DB: 2016-02-10
4 new exploits
This commit is contained in:
parent
2a3eb85737
commit
a97b3361e6
8 changed files with 341 additions and 5 deletions
12
files.csv
12
files.csv
|
@ -1259,7 +1259,7 @@ id,file,description,date,author,platform,type,port
|
|||
1515,platforms/php/webapps/1515.pl,"GeekLog 1.x - (error.log) Remote Commands Execution Exploit (gpc = Off)",2006-02-20,rgod,php,webapps,0
|
||||
1516,platforms/php/webapps/1516.php,"ilchClan <= 1.05g (tid) Remote SQL Injection Exploit",2006-02-20,x128,php,webapps,0
|
||||
1517,platforms/php/dos/1517.c,"PunBB <= 2.0.10 - (Register Multiple Users) Denial of Service Exploit",2006-02-20,K4P0,php,dos,0
|
||||
1518,platforms/linux/local/1518.c,"MySQL 4.x/5.0 - User-Defined Function Local Privilege Escalation Exploit",2006-02-20,"Marco Ivaldi",linux,local,0
|
||||
1518,platforms/linux/local/1518.c,"MySQL 4.x/5.0 - User-Defined Function (UDF) Local Privilege Escalation Exploit (Linux)",2006-02-20,"Marco Ivaldi",linux,local,0
|
||||
1519,platforms/osx/remote/1519.pm,"Mac OS X Safari Browser (Safe File) Remote Code Execution Exploit",2006-02-22,"H D Moore",osx,remote,0
|
||||
1520,platforms/windows/remote/1520.pl,"Microsoft Windows Media Player - Plugin Overflow Exploit (MS06-006) (3)",2006-02-22,"Matthew Murphy",windows,remote,0
|
||||
1521,platforms/php/webapps/1521.php,"Noahs Classifieds <= 1.3 (lowerTemplate) Remote Code Execution",2006-02-22,trueend5,php,webapps,0
|
||||
|
@ -2942,7 +2942,7 @@ id,file,description,date,author,platform,type,port
|
|||
3271,platforms/php/webapps/3271.php,"GGCMS <= 1.1.0 RC1 - Remote Code Execution Exploit",2007-02-05,Kacper,php,webapps,0
|
||||
3272,platforms/windows/dos/3272.html,"Microsoft Internet Explorer 6 (mshtml.dll) Null Pointer Dereference Exploit",2007-02-05,AmesianX,windows,dos,0
|
||||
3273,platforms/tru64/local/3273.ksh,"HP Tru64 Alpha OSF1 5.1 - (ps) Information Leak Exploit",2007-02-06,bunker,tru64,local,0
|
||||
3274,platforms/windows/remote/3274.txt,"MySQL 4.x/5.0 - User-Defined Function Command Execution Exploit (win)",2007-02-06,"Marco Ivaldi",windows,remote,3306
|
||||
3274,platforms/windows/remote/3274.txt,"MySQL 4.x/5.0 - User-Defined Function (UDF) Command Execution Exploit (Windows)",2007-02-06,"Marco Ivaldi",windows,remote,3306
|
||||
3275,platforms/php/webapps/3275.txt,"LightRO CMS 1.0 (inhalt.php) Remote File Include Vulnerability",2007-02-06,ajann,php,webapps,0
|
||||
3276,platforms/windows/dos/3276.cpp,"FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow DoS Exploit",2007-02-06,Marsu,windows,dos,0
|
||||
3277,platforms/windows/dos/3277.cpp,"SmartFTP Client 2.0.1002 - Remote Heap Overflow DoS Exploit",2007-02-06,Marsu,windows,dos,0
|
||||
|
@ -35643,7 +35643,7 @@ id,file,description,date,author,platform,type,port
|
|||
39401,platforms/multiple/dos/39401.txt,"pdfium - opj_t2_read_packet_header (libopenjpeg) Heap Use-After-Free",2016-02-02,"Google Security Research",multiple,dos,0
|
||||
39402,platforms/jsp/webapps/39402.txt,"eClinicalWorks (CCMR) - Multiple Vulnerabilities",2016-02-02,"Jerold Hoong",jsp,webapps,80
