bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-02-10

Browse source 
4 new exploits
This commit is contained in:
Offensive Security 2016-02-10 05:02:26 +00:00
parent 2a3eb85737
commit a97b3361e6
8 changed files with 341 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
files.csv
View file

@ -1259,7 +1259,7 @@ id,file,description,date,author,platform,type,port
1515,platforms/php/webapps/1515.pl,"GeekLog 1.x - (error.log) Remote Commands Execution Exploit (gpc = Off)",2006-02-20,rgod,php,webapps,0
1516,platforms/php/webapps/1516.php,"ilchClan <= 1.05g (tid) Remote SQL Injection Exploit",2006-02-20,x128,php,webapps,0
1517,platforms/php/dos/1517.c,"PunBB <= 2.0.10 - (Register Multiple Users) Denial of Service Exploit",2006-02-20,K4P0,php,dos,0
1518,platforms/linux/local/1518.c,"MySQL 4.x/5.0 - User-Defined Function Local Privilege Escalation Exploit",2006-02-20,"Marco Ivaldi",linux,local,0
1518,platforms/linux/local/1518.c,"MySQL 4.x/5.0 - User-Defined Function (UDF) Local Privilege Escalation Exploit (Linux)",2006-02-20,"Marco Ivaldi",linux,local,0
1519,platforms/osx/remote/1519.pm,"Mac OS X Safari Browser (Safe File) Remote Code Execution Exploit",2006-02-22,"H D Moore",osx,remote,0
1520,platforms/windows/remote/1520.pl,"Microsoft Windows Media Player - Plugin Overflow Exploit (MS06-006) (3)",2006-02-22,"Matthew Murphy",windows,remote,0
1521,platforms/php/webapps/1521.php,"Noahs Classifieds <= 1.3 (lowerTemplate) Remote Code Execution",2006-02-22,trueend5,php,webapps,0
@ -2942,7 +2942,7 @@ id,file,description,date,author,platform,type,port
3271,platforms/php/webapps/3271.php,"GGCMS <= 1.1.0 RC1 - Remote Code Execution Exploit",2007-02-05,Kacper,php,webapps,0
3272,platforms/windows/dos/3272.html,"Microsoft Internet Explorer 6 (mshtml.dll) Null Pointer Dereference Exploit",2007-02-05,AmesianX,windows,dos,0
3273,platforms/tru64/local/3273.ksh,"HP Tru64 Alpha OSF1 5.1 - (ps) Information Leak Exploit",2007-02-06,bunker,tru64,local,0
3274,platforms/windows/remote/3274.txt,"MySQL 4.x/5.0 - User-Defined Function Command Execution Exploit (win)",2007-02-06,"Marco Ivaldi",windows,remote,3306
3274,platforms/windows/remote/3274.txt,"MySQL 4.x/5.0 - User-Defined Function (UDF) Command Execution Exploit (Windows)",2007-02-06,"Marco Ivaldi",windows,remote,3306
3275,platforms/php/webapps/3275.txt,"LightRO CMS 1.0 (inhalt.php) Remote File Include Vulnerability",2007-02-06,ajann,php,webapps,0
3276,platforms/windows/dos/3276.cpp,"FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow DoS Exploit",2007-02-06,Marsu,windows,dos,0
3277,platforms/windows/dos/3277.cpp,"SmartFTP Client 2.0.1002 - Remote Heap Overflow DoS Exploit",2007-02-06,Marsu,windows,dos,0
@ -35643,7 +35643,7 @@ id,file,description,date,author,platform,type,port
39401,platforms/multiple/dos/39401.txt,"pdfium - opj_t2_read_packet_header (libopenjpeg) Heap Use-After-Free",2016-02-02,"Google Security Research",multiple,dos,0
