits/php/webapps/40791.txt,"ScriptCase 8.1.053 - Multiple Vulnerabilities",2016-11-20,hyp3rlinx,webapps,php, 40794,exploits/java/webapps/40794.txt,"Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal",2016-11-21,"Julien Ahrens",webapps,java, 40795,exploits/php/webapps/40795.html,"WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery",2016-11-21,"Sipke Mellema",webapps,php,80 @@ -38703,7 +38703,7 @@ id,file,description,date,author,type,platform,port 43460,exploits/hardware/webapps/43460.py,"FiberHome LM53Q1 - Multiple Vulnerabilities",2018-01-08,"Ibad Shah",webapps,hardware, 43461,exploits/php/webapps/43461.txt,"WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload",2018-01-08,NinTechNet,webapps,php, 43462,exploits/php/webapps/43462.html,"Vanilla < 2.1.5 - Cross-Site Request Forgery",2018-01-08,"Anand Meyyappan",webapps,php, -43475,exploits/php/webapps/43475.txt,"Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure",2018-01-10,telahdihapus,webapps,php, +43475,exploits/php/webapps/43475.txt,"WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure",2018-01-10,telahdihapus,webapps,php, 43477,exploits/php/webapps/43477.txt,"Muviko 1.1 - SQL Injection",2018-01-10,"Ahmad Mahfouz",webapps,php, 43479,exploits/php/webapps/43479.txt,"WordPress Plugin Events Calendar - 'event_id' SQL Injection",2018-01-10,"Dennis Veninga",webapps,php, 43484,exploits/php/webapps/43484.txt,"WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery",2018-01-10,"Panagiotis Vagenas",webapps,php,80 @@ -39701,7 +39701,7 @@ id,file,description,date,author,type,platform,port 44435,exploits/php/webapps/44435.txt,"WordPress Plugin Google Drive 2.2 - Remote Code Execution",2018-04-09,"Lenon Leite",webapps,php, 44436,exploits/php/webapps/44436.txt,"iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting",2018-04-10,ManhNho,webapps,php, 44437,exploits/php/webapps/44437.txt,"Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting",2018-04-10,"Stefan Broeder",webapps,php, -44439,exploits/php/webapps/44439.txt,"WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User)",2018-04-10,taoge,webapps,php, +44439,exploits/php/webapps/44439.txt,"WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)",2018-04-10,taoge,webapps,php, 44440,exploits/php/webapps/44440.txt,"WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)",2018-04-10,taoge,webapps,php, 44441,exploits/linux/webapps/44441.txt,"Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control",2018-04-10,SlidingWindow,webapps,linux, 44443,exploits/php/webapps/44443.txt,"WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting",2018-04-10,ManhNho,webapps,php, @@ -39735,7 +39735,7 @@ id,file,description,date,author,type,platform,port 44513,exploits/php/webapps/44513.py,"Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass",2018-04-24,devcoinfet,webapps,php, 44515,exploits/php/webapps/44515.py,"Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure",2018-04-24,"Berk Cem Göksel",webapps,php, 44520,exploits/php/webapps/44520.html,"WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion",2018-04-24,"Lenon Leite",webapps,php,80 -44542,exploits/php/webapps/44542.txt,"Drupal < 7.58 - 'drupalgeddon3' (Authenticated) Remote Code Execution (PoC)",2018-04-25,Blaklis,webapps,php, +44542,exploits/php/webapps/44542.txt,"Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)",2018-04-25,Blaklis,webapps,php, 44531,exploits/java/webapps/44531.txt,"WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting",2018-04-24,"SEC Consult",webapps,java, 44535,exploits/php/webapps/44535.txt,"Blog Master Pro 1.0 - CSV Injection",2018-04-25,8bitsec,webapps,php, 44536,exploits/php/webapps/44536.txt,"HRSALE The Ultimate HRM 1.0.2 - CSV Injection",2018-04-25,8bitsec,webapps,php, @@ -39944,7 +39944,7 @@ id,file,description,date,author,type,platform,port 44911,exploits/linux/webapps/44911.txt,"NewMark CMS 2.1 - 'sec_id' SQL Injection",2018-06-20,"Berk