|
||||
39403,platforms/windows/dos/39403.py,"Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow Vulnerability",2016-02-03,LiquidWorm,windows,dos,0
|
||||
39404,platforms/php/webapps/39404.txt,"Timeclock Software 0.995 - Multiple SQL Iinjection Vulnerabilities",2016-02-03,Benetrix,php,webapps,80
|
||||
39404,platforms/php/webapps/39404.txt,"Timeclock Software 0.995 - Multiple SQL Injection Vulnerabilities",2016-02-03,Benetrix,php,webapps,80
|
||||
39405,platforms/jsp/webapps/39405.py,"Jive Forums <= 5.5.25 - Directory Traversal Vulnerability",2016-02-03,ZhaoHuAn,jsp,webapps,80
|
||||
39406,platforms/linux/dos/39406.py,"yTree 1.94-1.1 - Local Buffer Overflow",2016-02-03,"Juan Sacco",linux,dos,0
|
||||
39407,platforms/hardware/webapps/39407.txt,"Viprinet Multichannel VPN Router 300 - Stored XSS Vulnerabilities",2016-02-03,Portcullis,hardware,webapps,0
|
||||
|
@ -35657,8 +35657,12 @@ id,file,description,date,author,platform,type,port
|
|||
39415,platforms/php/webapps/39415.txt,"ATutor 2.2 - Multiple XSS Vulnerabilities",2016-02-04,"Curesec Research Team",php,webapps,80
|
||||
39416,platforms/php/webapps/39416.txt,"Symphony CMS 2.6.3 – Multiple SQL Injection Vulnerabilities",2016-02-04,"Sachin Wagh",php,webapps,80
|
||||
39417,platforms/windows/local/39417.py,"FTPShell Client 5.24 - (Create NewFolder) Local Buffer Overflow",2016-02-04,"Arash Khazaei",windows,local,0
|
||||
39419,platforms/multiple/webapps/39419.txt,"dotDefender Firewall 5.00.12865 / 5.13-13282 - CSRF Vulnerability",2016-02-08,John,multiple,webapps,0
|
||||
39419,platforms/multiple/webapps/39419.txt,"dotDefender Firewall 5.00.12865 / 5.13-13282 - CSRF Vulnerability",2016-02-08,hyp3rlinx,multiple,webapps,0
|
||||
39420,platforms/php/webapps/39420.txt,"WordPress User Meta Manager Plugin 3.4.6 - Information Disclosure",2016-02-08,"Panagiotis Vagenas",php,webapps,80
|
||||
39421,platforms/php/webapps/39421.py,"WordPress WooCommerce Store Toolkit Plugin 1.5.5 - Privilege Escalation",2016-02-08,"Panagiotis Vagenas",php,webapps,80
|
||||
39422,platforms/php/webapps/39422.py,"WordPress WP User Frontend Plugin < 2.3.11 - Unrestricted File Upload",2016-02-08,"Panagiotis Vagenas",php,webapps,80
|
||||
39423,platforms/php/webapps/39423.txt,"WordPress Booking Calendar Contact Form Plugin <= 1.0.23 - Multiple Vulnerabilities",2016-02-08,"i0akiN SEC-LABORATORY",php,webapps,80
|
||||
39427,platforms/php/webapps/39427.txt,"Employee Timeclock Software 0.99 - SQL Injection Vulnerabilities",2010-03-10,"Secunia Research",php,webapps,0
|
||||
39429,platforms/windows/dos/39429.txt,"Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0
|
||||
39430,platforms/windows/dos/39430.txt,"Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2",2016-02-09,"Francis Provencher",windows,dos,0
|
||||
39431,platforms/windows/dos/39431.txt,"Adobe Photoshop CC & Bridge CC IFF File Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0
|
||||
|
|
Can't render this file because it is too large.