39402,platforms/jsp/webapps/39402.txt,"eClinicalWorks (CCMR) - Multiple Vulnerabilities",2016-02-02,"Jerold Hoong",jsp,webapps,80
39403,platforms/windows/dos/39403.py,"Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow Vulnerability",2016-02-03,LiquidWorm,windows,dos,0
39404,platforms/php/webapps/39404.txt,"Timeclock Software 0.995 - Multiple SQL Iinjection Vulnerabilities",2016-02-03,Benetrix,php,webapps,80
39404,platforms/php/webapps/39404.txt,"Timeclock Software 0.995 - Multiple SQL Injection Vulnerabilities",2016-02-03,Benetrix,php,webapps,80
39405,platforms/jsp/webapps/39405.py,"Jive Forums <= 5.5.25 - Directory Traversal Vulnerability",2016-02-03,ZhaoHuAn,jsp,webapps,80
39406,platforms/linux/dos/39406.py,"yTree 1.94-1.1 - Local Buffer Overflow",2016-02-03,"Juan Sacco",linux,dos,0
39407,platforms/hardware/webapps/39407.txt,"Viprinet Multichannel VPN Router 300 - Stored XSS Vulnerabilities",2016-02-03,Portcullis,hardware,webapps,0
@ -35657,8 +35657,12 @@ id,file,description,date,author,platform,type,port
39415,platforms/php/webapps/39415.txt,"ATutor 2.2 - Multiple XSS Vulnerabilities",2016-02-04,"Curesec Research Team",php,webapps,80
39416,platforms/php/webapps/39416.txt,"Symphony CMS 2.6.3 Multiple SQL Injection Vulnerabilities",2016-02-04,"Sachin Wagh",php,webapps,80
39417,platforms/windows/local/39417.py,"FTPShell Client 5.24 - (Create NewFolder) Local Buffer Overflow",2016-02-04,"Arash Khazaei",windows,local,0
39419,platforms/multiple/webapps/39419.txt,"dotDefender Firewall 5.00.12865 / 5.13-13282 - CSRF Vulnerability",2016-02-08,John,multiple,webapps,0
39419,platforms/multiple/webapps/39419.txt,"dotDefender Firewall 5.00.12865 / 5.13-13282 - CSRF Vulnerability",2016-02-08,hyp3rlinx,multiple,webapps,0
39420,platforms/php/webapps/39420.txt,"WordPress User Meta Manager Plugin 3.4.6 - Information Disclosure",2016-02-08,"Panagiotis Vagenas",php,webapps,80
39421,platforms/php/webapps/39421.py,"WordPress WooCommerce Store Toolkit Plugin 1.5.5 - Privilege Escalation",2016-02-08,"Panagiotis Vagenas",php,webapps,80
39422,platforms/php/webapps/39422.py,"WordPress WP User Frontend Plugin < 2.3.11 - Unrestricted File Upload",2016-02-08,"Panagiotis Vagenas",php,webapps,80
39423,platforms/php/webapps/39423.txt,"WordPress Booking Calendar Contact Form Plugin <= 1.0.23 - Multiple Vulnerabilities",2016-02-08,"i0akiN SEC-LABORATORY",php,webapps,80
39427,platforms/php/webapps/39427.txt,"Employee Timeclock Software 0.99 - SQL Injection Vulnerabilities",2010-03-10,"Secunia Research",php,webapps,0
39429,platforms/windows/dos/39429.txt,"Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0
39430,platforms/windows/dos/39430.txt,"Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2",2016-02-09,"Francis Provencher",windows,dos,0
39431,platforms/windows/dos/39431.txt,"Adobe Photoshop CC & Bridge CC IFF File Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0