Dusunur",webapps,linux, 44912,exploits/hardware/webapps/44912.py,"TP-Link TL-WA850RE - Remote Command Execution",2018-06-20,yoresongo,webapps,hardware, 44913,exploits/linux/webapps/44913.py,"Apache CouchDB < 2.1.0 - Remote Code Execution",2018-06-20,"Cody Zacharias",webapps,linux, -44916,exploits/multiple/webapps/44916.rb,"IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)",2018-06-20,Nettitude,webapps,multiple,80 +44916,exploits/multiple/webapps/44916.rb,"IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)",2018-06-20,Nettitude,webapps,multiple,80 44917,exploits/windows/webapps/44917.txt,"VideoInsight WebClient 5 - SQL Injection",2018-06-20,vosec,webapps,windows,80 44918,exploits/php/webapps/44918.html,"LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)",2018-06-21,bay0net,webapps,php,80 44919,exploits/php/webapps/44919.html,"LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)",2018-06-21,bay0net,webapps,php,80 @@ -40079,7 +40079,7 @@ id,file,description,date,author,type,platform,port 45232,exploits/php/webapps/45232.txt,"Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)",2018-08-21,L0RD,webapps,php, 45234,exploits/php/webapps/45234.txt,"Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection",2018-08-21,"Mostafa Gharzi",webapps,php, 45236,exploits/hardware/webapps/45236.txt,"ZyXEL VMG3312-B10B - Cross-Site Scripting",2018-08-22,"Samet ŞAHİN",webapps,hardware, -45237,exploits/php/webapps/45237.php,"KingMedia 4.1 - Remote Code Execution",2018-08-22,"Efrén Díaz",webapps,php, +45237,exploits/php/webapps/45237.php,"KingMedia 4.1 - File Upload",2018-08-22,"Efrén Díaz",webapps,php, 45242,exploits/hardware/webapps/45242.txt,"Geutebrueck re_porter 16 - Cross-Site Scripting",2018-08-22,"Kamil Suska",webapps,hardware, 45247,exploits/php/webapps/45247.txt,"Twitter-Clone 1 - 'code' SQL Injection",2018-08-23,L0RD,webapps,php, 45248,exploits/windows/webapps/45248.txt,"PCViewer vt1000 - Directory Traversal",2018-08-23,"Berk Dusunur",webapps,windows, @@ -40327,12 +40327,12 @@ id,file,description,date,author,type,platform,port 45780,exploits/php/webapps/45780.py,"PHP Proxy 3.0.3 - Local File Inclusion",2018-11-05,AkkuS,webapps,php,80 45783,exploits/json/webapps/45783.html,"Royal TS/X - Information Disclosure",2018-11-05,"Jakub Palaczynski",webapps,json,54890 45784,exploits/php/webapps/45784.txt,"Voovi Social Networking Script 1.0 - 'user' SQL Injection",2018-11-05,"Ihsan Sencan",webapps,php,80 -45793,exploits/php/webapps/45793.py,"CMS Made Simple 2.2.7 - Remote Code Execution",2018-11-06,"Lucian Ioan Nitescu",webapps,php, +45793,exploits/php/webapps/45793.py,"CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution",2018-11-06,"Lucian Ioan Nitescu",webapps,php, 45794,exploits/php/webapps/45794.txt,"OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)",2018-11-06,"Ihsan Sencan",webapps,php, 45795,exploits/php/webapps/45795.txt,"Grocery crud 1.6.1 - 'search_field' SQL Injection",2018-11-06,"Loading Kura Kura",webapps,php,80 45799,exploits/php/webapps/45799.txt,"OOP CMS BLOG 1.0 - 'search' SQL Injection",2018-11-06,"Ihsan Sencan",webapps,php,80 45801,exploits/php/webapps/45801.txt,"OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection",2018-11-06,AkkuS,webapps,php,80 -45802,exploits/php/webapps/45802.txt,"LibreHealth 2.0.0 - Arbitrary File Actions",2018-11-06,"Carlos Avila",webapps,php,80 +45802,exploits/php/webapps/45802.txt,"LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions",2018-11-06,"Carlos Avila",webapps,php,80 45803,exploits/php/webapps/45803.txt,"PlayJoom 0.10.1 - 'catid' SQL Injection",2018-11-07,"Ihsan Sencan",webapps,php,80 45807,exploits/php/webapps/45807.txt,"Data Center Audit 2.6.2 - 'username' SQL Injection",2018-11-12,"Ihsan Sencan",webapps,php,80 45808,exploits/linux/webapps/45808.txt,"TufinOS 2.17 Build 1193 - XML External Entity Injection",2018-11-12,"Konstantinos Alexiou",webapps,linux,