|
|
@ -49,6 +49,9 @@
|
|||
* sh-2.05b$ cat /tmp/out
|
||||
* uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm)
|
||||
* [...]
|
||||
*
|
||||
* E-DB Note: Keep an eye on https://github.com/mysqludf/lib_mysqludf_sys
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
|
|
|
@ -9,7 +9,8 @@ configured to.
|
|||
|
||||
On an unpatched system, which doesn't need to be debian, do the following:
|
||||
|
||||
keys provided by HD Moore - http://metasploit.com/users/hdm/tools/debian-openssl/
|
||||
keys provided by HD Moore - http://metasploit.com/users/hdm/tools/debian-openssl/
|
||||
***E-DB Note: Mirror ~ https://github.com/g0tmi1k/debian-ssh***
|
||||
|
||||
1. Download http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/5622.tar.bz2 (debian_ssh_rsa_2048_x86.tar.bz2)
|
||||
|
|
121
platforms/php/webapps/39427.txt
Executable file
121
platforms/php/webapps/39427.txt
Executable file
|
@ -0,0 +1,121 @@
|
|||
Source: http://www.securityfocus.com/archive/1/509995
|
||||
|
||||
======================================================================
|
||||
|
||||
Secunia Research 10/03/2010
|
||||
|
||||
- Employee Timeclock Software SQL Injection Vulnerabilities -
|
||||
|
||||
======================================================================
|
||||
Table of Contents
|
||||
|
||||
Affected Software....................................................1
|
||||
Severity.............................................................2
|
||||
Vendor's Description of Software.....................................3
|
||||
Description of Vulnerability.........................................4
|
||||
Solution.............................................................5
|
||||
Time Table...........................................................6
|
||||
Credits..............................................................7
|
||||
References...........................................................8
|
||||
About Secunia........................................................9
|
||||
Verification........................................................10
|
||||
|
||||
======================================================================
|
||||
1) Affected Software
|
||||
|
||||
* Employee Timeclock Software 0.99
|
||||
|
||||
NOTE: Other versions may also be affected.
|
||||
|
||||
======================================================================
|
||||
2) Severity
|
||||
|
||||
Rating: Moderately critical
|
||||
Impact: Manipulation of data
|
||||
Where: Remote
|
||||
|
||||
======================================================================
|
||||
3) Vendor's Description of Software
|
||||
|
||||
"Timeclock-software.net's free software product will be a simple
|
||||
solution to allow your employees to record their time in one central
|
||||
location for easy access.".
|
||||
|
||||
Product Link:
|
||||
http://timeclock-software.net/
|
||||
|
||||
======================================================================
|
||||
4) Description of Vulnerability
|
||||
|
||||
Secunia Research has discovered some vulnerabilities in Employee
|
||||
Timeclock Software, which can be exploited by malicious people to
|
||||
conduct SQL injection attacks.
|
||||
|
||||
Input passed to the "username" and "password" parameters in auth.php
|
||||
and login_action.php is not properly sanitised before being used in
|
||||
SQL queries. This can be exploited to manipulate SQL queries by
|
||||
injecting arbitrary SQL code.
|
||||
|
||||
======================================================================
|
||||
5) Solution
|
||||
|
||||
Edit the source code to ensure that input is properly sanitised.
|
||||
|
||||
======================================================================
|
||||
6) Time Table
|
||||
|
||||
25/02/2010 - Vendor notified.
|
||||
04/03/2010 - Vendor notified again.
|
||||
10/03/2010 - Public disclosure.
|
||||
|
||||
======================================================================
|
||||
7) Credits
|
||||
|
||||
Discovered by Secunia Research.
|
||||
|
||||
======================================================================
|
||||
8) References
|
||||
|
||||
The Common Vulnerabilities and Exposures (CVE) project has assigned
|
||||
CVE-2010-0122 for the vulnerability.