Can't render this file because it is too large.

3
platforms/linux/local/1518.c
View file

@ -49,6 +49,9 @@
* sh-2.05b$ cat /tmp/out
* uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm)
* [...]
*
* E-DB Note: Keep an eye on https://github.com/mysqludf/lib_mysqludf_sys
*
*/
#include <stdio.h>

3
platforms/linux/remote/5622.txt
View file

@ -9,7 +9,8 @@ configured to.
On an unpatched system, which doesn't need to be debian, do the following:
keys provided by HD Moore - http://metasploit.com/users/hdm/tools/debian-openssl/
keys provided by HD Moore - http://metasploit.com/users/hdm/tools/debian-openssl/
***E-DB Note: Mirror ~ https://github.com/g0tmi1k/debian-ssh***
1. Download http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/5622.tar.bz2 (debian_ssh_rsa_2048_x86.tar.bz2)

121
platforms/php/webapps/39427.txt Executable file
View file

@ -0,0 +1,121 @@
Source: http://www.securityfocus.com/archive/1/509995
======================================================================
Secunia Research 10/03/2010
- Employee Timeclock Software SQL Injection Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
* Employee Timeclock Software 0.99
NOTE: Other versions may also be affected.
======================================================================
2) Severity
Rating: Moderately critical
Impact: Manipulation of data
Where: Remote
======================================================================
3) Vendor's Description of Software
"Timeclock-software.net's free software product will be a simple
solution to allow your employees to record their time in one central
location for easy access.".
Product Link:
http://timeclock-software.net/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered some vulnerabilities in Employee
Timeclock Software, which can be exploited by malicious people to
conduct SQL injection attacks.
Input passed to the "username" and "password" parameters in auth.php
and login_action.php is not properly sanitised before being used in
SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.
======================================================================
5) Solution
Edit the source code to ensure that input is properly sanitised.
======================================================================
6) Time Table
25/02/2010 - Vendor notified.
04/03/2010 - Vendor notified again.
10/03/2010 - Public disclosure.
======================================================================
7) Credits
Discovered by Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2010-0122 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2010-11/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================

70
platforms/windows/dos/39429.txt Executable file
View file

@ -0,0 +1,70 @@
#####################################################################################
Application: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption
Platforms: Windows
Versions: Bridge CC 6.1.1 and earlier versions
Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
CVE; 2016-0951
Author: Francis Provencher of COSIG
Twitter: @COSIG_
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
#####################################################################################
============================
2) Report Timeline
============================
2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
2016-02-09: Adobe release a patch (APSB16-03);
2016-02-09: COSIG release this advisory;
#####################################################################################
============================
3) Technical details
============================
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invalid uint32 Length, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
#####################################################################################
===========
4) POC
===========
(Theses files must be in the same folder for Bridge CC)
http://protekresearchlab.com/exploits/COSIG-2016-08-1.png
http://protekresearchlab.com/exploits/COSIG-2016-08-2.png
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39429.zip
###############################################################################

69
platforms/windows/dos/39430.txt Executable file
View file

@ -0,0 +1,69 @@
#####################################################################################
Application: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption
Platforms: Windows
Versions: Bridge CC 6.1.1 and earlier versions
Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
CVE; 2016-0952
Author: Francis Provencher of COSIG
Twitter: @COSIG_
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
#####################################################################################
============================
2) Report Timeline
============================
2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
2016-02-09: Adobe release a patch (APSB16-03);
2016-02-09: COSIG release this advisory;
#####################################################################################
============================
3) Technical details
============================
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invialid uint32 CRC checksum, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
#####################################################################################
===========
4) POC
===========
(Theses files must be in the same folder for Bridge CC)
http://protekresearchlab.com/exploits/COSIG-2016-09-1.png
http://protekresearchlab.com/exploits/COSIG-2016-09-2.png
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39430.zip
###############################################################################

66
platforms/windows/dos/39431.txt Executable file
View file

@ -0,0 +1,66 @@
#####################################################################################
Application: Adobe Photoshop CC & Bridge CC IFF file parsing memory corruption
Platforms: Windows
Versions: Bridge CC 6.1.1 and earlier versions
Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
CVE; 2016-0953
Author: Francis Provencher of COSIG
Twitter: @COSIG_
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
#####################################################################################
============================
2) Report Timeline
============================
2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
2016-02-09: Adobe release a patch (APSB16-03);
2016-02-09: COSIG release this advisory;
#####################################################################################
============================
3) Technical details
============================
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed IFF file, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
#####################################################################################
===========
4) POC
===========
http://protekresearchlab.com/exploits/COSIG-2016-10.iff
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39431.zip
###############################################################################

2
platforms/windows/remote/3274.txt
View file

@ -16,6 +16,8 @@
-- MySQL 4.0.18-win32 (running on Windows XP SP2)
-- MySQL 4.1.22-win32 (running on Windows XP SP2)
-- MySQL 5.0.27-win32 (running on Windows XP SP2)
--
-- E-DB Note: Keep an eye on https://github.com/mysqludf/lib_mysqludf_sys
download:
http://www.0xdeadbeef.info/exploits/raptor_winudf.tgz