|
||||
|
||||
======================================================================
|
||||
9) About Secunia
|
||||
|
||||
Secunia offers vulnerability management solutions to corporate
|
||||
customers with verified and reliable vulnerability intelligence
|
||||
relevant to their specific system configuration:
|
||||
|
||||
http://secunia.com/advisories/business_solutions/
|
||||
|
||||
Secunia also provides a publicly accessible and comprehensive advisory
|
||||
database as a service to the security community and private
|
||||
individuals, who are interested in or concerned about IT-security.
|
||||
|
||||
http://secunia.com/advisories/
|
||||
|
||||
Secunia believes that it is important to support the community and to
|
||||
do active vulnerability research in order to aid improving the
|
||||
security and reliability of software in general:
|
||||
|
||||
http://secunia.com/secunia_research/
|
||||
|
||||
Secunia regularly hires new skilled team members. Check the URL below
|
||||
to see currently vacant positions:
|
||||
|
||||
http://secunia.com/corporate/jobs/
|
||||
|
||||
Secunia offers a FREE mailing list called Secunia Security Advisories:
|
||||
|
||||
http://secunia.com/advisories/mailing_lists/
|
||||
|
||||
======================================================================
|
||||
10) Verification
|
||||
|
||||
Please verify this advisory by visiting the Secunia website:
|
||||
http://secunia.com/secunia_research/2010-11/
|
||||
|
||||
Complete list of vulnerability reports published by Secunia Research:
|
||||
http://secunia.com/secunia_research/
|
||||
|
||||
======================================================================
|
70
platforms/windows/dos/39429.txt
Executable file
70
platforms/windows/dos/39429.txt
Executable file
|
@ -0,0 +1,70 @@
|
|||
#####################################################################################
|
||||
|
||||
Application: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption
|
||||
|
||||
Platforms: Windows
|
||||
|
||||
Versions: Bridge CC 6.1.1 and earlier versions
|
||||
|
||||
Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
|
||||
|
||||
CVE; 2016-0951
|
||||
|
||||
Author: Francis Provencher of COSIG
|
||||
|
||||
Twitter: @COSIG_
|
||||
|
||||
#####################################################################################
|
||||
|
||||
1) Introduction
|
||||
2) Report Timeline
|
||||
3) Technical details
|
||||
4) POC
|
||||
|
||||
#####################################################################################
|
||||
|
||||
===============
|
||||
1) Introduction
|
||||
===============
|
||||
|
||||
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
|
||||
|
||||
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
|
||||
|
||||
#####################################################################################
|
||||
|
||||
============================
|
||||
2) Report Timeline
|
||||
============================
|
||||
|
||||
2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
|
||||
|
||||
2016-02-09: Adobe release a patch (APSB16-03);
|
||||
|
||||
2016-02-09: COSIG release this advisory;
|
||||
|
||||
#####################################################################################
|
||||
|
||||
============================
|
||||
3) Technical details
|
||||
============================
|
||||
|
||||
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invalid uint32 Length, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
|
||||
|
||||
#####################################################################################
|
||||
|
||||
===========
|
||||
|
||||
4) POC
|
||||
|
||||
===========
|
||||
|
||||
(Theses files must be in the same folder for Bridge CC)
|
||||
|
||||
http://protekresearchlab.com/exploits/COSIG-2016-08-1.png
|
||||
http://protekresearchlab.com/exploits/COSIG-2016-08-2.png
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39429.zip
|
||||
|
||||
|
||||
###############################################################################
|
69
platforms/windows/dos/39430.txt
Executable file
69
platforms/windows/dos/39430.txt
Executable file
|
@ -0,0 +1,69 @@
|
|||
#####################################################################################
|
||||
|
||||
Application: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption
|
||||
|
||||
Platforms: Windows
|
||||
|
||||
Versions: Bridge CC 6.1.1 and earlier versions
|
||||
|
||||
Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
|
||||
|
||||
CVE; 2016-0952
|
||||
|
||||
Author: Francis Provencher of COSIG
|
||||
|
||||
Twitter: @COSIG_
|
||||
|
||||
#####################################################################################
|
||||
|
||||
1) Introduction
|
||||
2) Report Timeline
|
||||
3) Technical details
|
||||
4) POC
|
||||
|
||||
#####################################################################################
|
||||
|
||||
===============
|
||||
1) Introduction
|
||||
===============
|
||||
|
||||
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
|
||||
|
||||
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
|
||||
|
||||
#####################################################################################
|
||||
|
||||
============================
|
||||
2) Report Timeline
|
||||
============================
|
||||
|
||||
2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
|
||||
|
||||
2016-02-09: Adobe release a patch (APSB16-03);
|
||||
|
||||
2016-02-09: COSIG release this advisory;
|
||||
|
||||
#####################################################################################
|
||||
|
||||
============================
|
||||
3) Technical details
|
||||
============================
|
||||
|
||||
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invialid uint32 CRC checksum, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
|
||||
|
||||
#####################################################################################
|
||||
|
||||
===========
|
||||
|
||||
4) POC
|
||||
|
||||
===========
|
||||
|
||||
(Theses files must be in the same folder for Bridge CC)
|
||||
|
||||
http://protekresearchlab.com/exploits/COSIG-2016-09-1.png
|
||||
http://protekresearchlab.com/exploits/COSIG-2016-09-2.png
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39430.zip
|
||||
|
||||
###############################################################################
|
66
platforms/windows/dos/39431.txt
Executable file
66
platforms/windows/dos/39431.txt
Executable file
|
@ -0,0 +1,66 @@
|
|||
#####################################################################################
|
||||
|
||||
Application: Adobe Photoshop CC & Bridge CC IFF file parsing memory corruption
|
||||
|
||||
Platforms: Windows
|
||||
|
||||
Versions: Bridge CC 6.1.1 and earlier versions
|
||||
|
||||
Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
|
||||
|
||||
CVE; 2016-0953
|
||||
|
||||
Author: Francis Provencher of COSIG
|
||||
|
||||
Twitter: @COSIG_
|
||||
|
||||
#####################################################################################
|
||||
|
||||
1) Introduction
|
||||
2) Report Timeline
|
||||
3) Technical details
|
||||
4) POC
|
||||
|
||||
#####################################################################################
|
||||
|
||||
===============
|
||||
1) Introduction
|
||||
===============
|
||||
|
||||
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
|
||||
|
||||
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
|
||||
|
||||
#####################################################################################
|
||||
|
||||
============================
|
||||
2) Report Timeline
|
||||
============================
|
||||
|
||||
2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
|
||||
|
||||
2016-02-09: Adobe release a patch (APSB16-03);
|
||||
|
||||
2016-02-09: COSIG release this advisory;
|
||||
|
||||
#####################################################################################
|
||||
|
||||
============================
|
||||
3) Technical details
|
||||
============================
|
||||
|
||||
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed IFF file, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
|
||||
|
||||
#####################################################################################
|
||||
|
||||
===========
|
||||
|
||||
4) POC
|
||||
|
||||
===========
|
||||
|
||||
http://protekresearchlab.com/exploits/COSIG-2016-10.iff
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39431.zip
|
||||
|
||||
###############################################################################
|
|
@ -16,6 +16,8 @@
|
|||
-- MySQL 4.0.18-win32 (running on Windows XP SP2)
|
||||
-- MySQL 4.1.22-win32 (running on Windows XP SP2)
|
||||
-- MySQL 5.0.27-win32 (running on Windows XP SP2)
|
||||
--
|
||||
-- E-DB Note: Keep an eye on https://github.com/mysqludf/lib_mysqludf_sys
|
||||
|
||||
download:
|
||||
http://www.0xdeadbeef.info/exploits/raptor_winudf.tgz
|
||||
|
|
Loading…
Add table
Reference in a new issue